The following issues were found
drivers/gpu/drm/omapdrm/omap_dmm_tiler.c
11 issues
Line: 338
CWE codes:
476
BUG_ON(!engine);
txn = &engine->txn;
engine->tcm = tcm;
txn->engine_handle = engine;
txn->last_pat = NULL;
txn->current_va = engine->refill_va;
txn->current_pa = engine->refill_pa;
Reported by Cppcheck.
Line: 341
CWE codes:
476
engine->tcm = tcm;
txn->engine_handle = engine;
txn->last_pat = NULL;
txn->current_va = engine->refill_va;
txn->current_pa = engine->refill_pa;
return txn;
}
Reported by Cppcheck.
Line: 342
CWE codes:
476
txn->engine_handle = engine;
txn->last_pat = NULL;
txn->current_va = engine->refill_va;
txn->current_pa = engine->refill_pa;
return txn;
}
/*
Reported by Cppcheck.
Line: 1049
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static void map_1d_info(char **map, int xdiv, int ydiv, char *nice,
struct tcm_area *a)
{
sprintf(nice, "%dK", tcm_sizeof(*a) * 4);
if (a->p0.y + 1 < a->p1.y) {
text_map(map, xdiv, nice, (a->p0.y + a->p1.y) / 2 / ydiv, 0,
256 - 1);
} else if (a->p0.y < a->p1.y) {
if (strlen(nice) < map_width(xdiv, a->p0.x, 256 - 1))
Reported by FlawFinder.
Line: 1068
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static void map_2d_info(char **map, int xdiv, int ydiv, char *nice,
struct tcm_area *a)
{
sprintf(nice, "(%d*%d)", tcm_awidth(*a), tcm_aheight(*a));
if (strlen(nice) + 1 < map_width(xdiv, a->p0.x, a->p1.x))
text_map(map, xdiv, nice, (a->p0.y + a->p1.y) / 2 / ydiv,
a->p0.x, a->p1.x);
}
Reported by FlawFinder.
Line: 1084
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *m2d = alphabet;
const char *a2d = special;
const char *m2dp = m2d, *a2dp = a2d;
char nice[128];
int h_adj;
int w_adj;
unsigned long flags;
int lut_idx;
Reported by FlawFinder.
Line: 1038
Column: 37
CWE codes:
126
static void text_map(char **map, int xdiv, char *nice, int yd, int x0, int x1)
{
char *p = map[yd] + (x0 / xdiv);
int w = (map_width(xdiv, x0, x1) - strlen(nice)) / 2;
if (w >= 0) {
p += w;
while (*nice)
*p++ = *nice++;
}
Reported by FlawFinder.
Line: 1054
Column: 7
CWE codes:
126
text_map(map, xdiv, nice, (a->p0.y + a->p1.y) / 2 / ydiv, 0,
256 - 1);
} else if (a->p0.y < a->p1.y) {
if (strlen(nice) < map_width(xdiv, a->p0.x, 256 - 1))
text_map(map, xdiv, nice, a->p0.y / ydiv,
a->p0.x + xdiv, 256 - 1);
else if (strlen(nice) < map_width(xdiv, 0, a->p1.x))
text_map(map, xdiv, nice, a->p1.y / ydiv,
0, a->p1.y - xdiv);
Reported by FlawFinder.
Line: 1057
Column: 12
CWE codes:
126
if (strlen(nice) < map_width(xdiv, a->p0.x, 256 - 1))
text_map(map, xdiv, nice, a->p0.y / ydiv,
a->p0.x + xdiv, 256 - 1);
else if (strlen(nice) < map_width(xdiv, 0, a->p1.x))
text_map(map, xdiv, nice, a->p1.y / ydiv,
0, a->p1.y - xdiv);
} else if (strlen(nice) + 1 < map_width(xdiv, a->p0.x, a->p1.x)) {
text_map(map, xdiv, nice, a->p0.y / ydiv, a->p0.x, a->p1.x);
}
Reported by FlawFinder.
Line: 1060
Column: 13
CWE codes:
126
else if (strlen(nice) < map_width(xdiv, 0, a->p1.x))
text_map(map, xdiv, nice, a->p1.y / ydiv,
0, a->p1.y - xdiv);
} else if (strlen(nice) + 1 < map_width(xdiv, a->p0.x, a->p1.x)) {
text_map(map, xdiv, nice, a->p0.y / ydiv, a->p0.x, a->p1.x);
}
}
static void map_2d_info(char **map, int xdiv, int ydiv, char *nice,
Reported by FlawFinder.
drivers/infiniband/sw/rxe/rxe_mw.c
11 issues
Line: 82
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
/* o10-36.2.2 */
if (unlikely((mw->access & IB_ZERO_BASED))) {
pr_err_once("attempt to bind a zero based type 1 MW\n");
return -EINVAL;
}
}
Reported by FlawFinder.
Line: 120
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (!mr)
return 0;
if (unlikely(mr->access & IB_ZERO_BASED)) {
pr_err_once("attempt to bind MW to zero based MR\n");
return -EINVAL;
}
/* C10-73 */
Reported by FlawFinder.
Line: 126
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
/* C10-73 */
if (unlikely(!(mr->access & IB_ACCESS_MW_BIND))) {
pr_err_once(
"attempt to bind an MW to an MR without bind access\n");
return -EINVAL;
}
Reported by FlawFinder.
Line: 133
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
/* C10-74 */
if (unlikely((mw->access &
(IB_ACCESS_REMOTE_WRITE | IB_ACCESS_REMOTE_ATOMIC)) &&
!(mr->access & IB_ACCESS_LOCAL_WRITE))) {
pr_err_once(
"attempt to bind an writeable MW to an MR without local write access\n");
return -EINVAL;
Reported by FlawFinder.
Line: 135
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* C10-74 */
if (unlikely((mw->access &
(IB_ACCESS_REMOTE_WRITE | IB_ACCESS_REMOTE_ATOMIC)) &&
!(mr->access & IB_ACCESS_LOCAL_WRITE))) {
pr_err_once(
"attempt to bind an writeable MW to an MR without local write access\n");
return -EINVAL;
}
Reported by FlawFinder.
Line: 142
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
/* C10-75 */
if (mw->access & IB_ZERO_BASED) {
if (unlikely(wqe->wr.wr.mw.length > mr->length)) {
pr_err_once(
"attempt to bind a ZB MW outside of the MR\n");
return -EINVAL;
}
Reported by FlawFinder.
Line: 171
Column: 29
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
new_rkey = (rkey & 0xffffff00) | (wqe->wr.wr.mw.rkey & 0x000000ff);
mw->ibmw.rkey = new_rkey;
mw->access = wqe->wr.wr.mw.access;
mw->state = RXE_MW_STATE_VALID;
mw->addr = wqe->wr.wr.mw.addr;
mw->length = wqe->wr.wr.mw.length;
if (mw->mr) {
Reported by FlawFinder.
Line: 315
Column: 53
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return ret;
}
struct rxe_mw *rxe_lookup_mw(struct rxe_qp *qp, int access, u32 rkey)
{
struct rxe_dev *rxe = to_rdev(qp->ibqp.device);
struct rxe_pd *pd = to_rpd(qp->ibqp.pd);
struct rxe_mw *mw;
int index = rkey >> 8;
Reported by FlawFinder.
Line: 329
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (unlikely((rxe_mw_rkey(mw) != rkey) || rxe_mw_pd(mw) != pd ||
(mw->ibmw.type == IB_MW_TYPE_2 && mw->qp != qp) ||
(mw->length == 0) ||
(access && !(access & mw->access)) ||
mw->state != RXE_MW_STATE_VALID)) {
rxe_drop_ref(mw);
return NULL;
}
Reported by FlawFinder.
Line: 329
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (unlikely((rxe_mw_rkey(mw) != rkey) || rxe_mw_pd(mw) != pd ||
(mw->ibmw.type == IB_MW_TYPE_2 && mw->qp != qp) ||
(mw->length == 0) ||
(access && !(access & mw->access)) ||
mw->state != RXE_MW_STATE_VALID)) {
rxe_drop_ref(mw);
return NULL;
}
Reported by FlawFinder.
drivers/hwmon/emc2103.c
11 issues
Line: 181
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct emc2103_data *data = emc2103_update_device(dev);
int millidegrees = data->temp[nr].degrees * 1000
+ data->temp[nr].fraction * 125;
return sprintf(buf, "%d\n", millidegrees);
}
static ssize_t
temp_min_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
Line: 190
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
int millidegrees = data->temp_min[nr] * 1000;
return sprintf(buf, "%d\n", millidegrees);
}
static ssize_t
temp_max_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
Line: 199
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
int millidegrees = data->temp_max[nr] * 1000;
return sprintf(buf, "%d\n", millidegrees);
}
static ssize_t
temp_fault_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
Line: 208
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
bool fault = (data->temp[nr].degrees == -128);
return sprintf(buf, "%d\n", fault ? 1 : 0);
}
static ssize_t
temp_min_alarm_show(struct device *dev, struct device_attribute *da,
char *buf)
Reported by FlawFinder.
Line: 218
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
bool alarm = data->temp_min_alarm & (1 << nr);
return sprintf(buf, "%d\n", alarm ? 1 : 0);
}
static ssize_t
temp_max_alarm_show(struct device *dev, struct device_attribute *da,
char *buf)
Reported by FlawFinder.
Line: 228
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = to_sensor_dev_attr(da)->index;
struct emc2103_data *data = emc2103_update_device(dev);
bool alarm = data->temp_max_alarm & (1 << nr);
return sprintf(buf, "%d\n", alarm ? 1 : 0);
}
static ssize_t temp_min_store(struct device *dev, struct device_attribute *da,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 282
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int rpm = 0;
if (data->fan_tach != 0)
rpm = (FAN_RPM_FACTOR * data->fan_multiplier) / data->fan_tach;
return sprintf(buf, "%d\n", rpm);
}
static ssize_t
fan1_div_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
Line: 290
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct emc2103_data *data = emc2103_update_device(dev);
int fan_div = 8 / data->fan_multiplier;
return sprintf(buf, "%d\n", fan_div);
}
/*
* Note: we also update the fan target here, because its value is
* determined in part by the fan clock divider. This follows the principle
Reported by FlawFinder.
Line: 371
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rpm = (FAN_RPM_FACTOR * data->fan_multiplier)
/ data->fan_target;
return sprintf(buf, "%d\n", rpm);
}
static ssize_t fan1_target_store(struct device *dev,
struct device_attribute *da, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 409
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct emc2103_data *data = emc2103_update_device(dev);
bool fault = ((data->fan_tach & 0x1fe0) == 0x1fe0);
return sprintf(buf, "%d\n", fault ? 1 : 0);
}
static ssize_t
pwm1_enable_show(struct device *dev, struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
drivers/hwmon/sht3x.c
11 issues
Line: 103
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct sht3x_limit_commands {
const char read_command[SHT3X_CMD_LENGTH];
const char write_command[SHT3X_CMD_LENGTH];
};
static const struct sht3x_limit_commands limit_commands[] = {
/* temp1_max, humidity1_max */
Reported by FlawFinder.
Line: 104
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sht3x_limit_commands {
const char read_command[SHT3X_CMD_LENGTH];
const char write_command[SHT3X_CMD_LENGTH];
};
static const struct sht3x_limit_commands limit_commands[] = {
/* temp1_max, humidity1_max */
[limit_max] = { {0xe1, 0x1f}, {0x61, 0x1d} },
Reported by FlawFinder.
Line: 225
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2c_client *client = data->client;
u16 interval_ms = mode_to_update_interval[data->mode];
unsigned long interval_jiffies = msecs_to_jiffies(interval_ms);
unsigned char buf[SHT3X_RESPONSE_LENGTH];
u16 val;
int ret = 0;
mutex_lock(&data->data_lock);
/*
Reported by FlawFinder.
Line: 268
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", data->temperature);
}
static ssize_t humidity1_input_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 279
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%u\n", data->humidity);
}
/*
* limits_update must only be called from probe or with data_lock held
*/
Reported by FlawFinder.
Line: 292
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int temperature;
u32 humidity;
u16 raw;
char buffer[SHT3X_RESPONSE_LENGTH];
const struct sht3x_limit_commands *commands;
struct i2c_client *client = data->client;
for (index = 0; index < SHT3X_NUM_LIMIT_CMD; index++) {
commands = &limit_commands[index];
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int temperature,
u32 humidity)
{
char buffer[SHT3X_CMD_LENGTH + SHT3X_WORD_LEN + SHT3X_CRC8_LEN];
char *position = buffer;
int ret;
u16 raw;
struct sht3x_data *data = dev_get_drvdata(dev);
struct i2c_client *client = data->client;
Reported by FlawFinder.
Line: 356
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
commands = &limit_commands[index];
memcpy(position, commands->write_command, SHT3X_CMD_LENGTH);
position += SHT3X_CMD_LENGTH;
/*
* ST = (T + 45) / 175 * 2^16
* SRH = RH / 100 * 2^16
* adapted for fixed point arithmetic and packed the same as
Reported by FlawFinder.
Line: 478
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_attribute *attr,
char *buf)
{
char buffer[SHT3X_WORD_LEN + SHT3X_CRC8_LEN];
int ret;
ret = status_register_read(dev, attr, buffer,
SHT3X_WORD_LEN + SHT3X_CRC8_LEN);
if (ret)
Reported by FlawFinder.
Line: 493
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_attribute *attr,
char *buf)
{
char buffer[SHT3X_WORD_LEN + SHT3X_CRC8_LEN];
int ret;
ret = status_register_read(dev, attr, buffer,
SHT3X_WORD_LEN + SHT3X_CRC8_LEN);
if (ret)
Reported by FlawFinder.
drivers/hwmon/abituguru3.c
11 issues
Line: 901
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute_2 *attr = to_sensor_dev_attr_2(devattr);
struct abituguru3_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", data->sensors[attr->index].name);
}
static ssize_t show_name(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 907
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_name(struct device *dev,
struct device_attribute *devattr, char *buf)
{
return sprintf(buf, "%s\n", ABIT_UGURU3_NAME);
}
/* Sysfs attr templates, the real entries are generated automatically. */
static const
struct sensor_device_attribute_2 abituguru3_sysfs_templ[3][10] = { {
Reported by FlawFinder.
Line: 1015
Column: 11
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
type = data->sensors[i].type;
for (j = 0; j < no_sysfs_attr[type]; j++) {
used = snprintf(sysfs_filename, sysfs_names_free,
abituguru3_sysfs_templ[type][j].dev_attr.attr.
name, sensor_index[type]) + 1;
data->sysfs_attr[sysfs_attr_i] =
abituguru3_sysfs_templ[type][j];
data->sysfs_attr[sysfs_attr_i].dev_attr.attr.name =
Reported by FlawFinder.
Line: 134
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct abituguru3_motherboard_info {
u16 id;
const char *dmi_name[ABIT_UGURU3_MAX_DMI_NAMES + 1];
/* + 1 -> end of sensors indicated by a sensor with name == NULL */
struct abituguru3_sensor_info sensors[ABIT_UGURU3_MAX_NO_SENSORS + 1];
};
/*
Reported by FlawFinder.
Line: 159
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 10];
/* Buffer to store the dynamically generated sysfs names */
char sysfs_names[ABIT_UGURU3_SYSFS_NAMES_LENGTH];
/* Pointer to the sensors info for the detected motherboard */
const struct abituguru3_sensor_info *sensors;
/*
Reported by FlawFinder.
Line: 855
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (sensor->type == ABIT_UGURU3_TEMP_SENSOR)
value *= 1000;
return sprintf(buf, "%d\n", value);
}
static ssize_t show_alarm(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 878
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
if ((data->alarms[port / 8] & (0x01 << (port % 8))) &&
(!attr->nr || (data->settings[port][0] & attr->nr)))
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t show_mask(struct device *dev,
Reported by FlawFinder.
Line: 880
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(!attr->nr || (data->settings[port][0] & attr->nr)))
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t show_mask(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 890
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct abituguru3_data *data = dev_get_drvdata(dev);
if (data->settings[data->sensors[attr->index].port][0] & attr->nr)
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t show_label(struct device *dev,
Reported by FlawFinder.
Line: 892
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (data->settings[data->sensors[attr->index].port][0] & attr->nr)
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t show_label(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
drivers/iommu/intel/cap_audit.c
11 issues
Line: 122
Column: 68
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
CHECK_FEATURE_MISMATCH_HOTPLUG(iommu, ecap, coherent, ECAP_C_MASK);
/* Abort hot plug if the hot plug iommu feature is smaller than global */
MINIMAL_FEATURE_HOTPLUG(iommu, cap, max_amask_val, CAP_MAMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
Reported by FlawFinder.
Line: 123
Column: 68
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/* Abort hot plug if the hot plug iommu feature is smaller than global */
MINIMAL_FEATURE_HOTPLUG(iommu, cap, max_amask_val, CAP_MAMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
Reported by FlawFinder.
Line: 124
Column: 70
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/* Abort hot plug if the hot plug iommu feature is smaller than global */
MINIMAL_FEATURE_HOTPLUG(iommu, cap, max_amask_val, CAP_MAMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
Reported by FlawFinder.
Line: 125
Column: 70
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, max_amask_val, CAP_MAMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
Reported by FlawFinder.
Line: 126
Column: 59
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, num_fault_regs, CAP_NFR_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
Reported by FlawFinder.
Line: 127
Column: 61
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, super_page_val, CAP_SLLPS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
Reported by FlawFinder.
Line: 128
Column: 61
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, fault_reg_offset, CAP_FRO_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
out:
Reported by FlawFinder.
Line: 129
Column: 59
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, mgaw, CAP_MGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
out:
if (mismatch) {
Reported by FlawFinder.
Line: 130
Column: 72
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, sagaw, CAP_SAGAW_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
out:
if (mismatch) {
intel_iommu_cap_sanity = old_cap;
Reported by FlawFinder.
Line: 131
Column: 68
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MINIMAL_FEATURE_HOTPLUG(iommu, cap, ndoms, CAP_NDOMS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, pss, ECAP_PSS_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, max_handle_mask, ECAP_MHMV_MASK, mismatch);
MINIMAL_FEATURE_HOTPLUG(iommu, ecap, iotlb_offset, ECAP_IRO_MASK, mismatch);
out:
if (mismatch) {
intel_iommu_cap_sanity = old_cap;
intel_iommu_ecap_sanity = old_ecap;
Reported by FlawFinder.
drivers/i2c/i2c-core-smbus.c
11 issues
Line: 235
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (status)
return status;
memcpy(values, &data.block[1], data.block[0]);
return data.block[0];
}
EXPORT_SYMBOL(i2c_smbus_read_block_data);
/**
Reported by FlawFinder.
Line: 258
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (length > I2C_SMBUS_BLOCK_MAX)
length = I2C_SMBUS_BLOCK_MAX;
data.block[0] = length;
memcpy(&data.block[1], values, length);
return i2c_smbus_xfer(client->adapter, client->addr, client->flags,
I2C_SMBUS_WRITE, command,
I2C_SMBUS_BLOCK_DATA, &data);
}
EXPORT_SYMBOL(i2c_smbus_write_block_data);
Reported by FlawFinder.
Line: 281
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (status < 0)
return status;
memcpy(values, &data.block[1], data.block[0]);
return data.block[0];
}
EXPORT_SYMBOL(i2c_smbus_read_i2c_block_data);
s32 i2c_smbus_write_i2c_block_data(const struct i2c_client *client, u8 command,
Reported by FlawFinder.
Line: 294
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (length > I2C_SMBUS_BLOCK_MAX)
length = I2C_SMBUS_BLOCK_MAX;
data.block[0] = length;
memcpy(data.block + 1, values, length);
return i2c_smbus_xfer(client->adapter, client->addr, client->flags,
I2C_SMBUS_WRITE, command,
I2C_SMBUS_I2C_BLOCK_DATA, &data);
}
EXPORT_SYMBOL(i2c_smbus_write_i2c_block_data);
Reported by FlawFinder.
Line: 332
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* initialize most things with sane defaults, to keep the code below
* somewhat simpler.
*/
unsigned char msgbuf0[I2C_SMBUS_BLOCK_MAX+3];
unsigned char msgbuf1[I2C_SMBUS_BLOCK_MAX+2];
int nmsgs = read_write == I2C_SMBUS_READ ? 2 : 1;
u8 partial_pec = 0;
int status;
struct i2c_msg msg[2] = {
Reported by FlawFinder.
Line: 333
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* somewhat simpler.
*/
unsigned char msgbuf0[I2C_SMBUS_BLOCK_MAX+3];
unsigned char msgbuf1[I2C_SMBUS_BLOCK_MAX+2];
int nmsgs = read_write == I2C_SMBUS_READ ? 2 : 1;
u8 partial_pec = 0;
int status;
struct i2c_msg msg[2] = {
{
Reported by FlawFinder.
Line: 410
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
i2c_smbus_try_get_dmabuf(&msg[0], command);
memcpy(msg[0].buf + 1, data->block, msg[0].len - 1);
}
break;
case I2C_SMBUS_BLOCK_PROC_CALL:
nmsgs = 2; /* Another special case */
read_write = I2C_SMBUS_READ;
Reported by FlawFinder.
Line: 425
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg[0].len = data->block[0] + 2;
i2c_smbus_try_get_dmabuf(&msg[0], command);
memcpy(msg[0].buf + 1, data->block, msg[0].len - 1);
msg[1].flags |= I2C_M_RECV_LEN;
msg[1].len = 1; /* block length will be added by
the underlying bus driver */
i2c_smbus_try_get_dmabuf(&msg[1], 0);
Reported by FlawFinder.
Line: 447
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg[0].len = data->block[0] + 1;
i2c_smbus_try_get_dmabuf(&msg[0], command);
memcpy(msg[0].buf + 1, data->block + 1, data->block[0]);
}
break;
default:
dev_err(&adapter->dev, "Unsupported transaction %d\n", size);
return -EOPNOTSUPP;
Reported by FlawFinder.
Line: 497
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data->word = msgbuf1[0] | (msgbuf1[1] << 8);
break;
case I2C_SMBUS_I2C_BLOCK_DATA:
memcpy(data->block + 1, msg[1].buf, data->block[0]);
break;
case I2C_SMBUS_BLOCK_DATA:
case I2C_SMBUS_BLOCK_PROC_CALL:
if (msg[1].buf[0] > I2C_SMBUS_BLOCK_MAX) {
dev_err(&adapter->dev,
Reported by FlawFinder.
drivers/gpu/drm/i915/gvt/handlers.c
11 issues
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void read_vreg(struct intel_vgpu *vgpu, unsigned int offset,
void *p_data, unsigned int bytes)
{
memcpy(p_data, &vgpu_vreg(vgpu, offset), bytes);
}
static void write_vreg(struct intel_vgpu *vgpu, unsigned int offset,
void *p_data, unsigned int bytes)
{
Reported by FlawFinder.
Line: 84
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void write_vreg(struct intel_vgpu *vgpu, unsigned int offset,
void *p_data, unsigned int bytes)
{
memcpy(&vgpu_vreg(vgpu, offset), p_data, bytes);
}
struct intel_gvt_mmio_info *intel_gvt_find_mmio_info(struct intel_gvt *gvt,
unsigned int offset)
{
Reported by FlawFinder.
Line: 1498
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int send_display_ready_uevent(struct intel_vgpu *vgpu, int ready)
{
struct kobject *kobj = &vgpu->gvt->gt->i915->drm.primary->kdev->kobj;
char *env[3] = {NULL, NULL, NULL};
char vmid_str[20];
char display_ready_str[20];
snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d", ready);
env[0] = display_ready_str;
Reported by FlawFinder.
Line: 1499
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct kobject *kobj = &vgpu->gvt->gt->i915->drm.primary->kdev->kobj;
char *env[3] = {NULL, NULL, NULL};
char vmid_str[20];
char display_ready_str[20];
snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d", ready);
env[0] = display_ready_str;
Reported by FlawFinder.
Line: 1500
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kobject *kobj = &vgpu->gvt->gt->i915->drm.primary->kdev->kobj;
char *env[3] = {NULL, NULL, NULL};
char vmid_str[20];
char display_ready_str[20];
snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d", ready);
env[0] = display_ready_str;
snprintf(vmid_str, 20, "VMID=%d", vgpu->id);
Reported by FlawFinder.
Line: 3919
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
} else {
/* keep the RO bits in the virtual register */
memcpy(&data, pdata, bytes);
data &= ~ro_mask;
data |= vgpu_vreg(vgpu, offset) & ro_mask;
ret = mmio_info->write(vgpu, offset, &data, bytes);
}
Reported by FlawFinder.
Line: 102
Column: 17
CWE codes:
120
20
static int new_mmio_info(struct intel_gvt *gvt,
u32 offset, u16 flags, u32 size,
u32 addr_mask, u32 ro_mask, u32 device,
gvt_mmio_func read, gvt_mmio_func write)
{
struct intel_gvt_mmio_info *info, *p;
u32 start, end, i;
if (!intel_gvt_match_device(gvt, device))
Reported by FlawFinder.
Line: 137
Column: 16
CWE codes:
120
20
info->ro_mask = ro_mask;
info->device = device;
info->read = read ? read : intel_vgpu_default_mmio_read;
info->write = write ? write : intel_vgpu_default_mmio_write;
gvt->mmio.mmio_attribute[info->offset / 4] = flags;
INIT_HLIST_NODE(&info->node);
hash_add(gvt->mmio.mmio_info_table, &info->node, info->offset);
gvt->mmio.num_tracked_mmio++;
Reported by FlawFinder.
Line: 137
Column: 23
CWE codes:
120
20
info->ro_mask = ro_mask;
info->device = device;
info->read = read ? read : intel_vgpu_default_mmio_read;
info->write = write ? write : intel_vgpu_default_mmio_write;
gvt->mmio.mmio_attribute[info->offset / 4] = flags;
INIT_HLIST_NODE(&info->node);
hash_add(gvt->mmio.mmio_info_table, &info->node, info->offset);
gvt->mmio.num_tracked_mmio++;
Reported by FlawFinder.
Line: 3886
Column: 32
CWE codes:
120
20
*/
mmio_block = find_mmio_block(gvt, offset);
if (mmio_block) {
func = is_read ? mmio_block->read : mmio_block->write;
if (func)
return func(vgpu, offset, pdata, bytes);
goto default_rw;
}
Reported by FlawFinder.
drivers/i2c/busses/i2c-rcar.c
11 issues
Line: 359
Column: 32
CWE codes:
120
20
}
if (!priv->atomic_xfer)
rcar_i2c_write(priv, ICMIER, read ? RCAR_IRQ_RECV : RCAR_IRQ_SEND);
}
static void rcar_i2c_next_msg(struct rcar_i2c_priv *priv)
{
priv->msg++;
Reported by FlawFinder.
Line: 415
Column: 32
CWE codes:
120
20
struct device *dev = rcar_i2c_priv_to_dev(priv);
struct i2c_msg *msg = priv->msg;
bool read = msg->flags & I2C_M_RD;
enum dma_data_direction dir = read ? DMA_FROM_DEVICE : DMA_TO_DEVICE;
struct dma_chan *chan = read ? priv->dma_rx : priv->dma_tx;
struct dma_async_tx_descriptor *txdesc;
dma_addr_t dma_addr;
dma_cookie_t cookie;
unsigned char *buf;
Reported by FlawFinder.
Line: 416
Column: 26
CWE codes:
120
20
struct i2c_msg *msg = priv->msg;
bool read = msg->flags & I2C_M_RD;
enum dma_data_direction dir = read ? DMA_FROM_DEVICE : DMA_TO_DEVICE;
struct dma_chan *chan = read ? priv->dma_rx : priv->dma_tx;
struct dma_async_tx_descriptor *txdesc;
dma_addr_t dma_addr;
dma_cookie_t cookie;
unsigned char *buf;
int len;
Reported by FlawFinder.
Line: 425
Column: 41
CWE codes:
120
20
/* Do various checks to see if DMA is feasible at all */
if (priv->atomic_xfer || IS_ERR(chan) || msg->len < RCAR_MIN_DMA_LEN ||
!(msg->flags & I2C_M_DMA_SAFE) || (read && priv->flags & ID_P_NO_RXDMA))
return false;
if (read) {
/*
* The last two bytes needs to be fetched using PIO in
Reported by FlawFinder.
Line: 428
Column: 6
CWE codes:
120
20
!(msg->flags & I2C_M_DMA_SAFE) || (read && priv->flags & ID_P_NO_RXDMA))
return false;
if (read) {
/*
* The last two bytes needs to be fetched using PIO in
* order for the STOP phase to work.
*/
buf = priv->msg->buf;
Reported by FlawFinder.
Line: 455
Column: 7
CWE codes:
120
20
priv->dma_direction = dir;
txdesc = dmaengine_prep_slave_sg(chan, &priv->sg, 1,
read ? DMA_DEV_TO_MEM : DMA_MEM_TO_DEV,
DMA_PREP_INTERRUPT | DMA_CTRL_ACK);
if (!txdesc) {
dev_dbg(dev, "dma prep slave sg failed, using PIO\n");
rcar_i2c_cleanup_dma(priv);
return false;
Reported by FlawFinder.
Line: 474
Column: 6
CWE codes:
120
20
}
/* Enable DMA Master Received/Transmitted */
if (read)
rcar_i2c_write(priv, ICDMAER, RMDMAE);
else
rcar_i2c_write(priv, ICDMAER, TMDMAE);
dma_async_issue_pending(chan);
Reported by FlawFinder.
Line: 760
Column: 7
CWE codes:
120
20
struct i2c_msg *msg)
{
struct device *dev = rcar_i2c_priv_to_dev(priv);
bool read;
struct dma_chan *chan;
enum dma_transfer_direction dir;
read = msg->flags & I2C_M_RD;
Reported by FlawFinder.
Line: 766
Column: 9
CWE codes:
120
20
read = msg->flags & I2C_M_RD;
chan = read ? priv->dma_rx : priv->dma_tx;
if (PTR_ERR(chan) != -EPROBE_DEFER)
return;
dir = read ? DMA_DEV_TO_MEM : DMA_MEM_TO_DEV;
chan = rcar_i2c_request_dma_chan(dev, dir, priv->res->start + ICRXTX);
Reported by FlawFinder.
Line: 770
Column: 8
CWE codes:
120
20
if (PTR_ERR(chan) != -EPROBE_DEFER)
return;
dir = read ? DMA_DEV_TO_MEM : DMA_MEM_TO_DEV;
chan = rcar_i2c_request_dma_chan(dev, dir, priv->res->start + ICRXTX);
if (read)
priv->dma_rx = chan;
else
Reported by FlawFinder.
drivers/isdn/hardware/mISDN/hfcmulti.c
11 issues
Line: 367
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
i = -1;
while (hfc_register_names[++i].name) {
if (hfc_register_names[i].reg == reg)
strcat(regname, hfc_register_names[i].name);
}
if (regname[0] == '\0')
strcpy(regname, "register");
bits[7] = '0' + (!!(val & 1));
Reported by FlawFinder.
Line: 397
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
;
while (hfc_register_names[++i].name) {
if (hfc_register_names[i].reg == reg)
strcat(regname, hfc_register_names[i].name);
}
if (regname[0] == '\0')
strcpy(regname, "register");
bits[7] = '0' + (!!(val & 1));
Reported by FlawFinder.
Line: 427
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
;
while (hfc_register_names[++i].name) {
if (hfc_register_names[i].reg == reg)
strcat(regname, hfc_register_names[i].name);
}
if (regname[0] == '\0')
strcpy(regname, "register");
printk(KERN_DEBUG
Reported by FlawFinder.
Line: 361
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
HFC_outb_debug(struct hfc_multi *hc, u_char reg, u_char val,
const char *function, int line)
{
char regname[256] = "", bits[9] = "xxxxxxxx";
int i;
i = -1;
while (hfc_register_names[++i].name) {
if (hfc_register_names[i].reg == reg)
Reported by FlawFinder.
Line: 370
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcat(regname, hfc_register_names[i].name);
}
if (regname[0] == '\0')
strcpy(regname, "register");
bits[7] = '0' + (!!(val & 1));
bits[6] = '0' + (!!(val & 2));
bits[5] = '0' + (!!(val & 4));
bits[4] = '0' + (!!(val & 8));
Reported by FlawFinder.
Line: 388
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static u_char
HFC_inb_debug(struct hfc_multi *hc, u_char reg, const char *function, int line)
{
char regname[256] = "", bits[9] = "xxxxxxxx";
u_char val = HFC_inb_nodebug(hc, reg);
int i;
i = 0;
while (hfc_register_names[i++].name)
Reported by FlawFinder.
Line: 400
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcat(regname, hfc_register_names[i].name);
}
if (regname[0] == '\0')
strcpy(regname, "register");
bits[7] = '0' + (!!(val & 1));
bits[6] = '0' + (!!(val & 2));
bits[5] = '0' + (!!(val & 4));
bits[4] = '0' + (!!(val & 8));
Reported by FlawFinder.
Line: 418
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static u_short
HFC_inw_debug(struct hfc_multi *hc, u_char reg, const char *function, int line)
{
char regname[256] = "";
u_short val = HFC_inw_nodebug(hc, reg);
int i;
i = 0;
while (hfc_register_names[i++].name)
Reported by FlawFinder.
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcat(regname, hfc_register_names[i].name);
}
if (regname[0] == '\0')
strcpy(regname, "register");
printk(KERN_DEBUG
"HFC_inw(chip %d, %02x=%s) = 0x%04x; in %s() line %d\n",
hc->id, reg, regname, val, function, line);
return val;
Reported by FlawFinder.
Line: 4799
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dchannel *dch;
struct bchannel *bch;
int ch, ret = 0;
char name[MISDN_MAX_IDLEN];
int bcount = 0;
dch = kzalloc(sizeof(struct dchannel), GFP_KERNEL);
if (!dch)
return -ENOMEM;
Reported by FlawFinder.