The following issues were found
fs/cifs/cifs_uniupr.h
12 issues
Line: 12
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* Latin upper case
*/
signed char CifsUniUpperTable[512] = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 000-00f */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 010-01f */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 020-02f */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 030-03f */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 040-04f */
Reported by FlawFinder.
Line: 48
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Upper case range - Greek */
static signed char UniCaseRangeU03a0[47] = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -38, -37, -37, -37, /* 3a0-3af */
0, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, /* 3b0-3bf */
-32, -32, -31, -32, -32, -32, -32, -32, -32, -32, -32, -32, -64,
-63, -63,
};
Reported by FlawFinder.
Line: 56
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Upper case range - Cyrillic */
static signed char UniCaseRangeU0430[48] = {
-32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, /* 430-43f */
-32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, /* 440-44f */
0, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, -80, 0, -80, -80, /* 450-45f */
};
Reported by FlawFinder.
Line: 63
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Upper case range - Extended cyrillic */
static signed char UniCaseRangeU0490[61] = {
0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 490-49f */
0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 4a0-4af */
0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 4b0-4bf */
0, 0, -1, 0, -1, 0, 0, 0, -1, 0, 0, 0, -1,
};
Reported by FlawFinder.
Line: 71
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Upper case range - Extended latin and greek */
static signed char UniCaseRangeU1e00[509] = {
0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e00-1e0f */
0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e10-1e1f */
0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e20-1e2f */
0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e30-1e3f */
0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, 0, -1, /* 1e40-1e4f */
Reported by FlawFinder.
Line: 107
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Upper case range - Wide latin */
static signed char UniCaseRangeUff40[27] = {
0, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32, /* ff40-ff4f */
-32, -32, -32, -32, -32, -32, -32, -32, -32, -32, -32,
};
/*
Reported by FlawFinder.
Line: 129
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* Latin lower case
*/
signed char CifsUniLowerTable[512] = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 000-00f */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 010-01f */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 020-02f */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 030-03f */
0, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, /* 040-04f */
Reported by FlawFinder.
Line: 165
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Lower case range - Greek */
static signed char UniCaseRangeL0380[44] = {
0, 0, 0, 0, 0, 0, 38, 0, 37, 37, 37, 0, 64, 0, 63, 63, /* 380-38f */
0, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, /* 390-39f */
32, 32, 0, 32, 32, 32, 32, 32, 32, 32, 32, 32,
};
Reported by FlawFinder.
Line: 172
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Lower case range - Cyrillic */
static signed char UniCaseRangeL0400[48] = {
0, 80, 80, 80, 80, 80, 80, 80, 80, 80, 80, 80, 80, 0, 80, 80, /* 400-40f */
32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, /* 410-41f */
32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, /* 420-42f */
};
Reported by FlawFinder.
Line: 179
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Lower case range - Extended cyrillic */
static signed char UniCaseRangeL0490[60] = {
1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 490-49f */
1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 4a0-4af */
1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, /* 4b0-4bf */
0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1,
};
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c
12 issues
Line: 2929
vega12_check_smc_update_required_for_display_configuration,
.power_off_asic = vega12_power_off_asic,
.disable_smc_firmware_ctf = vega12_thermal_disable_alert,
#if 0
.set_power_profile_state = vega12_set_power_profile_state,
.get_sclk_od = vega12_get_sclk_od,
.set_sclk_od = vega12_set_sclk_od,
.get_mclk_od = vega12_get_mclk_od,
.set_mclk_od = vega12_set_mclk_od,
Reported by Cppcheck.
Line: 2150
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ret);
size += sprintf(buf + size, "Current ppfeatures: 0x%016llx\n", features_enabled);
size += sprintf(buf + size, "%-19s %-22s %s\n",
output_title[0],
output_title[1],
output_title[2]);
for (i = 0; i < GNLD_FEATURES_MAX; i++) {
size += sprintf(buf + size, "%-19s 0x%016llx %6s\n",
Reported by FlawFinder.
Line: 2155
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
output_title[1],
output_title[2]);
for (i = 0; i < GNLD_FEATURES_MAX; i++) {
size += sprintf(buf + size, "%-19s 0x%016llx %6s\n",
ppfeature_name[i],
1ULL << i,
(features_enabled & (1ULL << i)) ? "Y" : "N");
}
Reported by FlawFinder.
Line: 2259
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"Attempt to get gfx clk levels Failed!",
return -1);
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, clocks.data[i].clocks_in_khz / 1000,
(clocks.data[i].clocks_in_khz / 1000 == now / 100) ? "*" : "");
break;
case PP_MCLK:
Reported by FlawFinder.
Line: 2275
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"Attempt to get memory clk levels Failed!",
return -1);
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, clocks.data[i].clocks_in_khz / 1000,
(clocks.data[i].clocks_in_khz / 1000 == now / 100) ? "*" : "");
break;
case PP_SOCCLK:
Reported by FlawFinder.
Line: 2293
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"Attempt to get soc clk levels Failed!",
return -1);
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, clocks.data[i].clocks_in_khz / 1000,
(clocks.data[i].clocks_in_khz / 1000 == now) ? "*" : "");
break;
case PP_DCEFCLK:
Reported by FlawFinder.
Line: 2311
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"Attempt to get dcef clk levels Failed!",
return -1);
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, clocks.data[i].clocks_in_khz / 1000,
(clocks.data[i].clocks_in_khz / 1000 == now) ? "*" : "");
break;
case PP_PCIE:
Reported by FlawFinder.
Line: 769
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vega12_init_dpm_state(&(dpm_table->dpm_state));
/* save a copy of the default DPM table */
memcpy(&(data->golden_dpm_table), &(data->dpm_table),
sizeof(struct vega12_dpm_table));
return 0;
}
Reported by FlawFinder.
Line: 840
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
NULL);
}
memcpy(pp_table, pptable_information->smc_pptable, sizeof(PPTable_t));
result = smum_smc_table_manager(hwmgr,
(uint8_t *)pp_table, TABLE_PPTABLE, false);
PP_ASSERT_WITH_CODE(!result,
"Failed to upload PPtable!", return result);
Reported by FlawFinder.
Line: 1377
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (metrics_table)
memcpy(metrics_table, &data->metrics_table, sizeof(SmuMetrics_t));
return ret;
}
static int vega12_get_gpu_power(struct pp_hwmgr *hwmgr, uint32_t *query)
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
12 issues
Line: 1217
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!found)
sprintf(name, "%pM Gigabit Ethernet", adapter->mac_addr);
else
sprintf(name, "%pM: %s" , adapter->mac_addr,
qlcnic_boards[i].short_name);
}
static void
qlcnic_check_options(struct qlcnic_adapter *adapter)
Reported by FlawFinder.
Line: 307
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(netdev->dev_addr, mac_addr, ETH_ALEN);
memcpy(adapter->mac_addr, netdev->dev_addr, netdev->addr_len);
/* set station address */
if (!is_valid_ether_addr(netdev->dev_addr))
Reported by FlawFinder.
Line: 308
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
memcpy(netdev->dev_addr, mac_addr, ETH_ALEN);
memcpy(adapter->mac_addr, netdev->dev_addr, netdev->addr_len);
/* set station address */
if (!is_valid_ether_addr(netdev->dev_addr))
dev_warn(&pdev->dev, "Bad MAC address %pM.\n",
Reported by FlawFinder.
Line: 358
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
qlcnic_delete_adapter_mac(adapter);
memcpy(adapter->mac_addr, addr->sa_data, netdev->addr_len);
memcpy(netdev->dev_addr, addr->sa_data, netdev->addr_len);
qlcnic_set_multi(adapter->netdev);
if (test_bit(__QLCNIC_DEV_UP, &adapter->state)) {
netif_device_attach(netdev);
Reported by FlawFinder.
Line: 359
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qlcnic_delete_adapter_mac(adapter);
memcpy(adapter->mac_addr, addr->sa_data, netdev->addr_len);
memcpy(netdev->dev_addr, addr->sa_data, netdev->addr_len);
qlcnic_set_multi(adapter->netdev);
if (test_bit(__QLCNIC_DEV_UP, &adapter->state)) {
netif_device_attach(netdev);
qlcnic_napi_enable(adapter);
Reported by FlawFinder.
Line: 466
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EOPNOTSUPP;
ppid->id_len = sizeof(ahw->phys_port_id);
memcpy(ppid->id, ahw->phys_port_id, ppid->id_len);
return 0;
}
static int qlcnic_udp_tunnel_sync(struct net_device *dev, unsigned int table)
Reported by FlawFinder.
Line: 1047
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
adapter->npars[j].min_bw = pci_info[i].tx_min_bw;
adapter->npars[j].max_bw = pci_info[i].tx_max_bw;
memcpy(&adapter->npars[j].mac, &pci_info[i].mac, ETH_ALEN);
j++;
}
/* Update eSwitch status for adapters without per port eSwitch
* configuration capability
Reported by FlawFinder.
Line: 1215
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (!found)
sprintf(name, "%pM Gigabit Ethernet", adapter->mac_addr);
else
sprintf(name, "%pM: %s" , adapter->mac_addr,
qlcnic_boards[i].short_name);
}
Reported by FlawFinder.
Line: 2447
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qlcnic_adapter *adapter = NULL;
struct qlcnic_hardware_context *ahw;
int err, pci_using_dac = -1;
char board_name[QLCNIC_MAX_BOARD_NAME_LEN + 19]; /* MAC + ": " + name */
err = pci_enable_device(pdev);
if (err)
return err;
Reported by FlawFinder.
Line: 3971
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int queue_type)
{
struct net_device *netdev = adapter->netdev;
char buf[8];
if (queue_type == QLCNIC_RX_QUEUE)
strcpy(buf, "SDS");
else
strcpy(buf, "Tx");
Reported by FlawFinder.
drivers/pcmcia/ds.c
12 issues
Line: 1003
Column: 23
CWE codes:
134
Suggestion:
Make format string constant
static ssize_t field##_show (struct device *dev, struct device_attribute *attr, char *buf) \
{ \
struct pcmcia_device *p_dev = to_pcmcia_dev(dev); \
return p_dev->test ? sprintf(buf, format, p_dev->field) : -ENODEV; \
} \
static DEVICE_ATTR_RO(field);
#define pcmcia_device_stringattr(name, field) \
static ssize_t name##_show (struct device *dev, struct device_attribute *attr, char *buf) \
Reported by FlawFinder.
Line: 1011
Column: 24
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t name##_show (struct device *dev, struct device_attribute *attr, char *buf) \
{ \
struct pcmcia_device *p_dev = to_pcmcia_dev(dev); \
return p_dev->field ? sprintf(buf, "%s\n", p_dev->field) : -ENODEV; \
} \
static DEVICE_ATTR_RO(name);
pcmcia_device_attr(func_id, has_func_id, "0x%02x\n");
pcmcia_device_attr(manf_id, has_manf_id, "0x%04x\n");
Reported by FlawFinder.
Line: 121
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dynid->id.func_id = func_id;
dynid->id.function = function;
dynid->id.device_no = device_no;
memcpy(dynid->id.prod_id_hash, prod_id_hash, sizeof(__u32) * 4);
mutex_lock(&pdrv->dynids.lock);
list_add_tail(&dynid->node, &pdrv->dynids.list);
mutex_unlock(&pdrv->dynids.lock);
Reported by FlawFinder.
Line: 1027
Column: 25
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
struct pcmcia_device *p_dev = to_pcmcia_dev(dev);
return p_dev->socket ? sprintf(buf, "0x%02x\n", p_dev->func) : -ENODEV;
}
static DEVICE_ATTR_RO(function);
static ssize_t resources_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 1039
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i;
for (i = 0; i < PCMCIA_NUM_RESOURCES; i++)
str += sprintf(str, "%pr\n", p_dev->resource[i]);
return str - buf;
}
static DEVICE_ATTR_RO(resources);
Reported by FlawFinder.
Line: 1050
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct pcmcia_device *p_dev = to_pcmcia_dev(dev);
if (p_dev->suspended)
return sprintf(buf, "off\n");
else
return sprintf(buf, "on\n");
}
static ssize_t pm_state_store(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 1052
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (p_dev->suspended)
return sprintf(buf, "off\n");
else
return sprintf(buf, "on\n");
}
static ssize_t pm_state_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 1086
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
hash[i] = crc32(0, p_dev->prod_id[i],
strlen(p_dev->prod_id[i]));
}
return sprintf(buf, "pcmcia:m%04Xc%04Xf%02Xfn%02Xpfn%02X"
"pa%08Xpb%08Xpc%08Xpd%08X\n",
p_dev->has_manf_id ? p_dev->manf_id : 0,
p_dev->has_card_id ? p_dev->card_id : 0,
p_dev->has_func_id ? p_dev->func_id : 0,
p_dev->func, p_dev->device_no,
Reported by FlawFinder.
Line: 58
Column: 37
CWE codes:
126
if (!did->prod_id[i])
continue;
hash = crc32(0, did->prod_id[i], strlen(did->prod_id[i]));
if (hash == did->prod_id_hash[i])
continue;
printk(KERN_DEBUG "pcmcia: %s: invalid hash for "
"product string \"%s\": is 0x%x, should "
Reported by FlawFinder.
Line: 461
Column: 13
CWE codes:
126
tmp = vers1->str + vers1->ofs[i];
length = strlen(tmp) + 1;
if ((length < 2) || (length > 255))
continue;
new = kstrdup(tmp, GFP_KERNEL);
if (!new)
Reported by FlawFinder.
drivers/atm/nicstar.c
12 issues
Line: 818
CWE codes:
476
static void ns_init_card_error(ns_dev *card, int error)
{
if (error >= 17) {
writel(0x00000000, card->membase + CFG);
}
if (error >= 16) {
struct sk_buff *iovb;
while ((iovb = skb_dequeue(&card->iovpool.queue)) != NULL)
dev_kfree_skb_any(iovb);
Reported by Cppcheck.
Line: 172
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static struct timer_list ns_timer;
static char *mac[NS_MAX_CARDS];
module_param_array(mac, charp, NULL, 0);
MODULE_LICENSE("GPL");
/* Functions */
Reported by FlawFinder.
Line: 2062
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i == 1 && ns_rsqe_eopdu(rsqe))
*((u32 *) sb->data) |= 0x00000002;
skb_put(sb, NS_AAL0_HEADER);
memcpy(skb_tail_pointer(sb), cell, ATM_CELL_PAYLOAD);
skb_put(sb, ATM_CELL_PAYLOAD);
ATM_SKB(sb)->vcc = vcc;
__net_timestamp(sb);
vcc->push(vcc, sb);
atomic_inc(&vcc->stats->rx);
Reported by FlawFinder.
Line: 2421
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
card = (ns_dev *) dev->dev_data;
stat = readl(card->membase + STAT);
if (!left--)
return sprintf(page, "Pool count min init max \n");
if (!left--)
return sprintf(page, "Small %5d %5d %5d %5d \n",
ns_stat_sfbqc_get(stat), card->sbnr.min,
card->sbnr.init, card->sbnr.max);
if (!left--)
Reported by FlawFinder.
Line: 2423
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "Pool count min init max \n");
if (!left--)
return sprintf(page, "Small %5d %5d %5d %5d \n",
ns_stat_sfbqc_get(stat), card->sbnr.min,
card->sbnr.init, card->sbnr.max);
if (!left--)
return sprintf(page, "Large %5d %5d %5d %5d \n",
ns_stat_lfbqc_get(stat), card->lbnr.min,
Reported by FlawFinder.
Line: 2427
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ns_stat_sfbqc_get(stat), card->sbnr.min,
card->sbnr.init, card->sbnr.max);
if (!left--)
return sprintf(page, "Large %5d %5d %5d %5d \n",
ns_stat_lfbqc_get(stat), card->lbnr.min,
card->lbnr.init, card->lbnr.max);
if (!left--)
return sprintf(page, "Huge %5d %5d %5d %5d \n",
card->hbpool.count, card->hbnr.min,
Reported by FlawFinder.
Line: 2431
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ns_stat_lfbqc_get(stat), card->lbnr.min,
card->lbnr.init, card->lbnr.max);
if (!left--)
return sprintf(page, "Huge %5d %5d %5d %5d \n",
card->hbpool.count, card->hbnr.min,
card->hbnr.init, card->hbnr.max);
if (!left--)
return sprintf(page, "Iovec %5d %5d %5d %5d \n",
card->iovpool.count, card->iovnr.min,
Reported by FlawFinder.
Line: 2435
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
card->hbpool.count, card->hbnr.min,
card->hbnr.init, card->hbnr.max);
if (!left--)
return sprintf(page, "Iovec %5d %5d %5d %5d \n",
card->iovpool.count, card->iovnr.min,
card->iovnr.init, card->iovnr.max);
if (!left--) {
int retval;
retval =
Reported by FlawFinder.
Line: 2441
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--) {
int retval;
retval =
sprintf(page, "Interrupt counter: %u \n", card->intcnt);
card->intcnt = 0;
return retval;
}
#if 0
/* Dump 25.6 Mbps PHY registers */
Reported by FlawFinder.
Line: 2461
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
phy_regs[i] = readl(card->membase + DR0) & 0x000000FF;
}
return sprintf(page, "PHY regs: 0x%02X 0x%02X 0x%02X 0x%02X \n",
phy_regs[0], phy_regs[1], phy_regs[2],
phy_regs[3]);
}
#endif /* 0 - Dump 25.6 Mbps PHY registers */
#if 0
Reported by FlawFinder.
fs/ceph/file.c
12 issues
Line: 197
Column: 14
CWE codes:
362
if (IS_ERR(req))
goto out;
req->r_fmode = ceph_flags_to_mode(flags);
req->r_args.open.flags = ceph_flags_sys2wire(flags);
req->r_args.open.mode = cpu_to_le32(create_mode);
out:
return req;
}
Reported by FlawFinder.
Line: 198
Column: 14
CWE codes:
362
goto out;
req->r_fmode = ceph_flags_to_mode(flags);
req->r_args.open.flags = ceph_flags_sys2wire(flags);
req->r_args.open.mode = cpu_to_le32(create_mode);
out:
return req;
}
static int ceph_init_file_info(struct inode *inode, struct file *file,
Reported by FlawFinder.
Line: 275
Column: 23
CWE codes:
362
BUG_ON(inode->i_fop->release == ceph_release);
/* call the proper open fop */
ret = inode->i_fop->open(inode, file);
}
return ret;
}
/*
Reported by FlawFinder.
Line: 489
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*pino = ino;
ceph_take_cap_refs(ci, want, false);
memcpy(lo, &ci->i_cached_layout, sizeof(*lo));
rcu_assign_pointer(lo->pool_ns,
ceph_try_get_string(ci->i_cached_layout.pool_ns));
got = want;
no_async:
spin_unlock(&ci->i_ceph_lock);
Reported by FlawFinder.
Line: 575
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ceph_file_layout *lo)
{
int ret;
char xattr_buf[4];
struct ceph_mds_reply_inode in = { };
struct ceph_mds_reply_info_in iinfo = { .in = &in };
struct ceph_inode_info *ci = ceph_inode(dir);
struct inode *inode;
struct timespec64 now;
Reported by FlawFinder.
Line: 707
Column: 14
CWE codes:
362
mask = CEPH_STAT_CAP_INODE | CEPH_CAP_AUTH_SHARED;
if (ceph_security_xattr_wanted(dir))
mask |= CEPH_CAP_XATTR_SHARED;
req->r_args.open.mask = cpu_to_le32(mask);
req->r_parent = dir;
ihold(dir);
if (flags & O_CREAT) {
struct ceph_file_layout lo;
Reported by FlawFinder.
Line: 725
Column: 16
CWE codes:
362
try_prep_async_create(dir, dentry, &lo,
&req->r_deleg_ino))) {
set_bit(CEPH_MDS_R_ASYNC, &req->r_req_flags);
req->r_args.open.flags |= cpu_to_le32(CEPH_O_EXCL);
req->r_callback = ceph_async_create_cb;
err = ceph_mdsc_submit_request(mdsc, dir, req);
if (!err) {
err = ceph_finish_async_create(dir, dentry,
file, mode, req,
Reported by FlawFinder.
Line: 1611
Column: 22
CWE codes:
120
20
i_size = i_size_read(inode);
if (retry_op == READ_INLINE) {
BUG_ON(ret > 0 || read > 0);
if (iocb->ki_pos < i_size &&
iocb->ki_pos < PAGE_SIZE) {
loff_t end = min_t(loff_t, i_size,
iocb->ki_pos + len);
end = min_t(loff_t, end, PAGE_SIZE);
Reported by FlawFinder.
Line: 1625
Column: 33
CWE codes:
120
20
iocb->ki_pos += ret;
read += ret;
}
if (iocb->ki_pos < i_size && read < len) {
size_t zlen = min_t(size_t, len - read,
i_size - iocb->ki_pos);
ret = iov_iter_zero(zlen, to);
iocb->ki_pos += ret;
read += ret;
Reported by FlawFinder.
Line: 1626
Column: 39
CWE codes:
120
20
read += ret;
}
if (iocb->ki_pos < i_size && read < len) {
size_t zlen = min_t(size_t, len - read,
i_size - iocb->ki_pos);
ret = iov_iter_zero(zlen, to);
iocb->ki_pos += ret;
read += ret;
}
Reported by FlawFinder.
drivers/scsi/scsi_transport_spi.c
12 issues
Line: 279
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct spi_transport_attrs *tp; \
\
tp = (struct spi_transport_attrs *)&starget->starget_data; \
return snprintf(buf, 20, format_string, tp->field); \
}
#define spi_transport_store_simple(field, format_string) \
\
static ssize_t \
Reported by FlawFinder.
Line: 312
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
tp = (struct spi_transport_attrs *)&starget->starget_data; \
if (i->f->get_##field) \
i->f->get_##field(starget); \
return snprintf(buf, 20, format_string, tp->field); \
}
#define spi_transport_store_function(field, format_string) \
static ssize_t \
store_spi_transport_##field(struct device *dev, \
Reported by FlawFinder.
Line: 569
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (i->f->get_signalling)
i->f->get_signalling(shost);
return sprintf(buf, "%s\n", spi_signal_to_string(spi_signalling(shost)));
}
static ssize_t store_spi_host_signalling(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 597
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct Scsi_Host *shost = transport_class_to_shost(cdev);
return sprintf(buf, "%s\n", shost->max_id == 16 ? "wide" : "narrow");
}
static DEVICE_ATTR(host_width, S_IRUGO,
show_spi_host_width, NULL);
static ssize_t show_spi_host_hba_id(struct device *cdev,
Reported by FlawFinder.
Line: 90
Column: 15
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static int sprint_frac(char *dest, int value, int denom)
{
int frac = value % denom;
int result = sprintf(dest, "%d", value / denom);
if (frac == 0)
return result;
dest[result++] = '.';
Reported by FlawFinder.
Line: 98
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
do {
denom /= 10;
sprintf(dest + result, "%d", frac / denom);
result++;
frac %= denom;
} while (frac);
dest[result++] = '\0';
Reported by FlawFinder.
Line: 113
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct scsi_sense_hdr *sshdr)
{
int i, result;
unsigned char sense[SCSI_SENSE_BUFFERSIZE];
struct scsi_sense_hdr sshdr_tmp;
if (!sshdr)
sshdr = &sshdr_tmp;
Reported by FlawFinder.
Line: 426
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (picosec == -1) {
len = sprintf(buf, "reserved");
} else {
len = sprint_frac(buf, picosec, 1000);
}
return len;
Reported by FlawFinder.
Line: 608
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct Scsi_Host *shost = transport_class_to_shost(cdev);
return sprintf(buf, "%d\n", shost->this_id);
}
static DEVICE_ATTR(hba_id, S_IRUGO,
show_spi_host_hba_id, NULL);
#define DV_SET(x, y) \
Reported by FlawFinder.
Line: 1137
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (tp->offset > 0 && tp->period > 0) {
unsigned int picosec, kb100;
char *scsi = "FAST-?";
char tmp[8];
if (tp->period <= SPI_STATIC_PPR) {
picosec = ppr_to_ps[tp->period];
switch (tp->period) {
case 7: scsi = "FAST-320"; break;
Reported by FlawFinder.
drivers/nvdimm/label.c
12 issues
Line: 131
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u64 sum_save, sum, size;
unsigned int version, labelsize;
memcpy(sig, nsindex[i]->sig, NSINDEX_SIG_LEN);
if (memcmp(sig, NSINDEX_SIGNATURE, NSINDEX_SIG_LEN) != 0) {
dev_dbg(dev, "nsindex%d signature invalid\n", i);
continue;
}
Reported by FlawFinder.
Line: 263
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dst || !src)
return;
memcpy(dst, src, sizeof_namespace_index(ndd));
}
static struct nd_namespace_label *nd_label_base(struct nvdimm_drvdata *ndd)
{
void *base = to_namespace_index(ndd, 0);
Reported by FlawFinder.
Line: 397
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!slot_valid(ndd, nd_label, slot))
continue;
memcpy(label_uuid, nd_label->uuid, NSLABEL_UUID_LEN);
flags = __le32_to_cpu(nd_label->flags);
if (test_bit(NDD_NOBLK, &nvdimm->flags))
flags &= ~NSLABEL_FLAG_LOCAL;
nd_label_gen_id(&label_id, label_uuid, flags);
res = nvdimm_allocate_dpa(ndd, &label_id,
Reported by FlawFinder.
Line: 653
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
nslot = __le32_to_cpu(nsindex->nslot);
memcpy(nsindex->sig, NSINDEX_SIGNATURE, NSINDEX_SIG_LEN);
memset(&nsindex->flags, 0, 3);
nsindex->labelsize = sizeof_namespace_label(ndd) >> 8;
nsindex->seq = __cpu_to_le32(seq);
offset = (unsigned long) nsindex
- (unsigned long) to_namespace_index(ndd, 0);
Reported by FlawFinder.
Line: 799
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nd_label = to_label(ndd, slot);
memset(nd_label, 0, sizeof_namespace_label(ndd));
memcpy(nd_label->uuid, nspm->uuid, NSLABEL_UUID_LEN);
if (nspm->alt_name)
memcpy(nd_label->name, nspm->alt_name, NSLABEL_NAME_LEN);
nd_label->flags = __cpu_to_le32(flags);
nd_label->nlabel = __cpu_to_le16(nd_region->ndr_mappings);
nd_label->position = __cpu_to_le16(pos);
Reported by FlawFinder.
Line: 801
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(nd_label, 0, sizeof_namespace_label(ndd));
memcpy(nd_label->uuid, nspm->uuid, NSLABEL_UUID_LEN);
if (nspm->alt_name)
memcpy(nd_label->name, nspm->alt_name, NSLABEL_NAME_LEN);
nd_label->flags = __cpu_to_le32(flags);
nd_label->nlabel = __cpu_to_le16(nd_region->ndr_mappings);
nd_label->position = __cpu_to_le16(pos);
nd_label->isetcookie = __cpu_to_le64(cookie);
nd_label->rawsize = __cpu_to_le64(resource_size(res));
Reported by FlawFinder.
Line: 949
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* mark unused labels for garbage collection */
for_each_clear_bit_le(slot, free, nslot) {
nd_label = to_label(ndd, slot);
memcpy(uuid, nd_label->uuid, NSLABEL_UUID_LEN);
if (memcmp(uuid, nsblk->uuid, NSLABEL_UUID_LEN) != 0)
continue;
res = to_resource(ndd, nd_label);
if (res && is_old_resource(res, old_res_list,
old_num_resources))
Reported by FlawFinder.
Line: 1019
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nd_label = to_label(ndd, slot);
memset(nd_label, 0, sizeof_namespace_label(ndd));
memcpy(nd_label->uuid, nsblk->uuid, NSLABEL_UUID_LEN);
if (nsblk->alt_name)
memcpy(nd_label->name, nsblk->alt_name,
NSLABEL_NAME_LEN);
nd_label->flags = __cpu_to_le32(NSLABEL_FLAG_LOCAL);
Reported by FlawFinder.
Line: 1021
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(nd_label, 0, sizeof_namespace_label(ndd));
memcpy(nd_label->uuid, nsblk->uuid, NSLABEL_UUID_LEN);
if (nsblk->alt_name)
memcpy(nd_label->name, nsblk->alt_name,
NSLABEL_NAME_LEN);
nd_label->flags = __cpu_to_le32(NSLABEL_FLAG_LOCAL);
/*
* Use the presence of the type_guid as a flag to
Reported by FlawFinder.
Line: 1096
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!nd_label)
continue;
nlabel++;
memcpy(uuid, nd_label->uuid, NSLABEL_UUID_LEN);
if (memcmp(uuid, nsblk->uuid, NSLABEL_UUID_LEN) != 0)
continue;
nlabel--;
list_move(&label_ent->list, &list);
label_ent->label = NULL;
Reported by FlawFinder.
drivers/nvme/host/fc.c
12 issues
Line: 503
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
nvme_fc_signal_discovery_scan(struct nvme_fc_lport *lport,
struct nvme_fc_rport *rport)
{
char hostaddr[FCNVME_TRADDR_LENGTH]; /* NVMEFC_HOST_TRADDR=...*/
char tgtaddr[FCNVME_TRADDR_LENGTH]; /* NVMEFC_TRADDR=...*/
char *envp[4] = { "FC_EVENT=nvmediscovery", hostaddr, tgtaddr, NULL };
if (!(rport->remoteport.port_role & FC_PORT_ROLE_NVME_DISCOVERY))
return;
Reported by FlawFinder.
Line: 504
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nvme_fc_rport *rport)
{
char hostaddr[FCNVME_TRADDR_LENGTH]; /* NVMEFC_HOST_TRADDR=...*/
char tgtaddr[FCNVME_TRADDR_LENGTH]; /* NVMEFC_TRADDR=...*/
char *envp[4] = { "FC_EVENT=nvmediscovery", hostaddr, tgtaddr, NULL };
if (!(rport->remoteport.port_role & FC_PORT_ROLE_NVME_DISCOVERY))
return;
Reported by FlawFinder.
Line: 505
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char hostaddr[FCNVME_TRADDR_LENGTH]; /* NVMEFC_HOST_TRADDR=...*/
char tgtaddr[FCNVME_TRADDR_LENGTH]; /* NVMEFC_TRADDR=...*/
char *envp[4] = { "FC_EVENT=nvmediscovery", hostaddr, tgtaddr, NULL };
if (!(rport->remoteport.port_role & FC_PORT_ROLE_NVME_DISCOVERY))
return;
snprintf(hostaddr, sizeof(hostaddr),
Reported by FlawFinder.
Line: 1783
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lsop->rport = rport;
lsop->lsrsp = lsrsp;
memcpy(lsop->rqstbuf, lsreqbuf, lsreqbuf_len);
lsop->rqstdatalen = lsreqbuf_len;
spin_lock_irqsave(&rport->lock, flags);
if (rport->remoteport.port_state != FC_OBJSTATE_ONLINE) {
spin_unlock_irqrestore(&rport->lock, flags);
Reported by FlawFinder.
Line: 3648
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
nvme_fc_parse_traddr(struct nvmet_fc_traddr *traddr, char *buf, size_t blen)
{
char name[2 + NVME_FC_TRADDR_HEXNAMELEN + 1];
substring_t wwn = { name, &name[sizeof(name)-1] };
int nnoffset, pnoffset;
/* validate if string is one of the 2 allowed formats */
if (strnlen(buf, blen) == NVME_FC_TRADDR_MAXLENGTH &&
Reported by FlawFinder.
Line: 3673
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
name[1] = 'x';
name[2 + NVME_FC_TRADDR_HEXNAMELEN] = 0;
memcpy(&name[2], &buf[nnoffset], NVME_FC_TRADDR_HEXNAMELEN);
if (__nvme_fc_parse_u64(&wwn, &traddr->nn))
goto out_einval;
memcpy(&name[2], &buf[pnoffset], NVME_FC_TRADDR_HEXNAMELEN);
if (__nvme_fc_parse_u64(&wwn, &traddr->pn))
Reported by FlawFinder.
Line: 3677
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (__nvme_fc_parse_u64(&wwn, &traddr->nn))
goto out_einval;
memcpy(&name[2], &buf[pnoffset], NVME_FC_TRADDR_HEXNAMELEN);
if (__nvme_fc_parse_u64(&wwn, &traddr->pn))
goto out_einval;
return 0;
Reported by FlawFinder.
Line: 3815
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Parse the cgroup id from a buf and return the length of cgrpid */
static int fc_parse_cgrpid(const char *buf, u64 *id)
{
char cgrp_id[16+1];
int cgrpid_len, j;
memset(cgrp_id, 0x0, sizeof(cgrp_id));
for (cgrpid_len = 0, j = 0; cgrpid_len < 17; cgrpid_len++) {
if (buf[cgrpid_len] != ':')
Reported by FlawFinder.
Line: 3845
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 cgrp_id;
int appid_len = 0;
int cgrpid_len = 0;
char app_id[FC_APPID_LEN];
int ret = 0;
if (buf[count-1] == '\n')
count--;
Reported by FlawFinder.
Line: 3862
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
memset(app_id, 0x0, sizeof(app_id));
memcpy(app_id, &buf[cgrpid_len+1], appid_len);
ret = blkcg_set_fc_appid(app_id, cgrp_id, sizeof(app_id));
if (ret < 0)
return ret;
return count;
}
Reported by FlawFinder.
kernel/profile.c
12 issues
Line: 63
Column: 30
CWE codes:
126
static const char kvmstr[] = "kvm";
int par;
if (!strncmp(str, sleepstr, strlen(sleepstr))) {
#ifdef CONFIG_SCHEDSTATS
force_schedstat_enabled();
prof_on = SLEEP_PROFILING;
if (str[strlen(sleepstr)] == ',')
str += strlen(sleepstr) + 1;
Reported by FlawFinder.
Line: 67
Column: 11
CWE codes:
126
#ifdef CONFIG_SCHEDSTATS
force_schedstat_enabled();
prof_on = SLEEP_PROFILING;
if (str[strlen(sleepstr)] == ',')
str += strlen(sleepstr) + 1;
if (get_option(&str, &par))
prof_shift = par;
pr_info("kernel sleep profiling enabled (shift: %ld)\n",
prof_shift);
Reported by FlawFinder.
Line: 68
Column: 11
CWE codes:
126
force_schedstat_enabled();
prof_on = SLEEP_PROFILING;
if (str[strlen(sleepstr)] == ',')
str += strlen(sleepstr) + 1;
if (get_option(&str, &par))
prof_shift = par;
pr_info("kernel sleep profiling enabled (shift: %ld)\n",
prof_shift);
#else
Reported by FlawFinder.
Line: 76
Column: 37
CWE codes:
126
#else
pr_warn("kernel sleep profiling requires CONFIG_SCHEDSTATS\n");
#endif /* CONFIG_SCHEDSTATS */
} else if (!strncmp(str, schedstr, strlen(schedstr))) {
prof_on = SCHED_PROFILING;
if (str[strlen(schedstr)] == ',')
str += strlen(schedstr) + 1;
if (get_option(&str, &par))
prof_shift = par;
Reported by FlawFinder.
Line: 78
Column: 11
CWE codes:
126
#endif /* CONFIG_SCHEDSTATS */
} else if (!strncmp(str, schedstr, strlen(schedstr))) {
prof_on = SCHED_PROFILING;
if (str[strlen(schedstr)] == ',')
str += strlen(schedstr) + 1;
if (get_option(&str, &par))
prof_shift = par;
pr_info("kernel schedule profiling enabled (shift: %ld)\n",
prof_shift);
Reported by FlawFinder.
Line: 79
Column: 11
CWE codes:
126
} else if (!strncmp(str, schedstr, strlen(schedstr))) {
prof_on = SCHED_PROFILING;
if (str[strlen(schedstr)] == ',')
str += strlen(schedstr) + 1;
if (get_option(&str, &par))
prof_shift = par;
pr_info("kernel schedule profiling enabled (shift: %ld)\n",
prof_shift);
} else if (!strncmp(str, kvmstr, strlen(kvmstr))) {
Reported by FlawFinder.
Line: 84
Column: 35
CWE codes:
126
prof_shift = par;
pr_info("kernel schedule profiling enabled (shift: %ld)\n",
prof_shift);
} else if (!strncmp(str, kvmstr, strlen(kvmstr))) {
prof_on = KVM_PROFILING;
if (str[strlen(kvmstr)] == ',')
str += strlen(kvmstr) + 1;
if (get_option(&str, &par))
prof_shift = par;
Reported by FlawFinder.
Line: 86
Column: 11
CWE codes:
126
prof_shift);
} else if (!strncmp(str, kvmstr, strlen(kvmstr))) {
prof_on = KVM_PROFILING;
if (str[strlen(kvmstr)] == ',')
str += strlen(kvmstr) + 1;
if (get_option(&str, &par))
prof_shift = par;
pr_info("kernel KVM profiling enabled (shift: %ld)\n",
prof_shift);
Reported by FlawFinder.
Line: 87
Column: 11
CWE codes:
126
} else if (!strncmp(str, kvmstr, strlen(kvmstr))) {
prof_on = KVM_PROFILING;
if (str[strlen(kvmstr)] == ',')
str += strlen(kvmstr) + 1;
if (get_option(&str, &par))
prof_shift = par;
pr_info("kernel KVM profiling enabled (shift: %ld)\n",
prof_shift);
} else if (get_option(&str, &par)) {
Reported by FlawFinder.
Line: 469
Column: 10
CWE codes:
120
20
read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
{
unsigned long p = *ppos;
ssize_t read;
char *pnt;
unsigned int sample_step = 1 << prof_shift;
profile_flip_buffers();
if (p >= (prof_len+1)*sizeof(unsigned int))
Reported by FlawFinder.