The following issues were found
drivers/mtd/parsers/cmdlinepart.c
1 issues
Line: 198
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (name)
strlcpy(extra_mem, name, name_len + 1);
else
sprintf(extra_mem, "Partition_%03d", this_part);
parts[this_part].name = extra_mem;
extra_mem += name_len + 1;
dbg(("partition %d: name <%s>, offset %llx, size %llx, mask flags %x\n",
this_part, parts[this_part].name, parts[this_part].offset,
Reported by FlawFinder.
drivers/mtd/parsers/ofpart_bcm4908.c
1 issues
Line: 28
Column: 16
CWE codes:
126
return -ENOENT;
of_property_for_each_string(root, "brcm_blparms", prop, s) {
size_t len = strlen(BLPARAMS_FW_OFFSET);
unsigned long offset;
int err;
if (strncmp(s, BLPARAMS_FW_OFFSET, len) || s[len] != '=')
continue;
Reported by FlawFinder.
drivers/mtd/parsers/ofpart_core.c
1 issues
Line: 227
Column: 14
CWE codes:
126
parts[i].mask_flags = MTD_WRITEABLE;
if (names && (plen > 0)) {
int len = strlen(names) + 1;
parts[i].name = names;
plen -= len;
names += len;
} else {
Reported by FlawFinder.
drivers/mtd/parsers/ofpart_linksys_ns.c
1 issues
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ofpart_linksys_ns_bootpartition(void)
{
char buf[4];
int bootpartition;
/* Check CFE environment variable */
if (bcm47xx_nvram_getenv(NVRAM_BOOT_PART, buf, sizeof(buf)) > 0) {
if (!kstrtoint(buf, 0, &bootpartition))
Reported by FlawFinder.
drivers/mtd/parsers/qcomsmempart.c
1 issues
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @attr: Flags for this partition
*/
struct smem_flash_pentry {
char name[SMEM_FLASH_PTABLE_NAME_SIZE];
__le32 offset;
__le32 length;
u8 attr;
} __packed __aligned(4);
Reported by FlawFinder.
drivers/media/i2c/tvp514x.c
1 issues
Line: 1049
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Initialize the tvp514x_decoder with default configuration */
*decoder = tvp514x_dev;
/* Copy default register configuration */
memcpy(decoder->tvp514x_regs, tvp514x_reg_list_default,
sizeof(tvp514x_reg_list_default));
decoder->int_seq = (struct tvp514x_reg *)id->driver_data;
/* Copy board specific information here */
Reported by FlawFinder.
drivers/media/i2c/saa7185.c
1 issues
Line: 36
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct saa7185 {
struct v4l2_subdev sd;
unsigned char reg[128];
v4l2_std_id norm;
};
static inline struct saa7185 *to_saa7185(struct v4l2_subdev *sd)
Reported by FlawFinder.
drivers/mtd/spi-nor/otp.c
1 issues
Line: 365
Column: 15
CWE codes:
120
20
if (is_write)
ret = ops->write(nor, rstart + rofs, len, buf);
else
ret = ops->read(nor, rstart + rofs, len, (u8 *)buf);
if (ret == 0)
ret = -EIO;
if (ret < 0)
goto out;
Reported by FlawFinder.
drivers/md/md-linear.c
1 issues
Line: 218
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool linear_make_request(struct mddev *mddev, struct bio *bio)
{
char b[BDEVNAME_SIZE];
struct dev_info *tmp_dev;
sector_t start_sector, end_sector, data_offset;
sector_t bio_sector = bio->bi_iter.bi_sector;
if (unlikely(bio->bi_opf & REQ_PREFLUSH)
Reported by FlawFinder.
drivers/md/dm-zoned.h
1 issues
Line: 59
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dmz_metadata *metadata;
struct dmz_reclaim *reclaim;
char name[BDEVNAME_SIZE];
uuid_t uuid;
sector_t capacity;
unsigned int dev_idx;
Reported by FlawFinder.