The following issues were found
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
47 issues
Line: 667
Column: 6
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (is_rx_ring(bp, i)) {
num_str = NUM_RING_RX_HW_STATS;
for (j = 0; j < num_str; j++) {
sprintf(buf, "[%d]: %s", i,
bnxt_ring_rx_stats_str[j]);
buf += ETH_GSTRING_LEN;
}
}
if (is_tx_ring(bp, i)) {
Reported by FlawFinder.
Line: 675
Column: 6
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (is_tx_ring(bp, i)) {
num_str = NUM_RING_TX_HW_STATS;
for (j = 0; j < num_str; j++) {
sprintf(buf, "[%d]: %s", i,
bnxt_ring_tx_stats_str[j]);
buf += ETH_GSTRING_LEN;
}
}
num_str = bnxt_get_num_tpa_ring_stats(bp);
Reported by FlawFinder.
Line: 690
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
str = bnxt_ring_tpa_stats_str;
for (j = 0; j < num_str; j++) {
sprintf(buf, "[%d]: %s", i, str[j]);
buf += ETH_GSTRING_LEN;
}
skip_tpa_stats:
if (is_rx_ring(bp, i)) {
num_str = NUM_RING_RX_SW_STATS;
Reported by FlawFinder.
Line: 697
Column: 6
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (is_rx_ring(bp, i)) {
num_str = NUM_RING_RX_SW_STATS;
for (j = 0; j < num_str; j++) {
sprintf(buf, "[%d]: %s", i,
bnxt_rx_sw_stats_str[j]);
buf += ETH_GSTRING_LEN;
}
}
num_str = NUM_RING_CMN_SW_STATS;
Reported by FlawFinder.
Line: 704
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
num_str = NUM_RING_CMN_SW_STATS;
for (j = 0; j < num_str; j++) {
sprintf(buf, "[%d]: %s", i,
bnxt_cmn_sw_stats_str[j]);
buf += ETH_GSTRING_LEN;
}
}
for (i = 0; i < BNXT_NUM_SW_FUNC_STATS; i++) {
Reported by FlawFinder.
Line: 710
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
}
for (i = 0; i < BNXT_NUM_SW_FUNC_STATS; i++) {
strcpy(buf, bnxt_sw_func_stats[i].string);
buf += ETH_GSTRING_LEN;
}
if (bp->flags & BNXT_FLAG_PORT_STATS) {
for (i = 0; i < BNXT_NUM_PORT_STATS; i++) {
Reported by FlawFinder.
Line: 716
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (bp->flags & BNXT_FLAG_PORT_STATS) {
for (i = 0; i < BNXT_NUM_PORT_STATS; i++) {
strcpy(buf, bnxt_port_stats_arr[i].string);
buf += ETH_GSTRING_LEN;
}
}
if (bp->flags & BNXT_FLAG_PORT_STATS_EXT) {
for (i = 0; i < bp->fw_rx_stats_ext_size; i++) {
Reported by FlawFinder.
Line: 722
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
if (bp->flags & BNXT_FLAG_PORT_STATS_EXT) {
for (i = 0; i < bp->fw_rx_stats_ext_size; i++) {
strcpy(buf, bnxt_port_stats_ext_arr[i].string);
buf += ETH_GSTRING_LEN;
}
for (i = 0; i < bp->fw_tx_stats_ext_size; i++) {
strcpy(buf,
bnxt_tx_port_stats_ext_arr[i].string);
Reported by FlawFinder.
Line: 726
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf += ETH_GSTRING_LEN;
}
for (i = 0; i < bp->fw_tx_stats_ext_size; i++) {
strcpy(buf,
bnxt_tx_port_stats_ext_arr[i].string);
buf += ETH_GSTRING_LEN;
}
if (bp->pri2cos_valid) {
for (i = 0; i < 8; i++) {
Reported by FlawFinder.
Line: 732
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
if (bp->pri2cos_valid) {
for (i = 0; i < 8; i++) {
strcpy(buf,
bnxt_rx_bytes_pri_arr[i].string);
buf += ETH_GSTRING_LEN;
}
for (i = 0; i < 8; i++) {
strcpy(buf,
Reported by FlawFinder.
scripts/gdb/linux/utils.py
46 issues
Line: 14
Column: 1
# This work is licensed under the terms of the GNU GPL version 2.
#
import gdb
class CachedType:
def __init__(self, name):
self._type = None
Reported by Pylint.
Line: 22
Column: 36
self._type = None
self._name = name
def _new_objfile_handler(self, event):
self._type = None
gdb.events.new_objfile.disconnect(self._new_objfile_handler)
def get_type(self):
if self._type is None:
Reported by Pylint.
Line: 41
Column: 5
def get_long_type():
global long_type
return long_type.get_type()
def offset_of(typeobj, field):
element = gdb.Value(0).cast(typeobj)
Reported by Pylint.
Line: 79
Column: 5
def get_target_endianness():
global target_endianness
if target_endianness is None:
endian = gdb.execute("show endian", to_string=True)
if "little endian" in endian:
target_endianness = LITTLE_ENDIAN
elif "big endian" in endian:
Reported by Pylint.
Line: 140
Column: 9
if hasattr(gdb.Frame, 'architecture'):
return arch in gdb.newest_frame().architecture().name()
else:
global target_arch
if target_arch is None:
target_arch = gdb.execute("show architecture", to_string=True)
return arch in target_arch
Reported by Pylint.
Line: 152
Column: 22
def get_gdbserver_type():
def exit_handler(event):
global gdbserver_type
gdbserver_type = None
gdb.events.exited.disconnect(exit_handler)
def probe_qemu():
Reported by Pylint.
Line: 153
Column: 9
def get_gdbserver_type():
def exit_handler(event):
global gdbserver_type
gdbserver_type = None
gdb.events.exited.disconnect(exit_handler)
def probe_qemu():
try:
Reported by Pylint.
Line: 170
Column: 5
except gdb.error:
return False
global gdbserver_type
if gdbserver_type is None:
if probe_qemu():
gdbserver_type = GDBSERVER_QEMU
elif probe_kgdb():
gdbserver_type = GDBSERVER_KGDB
Reported by Pylint.
Line: 1
Column: 1
#
# gdb helper commands and functions for Linux kernel debugging
#
# common utilities
#
# Copyright (c) Siemens AG, 2011-2013
#
# Authors:
# Jan Kiszka <jan.kiszka@siemens.com>
Reported by Pylint.
Line: 17
Column: 1
import gdb
class CachedType:
def __init__(self, name):
self._type = None
self._name = name
def _new_objfile_handler(self, event):
Reported by Pylint.
net/mac80211/sta_info.h
46 issues
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
Line: 126
#define HT_AGG_STATE_STOP_CB 7
#define HT_AGG_STATE_SENT_ADDBA 8
DECLARE_EWMA(avg_signal, 10, 8)
enum ieee80211_agg_stop_reason {
AGG_STOP_DECLINED,
AGG_STOP_LOCAL_REQUEST,
AGG_STOP_PEER_REQUEST,
AGG_STOP_DESTROY_STA,
Reported by Cppcheck.
drivers/infiniband/hw/hfi1/chip.c
46 issues
Line: 240
((u64)(sc7val) << SEND_SC2VLT##num##_SC##sc7##_SHIFT) \
)
#define DC_SC_VL_VAL( \
range, \
e0, e0val, \
e1, e1val, \
e2, e2val, \
e3, e3val, \
Reported by Cppcheck.
Line: 5320
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *flag_string(char *buf, int buf_len, u64 flags,
struct flag_table *table, int table_size)
{
char extra[32];
char *p = buf;
int len = buf_len;
int no_room = 0;
int i;
Reported by FlawFinder.
Line: 5558
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void handle_cce_err(struct hfi1_devdata *dd, u32 unused, u64 reg)
{
char buf[96];
int i = 0;
/*
* For most these errors, there is nothing that can be done except
* report or record it.
Reported by FlawFinder.
Line: 5624
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void handle_rxe_err(struct hfi1_devdata *dd, u32 unused, u64 reg)
{
char buf[96];
int i = 0;
dd_dev_info(dd, "Receive Error: %s\n",
rxe_err_status_string(buf, sizeof(buf), reg));
Reported by FlawFinder.
Line: 5651
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void handle_misc_err(struct hfi1_devdata *dd, u32 unused, u64 reg)
{
char buf[96];
int i = 0;
dd_dev_info(dd, "Misc Error: %s",
misc_err_status_string(buf, sizeof(buf), reg));
for (i = 0; i < NUM_MISC_ERR_STATUS_COUNTERS; i++) {
Reported by FlawFinder.
Line: 5664
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void handle_pio_err(struct hfi1_devdata *dd, u32 unused, u64 reg)
{
char buf[96];
int i = 0;
dd_dev_info(dd, "PIO Error: %s\n",
pio_err_status_string(buf, sizeof(buf), reg));
Reported by FlawFinder.
Line: 5681
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void handle_sdma_err(struct hfi1_devdata *dd, u32 unused, u64 reg)
{
char buf[96];
int i = 0;
dd_dev_info(dd, "SDMA Error: %s\n",
sdma_err_status_string(buf, sizeof(buf), reg));
Reported by FlawFinder.
Line: 5721
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hfi1_pportdata *ppd = dd->pport;
u64 src = read_csr(dd, SEND_EGRESS_ERR_SOURCE); /* read first */
u64 info = read_csr(dd, SEND_EGRESS_ERR_INFO);
char buf[96];
/* clear down all observed info as quickly as possible after read */
write_csr(dd, SEND_EGRESS_ERR_INFO, info);
dd_dev_info(dd,
Reported by FlawFinder.
Line: 5850
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void handle_egress_err(struct hfi1_devdata *dd, u32 unused, u64 reg)
{
u64 reg_copy = reg, handled = 0;
char buf[96];
int i = 0;
if (reg & ALL_TXE_EGRESS_FREEZE_ERR)
start_freeze_handling(dd->pport, 0);
else if (is_ax(dd) &&
Reported by FlawFinder.
Line: 5892
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void handle_txe_err(struct hfi1_devdata *dd, u32 unused, u64 reg)
{
char buf[96];
int i = 0;
dd_dev_info(dd, "Send Error: %s\n",
send_err_status_string(buf, sizeof(buf), reg));
Reported by FlawFinder.
drivers/comedi/drivers/ni_routing/tools/convert_py_to_csv.py
45 issues
Line: 10
Column: 1
from csv_collection import CSVCollection
from ni_names import value_to_name
import ni_values
CSV_DIR = 'csv'
def iter_src_values(D):
return D.items()
Reported by Pylint.
Line: 55
Column: 5
for d in ['route_values', 'device_routes']:
try:
os.makedirs(path.join(CSV_DIR,d))
except:
pass
for family, dst_src_map in ni_values.ni_route_values.items():
create_csv(path.join('route_values',family), dst_src_map, iter_src_values)
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python3
# SPDX-License-Identifier: GPL-2.0+
from os import path
import os, csv
from itertools import chain
from csv_collection import CSVCollection
from ni_names import value_to_name
Reported by Pylint.
Line: 5
Column: 1
# SPDX-License-Identifier: GPL-2.0+
from os import path
import os, csv
from itertools import chain
from csv_collection import CSVCollection
from ni_names import value_to_name
import ni_values
Reported by Pylint.
Line: 10
Column: 1
from csv_collection import CSVCollection
from ni_names import value_to_name
import ni_values
CSV_DIR = 'csv'
def iter_src_values(D):
return D.items()
Reported by Pylint.
Line: 14
Column: 1
CSV_DIR = 'csv'
def iter_src_values(D):
return D.items()
def iter_src(D):
for dest in D:
yield dest, 1
Reported by Pylint.
Line: 14
Column: 1
CSV_DIR = 'csv'
def iter_src_values(D):
return D.items()
def iter_src(D):
for dest in D:
yield dest, 1
Reported by Pylint.
Line: 15
Column: 1
CSV_DIR = 'csv'
def iter_src_values(D):
return D.items()
def iter_src(D):
for dest in D:
yield dest, 1
Reported by Pylint.
Line: 17
Column: 1
def iter_src_values(D):
return D.items()
def iter_src(D):
for dest in D:
yield dest, 1
def create_csv(name, D, src_iter):
# have to change dest->{src:val} to src->{dest:val}
Reported by Pylint.
Line: 17
Column: 1
def iter_src_values(D):
return D.items()
def iter_src(D):
for dest in D:
yield dest, 1
def create_csv(name, D, src_iter):
# have to change dest->{src:val} to src->{dest:val}
Reported by Pylint.
tools/rcu/rcu-cbs.py
45 issues
Line: 16
Column: 1
# Authors: Paul E. McKenney <paulmck@kernel.org>
import sys
import drgn
from drgn import NULL, Object
from drgn.helpers.linux import *
def get_rdp0(prog):
try:
Reported by Pylint.
Line: 17
Column: 1
import sys
import drgn
from drgn import NULL, Object
from drgn.helpers.linux import *
def get_rdp0(prog):
try:
rdp0 = prog.variable('rcu_preempt_data', 'kernel/rcu/tree.c');
Reported by Pylint.
Line: 18
Column: 1
import sys
import drgn
from drgn import NULL, Object
from drgn.helpers.linux import *
def get_rdp0(prog):
try:
rdp0 = prog.variable('rcu_preempt_data', 'kernel/rcu/tree.c');
except LookupError:
Reported by Pylint.
Line: 37
Column: 17
rdp0 = prog.variable('rcu_data', 'kernel/rcu/tree.c');
return rdp0.address_of_();
rdp0 = get_rdp0(prog);
# Sum up RCU callbacks.
sum = 0;
for cpu in for_each_possible_cpu(prog):
rdp = per_cpu_ptr(rdp0, cpu);
Reported by Pylint.
Line: 41
Column: 34
# Sum up RCU callbacks.
sum = 0;
for cpu in for_each_possible_cpu(prog):
rdp = per_cpu_ptr(rdp0, cpu);
len = rdp.cblist.len.value_();
# print("CPU " + str(cpu) + " RCU callbacks: " + str(len));
sum += len;
print("Number of RCU callbacks in flight: " + str(sum));
Reported by Pylint.
Line: 41
Column: 12
# Sum up RCU callbacks.
sum = 0;
for cpu in for_each_possible_cpu(prog):
rdp = per_cpu_ptr(rdp0, cpu);
len = rdp.cblist.len.value_();
# print("CPU " + str(cpu) + " RCU callbacks: " + str(len));
sum += len;
print("Number of RCU callbacks in flight: " + str(sum));
Reported by Pylint.
Line: 42
Column: 8
# Sum up RCU callbacks.
sum = 0;
for cpu in for_each_possible_cpu(prog):
rdp = per_cpu_ptr(rdp0, cpu);
len = rdp.cblist.len.value_();
# print("CPU " + str(cpu) + " RCU callbacks: " + str(len));
sum += len;
print("Number of RCU callbacks in flight: " + str(sum));
Reported by Pylint.
Line: 15
Column: 1
#
# Authors: Paul E. McKenney <paulmck@kernel.org>
import sys
import drgn
from drgn import NULL, Object
from drgn.helpers.linux import *
def get_rdp0(prog):
Reported by Pylint.
Line: 16
Column: 1
# Authors: Paul E. McKenney <paulmck@kernel.org>
import sys
import drgn
from drgn import NULL, Object
from drgn.helpers.linux import *
def get_rdp0(prog):
try:
Reported by Pylint.
Line: 17
Column: 1
import sys
import drgn
from drgn import NULL, Object
from drgn.helpers.linux import *
def get_rdp0(prog):
try:
rdp0 = prog.variable('rcu_preempt_data', 'kernel/rcu/tree.c');
Reported by Pylint.
drivers/target/target_core_transport.c
45 issues
Line: 369
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *fabric_sess_ptr)
{
const struct target_core_fabric_ops *tfo = se_tpg->se_tpg_tfo;
unsigned char buf[PR_REG_ISID_LEN];
unsigned long flags;
se_sess->se_tpg = se_tpg;
se_sess->fabric_sess_ptr = fabric_sess_ptr;
/*
Reported by FlawFinder.
Line: 779
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
cmd->se_cmd_flags |= SCF_TRANSPORT_TASK_SENSE;
memcpy(cmd_sense_buf, sense, cmd->scsi_sense_length);
spin_unlock_irqrestore(&cmd->t_state_lock, flags);
}
EXPORT_SYMBOL(transport_copy_sense_to_cmd);
static void target_handle_abort(struct se_cmd *cmd)
Reported by FlawFinder.
Line: 996
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *b,
int *bl)
{
*bl += sprintf(b + *bl, "Status: ");
if (dev->export_count)
*bl += sprintf(b + *bl, "ACTIVATED");
else
*bl += sprintf(b + *bl, "DEACTIVATED");
Reported by FlawFinder.
Line: 998
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
*bl += sprintf(b + *bl, "Status: ");
if (dev->export_count)
*bl += sprintf(b + *bl, "ACTIVATED");
else
*bl += sprintf(b + *bl, "DEACTIVATED");
*bl += sprintf(b + *bl, " Max Queue Depth: %d", dev->queue_depth);
*bl += sprintf(b + *bl, " SectorSize: %u HwMaxSectors: %u\n",
Reported by FlawFinder.
Line: 1000
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (dev->export_count)
*bl += sprintf(b + *bl, "ACTIVATED");
else
*bl += sprintf(b + *bl, "DEACTIVATED");
*bl += sprintf(b + *bl, " Max Queue Depth: %d", dev->queue_depth);
*bl += sprintf(b + *bl, " SectorSize: %u HwMaxSectors: %u\n",
dev->dev_attrib.block_size,
dev->dev_attrib.hw_max_sectors);
Reported by FlawFinder.
Line: 1002
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
*bl += sprintf(b + *bl, "DEACTIVATED");
*bl += sprintf(b + *bl, " Max Queue Depth: %d", dev->queue_depth);
*bl += sprintf(b + *bl, " SectorSize: %u HwMaxSectors: %u\n",
dev->dev_attrib.block_size,
dev->dev_attrib.hw_max_sectors);
*bl += sprintf(b + *bl, " ");
}
Reported by FlawFinder.
Line: 1003
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*bl += sprintf(b + *bl, "DEACTIVATED");
*bl += sprintf(b + *bl, " Max Queue Depth: %d", dev->queue_depth);
*bl += sprintf(b + *bl, " SectorSize: %u HwMaxSectors: %u\n",
dev->dev_attrib.block_size,
dev->dev_attrib.hw_max_sectors);
*bl += sprintf(b + *bl, " ");
}
Reported by FlawFinder.
Line: 1006
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*bl += sprintf(b + *bl, " SectorSize: %u HwMaxSectors: %u\n",
dev->dev_attrib.block_size,
dev->dev_attrib.hw_max_sectors);
*bl += sprintf(b + *bl, " ");
}
void transport_dump_vpd_proto_id(
struct t10_vpd *vpd,
unsigned char *p_buf,
Reported by FlawFinder.
Line: 1014
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *p_buf,
int p_buf_len)
{
unsigned char buf[VPD_TMP_BUF_SIZE];
int len;
memset(buf, 0, VPD_TMP_BUF_SIZE);
len = sprintf(buf, "T10 VPD Protocol Identifier: ");
Reported by FlawFinder.
Line: 1018
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int len;
memset(buf, 0, VPD_TMP_BUF_SIZE);
len = sprintf(buf, "T10 VPD Protocol Identifier: ");
switch (vpd->protocol_identifier) {
case 0x00:
sprintf(buf+len, "Fibre Channel\n");
break;
Reported by FlawFinder.
net/mac80211/rc80211_minstrel_ht_debugfs.c
45 issues
Line: 239
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "1,");
}
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[0]) ? "A" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[1]) ? "B" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[2]) ? "C" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[3]) ? "D" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_prob_rate) ? "P" : ""));
p += sprintf(p, "%s", (minstrel_ht_is_sample_rate(mi, idx) ? "S" : ""));
Reported by FlawFinder.
Line: 240
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[0]) ? "A" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[1]) ? "B" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[2]) ? "C" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[3]) ? "D" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_prob_rate) ? "P" : ""));
p += sprintf(p, "%s", (minstrel_ht_is_sample_rate(mi, idx) ? "S" : ""));
Reported by FlawFinder.
Line: 241
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[0]) ? "A" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[1]) ? "B" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[2]) ? "C" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[3]) ? "D" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_prob_rate) ? "P" : ""));
p += sprintf(p, "%s", (minstrel_ht_is_sample_rate(mi, idx) ? "S" : ""));
if (gflags & IEEE80211_TX_RC_MCS) {
Reported by FlawFinder.
Line: 242
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[0]) ? "A" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[1]) ? "B" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[2]) ? "C" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[3]) ? "D" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_prob_rate) ? "P" : ""));
p += sprintf(p, "%s", (minstrel_ht_is_sample_rate(mi, idx) ? "S" : ""));
if (gflags & IEEE80211_TX_RC_MCS) {
p += sprintf(p, ",MCS%-2u,", (mg->streams - 1) * 8 + j);
Reported by FlawFinder.
Line: 243
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[1]) ? "B" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[2]) ? "C" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[3]) ? "D" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_prob_rate) ? "P" : ""));
p += sprintf(p, "%s", (minstrel_ht_is_sample_rate(mi, idx) ? "S" : ""));
if (gflags & IEEE80211_TX_RC_MCS) {
p += sprintf(p, ",MCS%-2u,", (mg->streams - 1) * 8 + j);
} else if (gflags & IEEE80211_TX_RC_VHT_MCS) {
Reported by FlawFinder.
Line: 244
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[2]) ? "C" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_tp_rate[3]) ? "D" : ""));
p += sprintf(p, "%s" ,((idx == mi->max_prob_rate) ? "P" : ""));
p += sprintf(p, "%s", (minstrel_ht_is_sample_rate(mi, idx) ? "S" : ""));
if (gflags & IEEE80211_TX_RC_MCS) {
p += sprintf(p, ",MCS%-2u,", (mg->streams - 1) * 8 + j);
} else if (gflags & IEEE80211_TX_RC_VHT_MCS) {
p += sprintf(p, ",MCS%-1u/%1u,", j, mg->streams);
Reported by FlawFinder.
Line: 78
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
continue;
if (gflags & IEEE80211_TX_RC_MCS) {
p += sprintf(p, "HT%c0 ", htmode);
p += sprintf(p, "%cGI ", gimode);
p += sprintf(p, "%d ", mg->streams);
} else if (gflags & IEEE80211_TX_RC_VHT_MCS) {
p += sprintf(p, "VHT%c0 ", htmode);
p += sprintf(p, "%cGI ", gimode);
Reported by FlawFinder.
Line: 79
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (gflags & IEEE80211_TX_RC_MCS) {
p += sprintf(p, "HT%c0 ", htmode);
p += sprintf(p, "%cGI ", gimode);
p += sprintf(p, "%d ", mg->streams);
} else if (gflags & IEEE80211_TX_RC_VHT_MCS) {
p += sprintf(p, "VHT%c0 ", htmode);
p += sprintf(p, "%cGI ", gimode);
p += sprintf(p, "%d ", mg->streams);
Reported by FlawFinder.
Line: 80
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (gflags & IEEE80211_TX_RC_MCS) {
p += sprintf(p, "HT%c0 ", htmode);
p += sprintf(p, "%cGI ", gimode);
p += sprintf(p, "%d ", mg->streams);
} else if (gflags & IEEE80211_TX_RC_VHT_MCS) {
p += sprintf(p, "VHT%c0 ", htmode);
p += sprintf(p, "%cGI ", gimode);
p += sprintf(p, "%d ", mg->streams);
} else if (i == MINSTREL_OFDM_GROUP) {
Reported by FlawFinder.
Line: 82
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "%cGI ", gimode);
p += sprintf(p, "%d ", mg->streams);
} else if (gflags & IEEE80211_TX_RC_VHT_MCS) {
p += sprintf(p, "VHT%c0 ", htmode);
p += sprintf(p, "%cGI ", gimode);
p += sprintf(p, "%d ", mg->streams);
} else if (i == MINSTREL_OFDM_GROUP) {
p += sprintf(p, "OFDM ");
p += sprintf(p, "1 ");
Reported by FlawFinder.
drivers/staging/rtl8188eu/core/rtw_mlme_ext.c
45 issues
Line: 285
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
remain_len = ies_len - (next_ie - ies);
ssid_ie[1] = 0;
memcpy(ssid_ie + 2, next_ie, remain_len);
len_diff -= ssid_len_ori;
break;
}
case 2:
Reported by FlawFinder.
Line: 352
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint wps_ielen;
u8 sr = 0;
memcpy(pframe, cur_network->ies, cur_network->ie_length);
len_diff = update_hidden_ssid(
pframe + _BEACON_IE_OFFSET_
, cur_network->ie_length - _BEACON_IE_OFFSET_
, pmlmeinfo->hidden_ssid_mode
);
Reported by FlawFinder.
Line: 380
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* beacon interval: 2 bytes */
memcpy(pframe, (unsigned char *)(rtw_get_beacon_interval_from_ie(cur_network->ies)), 2);
pframe += 2;
pattrib->pktlen += 2;
/* capability info: 2 bytes */
Reported by FlawFinder.
Line: 387
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* capability info: 2 bytes */
memcpy(pframe, (unsigned char *)(rtw_get_capability_from_ie(cur_network->ies)), 2);
pframe += 2;
pattrib->pktlen += 2;
/* SSID */
Reported by FlawFinder.
Line: 503
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
remainder_ielen = cur_network->ie_length - wps_offset - wps_ielen;
memcpy(pframe, cur_network->ies, wps_offset);
pframe += wps_offset;
pattrib->pktlen += wps_offset;
wps_ielen = (uint)pmlmepriv->wps_probe_resp_ie[1];/* to get ie data len */
if ((wps_offset + wps_ielen + 2) <= MAX_IE_SZ) {
Reported by FlawFinder.
Line: 509
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wps_ielen = (uint)pmlmepriv->wps_probe_resp_ie[1];/* to get ie data len */
if ((wps_offset + wps_ielen + 2) <= MAX_IE_SZ) {
memcpy(pframe, pmlmepriv->wps_probe_resp_ie, wps_ielen + 2);
pframe += wps_ielen + 2;
pattrib->pktlen += wps_ielen + 2;
}
if ((wps_offset + wps_ielen + 2 + remainder_ielen) <= MAX_IE_SZ) {
Reported by FlawFinder.
Line: 515
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if ((wps_offset + wps_ielen + 2 + remainder_ielen) <= MAX_IE_SZ) {
memcpy(pframe, premainder_ie, remainder_ielen);
pframe += remainder_ielen;
pattrib->pktlen += remainder_ielen;
}
} else {
memcpy(pframe, cur_network->ies, cur_network->ie_length);
Reported by FlawFinder.
Line: 520
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pattrib->pktlen += remainder_ielen;
}
} else {
memcpy(pframe, cur_network->ies, cur_network->ie_length);
pframe += cur_network->ie_length;
pattrib->pktlen += cur_network->ie_length;
}
} else
#endif
Reported by FlawFinder.
Line: 533
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* beacon interval: 2 bytes */
memcpy(pframe, (unsigned char *)(rtw_get_beacon_interval_from_ie(cur_network->ies)), 2);
pframe += 2;
pattrib->pktlen += 2;
/* capability info: 2 bytes */
Reported by FlawFinder.
Line: 540
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* capability info: 2 bytes */
memcpy(pframe, (unsigned char *)(rtw_get_capability_from_ie(cur_network->ies)), 2);
pframe += 2;
pattrib->pktlen += 2;
/* below for ad-hoc mode */
Reported by FlawFinder.
tools/power/cpupower/lib/cpufreq.c
45 issues
Line: 28
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
char path[SYSFS_PATH_MAX];
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/cpufreq/%s",
cpu, fname);
return cpupower_read_sysfs(path, buf, buflen);
}
/* helper function to write a new value to a /sys file */
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
int fd;
ssize_t numwrite;
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/cpufreq/%s",
cpu, fname);
fd = open(path, O_WRONLY);
if (fd == -1)
return 0;
Reported by FlawFinder.
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned int sysfs_cpufreq_read_file(unsigned int cpu, const char *fname,
char *buf, size_t buflen)
{
char path[SYSFS_PATH_MAX];
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/cpufreq/%s",
cpu, fname);
return cpupower_read_sysfs(path, buf, buflen);
}
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fname,
const char *value, size_t len)
{
char path[SYSFS_PATH_MAX];
int fd;
ssize_t numwrite;
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/cpufreq/%s",
cpu, fname);
Reported by FlawFinder.
Line: 46
Column: 7
CWE codes:
362
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/cpufreq/%s",
cpu, fname);
fd = open(path, O_WRONLY);
if (fd == -1)
return 0;
numwrite = write(fd, value, len);
if (numwrite < 1) {
Reported by FlawFinder.
Line: 75
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MAX_CPUFREQ_VALUE_READ_FILES
};
static const char *cpufreq_value_files[MAX_CPUFREQ_VALUE_READ_FILES] = {
[CPUINFO_CUR_FREQ] = "cpuinfo_cur_freq",
[CPUINFO_MIN_FREQ] = "cpuinfo_min_freq",
[CPUINFO_MAX_FREQ] = "cpuinfo_max_freq",
[CPUINFO_LATENCY] = "cpuinfo_transition_latency",
[SCALING_CUR_FREQ] = "scaling_cur_freq",
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned long value;
unsigned int len;
char linebuf[MAX_LINE_LEN];
char *endp;
if (which >= MAX_CPUFREQ_VALUE_READ_FILES)
return 0;
Reported by FlawFinder.
Line: 120
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MAX_CPUFREQ_STRING_FILES
};
static const char *cpufreq_string_files[MAX_CPUFREQ_STRING_FILES] = {
[SCALING_DRIVER] = "scaling_driver",
[SCALING_GOVERNOR] = "scaling_governor",
};
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *sysfs_cpufreq_get_one_string(unsigned int cpu,
enum cpufreq_string which)
{
char linebuf[MAX_LINE_LEN];
char *result;
unsigned int len;
if (which >= MAX_CPUFREQ_STRING_FILES)
return NULL;
Reported by FlawFinder.
Line: 161
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MAX_CPUFREQ_WRITE_FILES
};
static const char *cpufreq_write_files[MAX_CPUFREQ_WRITE_FILES] = {
[WRITE_SCALING_MIN_FREQ] = "scaling_min_freq",
[WRITE_SCALING_MAX_FREQ] = "scaling_max_freq",
[WRITE_SCALING_GOVERNOR] = "scaling_governor",
[WRITE_SCALING_SET_SPEED] = "scaling_setspeed",
};
Reported by FlawFinder.