The following issues were found
security/keys/request_key.c
14 issues
Line: 122
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct cred *cred = current_cred();
key_serial_t prkey, sskey;
struct key *key = rka->target_key, *keyring, *session, *user_session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
key_serial_t prkey, sskey;
struct key *key = rka->target_key, *keyring, *session, *user_session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct key *key = rka->target_key, *keyring, *session, *user_session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
ret = look_up_user_keyrings(NULL, &user_session);
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto error_us;
/* allocate a new session keyring */
sprintf(desc, "_req.%u", key->serial);
cred = get_current_cred();
keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL);
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto error_link;
/* record the UID and GID */
sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
Reported by FlawFinder.
Line: 153
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* record the UID and GID */
sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
sprintf(keyring_str[0], "%d",
cred->thread_keyring ? cred->thread_keyring->serial : 0);
Reported by FlawFinder.
Line: 159
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
sprintf(keyring_str[0], "%d",
cred->thread_keyring ? cred->thread_keyring->serial : 0);
prkey = 0;
if (cred->process_keyring)
prkey = cred->process_keyring->serial;
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
prkey = 0;
if (cred->process_keyring)
prkey = cred->process_keyring->serial;
sprintf(keyring_str[1], "%d", prkey);
session = cred->session_keyring;
if (!session)
session = user_session;
sskey = session->serial;
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
session = user_session;
sskey = session->serial;
sprintf(keyring_str[2], "%d", sskey);
/* set up a minimal environment */
i = 0;
envp[i++] = "HOME=/";
envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
Reported by FlawFinder.
drivers/scsi/esas2r/esas2r_flash.c
14 issues
Line: 536
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
esas2r_print_flash_rev(a);
/* Update the type of boot image on the card */
memcpy(a->image_type, fi->rel_version,
sizeof(fi->rel_version));
complete_fmapi_req(a, rq, FI_STAT_SUCCESS);
return;
}
Reported by FlawFinder.
Line: 1091
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
|| month > 12
|| year < 2006
|| year > 9999) {
strcpy(a->flash_rev, "not found");
a->flash_ver = 0;
return false;
}
sprintf(a->flash_rev, "%02d/%02d/%04d", month, day, year);
Reported by FlawFinder.
Line: 1096
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return false;
}
sprintf(a->flash_rev, "%02d/%02d/%04d", month, day, year);
esas2r_hdebug("flash version: %s", a->flash_rev);
return true;
}
/*
Reported by FlawFinder.
Line: 1134
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto invalid_rev;
if (bh->code_type == CODE_TYPE_PC) {
strcpy(a->image_type, "BIOS");
return true;
} else if (bh->code_type == CODE_TYPE_EFI) {
struct esas2r_efi_image *ei;
Reported by FlawFinder.
Line: 1148
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
switch (le16_to_cpu(ei->machine_type)) {
case EFI_MACHINE_IA32:
strcpy(a->image_type, "EFI 32-bit");
return true;
case EFI_MACHINE_IA64:
strcpy(a->image_type, "EFI itanium");
return true;
Reported by FlawFinder.
Line: 1152
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return true;
case EFI_MACHINE_IA64:
strcpy(a->image_type, "EFI itanium");
return true;
case EFI_MACHINE_X64:
strcpy(a->image_type, "EFI 64-bit");
return true;
Reported by FlawFinder.
Line: 1156
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return true;
case EFI_MACHINE_X64:
strcpy(a->image_type, "EFI 64-bit");
return true;
case EFI_MACHINE_EBC:
strcpy(a->image_type, "EFI EBC");
return true;
Reported by FlawFinder.
Line: 1160
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return true;
case EFI_MACHINE_EBC:
strcpy(a->image_type, "EFI EBC");
return true;
default:
goto invalid_rev;
}
Reported by FlawFinder.
Line: 1181
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
invalid_rev:
strcpy(a->image_type, "no boot images");
return false;
}
/*
* Read and validate current NVRAM parameters by accessing
Reported by FlawFinder.
Line: 1281
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
}
memcpy(&sas_address_bytes[0], n->sas_addr, 8);
if (sas_address_bytes[0] != 0x50
|| sas_address_bytes[1] != 0x01
|| sas_address_bytes[2] != 0x08
|| (sas_address_bytes[3] & 0xF0) != 0x60
Reported by FlawFinder.
sound/isa/sc6000.c
14 issues
Line: 650
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
mpu_port[dev]);
}
strcpy(card->driver, DRV_NAME);
strcpy(card->shortname, "SC-6000");
sprintf(card->longname, "Gallant SC-6000 at 0x%lx, irq %d, dma %d",
mss_port[dev], xirq, xdma);
err = snd_card_register(card);
Reported by FlawFinder.
Line: 34
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE; /* Enable this card */
static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* 0x220, 0x240 */
static int irq[SNDRV_CARDS] = SNDRV_DEFAULT_IRQ; /* 5, 7, 9, 10, 11 */
static long mss_port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* 0x530, 0xe80 */
static long mpu_port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT;
Reported by FlawFinder.
Line: 376
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sc6000_init_board(char __iomem *vport,
char __iomem *vmss_port, int dev)
{
char answer[15];
char version[2];
int mss_config = sc6000_irq_to_softcfg(irq[dev]) |
sc6000_dma_to_softcfg(dma[dev]);
int config = mss_config |
sc6000_mpu_irq_to_softcfg(mpu_irq[dev]);
Reported by FlawFinder.
Line: 377
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char __iomem *vmss_port, int dev)
{
char answer[15];
char version[2];
int mss_config = sc6000_irq_to_softcfg(irq[dev]) |
sc6000_dma_to_softcfg(dma[dev]);
int config = mss_config |
sc6000_mpu_irq_to_softcfg(mpu_irq[dev]);
int err;
Reported by FlawFinder.
Line: 465
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
id1.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
id2.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
/* reassign AUX0 to FM */
strcpy(id1.name, "Aux Playback Switch");
strcpy(id2.name, "FM Playback Switch");
err = snd_ctl_rename_id(card, &id1, &id2);
if (err < 0)
return err;
strcpy(id1.name, "Aux Playback Volume");
Reported by FlawFinder.
Line: 466
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
id2.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
/* reassign AUX0 to FM */
strcpy(id1.name, "Aux Playback Switch");
strcpy(id2.name, "FM Playback Switch");
err = snd_ctl_rename_id(card, &id1, &id2);
if (err < 0)
return err;
strcpy(id1.name, "Aux Playback Volume");
strcpy(id2.name, "FM Playback Volume");
Reported by FlawFinder.
Line: 470
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
err = snd_ctl_rename_id(card, &id1, &id2);
if (err < 0)
return err;
strcpy(id1.name, "Aux Playback Volume");
strcpy(id2.name, "FM Playback Volume");
err = snd_ctl_rename_id(card, &id1, &id2);
if (err < 0)
return err;
/* reassign AUX1 to CD */
Reported by FlawFinder.
Line: 471
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(id1.name, "Aux Playback Volume");
strcpy(id2.name, "FM Playback Volume");
err = snd_ctl_rename_id(card, &id1, &id2);
if (err < 0)
return err;
/* reassign AUX1 to CD */
strcpy(id1.name, "Aux Playback Switch"); id1.index = 1;
Reported by FlawFinder.
Line: 476
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
/* reassign AUX1 to CD */
strcpy(id1.name, "Aux Playback Switch"); id1.index = 1;
strcpy(id2.name, "CD Playback Switch");
err = snd_ctl_rename_id(card, &id1, &id2);
if (err < 0)
return err;
strcpy(id1.name, "Aux Playback Volume");
Reported by FlawFinder.
Line: 477
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
/* reassign AUX1 to CD */
strcpy(id1.name, "Aux Playback Switch"); id1.index = 1;
strcpy(id2.name, "CD Playback Switch");
err = snd_ctl_rename_id(card, &id1, &id2);
if (err < 0)
return err;
strcpy(id1.name, "Aux Playback Volume");
strcpy(id2.name, "CD Playback Volume");
Reported by FlawFinder.
arch/ia64/kernel/setup.c
14 issues
Line: 792
Column: 11
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return brandname[i];
for (i = 0; i < MAX_BRANDS; i++)
if (brandname[i][0] == '\0')
return strcpy(brandname[i], brand);
if (overflow++ == 0)
printk(KERN_ERR
"%s: Table overflow. Some processor model information will be missing\n",
__func__);
return "Unknown";
Reported by FlawFinder.
Line: 74
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
# error "struct cpuinfo_ia64 too big!"
#endif
char ia64_platform_name[64];
#ifdef CONFIG_SMP
unsigned long __per_cpu_offset[NR_CPUS];
EXPORT_SYMBOL(__per_cpu_offset);
#endif
Reported by FlawFinder.
Line: 670
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ 1UL << 1, "spontaneous deferral"},
{ 1UL << 2, "16-byte atomic ops" }
};
char features[128], *cp, *sep;
struct cpuinfo_ia64 *c = v;
unsigned long mask;
unsigned long proc_freq;
int i, size;
Reported by FlawFinder.
Line: 679
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mask = c->features;
/* build the feature string: */
memcpy(features, "standard", 9);
cp = features;
size = sizeof(features);
sep = "";
for (i = 0; i < ARRAY_SIZE(feature_bits) && size > 1; ++i) {
if (mask & feature_bits[i].mask) {
Reported by FlawFinder.
Line: 768
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
#define MAX_BRANDS 8
static char brandname[MAX_BRANDS][128];
static char *
get_model_name(__u8 family, __u8 model)
{
static int overflow;
Reported by FlawFinder.
Line: 774
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
get_model_name(__u8 family, __u8 model)
{
static int overflow;
char brand[128];
int i;
memcpy(brand, "Unknown", 8);
if (ia64_pal_get_brand_info(brand)) {
if (family == 0x7)
Reported by FlawFinder.
Line: 777
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char brand[128];
int i;
memcpy(brand, "Unknown", 8);
if (ia64_pal_get_brand_info(brand)) {
if (family == 0x7)
memcpy(brand, "Merced", 7);
else if (family == 0x1f) switch (model) {
case 0: memcpy(brand, "McKinley", 9); break;
Reported by FlawFinder.
Line: 780
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(brand, "Unknown", 8);
if (ia64_pal_get_brand_info(brand)) {
if (family == 0x7)
memcpy(brand, "Merced", 7);
else if (family == 0x1f) switch (model) {
case 0: memcpy(brand, "McKinley", 9); break;
case 1: memcpy(brand, "Madison", 8); break;
case 2: memcpy(brand, "Madison up to 9M cache", 23); break;
}
Reported by FlawFinder.
Line: 782
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (family == 0x7)
memcpy(brand, "Merced", 7);
else if (family == 0x1f) switch (model) {
case 0: memcpy(brand, "McKinley", 9); break;
case 1: memcpy(brand, "Madison", 8); break;
case 2: memcpy(brand, "Madison up to 9M cache", 23); break;
}
}
for (i = 0; i < MAX_BRANDS; i++)
Reported by FlawFinder.
Line: 783
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(brand, "Merced", 7);
else if (family == 0x1f) switch (model) {
case 0: memcpy(brand, "McKinley", 9); break;
case 1: memcpy(brand, "Madison", 8); break;
case 2: memcpy(brand, "Madison up to 9M cache", 23); break;
}
}
for (i = 0; i < MAX_BRANDS; i++)
if (strcmp(brandname[i], brand) == 0)
Reported by FlawFinder.
drivers/net/ethernet/amazon/ena/ena_com.c
14 issues
Line: 252
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reinit_completion(&comp_ctx->wait_event);
memcpy(&admin_queue->sq.entries[tail_masked], cmd, cmd_size_in_bytes);
admin_queue->curr_cmd_id = (admin_queue->curr_cmd_id + 1) &
queue_size_mask;
admin_queue->sq.tail++;
Reported by FlawFinder.
Line: 468
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
comp_ctx->comp_status = cqe->acq_common_descriptor.status;
if (comp_ctx->user_cqe)
memcpy(comp_ctx->user_cqe, (void *)cqe, comp_ctx->comp_size);
if (!admin_queue->polling)
complete(&comp_ctx->wait_event);
}
Reported by FlawFinder.
Line: 1970
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
return rc;
memcpy(&get_feat_ctx->dev_attr, &get_resp.u.dev_attr,
sizeof(get_resp.u.dev_attr));
ena_dev->supported_features = get_resp.u.dev_attr.supported_features;
if (ena_dev->supported_features & BIT(ENA_ADMIN_MAX_QUEUES_EXT)) {
Reported by FlawFinder.
Line: 1986
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ENA_FEATURE_MAX_QUEUE_EXT_VER)
return -EINVAL;
memcpy(&get_feat_ctx->max_queue_ext, &get_resp.u.max_queue_ext,
sizeof(get_resp.u.max_queue_ext));
ena_dev->tx_max_header_size =
get_resp.u.max_queue_ext.max_queue_ext.max_tx_header_size;
} else {
rc = ena_com_get_feature(ena_dev, &get_resp,
Reported by FlawFinder.
Line: 1993
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
rc = ena_com_get_feature(ena_dev, &get_resp,
ENA_ADMIN_MAX_QUEUES_NUM, 0);
memcpy(&get_feat_ctx->max_queues, &get_resp.u.max_queue,
sizeof(get_resp.u.max_queue));
ena_dev->tx_max_header_size =
get_resp.u.max_queue.max_header_size;
if (rc)
Reported by FlawFinder.
Line: 2007
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
return rc;
memcpy(&get_feat_ctx->aenq, &get_resp.u.aenq,
sizeof(get_resp.u.aenq));
rc = ena_com_get_feature(ena_dev, &get_resp,
ENA_ADMIN_STATELESS_OFFLOAD_CONFIG, 0);
if (rc)
Reported by FlawFinder.
Line: 2015
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
return rc;
memcpy(&get_feat_ctx->offload, &get_resp.u.offload,
sizeof(get_resp.u.offload));
/* Driver hints isn't mandatory admin command. So in case the
* command isn't supported set driver hints to 0
*/
Reported by FlawFinder.
Line: 2024
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rc = ena_com_get_feature(ena_dev, &get_resp, ENA_ADMIN_HW_HINTS, 0);
if (!rc)
memcpy(&get_feat_ctx->hw_hints, &get_resp.u.hw_hints,
sizeof(get_resp.u.hw_hints));
else if (rc == -EOPNOTSUPP)
memset(&get_feat_ctx->hw_hints, 0x0,
sizeof(get_feat_ctx->hw_hints));
else
Reported by FlawFinder.
Line: 2034
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rc = ena_com_get_feature(ena_dev, &get_resp, ENA_ADMIN_LLQ, 0);
if (!rc)
memcpy(&get_feat_ctx->llq, &get_resp.u.llq,
sizeof(get_resp.u.llq));
else if (rc == -EOPNOTSUPP)
memset(&get_feat_ctx->llq, 0x0, sizeof(get_feat_ctx->llq));
else
return rc;
Reported by FlawFinder.
Line: 2229
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&ctx, 0x0, sizeof(ctx));
ret = ena_get_dev_stats(ena_dev, &ctx, ENA_ADMIN_GET_STATS_TYPE_ENI);
if (likely(ret == 0))
memcpy(stats, &ctx.get_resp.u.eni_stats,
sizeof(ctx.get_resp.u.eni_stats));
return ret;
}
Reported by FlawFinder.
drivers/scsi/cxlflash/main.c
14 issues
Line: 471
CWE codes:
476
int rc = 0;
ulong to;
buf = kzalloc(sizeof(*cmd) + __alignof__(*cmd) - 1, GFP_KERNEL);
if (unlikely(!buf)) {
dev_err(dev, "%s: no memory for command\n", __func__);
rc = -ENOMEM;
goto out;
}
Reported by Cppcheck.
Line: 2317
CWE codes:
476
mutex_lock(&afu->sync_active);
atomic_inc(&afu->cmds_active);
buf = kmalloc(sizeof(*cmd) + __alignof__(*cmd) - 1, GFP_KERNEL);
if (unlikely(!buf)) {
dev_err(dev, "%s: no memory for command\n", __func__);
rc = -ENOMEM;
goto out;
}
Reported by Cppcheck.
Line: 73
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ioasa->rc.scsi_rc) {
/* We have a SCSI status */
if (ioasa->rc.flags & SISL_RC_FLAGS_SENSE_VALID) {
memcpy(scp->sense_buffer, ioasa->sense_data,
SISL_SENSE_DATA_LEN);
scp->result = ioasa->rc.scsi_rc;
} else
scp->result = ioasa->rc.scsi_rc | (DID_ERROR << 16);
}
Reported by FlawFinder.
Line: 501
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->rcb.req_flags = (SISL_REQ_FLAGS_PORT_LUN_ID |
SISL_REQ_FLAGS_SUP_UNDERRUN |
SISL_REQ_FLAGS_TMF_CMD);
memcpy(cmd->rcb.cdb, &tmfcmd, sizeof(tmfcmd));
rc = afu->send_cmd(afu, cmd);
if (unlikely(rc)) {
spin_lock_irqsave(&cfg->tmf_slock, lock_flags);
cfg->tmf_active = false;
Reported by FlawFinder.
Line: 1635
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rc = 0;
int ro_start, ro_size, i, j, k;
ssize_t vpd_size;
char vpd_data[CXLFLASH_VPD_LEN];
char tmp_buf[WWPN_BUF_LEN] = { 0 };
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
Reported by FlawFinder.
Line: 1636
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ro_start, ro_size, i, j, k;
ssize_t vpd_size;
char vpd_data[CXLFLASH_VPD_LEN];
char tmp_buf[WWPN_BUF_LEN] = { 0 };
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
Reported by FlawFinder.
Line: 1640
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
/* Get the VPD data from the device */
vpd_size = cfg->ops->read_adapter_vpd(pdev, vpd_data, sizeof(vpd_data));
if (unlikely(vpd_size <= 0)) {
dev_err(dev, "%s: Unable to read VPD (size = %ld)\n",
Reported by FlawFinder.
Line: 1705
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(tmp_buf, &vpd_data[i], WWPN_LEN);
rc = kstrtoul(tmp_buf, WWPN_LEN, (ulong *)&wwpn[k]);
if (unlikely(rc)) {
dev_err(dev, "%s: WWPN conversion failed for port %d\n",
__func__, k);
rc = -ENODEV;
Reported by FlawFinder.
Line: 2146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* No byte reverse on reading afu_version or string will be backwards */
reg = readq(&afu->afu_map->global.regs.afu_version);
memcpy(afu->version, ®, sizeof(reg));
afu->interface_version =
readq_be(&afu->afu_map->global.regs.interface_version);
if ((afu->interface_version + 1) == 0) {
dev_err(dev, "Back level AFU, please upgrade. AFU version %s "
"interface version %016llx\n", afu->version,
Reported by FlawFinder.
Line: 2328
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
retry:
memset(cmd, 0, sizeof(*cmd));
memcpy(&cmd->rcb, rcb, sizeof(*rcb));
INIT_LIST_HEAD(&cmd->queue);
init_completion(&cmd->cevent);
cmd->parent = afu;
cmd->hwq_index = hwq->index;
cmd->rcb.ctx_id = hwq->ctx_hndl;
Reported by FlawFinder.
drivers/scsi/cxgbi/libcxgbi.c
14 issues
Line: 2833
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len = sysfs_format_mac(buf, chba->ndev->dev_addr, 6);
break;
case ISCSI_HOST_PARAM_NETDEV_NAME:
len = sprintf(buf, "%s\n", chba->ndev->name);
break;
case ISCSI_HOST_PARAM_IPADDRESS:
{
struct cxgbi_sock *csk = find_sock_on_port(chba->cdev,
chba->port_id);
Reported by FlawFinder.
Line: 713
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&fl, 0, sizeof(fl));
fl.flowi6_oif = ifindex;
if (saddr)
memcpy(&fl.saddr, saddr, sizeof(struct in6_addr));
if (daddr)
memcpy(&fl.daddr, daddr, sizeof(struct in6_addr));
return (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
}
Reported by FlawFinder.
Line: 715
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (saddr)
memcpy(&fl.saddr, saddr, sizeof(struct in6_addr));
if (daddr)
memcpy(&fl.daddr, daddr, sizeof(struct in6_addr));
return (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
}
static struct cxgbi_sock *
cxgbi_check_route6(struct sockaddr *dst_addr, int ifindex)
Reported by FlawFinder.
Line: 1164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int len = 0;
int i;
memcpy(ppod, &ttinfo->hdr, sizeof(struct cxgbi_pagepod_hdr));
if (sg) {
addr = sg_dma_address(sg);
len = sg_dma_len(sg);
}
Reported by FlawFinder.
Line: 2222
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < tdata->nr_frags; i++, frag++) {
char *src = kmap_atomic(frag->page);
memcpy(dst, src + frag->offset, frag->size);
dst += frag->size;
kunmap_atomic(src);
}
if (padlen) {
Reported by FlawFinder.
Line: 2412
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (!task->sc)
memcpy(skb->data, task->hdr, SKB_TX_ISCSI_PDU_HEADER_MAX);
err = cxgbi_sock_send_skb(csk, skb);
if (err > 0) {
pdulen += err;
Reported by FlawFinder.
Line: 2522
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
stats->digest_err = 0;
stats->timeout_err = 0;
stats->custom_length = 1;
strcpy(stats->custom[0].desc, "eh_abort_cnt");
stats->custom[0].value = conn->eh_abort_cnt;
}
EXPORT_SYMBOL_GPL(cxgbi_get_conn_stats);
static int cxgbi_conn_max_xmit_dlength(struct iscsi_conn *conn)
Reported by FlawFinder.
Line: 2840
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct cxgbi_sock *csk = find_sock_on_port(chba->cdev,
chba->port_id);
if (csk) {
len = sprintf(buf, "%pIS",
(struct sockaddr *)&csk->saddr);
}
log_debug(1 << CXGBI_DBG_ISCSI,
"hba %s, addr %s.\n", chba->ndev->name, buf);
break;
Reported by FlawFinder.
Line: 1727
Column: 64
CWE codes:
120
20
break;
}
log_debug(1 << CXGBI_DBG_PDU_RX, "csk 0x%p, read %u.\n", csk, read);
if (read) {
csk->copied_seq += read;
csk_return_rx_credits(csk, read);
conn->rxdata_octets += read;
}
Reported by FlawFinder.
Line: 1728
Column: 6
CWE codes:
120
20
}
log_debug(1 << CXGBI_DBG_PDU_RX, "csk 0x%p, read %u.\n", csk, read);
if (read) {
csk->copied_seq += read;
csk_return_rx_credits(csk, read);
conn->rxdata_octets += read;
}
Reported by FlawFinder.
drivers/gpu/drm/i915/gt/sysfs_engines.c
14 issues
Line: 27
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
name_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "%s\n", kobj_to_engine(kobj)->name);
}
static struct kobj_attribute name_attr =
__ATTR(name, 0444, name_show, NULL);
Reported by FlawFinder.
Line: 36
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
class_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", kobj_to_engine(kobj)->uabi_class);
}
static struct kobj_attribute class_attr =
__ATTR(class, 0444, class_show, NULL);
Reported by FlawFinder.
Line: 45
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
inst_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", kobj_to_engine(kobj)->uabi_instance);
}
static struct kobj_attribute inst_attr =
__ATTR(instance, 0444, inst_show, NULL);
Reported by FlawFinder.
Line: 54
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
mmio_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "0x%x\n", kobj_to_engine(kobj)->mmio_base);
}
static struct kobj_attribute mmio_attr =
__ATTR(mmio_base, 0444, mmio_show, NULL);
Reported by FlawFinder.
Line: 184
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->props.max_busywait_duration_ns);
}
static struct kobj_attribute max_spin_attr =
__ATTR(max_busywait_duration_ns, 0644, max_spin_show, max_spin_store);
Reported by FlawFinder.
Line: 195
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->defaults.max_busywait_duration_ns);
}
static struct kobj_attribute max_spin_def =
__ATTR(max_busywait_duration_ns, 0444, max_spin_default, NULL);
Reported by FlawFinder.
Line: 237
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->props.timeslice_duration_ms);
}
static struct kobj_attribute timeslice_duration_attr =
__ATTR(timeslice_duration_ms, 0644, timeslice_show, timeslice_store);
Reported by FlawFinder.
Line: 248
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->defaults.timeslice_duration_ms);
}
static struct kobj_attribute timeslice_duration_def =
__ATTR(timeslice_duration_ms, 0444, timeslice_default, NULL);
Reported by FlawFinder.
Line: 287
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->props.stop_timeout_ms);
}
static struct kobj_attribute stop_timeout_attr =
__ATTR(stop_timeout_ms, 0644, stop_show, stop_store);
Reported by FlawFinder.
Line: 298
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->defaults.stop_timeout_ms);
}
static struct kobj_attribute stop_timeout_def =
__ATTR(stop_timeout_ms, 0444, stop_default, NULL);
Reported by FlawFinder.
tools/perf/scripts/python/flamegraph.py
14 issues
Line: 42
Column: 24
class FlameGraphCLI:
def __init__(self, args):
self.args = args
self.stack = Node("root")
if self.args.format == "html" and \
not os.path.isfile(self.args.template):
Reported by Pylint.
Line: 1
Column: 1
# flamegraph.py - create flame graphs from perf samples
# SPDX-License-Identifier: GPL-2.0
#
# Usage:
#
# perf record -a -g -F 99 sleep 60
# perf script report flamegraph
#
# Combined:
Reported by Pylint.
Line: 25
Column: 1
import json
class Node:
def __init__(self, name, libtype=""):
self.name = name
self.libtype = libtype
self.value = 0
self.children = []
Reported by Pylint.
Line: 25
Column: 1
import json
class Node:
def __init__(self, name, libtype=""):
self.name = name
self.libtype = libtype
self.value = 0
self.children = []
Reported by Pylint.
Line: 32
Column: 5
self.value = 0
self.children = []
def toJSON(self):
return {
"n": self.name,
"l": self.libtype,
"v": self.value,
"c": self.children
Reported by Pylint.
Line: 32
Column: 5
self.value = 0
self.children = []
def toJSON(self):
return {
"n": self.name,
"l": self.libtype,
"v": self.value,
"c": self.children
Reported by Pylint.
Line: 41
Column: 1
}
class FlameGraphCLI:
def __init__(self, args):
self.args = args
self.stack = Node("root")
if self.args.format == "html" and \
Reported by Pylint.
Line: 56
Column: 5
file=sys.stderr)
sys.exit(1)
def find_or_create_node(self, node, name, dso):
libtype = "kernel" if dso == "[kernel.kallsyms]" else ""
if name is None:
name = "[unknown]"
for child in node.children:
Reported by Pylint.
Line: 56
Column: 5
file=sys.stderr)
sys.exit(1)
def find_or_create_node(self, node, name, dso):
libtype = "kernel" if dso == "[kernel.kallsyms]" else ""
if name is None:
name = "[unknown]"
for child in node.children:
Reported by Pylint.
Line: 69
Column: 5
node.children.append(child)
return child
def process_event(self, event):
node = self.find_or_create_node(self.stack, event["comm"], None)
if "callchain" in event:
for entry in reversed(event['callchain']):
node = self.find_or_create_node(
node, entry.get("sym", {}).get("name"), event.get("dso"))
Reported by Pylint.
drivers/thunderbolt/switch.c
14 issues
Line: 1617
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct tb_switch *sw = tb_to_switch(dev);
return sprintf(buf, "%s\n", sw->device_name ? sw->device_name : "");
}
static DEVICE_ATTR_RO(device_name);
static ssize_t
generation_show(struct device *dev, struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 1845
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct tb_switch *sw = tb_to_switch(dev);
return sprintf(buf, "%s\n", sw->vendor_name ? sw->vendor_name : "");
}
static DEVICE_ATTR_RO(vendor_name);
static ssize_t unique_id_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 1496
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct tb_switch *sw = tb_to_switch(dev);
return sprintf(buf, "%u\n", sw->authorized);
}
static int disapprove_switch(struct device *dev, void *not_used)
{
struct tb_switch *sw;
Reported by FlawFinder.
Line: 1599
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct tb_switch *sw = tb_to_switch(dev);
return sprintf(buf, "%u\n", sw->boot);
}
static DEVICE_ATTR_RO(boot);
static ssize_t device_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 1608
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct tb_switch *sw = tb_to_switch(dev);
return sprintf(buf, "%#x\n", sw->device);
}
static DEVICE_ATTR_RO(device);
static ssize_t
device_name_show(struct device *dev, struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 1626
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct tb_switch *sw = tb_to_switch(dev);
return sprintf(buf, "%u\n", sw->generation);
}
static DEVICE_ATTR_RO(generation);
static ssize_t key_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 1640
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return restart_syscall();
if (sw->key)
ret = sprintf(buf, "%*phN\n", TB_SWITCH_KEY_SIZE, sw->key);
else
ret = sprintf(buf, "\n");
mutex_unlock(&sw->tb->lock);
return ret;
Reported by FlawFinder.
Line: 1687
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct tb_switch *sw = tb_to_switch(dev);
return sprintf(buf, "%u.0 Gb/s\n", sw->link_speed);
}
/*
* Currently all lanes must run at the same speed but we expose here
* both directions to allow possible asymmetric links in the future.
Reported by FlawFinder.
Line: 1702
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct tb_switch *sw = tb_to_switch(dev);
return sprintf(buf, "%u\n", sw->link_width);
}
/*
* Currently link has same amount of lanes both directions (1 or 2) but
* expose them separately to allow possible asymmetric links in the future.
Reported by FlawFinder.
Line: 1719
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u32 status;
nvm_get_auth_status(sw, &status);
return sprintf(buf, "%#x\n", status);
}
static ssize_t nvm_authenticate_sysfs(struct device *dev, const char *buf,
bool disconnect)
{
Reported by FlawFinder.