The following issues were found
drivers/net/wireless/intersil/hostap/hostap_proc.c
11 issues
Line: 32
Column: 25
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
seq_printf(m, "dev_enabled=%d\n", local->dev_enabled);
seq_printf(m, "sw_tick_stuck=%d\n", local->sw_tick_stuck);
for (i = 0; i < WEP_KEYS; i++) {
if (local->crypt_info.crypt[i] &&
local->crypt_info.crypt[i]->ops) {
seq_printf(m, "crypt[%d]=%s\n", i,
local->crypt_info.crypt[i]->ops->name);
}
}
Reported by FlawFinder.
Line: 33
Column: 25
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
seq_printf(m, "sw_tick_stuck=%d\n", local->sw_tick_stuck);
for (i = 0; i < WEP_KEYS; i++) {
if (local->crypt_info.crypt[i] &&
local->crypt_info.crypt[i]->ops) {
seq_printf(m, "crypt[%d]=%s\n", i,
local->crypt_info.crypt[i]->ops->name);
}
}
seq_printf(m, "pri_only=%d\n", local->pri_only);
Reported by FlawFinder.
Line: 35
Column: 26
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (local->crypt_info.crypt[i] &&
local->crypt_info.crypt[i]->ops) {
seq_printf(m, "crypt[%d]=%s\n", i,
local->crypt_info.crypt[i]->ops->name);
}
}
seq_printf(m, "pri_only=%d\n", local->pri_only);
seq_printf(m, "pci=%d\n", local->func->hw_type == HOSTAP_HW_PCI);
seq_printf(m, "sram_type=%d\n", local->sram_type);
Reported by FlawFinder.
Line: 187
Column: 25
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
seq_printf(m, "tx_keyidx=%d\n", local->crypt_info.tx_keyidx);
for (i = 0; i < WEP_KEYS; i++) {
if (local->crypt_info.crypt[i] &&
local->crypt_info.crypt[i]->ops &&
local->crypt_info.crypt[i]->ops->print_stats) {
local->crypt_info.crypt[i]->ops->print_stats(
m, local->crypt_info.crypt[i]->priv);
}
Reported by FlawFinder.
Line: 188
Column: 25
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
seq_printf(m, "tx_keyidx=%d\n", local->crypt_info.tx_keyidx);
for (i = 0; i < WEP_KEYS; i++) {
if (local->crypt_info.crypt[i] &&
local->crypt_info.crypt[i]->ops &&
local->crypt_info.crypt[i]->ops->print_stats) {
local->crypt_info.crypt[i]->ops->print_stats(
m, local->crypt_info.crypt[i]->priv);
}
}
Reported by FlawFinder.
Line: 189
Column: 25
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
for (i = 0; i < WEP_KEYS; i++) {
if (local->crypt_info.crypt[i] &&
local->crypt_info.crypt[i]->ops &&
local->crypt_info.crypt[i]->ops->print_stats) {
local->crypt_info.crypt[i]->ops->print_stats(
m, local->crypt_info.crypt[i]->priv);
}
}
return 0;
Reported by FlawFinder.
Line: 190
Column: 22
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (local->crypt_info.crypt[i] &&
local->crypt_info.crypt[i]->ops &&
local->crypt_info.crypt[i]->ops->print_stats) {
local->crypt_info.crypt[i]->ops->print_stats(
m, local->crypt_info.crypt[i]->priv);
}
}
return 0;
}
Reported by FlawFinder.
Line: 191
Column: 26
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
local->crypt_info.crypt[i]->ops &&
local->crypt_info.crypt[i]->ops->print_stats) {
local->crypt_info.crypt[i]->ops->print_stats(
m, local->crypt_info.crypt[i]->priv);
}
}
return 0;
}
#endif
Reported by FlawFinder.
Line: 256
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy = start_bytes - off;
if (copy > count)
copy = count;
memcpy(page, ((u8 *) &local->io_debug[head]) + off, copy);
left -= copy;
if (left > 0)
memcpy(&page[copy], local->io_debug, left);
} else {
memcpy(page, ((u8 *) local->io_debug) + (off - start_bytes),
Reported by FlawFinder.
Line: 259
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(page, ((u8 *) &local->io_debug[head]) + off, copy);
left -= copy;
if (left > 0)
memcpy(&page[copy], local->io_debug, left);
} else {
memcpy(page, ((u8 *) local->io_debug) + (off - start_bytes),
left);
}
Reported by FlawFinder.
drivers/video/logo/pnmtologo.c
11 issues
Line: 80
Column: 54
CWE codes:
134
Suggestion:
Use a constant for the format specification
static int is_plain_pbm = 0;
static void die(const char *fmt, ...)
__attribute__ ((noreturn)) __attribute ((format (printf, 1, 2)));
static void usage(void) __attribute ((noreturn));
static unsigned int get_number(FILE *fp)
{
Reported by FlawFinder.
Line: 424
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
exit(1);
}
Reported by FlawFinder.
Line: 455
Column: 8
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
opterr = 0;
while (1) {
opt = getopt(argc, argv, "hn:o:t:");
if (opt == -1)
break;
switch (opt) {
case 'h':
Reported by FlawFinder.
Line: 36
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define LINUX_LOGO_CLUT224 3 /* 224 colors */
#define LINUX_LOGO_GRAY256 4 /* 256 levels grayscale */
static const char *logo_types[LINUX_LOGO_GRAY256+1] = {
[LINUX_LOGO_MONO] = "LINUX_LOGO_MONO",
[LINUX_LOGO_VGA16] = "LINUX_LOGO_VGA16",
[LINUX_LOGO_CLUT224] = "LINUX_LOGO_CLUT224",
[LINUX_LOGO_GRAY256] = "LINUX_LOGO_GRAY256"
};
Reported by FlawFinder.
Line: 133
Column: 10
CWE codes:
362
unsigned int maxval;
/* open image file */
fp = fopen(filename, "r");
if (!fp)
die("Cannot open file %s: %s\n", filename, strerror(errno));
/* check file type and read file header */
magic = fgetc(fp);
Reported by FlawFinder.
Line: 232
Column: 8
CWE codes:
362
{
/* open logo file */
if (outputname) {
out = fopen(outputname, "w");
if (!out)
die("Cannot create file %s: %s\n", outputname, strerror(errno));
} else {
out = stdout;
}
Reported by FlawFinder.
Line: 90
Column: 6
CWE codes:
120
20
/* Skip leading whitespace */
do {
c = fgetc(fp);
if (c == EOF)
die("%s: end of file\n", filename);
if (c == '#') {
/* Ignore comments 'till end of line */
do {
Reported by FlawFinder.
Line: 96
Column: 7
CWE codes:
120
20
if (c == '#') {
/* Ignore comments 'till end of line */
do {
c = fgetc(fp);
if (c == EOF)
die("%s: end of file\n", filename);
} while (c != '\n');
}
} while (isspace(c));
Reported by FlawFinder.
Line: 138
Column: 13
CWE codes:
120
20
die("Cannot open file %s: %s\n", filename, strerror(errno));
/* check file type and read file header */
magic = fgetc(fp);
if (magic != 'P')
die("%s is not a PNM file\n", filename);
magic = fgetc(fp);
switch (magic) {
case '1':
Reported by FlawFinder.
arch/s390/boot/als.c
11 issues
Line: 43
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
get_cpu_id(&id);
u16_to_hex(type_str, id.machine);
strcat(mach_str, type_str);
strcat(mach_str, "\n");
sclp_early_printk(mach_str);
}
static void u16_to_decimal(char *str, u16 val)
Reported by FlawFinder.
Line: 88
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
*als_str = '\0';
}
u16_to_decimal(val_str, i * BITS_PER_LONG + j);
strcat(als_str, val_str);
first = 0;
}
}
strcat(als_str, "\n");
sclp_early_printk(als_str);
Reported by FlawFinder.
Line: 37
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void print_machine_type(void)
{
static char mach_str[80] = "Detected machine-type number: ";
char type_str[5];
struct cpuid id;
get_cpu_id(&id);
u16_to_hex(type_str, id.machine);
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void print_machine_type(void)
{
static char mach_str[80] = "Detected machine-type number: ";
char type_str[5];
struct cpuid id;
get_cpu_id(&id);
u16_to_hex(type_str, id.machine);
strcat(mach_str, type_str);
Reported by FlawFinder.
Line: 64
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void print_missing_facilities(void)
{
static char als_str[80] = "Missing facilities: ";
unsigned long val;
char val_str[6];
int i, j, first;
first = 1;
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static char als_str[80] = "Missing facilities: ";
unsigned long val;
char val_str[6];
int i, j, first;
first = 1;
for (i = 0; i < ARRAY_SIZE(als); i++) {
val = ~stfle_fac_list[i] & als[i];
Reported by FlawFinder.
Line: 44
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
get_cpu_id(&id);
u16_to_hex(type_str, id.machine);
strcat(mach_str, type_str);
strcat(mach_str, "\n");
sclp_early_printk(mach_str);
}
static void u16_to_decimal(char *str, u16 val)
{
Reported by FlawFinder.
Line: 76
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!(val & (1UL << (BITS_PER_LONG - 1 - j))))
continue;
if (!first)
strcat(als_str, ",");
/*
* Make sure we stay within one line. Consider that
* each facility bit adds up to five characters and
* z/VM adds a four character prefix.
*/
Reported by FlawFinder.
Line: 82
Column: 8
CWE codes:
126
* each facility bit adds up to five characters and
* z/VM adds a four character prefix.
*/
if (strlen(als_str) > 70) {
strcat(als_str, "\n");
sclp_early_printk(als_str);
*als_str = '\0';
}
u16_to_decimal(val_str, i * BITS_PER_LONG + j);
Reported by FlawFinder.
Line: 83
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
* z/VM adds a four character prefix.
*/
if (strlen(als_str) > 70) {
strcat(als_str, "\n");
sclp_early_printk(als_str);
*als_str = '\0';
}
u16_to_decimal(val_str, i * BITS_PER_LONG + j);
strcat(als_str, val_str);
Reported by FlawFinder.
tools/perf/builtin-report.c
11 issues
Line: 494
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
if (rep->mem_mode) {
ret += fprintf(fp, "\n# Total weight : %" PRIu64, nr_events);
ret += fprintf(fp, "\n# Sort order : %s", sort_order ? : default_mem_sort_order);
} else
ret += fprintf(fp, "\n# Event count (approx.): %" PRIu64, nr_events);
if (socked_id > -1)
Reported by FlawFinder.
Line: 497
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
ret += fprintf(fp, "\n# Total weight : %" PRIu64, nr_events);
ret += fprintf(fp, "\n# Sort order : %s", sort_order ? : default_mem_sort_order);
} else
ret += fprintf(fp, "\n# Event count (approx.): %" PRIu64, nr_events);
if (socked_id > -1)
ret += fprintf(fp, "\n# Processor Socket: %d", socked_id);
return ret + fprintf(fp, "\n#\n");
Reported by FlawFinder.
Line: 1382
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
perf_quiet_option();
if (symbol_conf.vmlinux_name &&
access(symbol_conf.vmlinux_name, R_OK)) {
pr_err("Invalid file: %s\n", symbol_conf.vmlinux_name);
ret = -EINVAL;
goto exit;
}
if (symbol_conf.kallsyms_name &&
Reported by FlawFinder.
Line: 1388
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
goto exit;
}
if (symbol_conf.kallsyms_name &&
access(symbol_conf.kallsyms_name, R_OK)) {
pr_err("Invalid file: %s\n", symbol_conf.kallsyms_name);
ret = -EINVAL;
goto exit;
}
Reported by FlawFinder.
Line: 448
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long nr_samples = hists->stats.nr_samples;
u64 nr_events = hists->stats.total_period;
struct evsel *evsel = hists_to_evsel(hists);
char buf[512];
size_t size = sizeof(buf);
int socked_id = hists->socket_filter;
if (quiet)
return 0;
Reported by FlawFinder.
Line: 1078
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (arg) {
int err = regcomp(&ignore_callees_regex, arg, REG_EXTENDED);
if (err) {
char buf[BUFSIZ];
regerror(err, &ignore_callees_regex, buf, sizeof(buf));
pr_err("Invalid --ignore-callees regex: %s\n%s", arg, buf);
return -1;
}
have_ignore_callees = 1;
Reported by FlawFinder.
Line: 1346
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.mode = PERF_DATA_MODE_READ,
};
int ret = hists__init();
char sort_tmp[128];
if (ret < 0)
goto exit;
ret = perf_config(report__config, &report);
Reported by FlawFinder.
Line: 334
Column: 33
CWE codes:
120
20
if (rep->show_threads) {
const char *name = evsel__name(evsel);
int err = perf_read_values_add_value(&rep->show_threads_values,
event->read.pid, event->read.tid,
evsel->core.idx,
name,
event->read.value);
if (err)
Reported by FlawFinder.
Line: 334
Column: 16
CWE codes:
120
20
if (rep->show_threads) {
const char *name = evsel__name(evsel);
int err = perf_read_values_add_value(&rep->show_threads_values,
event->read.pid, event->read.tid,
evsel->core.idx,
name,
event->read.value);
if (err)
Reported by FlawFinder.
drivers/hwmon/emc2103.c
11 issues
Line: 181
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct emc2103_data *data = emc2103_update_device(dev);
int millidegrees = data->temp[nr].degrees * 1000
+ data->temp[nr].fraction * 125;
return sprintf(buf, "%d\n", millidegrees);
}
static ssize_t
temp_min_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
Line: 190
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
int millidegrees = data->temp_min[nr] * 1000;
return sprintf(buf, "%d\n", millidegrees);
}
static ssize_t
temp_max_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
Line: 199
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
int millidegrees = data->temp_max[nr] * 1000;
return sprintf(buf, "%d\n", millidegrees);
}
static ssize_t
temp_fault_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
Line: 208
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
bool fault = (data->temp[nr].degrees == -128);
return sprintf(buf, "%d\n", fault ? 1 : 0);
}
static ssize_t
temp_min_alarm_show(struct device *dev, struct device_attribute *da,
char *buf)
Reported by FlawFinder.
Line: 218
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
bool alarm = data->temp_min_alarm & (1 << nr);
return sprintf(buf, "%d\n", alarm ? 1 : 0);
}
static ssize_t
temp_max_alarm_show(struct device *dev, struct device_attribute *da,
char *buf)
Reported by FlawFinder.
Line: 228
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
bool alarm = data->temp_max_alarm & (1 << nr);
return sprintf(buf, "%d\n", alarm ? 1 : 0);
}
static ssize_t temp_min_store(struct device *dev, struct device_attribute *da,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 282
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int rpm = 0;
if (data->fan_tach != 0)
rpm = (FAN_RPM_FACTOR * data->fan_multiplier) / data->fan_tach;
return sprintf(buf, "%d\n", rpm);
}
static ssize_t
fan1_div_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
Line: 290
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct emc2103_data *data = emc2103_update_device(dev);
int fan_div = 8 / data->fan_multiplier;
return sprintf(buf, "%d\n", fan_div);
}
/*
* Note: we also update the fan target here, because its value is
* determined in part by the fan clock divider. This follows the principle
Reported by FlawFinder.
Line: 371
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rpm = (FAN_RPM_FACTOR * data->fan_multiplier)
/ data->fan_target;
return sprintf(buf, "%d\n", rpm);
}
static ssize_t fan1_target_store(struct device *dev,
struct device_attribute *da, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 409
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct emc2103_data *data = emc2103_update_device(dev);
bool fault = ((data->fan_tach & 0x1fe0) == 0x1fe0);
return sprintf(buf, "%d\n", fault ? 1 : 0);
}
static ssize_t
pwm1_enable_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
scripts/gdb/linux/config.py
11 issues
Line: 5
Column: 1
#
# Copyright 2019 Google LLC.
import gdb
import zlib
from linux import utils
Reported by Pylint.
Line: 20
Column: 27
super(LxConfigDump, self).__init__("lx-configdump", gdb.COMMAND_DATA,
gdb.COMPLETE_FILENAME)
def invoke(self, arg, from_tty):
if len(arg) == 0:
filename = "config.txt"
else:
filename = arg
Reported by Pylint.
Line: 30
Column: 9
py_config_ptr = gdb.parse_and_eval("kernel_config_data + 8")
py_config_size = gdb.parse_and_eval(
"sizeof(kernel_config_data) - 1 - 8 * 2")
except gdb.error as e:
raise gdb.GdbError("Can't find config, enable CONFIG_IKCONFIG?")
inf = gdb.inferiors()[0]
zconfig_buf = utils.read_memoryview(inf, py_config_ptr,
py_config_size).tobytes()
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: GPL-2.0
#
# Copyright 2019 Google LLC.
import gdb
import zlib
from linux import utils
Reported by Pylint.
Line: 6
Column: 1
# Copyright 2019 Google LLC.
import gdb
import zlib
from linux import utils
class LxConfigDump(gdb.Command):
Reported by Pylint.
Line: 11
Column: 1
from linux import utils
class LxConfigDump(gdb.Command):
"""Output kernel config to the filename specified as the command
argument. Equivalent to 'zcat /proc/config.gz > config.txt' on
a running target"""
def __init__(self):
Reported by Pylint.
Line: 17
Column: 9
a running target"""
def __init__(self):
super(LxConfigDump, self).__init__("lx-configdump", gdb.COMMAND_DATA,
gdb.COMPLETE_FILENAME)
def invoke(self, arg, from_tty):
if len(arg) == 0:
filename = "config.txt"
Reported by Pylint.
Line: 20
Column: 5
super(LxConfigDump, self).__init__("lx-configdump", gdb.COMMAND_DATA,
gdb.COMPLETE_FILENAME)
def invoke(self, arg, from_tty):
if len(arg) == 0:
filename = "config.txt"
else:
filename = arg
Reported by Pylint.
Line: 20
Column: 5
super(LxConfigDump, self).__init__("lx-configdump", gdb.COMMAND_DATA,
gdb.COMPLETE_FILENAME)
def invoke(self, arg, from_tty):
if len(arg) == 0:
filename = "config.txt"
else:
filename = arg
Reported by Pylint.
Line: 30
Column: 9
py_config_ptr = gdb.parse_and_eval("kernel_config_data + 8")
py_config_size = gdb.parse_and_eval(
"sizeof(kernel_config_data) - 1 - 8 * 2")
except gdb.error as e:
raise gdb.GdbError("Can't find config, enable CONFIG_IKCONFIG?")
inf = gdb.inferiors()[0]
zconfig_buf = utils.read_memoryview(inf, py_config_ptr,
py_config_size).tobytes()
Reported by Pylint.
drivers/cpufreq/longhaul.c
11 issues
Line: 88
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int longhaul_version;
static struct cpufreq_frequency_table *longhaul_table;
static char speedbuffer[8];
static char *print_speed(int speed)
{
if (speed < 1000) {
snprintf(speedbuffer, sizeof(speedbuffer), "%dMHz", speed);
Reported by FlawFinder.
Line: 772
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpu_model = CPU_SAMUEL;
cpuname = "C3 'Samuel' [C5A]";
longhaul_version = TYPE_LONGHAUL_V1;
memcpy(mults, samuel1_mults, sizeof(samuel1_mults));
memcpy(eblcr, samuel1_eblcr, sizeof(samuel1_eblcr));
break;
case 7:
switch (c->x86_stepping) {
Reported by FlawFinder.
Line: 773
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpuname = "C3 'Samuel' [C5A]";
longhaul_version = TYPE_LONGHAUL_V1;
memcpy(mults, samuel1_mults, sizeof(samuel1_mults));
memcpy(eblcr, samuel1_eblcr, sizeof(samuel1_eblcr));
break;
case 7:
switch (c->x86_stepping) {
case 0:
Reported by FlawFinder.
Line: 784
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpuname = "C3 'Samuel 2' [C5B]";
/* Note, this is not a typo, early Samuel2's had
* Samuel1 ratios. */
memcpy(mults, samuel1_mults, sizeof(samuel1_mults));
memcpy(eblcr, samuel2_eblcr, sizeof(samuel2_eblcr));
break;
case 1 ... 15:
longhaul_version = TYPE_LONGHAUL_V2;
if (c->x86_stepping < 8) {
Reported by FlawFinder.
Line: 785
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Note, this is not a typo, early Samuel2's had
* Samuel1 ratios. */
memcpy(mults, samuel1_mults, sizeof(samuel1_mults));
memcpy(eblcr, samuel2_eblcr, sizeof(samuel2_eblcr));
break;
case 1 ... 15:
longhaul_version = TYPE_LONGHAUL_V2;
if (c->x86_stepping < 8) {
cpu_model = CPU_SAMUEL2;
Reported by FlawFinder.
Line: 796
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpu_model = CPU_EZRA;
cpuname = "C3 'Ezra' [C5C]";
}
memcpy(mults, ezra_mults, sizeof(ezra_mults));
memcpy(eblcr, ezra_eblcr, sizeof(ezra_eblcr));
break;
}
break;
Reported by FlawFinder.
Line: 797
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpuname = "C3 'Ezra' [C5C]";
}
memcpy(mults, ezra_mults, sizeof(ezra_mults));
memcpy(eblcr, ezra_eblcr, sizeof(ezra_eblcr));
break;
}
break;
case 8:
Reported by FlawFinder.
Line: 807
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpuname = "C3 'Ezra-T' [C5M]";
longhaul_version = TYPE_POWERSAVER;
numscales = 32;
memcpy(mults, ezrat_mults, sizeof(ezrat_mults));
memcpy(eblcr, ezrat_eblcr, sizeof(ezrat_eblcr));
break;
case 9:
longhaul_version = TYPE_POWERSAVER;
Reported by FlawFinder.
Line: 808
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
longhaul_version = TYPE_POWERSAVER;
numscales = 32;
memcpy(mults, ezrat_mults, sizeof(ezrat_mults));
memcpy(eblcr, ezrat_eblcr, sizeof(ezrat_eblcr));
break;
case 9:
longhaul_version = TYPE_POWERSAVER;
numscales = 32;
Reported by FlawFinder.
Line: 814
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 9:
longhaul_version = TYPE_POWERSAVER;
numscales = 32;
memcpy(mults, nehemiah_mults, sizeof(nehemiah_mults));
memcpy(eblcr, nehemiah_eblcr, sizeof(nehemiah_eblcr));
switch (c->x86_stepping) {
case 0 ... 1:
cpu_model = CPU_NEHEMIAH;
cpuname = "C3 'Nehemiah A' [C5XLOE]";
Reported by FlawFinder.
drivers/hwmon/abituguru3.c
11 issues
Line: 901
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute_2 *attr = to_sensor_dev_attr_2(devattr);
struct abituguru3_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", data->sensors[attr->index].name);
}
static ssize_t show_name(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 907
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_name(struct device *dev,
struct device_attribute *devattr, char *buf)
{
return sprintf(buf, "%s\n", ABIT_UGURU3_NAME);
}
/* Sysfs attr templates, the real entries are generated automatically. */
static const
struct sensor_device_attribute_2 abituguru3_sysfs_templ[3][10] = { {
Reported by FlawFinder.
Line: 1015
Column: 11
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
type = data->sensors[i].type;
for (j = 0; j < no_sysfs_attr[type]; j++) {
used = snprintf(sysfs_filename, sysfs_names_free,
abituguru3_sysfs_templ[type][j].dev_attr.attr.
name, sensor_index[type]) + 1;
data->sysfs_attr[sysfs_attr_i] =
abituguru3_sysfs_templ[type][j];
data->sysfs_attr[sysfs_attr_i].dev_attr.attr.name =
Reported by FlawFinder.
Line: 134
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct abituguru3_motherboard_info {
u16 id;
const char *dmi_name[ABIT_UGURU3_MAX_DMI_NAMES + 1];
/* + 1 -> end of sensors indicated by a sensor with name == NULL */
struct abituguru3_sensor_info sensors[ABIT_UGURU3_MAX_NO_SENSORS + 1];
};
/*
Reported by FlawFinder.
Line: 159
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 10];
/* Buffer to store the dynamically generated sysfs names */
char sysfs_names[ABIT_UGURU3_SYSFS_NAMES_LENGTH];
/* Pointer to the sensors info for the detected motherboard */
const struct abituguru3_sensor_info *sensors;
/*
Reported by FlawFinder.
Line: 855
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (sensor->type == ABIT_UGURU3_TEMP_SENSOR)
value *= 1000;
return sprintf(buf, "%d\n", value);
}
static ssize_t show_alarm(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 878
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
if ((data->alarms[port / 8] & (0x01 << (port % 8))) &&
(!attr->nr || (data->settings[port][0] & attr->nr)))
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t show_mask(struct device *dev,
Reported by FlawFinder.
Line: 880
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(!attr->nr || (data->settings[port][0] & attr->nr)))
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t show_mask(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 890
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct abituguru3_data *data = dev_get_drvdata(dev);
if (data->settings[data->sensors[attr->index].port][0] & attr->nr)
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t show_label(struct device *dev,
Reported by FlawFinder.
Line: 892
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (data->settings[data->sensors[attr->index].port][0] & attr->nr)
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t show_label(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
drivers/media/pci/ngene/ngene-core.c
11 issues
Line: 282
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ngwritel((fwio + 512) >> 32, NGENE_EVENT_HI);
}
memcpy(dev->FWInterfaceBuffer, com->cmd.raw8, com->in_len + 2);
if (dev->BootFirmware)
ngcpyto(HOST_TO_NGENE, com->cmd.raw8, com->in_len + 2);
spin_lock_irq(&dev->cmd_lock);
Reported by FlawFinder.
Line: 317
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!com->out_len)
return 0;
memcpy(com->cmd.raw8, dev->ngenetohost, com->out_len);
return 0;
}
int ngene_command(struct ngene *dev, struct ngene_command *com)
Reported by FlawFinder.
Line: 388
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
com.cmd.hdr.Opcode = CMD_CONFIGURE_FREE_BUFFER;
com.cmd.hdr.Length = 6;
memcpy(&com.cmd.ConfigureFreeBuffers.config, config, 6);
com.in_len = 6;
com.out_len = 0;
if (ngene_command(dev, &com) < 0)
return -EIO;
Reported by FlawFinder.
Line: 625
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
com.cmd.StreamControl.SetupDataLen =
sizeof(SPDIFConfiguration);
com.cmd.StreamControl.SetupDataAddr = BsSPI;
memcpy(com.cmd.StreamControl.SetupData,
SPDIFConfiguration, sizeof(SPDIFConfiguration));
} else {
com.cmd.StreamControl.SetupDataLen = 4;
com.cmd.StreamControl.SetupDataAddr = BsSDI;
memcpy(com.cmd.StreamControl.SetupData,
Reported by FlawFinder.
Line: 630
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
com.cmd.StreamControl.SetupDataLen = 4;
com.cmd.StreamControl.SetupDataAddr = BsSDI;
memcpy(com.cmd.StreamControl.SetupData,
I2SConfiguration +
4 * dev->card_info->i2s[stream], 4);
}
} else if (mode & SMODE_TRANSPORT_STREAM) {
chan->nextBuffer = chan->TSRingBuffer.Head;
Reported by FlawFinder.
Line: 641
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
com.cmd.StreamControl.SetupDataLen =
sizeof(TS_I2SOutConfiguration);
com.cmd.StreamControl.SetupDataAddr = BsSDO;
memcpy(com.cmd.StreamControl.SetupData,
TS_I2SOutConfiguration,
sizeof(TS_I2SOutConfiguration));
} else {
com.cmd.StreamControl.SetupDataLen =
sizeof(TS_I2SConfiguration);
Reported by FlawFinder.
Line: 648
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
com.cmd.StreamControl.SetupDataLen =
sizeof(TS_I2SConfiguration);
com.cmd.StreamControl.SetupDataAddr = BsSDI;
memcpy(com.cmd.StreamControl.SetupData,
TS_I2SConfiguration,
sizeof(TS_I2SConfiguration));
}
} else {
com.cmd.StreamControl.SetupDataLen = 8;
Reported by FlawFinder.
Line: 655
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
com.cmd.StreamControl.SetupDataLen = 8;
com.cmd.StreamControl.SetupDataAddr = BsUVI + 0x10;
memcpy(com.cmd.StreamControl.SetupData,
TSFeatureDecoderSetup +
8 * dev->card_info->tsf[stream], 8);
}
} else {
chan->nextBuffer = chan->RingBuffer.Head;
Reported by FlawFinder.
Line: 664
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
com.cmd.StreamControl.SetupDataLen =
16 + sizeof(ITUFeatureDecoderSetup);
com.cmd.StreamControl.SetupDataAddr = BsUVI;
memcpy(com.cmd.StreamControl.SetupData,
ITUDecoderSetup[chan->itumode], 16);
memcpy(com.cmd.StreamControl.SetupData + 16,
ITUFeatureDecoderSetup, sizeof(ITUFeatureDecoderSetup));
}
clear_buffers(chan);
Reported by FlawFinder.
Line: 666
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
com.cmd.StreamControl.SetupDataAddr = BsUVI;
memcpy(com.cmd.StreamControl.SetupData,
ITUDecoderSetup[chan->itumode], 16);
memcpy(com.cmd.StreamControl.SetupData + 16,
ITUFeatureDecoderSetup, sizeof(ITUFeatureDecoderSetup));
}
clear_buffers(chan);
chan->State = KSSTATE_RUN;
if (mode & SMODE_TRANSPORT_STREAM)
Reported by FlawFinder.
drivers/media/pci/intel/ipu3/cio2-bridge.h
11 issues
Line: 81
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __packed;
struct cio2_property_names {
char clock_frequency[16];
char rotation[9];
char bus_type[9];
char data_lanes[11];
char remote_endpoint[16];
char link_frequencies[17];
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cio2_property_names {
char clock_frequency[16];
char rotation[9];
char bus_type[9];
char data_lanes[11];
char remote_endpoint[16];
char link_frequencies[17];
};
Reported by FlawFinder.
Line: 83
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cio2_property_names {
char clock_frequency[16];
char rotation[9];
char bus_type[9];
char data_lanes[11];
char remote_endpoint[16];
char link_frequencies[17];
};
Reported by FlawFinder.
Line: 84
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char clock_frequency[16];
char rotation[9];
char bus_type[9];
char data_lanes[11];
char remote_endpoint[16];
char link_frequencies[17];
};
struct cio2_node_names {
Reported by FlawFinder.
Line: 85
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char rotation[9];
char bus_type[9];
char data_lanes[11];
char remote_endpoint[16];
char link_frequencies[17];
};
struct cio2_node_names {
char port[7];
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char bus_type[9];
char data_lanes[11];
char remote_endpoint[16];
char link_frequencies[17];
};
struct cio2_node_names {
char port[7];
char endpoint[11];
Reported by FlawFinder.
Line: 90
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct cio2_node_names {
char port[7];
char endpoint[11];
char remote_port[7];
};
struct cio2_sensor_config {
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cio2_node_names {
char port[7];
char endpoint[11];
char remote_port[7];
};
struct cio2_sensor_config {
const char *hid;
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cio2_node_names {
char port[7];
char endpoint[11];
char remote_port[7];
};
struct cio2_sensor_config {
const char *hid;
const u8 nr_link_freqs;
Reported by FlawFinder.
Line: 102
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct cio2_sensor {
char name[ACPI_ID_LEN];
struct acpi_device *adev;
struct software_node swnodes[6];
struct cio2_node_names node_names;
Reported by FlawFinder.