In the Linux kernel, the following vulnerability has been resolved:
cifs: potential buffer overflow in handling symlinks
Smatch printed a warning: arch/x86/crypto/poly1305glue.c:198 poly1305updatearch() error: _memcpy() 'dctx->buf' too small (16 vs u32max)
It's caused because Smatch marks 'linklen' as untrusted since it comes from sscanf(). Add a check to ensure that 'linklen' is not larger than the size of the 'link_str' buffer.