The following issues were found
arch/x86/kernel/alternative.c
11 issues
Line: 90
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BYTES_NOP8,
};
const unsigned char * const x86_nops[ASM_NOP_MAX+1] =
{
NULL,
x86nops,
x86nops + 1,
x86nops + 1 + 2,
Reported by FlawFinder.
Line: 110
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int noplen = len;
if (noplen > ASM_NOP_MAX)
noplen = ASM_NOP_MAX;
memcpy(insns, x86_nops[noplen], noplen);
insns += noplen;
len -= noplen;
}
}
Reported by FlawFinder.
Line: 307
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DUMP_BYTES(instr, a->instrlen, "%px: old_insn: ", instr);
DUMP_BYTES(replacement, a->replacementlen, "%px: rpl_insn: ", replacement);
memcpy(insn_buff, replacement, a->replacementlen);
insn_buff_sz = a->replacementlen;
/*
* 0xe8 is a relative jump; fix the offset.
*
Reported by FlawFinder.
Line: 496
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct paravirt_patch_site *end)
{
struct paravirt_patch_site *p;
char insn_buff[MAX_PATCH_LEN];
for (p = start; p < end; p++) {
unsigned int used;
BUG_ON(p->len > MAX_PATCH_LEN);
Reported by FlawFinder.
Line: 503
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUG_ON(p->len > MAX_PATCH_LEN);
/* prep the buffer with the original instructions */
memcpy(insn_buff, p->instr, p->len);
used = paravirt_patch(p->type, insn_buff, (unsigned long)p->instr, p->len);
BUG_ON(used > p->len);
/* Pad the rest with nops */
Reported by FlawFinder.
Line: 695
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* code cannot be running and speculative code-fetches are
* prevented. Just change the code.
*/
memcpy(addr, opcode, len);
} else {
local_irq_save(flags);
memcpy(addr, opcode, len);
local_irq_restore(flags);
sync_core();
Reported by FlawFinder.
Line: 698
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(addr, opcode, len);
} else {
local_irq_save(flags);
memcpy(addr, opcode, len);
local_irq_restore(flags);
sync_core();
/*
* Could also do a CLFLUSH here to speed up CPU recovery; but
Reported by FlawFinder.
Line: 841
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prev = use_temporary_mm(poking_mm);
kasan_disable_current();
memcpy((u8 *)poking_addr + offset_in_page(addr), opcode, len);
kasan_enable_current();
/*
* Ensure that the PTE is only cleared after the instructions of memcpy
* were issued by using a compiler barrier.
Reported by FlawFinder.
Line: 1124
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int len = text_opcode_size(tp[i].opcode);
if (len - INT3_INSN_SIZE > 0) {
memcpy(old + INT3_INSN_SIZE,
text_poke_addr(&tp[i]) + INT3_INSN_SIZE,
len - INT3_INSN_SIZE);
text_poke(text_poke_addr(&tp[i]) + INT3_INSN_SIZE,
(const char *)tp[i].text + INT3_INSN_SIZE,
len - INT3_INSN_SIZE);
Reported by FlawFinder.
Line: 1128
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
text_poke_addr(&tp[i]) + INT3_INSN_SIZE,
len - INT3_INSN_SIZE);
text_poke(text_poke_addr(&tp[i]) + INT3_INSN_SIZE,
(const char *)tp[i].text + INT3_INSN_SIZE,
len - INT3_INSN_SIZE);
do_sync++;
}
/*
Reported by FlawFinder.
drivers/usb/serial/ftdi_sio.c
11 issues
Line: 1096
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void ftdi_break_ctl(struct tty_struct *tty, int break_state);
static bool ftdi_tx_empty(struct usb_serial_port *port);
static int ftdi_get_modem_status(struct usb_serial_port *port,
unsigned char status[2]);
static unsigned short int ftdi_232am_baud_base_to_divisor(int baud, int base);
static unsigned short int ftdi_232am_baud_to_divisor(int baud);
static u32 ftdi_232bm_baud_base_to_divisor(int baud, int base);
static u32 ftdi_232bm_baud_to_divisor(int baud);
Reported by FlawFinder.
Line: 1177
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static u32 ftdi_232bm_baud_base_to_divisor(int baud, int base)
{
static const unsigned char divfrac[8] = { 0, 3, 2, 4, 1, 5, 6, 7 };
u32 divisor;
/* divisor shifted 3 bits to the left */
int divisor3 = DIV_ROUND_CLOSEST(base, 2 * baud);
divisor = divisor3 >> 3;
divisor |= (u32)divfrac[divisor3 & 0x7] << 14;
Reported by FlawFinder.
Line: 1198
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static u32 ftdi_2232h_baud_base_to_divisor(int baud, int base)
{
static const unsigned char divfrac[8] = { 0, 3, 2, 4, 1, 5, 6, 7 };
u32 divisor;
int divisor3;
/* hi-speed baud rate is 10-bit sampling instead of 16-bit */
divisor3 = DIV_ROUND_CLOSEST(8 * base, 10 * baud);
Reported by FlawFinder.
Line: 1681
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usb_serial_port *port = to_usb_serial_port(dev);
struct ftdi_private *priv = usb_get_serial_port_data(port);
if (priv->flags & ASYNC_LOW_LATENCY)
return sprintf(buf, "1\n");
else
return sprintf(buf, "%i\n", priv->latency);
}
/* Write a new value of the latency timer, in units of milliseconds. */
Reported by FlawFinder.
Line: 1683
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (priv->flags & ASYNC_LOW_LATENCY)
return sprintf(buf, "1\n");
else
return sprintf(buf, "%i\n", priv->latency);
}
/* Write a new value of the latency timer, in units of milliseconds. */
static ssize_t latency_timer_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 2641
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool ftdi_tx_empty(struct usb_serial_port *port)
{
unsigned char buf[2];
int ret;
ret = ftdi_get_modem_status(port, buf);
if (ret == 2) {
if (!(buf[1] & FTDI_RS_TEMT))
Reported by FlawFinder.
Line: 2828
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* negative error code.
*/
static int ftdi_get_modem_status(struct usb_serial_port *port,
unsigned char status[2])
{
struct ftdi_private *priv = usb_get_serial_port_data(port);
unsigned char *buf;
int len;
int ret;
Reported by FlawFinder.
Line: 2895
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct usb_serial_port *port = tty->driver_data;
struct ftdi_private *priv = usb_get_serial_port_data(port);
unsigned char buf[2];
int ret;
ret = ftdi_get_modem_status(port, buf);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 2021
Column: 9
CWE codes:
120
20
return -EINVAL;
/* Read EEPROM two bytes at a time */
while (read < nbytes) {
int rv;
rv = usb_control_msg(serial->dev,
usb_rcvctrlpipe(serial->dev, 0),
FTDI_SIO_READ_EEPROM_REQUEST,
Reported by FlawFinder.
Line: 2028
Column: 21
CWE codes:
120
20
usb_rcvctrlpipe(serial->dev, 0),
FTDI_SIO_READ_EEPROM_REQUEST,
FTDI_SIO_READ_EEPROM_REQUEST_TYPE,
0, (addr + read) / 2, dst + read, 2,
WDR_TIMEOUT);
if (rv < 2) {
if (rv >= 0)
return -EIO;
else
Reported by FlawFinder.
drivers/usb/serial/ti_usb_3410_5052.c
11 issues
Line: 1581
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int pipe = usb_sndbulkpipe(dev,
tdev->td_serial->port[0]->bulk_out_endpointAddress);
const struct firmware *fw_p;
char buf[32];
if (le16_to_cpu(dev->descriptor.idVendor) == MXU1_VENDOR_ID) {
snprintf(buf,
sizeof(buf),
"moxa/moxa-%04x.fw",
Reported by FlawFinder.
Line: 1594
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
/* try ID specific firmware first, then try generic firmware */
sprintf(buf, "ti_usb-v%04x-p%04x.fw",
le16_to_cpu(dev->descriptor.idVendor),
le16_to_cpu(dev->descriptor.idProduct));
status = request_firmware(&fw_p, buf, &dev->dev);
if (status != 0) {
Reported by FlawFinder.
Line: 1604
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (le16_to_cpu(dev->descriptor.idVendor) == MTS_VENDOR_ID) {
switch (le16_to_cpu(dev->descriptor.idProduct)) {
case MTS_CDMA_PRODUCT_ID:
strcpy(buf, "mts_cdma.fw");
break;
case MTS_GSM_PRODUCT_ID:
strcpy(buf, "mts_gsm.fw");
break;
case MTS_EDGE_PRODUCT_ID:
Reported by FlawFinder.
Line: 1607
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(buf, "mts_cdma.fw");
break;
case MTS_GSM_PRODUCT_ID:
strcpy(buf, "mts_gsm.fw");
break;
case MTS_EDGE_PRODUCT_ID:
strcpy(buf, "mts_edge.fw");
break;
case MTS_MT9234MU_PRODUCT_ID:
Reported by FlawFinder.
Line: 1610
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(buf, "mts_gsm.fw");
break;
case MTS_EDGE_PRODUCT_ID:
strcpy(buf, "mts_edge.fw");
break;
case MTS_MT9234MU_PRODUCT_ID:
strcpy(buf, "mts_mt9234mu.fw");
break;
case MTS_MT9234ZBA_PRODUCT_ID:
Reported by FlawFinder.
Line: 1613
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(buf, "mts_edge.fw");
break;
case MTS_MT9234MU_PRODUCT_ID:
strcpy(buf, "mts_mt9234mu.fw");
break;
case MTS_MT9234ZBA_PRODUCT_ID:
strcpy(buf, "mts_mt9234zba.fw");
break;
case MTS_MT9234ZBAOLD_PRODUCT_ID:
Reported by FlawFinder.
Line: 1616
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(buf, "mts_mt9234mu.fw");
break;
case MTS_MT9234ZBA_PRODUCT_ID:
strcpy(buf, "mts_mt9234zba.fw");
break;
case MTS_MT9234ZBAOLD_PRODUCT_ID:
strcpy(buf, "mts_mt9234zba.fw");
break; }
}
Reported by FlawFinder.
Line: 1619
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(buf, "mts_mt9234zba.fw");
break;
case MTS_MT9234ZBAOLD_PRODUCT_ID:
strcpy(buf, "mts_mt9234zba.fw");
break; }
}
if (buf[0] == '\0') {
if (tdev->td_is_3410)
strcpy(buf, "ti_3410.fw");
Reported by FlawFinder.
Line: 1624
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
if (buf[0] == '\0') {
if (tdev->td_is_3410)
strcpy(buf, "ti_3410.fw");
else
strcpy(buf, "ti_5052.fw");
}
status = request_firmware(&fw_p, buf, &dev->dev);
}
Reported by FlawFinder.
Line: 1626
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (tdev->td_is_3410)
strcpy(buf, "ti_3410.fw");
else
strcpy(buf, "ti_5052.fw");
}
status = request_firmware(&fw_p, buf, &dev->dev);
}
check_firmware:
Reported by FlawFinder.
drivers/gpu/drm/i915/gvt/handlers.c
11 issues
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void read_vreg(struct intel_vgpu *vgpu, unsigned int offset,
void *p_data, unsigned int bytes)
{
memcpy(p_data, &vgpu_vreg(vgpu, offset), bytes);
}
static void write_vreg(struct intel_vgpu *vgpu, unsigned int offset,
void *p_data, unsigned int bytes)
{
Reported by FlawFinder.
Line: 84
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void write_vreg(struct intel_vgpu *vgpu, unsigned int offset,
void *p_data, unsigned int bytes)
{
memcpy(&vgpu_vreg(vgpu, offset), p_data, bytes);
}
struct intel_gvt_mmio_info *intel_gvt_find_mmio_info(struct intel_gvt *gvt,
unsigned int offset)
{
Reported by FlawFinder.
Line: 1498
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int send_display_ready_uevent(struct intel_vgpu *vgpu, int ready)
{
struct kobject *kobj = &vgpu->gvt->gt->i915->drm.primary->kdev->kobj;
char *env[3] = {NULL, NULL, NULL};
char vmid_str[20];
char display_ready_str[20];
snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d", ready);
env[0] = display_ready_str;
Reported by FlawFinder.
Line: 1499
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct kobject *kobj = &vgpu->gvt->gt->i915->drm.primary->kdev->kobj;
char *env[3] = {NULL, NULL, NULL};
char vmid_str[20];
char display_ready_str[20];
snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d", ready);
env[0] = display_ready_str;
Reported by FlawFinder.
Line: 1500
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kobject *kobj = &vgpu->gvt->gt->i915->drm.primary->kdev->kobj;
char *env[3] = {NULL, NULL, NULL};
char vmid_str[20];
char display_ready_str[20];
snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d", ready);
env[0] = display_ready_str;
snprintf(vmid_str, 20, "VMID=%d", vgpu->id);
Reported by FlawFinder.
Line: 3919
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
} else {
/* keep the RO bits in the virtual register */
memcpy(&data, pdata, bytes);
data &= ~ro_mask;
data |= vgpu_vreg(vgpu, offset) & ro_mask;
ret = mmio_info->write(vgpu, offset, &data, bytes);
}
Reported by FlawFinder.
Line: 102
Column: 17
CWE codes:
120
20
static int new_mmio_info(struct intel_gvt *gvt,
u32 offset, u16 flags, u32 size,
u32 addr_mask, u32 ro_mask, u32 device,
gvt_mmio_func read, gvt_mmio_func write)
{
struct intel_gvt_mmio_info *info, *p;
u32 start, end, i;
if (!intel_gvt_match_device(gvt, device))
Reported by FlawFinder.
Line: 137
Column: 16
CWE codes:
120
20
info->ro_mask = ro_mask;
info->device = device;
info->read = read ? read : intel_vgpu_default_mmio_read;
info->write = write ? write : intel_vgpu_default_mmio_write;
gvt->mmio.mmio_attribute[info->offset / 4] = flags;
INIT_HLIST_NODE(&info->node);
hash_add(gvt->mmio.mmio_info_table, &info->node, info->offset);
gvt->mmio.num_tracked_mmio++;
Reported by FlawFinder.
Line: 137
Column: 23
CWE codes:
120
20
info->ro_mask = ro_mask;
info->device = device;
info->read = read ? read : intel_vgpu_default_mmio_read;
info->write = write ? write : intel_vgpu_default_mmio_write;
gvt->mmio.mmio_attribute[info->offset / 4] = flags;
INIT_HLIST_NODE(&info->node);
hash_add(gvt->mmio.mmio_info_table, &info->node, info->offset);
gvt->mmio.num_tracked_mmio++;
Reported by FlawFinder.
Line: 3886
Column: 32
CWE codes:
120
20
*/
mmio_block = find_mmio_block(gvt, offset);
if (mmio_block) {
func = is_read ? mmio_block->read : mmio_block->write;
if (func)
return func(vgpu, offset, pdata, bytes);
goto default_rw;
}
Reported by FlawFinder.
drivers/net/wireless/ath/wcn36xx/main.c
11 issues
Line: 486
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (netdev_hw_addr_list_count(mc_list) <=
WCN36XX_HAL_MAX_NUM_MULTICAST_ADDRESS) {
netdev_hw_addr_list_for_each(ha, mc_list) {
memcpy(fp->mc_addr[fp->mc_addr_count],
ha->addr, ETH_ALEN);
fp->mc_addr_count++;
}
}
Reported by FlawFinder.
Line: 560
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* IEEE 802.11 spec (see chapter 11.7) like this:
* Temporal Key (16 b) - RX MIC (8 b) - TX MIC (8 b)
*/
memcpy(key, key_conf->key, 16);
memcpy(key + 16, key_conf->key + 24, 8);
memcpy(key + 24, key_conf->key + 16, 8);
} else {
memcpy(key, key_conf->key, key_conf->keylen);
}
Reported by FlawFinder.
Line: 561
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Temporal Key (16 b) - RX MIC (8 b) - TX MIC (8 b)
*/
memcpy(key, key_conf->key, 16);
memcpy(key + 16, key_conf->key + 24, 8);
memcpy(key + 24, key_conf->key + 16, 8);
} else {
memcpy(key, key_conf->key, key_conf->keylen);
}
Reported by FlawFinder.
Line: 562
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(key, key_conf->key, 16);
memcpy(key + 16, key_conf->key + 24, 8);
memcpy(key + 24, key_conf->key + 16, 8);
} else {
memcpy(key, key_conf->key, key_conf->keylen);
}
if (IEEE80211_KEY_FLAG_PAIRWISE & key_conf->flags) {
Reported by FlawFinder.
Line: 564
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(key + 16, key_conf->key + 24, 8);
memcpy(key + 24, key_conf->key + 16, 8);
} else {
memcpy(key, key_conf->key, key_conf->keylen);
}
if (IEEE80211_KEY_FLAG_PAIRWISE & key_conf->flags) {
sta_priv->is_data_encrypted = true;
/* Reconfigure bss with encrypt_type */
Reported by FlawFinder.
Line: 757
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sta->ht_cap.ht_supported) {
BUILD_BUG_ON(sizeof(sta->ht_cap.mcs.rx_mask) >
sizeof(sta_priv->supported_rates.supported_mcs_set));
memcpy(sta_priv->supported_rates.supported_mcs_set,
sta->ht_cap.mcs.rx_mask,
sizeof(sta->ht_cap.mcs.rx_mask));
}
if (sta->vht_cap.vht_supported) {
Reported by FlawFinder.
Line: 791
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
};
rates->op_rate_mode = STA_11n;
memcpy(rates->dsss_rates, dsss_rates,
sizeof(*dsss_rates) * WCN36XX_HAL_NUM_DSSS_RATES);
memcpy(rates->ofdm_rates, ofdm_rates,
sizeof(*ofdm_rates) * WCN36XX_HAL_NUM_OFDM_RATES);
rates->supported_mcs_set[0] = 0xFF;
}
Reported by FlawFinder.
Line: 793
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rates->op_rate_mode = STA_11n;
memcpy(rates->dsss_rates, dsss_rates,
sizeof(*dsss_rates) * WCN36XX_HAL_NUM_DSSS_RATES);
memcpy(rates->ofdm_rates, ofdm_rates,
sizeof(*ofdm_rates) * WCN36XX_HAL_NUM_OFDM_RATES);
rates->supported_mcs_set[0] = 0xFF;
}
void wcn36xx_set_default_rates_v1(struct wcn36xx_hal_supported_rates_v1 *rates)
Reported by FlawFinder.
Line: 858
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bss_conf->ssid, bss_conf->ssid_len);
vif_priv->ssid.length = bss_conf->ssid_len;
memcpy(&vif_priv->ssid.ssid,
bss_conf->ssid,
bss_conf->ssid_len);
}
if (changed & BSS_CHANGED_ASSOC) {
Reported by FlawFinder.
Line: 1159
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock(&wcn->conf_mutex);
memcpy(vif_priv->rekey_data.kek, data->kek, NL80211_KEK_LEN);
memcpy(vif_priv->rekey_data.kck, data->kck, NL80211_KCK_LEN);
vif_priv->rekey_data.replay_ctr =
cpu_to_le64(be64_to_cpup((__be64 *)data->replay_ctr));
vif_priv->rekey_data.valid = true;
Reported by FlawFinder.
drivers/iommu/intel/cap_audit.c
11 issues
Line: 122
Column: 68
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
CHECK_FEATURE_MISMATCH_HOTPLUG(iommu, ecap, coherent, ECAP_C_MASK);
/* Abort hot plug if the hot plug iommu feature is smaller than global */
MINIMAL_FEATURE_HOTPLUG(iommu, cap, max_amask_val, CAP_MAMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
Reported by FlawFinder.
Line: 123
Column: 68
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/* Abort hot plug if the hot plug iommu feature is smaller than global */
MINIMAL_FEATURE_HOTPLUG(iommu, cap, max_amask_val, CAP_MAMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
Reported by FlawFinder.
Line: 124
Column: 70
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/* Abort hot plug if the hot plug iommu feature is smaller than global */
MINIMAL_FEATURE_HOTPLUG(iommu, cap, max_amask_val, CAP_MAMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
Reported by FlawFinder.
Line: 125
Column: 70
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, max_amask_val, CAP_MAMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
Reported by FlawFinder.
Line: 126
Column: 59
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
Reported by FlawFinder.
Line: 127
Column: 61
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
Reported by FlawFinder.
Line: 128
Column: 61
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
out:
Reported by FlawFinder.
Line: 129
Column: 59
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
out:
if (mismatch) {
Reported by FlawFinder.
Line: 130
Column: 72
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
out:
if (mismatch) {
intel_iommu_cap_sanity = old_cap;
Reported by FlawFinder.
Line: 131
Column: 68
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
out:
if (mismatch) {
intel_iommu_cap_sanity = old_cap;
intel_iommu_ecap_sanity = old_ecap;
Reported by FlawFinder.
drivers/usb/misc/usbsevseg.c
11 issues
Line: 256
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
for (i = 0; i < ARRAY_SIZE(display_textmodes); i++) {
if (mydev->textmode == i) {
strcat(buf, " [");
strcat(buf, display_textmodes[i]);
strcat(buf, "] ");
} else {
strcat(buf, " ");
strcat(buf, display_textmodes[i]);
strcat(buf, " ");
Reported by FlawFinder.
Line: 260
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(buf, "] ");
} else {
strcat(buf, " ");
strcat(buf, display_textmodes[i]);
strcat(buf, " ");
}
}
strcat(buf, "\n");
Reported by FlawFinder.
Line: 110
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int rc;
int i;
unsigned char buffer[MAXLEN] = {0};
u8 decimals = 0;
if(mydev->shadow_power != 1)
return;
Reported by FlawFinder.
Line: 148
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usb_interface *intf = to_usb_interface(dev); \
struct usb_sevsegdev *mydev = usb_get_intfdata(intf); \
\
return sprintf(buf, "%u\n", mydev->name); \
} \
\
static ssize_t name##_store(struct device *dev, \
struct device_attribute *attr, const char *buf, size_t count) \
{ \
Reported by FlawFinder.
Line: 187
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mydev->textlength = end;
if (end > 0)
memcpy(mydev->text, buf, end);
update_display_visual(mydev, GFP_KERNEL);
return count;
}
Reported by FlawFinder.
Line: 255
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
for (i = 0; i < ARRAY_SIZE(display_textmodes); i++) {
if (mydev->textmode == i) {
strcat(buf, " [");
strcat(buf, display_textmodes[i]);
strcat(buf, "] ");
} else {
strcat(buf, " ");
strcat(buf, display_textmodes[i]);
Reported by FlawFinder.
Line: 257
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (mydev->textmode == i) {
strcat(buf, " [");
strcat(buf, display_textmodes[i]);
strcat(buf, "] ");
} else {
strcat(buf, " ");
strcat(buf, display_textmodes[i]);
strcat(buf, " ");
}
Reported by FlawFinder.
Line: 259
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(buf, display_textmodes[i]);
strcat(buf, "] ");
} else {
strcat(buf, " ");
strcat(buf, display_textmodes[i]);
strcat(buf, " ");
}
}
strcat(buf, "\n");
Reported by FlawFinder.
Line: 261
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
} else {
strcat(buf, " ");
strcat(buf, display_textmodes[i]);
strcat(buf, " ");
}
}
strcat(buf, "\n");
Reported by FlawFinder.
Line: 264
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(buf, " ");
}
}
strcat(buf, "\n");
return strlen(buf);
}
Reported by FlawFinder.
drivers/block/drbd/drbd_state.c
11 issues
Line: 751
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*pbp = 0;
if (ns.role != os.role && flags & CS_DC_ROLE)
pbp += sprintf(pbp, "role( %s -> %s ) ",
drbd_role_str(os.role),
drbd_role_str(ns.role));
if (ns.peer != os.peer && flags & CS_DC_PEER)
pbp += sprintf(pbp, "peer( %s -> %s ) ",
drbd_role_str(os.peer),
Reported by FlawFinder.
Line: 755
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
drbd_role_str(os.role),
drbd_role_str(ns.role));
if (ns.peer != os.peer && flags & CS_DC_PEER)
pbp += sprintf(pbp, "peer( %s -> %s ) ",
drbd_role_str(os.peer),
drbd_role_str(ns.peer));
if (ns.conn != os.conn && flags & CS_DC_CONN)
pbp += sprintf(pbp, "conn( %s -> %s ) ",
drbd_conn_str(os.conn),
Reported by FlawFinder.
Line: 759
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
drbd_role_str(os.peer),
drbd_role_str(ns.peer));
if (ns.conn != os.conn && flags & CS_DC_CONN)
pbp += sprintf(pbp, "conn( %s -> %s ) ",
drbd_conn_str(os.conn),
drbd_conn_str(ns.conn));
if (ns.disk != os.disk && flags & CS_DC_DISK)
pbp += sprintf(pbp, "disk( %s -> %s ) ",
drbd_disk_str(os.disk),
Reported by FlawFinder.
Line: 763
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
drbd_conn_str(os.conn),
drbd_conn_str(ns.conn));
if (ns.disk != os.disk && flags & CS_DC_DISK)
pbp += sprintf(pbp, "disk( %s -> %s ) ",
drbd_disk_str(os.disk),
drbd_disk_str(ns.disk));
if (ns.pdsk != os.pdsk && flags & CS_DC_PDSK)
pbp += sprintf(pbp, "pdsk( %s -> %s ) ",
drbd_disk_str(os.pdsk),
Reported by FlawFinder.
Line: 767
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
drbd_disk_str(os.disk),
drbd_disk_str(ns.disk));
if (ns.pdsk != os.pdsk && flags & CS_DC_PDSK)
pbp += sprintf(pbp, "pdsk( %s -> %s ) ",
drbd_disk_str(os.pdsk),
drbd_disk_str(ns.pdsk));
return pbp - pb;
}
Reported by FlawFinder.
Line: 777
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void drbd_pr_state_change(struct drbd_device *device, union drbd_state os, union drbd_state ns,
enum chg_state_flags flags)
{
char pb[300];
char *pbp = pb;
pbp += print_state_change(pbp, os, ns, flags ^ CS_DC_MASK);
if (ns.aftr_isp != os.aftr_isp)
Reported by FlawFinder.
Line: 783
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pbp += print_state_change(pbp, os, ns, flags ^ CS_DC_MASK);
if (ns.aftr_isp != os.aftr_isp)
pbp += sprintf(pbp, "aftr_isp( %d -> %d ) ",
os.aftr_isp,
ns.aftr_isp);
if (ns.peer_isp != os.peer_isp)
pbp += sprintf(pbp, "peer_isp( %d -> %d ) ",
os.peer_isp,
Reported by FlawFinder.
Line: 787
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
os.aftr_isp,
ns.aftr_isp);
if (ns.peer_isp != os.peer_isp)
pbp += sprintf(pbp, "peer_isp( %d -> %d ) ",
os.peer_isp,
ns.peer_isp);
if (ns.user_isp != os.user_isp)
pbp += sprintf(pbp, "user_isp( %d -> %d ) ",
os.user_isp,
Reported by FlawFinder.
Line: 791
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
os.peer_isp,
ns.peer_isp);
if (ns.user_isp != os.user_isp)
pbp += sprintf(pbp, "user_isp( %d -> %d ) ",
os.user_isp,
ns.user_isp);
if (pbp != pb)
drbd_info(device, "%s\n", pb);
Reported by FlawFinder.
Line: 802
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void conn_pr_state_change(struct drbd_connection *connection, union drbd_state os, union drbd_state ns,
enum chg_state_flags flags)
{
char pb[300];
char *pbp = pb;
pbp += print_state_change(pbp, os, ns, flags);
if (is_susp(ns) != is_susp(os) && flags & CS_DC_SUSP)
Reported by FlawFinder.
drivers/scsi/bfa/bfad_attr.c
11 issues
Line: 368
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
u64_to_wwn(fc_vport->node_name, (u8 *)&port_cfg.nwwn);
u64_to_wwn(fc_vport->port_name, (u8 *)&port_cfg.pwwn);
if (strlen(vname) > 0)
strcpy((char *)&port_cfg.sym_name, vname);
port_cfg.roles = BFA_LPORT_ROLE_FCP_IM;
spin_lock_irqsave(&bfad->bfad_lock, flags);
list_for_each_entry(vp, &bfad->pbc_vport_list, list_entry) {
if (port_cfg.pwwn ==
Reported by FlawFinder.
Line: 711
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfad_im_port_s *im_port =
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
bfa_get_adapter_serial_num(&bfad->bfa, serial_num);
return snprintf(buf, PAGE_SIZE, "%s\n", serial_num);
}
Reported by FlawFinder.
Line: 725
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfad_im_port_s *im_port =
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
bfa_get_adapter_model(&bfad->bfa, model);
return snprintf(buf, PAGE_SIZE, "%s\n", model);
}
Reported by FlawFinder.
Line: 739
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfad_im_port_s *im_port =
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
int nports = 0;
bfa_get_adapter_model(&bfad->bfa, model);
nports = bfa_get_nports(&bfad->bfa);
Reported by FlawFinder.
Line: 740
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
int nports = 0;
bfa_get_adapter_model(&bfad->bfa, model);
nports = bfa_get_nports(&bfad->bfa);
if (!strcmp(model, "QLogic-425"))
Reported by FlawFinder.
Line: 834
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
struct bfa_lport_attr_s port_attr;
char symname[BFA_SYMNAME_MAXLEN];
bfa_fcs_lport_get_attr(&bfad->bfa_fcs.fabric.bport, &port_attr);
strlcpy(symname, port_attr.port_cfg.sym_name.symname,
BFA_SYMNAME_MAXLEN);
return snprintf(buf, PAGE_SIZE, "%s\n", symname);
Reported by FlawFinder.
Line: 850
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfad_im_port_s *im_port =
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
char hw_ver[BFA_VERSION_LEN];
bfa_get_pci_chip_rev(&bfad->bfa, hw_ver);
return snprintf(buf, PAGE_SIZE, "%s\n", hw_ver);
}
Reported by FlawFinder.
Line: 871
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfad_im_port_s *im_port =
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
char optrom_ver[BFA_VERSION_LEN];
bfa_get_adapter_optrom_ver(&bfad->bfa, optrom_ver);
return snprintf(buf, PAGE_SIZE, "%s\n", optrom_ver);
}
Reported by FlawFinder.
Line: 885
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfad_im_port_s *im_port =
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
char fw_ver[BFA_VERSION_LEN];
bfa_get_adapter_fw_ver(&bfad->bfa, fw_ver);
return snprintf(buf, PAGE_SIZE, "%s\n", fw_ver);
}
Reported by FlawFinder.
Line: 367
Column: 6
CWE codes:
126
memset(&port_cfg, 0, sizeof(port_cfg));
u64_to_wwn(fc_vport->node_name, (u8 *)&port_cfg.nwwn);
u64_to_wwn(fc_vport->port_name, (u8 *)&port_cfg.pwwn);
if (strlen(vname) > 0)
strcpy((char *)&port_cfg.sym_name, vname);
port_cfg.roles = BFA_LPORT_ROLE_FCP_IM;
spin_lock_irqsave(&bfad->bfad_lock, flags);
list_for_each_entry(vp, &bfad->pbc_vport_list, list_entry) {
Reported by FlawFinder.
include/sound/info.h
11 issues
Line: 74
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
void *private_data;
void (*private_free)(struct snd_info_entry *entry);
struct proc_dir_entry *p;
struct mutex access;
struct list_head children;
struct list_head list;
};
#if defined(CONFIG_SND_OSSEMUL) && defined(CONFIG_SND_PROC_FS)
Reported by FlawFinder.
Line: 37
Column: 8
CWE codes:
362
};
struct snd_info_entry_ops {
int (*open)(struct snd_info_entry *entry,
unsigned short mode, void **file_private_data);
int (*release)(struct snd_info_entry *entry,
unsigned short mode, void *file_private_data);
ssize_t (*read)(struct snd_info_entry *entry, void *file_private_data,
struct file *file, char __user *buf,
Reported by FlawFinder.
Line: 30
Column: 9
CWE codes:
120
20
struct snd_info_entry;
struct snd_info_entry_text {
void (*read)(struct snd_info_entry *entry,
struct snd_info_buffer *buffer);
void (*write)(struct snd_info_entry *entry,
struct snd_info_buffer *buffer);
};
Reported by FlawFinder.
Line: 41
Column: 12
CWE codes:
120
20
unsigned short mode, void **file_private_data);
int (*release)(struct snd_info_entry *entry,
unsigned short mode, void *file_private_data);
ssize_t (*read)(struct snd_info_entry *entry, void *file_private_data,
struct file *file, char __user *buf,
size_t count, loff_t pos);
ssize_t (*write)(struct snd_info_entry *entry, void *file_private_data,
struct file *file, const char __user *buf,
size_t count, loff_t pos);
Reported by FlawFinder.
Line: 141
Column: 9
CWE codes:
120
20
static inline void snd_info_set_text_ops(struct snd_info_entry *entry,
void *private_data,
void (*read)(struct snd_info_entry *, struct snd_info_buffer *))
{
entry->private_data = private_data;
entry->c.text.read = read;
}
Reported by FlawFinder.
Line: 144
Column: 23
CWE codes:
120
20
void (*read)(struct snd_info_entry *, struct snd_info_buffer *))
{
entry->private_data = private_data;
entry->c.text.read = read;
}
int snd_card_rw_proc_new(struct snd_card *card, const char *name,
void *private_data,
void (*read)(struct snd_info_entry *,
Reported by FlawFinder.
Line: 149
Column: 12
CWE codes:
120
20
int snd_card_rw_proc_new(struct snd_card *card, const char *name,
void *private_data,
void (*read)(struct snd_info_entry *,
struct snd_info_buffer *),
void (*write)(struct snd_info_entry *entry,
struct snd_info_buffer *buffer));
int snd_info_check_reserved_words(const char *str);
Reported by FlawFinder.
Line: 182
Column: 14
CWE codes:
120
20
struct snd_info_entry **entryp) { return -EINVAL; }
static inline void snd_info_set_text_ops(struct snd_info_entry *entry __attribute__((unused)),
void *private_data,
void (*read)(struct snd_info_entry *, struct snd_info_buffer *)) {}
static inline int snd_card_rw_proc_new(struct snd_card *card, const char *name,
void *private_data,
void (*read)(struct snd_info_entry *,
struct snd_info_buffer *),
void (*write)(struct snd_info_entry *entry,
Reported by FlawFinder.
Line: 185
Column: 19
CWE codes:
120
20
void (*read)(struct snd_info_entry *, struct snd_info_buffer *)) {}
static inline int snd_card_rw_proc_new(struct snd_card *card, const char *name,
void *private_data,
void (*read)(struct snd_info_entry *,
struct snd_info_buffer *),
void (*write)(struct snd_info_entry *entry,
struct snd_info_buffer *buffer))
{
return 0;
Reported by FlawFinder.
Line: 209
Column: 15
CWE codes:
120
20
static inline int
snd_card_ro_proc_new(struct snd_card *card, const char *name,
void *private_data,
void (*read)(struct snd_info_entry *,
struct snd_info_buffer *))
{
return snd_card_rw_proc_new(card, name, private_data, read, NULL);
}
Reported by FlawFinder.