The following issues were found
drivers/infiniband/core/agent.c
1 issues
Line: 122
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err1;
}
memcpy(send_buf->mad, mad_hdr, resp_mad_len);
send_buf->ah = ah;
if (rdma_cap_ib_switch(device)) {
mad_send_wr = container_of(send_buf,
struct ib_mad_send_wr_private,
Reported by FlawFinder.
drivers/hwmon/adt7411.c
1 issues
Line: 172
Column: 25
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct i2c_client *client = data->client;
int ret = i2c_smbus_read_byte_data(client, attr2->index);
return ret < 0 ? ret : sprintf(buf, "%u\n", !!(ret & attr2->nr));
}
static ssize_t adt7411_set_bit(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
drivers/hwmon/ads7871.c
1 issues
Line: 127
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = ads7871_read_reg16(spi, REG_LS_BYTE);
/*result in volts*10000 = (val/8192)*2.5*10000*/
val = ((val >> 2) * 25000) / 8192;
return sprintf(buf, "%d\n", val);
} else {
return -1;
}
}
Reported by FlawFinder.
drivers/hwmon/ads7828.c
1 issues
Line: 65
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (err < 0)
return err;
return sprintf(buf, "%d\n",
DIV_ROUND_CLOSEST(regval * data->lsb_resol, 1000));
}
static SENSOR_DEVICE_ATTR_RO(in0_input, ads7828_in, 0);
static SENSOR_DEVICE_ATTR_RO(in1_input, ads7828_in, 1);
Reported by FlawFinder.
drivers/hv/hv_util.c
1 issues
Line: 97
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void send_hibernate_uevent(struct work_struct *work)
{
char *uevent_env[2] = { "EVENT=hibernate", NULL };
struct hibernate_work_context *ctx;
ctx = container_of(work, struct hibernate_work_context, work);
kobject_uevent_env(&ctx->dev->device.kobj, KOBJ_CHANGE, uevent_env);
Reported by FlawFinder.
drivers/hv/hv.c
1 issues
Line: 98
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aligned_msg->reserved = 0;
aligned_msg->message_type = message_type;
aligned_msg->payload_size = payload_size;
memcpy((void *)aligned_msg->payload, payload, payload_size);
status = hv_do_hypercall(HVCALL_POST_MESSAGE, aligned_msg, NULL);
/* Preemption must remain disabled until after the hypercall
* so some other thread can't get scheduled onto this cpu and
Reported by FlawFinder.
drivers/hid/wacom.h
1 issues
Line: 137
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct wacom *wacom;
struct power_supply_desc bat_desc;
struct power_supply *battery;
char bat_name[WACOM_NAME_MAX];
int bat_status;
int battery_capacity;
int bat_charging;
int bat_connected;
int ps_connected;
Reported by FlawFinder.
drivers/hid/surface-hid/surface_kbd.c
1 issues
Line: 221
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rprt_id != report[0])
return -ENOENT;
memcpy(buf, report, ARRAY_SIZE(report));
return len;
}
static int skbd_set_feature_report(struct surface_hid_device *shid, u8 rprt_id, u8 *buf, size_t len)
{
Reported by FlawFinder.
drivers/hid/surface-hid/surface_hid.c
1 issues
Line: 98
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (offset + length > len)
length = len - offset;
memcpy(buf + offset, &slice->data[0], length);
offset += length;
length = buffer_len;
}
Reported by FlawFinder.
drivers/hid/intel-ish-hid/ishtp-hid.c
1 issues
Line: 85
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ishtp_buf)
return -ENOMEM;
memcpy(ishtp_buf + header_size, buf, len);
hid_ishtp_set_feature(hid, ishtp_buf, ishtp_buf_len, reportnum);
kfree(ishtp_buf);
break;
}
Reported by FlawFinder.