The following issues were found
drivers/media/common/saa7146/saa7146_core.c
1 issues
Line: 356
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
/* create a nice device name */
sprintf(dev->name, "saa7146 (%d)", saa7146_num);
DEB_EE("pci:%p\n", pci);
err = pci_enable_device(pci);
if (err < 0) {
Reported by FlawFinder.
drivers/misc/cxl/pci.c
1 issues
Line: 1065
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* perform aligned read from the mmio region */
memcpy_fromio(tbuf, ebuf + aligned_start, aligned_length);
memcpy(buf, tbuf + (off & 0x7), count);
free_page((unsigned long)tbuf);
return count;
}
Reported by FlawFinder.
drivers/misc/ds1682.c
1 issues
Line: 94
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* Special case: the 32 bit regs are time values with 1/4s
* resolution, scale them up to milliseconds
*/
return sprintf(buf, "%llu\n", (sattr->nr == 4) ? (val * 250) : val);
}
static ssize_t ds1682_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/media/platform/am437x/am437x-vpfe.c
1 issues
Line: 158
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Print Four-character-code (FOURCC) */
static char *print_fourcc(u32 fmt)
{
static char code[5];
code[0] = (unsigned char)(fmt & 0xff);
code[1] = (unsigned char)((fmt >> 8) & 0xff);
code[2] = (unsigned char)((fmt >> 16) & 0xff);
code[3] = (unsigned char)((fmt >> 24) & 0xff);
Reported by FlawFinder.
drivers/md/dm-raid1.c
1 issues
Line: 1400
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int num_feature_args = 0;
struct mirror_set *ms = (struct mirror_set *) ti->private;
struct dm_dirty_log *log = dm_rh_dirty_log(ms->rh);
char buffer[MAX_NR_MIRRORS + 1];
switch (type) {
case STATUSTYPE_INFO:
DMEMIT("%d ", ms->nr_mirrors);
for (m = 0; m < ms->nr_mirrors; m++) {
Reported by FlawFinder.
drivers/media/platform/allegro-dvt/nal-rbsp.h
1 issues
Line: 48
Column: 28
CWE codes:
120
20
};
extern struct nal_rbsp_ops write;
extern struct nal_rbsp_ops read;
void rbsp_init(struct rbsp *rbsp, void *addr, size_t size,
struct nal_rbsp_ops *ops);
void rbsp_unsupported(struct rbsp *rbsp);
Reported by FlawFinder.
drivers/misc/eeprom/max6875.c
1 issues
Line: 119
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (slice = (off >> SLICE_BITS); slice <= max_slice; slice++)
max6875_update_slice(client, slice);
memcpy(buf, &data->data[off], count);
return count;
}
static const struct bin_attribute user_eeprom_attr = {
Reported by FlawFinder.
drivers/media/platform/allegro-dvt/allegro-core.c
1 issues
Line: 2228
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
v4l2_dbg(1, debug, &dev->v4l2_dev,
"copy codec firmware (%zd B) to phys %pad\n",
size, &dev->firmware.paddr);
memcpy(dev->firmware.vaddr, buf, size);
regmap_write(dev->regmap, AXI_ADDR_OFFSET_IP,
upper_32_bits(dev->firmware.paddr));
icache_offset = dev->firmware.paddr - MCU_CACHE_OFFSET;
Reported by FlawFinder.
drivers/misc/genwqe/card_base.h
1 issues
Line: 313
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 softreset;
u64 err_inject;
u64 last_gfir;
char app_name[5];
spinlock_t file_lock; /* lock for open files */
struct list_head file_list; /* list of open files */
/* debugfs parameters */
Reported by FlawFinder.
drivers/media/common/cypress_firmware.c
1 issues
Line: 65
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hx->addr |= (b[4] << 24) | (b[5] << 16);
}
memcpy(hx->data, &b[data_offs], hx->len);
hx->chk = b[hx->len + data_offs];
*pos += hx->len + 5;
return *pos;
}
Reported by FlawFinder.