The following issues were found
sound/isa/opti9xx/miro.c
10 issues
Line: 775
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static const int opti9xx_mc_size[] = {7, 7, 10, 10, 2, 2, 2};
chip->hardware = hardware;
strcpy(chip->name, snd_opti9xx_names[hardware]);
chip->mc_base_size = opti9xx_mc_size[hardware];
spin_lock_init(&chip->lock);
Reported by FlawFinder.
Line: 94
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_miro {
unsigned short hardware;
unsigned char password;
char name[7];
struct resource *res_mc_base;
struct resource *res_aci_port;
unsigned long mc_base;
Reported by FlawFinder.
Line: 714
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
switch (miro->hardware) {
case OPTi9XX_HW_82C924:
strcpy(card->mixername, "ACI & OPTi924");
break;
case OPTi9XX_HW_82C929:
strcpy(card->mixername, "ACI & OPTi929");
break;
default:
Reported by FlawFinder.
Line: 717
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(card->mixername, "ACI & OPTi924");
break;
case OPTi9XX_HW_82C929:
strcpy(card->mixername, "ACI & OPTi929");
break;
default:
snd_BUG();
break;
}
Reported by FlawFinder.
Line: 1331
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* It looks like a miro sound card. */
switch (miro->aci->aci_product) {
case 'A':
sprintf(card->shortname,
"miroSOUND PCM1 pro / PCM12");
break;
case 'B':
sprintf(card->shortname,
"miroSOUND PCM12");
Reported by FlawFinder.
Line: 1335
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"miroSOUND PCM1 pro / PCM12");
break;
case 'B':
sprintf(card->shortname,
"miroSOUND PCM12");
break;
case 'C':
sprintf(card->shortname,
"miroSOUND PCM20 radio");
Reported by FlawFinder.
Line: 1339
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"miroSOUND PCM12");
break;
case 'C':
sprintf(card->shortname,
"miroSOUND PCM20 radio");
break;
default:
sprintf(card->shortname,
"unknown miro");
Reported by FlawFinder.
Line: 1343
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"miroSOUND PCM20 radio");
break;
default:
sprintf(card->shortname,
"unknown miro");
snd_printk(KERN_INFO "unknown miro aci id\n");
break;
}
} else {
Reported by FlawFinder.
Line: 1350
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
} else {
snd_printk(KERN_INFO "found unsupported aci card\n");
sprintf(card->shortname, "unknown Cardinal Technologies");
}
strcpy(card->driver, "miro");
snprintf(card->longname, sizeof(card->longname),
"%s: OPTi%s, %s at 0x%lx, irq %d, dma %d&%d",
Reported by FlawFinder.
Line: 1353
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
sprintf(card->shortname, "unknown Cardinal Technologies");
}
strcpy(card->driver, "miro");
snprintf(card->longname, sizeof(card->longname),
"%s: OPTi%s, %s at 0x%lx, irq %d, dma %d&%d",
card->shortname, miro->name, codec->pcm->name,
miro->wss_base + 4, miro->irq, miro->dma1, miro->dma2);
Reported by FlawFinder.
sound/isa/gus/gus_main.c
10 issues
Line: 264
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_card *card;
unsigned long flags;
int irq, dma1, dma2;
static const unsigned char irqs[16] =
{0, 0, 1, 3, 0, 2, 0, 4, 0, 1, 0, 5, 6, 0, 0, 7};
static const unsigned char dmas[8] =
{6, 1, 0, 2, 0, 3, 4, 5};
if (snd_BUG_ON(!gus))
Reported by FlawFinder.
Line: 266
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int irq, dma1, dma2;
static const unsigned char irqs[16] =
{0, 0, 1, 3, 0, 2, 0, 4, 0, 1, 0, 5, 6, 0, 0, 7};
static const unsigned char dmas[8] =
{6, 1, 0, 2, 0, 3, 4, 5};
if (snd_BUG_ON(!gus))
return -EINVAL;
card = gus->card;
Reported by FlawFinder.
Line: 361
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
rev = inb(GUSP(gus, BOARDVERSION));
spin_unlock_irqrestore(&gus->reg_lock, flags);
snd_printdd("GF1 [0x%lx] init - val = 0x%x, rev = 0x%x\n", gus->gf1.port, val, rev);
strcpy(card->driver, "GUS");
strcpy(card->longname, "Gravis UltraSound Classic (2.4)");
if ((val != 255 && (val & 0x06)) || (rev >= 5 && rev != 255)) {
if (rev >= 5 && rev <= 9) {
gus->ics_flag = 1;
if (rev == 5)
Reported by FlawFinder.
Line: 362
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
spin_unlock_irqrestore(&gus->reg_lock, flags);
snd_printdd("GF1 [0x%lx] init - val = 0x%x, rev = 0x%x\n", gus->gf1.port, val, rev);
strcpy(card->driver, "GUS");
strcpy(card->longname, "Gravis UltraSound Classic (2.4)");
if ((val != 255 && (val & 0x06)) || (rev >= 5 && rev != 255)) {
if (rev >= 5 && rev <= 9) {
gus->ics_flag = 1;
if (rev == 5)
gus->ics_flipped = 1;
Reported by FlawFinder.
Line: 373
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
if (rev >= 10 && rev != 255) {
if (rev >= 10 && rev <= 11) {
strcpy(card->driver, "GUS MAX");
strcpy(card->longname, "Gravis UltraSound MAX");
gus->max_flag = 1;
} else if (rev == 0x30) {
strcpy(card->driver, "GUS ACE");
strcpy(card->longname, "Gravis UltraSound Ace");
Reported by FlawFinder.
Line: 374
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (rev >= 10 && rev != 255) {
if (rev >= 10 && rev <= 11) {
strcpy(card->driver, "GUS MAX");
strcpy(card->longname, "Gravis UltraSound MAX");
gus->max_flag = 1;
} else if (rev == 0x30) {
strcpy(card->driver, "GUS ACE");
strcpy(card->longname, "Gravis UltraSound Ace");
gus->ace_flag = 1;
Reported by FlawFinder.
Line: 377
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(card->longname, "Gravis UltraSound MAX");
gus->max_flag = 1;
} else if (rev == 0x30) {
strcpy(card->driver, "GUS ACE");
strcpy(card->longname, "Gravis UltraSound Ace");
gus->ace_flag = 1;
} else if (rev == 0x50) {
strcpy(card->driver, "GUS Extreme");
strcpy(card->longname, "Gravis UltraSound Extreme");
Reported by FlawFinder.
Line: 378
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
gus->max_flag = 1;
} else if (rev == 0x30) {
strcpy(card->driver, "GUS ACE");
strcpy(card->longname, "Gravis UltraSound Ace");
gus->ace_flag = 1;
} else if (rev == 0x50) {
strcpy(card->driver, "GUS Extreme");
strcpy(card->longname, "Gravis UltraSound Extreme");
gus->ess_flag = 1;
Reported by FlawFinder.
Line: 381
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(card->longname, "Gravis UltraSound Ace");
gus->ace_flag = 1;
} else if (rev == 0x50) {
strcpy(card->driver, "GUS Extreme");
strcpy(card->longname, "Gravis UltraSound Extreme");
gus->ess_flag = 1;
} else {
snd_printk(KERN_ERR "unknown GF1 revision number at 0x%lx - 0x%x (0x%x)\n", gus->gf1.port, rev, val);
snd_printk(KERN_ERR " please - report to <perex@perex.cz>\n");
Reported by FlawFinder.
Line: 382
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
gus->ace_flag = 1;
} else if (rev == 0x50) {
strcpy(card->driver, "GUS Extreme");
strcpy(card->longname, "Gravis UltraSound Extreme");
gus->ess_flag = 1;
} else {
snd_printk(KERN_ERR "unknown GF1 revision number at 0x%lx - 0x%x (0x%x)\n", gus->gf1.port, rev, val);
snd_printk(KERN_ERR " please - report to <perex@perex.cz>\n");
}
Reported by FlawFinder.
scripts/dtc/libfdt/fdt_ro.c
10 issues
Line: 568
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!name)
return namelen;
if ((p + namelen + 1) <= buflen) {
memcpy(buf + p, name, namelen);
p += namelen;
buf[p++] = '/';
pdepth++;
}
}
Reported by FlawFinder.
Line: 46
Column: 12
CWE codes:
126
s = (const char *)fdt + fdt_off_dt_strings(fdt) + stroffset;
if (lenp)
*lenp = strlen(s);
return s;
}
totalsize = fdt_ro_probe_(fdt);
err = totalsize;
if (totalsize < 0)
Reported by FlawFinder.
Line: 247
Column: 61
CWE codes:
126
int fdt_subnode_offset(const void *fdt, int parentoffset,
const char *name)
{
return fdt_subnode_offset_namelen(fdt, parentoffset, name, strlen(name));
}
int fdt_path_offset_namelen(const void *fdt, const char *path, int namelen)
{
const char *end = path + namelen;
Reported by FlawFinder.
Line: 297
Column: 44
CWE codes:
126
int fdt_path_offset(const void *fdt, const char *path)
{
return fdt_path_offset_namelen(fdt, path, strlen(path));
}
const char *fdt_get_name(const void *fdt, int nodeoffset, int *len)
{
const struct fdt_node_header *nh = fdt_offset_ptr_(fdt, nodeoffset);
Reported by FlawFinder.
Line: 328
Column: 10
CWE codes:
126
}
if (len)
*len = strlen(nameptr);
return nameptr;
fail:
if (len)
Reported by FlawFinder.
Line: 448
Column: 6
CWE codes:
126
const char *name, int *lenp)
{
return fdt_get_property_namelen(fdt, nodeoffset, name,
strlen(name), lenp);
}
const void *fdt_getprop_namelen(const void *fdt, int nodeoffset,
const char *name, int namelen, int *lenp)
{
Reported by FlawFinder.
Line: 505
Column: 52
CWE codes:
126
const void *fdt_getprop(const void *fdt, int nodeoffset,
const char *name, int *lenp)
{
return fdt_getprop_namelen(fdt, nodeoffset, name, strlen(name), lenp);
}
uint32_t fdt_get_phandle(const void *fdt, int nodeoffset)
{
const fdt32_t *php;
Reported by FlawFinder.
Line: 539
Column: 42
CWE codes:
126
const char *fdt_get_alias(const void *fdt, const char *name)
{
return fdt_get_alias_namelen(fdt, name, strlen(name));
}
int fdt_get_path(const void *fdt, int nodeoffset, char *buf, int buflen)
{
int pdepth = 0, p = 0;
Reported by FlawFinder.
Line: 708
Column: 12
CWE codes:
126
int fdt_stringlist_contains(const char *strlist, int listlen, const char *str)
{
int len = strlen(str);
const char *p;
while (listlen >= len) {
if (memcmp(str, strlist, len+1) == 0)
return 1;
Reported by FlawFinder.
Line: 758
Column: 8
CWE codes:
126
if (!list)
return length;
len = strlen(string) + 1;
end = list + length;
while (list < end) {
length = strnlen(list, end - list) + 1;
Reported by FlawFinder.
sound/pci/intel8x0m.c
10 issues
Line: 682
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char name[32];
if (rec->suffix)
sprintf(name, "Intel ICH - %s", rec->suffix);
else
strcpy(name, "Intel ICH");
err = snd_pcm_new(chip->card, name, device,
rec->playback_ops ? 1 : 0,
rec->capture_ops ? 1 : 0, &pcm);
Reported by FlawFinder.
Line: 700
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pcm->info_flags = 0;
pcm->dev_class = SNDRV_PCM_CLASS_MODEM;
if (rec->suffix)
sprintf(pcm->name, "%s - %s", chip->card->shortname, rec->suffix);
else
strcpy(pcm->name, chip->card->shortname);
chip->pcm[device] = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV,
Reported by FlawFinder.
Line: 702
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (rec->suffix)
sprintf(pcm->name, "%s - %s", chip->card->shortname, rec->suffix);
else
strcpy(pcm->name, chip->card->shortname);
chip->pcm[device] = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV,
&chip->pci->dev,
rec->prealloc_size,
Reported by FlawFinder.
Line: 1243
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(card->shortname, "Intel ICH");
for (name = shortnames; name->id; name++) {
if (pci->device == name->id) {
strcpy(card->shortname, name->s);
break;
}
}
strcat(card->shortname," Modem");
Reported by FlawFinder.
Line: 1269
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snd_intel8x0m_proc_init(chip);
sprintf(card->longname, "%s at irq %i",
card->shortname, chip->irq);
err = snd_card_register(card);
if (err < 0) {
snd_card_free(card);
Reported by FlawFinder.
Line: 679
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct snd_pcm *pcm;
int err;
char name[32];
if (rec->suffix)
sprintf(name, "Intel ICH - %s", rec->suffix);
else
strcpy(name, "Intel ICH");
Reported by FlawFinder.
Line: 684
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (rec->suffix)
sprintf(name, "Intel ICH - %s", rec->suffix);
else
strcpy(name, "Intel ICH");
err = snd_pcm_new(chip->card, name, device,
rec->playback_ops ? 1 : 0,
rec->capture_ops ? 1 : 0, &pcm);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 1239
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(card->driver, "ICH-MODEM");
strcpy(card->shortname, "Intel ICH");
for (name = shortnames; name->id; name++) {
if (pci->device == name->id) {
strcpy(card->shortname, name->s);
break;
Reported by FlawFinder.
Line: 1240
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
strcpy(card->driver, "ICH-MODEM");
strcpy(card->shortname, "Intel ICH");
for (name = shortnames; name->id; name++) {
if (pci->device == name->id) {
strcpy(card->shortname, name->s);
break;
}
Reported by FlawFinder.
Line: 1247
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
break;
}
}
strcat(card->shortname," Modem");
err = snd_intel8x0m_create(card, pci, pci_id->driver_data, &chip);
if (err < 0) {
snd_card_free(card);
return err;
Reported by FlawFinder.
scripts/insert-sys-cert.c
10 issues
Line: 33
Column: 31
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define USED_SYM "system_extra_cert_used"
#define LSIZE_SYM "system_certificate_list_size"
#define info(format, args...) fprintf(stderr, "INFO: " format, ## args)
#define warn(format, args...) fprintf(stdout, "WARNING: " format, ## args)
#define err(format, args...) fprintf(stderr, "ERROR: " format, ## args)
#if UINTPTR_MAX == 0xffffffff
#define CURRENT_ELFCLASS ELFCLASS32
Reported by FlawFinder.
Line: 34
Column: 31
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define LSIZE_SYM "system_certificate_list_size"
#define info(format, args...) fprintf(stderr, "INFO: " format, ## args)
#define warn(format, args...) fprintf(stdout, "WARNING: " format, ## args)
#define err(format, args...) fprintf(stderr, "ERROR: " format, ## args)
#if UINTPTR_MAX == 0xffffffff
#define CURRENT_ELFCLASS ELFCLASS32
#define Elf_Ehdr Elf32_Ehdr
Reported by FlawFinder.
Line: 35
Column: 31
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define info(format, args...) fprintf(stderr, "INFO: " format, ## args)
#define warn(format, args...) fprintf(stdout, "WARNING: " format, ## args)
#define err(format, args...) fprintf(stderr, "ERROR: " format, ## args)
#if UINTPTR_MAX == 0xffffffff
#define CURRENT_ELFCLASS ELFCLASS32
#define Elf_Ehdr Elf32_Ehdr
#define Elf_Shdr Elf32_Shdr
Reported by FlawFinder.
Line: 289
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
Elf_Shdr *symtab = NULL;
struct sym cert_sym, lsize_sym, used_sym;
while ((opt = getopt(argc, argv, "b:c:s:")) != -1) {
switch (opt) {
case 's':
system_map_file = optarg;
break;
case 'b':
Reported by FlawFinder.
Line: 96
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void get_symbol_from_map(Elf_Ehdr *hdr, FILE *f, char *name,
struct sym *s)
{
char l[LINE_SIZE];
char *w, *p, *n;
s->size = 0;
s->address = 0;
s->offset = 0;
Reported by FlawFinder.
Line: 207
Column: 7
CWE codes:
362
void *map;
int fd;
fd = open(file_name, O_RDWR);
if (fd < 0) {
perror(file_name);
return NULL;
}
if (fstat(fd, &st)) {
Reported by FlawFinder.
Line: 234
Column: 7
CWE codes:
362
char *buf;
int fd;
fd = open(file_name, O_RDONLY);
if (fd < 0) {
perror(file_name);
return NULL;
}
if (fstat(fd, &st)) {
Reported by FlawFinder.
Line: 355
Column: 16
CWE codes:
362
exit(EXIT_FAILURE);
}
system_map = fopen(system_map_file, "r");
if (!system_map) {
perror(system_map_file);
exit(EXIT_FAILURE);
}
get_symbol_from_map(hdr, system_map, CERT_SYM, &cert_sym);
Reported by FlawFinder.
Line: 398
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (*used > 0)
warn("Replacing previously inserted certificate.\n");
memcpy(cert_sym.content, cert, cert_size);
if (cert_size < cert_sym.size)
memset(cert_sym.content + cert_size,
0, cert_sym.size - cert_size);
*lsize = *lsize + cert_size - *used;
Reported by FlawFinder.
sound/pci/emu10k1/emupcm.c
10 issues
Line: 1038
Column: 17
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (! kctl)
return;
if (activate)
kctl->vd[idx].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
else
kctl->vd[idx].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(emu->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO,
snd_ctl_build_ioff(&id, kctl, idx));
Reported by FlawFinder.
Line: 1040
Column: 17
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (activate)
kctl->vd[idx].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
else
kctl->vd[idx].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(emu->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO,
snd_ctl_build_ioff(&id, kctl, idx));
}
Reported by FlawFinder.
Line: 280
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_pcm_runtime *runtime = substream->runtime;
unsigned int silent_page, tmp;
int voice, stereo, w_16;
unsigned char send_amount[8];
unsigned char send_routing[8];
unsigned long flags;
unsigned int pitch_target;
unsigned int ccis;
Reported by FlawFinder.
Line: 281
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int silent_page, tmp;
int voice, stereo, w_16;
unsigned char send_amount[8];
unsigned char send_routing[8];
unsigned long flags;
unsigned int pitch_target;
unsigned int ccis;
voice = evoice->number;
Reported by FlawFinder.
Line: 312
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
/* mono, left, right (master voice = left) */
tmp = stereo ? (master ? 1 : 2) : 0;
memcpy(send_routing, &mix->send_routing[tmp][0], 8);
memcpy(send_amount, &mix->send_volume[tmp][0], 8);
}
ccis = emu10k1_ccis(stereo, w_16);
Reported by FlawFinder.
Line: 313
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* mono, left, right (master voice = left) */
tmp = stereo ? (master ? 1 : 2) : 0;
memcpy(send_routing, &mix->send_routing[tmp][0], 8);
memcpy(send_amount, &mix->send_volume[tmp][0], 8);
}
ccis = emu10k1_ccis(stereo, w_16);
if (master) {
Reported by FlawFinder.
Line: 1398
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->info_flags = 0;
pcm->dev_subclass = SNDRV_PCM_SUBCLASS_GENERIC_MIX;
strcpy(pcm->name, "ADC Capture/Standard PCM Playback");
emu->pcm = pcm;
/* playback substream can't use managed buffers due to alignment */
for (substream = pcm->streams[SNDRV_PCM_STREAM_PLAYBACK].substream; substream; substream = substream->next)
snd_pcm_lib_preallocate_pages(substream, SNDRV_DMA_TYPE_DEV_SG,
Reported by FlawFinder.
Line: 1430
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->info_flags = 0;
pcm->dev_subclass = SNDRV_PCM_SUBCLASS_GENERIC_MIX;
strcpy(pcm->name, "Multichannel Playback");
emu->pcm_multi = pcm;
for (substream = pcm->streams[SNDRV_PCM_STREAM_PLAYBACK].substream; substream; substream = substream->next)
snd_pcm_lib_preallocate_pages(substream, SNDRV_DMA_TYPE_DEV_SG,
&emu->pci->dev,
Reported by FlawFinder.
Line: 1464
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_emu10k1_capture_mic_ops);
pcm->info_flags = 0;
strcpy(pcm->name, "Mic Capture");
emu->pcm_mic = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV, &emu->pci->dev,
64*1024, 64*1024);
Reported by FlawFinder.
Line: 1794
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_emu10k1_capture_efx_ops);
pcm->info_flags = 0;
strcpy(pcm->name, "Multichannel Capture/PT Playback");
emu->pcm_efx = pcm;
/* EFX capture - record the "FXBUS2" channels, by default we connect the EXTINs
* to these
*/
Reported by FlawFinder.
net/sunrpc/svc.c
10 issues
Line: 99
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case SVC_POOL_PERNODE:
return strlcpy(buf, "pernode\n", 20);
default:
return sprintf(buf, "%d\n", *ip);
}
}
module_param_call(pool_mode, param_set_pool_mode, param_get_pool_mode,
&svc_pool_map.mode, 0644);
Reported by FlawFinder.
Line: 1151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct va_format vaf;
va_list args;
char buf[RPC_MAX_ADDRBUFLEN];
va_start(args, fmt);
vaf.fmt = fmt;
vaf.va = &args;
Reported by FlawFinder.
Line: 1563
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rqstp->rq_bc_net = req->rq_xprt->xprt_net;
rqstp->rq_addrlen = sizeof(req->rq_xprt->addr);
memcpy(&rqstp->rq_addr, &req->rq_xprt->addr, rqstp->rq_addrlen);
memcpy(&rqstp->rq_arg, &req->rq_rcv_buf, sizeof(rqstp->rq_arg));
memcpy(&rqstp->rq_res, &req->rq_snd_buf, sizeof(rqstp->rq_res));
/* Adjust the argument buffer length */
rqstp->rq_arg.len = req->rq_private_buf.len;
Reported by FlawFinder.
Line: 1714
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = min_t(size_t, total, first->iov_len);
if (len) {
memcpy(dst, first->iov_base, len);
dst += len;
remaining -= len;
}
if (remaining) {
Reported by FlawFinder.
Line: 1721
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (remaining) {
len = min_t(size_t, remaining, PAGE_SIZE);
memcpy(dst, p, len);
dst += len;
}
*dst = '\0';
Reported by FlawFinder.
Line: 1266
Column: 7
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
ret->dispatch = versp->vs_dispatch;
return rpc_success;
err_bad_vers:
ret->mismatch.lovers = progp->pg_lovers;
ret->mismatch.hivers = progp->pg_hivers;
return rpc_prog_mismatch;
err_bad_proc:
return rpc_proc_unavail;
}
Reported by FlawFinder.
Line: 1267
Column: 7
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
return rpc_success;
err_bad_vers:
ret->mismatch.lovers = progp->pg_lovers;
ret->mismatch.hivers = progp->pg_hivers;
return rpc_prog_mismatch;
err_bad_proc:
return rpc_proc_unavail;
}
EXPORT_SYMBOL_GPL(svc_generic_init_request);
Reported by FlawFinder.
Line: 1474
Column: 26
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
serv->sv_stats->rpcbadfmt++;
svc_putnl(resv, RPC_PROG_MISMATCH);
svc_putnl(resv, process.mismatch.lovers);
svc_putnl(resv, process.mismatch.hivers);
goto sendit;
err_bad_proc:
svc_printk(rqstp, "unknown procedure (%d)\n", rqstp->rq_proc);
Reported by FlawFinder.
Line: 1475
Column: 26
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
serv->sv_stats->rpcbadfmt++;
svc_putnl(resv, RPC_PROG_MISMATCH);
svc_putnl(resv, process.mismatch.lovers);
svc_putnl(resv, process.mismatch.hivers);
goto sendit;
err_bad_proc:
svc_printk(rqstp, "unknown procedure (%d)\n", rqstp->rq_proc);
Reported by FlawFinder.
Line: 1730
Column: 6
CWE codes:
126
/* Sanity check: Linux doesn't allow the pathname argument to
* contain a NUL byte.
*/
if (strlen(result) != total) {
kfree(result);
return ERR_PTR(-EINVAL);
}
return result;
}
Reported by FlawFinder.
scripts/kconfig/nconf.gui.c
10 issues
Line: 175
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* do not go over end of line */
total_lines = min(total_lines, y);
for (i = 0; i < total_lines; i++) {
char tmp[x+10];
const char *line = get_line(text, i);
int len = get_line_length(line);
strncpy(tmp, line, min(len, x));
tmp[len] = '\0';
mvwprintw(win, i, 0, "%s", tmp);
Reported by FlawFinder.
Line: 123
Column: 29
CWE codes:
126
void print_in_middle(WINDOW *win, int y, int width, const char *str, int attrs)
{
wattrset(win, attrs);
mvwprintw(win, y, (width - strlen(str)) / 2, "%s", str);
}
int get_line_no(const char *text)
{
int i;
Reported by FlawFinder.
Line: 178
Column: 3
CWE codes:
120
char tmp[x+10];
const char *line = get_line(text, i);
int len = get_line_length(line);
strncpy(tmp, line, min(len, x));
tmp[len] = '\0';
mvwprintw(win, i, 0, "%s", tmp);
}
}
Reported by FlawFinder.
Line: 214
Column: 17
CWE codes:
126
for (i = 0; i < btn_num; i++) {
btn = va_arg(ap, char *);
btns[i] = new_item(btn, "");
btns_width += strlen(btn)+1;
}
va_end(ap);
btns[btn_num] = NULL;
/* find the widest line of msg: */
Reported by FlawFinder.
Line: 320
Column: 24
CWE codes:
126
PANEL *panel;
int i, x, y, lines, columns, win_lines, win_cols;
int res = -1;
int cursor_position = strlen(init);
int cursor_form_win;
char *result = *resultp;
getmaxyx(stdscr, lines, columns);
Reported by FlawFinder.
Line: 326
Column: 6
CWE codes:
126
getmaxyx(stdscr, lines, columns);
if (strlen(init)+1 > *result_len) {
*result_len = strlen(init)+1;
*resultp = result = xrealloc(result, *result_len);
}
/* find the widest line of msg: */
Reported by FlawFinder.
Line: 327
Column: 17
CWE codes:
126
getmaxyx(stdscr, lines, columns);
if (strlen(init)+1 > *result_len) {
*result_len = strlen(init)+1;
*resultp = result = xrealloc(result, *result_len);
}
/* find the widest line of msg: */
prompt_lines = get_line_no(prompt);
Reported by FlawFinder.
Line: 340
Column: 36
CWE codes:
126
}
if (title)
prompt_width = max(prompt_width, strlen(title));
win_lines = min(prompt_lines+6, lines-2);
win_cols = min(prompt_width+7, columns-2);
prompt_lines = max(win_lines-6, 0);
prompt_width = max(win_cols-7, 0);
Reported by FlawFinder.
Line: 351
Column: 2
CWE codes:
120
y = (lines-win_lines)/2;
x = (columns-win_cols)/2;
strncpy(result, init, *result_len);
/* create the windows */
win = newwin(win_lines, win_cols, y, x);
prompt_win = derwin(win, prompt_lines+1, prompt_width, 2, 2);
form_win = derwin(win, 1, prompt_width, prompt_lines+3, 2);
Reported by FlawFinder.
Line: 385
Column: 13
CWE codes:
126
touchwin(win);
refresh_all_windows(main_window);
while ((res = wgetch(form_win))) {
int len = strlen(result);
switch (res) {
case 10: /* ENTER */
case 27: /* ESCAPE */
case KEY_F(F_HELP):
case KEY_F(F_EXIT):
Reported by FlawFinder.
security/selinux/avc.c
10 issues
Line: 258
CWE codes:
476
static void avc_copy_xperms_decision(struct extended_perms_decision *dest,
struct extended_perms_decision *src)
{
dest->driver = src->driver;
dest->used = src->used;
if (dest->used & XPERMS_ALLOWED)
memcpy(dest->allowed->p, src->allowed->p,
sizeof(src->allowed->p));
if (dest->used & XPERMS_AUDITALLOW)
Reported by Cppcheck.
Line: 336
CWE codes:
476
struct avc_xperms_decision_node *dest_xpd;
node->ae.xp_node->xp.len++;
dest_xpd = avc_xperms_decision_alloc(src->used);
if (!dest_xpd)
return -ENOMEM;
avc_copy_xperms_decision(&dest_xpd->xpd, src);
list_add(&dest_xpd->xpd_list, &node->ae.xp_node->xpd_head);
return 0;
Reported by Cppcheck.
Line: 792
CWE codes:
562
sad.result = result;
sad.state = state;
a->selinux_audit_data = &sad;
common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
return 0;
}
Reported by Cppcheck.
Line: 258
CWE codes:
476
static void avc_copy_xperms_decision(struct extended_perms_decision *dest,
struct extended_perms_decision *src)
{
dest->driver = src->driver;
dest->used = src->used;
if (dest->used & XPERMS_ALLOWED)
memcpy(dest->allowed->p, src->allowed->p,
sizeof(src->allowed->p));
if (dest->used & XPERMS_AUDITALLOW)
Reported by Cppcheck.
Line: 259
CWE codes:
476
struct extended_perms_decision *src)
{
dest->driver = src->driver;
dest->used = src->used;
if (dest->used & XPERMS_ALLOWED)
memcpy(dest->allowed->p, src->allowed->p,
sizeof(src->allowed->p));
if (dest->used & XPERMS_AUDITALLOW)
memcpy(dest->auditallow->p, src->auditallow->p,
Reported by Cppcheck.
Line: 336
CWE codes:
476
struct avc_xperms_decision_node *dest_xpd;
node->ae.xp_node->xp.len++;
dest_xpd = avc_xperms_decision_alloc(src->used);
if (!dest_xpd)
return -ENOMEM;
avc_copy_xperms_decision(&dest_xpd->xpd, src);
list_add(&dest_xpd->xpd_list, &node->ae.xp_node->xpd_head);
return 0;
Reported by Cppcheck.
Line: 261
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dest->driver = src->driver;
dest->used = src->used;
if (dest->used & XPERMS_ALLOWED)
memcpy(dest->allowed->p, src->allowed->p,
sizeof(src->allowed->p));
if (dest->used & XPERMS_AUDITALLOW)
memcpy(dest->auditallow->p, src->auditallow->p,
sizeof(src->auditallow->p));
if (dest->used & XPERMS_DONTAUDIT)
Reported by FlawFinder.
Line: 264
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dest->allowed->p, src->allowed->p,
sizeof(src->allowed->p));
if (dest->used & XPERMS_AUDITALLOW)
memcpy(dest->auditallow->p, src->auditallow->p,
sizeof(src->auditallow->p));
if (dest->used & XPERMS_DONTAUDIT)
memcpy(dest->dontaudit->p, src->dontaudit->p,
sizeof(src->dontaudit->p));
}
Reported by FlawFinder.
Line: 267
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dest->auditallow->p, src->auditallow->p,
sizeof(src->auditallow->p));
if (dest->used & XPERMS_DONTAUDIT)
memcpy(dest->dontaudit->p, src->dontaudit->p,
sizeof(src->dontaudit->p));
}
/*
* similar to avc_copy_xperms_decision, but only copy decision
Reported by FlawFinder.
Line: 1146
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(!node))
node = avc_compute_av(state, ssid, tsid, tclass, avd, &xp_node);
else
memcpy(avd, &node->ae.avd, sizeof(*avd));
denied = requested & ~(avd->allowed);
if (unlikely(denied))
rc = avc_denied(state, ssid, tsid, tclass, requested, 0, 0,
flags, avd);
Reported by FlawFinder.
scripts/dtc/yamltree.c
10 issues
Line: 59
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
switch(width) {
case 1:
sprintf(buf, "0x%"PRIx8, *(uint8_t*)(data + off));
break;
case 2:
sprintf(buf, "0x%"PRIx16, dtb_ld16(data + off));
break;
case 4:
Reported by FlawFinder.
Line: 62
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
sprintf(buf, "0x%"PRIx8, *(uint8_t*)(data + off));
break;
case 2:
sprintf(buf, "0x%"PRIx16, dtb_ld16(data + off));
break;
case 4:
sprintf(buf, "0x%"PRIx32, dtb_ld32(data + off));
m = markers;
is_phandle = false;
Reported by FlawFinder.
Line: 65
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
sprintf(buf, "0x%"PRIx16, dtb_ld16(data + off));
break;
case 4:
sprintf(buf, "0x%"PRIx32, dtb_ld32(data + off));
m = markers;
is_phandle = false;
for_each_marker_of_type(m, REF_PHANDLE) {
if (m->offset == (start_offset + off)) {
is_phandle = true;
Reported by FlawFinder.
Line: 76
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
}
break;
case 8:
sprintf(buf, "0x%"PRIx64, dtb_ld64(data + off));
break;
}
if (is_phandle)
yaml_scalar_event_initialize(&event, NULL,
Reported by FlawFinder.
Line: 53
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
yaml_emitter_emit_or_die(emitter, &event);
for (off = 0; off < len; off += width) {
char buf[32];
struct marker *m;
bool is_phandle = false;
switch(width) {
case 1:
Reported by FlawFinder.
Line: 83
Column: 5
CWE codes:
126
if (is_phandle)
yaml_scalar_event_initialize(&event, NULL,
(yaml_char_t*)"!phandle", (yaml_char_t *)buf,
strlen(buf), 0, 0, YAML_PLAIN_SCALAR_STYLE);
else
yaml_scalar_event_initialize(&event, NULL,
(yaml_char_t*)YAML_INT_TAG, (yaml_char_t *)buf,
strlen(buf), 1, 1, YAML_PLAIN_SCALAR_STYLE);
yaml_emitter_emit_or_die(emitter, &event);
Reported by FlawFinder.
Line: 87
Column: 5
CWE codes:
126
else
yaml_scalar_event_initialize(&event, NULL,
(yaml_char_t*)YAML_INT_TAG, (yaml_char_t *)buf,
strlen(buf), 1, 1, YAML_PLAIN_SCALAR_STYLE);
yaml_emitter_emit_or_die(emitter, &event);
}
yaml_sequence_end_event_initialize(&event);
yaml_emitter_emit_or_die(emitter, &event);
Reported by FlawFinder.
Line: 121
Column: 3
CWE codes:
126
/* Emit the property name */
yaml_scalar_event_initialize(&event, NULL,
(yaml_char_t *)YAML_STR_TAG, (yaml_char_t*)prop->name,
strlen(prop->name), 1, 1, YAML_PLAIN_SCALAR_STYLE);
yaml_emitter_emit_or_die(emitter, &event);
/* Boolean properties are easiest to deal with. Length is zero, so just emit 'true' */
if (len == 0) {
yaml_scalar_event_initialize(&event, NULL,
Reported by FlawFinder.
Line: 129
Column: 4
CWE codes:
126
yaml_scalar_event_initialize(&event, NULL,
(yaml_char_t *)YAML_BOOL_TAG,
(yaml_char_t*)"true",
strlen("true"), 1, 0, YAML_PLAIN_SCALAR_STYLE);
yaml_emitter_emit_or_die(emitter, &event);
return;
}
if (!m)
Reported by FlawFinder.
Line: 196
Column: 4
CWE codes:
126
for_each_child(tree, child) {
yaml_scalar_event_initialize(&event, NULL,
(yaml_char_t *)YAML_STR_TAG, (yaml_char_t*)child->name,
strlen(child->name), 1, 0, YAML_PLAIN_SCALAR_STYLE);
yaml_emitter_emit_or_die(emitter, &event);
yaml_tree(child, emitter);
}
yaml_mapping_end_event_initialize(&event);
Reported by FlawFinder.