The following issues were found
drivers/platform/x86/compal-laptop.c
10 issues
Line: 479
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t label_##POSTFIX(struct device *dev, \
struct device_attribute *attr, char *buf) \
{ \
return sprintf(buf, "%s\n", LABEL); \
}
/* Labels as in service guide */
TEMPERATURE_SHOW_TEMP_AND_LABEL(cpu, TEMP_CPU, "CPU_TEMP");
TEMPERATURE_SHOW_TEMP_AND_LABEL(cpu_local, TEMP_CPU_LOCAL, "CPU_TEMP_LOCAL");
Reported by FlawFinder.
Line: 171
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Power supply */
struct power_supply *psy;
struct power_supply_info psy_info;
char bat_model_name[BAT_MODEL_NAME_LEN + 1];
char bat_manufacturer_name[BAT_MANUFACTURER_NAME_LEN + 1];
char bat_serial_number[BAT_SERIAL_NUMBER_LEN + 1];
};
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct power_supply *psy;
struct power_supply_info psy_info;
char bat_model_name[BAT_MODEL_NAME_LEN + 1];
char bat_manufacturer_name[BAT_MANUFACTURER_NAME_LEN + 1];
char bat_serial_number[BAT_SERIAL_NUMBER_LEN + 1];
};
/* =============== */
Reported by FlawFinder.
Line: 173
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct power_supply_info psy_info;
char bat_model_name[BAT_MODEL_NAME_LEN + 1];
char bat_manufacturer_name[BAT_MANUFACTURER_NAME_LEN + 1];
char bat_serial_number[BAT_SERIAL_NUMBER_LEN + 1];
};
/* =============== */
/* General globals */
Reported by FlawFinder.
Line: 200
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* though, because physically stopping or speeding up the fan doesn't
* change it. It might be the average voltage or current of the pwm output.
* Nevertheless, it is more fine-grained than the actual RPM reading */
static const unsigned char pwm_lookup_table[256] = {
0, 0, 0, 1, 1, 1, 2, 253, 254, 3, 3, 3, 4, 4, 4, 5, 5, 5, 6, 6, 6,
7, 7, 7, 8, 86, 86, 9, 9, 9, 10, 10, 10, 11, 92, 92, 12, 12, 95,
13, 66, 66, 14, 14, 98, 15, 15, 15, 16, 16, 67, 17, 17, 72, 18, 70,
75, 19, 90, 90, 73, 73, 73, 21, 21, 91, 91, 91, 96, 23, 94, 94, 94,
94, 94, 94, 94, 94, 94, 94, 141, 141, 238, 223, 192, 139, 139, 139,
Reported by FlawFinder.
Line: 373
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t NAME##_show(struct device *dev, \
struct device_attribute *attr, char *buf) \
{ \
return sprintf(buf, "%d\n", ((ec_read_u8(ADDR) & MASK) != 0)); \
} \
static ssize_t NAME##_store(struct device *dev, \
struct device_attribute *attr, const char *buf, size_t count) \
{ \
int state; \
Reported by FlawFinder.
Line: 398
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct compal_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", data->pwm_enable);
}
static ssize_t pwm_enable_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 437
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
struct compal_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%hhu\n", data->curr_pwm);
}
static ssize_t pwm_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 465
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t fan_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%d\n", get_fan_rpm());
}
/* Temperature interface */
#define TEMPERATURE_SHOW_TEMP_AND_LABEL(POSTFIX, ADDRESS, LABEL) \
Reported by FlawFinder.
Line: 474
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t temp_##POSTFIX(struct device *dev, \
struct device_attribute *attr, char *buf) \
{ \
return sprintf(buf, "%d\n", 1000 * (int)ec_read_s8(ADDRESS)); \
} \
static ssize_t label_##POSTFIX(struct device *dev, \
struct device_attribute *attr, char *buf) \
{ \
return sprintf(buf, "%s\n", LABEL); \
Reported by FlawFinder.
drivers/scsi/fcoe/fcoe_sysfs.c
10 issues
Line: 144
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct fcoe_ctlr_device *ctlr = dev_to_ctlr(dev); \
if (ctlr->f->get_fcoe_ctlr_##field) \
ctlr->f->get_fcoe_ctlr_##field(ctlr); \
return snprintf(buf, sz, format_string, \
cast fcoe_ctlr_##field(ctlr)); \
}
#define fcoe_fcf_show_function(field, format_string, sz, cast) \
static ssize_t show_fcoe_fcf_device_##field(struct device *dev, \
Reported by FlawFinder.
Line: 157
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct fcoe_ctlr_device *ctlr = fcoe_fcf_dev_to_ctlr_dev(fcf); \
if (ctlr->f->get_fcoe_fcf_##field) \
ctlr->f->get_fcoe_fcf_##field(fcf); \
return snprintf(buf, sz, format_string, \
cast fcoe_fcf_##field(fcf)); \
}
#define fcoe_ctlr_private_show_function(field, format_string, sz, cast) \
static ssize_t show_fcoe_ctlr_device_##field(struct device *dev, \
Reported by FlawFinder.
Line: 167
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
char *buf) \
{ \
struct fcoe_ctlr_device *ctlr = dev_to_ctlr(dev); \
return snprintf(buf, sz, format_string, cast fcoe_ctlr_##field(ctlr)); \
}
#define fcoe_fcf_private_show_function(field, format_string, sz, cast) \
static ssize_t show_fcoe_fcf_device_##field(struct device *dev, \
struct device_attribute *attr, \
Reported by FlawFinder.
Line: 176
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
char *buf) \
{ \
struct fcoe_fcf_device *fcf = dev_to_fcf(dev); \
return snprintf(buf, sz, format_string, cast fcoe_fcf_##field(fcf)); \
}
#define fcoe_ctlr_private_rd_attr(field, format_string, sz) \
fcoe_ctlr_private_show_function(field, format_string, sz, ) \
static FCOE_DEVICE_ATTR(ctlr, field, S_IRUGO, \
Reported by FlawFinder.
Line: 277
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *buf, size_t count)
{
struct fcoe_ctlr_device *ctlr = dev_to_ctlr(dev);
char mode[FCOE_MAX_MODENAME_LEN + 1];
if (count > FCOE_MAX_MODENAME_LEN)
return -EINVAL;
strncpy(mode, buf, count);
Reported by FlawFinder.
Line: 415
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct fcoe_ctlr_device *ctlr = dev_to_ctlr(dev);
struct fcoe_ctlr *fip = fcoe_ctlr_device_priv(ctlr);
return sprintf(buf, "%d\n", fip->fip_resp ? 1 : 0);
}
static FCOE_DEVICE_ATTR(ctlr, fip_vlan_responder, S_IRUGO | S_IWUSR,
show_ctlr_fip_resp,
store_ctlr_fip_resp);
Reported by FlawFinder.
Line: 458
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct fcoe_ctlr_device *ctlr_dev = dev_to_ctlr(dev);
struct fcoe_ctlr *ctlr = fcoe_ctlr_device_priv(ctlr_dev);
return sprintf(buf, "%d\n", ctlr->lp->r_a_tov);
}
static FCOE_DEVICE_ATTR(ctlr, r_a_tov, S_IRUGO | S_IWUSR,
show_ctlr_r_a_tov, store_ctlr_r_a_tov);
Reported by FlawFinder.
Line: 485
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct fcoe_ctlr_device *ctlr_dev = dev_to_ctlr(dev);
struct fcoe_ctlr *ctlr = fcoe_ctlr_device_priv(ctlr_dev);
return sprintf(buf, "%d\n", ctlr->lp->e_d_tov);
}
static FCOE_DEVICE_ATTR(ctlr, e_d_tov, S_IRUGO | S_IWUSR,
show_ctlr_e_d_tov, store_ctlr_e_d_tov);
Reported by FlawFinder.
Line: 1033
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fcf->switch_name = new_fcf->switch_name;
fcf->fc_map = new_fcf->fc_map;
fcf->vfid = new_fcf->vfid;
memcpy(fcf->mac, new_fcf->mac, ETH_ALEN);
fcf->priority = new_fcf->priority;
fcf->fka_period = new_fcf->fka_period;
fcf->selected = new_fcf->selected;
error = device_register(&fcf->dev);
Reported by FlawFinder.
Line: 282
Column: 2
CWE codes:
120
if (count > FCOE_MAX_MODENAME_LEN)
return -EINVAL;
strncpy(mode, buf, count);
if (mode[count - 1] == '\n')
mode[count - 1] = '\0';
else
mode[count] = '\0';
Reported by FlawFinder.
drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
10 issues
Line: 45
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static uint max_vdma_size = MAX_H_COPY_RDMA;
static char system_id[SYS_ID_NAME_LEN] = "";
static char partition_name[PARTITION_NAMELEN] = "UNKNOWN";
static uint partition_number = -1;
/* Adapter list and lock to control it */
static DEFINE_SPINLOCK(ibmvscsis_dev_lock);
Reported by FlawFinder.
Line: 46
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static uint max_vdma_size = MAX_H_COPY_RDMA;
static char system_id[SYS_ID_NAME_LEN] = "";
static char partition_name[PARTITION_NAMELEN] = "UNKNOWN";
static uint partition_number = -1;
/* Adapter list and lock to control it */
static DEFINE_SPINLOCK(ibmvscsis_dev_lock);
static LIST_HEAD(ibmvscsis_dev_list);
Reported by FlawFinder.
Line: 3113
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpu_to_be32(se_cmd->scsi_sense_length);
rsp->flags |= SRP_RSP_FLAG_SNSVALID;
len += se_cmd->scsi_sense_length;
memcpy(data, se_cmd->sense_buffer,
se_cmd->scsi_sense_length);
}
rsp->sol_not = (cmd->rsp.sol_not & UCSOLNT) >>
UCSOLNT_RESP_SHIFT;
} else if (cmd->flags & CMD_FAST_FAIL) {
Reported by FlawFinder.
Line: 3431
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct scsi_info *vscsi;
int rc = 0;
long hrc = 0;
char wq_name[24];
vscsi = kzalloc(sizeof(*vscsi), GFP_KERNEL);
if (!vscsi) {
rc = -ENOMEM;
dev_err(&vdev->dev, "probe: allocation of adapter failed\n");
Reported by FlawFinder.
Line: 1554
Column: 2
CWE codes:
120
if (vscsi->client_data.partition_number == 0)
vscsi->client_data.partition_number =
be32_to_cpu(info->partition_number);
strncpy(vscsi->client_data.srp_version, info->srp_version,
sizeof(vscsi->client_data.srp_version));
strncpy(vscsi->client_data.partition_name, info->partition_name,
sizeof(vscsi->client_data.partition_name));
vscsi->client_data.mad_version = be32_to_cpu(info->mad_version);
vscsi->client_data.os_type = be32_to_cpu(info->os_type);
Reported by FlawFinder.
Line: 1556
Column: 2
CWE codes:
120
be32_to_cpu(info->partition_number);
strncpy(vscsi->client_data.srp_version, info->srp_version,
sizeof(vscsi->client_data.srp_version));
strncpy(vscsi->client_data.partition_name, info->partition_name,
sizeof(vscsi->client_data.partition_name));
vscsi->client_data.mad_version = be32_to_cpu(info->mad_version);
vscsi->client_data.os_type = be32_to_cpu(info->os_type);
/* Copy our info */
Reported by FlawFinder.
Line: 1562
Column: 2
CWE codes:
120
vscsi->client_data.os_type = be32_to_cpu(info->os_type);
/* Copy our info */
strncpy(info->srp_version, SRP_VERSION,
sizeof(info->srp_version));
strncpy(info->partition_name, vscsi->dds.partition_name,
sizeof(info->partition_name));
info->partition_number = cpu_to_be32(vscsi->dds.partition_num);
info->mad_version = cpu_to_be32(MAD_VERSION_1);
Reported by FlawFinder.
Line: 1564
Column: 2
CWE codes:
120
/* Copy our info */
strncpy(info->srp_version, SRP_VERSION,
sizeof(info->srp_version));
strncpy(info->partition_name, vscsi->dds.partition_name,
sizeof(info->partition_name));
info->partition_number = cpu_to_be32(vscsi->dds.partition_num);
info->mad_version = cpu_to_be32(MAD_VERSION_1);
info->os_type = cpu_to_be32(LINUX);
memset(&info->port_max_txu[0], 0, sizeof(info->port_max_txu));
Reported by FlawFinder.
Line: 1648
Column: 3
CWE codes:
120
be64_to_cpu(mad->buffer),
vscsi->dds.window[LOCAL].liobn, token);
if (rc == H_SUCCESS) {
strncpy(cap->name, dev_name(&vscsi->dma_dev->dev),
SRP_MAX_LOC_LEN);
len = olen - min_len;
status = VIOSRP_MAD_SUCCESS;
common = (struct mad_capability_common *)&cap->migration;
Reported by FlawFinder.
Line: 3656
Column: 3
CWE codes:
120
name = of_get_property(rootdn, "ibm,partition-name", NULL);
if (name)
strncpy(partition_name, name, sizeof(partition_name));
num = of_get_property(rootdn, "ibm,partition-no", NULL);
if (num)
partition_number = of_read_number(num, 1);
Reported by FlawFinder.
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192c.c
10 issues
Line: 356
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ether_addr_copy(priv->mac_addr, efuse->mac_addr);
memcpy(priv->cck_tx_power_index_A,
efuse->cck_tx_power_index_A,
sizeof(efuse->cck_tx_power_index_A));
memcpy(priv->cck_tx_power_index_B,
efuse->cck_tx_power_index_B,
sizeof(efuse->cck_tx_power_index_B));
Reported by FlawFinder.
Line: 359
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->cck_tx_power_index_A,
efuse->cck_tx_power_index_A,
sizeof(efuse->cck_tx_power_index_A));
memcpy(priv->cck_tx_power_index_B,
efuse->cck_tx_power_index_B,
sizeof(efuse->cck_tx_power_index_B));
memcpy(priv->ht40_1s_tx_power_index_A,
efuse->ht40_1s_tx_power_index_A,
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efuse->cck_tx_power_index_B,
sizeof(efuse->cck_tx_power_index_B));
memcpy(priv->ht40_1s_tx_power_index_A,
efuse->ht40_1s_tx_power_index_A,
sizeof(efuse->ht40_1s_tx_power_index_A));
memcpy(priv->ht40_1s_tx_power_index_B,
efuse->ht40_1s_tx_power_index_B,
sizeof(efuse->ht40_1s_tx_power_index_B));
Reported by FlawFinder.
Line: 366
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->ht40_1s_tx_power_index_A,
efuse->ht40_1s_tx_power_index_A,
sizeof(efuse->ht40_1s_tx_power_index_A));
memcpy(priv->ht40_1s_tx_power_index_B,
efuse->ht40_1s_tx_power_index_B,
sizeof(efuse->ht40_1s_tx_power_index_B));
memcpy(priv->ht40_2s_tx_power_index_diff,
efuse->ht40_2s_tx_power_index_diff,
sizeof(efuse->ht40_2s_tx_power_index_diff));
Reported by FlawFinder.
Line: 369
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->ht40_1s_tx_power_index_B,
efuse->ht40_1s_tx_power_index_B,
sizeof(efuse->ht40_1s_tx_power_index_B));
memcpy(priv->ht40_2s_tx_power_index_diff,
efuse->ht40_2s_tx_power_index_diff,
sizeof(efuse->ht40_2s_tx_power_index_diff));
memcpy(priv->ht20_tx_power_index_diff,
efuse->ht20_tx_power_index_diff,
Reported by FlawFinder.
Line: 373
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efuse->ht40_2s_tx_power_index_diff,
sizeof(efuse->ht40_2s_tx_power_index_diff));
memcpy(priv->ht20_tx_power_index_diff,
efuse->ht20_tx_power_index_diff,
sizeof(efuse->ht20_tx_power_index_diff));
memcpy(priv->ofdm_tx_power_index_diff,
efuse->ofdm_tx_power_index_diff,
sizeof(efuse->ofdm_tx_power_index_diff));
Reported by FlawFinder.
Line: 376
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->ht20_tx_power_index_diff,
efuse->ht20_tx_power_index_diff,
sizeof(efuse->ht20_tx_power_index_diff));
memcpy(priv->ofdm_tx_power_index_diff,
efuse->ofdm_tx_power_index_diff,
sizeof(efuse->ofdm_tx_power_index_diff));
memcpy(priv->ht40_max_power_offset,
efuse->ht40_max_power_offset,
Reported by FlawFinder.
Line: 380
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efuse->ofdm_tx_power_index_diff,
sizeof(efuse->ofdm_tx_power_index_diff));
memcpy(priv->ht40_max_power_offset,
efuse->ht40_max_power_offset,
sizeof(efuse->ht40_max_power_offset));
memcpy(priv->ht20_max_power_offset,
efuse->ht20_max_power_offset,
sizeof(efuse->ht20_max_power_offset));
Reported by FlawFinder.
Line: 383
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->ht40_max_power_offset,
efuse->ht40_max_power_offset,
sizeof(efuse->ht40_max_power_offset));
memcpy(priv->ht20_max_power_offset,
efuse->ht20_max_power_offset,
sizeof(efuse->ht20_max_power_offset));
dev_info(&priv->udev->dev, "Vendor: %.7s\n",
efuse->vendor_name);
Reported by FlawFinder.
Line: 395
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
priv->power_base = &rtl8192c_power_base;
if (efuse->rf_regulatory & 0x20) {
sprintf(priv->chip_name, "8188RU");
priv->rtl_chip = RTL8188R;
priv->hi_pa = 1;
priv->no_pape = 1;
priv->power_base = &rtl8188r_power_base;
}
Reported by FlawFinder.
drivers/s390/char/sclp_cpi_sys.c
10 issues
Line: 385
Column: 35
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
static struct kset *cpi_kset;
int sclp_cpi_set_data(const char *system, const char *sysplex, const char *type,
const u64 level)
{
int rc;
rc = check_string("system_name", system);
Reported by FlawFinder.
Line: 390
Column: 35
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
int rc;
rc = check_string("system_name", system);
if (rc)
return rc;
rc = check_string("sysplex_name", sysplex);
if (rc)
return rc;
Reported by FlawFinder.
Line: 401
Column: 26
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return rc;
mutex_lock(&sclp_cpi_mutex);
set_string(system_name, system);
set_string(sysplex_name, sysplex);
set_string(system_type, type);
system_level = level;
rc = cpi_req();
Reported by FlawFinder.
Line: 60
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.send_mask = EVTYP_CTLPROGIDENT_MASK,
};
static char system_name[CPI_LENGTH_NAME + 1];
static char sysplex_name[CPI_LENGTH_NAME + 1];
static char system_type[CPI_LENGTH_NAME + 1];
static u64 system_level;
static void set_data(char *field, char *data)
Reported by FlawFinder.
Line: 61
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static char system_name[CPI_LENGTH_NAME + 1];
static char sysplex_name[CPI_LENGTH_NAME + 1];
static char system_type[CPI_LENGTH_NAME + 1];
static u64 system_level;
static void set_data(char *field, char *data)
{
Reported by FlawFinder.
Line: 62
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char system_name[CPI_LENGTH_NAME + 1];
static char sysplex_name[CPI_LENGTH_NAME + 1];
static char system_type[CPI_LENGTH_NAME + 1];
static u64 system_level;
static void set_data(char *field, char *data)
{
memset(field, ' ', CPI_LENGTH_NAME);
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void set_data(char *field, char *data)
{
memset(field, ' ', CPI_LENGTH_NAME);
memcpy(field, data, strlen(data));
sclp_ascebc_str(field, CPI_LENGTH_NAME);
}
static void cpi_callback(struct sclp_req *req, void *data)
{
Reported by FlawFinder.
Line: 68
Column: 22
CWE codes:
126
static void set_data(char *field, char *data)
{
memset(field, ' ', CPI_LENGTH_NAME);
memcpy(field, data, strlen(data));
sclp_ascebc_str(field, CPI_LENGTH_NAME);
}
static void cpi_callback(struct sclp_req *req, void *data)
{
Reported by FlawFinder.
Line: 184
Column: 8
CWE codes:
126
size_t len;
size_t i;
len = strlen(str);
if ((len > 0) && (str[len - 1] == '\n'))
len--;
if (len > CPI_LENGTH_NAME)
Reported by FlawFinder.
Line: 207
Column: 8
CWE codes:
126
size_t len;
size_t i;
len = strlen(value);
if ((len > 0) && (value[len - 1] == '\n'))
len--;
for (i = 0; i < CPI_LENGTH_NAME; i++) {
Reported by FlawFinder.
drivers/s390/net/qeth_core.h
10 issues
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct qeth_dbf_info {
char name[DEBUG_MAX_NAME_LEN];
int pages;
int areas;
int len;
int level;
struct debug_view *view;
Reported by FlawFinder.
Line: 286
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define QETH_QIB_PQUE_PRIO_DEFAULT 4
struct qeth_qib_parms {
char pcit_magic[4];
u32 pcit_a;
u32 pcit_b;
u32 pcit_c;
char blkt_magic[4];
u32 blkt_total;
Reported by FlawFinder.
Line: 290
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 pcit_a;
u32 pcit_b;
u32 pcit_c;
char blkt_magic[4];
u32 blkt_total;
u32 blkt_inter_packet;
u32 blkt_inter_packet_jumbo;
char pque_magic[4];
u8 pque_order;
Reported by FlawFinder.
Line: 294
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 blkt_total;
u32 blkt_inter_packet;
u32 blkt_inter_packet_jumbo;
char pque_magic[4];
u8 pque_order;
u8 pque_units;
u16 reserved;
u32 pque_priority[4];
};
Reported by FlawFinder.
Line: 723
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short unit_addr2;
unsigned short cula;
__u16 func_level;
char mcl_level[QETH_MCL_LENGTH + 1];
/* doubleword below corresponds to net_if_token */
u16 ddev_devno;
u8 cssid;
u8 iid;
u8 ssid;
Reported by FlawFinder.
Line: 769
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum qeth_ipa_isolation_modes isolation;
int sniffer;
enum qeth_cq cq;
char hsuid[9];
};
#define IS_LAYER2(card) ((card)->options.layer == QETH_DISCIPLINE_LAYER2)
#define IS_LAYER3(card) ((card)->options.layer == QETH_DISCIPLINE_LAYER3)
Reported by FlawFinder.
Line: 908
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qeth_trap_id {
__u16 lparnr;
char vmname[8];
__u8 chpid;
__u8 ssid;
__u16 devno;
} __packed;
Reported by FlawFinder.
Line: 117
Column: 31
CWE codes:
120
20
/*
* Common IO related definitions
*/
#define CARD_RDEV(card) card->read.ccwdev
#define CARD_WDEV(card) card->write.ccwdev
#define CARD_DDEV(card) card->data.ccwdev
#define CARD_BUS_ID(card) dev_name(&card->gdev->dev)
#define CARD_RDEV_ID(card) dev_name(&card->read.ccwdev->dev)
#define CARD_WDEV_ID(card) dev_name(&card->write.ccwdev->dev)
Reported by FlawFinder.
Line: 121
Column: 44
CWE codes:
120
20
#define CARD_WDEV(card) card->write.ccwdev
#define CARD_DDEV(card) card->data.ccwdev
#define CARD_BUS_ID(card) dev_name(&card->gdev->dev)
#define CARD_RDEV_ID(card) dev_name(&card->read.ccwdev->dev)
#define CARD_WDEV_ID(card) dev_name(&card->write.ccwdev->dev)
#define CARD_DDEV_ID(card) dev_name(&card->data.ccwdev->dev)
#define CCW_DEVID(cdev) (qeth_get_device_id(cdev))
#define CARD_DEVID(card) (CCW_DEVID(CARD_RDEV(card)))
Reported by FlawFinder.
Line: 832
Column: 22
CWE codes:
120
20
spinlock_t lock;
struct ccwgroup_device *gdev;
struct qeth_cmd_buffer *read_cmd;
struct qeth_channel read;
struct qeth_channel write;
struct qeth_channel data;
struct net_device *dev;
struct dentry *debugfs;
Reported by FlawFinder.
drivers/s390/net/qeth_l2_main.c
10 issues
Line: 1079
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qeth_prepare_ipa_cmd(card, iob, (u16) data_len, NULL);
memcpy(__ipa_cmd(iob), data, data_len);
iob->callback = qeth_osn_assist_cb;
return qeth_send_ipa_cmd(card, iob, NULL, NULL);
}
EXPORT_SYMBOL(qeth_osn_assist);
Reported by FlawFinder.
Line: 1090
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int (*data_cb)(struct sk_buff *))
{
struct qeth_card *card;
char bus_id[16];
u16 devno;
memcpy(&devno, read_dev_no, 2);
sprintf(bus_id, "0.0.%04x", devno);
card = qeth_get_card_by_busid(bus_id);
Reported by FlawFinder.
Line: 1093
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char bus_id[16];
u16 devno;
memcpy(&devno, read_dev_no, 2);
sprintf(bus_id, "0.0.%04x", devno);
card = qeth_get_card_by_busid(bus_id);
if (!card || !IS_OSN(card))
return -ENODEV;
*dev = card->dev;
Reported by FlawFinder.
Line: 1094
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u16 devno;
memcpy(&devno, read_dev_no, 2);
sprintf(bus_id, "0.0.%04x", devno);
card = qeth_get_card_by_busid(bus_id);
if (!card || !IS_OSN(card))
return -ENODEV;
*dev = card->dev;
Reported by FlawFinder.
Line: 1150
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net_if_token *token,
struct mac_addr_lnid *addr_lnid)
{
char str[7][32];
char *env[8];
int i = 0;
switch (evtype) {
case anev_reg_unreg:
Reported by FlawFinder.
Line: 1151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mac_addr_lnid *addr_lnid)
{
char str[7][32];
char *env[8];
int i = 0;
switch (evtype) {
case anev_reg_unreg:
snprintf(str[i], sizeof(str[i]), "BRIDGEDHOST=%s",
Reported by FlawFinder.
Line: 1205
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct qeth_bridge_state_data *data =
container_of(work, struct qeth_bridge_state_data, worker);
char env_locrem[32];
char env_role[32];
char env_state[32];
char *env[] = {
env_locrem,
env_role,
Reported by FlawFinder.
Line: 1206
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qeth_bridge_state_data *data =
container_of(work, struct qeth_bridge_state_data, worker);
char env_locrem[32];
char env_role[32];
char env_state[32];
char *env[] = {
env_locrem,
env_role,
env_state,
Reported by FlawFinder.
Line: 1207
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
container_of(work, struct qeth_bridge_state_data, worker);
char env_locrem[32];
char env_role[32];
char env_state[32];
char *env[] = {
env_locrem,
env_role,
env_state,
NULL
Reported by FlawFinder.
Line: 1431
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
INIT_DELAYED_WORK(&data->dwork, qeth_l2_dev2br_worker);
data->card = card;
memcpy(&data->ac_event, hostevs,
sizeof(struct qeth_ipacmd_addr_change) + extrasize);
queue_delayed_work(card->event_wq, &data->dwork, 0);
}
/* SETBRIDGEPORT support; sending commands */
Reported by FlawFinder.
drivers/scsi/esas2r/atvda.h
10 issues
Line: 339
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* grp_name was added in version 2 of this structure. */
char grp_name[15];
u8 reserved3[4];
/* dev_addr_list was added in version 3 of this structure. */
u8 num_dev_addr;
Reported by FlawFinder.
Line: 353
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 grp_index;
#define VDA_MAX_RAID_GROUPS 32
char grp_name[15];
u64 capacity;
u32 block_size;
u32 interleave;
u8 type;
#define VDA_GRP_TYPE_RAID0 0
Reported by FlawFinder.
Line: 466
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 part_no;
#define VDA_MAX_PARTITIONS 128
char grp_name[15];
u64 part_size;
u64 start_lba;
u32 block_size;
u16 target_id;
u8 LUN;
Reported by FlawFinder.
Line: 472
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 block_size;
u16 target_id;
u8 LUN;
char serial_no[41];
u8 features;
#define VDAPI_FEAT_WRITE_CACHE 0x01
u8 reserved[7];
};
Reported by FlawFinder.
Line: 628
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 id;
#define VDASI_ID_NONE 0x00
char grp_name[15];
u8 reserved[85];
};
struct __packed atto_vda_n_vcache_info {
Reported by FlawFinder.
Line: 679
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define VDA_ADAP_FEAT_UTC_TIME 0x0004
u32 valid_features;
char active_config[33];
u8 temp_count;
u8 fan_count;
u8 reserved3[61];
};
Reported by FlawFinder.
Line: 841
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define VDAAE_GRPOPPROC_CANCELABLE 0x20
#define VDAAE_GRPOPPROC_RESUMABLE 0x40
#define VDAAE_GRPOPPROC_HALTABLE 0x80
char acname[15];
u8 byreserved;
u8 byreserved2[0x80 - 0x1C];
};
Reported by FlawFinder.
Line: 902
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct __packed atto_vda_ae_log {
struct atto_vda_ae_hdr hdr;
char aclog_ascii[VDAAE_LOG_STRSZ];
};
#define VDAAE_TLG_STRSZ 56
Reported by FlawFinder.
Line: 911
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct __packed atto_vda_ae_timestamp_log {
struct atto_vda_ae_hdr hdr;
u32 dwtimestamp;
char aclog_ascii[VDAAE_TLG_STRSZ];
};
struct __packed atto_vda_ae_nvc {
struct atto_vda_ae_hdr hdr;
Reported by FlawFinder.
Line: 1094
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
struct {
char file_name[16]; /* 8.3 fname, NULL term, wc=* */
struct atto_vda_sge sge[1];
} file;
struct atto_vda_sge sge[1];
struct atto_physical_region_description prde[2];
Reported by FlawFinder.
drivers/platform/x86/msi-laptop.c
10 issues
Line: 322
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%i\n", enabled);
}
static ssize_t store_wlan(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 346
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%i\n", enabled);
}
static ssize_t store_bluetooth(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 369
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%i\n", threeg_s);
}
static ssize_t store_threeg(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 388
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%i\n", ret);
}
static ssize_t store_lcd_level(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 418
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%i\n", ret);
}
static ssize_t store_auto_brightness(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 448
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (result < 0)
return result;
return sprintf(buf, "%i\n", !!(rdata & MSI_STANDARD_EC_TOUCHPAD_MASK));
}
static ssize_t show_turbo(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 462
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (result < 0)
return result;
return sprintf(buf, "%i\n", !!(rdata & MSI_STANDARD_EC_TURBO_MASK));
}
static ssize_t show_eco(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 476
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (result < 0)
return result;
return sprintf(buf, "%i\n", !!(rdata & MSI_STANDARD_EC_ECO_MASK));
}
static ssize_t show_turbo_cooldown(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 490
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (result < 0)
return result;
return sprintf(buf, "%i\n", (!!(rdata & MSI_STANDARD_EC_TURBO_MASK)) |
(!!(rdata & MSI_STANDARD_EC_TURBO_COOLDOWN_MASK) << 1));
}
static ssize_t show_auto_fan(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 505
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (result < 0)
return result;
return sprintf(buf, "%i\n", !!(rdata & MSI_STANDARD_EC_AUTOFAN_MASK));
}
static ssize_t store_auto_fan(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/net/ethernet/microchip/sparx5/sparx5_mactable.c
10 issues
Line: 35
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sparx5_mact_entry {
struct list_head list;
unsigned char mac[ETH_ALEN];
u32 flags;
#define MAC_ENT_ALIVE BIT(0)
#define MAC_ENT_MOVED BIT(1)
#define MAC_ENT_LOCK BIT(2)
u16 vid;
Reported by FlawFinder.
Line: 60
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static void sparx5_mact_select(struct sparx5 *sparx5,
const unsigned char mac[ETH_ALEN],
u16 vid)
{
u32 macl = 0, mach = 0;
/* Set the MAC address to handle and the vlan associated in a format
Reported by FlawFinder.
Line: 81
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
int sparx5_mact_learn(struct sparx5 *sparx5, int pgid,
const unsigned char mac[ETH_ALEN], u16 vid)
{
int addr, type, ret;
if (pgid < SPX5_PORTS) {
type = MAC_ENTRY_ADDR_TYPE_UPSID_PN;
Reported by FlawFinder.
Line: 135
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static int sparx5_mact_get(struct sparx5 *sparx5,
unsigned char mac[ETH_ALEN],
u16 *vid, u32 *pcfg2)
{
u32 mach, macl, cfg2;
int ret = -ENOENT;
Reported by FlawFinder.
Line: 160
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
bool sparx5_mact_getnext(struct sparx5 *sparx5,
unsigned char mac[ETH_ALEN], u16 *vid, u32 *pcfg2)
{
u32 cfg2;
int ret;
mutex_lock(&sparx5->lock);
Reported by FlawFinder.
Line: 190
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static int sparx5_mact_lookup(struct sparx5 *sparx5,
const unsigned char mac[ETH_ALEN],
u16 vid)
{
int ret;
mutex_lock(&sparx5->lock);
Reported by FlawFinder.
Line: 218
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
int sparx5_mact_forget(struct sparx5 *sparx5,
const unsigned char mac[ETH_ALEN], u16 vid)
{
int ret;
mutex_lock(&sparx5->lock);
Reported by FlawFinder.
Line: 249
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!mact_entry)
return NULL;
memcpy(mact_entry->mac, mac, ETH_ALEN);
mact_entry->vid = vid;
mact_entry->port = port_index;
return mact_entry;
}
Reported by FlawFinder.
Line: 359
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static void sparx5_mact_handle_entry(struct sparx5 *sparx5,
unsigned char mac[ETH_ALEN],
u16 vid, u32 cfg2)
{
struct sparx5_mact_entry *mact_entry;
bool found = false;
u16 port;
Reported by FlawFinder.
Line: 423
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sparx5 *sparx5 = container_of(del_work, struct sparx5,
mact_work);
struct sparx5_mact_entry *mact_entry, *tmp;
unsigned char mac[ETH_ALEN];
u32 cfg2;
u16 vid;
int ret;
/* Reset MAC entry flags */
Reported by FlawFinder.