The following issues were found
drivers/net/wireless/marvell/mwifiex/main.c
41 issues
Line: 1118
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mwifiex_drv_get_driver_version(adapter, drv_version,
sizeof(drv_version) - 1);
p += sprintf(p, "driver_version = %s\n", drv_version);
if (adapter->iface_type == MWIFIEX_USB) {
cardp = (struct usb_card_rec *)adapter->card;
p += sprintf(p, "tx_cmd_urb_pending = %d\n",
atomic_read(&cardp->tx_cmd_urb_pending));
Reported by FlawFinder.
Line: 1151
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!adapter->priv[i] || !adapter->priv[i]->netdev)
continue;
priv = adapter->priv[i];
p += sprintf(p, "\n[interface : \"%s\"]\n",
priv->netdev->name);
p += sprintf(p, "wmm_tx_pending[0] = %d\n",
atomic_read(&priv->wmm_tx_pending[0]));
p += sprintf(p, "wmm_tx_pending[1] = %d\n",
atomic_read(&priv->wmm_tx_pending[1]));
Reported by FlawFinder.
Line: 1161
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
atomic_read(&priv->wmm_tx_pending[2]));
p += sprintf(p, "wmm_tx_pending[3] = %d\n",
atomic_read(&priv->wmm_tx_pending[3]));
p += sprintf(p, "media_state=\"%s\"\n", !priv->media_connected ?
"Disconnected" : "Connected");
p += sprintf(p, "carrier %s\n", (netif_carrier_ok(priv->netdev)
? "on" : "off"));
for (idx = 0; idx < priv->netdev->num_tx_queues; idx++) {
txq = netdev_get_tx_queue(priv->netdev, idx);
Reported by FlawFinder.
Line: 1163
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
atomic_read(&priv->wmm_tx_pending[3]));
p += sprintf(p, "media_state=\"%s\"\n", !priv->media_connected ?
"Disconnected" : "Connected");
p += sprintf(p, "carrier %s\n", (netif_carrier_ok(priv->netdev)
? "on" : "off"));
for (idx = 0; idx < priv->netdev->num_tx_queues; idx++) {
txq = netdev_get_tx_queue(priv->netdev, idx);
p += sprintf(p, "tx queue %d:%s ", idx,
netif_tx_queue_stopped(txq) ?
Reported by FlawFinder.
Line: 1167
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
? "on" : "off"));
for (idx = 0; idx < priv->netdev->num_tx_queues; idx++) {
txq = netdev_get_tx_queue(priv->netdev, idx);
p += sprintf(p, "tx queue %d:%s ", idx,
netif_tx_queue_stopped(txq) ?
"stopped" : "started");
}
p += sprintf(p, "\n%s: num_tx_timeout = %d\n",
priv->netdev->name, priv->num_tx_timeout);
Reported by FlawFinder.
Line: 1171
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
netif_tx_queue_stopped(txq) ?
"stopped" : "started");
}
p += sprintf(p, "\n%s: num_tx_timeout = %d\n",
priv->netdev->name, priv->num_tx_timeout);
}
if (adapter->iface_type == MWIFIEX_SDIO ||
adapter->iface_type == MWIFIEX_PCIE) {
Reported by FlawFinder.
Line: 1177
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (adapter->iface_type == MWIFIEX_SDIO ||
adapter->iface_type == MWIFIEX_PCIE) {
p += sprintf(p, "\n=== %s register dump===\n",
adapter->iface_type == MWIFIEX_SDIO ?
"SDIO" : "PCIE");
if (adapter->if_ops.reg_dump)
p += adapter->if_ops.reg_dump(adapter, p);
}
Reported by FlawFinder.
Line: 1250
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(fw_dump_ptr, "========Start dump ");
fw_dump_ptr += strlen("========Start dump ");
strcpy(fw_dump_ptr, entry->mem_name);
fw_dump_ptr += strlen(entry->mem_name);
strcpy(fw_dump_ptr, "========\n");
fw_dump_ptr += strlen("========\n");
Reported by FlawFinder.
Line: 523
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int _mwifiex_fw_dpc(const struct firmware *firmware, void *context)
{
int ret;
char fmt[64];
struct mwifiex_adapter *adapter = context;
struct mwifiex_fw_image fw;
bool init_failed = false;
struct wireless_dev *wdev;
struct completion *fw_done = adapter->fw_done;
Reported by FlawFinder.
Line: 1101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void mwifiex_drv_info_dump(struct mwifiex_adapter *adapter)
{
char *p;
char drv_version[64];
struct usb_card_rec *cardp;
struct sdio_mmc_card *sdio_card;
struct mwifiex_private *priv;
int i, idx;
struct netdev_queue *txq;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c
41 issues
Line: 57
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head neigh_list;
struct net_device *dev; /* NULL for underlay RIF */
struct mlxsw_sp_fid *fid;
unsigned char addr[ETH_ALEN];
int mtu;
u16 rif_index;
u16 vr_id;
const struct mlxsw_sp_rif_ops *ops;
struct mlxsw_sp *mlxsw_sp;
Reported by FlawFinder.
Line: 178
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int counter_index, bool enable,
enum mlxsw_sp_rif_counter_dir dir)
{
char ritr_pl[MLXSW_REG_RITR_LEN];
bool is_egress = false;
int err;
if (dir == MLXSW_SP_RIF_COUNTER_EGRESS)
is_egress = true;
Reported by FlawFinder.
Line: 198
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_rif *rif,
enum mlxsw_sp_rif_counter_dir dir, u64 *cnt)
{
char ricnt_pl[MLXSW_REG_RICNT_LEN];
unsigned int *p_counter_index;
bool valid;
int err;
valid = mlxsw_sp_rif_counter_valid_get(rif, dir);
Reported by FlawFinder.
Line: 222
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_rif_counter_clear(struct mlxsw_sp *mlxsw_sp,
unsigned int counter_index)
{
char ricnt_pl[MLXSW_REG_RICNT_LEN];
mlxsw_reg_ricnt_pack(ricnt_pl, counter_index,
MLXSW_REG_RICNT_OPCODE_CLEAR);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(ricnt), ricnt_pl);
}
Reported by FlawFinder.
Line: 320
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlxsw_sp_prefix_usage_cpy(struct mlxsw_sp_prefix_usage *prefix_usage1,
struct mlxsw_sp_prefix_usage *prefix_usage2)
{
memcpy(prefix_usage1, prefix_usage2, sizeof(*prefix_usage1));
}
static void
mlxsw_sp_prefix_usage_set(struct mlxsw_sp_prefix_usage *prefix_usage,
unsigned char prefix_len)
Reported by FlawFinder.
Line: 338
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct mlxsw_sp_fib_key {
unsigned char addr[sizeof(struct in6_addr)];
unsigned char prefix_len;
};
enum mlxsw_sp_fib_entry_type {
MLXSW_SP_FIB_ENTRY_TYPE_REMOTE,
Reported by FlawFinder.
Line: 576
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct mlxsw_sp_router_ll_ops *ll_ops,
struct mlxsw_sp_lpm_tree *lpm_tree)
{
char xralta_pl[MLXSW_REG_XRALTA_LEN];
mlxsw_reg_xralta_pack(xralta_pl, true,
(enum mlxsw_reg_ralxx_protocol) lpm_tree->proto,
lpm_tree->id);
return ll_ops->ralta_write(mlxsw_sp, xralta_pl);
Reported by FlawFinder.
Line: 588
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct mlxsw_sp_router_ll_ops *ll_ops,
struct mlxsw_sp_lpm_tree *lpm_tree)
{
char xralta_pl[MLXSW_REG_XRALTA_LEN];
mlxsw_reg_xralta_pack(xralta_pl, false,
(enum mlxsw_reg_ralxx_protocol) lpm_tree->proto,
lpm_tree->id);
ll_ops->ralta_write(mlxsw_sp, xralta_pl);
Reported by FlawFinder.
Line: 602
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_prefix_usage *prefix_usage,
struct mlxsw_sp_lpm_tree *lpm_tree)
{
char xralst_pl[MLXSW_REG_XRALST_LEN];
u8 root_bin = 0;
u8 prefix;
u8 last_prefix = MLXSW_REG_RALST_BIN_NO_CHILD;
mlxsw_sp_prefix_usage_for_each(prefix, prefix_usage)
Reported by FlawFinder.
Line: 784
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mlxsw_sp_vr_lpm_tree_bind(struct mlxsw_sp *mlxsw_sp,
const struct mlxsw_sp_fib *fib, u8 tree_id)
{
char xraltb_pl[MLXSW_REG_XRALTB_LEN];
mlxsw_reg_xraltb_pack(xraltb_pl, fib->vr->id,
(enum mlxsw_reg_ralxx_protocol) fib->proto,
tree_id);
return fib->ll_ops->raltb_write(mlxsw_sp, xraltb_pl);
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/sta_cmd.c
40 issues
Line: 384
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mwifiex_dbg(adapter, CMD,
"cmd: Attach %d bytes ArpFilter to HSCfg cmd\n",
adapter->arp_filter_size);
memcpy(((u8 *) hs_cfg) +
sizeof(struct host_cmd_ds_802_11_hs_cfg_enh),
adapter->arp_filter, adapter->arp_filter_size);
size = adapter->arp_filter_size +
sizeof(struct host_cmd_ds_802_11_hs_cfg_enh)
+ S_DS_GEN;
Reported by FlawFinder.
Line: 447
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->params.mac_addr.action = cpu_to_le16(cmd_action);
if (cmd_action == HostCmd_ACT_GEN_SET)
memcpy(cmd->params.mac_addr.mac_addr, priv->curr_addr,
ETH_ALEN);
return 0;
}
/*
Reported by FlawFinder.
Line: 474
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mcast_addr->action = cpu_to_le16(cmd_action);
mcast_addr->num_of_adrs =
cpu_to_le16((u16) mcast_list->num_multicast_addr);
memcpy(mcast_addr->mac_list, mcast_list->mac_list,
mcast_list->num_multicast_addr * ETH_ALEN);
return 0;
}
Reported by FlawFinder.
Line: 499
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
+ S_DS_GEN);
/* Set AP MAC address */
memcpy(deauth->mac_addr, mac, ETH_ALEN);
mwifiex_dbg(priv->adapter, CMD, "cmd: Deauth: %pM\n", deauth->mac_addr);
deauth->reason_code = cpu_to_le16(WLAN_REASON_DEAUTH_LEAVING);
Reported by FlawFinder.
Line: 604
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mwifiex_dbg(adapter, INFO,
"%s: Set CMAC AES Key\n", __func__);
if (enc_key->is_rx_seq_valid)
memcpy(km->key_param_set.key_params.cmac_aes.ipn,
enc_key->pn, enc_key->pn_len);
km->key_param_set.key_info &= cpu_to_le16(~KEY_MCAST);
km->key_param_set.key_info |= cpu_to_le16(KEY_IGTK);
km->key_param_set.key_type = KEY_TYPE_ID_AES_CMAC;
km->key_param_set.key_params.cmac_aes.key_len =
Reported by FlawFinder.
Line: 611
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
km->key_param_set.key_type = KEY_TYPE_ID_AES_CMAC;
km->key_param_set.key_params.cmac_aes.key_len =
cpu_to_le16(enc_key->key_len);
memcpy(km->key_param_set.key_params.cmac_aes.key,
enc_key->key_material, enc_key->key_len);
len += sizeof(struct mwifiex_cmac_aes_param);
} else if (enc_key->is_igtk_def_key) {
mwifiex_dbg(adapter, INFO,
"%s: Set CMAC default Key index\n", __func__);
Reported by FlawFinder.
Line: 623
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mwifiex_dbg(adapter, INFO,
"%s: Set AES Key\n", __func__);
if (enc_key->is_rx_seq_valid)
memcpy(km->key_param_set.key_params.aes.pn,
enc_key->pn, enc_key->pn_len);
km->key_param_set.key_type = KEY_TYPE_ID_AES;
km->key_param_set.key_params.aes.key_len =
cpu_to_le16(enc_key->key_len);
memcpy(km->key_param_set.key_params.aes.key,
Reported by FlawFinder.
Line: 628
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
km->key_param_set.key_type = KEY_TYPE_ID_AES;
km->key_param_set.key_params.aes.key_len =
cpu_to_le16(enc_key->key_len);
memcpy(km->key_param_set.key_params.aes.key,
enc_key->key_material, enc_key->key_len);
len += sizeof(struct mwifiex_aes_param);
}
km->key_param_set.len = cpu_to_le16(len);
Reported by FlawFinder.
Line: 670
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
enc_key->key_index & KEY_INDEX_MASK;
km->key_param_set.type = cpu_to_le16(TLV_TYPE_KEY_PARAM_V2);
km->key_param_set.len = cpu_to_le16(KEY_PARAMS_FIXED_LEN);
memcpy(km->key_param_set.mac_addr, mac, ETH_ALEN);
if (enc_key->key_index & MWIFIEX_KEY_INDEX_UNICAST)
key_info = KEY_UNICAST;
else
key_info = KEY_MCAST;
Reported by FlawFinder.
Line: 699
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
km->key_param_set.key_idx = enc_key->key_index & KEY_INDEX_MASK;
key_info = KEY_MCAST | KEY_UNICAST;
km->key_param_set.key_info = cpu_to_le16(key_info);
memcpy(km->key_param_set.mac_addr, mac, ETH_ALEN);
cmd->size = cpu_to_le16(sizeof(struct mwifiex_ie_types_header) +
S_DS_GEN + KEY_PARAMS_FIXED_LEN +
sizeof(km->action));
return 0;
}
Reported by FlawFinder.
tools/perf/util/sort.c
40 issues
Line: 300
CWE codes:
476
u64 ip, char level, char *bf, size_t size,
unsigned int width)
{
struct symbol *sym = ms->sym;
struct map *map = ms->map;
size_t ret = 0;
if (verbose > 0) {
char o = map ? dso__symtab_origin(map->dso) : '!';
Reported by Cppcheck.
Line: 67
Column: 6
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
va_start(ap, fmt);
n = vsnprintf(bf, size, fmt, ap);
if (symbol_conf.field_sep && n > 0) {
char *sep = bf;
while (1) {
sep = strchr(sep, *symbol_conf.field_sep);
Reported by FlawFinder.
Line: 1691
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static inline char *add_str(char *p, const char *str)
{
strcpy(p, str);
return p + strlen(str);
}
static struct txbit {
unsigned flag;
Reported by FlawFinder.
Line: 1739
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
if (t && !(t & (PERF_TXN_SYNC|PERF_TXN_ASYNC)))
p = add_str(p, "NEITHER ");
if (t & PERF_TXN_ABORT_MASK) {
sprintf(p, ":%" PRIx64,
(t & PERF_TXN_ABORT_MASK) >>
PERF_TXN_ABORT_SHIFT);
p += strlen(p);
}
Reported by FlawFinder.
Line: 300
CWE codes:
476
u64 ip, char level, char *bf, size_t size,
unsigned int width)
{
struct symbol *sym = ms->sym;
struct map *map = ms->map;
size_t ret = 0;
if (verbose > 0) {
char o = map ? dso__symtab_origin(map->dso) : '!';
Reported by Cppcheck.
Line: 301
CWE codes:
476
unsigned int width)
{
struct symbol *sym = ms->sym;
struct map *map = ms->map;
size_t ret = 0;
if (verbose > 0) {
char o = map ? dso__symtab_origin(map->dso) : '!';
u64 rip = ip;
Reported by Cppcheck.
Line: 464
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct symbol *sym = he->ms.sym;
struct annotation *notes;
double ipc = 0.0, coverage = 0.0;
char tmp[64];
if (!sym)
return repsep_snprintf(bf, size, "%-*s", width, "-");
notes = symbol__annotation(sym);
Reported by FlawFinder.
Line: 495
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *bf, size_t size,
unsigned int width)
{
char tmp[64];
snprintf(tmp, sizeof(tmp), "%-5s %2s", "-", "-");
return repsep_snprintf(bf, size, "%-*s", width, tmp);
}
Reported by FlawFinder.
Line: 510
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* --sort srcfile */
static char no_srcfile[1];
static char *hist_entry__get_srcfile(struct hist_entry *e)
{
char *sf, *p;
struct map *map = e->ms.map;
Reported by FlawFinder.
Line: 725
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int hist_entry__time_snprintf(struct hist_entry *he, char *bf,
size_t size, unsigned int width)
{
char he_time[32];
if (symbol_conf.nanosecs)
timestamp__scnprintf_nsec(he->time, he_time,
sizeof(he_time));
else
Reported by FlawFinder.
arch/s390/include/asm/sysinfo.h
40 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char :8;
unsigned char ccr;
unsigned char cai;
char reserved_0[20];
unsigned long lic;
char manufacturer[16];
char type[4];
char reserved_1[12];
char model_capacity[16];
Reported by FlawFinder.
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char cai;
char reserved_0[20];
unsigned long lic;
char manufacturer[16];
char type[4];
char reserved_1[12];
char model_capacity[16];
char sequence[16];
char plant[4];
Reported by FlawFinder.
Line: 27
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char reserved_0[20];
unsigned long lic;
char manufacturer[16];
char type[4];
char reserved_1[12];
char model_capacity[16];
char sequence[16];
char plant[4];
char model[16];
Reported by FlawFinder.
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long lic;
char manufacturer[16];
char type[4];
char reserved_1[12];
char model_capacity[16];
char sequence[16];
char plant[4];
char model[16];
char model_perm_cap[16];
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char manufacturer[16];
char type[4];
char reserved_1[12];
char model_capacity[16];
char sequence[16];
char plant[4];
char model[16];
char model_perm_cap[16];
char model_temp_cap[16];
Reported by FlawFinder.
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char type[4];
char reserved_1[12];
char model_capacity[16];
char sequence[16];
char plant[4];
char model[16];
char model_perm_cap[16];
char model_temp_cap[16];
unsigned int model_cap_rating;
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char reserved_1[12];
char model_capacity[16];
char sequence[16];
char plant[4];
char model[16];
char model_perm_cap[16];
char model_temp_cap[16];
unsigned int model_cap_rating;
unsigned int model_perm_cap_rating;
Reported by FlawFinder.
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model_capacity[16];
char sequence[16];
char plant[4];
char model[16];
char model_perm_cap[16];
char model_temp_cap[16];
unsigned int model_cap_rating;
unsigned int model_perm_cap_rating;
unsigned int model_temp_cap_rating;
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char sequence[16];
char plant[4];
char model[16];
char model_perm_cap[16];
char model_temp_cap[16];
unsigned int model_cap_rating;
unsigned int model_perm_cap_rating;
unsigned int model_temp_cap_rating;
unsigned char typepct[5];
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char plant[4];
char model[16];
char model_perm_cap[16];
char model_temp_cap[16];
unsigned int model_cap_rating;
unsigned int model_perm_cap_rating;
unsigned int model_temp_cap_rating;
unsigned char typepct[5];
unsigned char reserved_2[3];
Reported by FlawFinder.
drivers/target/iscsi/iscsi_target_configfs.c
40 issues
Line: 453
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
spin_lock_bh(&se_nacl->nacl_sess_lock); \
se_sess = se_nacl->nacl_sess; \
if (!se_sess) { \
rb = snprintf(page, PAGE_SIZE, \
"No Active iSCSI Session\n"); \
} else { \
sess = se_sess->fabric_sess_ptr; \
rb = snprintf(page, PAGE_SIZE, "%u\n", \
(u32)sess->sess_ops->name); \
Reported by FlawFinder.
Line: 510
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
spin_lock_bh(&se_nacl->nacl_sess_lock);
se_sess = se_nacl->nacl_sess;
if (!se_sess) {
rb += sprintf(page+rb, "No active iSCSI Session for Initiator"
" Endpoint: %s\n", se_nacl->initiatorname);
} else {
sess = se_sess->fabric_sess_ptr;
rb += sprintf(page+rb, "InitiatorName: %s\n",
Reported by FlawFinder.
Line: 515
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else {
sess = se_sess->fabric_sess_ptr;
rb += sprintf(page+rb, "InitiatorName: %s\n",
sess->sess_ops->InitiatorName);
rb += sprintf(page+rb, "InitiatorAlias: %s\n",
sess->sess_ops->InitiatorAlias);
rb += sprintf(page+rb,
Reported by FlawFinder.
Line: 517
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rb += sprintf(page+rb, "InitiatorName: %s\n",
sess->sess_ops->InitiatorName);
rb += sprintf(page+rb, "InitiatorAlias: %s\n",
sess->sess_ops->InitiatorAlias);
rb += sprintf(page+rb,
"LIO Session ID: %u ISID: 0x%6ph TSIH: %hu ",
sess->sid, sess->isid, sess->tsih);
Reported by FlawFinder.
Line: 523
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rb += sprintf(page+rb,
"LIO Session ID: %u ISID: 0x%6ph TSIH: %hu ",
sess->sid, sess->isid, sess->tsih);
rb += sprintf(page+rb, "SessionType: %s\n",
(sess->sess_ops->SessionType) ?
"Discovery" : "Normal");
rb += sprintf(page+rb, "Session State: ");
switch (sess->session_state) {
case TARG_SESS_STATE_FREE:
Reported by FlawFinder.
Line: 602
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
rb += sprintf(page+rb, " Address %pISc %s", &conn->login_sockaddr,
(conn->network_transport == ISCSI_TCP) ?
"TCP" : "SCTP");
rb += sprintf(page+rb, " StatSN: 0x%08x\n",
conn->stat_sn);
}
Reported by FlawFinder.
Line: 48
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
tpg_np_new = iscsit_tpg_locate_child_np(tpg_np, type);
if (tpg_np_new)
rb = sprintf(page, "1\n");
else
rb = sprintf(page, "0\n");
return rb;
}
Reported by FlawFinder.
Line: 50
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (tpg_np_new)
rb = sprintf(page, "1\n");
else
rb = sprintf(page, "0\n");
return rb;
}
static ssize_t lio_target_np_driver_store(struct config_item *item,
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *str, *str2, *ip_str, *port_str;
struct sockaddr_storage sockaddr = { };
int ret;
char buf[MAX_PORTAL_LEN + 1] = { };
if (strlen(name) > MAX_PORTAL_LEN) {
pr_err("strlen(name): %d exceeds MAX_PORTAL_LEN: %d\n",
(int)strlen(name), MAX_PORTAL_LEN);
return ERR_PTR(-EOVERFLOW);
Reported by FlawFinder.
Line: 287
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct iscsi_node_acl *nacl = container_of(se_nacl, struct iscsi_node_acl, \
se_node_acl); \
\
return sprintf(page, "%u\n", nacl->node_attrib.name); \
} \
\
static ssize_t iscsi_nacl_attrib_##name##_store(struct config_item *item,\
const char *page, size_t count) \
{ \
Reported by FlawFinder.
tools/perf/util/session.c
40 issues
Line: 2502
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct perf_sample_id *sid;
if (dump_trace) {
fprintf(stdout, " ... id: %"PRI_lu64, e->id);
fprintf(stdout, " idx: %"PRI_lu64, e->idx);
fprintf(stdout, " cpu: %"PRI_ld64, e->cpu);
fprintf(stdout, " tid: %"PRI_ld64"\n", e->tid);
}
Reported by FlawFinder.
Line: 2503
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (dump_trace) {
fprintf(stdout, " ... id: %"PRI_lu64, e->id);
fprintf(stdout, " idx: %"PRI_lu64, e->idx);
fprintf(stdout, " cpu: %"PRI_ld64, e->cpu);
fprintf(stdout, " tid: %"PRI_ld64"\n", e->tid);
}
sid = evlist__id2sid(evlist, e->id);
Reported by FlawFinder.
Line: 2504
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (dump_trace) {
fprintf(stdout, " ... id: %"PRI_lu64, e->id);
fprintf(stdout, " idx: %"PRI_lu64, e->idx);
fprintf(stdout, " cpu: %"PRI_ld64, e->cpu);
fprintf(stdout, " tid: %"PRI_ld64"\n", e->tid);
}
sid = evlist__id2sid(evlist, e->id);
if (!sid)
Reported by FlawFinder.
Line: 67
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
decomp->head = 0;
if (decomp_last_rem) {
memcpy(decomp->data, &(decomp_last->data[decomp_last->head]), decomp_last_rem);
decomp->size = decomp_last_rem;
}
src = (void *)event + sizeof(struct perf_record_compressed);
src_size = event->pack.header.size - sizeof(struct perf_record_compressed);
Reported by FlawFinder.
Line: 376
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int skipn(int fd, off_t n)
{
char buf[4096];
ssize_t ret;
while (n > 0) {
ret = read(fd, buf, min(n, (off_t)sizeof(buf)));
if (ret <= 0)
Reported by FlawFinder.
Line: 1305
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_sample *sample)
{
u64 sample_type;
char str[PAGE_SIZE_NAME_LEN];
if (!dump_trace)
return;
printf("(IP, 0x%x): %d/%d: %#" PRIx64 " period: %" PRIu64 " addr: %#" PRIx64 "\n",
Reported by FlawFinder.
Line: 1754
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 size, peek_events_cb_t cb, void *data)
{
u64 max_offset = offset + size;
char buf[PERF_SAMPLE_MAX_SIZE];
union perf_event *event;
int err;
do {
err = perf_session__peek_event(session, offset, buf,
Reported by FlawFinder.
Line: 2174
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 head, page_offset, file_offset, file_pos, size;
int err = 0, mmap_prot, mmap_flags, map_idx = 0;
size_t mmap_size;
char *buf, *mmaps[NUM_MMAPS];
union perf_event *event;
s64 skip;
page_offset = page_size * (rd->data_offset / page_size);
file_offset = page_offset;
Reported by FlawFinder.
Line: 581
Column: 22
CWE codes:
126
if (sample_id_all) {
void *data = &event->comm.comm;
data += PERF_ALIGN(strlen(data) + 1, sizeof(u64));
swap_sample_id_all(event, data);
}
}
static void perf_event__mmap_swap(union perf_event *event,
Reported by FlawFinder.
sound/pci/asihpi/hpi6205.c
40 issues
Line: 238
CWE codes:
476
struct hpi_message *phm, struct hpi_response *phr)
{
struct hpi_hw_obj *phw = pao->priv;
u16 pending_cache_error = 0;
switch (phm->function) {
case HPI_CONTROL_GET_STATE:
if (pao->has_control_cache) {
Reported by Cppcheck.
Line: 734
CWE codes:
476
{
u16 err = 0;
u32 command = phm->u.d.u.buffer.command;
struct hpi_hw_obj *phw = pao->priv;
struct bus_master_interface *interface = phw->p_interface_buffer;
hpi_init_response(phr, phm->object, phm->function, 0);
if (command == HPI_BUFFER_CMD_EXTERNAL
Reported by Cppcheck.
Line: 834
CWE codes:
476
static void outstream_host_buffer_get_info(struct hpi_adapter_obj *pao,
struct hpi_message *phm, struct hpi_response *phr)
{
struct hpi_hw_obj *phw = pao->priv;
struct bus_master_interface *interface = phw->p_interface_buffer;
struct hpi_hostbuffer_status *status;
u8 *p_bbm_data;
if (hpios_locked_mem_valid(&phw->outstream_host_buffers[phm->
Reported by Cppcheck.
Line: 863
CWE codes:
476
static void outstream_host_buffer_free(struct hpi_adapter_obj *pao,
struct hpi_message *phm, struct hpi_response *phr)
{
struct hpi_hw_obj *phw = pao->priv;
u32 command = phm->u.d.u.buffer.command;
if (phw->outstream_host_buffer_size[phm->obj_index]) {
if (command == HPI_BUFFER_CMD_EXTERNAL
|| command == HPI_BUFFER_CMD_INTERNAL_REVOKEADAPTER) {
Reported by Cppcheck.
Line: 895
CWE codes:
476
static void outstream_write(struct hpi_adapter_obj *pao,
struct hpi_message *phm, struct hpi_response *phr)
{
struct hpi_hw_obj *phw = pao->priv;
struct bus_master_interface *interface = phw->p_interface_buffer;
struct hpi_hostbuffer_status *status;
u32 space_available;
if (!phw->outstream_host_buffer_size[phm->obj_index]) {
Reported by Cppcheck.
Line: 969
CWE codes:
476
static void outstream_get_info(struct hpi_adapter_obj *pao,
struct hpi_message *phm, struct hpi_response *phr)
{
struct hpi_hw_obj *phw = pao->priv;
struct bus_master_interface *interface = phw->p_interface_buffer;
struct hpi_hostbuffer_status *status;
if (!phw->outstream_host_buffer_size[phm->obj_index]) {
hw_message(pao, phm, phr);
Reported by Cppcheck.
Line: 1001
CWE codes:
476
static void outstream_reset(struct hpi_adapter_obj *pao,
struct hpi_message *phm, struct hpi_response *phr)
{
struct hpi_hw_obj *phw = pao->priv;
phw->flag_outstream_just_reset[phm->obj_index] = 1;
hw_message(pao, phm, phr);
}
static void outstream_open(struct hpi_adapter_obj *pao,
Reported by Cppcheck.
Line: 1020
CWE codes:
476
{
u16 err = 0;
u32 command = phm->u.d.u.buffer.command;
struct hpi_hw_obj *phw = pao->priv;
struct bus_master_interface *interface = phw->p_interface_buffer;
hpi_init_response(phr, phm->object, phm->function, 0);
if (command == HPI_BUFFER_CMD_EXTERNAL
Reported by Cppcheck.
Line: 1111
CWE codes:
476
static void instream_host_buffer_get_info(struct hpi_adapter_obj *pao,
struct hpi_message *phm, struct hpi_response *phr)
{
struct hpi_hw_obj *phw = pao->priv;
struct bus_master_interface *interface = phw->p_interface_buffer;
struct hpi_hostbuffer_status *status;
u8 *p_bbm_data;
if (hpios_locked_mem_valid(&phw->instream_host_buffers[phm->
Reported by Cppcheck.
Line: 1140
CWE codes:
476
static void instream_host_buffer_free(struct hpi_adapter_obj *pao,
struct hpi_message *phm, struct hpi_response *phr)
{
struct hpi_hw_obj *phw = pao->priv;
u32 command = phm->u.d.u.buffer.command;
if (phw->instream_host_buffer_size[phm->obj_index]) {
if (command == HPI_BUFFER_CMD_EXTERNAL
|| command == HPI_BUFFER_CMD_INTERNAL_REVOKEADAPTER) {
Reported by Cppcheck.
tools/testing/selftests/resctrl/resctrl_val.c
40 issues
Line: 156
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
FILE *fp;
/* Get type of iMC counter */
sprintf(imc_counter_type, "%s%s", imc_dir, "type");
fp = fopen(imc_counter_type, "r");
if (!fp) {
perror("Failed to open imc counter type file");
return -1;
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
imc_counters_config[count][READ].type;
/* Get read config */
sprintf(imc_counter_cfg, "%s%s", imc_dir, READ_FILE_NAME);
fp = fopen(imc_counter_cfg, "r");
if (!fp) {
perror("Failed to open imc config file");
return -1;
Reported by FlawFinder.
Line: 182
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
return -1;
}
if (fscanf(fp, "%s", cas_count_cfg) <= 0) {
perror("Could not get imc cas count read");
fclose(fp);
return -1;
}
Reported by FlawFinder.
Line: 193
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
get_event_and_umask(cas_count_cfg, count, READ);
/* Get write config */
sprintf(imc_counter_cfg, "%s%s", imc_dir, WRITE_FILE_NAME);
fp = fopen(imc_counter_cfg, "r");
if (!fp) {
perror("Failed to open imc config file");
return -1;
Reported by FlawFinder.
Line: 200
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
return -1;
}
if (fscanf(fp, "%s", cas_count_cfg) <= 0) {
perror("Could not get imc cas count write");
fclose(fp);
return -1;
}
Reported by FlawFinder.
Line: 252
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* first character is a numerical digit or not.
*/
if (temp[0] >= '0' && temp[0] <= '9') {
sprintf(imc_dir, "%s/%s/", DYN_PMU_PATH,
ep->d_name);
ret = read_from_imc_dir(imc_dir, count);
if (ret) {
closedir(dp);
Reported by FlawFinder.
Line: 393
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
void set_mbm_path(const char *ctrlgrp, const char *mongrp, int resource_id)
{
if (ctrlgrp && mongrp)
sprintf(mbm_total_path, CON_MON_MBM_LOCAL_BYTES_PATH,
RESCTRL_PATH, ctrlgrp, mongrp, resource_id);
else if (!ctrlgrp && mongrp)
sprintf(mbm_total_path, MON_MBM_LOCAL_BYTES_PATH, RESCTRL_PATH,
mongrp, resource_id);
else if (ctrlgrp && !mongrp)
Reported by FlawFinder.
Line: 396
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
sprintf(mbm_total_path, CON_MON_MBM_LOCAL_BYTES_PATH,
RESCTRL_PATH, ctrlgrp, mongrp, resource_id);
else if (!ctrlgrp && mongrp)
sprintf(mbm_total_path, MON_MBM_LOCAL_BYTES_PATH, RESCTRL_PATH,
mongrp, resource_id);
else if (ctrlgrp && !mongrp)
sprintf(mbm_total_path, CON_MBM_LOCAL_BYTES_PATH, RESCTRL_PATH,
ctrlgrp, resource_id);
else if (!ctrlgrp && !mongrp)
Reported by FlawFinder.
Line: 399
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
sprintf(mbm_total_path, MON_MBM_LOCAL_BYTES_PATH, RESCTRL_PATH,
mongrp, resource_id);
else if (ctrlgrp && !mongrp)
sprintf(mbm_total_path, CON_MBM_LOCAL_BYTES_PATH, RESCTRL_PATH,
ctrlgrp, resource_id);
else if (!ctrlgrp && !mongrp)
sprintf(mbm_total_path, MBM_LOCAL_BYTES_PATH, RESCTRL_PATH,
resource_id);
}
Reported by FlawFinder.
Line: 402
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
sprintf(mbm_total_path, CON_MBM_LOCAL_BYTES_PATH, RESCTRL_PATH,
ctrlgrp, resource_id);
else if (!ctrlgrp && !mongrp)
sprintf(mbm_total_path, MBM_LOCAL_BYTES_PATH, RESCTRL_PATH,
resource_id);
}
/*
* initialize_mem_bw_resctrl: Appropriately populate "mbm_total_path"
Reported by FlawFinder.
tools/testing/selftests/cgroup/cgroup_util.c
39 issues
Line: 27
Column: 7
CWE codes:
362
ssize_t len;
int fd;
fd = open(path, O_RDONLY);
if (fd < 0)
return fd;
len = read(fd, buf, max_len - 1);
if (len < 0)
Reported by FlawFinder.
Line: 45
Column: 7
CWE codes:
362
{
int fd;
fd = open(path, O_WRONLY | O_APPEND);
if (fd < 0)
return fd;
len = write(fd, buf, len);
if (len < 0) {
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cg_read(const char *cgroup, const char *control, char *buf, size_t len)
{
char path[PATH_MAX];
snprintf(path, sizeof(path), "%s/%s", cgroup, control);
if (read_text(path, buf, len) >= 0)
return 0;
Reported by FlawFinder.
Line: 131
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cg_read_strstr(const char *cgroup, const char *control, const char *needle)
{
char buf[PAGE_SIZE];
if (cg_read(cgroup, control, buf, sizeof(buf)))
return -1;
return strstr(buf, needle) ? 0 : -1;
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long cg_read_long(const char *cgroup, const char *control)
{
char buf[128];
if (cg_read(cgroup, control, buf, sizeof(buf)))
return -1;
return atol(buf);
Reported by FlawFinder.
Line: 146
Column: 9
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (cg_read(cgroup, control, buf, sizeof(buf)))
return -1;
return atol(buf);
}
long cg_read_key_long(const char *cgroup, const char *control, const char *key)
{
char buf[PAGE_SIZE];
Reported by FlawFinder.
Line: 151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long cg_read_key_long(const char *cgroup, const char *control, const char *key)
{
char buf[PAGE_SIZE];
char *ptr;
if (cg_read(cgroup, control, buf, sizeof(buf)))
return -1;
Reported by FlawFinder.
Line: 161
Column: 9
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (!ptr)
return -1;
return atol(ptr + strlen(key));
}
long cg_read_lc(const char *cgroup, const char *control)
{
char buf[PAGE_SIZE];
Reported by FlawFinder.
Line: 166
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long cg_read_lc(const char *cgroup, const char *control)
{
char buf[PAGE_SIZE];
const char delim[] = "\n";
char *line;
long cnt = 0;
if (cg_read(cgroup, control, buf, sizeof(buf)))
Reported by FlawFinder.
Line: 182
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cg_write(const char *cgroup, const char *control, char *buf)
{
char path[PATH_MAX];
ssize_t len = strlen(buf);
snprintf(path, sizeof(path), "%s/%s", cgroup, control);
if (write_text(path, buf, len) == len)
Reported by FlawFinder.