The following issues were found
drivers/input/touchscreen/usbtouchscreen.c
9 issues
Line: 100
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usbtouch_device_info *type;
struct mutex pm_mutex; /* serialize access to open/suspend */
bool is_open;
char name[128];
char phys[64];
void *priv;
int x, y;
int touch, press;
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mutex pm_mutex; /* serialize access to open/suspend */
bool is_open;
char name[128];
char phys[64];
void *priv;
int x, y;
int touch, press;
};
Reported by FlawFinder.
Line: 915
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 data[];
} __attribute__ ((packed));
static unsigned char nexio_ack_pkt[2] = { 0xaa, 0x02 };
static unsigned char nexio_init_pkt[4] = { 0x82, 0x04, 0x0a, 0x0f };
static void nexio_ack_complete(struct urb *urb)
{
}
Reported by FlawFinder.
Line: 916
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __attribute__ ((packed));
static unsigned char nexio_ack_pkt[2] = { 0xaa, 0x02 };
static unsigned char nexio_init_pkt[4] = { 0x82, 0x04, 0x0a, 0x0f };
static void nexio_ack_complete(struct urb *urb)
{
}
Reported by FlawFinder.
Line: 992
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* send init command */
memcpy(buf, nexio_init_pkt, sizeof(nexio_init_pkt));
ret = usb_bulk_msg(dev, usb_sndbulkpipe(dev, output_ep),
buf, sizeof(nexio_init_pkt), &actual_len,
NEXIO_TIMEOUT);
if (ret < 0)
goto out_buf;
Reported by FlawFinder.
Line: 1435
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
append = len;
if (usbtouch->buf_len + append >= usbtouch->type->rept_size)
goto out_flush_buf;
memcpy(usbtouch->buffer + usbtouch->buf_len, pkt, append);
usbtouch->buf_len += append;
pkt_len = usbtouch->type->get_pkt_len(
usbtouch->buffer, usbtouch->buf_len);
if (pkt_len < 0)
Reported by FlawFinder.
Line: 1448
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp = pkt_len - usbtouch->buf_len;
if (usbtouch->buf_len + tmp >= usbtouch->type->rept_size)
goto out_flush_buf;
memcpy(usbtouch->buffer + usbtouch->buf_len, pkt, tmp);
usbtouch_process_pkt(usbtouch, usbtouch->buffer, pkt_len);
buffer = pkt + tmp;
buf_len = len - tmp;
} else {
Reported by FlawFinder.
Line: 1476
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
usbtouch_process_pkt(usbtouch, buffer + pos, pkt_len);
} else {
/* incomplete packet: save in buffer */
memcpy(usbtouch->buffer, buffer + pos, buf_len - pos);
usbtouch->buf_len = buf_len - pos;
return;
}
pos += pkt_len;
}
Reported by FlawFinder.
Line: 1716
Column: 7
CWE codes:
126
strlcat(usbtouch->name, udev->product, sizeof(usbtouch->name));
}
if (!strlen(usbtouch->name))
snprintf(usbtouch->name, sizeof(usbtouch->name),
"USB Touchscreen %04x:%04x",
le16_to_cpu(udev->descriptor.idVendor),
le16_to_cpu(udev->descriptor.idProduct));
Reported by FlawFinder.
drivers/gpu/drm/i915/gvt/kvmgt.c
9 issues
Line: 167
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t device_api_show(struct mdev_type *mtype,
struct mdev_type_attribute *attr, char *buf)
{
return sprintf(buf, "%s\n", VFIO_DEVICE_API_PCI_STRING);
}
static ssize_t description_show(struct mdev_type *mtype,
struct mdev_type_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 180
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!type)
return 0;
return sprintf(buf, "low_gm_size: %dMB\nhigh_gm_size: %dMB\n"
"fence: %d\nresolution: %s\n"
"weight: %d\n",
BYTES_TO_MB(type->low_gm_size),
BYTES_TO_MB(type->high_gm_size),
type->fence, vgpu_edid_str(type->resolution),
Reported by FlawFinder.
Line: 161
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
num = type->avail_instance;
return sprintf(buf, "%u\n", num);
}
static ssize_t device_api_show(struct mdev_type *mtype,
struct mdev_type_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 562
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
count = min(count, (size_t)(vdev->region[i].size - pos));
memcpy(buf, base + pos, count);
return count;
}
static void intel_vgpu_reg_release_opregion(struct intel_vgpu *vgpu,
Reported by FlawFinder.
Line: 628
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EPERM;
}
} else {
memcpy(buf, (char *)regs + offset, count);
}
return count;
}
Reported by FlawFinder.
Line: 641
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
if (is_write)
memcpy(region->edid_blob + offset, buf, count);
else
memcpy(buf, region->edid_blob + offset, count);
return count;
}
Reported by FlawFinder.
Line: 643
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (is_write)
memcpy(region->edid_blob + offset, buf, count);
else
memcpy(buf, region->edid_blob + offset, count);
return count;
}
static size_t intel_vgpu_reg_rw_edid(struct intel_vgpu *vgpu, char *buf,
Reported by FlawFinder.
Line: 1729
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (mdev) {
struct intel_vgpu *vgpu = (struct intel_vgpu *)
mdev_get_drvdata(mdev);
return sprintf(buf, "%d\n", vgpu->id);
}
return sprintf(buf, "\n");
}
static DEVICE_ATTR_RO(vgpu_id);
Reported by FlawFinder.
Line: 1731
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mdev_get_drvdata(mdev);
return sprintf(buf, "%d\n", vgpu->id);
}
return sprintf(buf, "\n");
}
static DEVICE_ATTR_RO(vgpu_id);
static struct attribute *intel_vgpu_attrs[] = {
Reported by FlawFinder.
drivers/hwmon/i5k_amb.c
9 issues
Line: 107
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t name_show(struct device *dev, struct device_attribute *devattr,
char *buf)
{
return sprintf(buf, "%s\n", DRVNAME);
}
static DEVICE_ATTR_RO(name);
Reported by FlawFinder.
Line: 90
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define AMB_SYSFS_NAME_LEN 16
struct i5k_device_attribute {
struct sensor_device_attribute s_attr;
char name[AMB_SYSFS_NAME_LEN];
};
struct i5k_amb_data {
struct device *hwmon_dev;
Reported by FlawFinder.
Line: 135
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(amb_read_byte(data, amb_reg_temp_status(attr->index)) & 0x20) &&
(amb_read_byte(data, amb_reg_temp_status(attr->index)) & 0x8))
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t store_amb_min(struct device *dev,
Reported by FlawFinder.
Line: 137
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(amb_read_byte(data, amb_reg_temp_status(attr->index)) & 0x8))
return sprintf(buf, "1\n");
else
return sprintf(buf, "0\n");
}
static ssize_t store_amb_min(struct device *dev,
struct device_attribute *devattr,
const char *buf,
Reported by FlawFinder.
Line: 206
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct i5k_amb_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%d\n",
500 * amb_read_byte(data, amb_reg_temp_min(attr->index)));
}
static ssize_t show_amb_mid(struct device *dev,
struct device_attribute *devattr,
Reported by FlawFinder.
Line: 216
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct i5k_amb_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%d\n",
500 * amb_read_byte(data, amb_reg_temp_mid(attr->index)));
}
static ssize_t show_amb_max(struct device *dev,
struct device_attribute *devattr,
Reported by FlawFinder.
Line: 226
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct i5k_amb_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%d\n",
500 * amb_read_byte(data, amb_reg_temp_max(attr->index)));
}
static ssize_t show_amb_temp(struct device *dev,
struct device_attribute *devattr,
Reported by FlawFinder.
Line: 236
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct i5k_amb_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%d\n",
500 * amb_read_byte(data, amb_reg_temp(attr->index)));
}
static ssize_t show_label(struct device *dev,
struct device_attribute *devattr,
Reported by FlawFinder.
Line: 246
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
return sprintf(buf, "Ch. %d DIMM %d\n", attr->index >> CHANNEL_SHIFT,
attr->index & DIMM_MASK);
}
static int i5k_amb_hwmon_init(struct platform_device *pdev)
{
Reported by FlawFinder.
drivers/hwmon/asus_atk0110.c
9 issues
Line: 239
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct atk_sensor_data *s = label_to_atk_sensor(attr);
return sprintf(buf, "%s\n", s->acpi_name);
}
static ssize_t atk_limit1_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_attribute input_attr;
struct device_attribute limit1_attr;
struct device_attribute limit2_attr;
char label_attr_name[ATTR_NAME_SIZE];
char input_attr_name[ATTR_NAME_SIZE];
char limit1_attr_name[ATTR_NAME_SIZE];
char limit2_attr_name[ATTR_NAME_SIZE];
u64 id;
u64 type;
Reported by FlawFinder.
Line: 157
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_attribute limit1_attr;
struct device_attribute limit2_attr;
char label_attr_name[ATTR_NAME_SIZE];
char input_attr_name[ATTR_NAME_SIZE];
char limit1_attr_name[ATTR_NAME_SIZE];
char limit2_attr_name[ATTR_NAME_SIZE];
u64 id;
u64 type;
u64 limit1;
Reported by FlawFinder.
Line: 158
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_attribute limit2_attr;
char label_attr_name[ATTR_NAME_SIZE];
char input_attr_name[ATTR_NAME_SIZE];
char limit1_attr_name[ATTR_NAME_SIZE];
char limit2_attr_name[ATTR_NAME_SIZE];
u64 id;
u64 type;
u64 limit1;
u64 limit2;
Reported by FlawFinder.
Line: 159
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char label_attr_name[ATTR_NAME_SIZE];
char input_attr_name[ATTR_NAME_SIZE];
char limit1_attr_name[ATTR_NAME_SIZE];
char limit2_attr_name[ATTR_NAME_SIZE];
u64 id;
u64 type;
u64 limit1;
u64 limit2;
u64 cached_value;
Reported by FlawFinder.
Line: 231
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* ACPI returns decidegree */
value *= 100;
return sprintf(buf, "%llu\n", value);
}
static ssize_t atk_label_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 251
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (s->type == HWMON_TYPE_TEMP)
value *= 100;
return sprintf(buf, "%lld\n", value);
}
static ssize_t atk_limit2_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 263
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (s->type == HWMON_TYPE_TEMP)
value *= 100;
return sprintf(buf, "%lld\n", value);
}
static void atk_init_attribute(struct device_attribute *attr, char *name,
sysfs_show_func show)
{
Reported by FlawFinder.
Line: 771
Column: 15
CWE codes:
126
size_t count, loff_t *pos)
{
char *str = file->private_data;
size_t len = strlen(str);
return simple_read_from_buffer(buf, count, pos, str, len);
}
static int atk_debugfs_ggrp_release(struct inode *inode, struct file *file)
Reported by FlawFinder.
drivers/hwmon/g762.c
9 issues
Line: 742
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
mutex_unlock(&data->update_lock);
return sprintf(buf, "%u\n", rpm);
}
/*
* Read and write functions for pwm1_mode sysfs file. Get and set fan speed
* control mode i.e. PWM (1) or DC (0).
Reported by FlawFinder.
Line: 757
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n",
!!(data->fan_cmd1 & G762_REG_FAN_CMD1_OUT_MODE));
}
static ssize_t pwm1_mode_store(struct device *dev,
struct device_attribute *da, const char *buf,
Reported by FlawFinder.
Line: 790
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", G762_CLKDIV_FROM_REG(data->fan_cmd1));
}
static ssize_t fan1_div_store(struct device *dev, struct device_attribute *da,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 821
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", G762_PULSE_FROM_REG(data->fan_cmd1));
}
static ssize_t fan1_pulses_store(struct device *dev,
struct device_attribute *da, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 863
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n",
(!!(data->fan_cmd1 & G762_REG_FAN_CMD1_FAN_MODE)) + 1);
}
static ssize_t pwm1_enable_store(struct device *dev,
struct device_attribute *da, const char *buf,
Reported by FlawFinder.
Line: 897
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", data->set_out);
}
static ssize_t pwm1_store(struct device *dev, struct device_attribute *da,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 943
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
G762_GEARMULT_FROM_REG(data->fan_cmd2));
mutex_unlock(&data->update_lock);
return sprintf(buf, "%u\n", rpm);
}
static ssize_t fan1_target_store(struct device *dev,
struct device_attribute *da, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 972
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%u\n", !!(data->fan_sta & G762_REG_FAN_STA_FAIL));
}
/*
* read function for fan1_alarm sysfs file. Note that OOC condition is
* enabled low
Reported by FlawFinder.
Line: 987
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%u\n", !(data->fan_sta & G762_REG_FAN_STA_OOC));
}
static DEVICE_ATTR_RW(pwm1);
static DEVICE_ATTR_RW(pwm1_mode);
static DEVICE_ATTR_RW(pwm1_enable);
Reported by FlawFinder.
drivers/hwmon/lm95234.c
9 issues
Line: 242
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
if (ret)
return ret;
return sprintf(buf, data->sensor_type & mask ? "1\n" : "2\n");
}
static ssize_t type_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 215
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%d\n",
DIV_ROUND_CLOSEST(data->temp[index] * 125, 32));
}
static ssize_t alarm_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 229
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%u", !!(data->status & mask));
}
static ssize_t type_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 286
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%u", data->tcrit2[index] * 1000);
}
static ssize_t tcrit2_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 325
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ret;
/* Result can be negative, so be careful with unsigned operands */
return sprintf(buf, "%d",
((int)data->tcrit2[index] - (int)data->thyst) * 1000);
}
static ssize_t tcrit1_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 335
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct lm95234_data *data = dev_get_drvdata(dev);
int index = to_sensor_dev_attr(attr)->index;
return sprintf(buf, "%u", data->tcrit1[index] * 1000);
}
static ssize_t tcrit1_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 374
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ret;
/* Result can be negative, so be careful with unsigned operands */
return sprintf(buf, "%d",
((int)data->tcrit1[index] - (int)data->thyst) * 1000);
}
static ssize_t tcrit1_hyst_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 415
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%d", data->toffset[index] * 500);
}
static ssize_t offset_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 453
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%lu\n",
DIV_ROUND_CLOSEST(data->interval * 1000, HZ));
}
static ssize_t update_interval_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
drivers/isdn/mISDN/dsp_cmx.c
9 issues
Line: 1394
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!dsp->tx_mix && t != tt) {
/* -> send tx-data and continue when not enough */
#ifdef CMX_TX_DEBUG
sprintf(debugbuf, "TX sending (%04x-%04x)%p: ", t, tt, p);
#endif
while (r != rr && t != tt) {
#ifdef CMX_TX_DEBUG
if (strlen(debugbuf) < 48)
sprintf(debugbuf + strlen(debugbuf), " %02x",
Reported by FlawFinder.
Line: 1399
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
while (r != rr && t != tt) {
#ifdef CMX_TX_DEBUG
if (strlen(debugbuf) < 48)
sprintf(debugbuf + strlen(debugbuf), " %02x",
p[t]);
#endif
*d++ = p[t]; /* write tx_buff */
t = (t + 1) & CMX_BUFF_MASK;
r = (r + 1) & CMX_BUFF_MASK;
Reported by FlawFinder.
Line: 1866
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 *d, *p;
int space; /* todo: , l = skb->len; */
#ifdef CMX_TX_DEBUG
char debugbuf[256] = "";
#endif
/* check if there is enough space, and then copy */
w = dsp->tx_W;
ww = dsp->tx_R;
Reported by FlawFinder.
Line: 1896
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* copy transmit data to tx-buffer */
#ifdef CMX_TX_DEBUG
sprintf(debugbuf, "TX getting (%04x-%04x)%p: ", w, ww, p);
#endif
while (w != ww) {
#ifdef CMX_TX_DEBUG
if (strlen(debugbuf) < 48)
sprintf(debugbuf + strlen(debugbuf), " %02x", *d);
Reported by FlawFinder.
Line: 1901
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
while (w != ww) {
#ifdef CMX_TX_DEBUG
if (strlen(debugbuf) < 48)
sprintf(debugbuf + strlen(debugbuf), " %02x", *d);
#endif
p[w] = *d++;
w = (w + 1) & CMX_BUFF_MASK;
}
#ifdef CMX_TX_DEBUG
Reported by FlawFinder.
Line: 1398
Column: 8
CWE codes:
126
#endif
while (r != rr && t != tt) {
#ifdef CMX_TX_DEBUG
if (strlen(debugbuf) < 48)
sprintf(debugbuf + strlen(debugbuf), " %02x",
p[t]);
#endif
*d++ = p[t]; /* write tx_buff */
t = (t + 1) & CMX_BUFF_MASK;
Reported by FlawFinder.
Line: 1399
Column: 24
CWE codes:
126
while (r != rr && t != tt) {
#ifdef CMX_TX_DEBUG
if (strlen(debugbuf) < 48)
sprintf(debugbuf + strlen(debugbuf), " %02x",
p[t]);
#endif
*d++ = p[t]; /* write tx_buff */
t = (t + 1) & CMX_BUFF_MASK;
r = (r + 1) & CMX_BUFF_MASK;
Reported by FlawFinder.
Line: 1900
Column: 7
CWE codes:
126
#endif
while (w != ww) {
#ifdef CMX_TX_DEBUG
if (strlen(debugbuf) < 48)
sprintf(debugbuf + strlen(debugbuf), " %02x", *d);
#endif
p[w] = *d++;
w = (w + 1) & CMX_BUFF_MASK;
}
Reported by FlawFinder.
Line: 1901
Column: 23
CWE codes:
126
while (w != ww) {
#ifdef CMX_TX_DEBUG
if (strlen(debugbuf) < 48)
sprintf(debugbuf + strlen(debugbuf), " %02x", *d);
#endif
p[w] = *d++;
w = (w + 1) & CMX_BUFF_MASK;
}
#ifdef CMX_TX_DEBUG
Reported by FlawFinder.
drivers/infiniband/hw/qib/qib_iba7322.c
9 issues
Line: 1403
u64 pbc;
const unsigned hdrwords = 7;
static struct ib_header ibhdr = {
.lrh[0] = cpu_to_be16(0xF000 | QIB_LRH_BTH),
.lrh[1] = IB_LID_PERMISSIVE,
.lrh[2] = cpu_to_be16(hdrwords + SIZE_OF_CRC),
.lrh[3] = IB_LID_PERMISSIVE,
.u.oth.bth[0] = cpu_to_be32(
(IB_OPCODE_UD_SEND_ONLY << 24) | QIB_DEFAULT_P_KEY),
Reported by Cppcheck.
Line: 148
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_ATTEN_LEN 64 /* plenty for any real system */
/* for read back, default index is ~5m copper cable */
static char txselect_list[MAX_ATTEN_LEN] = "10";
static struct kparam_string kp_txselect = {
.string = txselect_list,
.maxlen = MAX_ATTEN_LEN
};
static int setup_txselect(const char *, const struct kernel_param *);
Reported by FlawFinder.
Line: 582
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long *sendgrhchk;
unsigned long *sendibchk;
u32 rcvavail_timeout[18];
char emsgbuf[128]; /* for device error interrupt msg buffer */
};
/* Table of entries in "human readable" form Tx Emphasis. */
struct txdds_ent {
u8 amp;
Reported by FlawFinder.
Line: 665
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 ipg_tries;
u8 ibmalfusesnap;
struct qib_qsfp_data qsfp_data;
char epmsgbuf[192]; /* for port error interrupt msg buffer */
char sdmamsgbuf[192]; /* for per-port sdma error messages */
};
static struct {
const char *name;
Reported by FlawFinder.
Line: 666
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 ibmalfusesnap;
struct qib_qsfp_data qsfp_data;
char epmsgbuf[192]; /* for port error interrupt msg buffer */
char sdmamsgbuf[192]; /* for per-port sdma error messages */
};
static struct {
const char *name;
irq_handler_t handler;
Reported by FlawFinder.
Line: 1365
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* msp->sz counts the nul */
took = min_t(size_t, msp->sz - (size_t)1, len);
memcpy(msg, msp->msg, took);
len -= took;
msg += took;
if (len)
*msg = '\0';
}
Reported by FlawFinder.
Line: 2918
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static noinline void unknown_7322_ibits(struct qib_devdata *dd, u64 istat)
{
u64 kills;
char msg[128];
kills = istat & ~QIB_I_BITSEXTANT;
qib_dev_err(dd,
"Clearing reserved interrupt(s) 0x%016llx: %s\n",
(unsigned long long) kills, msg);
Reported by FlawFinder.
Line: 6119
Column: 6
CWE codes:
126
unsigned long index, val;
char *n;
if (strlen(str) >= ARRAY_SIZE(txselect_list)) {
pr_info("txselect_values string too long\n");
return -ENOSPC;
}
val = simple_strtoul(str, &n, 0);
if (n == str || val >= (TXDDS_TABLE_SZ + TXDDS_EXTRA_SZ +
Reported by FlawFinder.
Line: 6130
Column: 2
CWE codes:
120
TXDDS_TABLE_SZ + TXDDS_EXTRA_SZ + TXDDS_MFG_SZ);
return -EINVAL;
}
strncpy(txselect_list, str, ARRAY_SIZE(txselect_list) - 1);
xa_for_each(&qib_dev_table, index, dd)
if (dd->deviceid == PCI_DEVICE_ID_QLOGIC_IB_7322)
set_no_qsfp_atten(dd, 1);
return 0;
Reported by FlawFinder.
drivers/gpu/drm/i915/gt/intel_ggtt.c
9 issues
Line: 122
Column: 6
CWE codes:
362
void i915_ggtt_suspend(struct i915_ggtt *ggtt)
{
struct i915_vma *vma, *vn;
int open;
mutex_lock(&ggtt->vm.mutex);
/* Skip rewriting PTE on VMA unbind. */
open = atomic_xchg(&ggtt->vm.open, 0);
Reported by FlawFinder.
Line: 127
Column: 31
CWE codes:
362
mutex_lock(&ggtt->vm.mutex);
/* Skip rewriting PTE on VMA unbind. */
open = atomic_xchg(&ggtt->vm.open, 0);
list_for_each_entry_safe(vma, vn, &ggtt->vm.bound_list, vm_link) {
GEM_BUG_ON(!drm_mm_node_allocated(&vma->node));
i915_vma_wait_for_bind(vma);
Reported by FlawFinder.
Line: 144
Column: 23
CWE codes:
362
ggtt->vm.clear_range(&ggtt->vm, 0, ggtt->vm.total);
ggtt->invalidate(ggtt);
atomic_set(&ggtt->vm.open, open);
mutex_unlock(&ggtt->vm.mutex);
intel_gt_check_and_clear_faults(ggtt->vm.gt);
}
Reported by FlawFinder.
Line: 144
Column: 29
CWE codes:
362
ggtt->vm.clear_range(&ggtt->vm, 0, ggtt->vm.total);
ggtt->invalidate(ggtt);
atomic_set(&ggtt->vm.open, open);
mutex_unlock(&ggtt->vm.mutex);
intel_gt_check_and_clear_faults(ggtt->vm.gt);
}
Reported by FlawFinder.
Line: 728
Column: 23
CWE codes:
362
{
struct i915_vma *vma, *vn;
atomic_set(&ggtt->vm.open, 0);
rcu_barrier(); /* flush the RCU'ed__i915_vm_release */
flush_workqueue(ggtt->vm.i915->wq);
mutex_lock(&ggtt->vm.mutex);
Reported by FlawFinder.
Line: 1245
Column: 6
CWE codes:
362
{
struct i915_vma *vma;
bool flush = false;
int open;
intel_gt_check_and_clear_faults(ggtt->vm.gt);
/* First fill our portion of the GTT with scratch pages */
ggtt->vm.clear_range(&ggtt->vm, 0, ggtt->vm.total);
Reported by FlawFinder.
Line: 1253
Column: 31
CWE codes:
362
ggtt->vm.clear_range(&ggtt->vm, 0, ggtt->vm.total);
/* Skip rewriting PTE on VMA unbind. */
open = atomic_xchg(&ggtt->vm.open, 0);
/* clflush objects bound into the GGTT and rebind them. */
list_for_each_entry(vma, &ggtt->vm.bound_list, vm_link) {
struct drm_i915_gem_object *obj = vma->obj;
unsigned int was_bound =
Reported by FlawFinder.
Line: 1271
Column: 29
CWE codes:
362
}
}
atomic_set(&ggtt->vm.open, open);
ggtt->invalidate(ggtt);
if (flush)
wbinvd_on_all_cpus();
Reported by FlawFinder.
Line: 1271
Column: 23
CWE codes:
362
}
}
atomic_set(&ggtt->vm.open, open);
ggtt->invalidate(ggtt);
if (flush)
wbinvd_on_all_cpus();
Reported by FlawFinder.
drivers/hwmon/da9052-hwmon.c
9 issues
Line: 295
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t label_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
return sprintf(buf, "%s\n",
input_names[to_sensor_dev_attr(devattr)->index]);
}
static umode_t da9052_channel_is_visible(struct kobject *kobj,
struct attribute *attr, int index)
Reported by FlawFinder.
Line: 108
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto hwmon_err;
mutex_unlock(&hwmon->hwmon_lock);
return sprintf(buf, "%d\n", volt_reg_to_mv(vdd));
hwmon_err_release:
da9052_disable_vddout_channel(hwmon->da9052);
hwmon_err:
mutex_unlock(&hwmon->hwmon_lock);
Reported by FlawFinder.
Line: 128
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ret;
/* Equivalent to 3.9mA/bit in register ICHG_AV */
return sprintf(buf, "%d\n", DIV_ROUND_CLOSEST(ret * 39, 10));
}
static ssize_t da9052_tbat_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 136
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct da9052_hwmon *hwmon = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", da9052_adc_read_temp(hwmon->da9052));
}
static ssize_t da9052_vbat_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 149
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", volt_reg_to_mv(ret));
}
static ssize_t da9052_misc_channel_show(struct device *dev,
struct device_attribute *devattr,
char *buf)
Reported by FlawFinder.
Line: 164
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", input_reg_to_mv(ret));
}
static int da9052_request_tsi_read(struct da9052_hwmon *hwmon, int channel)
{
u8 val = DA9052_TSICONTB_TSIMAN;
Reported by FlawFinder.
Line: 254
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
else
return sprintf(buf, "%d\n", input_tsireg_to_mv(hwmon, ret));
}
static ssize_t da9052_tjunc_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 276
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* Degrees celsius = 1.708 * (TJUNC_RES - T_OFFSET) - 108.8
* T_OFFSET is a trim value used to improve accuracy of the result
*/
return sprintf(buf, "%d\n", 1708 * (tjunc - toffset) - 108800);
}
static ssize_t da9052_vbbat_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 289
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", vbbat_reg_to_mv(ret));
}
static ssize_t label_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.