The following issues were found
drivers/scsi/scsi_transport_fc.c
15 issues
Line: 222
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
\
for (i = 0; i < ARRAY_SIZE(table); i++) { \
if (table[i].value & table_key) { \
len += sprintf(buf + len, "%s%s", \
prefix, table[i].name); \
prefix = ", "; \
} \
} \
len += sprintf(buf + len, "\n"); \
Reported by FlawFinder.
Line: 1001
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
(rport->port_state == FC_PORTSTATE_DELETED) || \
(rport->port_state == FC_PORTSTATE_NOTPRESENT))) \
i->f->get_rport_##field(rport); \
return snprintf(buf, sz, format_string, cast rport->field); \
}
#define fc_rport_store_function(field) \
static ssize_t \
store_fc_rport_##field(struct device *dev, \
Reported by FlawFinder.
Line: 1050
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct device_attribute *attr, char *buf) \
{ \
struct fc_rport *rport = transport_class_to_rport(dev); \
return snprintf(buf, sz, format_string, cast rport->field); \
}
#define fc_private_rport_rd_attr(field, format_string, sz) \
fc_private_rport_show_function(field, format_string, sz, ) \
static FC_DEVICE_ATTR(rport, field, S_IRUGO, \
Reported by FlawFinder.
Line: 1429
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
fc_starget_##field(starget) = rport->field; \
else if (i->f->get_starget_##field) \
i->f->get_starget_##field(starget); \
return snprintf(buf, sz, format_string, \
cast fc_starget_##field(starget)); \
}
#define fc_starget_rd_attr(field, format_string, sz) \
fc_starget_show_function(field, format_string, sz, ) \
Reported by FlawFinder.
Line: 1482
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
if ((i->f->get_vport_##field) && \
!(vport->flags & (FC_VPORT_DEL | FC_VPORT_CREATING))) \
i->f->get_vport_##field(vport); \
return snprintf(buf, sz, format_string, cast vport->field); \
}
#define fc_vport_store_function(field) \
static ssize_t \
store_fc_vport_##field(struct device *dev, \
Reported by FlawFinder.
Line: 1549
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct device_attribute *attr, char *buf) \
{ \
struct fc_vport *vport = transport_class_to_vport(dev); \
return snprintf(buf, sz, format_string, cast vport->field); \
}
#define fc_private_vport_store_u32_function(field) \
static ssize_t \
store_fc_vport_##field(struct device *dev, \
Reported by FlawFinder.
Line: 1749
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct fc_internal *i = to_fc_internal(shost->transportt); \
if (i->f->get_host_##field) \
i->f->get_host_##field(shost); \
return snprintf(buf, sz, format_string, cast fc_host_##field(shost)); \
}
#define fc_host_store_function(field) \
static ssize_t \
store_fc_host_##field(struct device *dev, \
Reported by FlawFinder.
Line: 1856
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct device_attribute *attr, char *buf) \
{ \
struct Scsi_Host *shost = transport_class_to_shost(dev); \
return snprintf(buf, sz, format_string, cast fc_host_##field(shost)); \
}
#define fc_private_host_rd_attr(field, format_string, sz) \
fc_private_host_show_function(field, format_string, sz, ) \
static FC_DEVICE_ATTR(host, field, S_IRUGO, \
Reported by FlawFinder.
Line: 277
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i, len=0;
for (i = 0; i < FC_FC4_LIST_SIZE; i++, fc4_list++)
len += sprintf(buf + len , "0x%02x ", *fc4_list);
len += sprintf(buf + len, "\n");
return len;
}
Reported by FlawFinder.
Line: 581
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
event->event_num = event_number;
event->event_code = event_code;
if (data_len)
memcpy(&event->event_data, data_buf, data_len);
nlmsg_multicast(scsi_nl_sock, skb, 0, SCSI_NL_GRP_FC_EVENTS,
GFP_KERNEL);
return;
Reported by FlawFinder.
net/core/sock.c
15 issues
Line: 231
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
x "AF_QIPCRTR", x "AF_SMC" , x "AF_XDP" , \
x "AF_MAX"
static const char *const af_family_key_strings[AF_MAX+1] = {
_sock_locks("sk_lock-")
};
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
Reported by FlawFinder.
Line: 234
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_key_strings[AF_MAX+1] = {
_sock_locks("sk_lock-")
};
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
static const char *const af_family_clock_key_strings[AF_MAX+1] = {
_sock_locks("clock-")
};
Reported by FlawFinder.
Line: 237
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
static const char *const af_family_clock_key_strings[AF_MAX+1] = {
_sock_locks("clock-")
};
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
Reported by FlawFinder.
Line: 241
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_sock_locks("clock-")
};
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
};
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
Reported by FlawFinder.
Line: 244
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
};
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
Reported by FlawFinder.
Line: 247
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
Reported by FlawFinder.
Line: 250
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
Reported by FlawFinder.
Line: 253
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
static const char *const af_family_elock_key_strings[AF_MAX+1] = {
_sock_locks("elock-")
};
Reported by FlawFinder.
Line: 256
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
static const char *const af_family_elock_key_strings[AF_MAX+1] = {
_sock_locks("elock-")
};
/*
* sk_callback_lock and sk queues locking rules are per-address-family,
Reported by FlawFinder.
Line: 632
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = -ENOPROTOOPT;
#ifdef CONFIG_NETDEVICES
struct net *net = sock_net(sk);
char devname[IFNAMSIZ];
int index;
ret = -EINVAL;
if (optlen < 0)
goto out;
Reported by FlawFinder.
tools/perf/util/map.c
15 issues
Line: 47
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (libname)
lib_length = strlen(libname);
app_abi = getenv("APP_ABI");
if (!app_abi)
return false;
app_abi_length = strlen(app_abi);
Reported by FlawFinder.
Line: 61
Column: 14
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
new_length = 7 + app_abi_length + lib_length;
apk_path = getenv("APK_PATH");
if (apk_path) {
new_length += strlen(apk_path) + 1;
if (new_length > PATH_MAX)
return false;
snprintf(newfilename, new_length,
Reported by FlawFinder.
Line: 82
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *arch;
int ndk_length, app_length;
ndk = getenv("NDK_ROOT");
app = getenv("APP_PLATFORM");
if (!(ndk && app))
return false;
Reported by FlawFinder.
Line: 83
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
int ndk_length, app_length;
ndk = getenv("NDK_ROOT");
app = getenv("APP_PLATFORM");
if (!(ndk && app))
return false;
ndk_length = strlen(ndk);
Reported by FlawFinder.
Line: 140
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nsinfo *nnsi;
if (map != NULL) {
char newfilename[PATH_MAX];
struct dso *dso;
int anon, no_dso, vdso, android;
android = is_android_lib(filename);
anon = is_anon_memory(filename) || flags & MAP_HUGETLB;
Reported by FlawFinder.
Line: 335
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
nr = dso__load(map->dso, map);
if (nr < 0) {
if (map->dso->has_build_id) {
char sbuild_id[SBUILD_ID_SIZE];
build_id__sprintf(&map->dso->bid, sbuild_id);
pr_debug("%s with build id %s not found", name, sbuild_id);
} else
pr_debug("Failed to open %s", name);
Reported by FlawFinder.
Line: 409
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t map__fprintf_dsoname(struct map *map, FILE *fp)
{
char buf[symbol_conf.pad_output_len_dso + 1];
const char *dsoname = "[unknown]";
if (map && map->dso) {
if (symbol_conf.show_kernel_path && map->dso->long_name)
dsoname = map->dso->long_name;
Reported by FlawFinder.
Line: 45
Column: 16
CWE codes:
126
libname = strrchr(filename, '/');
if (libname)
lib_length = strlen(libname);
app_abi = getenv("APP_ABI");
if (!app_abi)
return false;
Reported by FlawFinder.
Line: 51
Column: 19
CWE codes:
126
if (!app_abi)
return false;
app_abi_length = strlen(app_abi);
if (strstarts(filename, "/data/app-lib/")) {
char *apk_path;
if (!app_abi_length)
Reported by FlawFinder.
Line: 63
Column: 18
CWE codes:
126
apk_path = getenv("APK_PATH");
if (apk_path) {
new_length += strlen(apk_path) + 1;
if (new_length > PATH_MAX)
return false;
snprintf(newfilename, new_length,
"%s/libs/%s/%s", apk_path, app_abi, libname);
} else {
Reported by FlawFinder.
drivers/pnp/isapnp/core.c
15 issues
Line: 352
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int __init isapnp_read_tag(unsigned char *type, unsigned short *size)
{
unsigned char tag, tmp[2];
isapnp_peek(&tag, 1);
if (tag == 0) /* invalid tag */
return -1;
if (tag & 0x80) { /* large item */
Reported by FlawFinder.
Line: 384
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct pnp_dev *__init isapnp_parse_device(struct pnp_card *card,
int size, int number)
{
unsigned char tmp[6];
struct pnp_dev *dev;
u32 eisa_id;
char id[8];
isapnp_peek(tmp, size);
Reported by FlawFinder.
Line: 387
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char tmp[6];
struct pnp_dev *dev;
u32 eisa_id;
char id[8];
isapnp_peek(tmp, size);
eisa_id = tmp[0] | tmp[1] << 8 | tmp[2] << 16 | tmp[3] << 24;
pnp_eisa_id_to_string(eisa_id, id);
Reported by FlawFinder.
Line: 413
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int option_flags,
int size)
{
unsigned char tmp[3];
unsigned long bits;
pnp_irq_mask_t map;
unsigned char flags = IORESOURCE_IRQ_HIGHEDGE;
isapnp_peek(tmp, size);
Reported by FlawFinder.
Line: 437
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int option_flags,
int size)
{
unsigned char tmp[2];
isapnp_peek(tmp, size);
pnp_register_dma_resource(dev, option_flags, tmp[0], tmp[1]);
}
Reported by FlawFinder.
Line: 450
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int option_flags,
int size)
{
unsigned char tmp[7];
resource_size_t min, max, align, len;
unsigned char flags;
isapnp_peek(tmp, size);
min = (tmp[2] << 8) | tmp[1];
Reported by FlawFinder.
Line: 471
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int option_flags,
int size)
{
unsigned char tmp[3];
resource_size_t base, len;
isapnp_peek(tmp, size);
base = (tmp[1] << 8) | tmp[0];
len = tmp[2];
Reported by FlawFinder.
Line: 488
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int option_flags,
int size)
{
unsigned char tmp[9];
resource_size_t min, max, align, len;
unsigned char flags;
isapnp_peek(tmp, size);
min = ((tmp[2] << 8) | tmp[1]) << 8;
Reported by FlawFinder.
Line: 509
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int option_flags,
int size)
{
unsigned char tmp[17];
resource_size_t min, max, align, len;
unsigned char flags;
isapnp_peek(tmp, size);
min = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
Reported by FlawFinder.
Line: 530
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int option_flags,
int size)
{
unsigned char tmp[9];
resource_size_t base, len;
unsigned char flags;
isapnp_peek(tmp, size);
base = (tmp[4] << 24) | (tmp[3] << 16) | (tmp[2] << 8) | tmp[1];
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/wow.c
15 issues
Line: 105
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(struct rfc1042_hdr *)(hdr_80211_bit_mask + hdr_len);
int rfc_len = sizeof(*new_rfc_pattern);
memcpy(hdr_8023_pattern + old->pkt_offset,
old->pattern, ETH_HLEN - old->pkt_offset);
memcpy(hdr_8023_bit_mask + old->pkt_offset,
old->mask, ETH_HLEN - old->pkt_offset);
/* Copy destination address */
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(hdr_8023_pattern + old->pkt_offset,
old->pattern, ETH_HLEN - old->pkt_offset);
memcpy(hdr_8023_bit_mask + old->pkt_offset,
old->mask, ETH_HLEN - old->pkt_offset);
/* Copy destination address */
memcpy(new_hdr_pattern->addr1, old_hdr_pattern->h_dest, ETH_ALEN);
memcpy(new_hdr_mask->addr1, old_hdr_mask->h_dest, ETH_ALEN);
Reported by FlawFinder.
Line: 111
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old->mask, ETH_HLEN - old->pkt_offset);
/* Copy destination address */
memcpy(new_hdr_pattern->addr1, old_hdr_pattern->h_dest, ETH_ALEN);
memcpy(new_hdr_mask->addr1, old_hdr_mask->h_dest, ETH_ALEN);
/* Copy source address */
memcpy(new_hdr_pattern->addr3, old_hdr_pattern->h_source, ETH_ALEN);
memcpy(new_hdr_mask->addr3, old_hdr_mask->h_source, ETH_ALEN);
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy destination address */
memcpy(new_hdr_pattern->addr1, old_hdr_pattern->h_dest, ETH_ALEN);
memcpy(new_hdr_mask->addr1, old_hdr_mask->h_dest, ETH_ALEN);
/* Copy source address */
memcpy(new_hdr_pattern->addr3, old_hdr_pattern->h_source, ETH_ALEN);
memcpy(new_hdr_mask->addr3, old_hdr_mask->h_source, ETH_ALEN);
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(new_hdr_mask->addr1, old_hdr_mask->h_dest, ETH_ALEN);
/* Copy source address */
memcpy(new_hdr_pattern->addr3, old_hdr_pattern->h_source, ETH_ALEN);
memcpy(new_hdr_mask->addr3, old_hdr_mask->h_source, ETH_ALEN);
/* Copy logic link type */
memcpy(&new_rfc_pattern->snap_type,
&old_hdr_pattern->h_proto,
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy source address */
memcpy(new_hdr_pattern->addr3, old_hdr_pattern->h_source, ETH_ALEN);
memcpy(new_hdr_mask->addr3, old_hdr_mask->h_source, ETH_ALEN);
/* Copy logic link type */
memcpy(&new_rfc_pattern->snap_type,
&old_hdr_pattern->h_proto,
sizeof(old_hdr_pattern->h_proto));
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(new_hdr_mask->addr3, old_hdr_mask->h_source, ETH_ALEN);
/* Copy logic link type */
memcpy(&new_rfc_pattern->snap_type,
&old_hdr_pattern->h_proto,
sizeof(old_hdr_pattern->h_proto));
memcpy(&new_rfc_mask->snap_type,
&old_hdr_mask->h_proto,
sizeof(old_hdr_mask->h_proto));
Reported by FlawFinder.
Line: 122
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&new_rfc_pattern->snap_type,
&old_hdr_pattern->h_proto,
sizeof(old_hdr_pattern->h_proto));
memcpy(&new_rfc_mask->snap_type,
&old_hdr_mask->h_proto,
sizeof(old_hdr_mask->h_proto));
/* Calculate new pkt_offset */
if (old->pkt_offset < ETH_ALEN)
Reported by FlawFinder.
Line: 151
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
new->pattern_len = hdr_80211_end_offset - new->pkt_offset;
memcpy((u8 *)new->pattern,
hdr_80211_pattern + new->pkt_offset,
new->pattern_len);
memcpy((u8 *)new->mask,
hdr_80211_bit_mask + new->pkt_offset,
new->pattern_len);
Reported by FlawFinder.
Line: 154
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy((u8 *)new->pattern,
hdr_80211_pattern + new->pkt_offset,
new->pattern_len);
memcpy((u8 *)new->mask,
hdr_80211_bit_mask + new->pkt_offset,
new->pattern_len);
if (total_len > ETH_HLEN) {
/* Copy frame body */
Reported by FlawFinder.
tools/perf/util/cs-etm.c
15 issues
Line: 2557
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if ((magic != __perf_cs_etmv3_magic) &&
(magic != __perf_cs_etmv4_magic)) {
/* failure - note bad magic value */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
}
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
Reported by FlawFinder.
Line: 2562
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_CPU], val[i++]);
if (magic == __perf_cs_etmv3_magic) {
nr_params = CS_ETM_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETM_ETMCR;
Reported by FlawFinder.
Line: 2563
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_CPU], val[i++]);
if (magic == __perf_cs_etmv3_magic) {
nr_params = CS_ETM_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETM_ETMCR;
/* after common block, offset format index past NR_PARAMS */
Reported by FlawFinder.
Line: 2570
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt_offset = CS_ETM_ETMCR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
} else if (magic == __perf_cs_etmv4_magic) {
nr_params = CS_ETMV4_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETMV4_TRCCONFIGR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
Reported by FlawFinder.
Line: 2576
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt_offset = CS_ETMV4_TRCCONFIGR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
*offset = i;
return 0;
}
Reported by FlawFinder.
Line: 2595
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETM_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
}
} else if (magic == __perf_cs_etmv4_magic) {
for (j = 0; j < total_params; j++, i++) {
Reported by FlawFinder.
Line: 2597
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (j >= CS_ETM_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
}
} else if (magic == __perf_cs_etmv4_magic) {
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETMV4_PRIV_MAX)
Reported by FlawFinder.
Line: 2603
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETMV4_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
} else {
/* failure - note bad magic value and error out */
Reported by FlawFinder.
Line: 2605
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (j >= CS_ETMV4_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
} else {
/* failure - note bad magic value and error out */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
Reported by FlawFinder.
Line: 2609
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
} else {
/* failure - note bad magic value and error out */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
}
*offset = i;
return 0;
}
Reported by FlawFinder.
drivers/platform/x86/fujitsu-laptop.c
15 issues
Line: 398
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -ENOMEM;
fujitsu_bl = priv;
strcpy(acpi_device_name(device), ACPI_FUJITSU_BL_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_FUJITSU_CLASS);
device->driver_data = priv;
pr_info("ACPI: %s [%s]\n",
acpi_device_name(device), acpi_device_bid(device));
Reported by FlawFinder.
Line: 399
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
fujitsu_bl = priv;
strcpy(acpi_device_name(device), ACPI_FUJITSU_BL_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_FUJITSU_CLASS);
device->driver_data = priv;
pr_info("ACPI: %s [%s]\n",
acpi_device_name(device), acpi_device_bid(device));
Reported by FlawFinder.
Line: 784
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
WARN_ONCE(fext, "More than one FUJ02E3 ACPI device was found. Driver may not work as intended.");
fext = device;
strcpy(acpi_device_name(device), ACPI_FUJITSU_LAPTOP_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_FUJITSU_CLASS);
device->driver_data = priv;
/* kfifo */
spin_lock_init(&priv->fifo_lock);
Reported by FlawFinder.
Line: 785
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
fext = device;
strcpy(acpi_device_name(device), ACPI_FUJITSU_LAPTOP_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_FUJITSU_CLASS);
device->driver_data = priv;
/* kfifo */
spin_lock_init(&priv->fifo_lock);
ret = kfifo_alloc(&priv->fifo, RINGBUFFERSIZE * sizeof(int),
Reported by FlawFinder.
Line: 118
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Device controlling the backlight and associated keys */
struct fujitsu_bl {
struct input_dev *input;
char phys[32];
struct backlight_device *bl_device;
unsigned int max_brightness;
unsigned int brightness_level;
};
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Device used to access hotkeys and other features on the laptop */
struct fujitsu_laptop {
struct input_dev *input;
char phys[32];
struct platform_device *pf_device;
struct kfifo fifo;
spinlock_t fifo_lock;
int flags_supported;
int flags_state;
Reported by FlawFinder.
Line: 278
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct fujitsu_laptop *priv = dev_get_drvdata(dev);
if (!(priv->flags_supported & FLAG_LID))
return sprintf(buf, "unknown\n");
if (priv->flags_state & FLAG_LID)
return sprintf(buf, "open\n");
else
return sprintf(buf, "closed\n");
}
Reported by FlawFinder.
Line: 280
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(priv->flags_supported & FLAG_LID))
return sprintf(buf, "unknown\n");
if (priv->flags_state & FLAG_LID)
return sprintf(buf, "open\n");
else
return sprintf(buf, "closed\n");
}
static ssize_t dock_show(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 282
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (priv->flags_state & FLAG_LID)
return sprintf(buf, "open\n");
else
return sprintf(buf, "closed\n");
}
static ssize_t dock_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 291
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct fujitsu_laptop *priv = dev_get_drvdata(dev);
if (!(priv->flags_supported & FLAG_DOCK))
return sprintf(buf, "unknown\n");
if (priv->flags_state & FLAG_DOCK)
return sprintf(buf, "docked\n");
else
return sprintf(buf, "undocked\n");
}
Reported by FlawFinder.
drivers/scsi/qla2xxx/qla_dbg.c
15 issues
Line: 94
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct req_que *req = ha->req_q_map[0];
struct rsp_que *rsp = ha->rsp_q_map[0];
/* Request queue. */
memcpy(ptr, req->ring, req->length *
sizeof(request_t));
/* Response queue. */
ptr += req->length * sizeof(request_t);
memcpy(ptr, rsp->ring, rsp->length *
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Response queue. */
ptr += req->length * sizeof(request_t);
memcpy(ptr, rsp->ring, rsp->length *
sizeof(response_t));
return ptr + (rsp->length * sizeof(response_t));
}
Reported by FlawFinder.
Line: 479
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ha->eft)
return ptr;
memcpy(ptr, ha->eft, ntohl(ha->fw_dump->eft_size));
return ptr + ntohl(ha->fw_dump->eft_size);
}
static inline void *
qla25xx_copy_fce(struct qla_hw_data *ha, void *ptr, __be32 **last_chain)
Reported by FlawFinder.
Line: 505
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (cnt = 0; cnt < 8; cnt++)
*iter_reg++ = htonl(ha->fce_mb[cnt]);
memcpy(iter_reg, ha->fce, ntohl(fcec->size));
return (char *)iter_reg + ntohl(fcec->size);
}
static inline void *
Reported by FlawFinder.
Line: 527
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c->addr = cpu_to_be64(ha->exlogin_buf_dma);
ptr += sizeof(struct qla2xxx_offld_chain);
memcpy(ptr, ha->exlogin_buf, ha->exlogin_size);
return (char *)ptr + be32_to_cpu(c->size);
}
static inline void *
Reported by FlawFinder.
Line: 549
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c->addr = cpu_to_be64(ha->exchoffld_buf_dma);
ptr += sizeof(struct qla2xxx_offld_chain);
memcpy(ptr, ha->exchoffld_buf, ha->exchoffld_size);
return (char *)ptr + be32_to_cpu(c->size);
}
static inline void *
Reported by FlawFinder.
Line: 594
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += sizeof(struct qla2xxx_mqueue_header);
/* Add data. */
memcpy(ptr, aqp->ring, aqp->length * sizeof(request_t));
ptr += aqp->length * sizeof(request_t);
}
return ptr;
Reported by FlawFinder.
Line: 638
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += sizeof(struct qla2xxx_mqueue_header);
/* Add data. */
memcpy(ptr, req->ring, req->length * sizeof(request_t));
ptr += req->length * sizeof(request_t);
}
/* Response queues */
for (que = 1; que < ha->max_rsp_queues; que++) {
Reported by FlawFinder.
Line: 666
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += sizeof(struct qla2xxx_mqueue_header);
/* Add data. */
memcpy(ptr, rsp->ring, rsp->length * sizeof(response_t));
ptr += rsp->length * sizeof(response_t);
}
return ptr;
}
Reported by FlawFinder.
Line: 2493
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
va_list va;
struct va_format vaf;
char pbuf[64];
va_start(va, fmt);
vaf.fmt = fmt;
vaf.va = &va;
Reported by FlawFinder.
drivers/platform/x86/dell/dell-wmi-sysman/sysman.c
15 issues
Line: 152
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < MAX_TYPES; i++) {
if (i == reset_option)
buf += sprintf(buf, "[%s] ", reset_types[i]);
else
buf += sprintf(buf, "%s ", reset_types[i]);
}
buf += sprintf(buf, "\n");
return buf-start;
Reported by FlawFinder.
Line: 154
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (i == reset_option)
buf += sprintf(buf, "[%s] ", reset_types[i]);
else
buf += sprintf(buf, "%s ", reset_types[i]);
}
buf += sprintf(buf, "\n");
return buf-start;
}
Reported by FlawFinder.
Line: 103
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* plain text */
if (strlen(authentication) > 0)
memcpy(auth, authentication, *seclen);
}
/**
* map_wmi_error() - map errors from WMI methods to kernel error codes
* @error_code: integer error code returned from Dell's firmware
Reported by FlawFinder.
Line: 198
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t pending_reboot_show(struct kobject *kobj, struct kobj_attribute *attr,
char *buf)
{
return sprintf(buf, "%d\n", wmi_priv.pending_changes);
}
static struct kobj_attribute reset_bios = __ATTR_RW(reset_bios);
static struct kobj_attribute pending_reboot = __ATTR_RO(pending_reboot);
Reported by FlawFinder.
Line: 43
Column: 29
CWE codes:
126
u16 *target = length + 1;
int ret;
ret = utf8s_to_utf16s(str, strlen(str), UTF16_HOST_ENDIAN,
target, buffer_len - sizeof(u16));
if (ret < 0) {
dev_err(wmi_priv.class_dev, "UTF16 conversion failed\n");
return ret;
}
Reported by FlawFinder.
Line: 67
Column: 23
CWE codes:
126
size_t calculate_string_buffer(const char *str)
{
/* u16 length field + one UTF16 char for each input char */
return sizeof(u16) + strlen(str) * sizeof(u16);
}
/**
* calculate_security_buffer() - determines size of security buffer for authentication scheme
* @authentication: the authentication content
Reported by FlawFinder.
Line: 78
Column: 6
CWE codes:
126
*/
size_t calculate_security_buffer(char *authentication)
{
if (strlen(authentication) > 0) {
return (sizeof(u32) * 2) + strlen(authentication) +
strlen(authentication) % 2;
}
return sizeof(u32) * 2;
}
Reported by FlawFinder.
Line: 79
Column: 30
CWE codes:
126
size_t calculate_security_buffer(char *authentication)
{
if (strlen(authentication) > 0) {
return (sizeof(u32) * 2) + strlen(authentication) +
strlen(authentication) % 2;
}
return sizeof(u32) * 2;
}
Reported by FlawFinder.
Line: 80
Column: 4
CWE codes:
126
{
if (strlen(authentication) > 0) {
return (sizeof(u32) * 2) + strlen(authentication) +
strlen(authentication) % 2;
}
return sizeof(u32) * 2;
}
/**
Reported by FlawFinder.
Line: 98
Column: 13
CWE codes:
126
u32 *sectype = (u32 *) buffer;
u32 *seclen = sectype + 1;
*sectype = strlen(authentication) > 0 ? 1 : 0;
*seclen = strlen(authentication);
/* plain text */
if (strlen(authentication) > 0)
memcpy(auth, authentication, *seclen);
Reported by FlawFinder.
drivers/usb/atm/usbatm.c
15 issues
Line: 1321
CWE codes:
628
buffer[0] = '\0';
sprintf(buffer, "%.3d :", i);
for (j = 0; (j < 16) && (i < len); j++, i++)
sprintf(buffer, "%s %2.2x", buffer, data[i]);
dev_dbg(&instance->usb_intf->dev, "%s", buffer);
}
return i;
}
#endif
Reported by Cppcheck.
Line: 739
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENODEV;
if (!left--)
return sprintf(page, "%s\n", instance->description);
if (!left--)
return sprintf(page, "MAC: %pM\n", atm_dev->esi);
if (!left--)
Reported by FlawFinder.
Line: 1321
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
buffer[0] = '\0';
sprintf(buffer, "%.3d :", i);
for (j = 0; (j < 16) && (i < len); j++, i++)
sprintf(buffer, "%s %2.2x", buffer, data[i]);
dev_dbg(&instance->usb_intf->dev, "%s", buffer);
}
return i;
}
#endif
Reported by FlawFinder.
Line: 332
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_trim(sarb, 0);
}
memcpy(skb_tail_pointer(sarb), source + ATM_CELL_HEADER, ATM_CELL_PAYLOAD);
__skb_put(sarb, ATM_CELL_PAYLOAD);
if (pti & 1) {
struct sk_buff *skb;
unsigned int length;
Reported by FlawFinder.
Line: 425
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avail_data >= space_left) {
/* add new data and process cell */
memcpy(cell_buf + buf_usage, source, space_left);
source += space_left;
avail_data -= space_left;
usbatm_extract_one_cell(instance, cell_buf);
instance->buf_usage = 0;
} else {
Reported by FlawFinder.
Line: 432
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
instance->buf_usage = 0;
} else {
/* not enough data to fill the cell */
memcpy(cell_buf + buf_usage, source, avail_data);
instance->buf_usage = buf_usage + avail_data;
return;
}
}
Reported by FlawFinder.
Line: 444
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avail_data > 0) {
/* length was not a multiple of stride -
* save remaining data for next call */
memcpy(instance->cell_buf, source, avail_data);
instance->buf_usage = avail_data;
}
}
Reported by FlawFinder.
Line: 742
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(page, "%s\n", instance->description);
if (!left--)
return sprintf(page, "MAC: %pM\n", atm_dev->esi);
if (!left--)
return sprintf(page,
"AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n",
atomic_read(&atm_dev->stats.aal5.tx),
Reported by FlawFinder.
Line: 745
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(page, "MAC: %pM\n", atm_dev->esi);
if (!left--)
return sprintf(page,
"AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n",
atomic_read(&atm_dev->stats.aal5.tx),
atomic_read(&atm_dev->stats.aal5.tx_err),
atomic_read(&atm_dev->stats.aal5.rx),
atomic_read(&atm_dev->stats.aal5.rx_err),
Reported by FlawFinder.
Line: 755
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--) {
if (instance->disconnected)
return sprintf(page, "Disconnected\n");
else
switch (atm_dev->signal) {
case ATM_PHY_SIG_FOUND:
return sprintf(page, "Line up\n");
case ATM_PHY_SIG_LOST:
Reported by FlawFinder.