The following issues were found
drivers/most/core.c
14 issues
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
atomic_t mbo_ref;
atomic_t mbo_nq_level;
u16 channel_id;
char name[STRING_SIZE];
bool is_poisoned;
struct mutex start_mutex; /* channel activation synchronization */
struct mutex nq_mutex; /* nq thread synchronization */
int is_starving;
struct most_interface *iface;
Reported by FlawFinder.
Line: 69
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct interface_private {
int dev_id;
char name[STRING_SIZE];
struct most_channel *channel[MAX_CHANNELS];
struct list_head channel_list;
};
static const struct {
Reported by FlawFinder.
Line: 177
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(buf, "");
if (c->iface->channel_vector[i].direction & MOST_CH_RX)
strcat(buf, "rx ");
if (c->iface->channel_vector[i].direction & MOST_CH_TX)
strcat(buf, "tx ");
strcat(buf, "\n");
return strlen(buf);
}
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (c->iface->channel_vector[i].direction & MOST_CH_RX)
strcat(buf, "rx ");
if (c->iface->channel_vector[i].direction & MOST_CH_TX)
strcat(buf, "tx ");
strcat(buf, "\n");
return strlen(buf);
}
static ssize_t available_datatypes_show(struct device *dev,
Reported by FlawFinder.
Line: 193
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(buf, "");
if (c->iface->channel_vector[i].data_type & MOST_CH_CONTROL)
strcat(buf, "control ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ASYNC)
strcat(buf, "async ");
if (c->iface->channel_vector[i].data_type & MOST_CH_SYNC)
strcat(buf, "sync ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ISOC)
Reported by FlawFinder.
Line: 195
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (c->iface->channel_vector[i].data_type & MOST_CH_CONTROL)
strcat(buf, "control ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ASYNC)
strcat(buf, "async ");
if (c->iface->channel_vector[i].data_type & MOST_CH_SYNC)
strcat(buf, "sync ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ISOC)
strcat(buf, "isoc ");
strcat(buf, "\n");
Reported by FlawFinder.
Line: 197
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (c->iface->channel_vector[i].data_type & MOST_CH_ASYNC)
strcat(buf, "async ");
if (c->iface->channel_vector[i].data_type & MOST_CH_SYNC)
strcat(buf, "sync ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ISOC)
strcat(buf, "isoc ");
strcat(buf, "\n");
return strlen(buf);
}
Reported by FlawFinder.
Line: 199
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (c->iface->channel_vector[i].data_type & MOST_CH_SYNC)
strcat(buf, "sync ");
if (c->iface->channel_vector[i].data_type & MOST_CH_ISOC)
strcat(buf, "isoc ");
strcat(buf, "\n");
return strlen(buf);
}
static ssize_t number_of_packet_buffers_show(struct device *dev,
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct most_channel *c = to_channel(dev);
unsigned int i = c->channel_id;
strcpy(buf, "");
if (c->iface->channel_vector[i].direction & MOST_CH_RX)
strcat(buf, "rx ");
if (c->iface->channel_vector[i].direction & MOST_CH_TX)
strcat(buf, "tx ");
strcat(buf, "\n");
Reported by FlawFinder.
Line: 180
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(buf, "rx ");
if (c->iface->channel_vector[i].direction & MOST_CH_TX)
strcat(buf, "tx ");
strcat(buf, "\n");
return strlen(buf);
}
static ssize_t available_datatypes_show(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
security/keys/request_key.c
14 issues
Line: 122
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct cred *cred = current_cred();
key_serial_t prkey, sskey;
struct key *key = rka->target_key, *keyring, *session, *user_session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
key_serial_t prkey, sskey;
struct key *key = rka->target_key, *keyring, *session, *user_session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct key *key = rka->target_key, *keyring, *session, *user_session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
int ret, i;
kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
ret = look_up_user_keyrings(NULL, &user_session);
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto error_us;
/* allocate a new session keyring */
sprintf(desc, "_req.%u", key->serial);
cred = get_current_cred();
keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL);
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto error_link;
/* record the UID and GID */
sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
Reported by FlawFinder.
Line: 153
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* record the UID and GID */
sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
/* we say which key is under construction */
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
sprintf(keyring_str[0], "%d",
cred->thread_keyring ? cred->thread_keyring->serial : 0);
Reported by FlawFinder.
Line: 159
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(key_str, "%d", key->serial);
/* we specify the process's default keyrings */
sprintf(keyring_str[0], "%d",
cred->thread_keyring ? cred->thread_keyring->serial : 0);
prkey = 0;
if (cred->process_keyring)
prkey = cred->process_keyring->serial;
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
prkey = 0;
if (cred->process_keyring)
prkey = cred->process_keyring->serial;
sprintf(keyring_str[1], "%d", prkey);
session = cred->session_keyring;
if (!session)
session = user_session;
sskey = session->serial;
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
session = user_session;
sskey = session->serial;
sprintf(keyring_str[2], "%d", sskey);
/* set up a minimal environment */
i = 0;
envp[i++] = "HOME=/";
envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
Reported by FlawFinder.
security/apparmor/apparmorfs.c
14 issues
Line: 535
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t size, loff_t *ppos)
{
struct aa_revision *rev = file->private_data;
char buffer[32];
long last_read;
int avail;
mutex_lock_nested(&rev->ns->lock, rev->ns->level);
last_read = rev->last_read;
Reported by FlawFinder.
Line: 552
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock_nested(&rev->ns->lock, rev->ns->level);
}
avail = sprintf(buffer, "%ld\n", rev->ns->revision);
if (*ppos + size > avail) {
rev->last_read = rev->ns->revision;
*ppos = 0;
}
mutex_unlock(&rev->ns->lock);
Reported by FlawFinder.
Line: 714
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL; /* not enough space */
}
outle32 = __cpu_to_le32(data->size);
memcpy(out, &outle32, sizeof(outle32));
out += sizeof(outle32);
memcpy(out, data->data, data->size);
out += data->size;
blocks++;
}
Reported by FlawFinder.
Line: 716
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outle32 = __cpu_to_le32(data->size);
memcpy(out, &outle32, sizeof(outle32));
out += sizeof(outle32);
memcpy(out, data->data, data->size);
out += data->size;
blocks++;
}
}
aa_put_label(label);
Reported by FlawFinder.
Line: 724
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aa_put_label(label);
outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
memcpy(buf, &outle32, sizeof(outle32));
outle32 = __cpu_to_le32(blocks);
memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
return out - buf;
}
Reported by FlawFinder.
Line: 726
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
memcpy(buf, &outle32, sizeof(outle32));
outle32 = __cpu_to_le32(blocks);
memcpy(buf + sizeof(bytes), &outle32, sizeof(outle32));
return out - buf;
}
/**
Reported by FlawFinder.
Line: 1304
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (aa_g_rawdata_compression_level == 0) {
if (dlen < slen)
return -EINVAL;
memcpy(dst, src, slen);
return 0;
}
memset(&strm, 0, sizeof(strm));
Reported by FlawFinder.
Line: 1584
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return ERR_PTR(-ENOMEM);
for (; depth > 0; depth--) {
strcpy(s, "../../");
s += 6;
size -= 6;
}
error = snprintf(s, size, "raw_data/%s/%s", dirname, fname);
Reported by FlawFinder.
Line: 1699
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
mangle_name(profile->base.name, profile->dirname);
sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
}
dent = aafs_create_dir(profile->dirname, parent);
if (IS_ERR(dent))
goto fail;
Reported by FlawFinder.
Line: 2562
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int policy_readlink(struct dentry *dentry, char __user *buffer,
int buflen)
{
char name[32];
int res;
res = snprintf(name, sizeof(name), "%s:[%lu]", AAFS_NAME,
d_inode(dentry)->i_ino);
if (res > 0 && res < sizeof(name))
Reported by FlawFinder.
drivers/scsi/esas2r/esas2r_flash.c
14 issues
Line: 536
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
esas2r_print_flash_rev(a);
/* Update the type of boot image on the card */
memcpy(a->image_type, fi->rel_version,
sizeof(fi->rel_version));
complete_fmapi_req(a, rq, FI_STAT_SUCCESS);
return;
}
Reported by FlawFinder.
Line: 1091
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
|| month > 12
|| year < 2006
|| year > 9999) {
strcpy(a->flash_rev, "not found");
a->flash_ver = 0;
return false;
}
sprintf(a->flash_rev, "%02d/%02d/%04d", month, day, year);
Reported by FlawFinder.
Line: 1096
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return false;
}
sprintf(a->flash_rev, "%02d/%02d/%04d", month, day, year);
esas2r_hdebug("flash version: %s", a->flash_rev);
return true;
}
/*
Reported by FlawFinder.
Line: 1134
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto invalid_rev;
if (bh->code_type == CODE_TYPE_PC) {
strcpy(a->image_type, "BIOS");
return true;
} else if (bh->code_type == CODE_TYPE_EFI) {
struct esas2r_efi_image *ei;
Reported by FlawFinder.
Line: 1148
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
switch (le16_to_cpu(ei->machine_type)) {
case EFI_MACHINE_IA32:
strcpy(a->image_type, "EFI 32-bit");
return true;
case EFI_MACHINE_IA64:
strcpy(a->image_type, "EFI itanium");
return true;
Reported by FlawFinder.
Line: 1152
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return true;
case EFI_MACHINE_IA64:
strcpy(a->image_type, "EFI itanium");
return true;
case EFI_MACHINE_X64:
strcpy(a->image_type, "EFI 64-bit");
return true;
Reported by FlawFinder.
Line: 1156
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return true;
case EFI_MACHINE_X64:
strcpy(a->image_type, "EFI 64-bit");
return true;
case EFI_MACHINE_EBC:
strcpy(a->image_type, "EFI EBC");
return true;
Reported by FlawFinder.
Line: 1160
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return true;
case EFI_MACHINE_EBC:
strcpy(a->image_type, "EFI EBC");
return true;
default:
goto invalid_rev;
}
Reported by FlawFinder.
Line: 1181
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
invalid_rev:
strcpy(a->image_type, "no boot images");
return false;
}
/*
* Read and validate current NVRAM parameters by accessing
Reported by FlawFinder.
Line: 1281
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
}
memcpy(&sas_address_bytes[0], n->sas_addr, 8);
if (sas_address_bytes[0] != 0x50
|| sas_address_bytes[1] != 0x01
|| sas_address_bytes[2] != 0x08
|| (sas_address_bytes[3] & 0xF0) != 0x60
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/core_thermal.c
14 issues
Line: 278
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlxsw_thermal *thermal = tzdev->devdata;
struct device *dev = thermal->bus_info->dev;
char mtmp_pl[MLXSW_REG_MTMP_LEN];
int temp;
int err;
mlxsw_reg_mtmp_pack(mtmp_pl, 0, false, false);
Reported by FlawFinder.
Line: 434
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *p_crit_temp,
int *p_emerg_temp)
{
char mtmp_pl[MLXSW_REG_MTMP_LEN];
int err;
/* Read module temperature and thresholds. */
mlxsw_reg_mtmp_pack(mtmp_pl, sensor_index, false, false);
err = mlxsw_reg_query(core, MLXSW_REG(mtmp), mtmp_pl);
Reported by FlawFinder.
Line: 577
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlxsw_thermal_module *tz = tzdev->devdata;
struct mlxsw_thermal *thermal = tz->parent;
char mtmp_pl[MLXSW_REG_MTMP_LEN];
u16 index;
int temp;
int err;
index = MLXSW_REG_MTMP_GBOX_INDEX_MIN + tz->module;
Reported by FlawFinder.
Line: 622
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlxsw_thermal *thermal = cdev->devdata;
struct device *dev = thermal->bus_info->dev;
char mfsc_pl[MLXSW_REG_MFSC_LEN];
int err, idx;
u8 duty;
idx = mlxsw_get_cooling_device_idx(thermal, cdev);
if (idx < 0)
Reported by FlawFinder.
Line: 648
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlxsw_thermal *thermal = cdev->devdata;
struct device *dev = thermal->bus_info->dev;
char mfsc_pl[MLXSW_REG_MFSC_LEN];
unsigned long cur_state, i;
int idx;
u8 duty;
int err;
Reported by FlawFinder.
Line: 712
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
mlxsw_thermal_module_tz_init(struct mlxsw_thermal_module *module_tz)
{
char tz_name[MLXSW_THERMAL_ZONE_MAX_NAME];
int err;
snprintf(tz_name, sizeof(tz_name), "mlxsw-module%d",
module_tz->module + 1);
module_tz->tzdev = thermal_zone_device_register(tz_name,
Reported by FlawFinder.
Line: 756
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
module_tz->module = module;
module_tz->parent = thermal;
memcpy(module_tz->trips, default_thermal_trips,
sizeof(thermal->trips));
/* Initialize all trip point. */
mlxsw_thermal_module_trips_reset(module_tz);
/* Read module temperature and thresholds. */
mlxsw_thermal_module_temp_and_thresholds_get(core, sensor_index, &dummy_temp,
Reported by FlawFinder.
Line: 782
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_thermal *thermal)
{
struct mlxsw_thermal_module *module_tz;
char mgpir_pl[MLXSW_REG_MGPIR_LEN];
int i, err;
if (!mlxsw_core_res_query_enabled(core))
return 0;
Reported by FlawFinder.
Line: 842
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
mlxsw_thermal_gearbox_tz_init(struct mlxsw_thermal_module *gearbox_tz)
{
char tz_name[MLXSW_THERMAL_ZONE_MAX_NAME];
int ret;
snprintf(tz_name, sizeof(tz_name), "mlxsw-gearbox%d",
gearbox_tz->module + 1);
gearbox_tz->tzdev = thermal_zone_device_register(tz_name,
Reported by FlawFinder.
Line: 876
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
enum mlxsw_reg_mgpir_device_type device_type;
struct mlxsw_thermal_module *gearbox_tz;
char mgpir_pl[MLXSW_REG_MGPIR_LEN];
u8 gbox_num;
int i;
int err;
if (!mlxsw_core_res_query_enabled(core))
Reported by FlawFinder.
drivers/gpu/drm/i915/gt/sysfs_engines.c
14 issues
Line: 27
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
name_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "%s\n", kobj_to_engine(kobj)->name);
}
static struct kobj_attribute name_attr =
__ATTR(name, 0444, name_show, NULL);
Reported by FlawFinder.
Line: 36
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
class_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", kobj_to_engine(kobj)->uabi_class);
}
static struct kobj_attribute class_attr =
__ATTR(class, 0444, class_show, NULL);
Reported by FlawFinder.
Line: 45
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
inst_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", kobj_to_engine(kobj)->uabi_instance);
}
static struct kobj_attribute inst_attr =
__ATTR(instance, 0444, inst_show, NULL);
Reported by FlawFinder.
Line: 54
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
mmio_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "0x%x\n", kobj_to_engine(kobj)->mmio_base);
}
static struct kobj_attribute mmio_attr =
__ATTR(mmio_base, 0444, mmio_show, NULL);
Reported by FlawFinder.
Line: 184
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->props.max_busywait_duration_ns);
}
static struct kobj_attribute max_spin_attr =
__ATTR(max_busywait_duration_ns, 0644, max_spin_show, max_spin_store);
Reported by FlawFinder.
Line: 195
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->defaults.max_busywait_duration_ns);
}
static struct kobj_attribute max_spin_def =
__ATTR(max_busywait_duration_ns, 0444, max_spin_default, NULL);
Reported by FlawFinder.
Line: 237
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->props.timeslice_duration_ms);
}
static struct kobj_attribute timeslice_duration_attr =
__ATTR(timeslice_duration_ms, 0644, timeslice_show, timeslice_store);
Reported by FlawFinder.
Line: 248
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->defaults.timeslice_duration_ms);
}
static struct kobj_attribute timeslice_duration_def =
__ATTR(timeslice_duration_ms, 0444, timeslice_default, NULL);
Reported by FlawFinder.
Line: 287
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->props.stop_timeout_ms);
}
static struct kobj_attribute stop_timeout_attr =
__ATTR(stop_timeout_ms, 0644, stop_show, stop_store);
Reported by FlawFinder.
Line: 298
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct intel_engine_cs *engine = kobj_to_engine(kobj);
return sprintf(buf, "%lu\n", engine->defaults.stop_timeout_ms);
}
static struct kobj_attribute stop_timeout_def =
__ATTR(stop_timeout_ms, 0444, stop_default, NULL);
Reported by FlawFinder.
fs/jfs/xattr.c
14 issues
Line: 1017
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
err = -ENOMEM;
break;
}
strcpy(name, XATTR_SECURITY_PREFIX);
strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name);
err = __jfs_setxattr(*tid, inode, name,
xattr->value, xattr->value_len, 0);
kfree(name);
Reported by FlawFinder.
Line: 1018
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
break;
}
strcpy(name, XATTR_SECURITY_PREFIX);
strcpy(name + XATTR_SECURITY_PREFIX_LEN, xattr->name);
err = __jfs_setxattr(*tid, inode, name,
xattr->value, xattr->value_len, 0);
kfree(name);
if (err < 0)
Reported by FlawFinder.
Line: 108
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int len = ea->namelen;
if (!is_known_namespace(ea->name)) {
memcpy(buffer, XATTR_OS2_PREFIX, XATTR_OS2_PREFIX_LEN);
buffer += XATTR_OS2_PREFIX_LEN;
len += XATTR_OS2_PREFIX_LEN;
}
memcpy(buffer, ea->name, ea->namelen);
buffer[ea->namelen] = 0;
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buffer += XATTR_OS2_PREFIX_LEN;
len += XATTR_OS2_PREFIX_LEN;
}
memcpy(buffer, ea->name, ea->namelen);
buffer[ea->namelen] = 0;
return len;
}
Reported by FlawFinder.
Line: 165
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DXDsize(ea, size);
DXDlength(ea, 0);
DXDaddress(ea, 0);
memcpy(ji->i_inline_ea, ealist, size);
ea->flag = DXD_INLINE;
ji->mode2 &= ~INLINEEA;
} else {
ea->flag = 0;
DXDsize(ea, 0);
Reported by FlawFinder.
Line: 261
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto failed;
}
memcpy(mp->data, cp, nb);
/*
* We really need a way to propagate errors for
* forced writes like this one. --hch
*
Reported by FlawFinder.
Line: 334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
!= ea_size)
return -EIO;
memcpy(ealist, ji->i_inline_ea, ea_size);
return 0;
}
/*
* NAME: ea_read
Reported by FlawFinder.
Line: 399
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!(mp = read_metapage(ip, blkno + i, bytes_to_read, 1)))
return -EIO;
memcpy(cp, mp->data, nb);
release_metapage(mp);
cp += PSIZE;
nbytes -= nb;
}
Reported by FlawFinder.
Line: 758
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ea->flag = 0;
ea->namelen = namelen;
ea->valuelen = (cpu_to_le16(value_len));
memcpy(ea->name, name, namelen);
ea->name[namelen] = 0;
if (value_len)
memcpy(&ea->name[namelen + 1], value, value_len);
xattr_size += EA_SIZE(ea);
}
Reported by FlawFinder.
Line: 761
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ea->name, name, namelen);
ea->name[namelen] = 0;
if (value_len)
memcpy(&ea->name[namelen + 1], value, value_len);
xattr_size += EA_SIZE(ea);
}
/* DEBUG - If we did this right, these number match */
if (xattr_size != new_size) {
Reported by FlawFinder.
drivers/scsi/cxgbi/libcxgbi.c
14 issues
Line: 2833
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len = sysfs_format_mac(buf, chba->ndev->dev_addr, 6);
break;
case ISCSI_HOST_PARAM_NETDEV_NAME:
len = sprintf(buf, "%s\n", chba->ndev->name);
break;
case ISCSI_HOST_PARAM_IPADDRESS:
{
struct cxgbi_sock *csk = find_sock_on_port(chba->cdev,
chba->port_id);
Reported by FlawFinder.
Line: 713
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&fl, 0, sizeof(fl));
fl.flowi6_oif = ifindex;
if (saddr)
memcpy(&fl.saddr, saddr, sizeof(struct in6_addr));
if (daddr)
memcpy(&fl.daddr, daddr, sizeof(struct in6_addr));
return (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
}
Reported by FlawFinder.
Line: 715
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (saddr)
memcpy(&fl.saddr, saddr, sizeof(struct in6_addr));
if (daddr)
memcpy(&fl.daddr, daddr, sizeof(struct in6_addr));
return (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
}
static struct cxgbi_sock *
cxgbi_check_route6(struct sockaddr *dst_addr, int ifindex)
Reported by FlawFinder.
Line: 1164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int len = 0;
int i;
memcpy(ppod, &ttinfo->hdr, sizeof(struct cxgbi_pagepod_hdr));
if (sg) {
addr = sg_dma_address(sg);
len = sg_dma_len(sg);
}
Reported by FlawFinder.
Line: 2222
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < tdata->nr_frags; i++, frag++) {
char *src = kmap_atomic(frag->page);
memcpy(dst, src + frag->offset, frag->size);
dst += frag->size;
kunmap_atomic(src);
}
if (padlen) {
Reported by FlawFinder.
Line: 2412
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (!task->sc)
memcpy(skb->data, task->hdr, SKB_TX_ISCSI_PDU_HEADER_MAX);
err = cxgbi_sock_send_skb(csk, skb);
if (err > 0) {
pdulen += err;
Reported by FlawFinder.
Line: 2522
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
stats->digest_err = 0;
stats->timeout_err = 0;
stats->custom_length = 1;
strcpy(stats->custom[0].desc, "eh_abort_cnt");
stats->custom[0].value = conn->eh_abort_cnt;
}
EXPORT_SYMBOL_GPL(cxgbi_get_conn_stats);
static int cxgbi_conn_max_xmit_dlength(struct iscsi_conn *conn)
Reported by FlawFinder.
Line: 2840
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct cxgbi_sock *csk = find_sock_on_port(chba->cdev,
chba->port_id);
if (csk) {
len = sprintf(buf, "%pIS",
(struct sockaddr *)&csk->saddr);
}
log_debug(1 << CXGBI_DBG_ISCSI,
"hba %s, addr %s.\n", chba->ndev->name, buf);
break;
Reported by FlawFinder.
Line: 1727
Column: 64
CWE codes:
120
20
break;
}
log_debug(1 << CXGBI_DBG_PDU_RX, "csk 0x%p, read %u.\n", csk, read);
if (read) {
csk->copied_seq += read;
csk_return_rx_credits(csk, read);
conn->rxdata_octets += read;
}
Reported by FlawFinder.
Line: 1728
Column: 6
CWE codes:
120
20
}
log_debug(1 << CXGBI_DBG_PDU_RX, "csk 0x%p, read %u.\n", csk, read);
if (read) {
csk->copied_seq += read;
csk_return_rx_credits(csk, read);
conn->rxdata_octets += read;
}
Reported by FlawFinder.
drivers/scsi/cxlflash/main.c
14 issues
Line: 471
CWE codes:
476
int rc = 0;
ulong to;
buf = kzalloc(sizeof(*cmd) + __alignof__(*cmd) - 1, GFP_KERNEL);
if (unlikely(!buf)) {
dev_err(dev, "%s: no memory for command\n", __func__);
rc = -ENOMEM;
goto out;
}
Reported by Cppcheck.
Line: 2317
CWE codes:
476
mutex_lock(&afu->sync_active);
atomic_inc(&afu->cmds_active);
buf = kmalloc(sizeof(*cmd) + __alignof__(*cmd) - 1, GFP_KERNEL);
if (unlikely(!buf)) {
dev_err(dev, "%s: no memory for command\n", __func__);
rc = -ENOMEM;
goto out;
}
Reported by Cppcheck.
Line: 73
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ioasa->rc.scsi_rc) {
/* We have a SCSI status */
if (ioasa->rc.flags & SISL_RC_FLAGS_SENSE_VALID) {
memcpy(scp->sense_buffer, ioasa->sense_data,
SISL_SENSE_DATA_LEN);
scp->result = ioasa->rc.scsi_rc;
} else
scp->result = ioasa->rc.scsi_rc | (DID_ERROR << 16);
}
Reported by FlawFinder.
Line: 501
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->rcb.req_flags = (SISL_REQ_FLAGS_PORT_LUN_ID |
SISL_REQ_FLAGS_SUP_UNDERRUN |
SISL_REQ_FLAGS_TMF_CMD);
memcpy(cmd->rcb.cdb, &tmfcmd, sizeof(tmfcmd));
rc = afu->send_cmd(afu, cmd);
if (unlikely(rc)) {
spin_lock_irqsave(&cfg->tmf_slock, lock_flags);
cfg->tmf_active = false;
Reported by FlawFinder.
Line: 1635
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rc = 0;
int ro_start, ro_size, i, j, k;
ssize_t vpd_size;
char vpd_data[CXLFLASH_VPD_LEN];
char tmp_buf[WWPN_BUF_LEN] = { 0 };
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
Reported by FlawFinder.
Line: 1636
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ro_start, ro_size, i, j, k;
ssize_t vpd_size;
char vpd_data[CXLFLASH_VPD_LEN];
char tmp_buf[WWPN_BUF_LEN] = { 0 };
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
Reported by FlawFinder.
Line: 1640
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct dev_dependent_vals *ddv = (struct dev_dependent_vals *)
cfg->dev_id->driver_data;
const bool wwpn_vpd_required = ddv->flags & CXLFLASH_WWPN_VPD_REQUIRED;
const char *wwpn_vpd_tags[MAX_FC_PORTS] = { "V5", "V6", "V7", "V8" };
/* Get the VPD data from the device */
vpd_size = cfg->ops->read_adapter_vpd(pdev, vpd_data, sizeof(vpd_data));
if (unlikely(vpd_size <= 0)) {
dev_err(dev, "%s: Unable to read VPD (size = %ld)\n",
Reported by FlawFinder.
Line: 1705
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(tmp_buf, &vpd_data[i], WWPN_LEN);
rc = kstrtoul(tmp_buf, WWPN_LEN, (ulong *)&wwpn[k]);
if (unlikely(rc)) {
dev_err(dev, "%s: WWPN conversion failed for port %d\n",
__func__, k);
rc = -ENODEV;
Reported by FlawFinder.
Line: 2146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* No byte reverse on reading afu_version or string will be backwards */
reg = readq(&afu->afu_map->global.regs.afu_version);
memcpy(afu->version, ®, sizeof(reg));
afu->interface_version =
readq_be(&afu->afu_map->global.regs.interface_version);
if ((afu->interface_version + 1) == 0) {
dev_err(dev, "Back level AFU, please upgrade. AFU version %s "
"interface version %016llx\n", afu->version,
Reported by FlawFinder.
Line: 2328
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
retry:
memset(cmd, 0, sizeof(*cmd));
memcpy(&cmd->rcb, rcb, sizeof(*rcb));
INIT_LIST_HEAD(&cmd->queue);
init_completion(&cmd->cevent);
cmd->parent = afu;
cmd->hwq_index = hwq->index;
cmd->rcb.ctx_id = hwq->ctx_hndl;
Reported by FlawFinder.
drivers/char/pcmcia/synclink_cs.c
14 issues
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct {
int count;
unsigned char status;
char data[1];
} RXBUF;
/* The queue of BH actions to be performed */
#define BH_RECEIVE 1
Reported by FlawFinder.
Line: 199
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int if_mode; /* serial interface selection (RS-232, v.35 etc) */
char device_name[25]; /* device instance name */
unsigned int io_base; /* base I/O address of adapter */
unsigned int irq_level;
MGSL_PARAMS params; /* communications parameters */
Reported by FlawFinder.
Line: 537
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
init_waitqueue_head(&info->event_wait_q);
spin_lock_init(&info->lock);
spin_lock_init(&info->netlock);
memcpy(&info->params,&default_params,sizeof(MGSL_PARAMS));
info->idle_mode = HDLC_TXIDLE_FLAGS;
info->imra_value = 0xffff;
info->imrb_value = 0xffff;
info->pim_value = 0xff;
Reported by FlawFinder.
Line: 830
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* eom: non-zero = end of frame */
static void rx_ready_hdlc(MGSLPC_INFO *info, int eom)
{
unsigned char data[2];
unsigned char fifo_count, read_count, i;
RXBUF *buf = (RXBUF*)(info->rx_buf + (info->rx_put * info->rx_buf_size));
if (debug_level >= DEBUG_LEVEL_ISR)
printk("%s(%d):rx_ready_hdlc(eom=%d)\n", __FILE__, __LINE__, eom);
Reported by FlawFinder.
Line: 1579
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (c <= 0)
break;
memcpy(info->tx_buf + info->tx_put, buf, c);
spin_lock_irqsave(&info->lock, flags);
info->tx_put = (info->tx_put + c) & (TXBUFSIZE-1);
info->tx_count += c;
spin_unlock_irqrestore(&info->lock, flags);
Reported by FlawFinder.
Line: 1815
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
spin_lock_irqsave(&info->lock, flags);
memcpy(&info->params,&tmp_params,sizeof(MGSL_PARAMS));
spin_unlock_irqrestore(&info->lock, flags);
mgslpc_change_params(info, tty);
return 0;
Reported by FlawFinder.
Line: 2530
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline void line_info(struct seq_file *m, MGSLPC_INFO *info)
{
char stat_buf[30];
unsigned long flags;
seq_printf(m, "%s:io:%04X irq:%d",
info->device_name, info->io_base, info->irq_level);
Reported by FlawFinder.
Line: 2544
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
stat_buf[0] = 0;
stat_buf[1] = 0;
if (info->serial_signals & SerialSignal_RTS)
strcat(stat_buf, "|RTS");
if (info->serial_signals & SerialSignal_CTS)
strcat(stat_buf, "|CTS");
if (info->serial_signals & SerialSignal_DTR)
strcat(stat_buf, "|DTR");
if (info->serial_signals & SerialSignal_DSR)
Reported by FlawFinder.
Line: 2546
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (info->serial_signals & SerialSignal_RTS)
strcat(stat_buf, "|RTS");
if (info->serial_signals & SerialSignal_CTS)
strcat(stat_buf, "|CTS");
if (info->serial_signals & SerialSignal_DTR)
strcat(stat_buf, "|DTR");
if (info->serial_signals & SerialSignal_DSR)
strcat(stat_buf, "|DSR");
if (info->serial_signals & SerialSignal_DCD)
Reported by FlawFinder.
Line: 2548
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (info->serial_signals & SerialSignal_CTS)
strcat(stat_buf, "|CTS");
if (info->serial_signals & SerialSignal_DTR)
strcat(stat_buf, "|DTR");
if (info->serial_signals & SerialSignal_DSR)
strcat(stat_buf, "|DSR");
if (info->serial_signals & SerialSignal_DCD)
strcat(stat_buf, "|CD");
if (info->serial_signals & SerialSignal_RI)
Reported by FlawFinder.