The following issues were found
drivers/scsi/myrb.h
34 issues
Line: 204
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char target;
unsigned char channel;
} dead_drives[21]; /* Bytes 152-194 */
unsigned char rsvd9[62]; /* Bytes 195-255 */
} __packed;
/*
* DAC960 V1 Firmware Enquiry2 Command reply structure.
*/
Reported by FlawFinder.
Line: 279
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short clock_speed; /* Bytes 42-43 */
unsigned short mem_speed; /* Bytes 44-45 */
unsigned short hw_speed; /* Bytes 46-47 */
unsigned char rsvd5[12]; /* Bytes 48-59 */
unsigned short max_cmds; /* Bytes 60-61 */
unsigned short max_sge; /* Bytes 62-63 */
unsigned short max_drv_cmds; /* Bytes 64-65 */
unsigned short max_io_desc; /* Bytes 66-67 */
unsigned short max_sectors; /* Bytes 68-69 */
Reported by FlawFinder.
Line: 290
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char scsi_tmo; /* Byte 72 */
unsigned char rsvd7; /* Byte 73 */
unsigned short min_freelines; /* Bytes 74-75 */
unsigned char rsvd8[8]; /* Bytes 76-83 */
unsigned char rbld_rate_const; /* Byte 84 */
unsigned char rsvd9[11]; /* Byte 85-95 */
unsigned short pdrv_block_size; /* Bytes 96-97 */
unsigned short ldev_block_size; /* Bytes 98-99 */
unsigned short max_blocks_per_cmd; /* Bytes 100-101 */
Reported by FlawFinder.
Line: 292
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short min_freelines; /* Bytes 74-75 */
unsigned char rsvd8[8]; /* Bytes 76-83 */
unsigned char rbld_rate_const; /* Byte 84 */
unsigned char rsvd9[11]; /* Byte 85-95 */
unsigned short pdrv_block_size; /* Bytes 96-97 */
unsigned short ldev_block_size; /* Bytes 98-99 */
unsigned short max_blocks_per_cmd; /* Bytes 100-101 */
unsigned short block_factor; /* Bytes 102-103 */
unsigned short cacheline_size; /* Bytes 104-105 */
Reported by FlawFinder.
Line: 312
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char differential:1; /* Byte 106 Bit 4 */
unsigned char rsvd10:3; /* Byte 106 Bits 5-7 */
} scsi_cap;
unsigned char rsvd11[5]; /* Byte 107-111 */
unsigned short fw_build; /* Bytes 112-113 */
enum {
MYRB_FAULT_AEMI = 0x01,
MYRB_FAULT_OEM1 = 0x02,
MYRB_FAULT_OEM2 = 0x04,
Reported by FlawFinder.
Line: 330
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int bgi:1; /* Byte 116 Bit 3 */
unsigned int rsvd13:28; /* Bytes 116-119 */
} fw_features;
unsigned char rsvd14[8]; /* Bytes 120-127 */
} __packed;
/*
* DAC960 V1 Firmware Logical Drive State type.
*/
Reported by FlawFinder.
Line: 384
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char lun:6; /* Byte 3 Bits 0-5 */
unsigned char rsvd1:2; /* Byte 3 Bits 6-7 */
unsigned short seq_num; /* Bytes 4-5 */
unsigned char sense[26]; /* Bytes 6-31 */
};
/*
* DAC960 V1 Firmware Get Device State Command reply structure.
* The structure is padded by 2 bytes for compatibility with Version 2.xx
Reported by FlawFinder.
Line: 431
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct myrb_bgi_status {
unsigned int ldev_size; /* Bytes 0-3 */
unsigned int blocks_done; /* Bytes 4-7 */
unsigned char rsvd1[12]; /* Bytes 8-19 */
unsigned int ldev_num; /* Bytes 20-23 */
unsigned char raid_level; /* Byte 24 */
enum {
MYRB_BGI_INVALID = 0x00,
MYRB_BGI_STARTED = 0x02,
Reported by FlawFinder.
Line: 441
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MYRB_BGI_SUSPENDED = 0x05,
MYRB_BGI_CANCELLED = 0x06
} __packed status; /* Byte 25 */
unsigned char rsvd2[6]; /* Bytes 26-31 */
};
/*
* DAC960 V1 Firmware Error Table Entry structure.
*/
Reported by FlawFinder.
Line: 512
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __packed startup; /* Byte 20 */
unsigned char simultaneous_device_spinup_count; /* Byte 21 */
unsigned char seconds_delay_between_spinups; /* Byte 22 */
unsigned char rsvd10[29]; /* Bytes 23-51 */
unsigned BIOS_disabled:1; /* Byte 52 Bit 0 */
unsigned CDROM_boot_enabled:1; /* Byte 52 Bit 1 */
unsigned rsvd11:3; /* Byte 52 Bits 2-4 */
enum {
MYRB_GEOM_128_32 = 0x0,
Reported by FlawFinder.
security/apparmor/policy_unpack_test.c
34 issues
Line: 69
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_STRING_NAME) + 1;
strcpy(buf + 3, TEST_STRING_NAME);
buf = e->start + TEST_STRING_BUF_OFFSET;
*buf = AA_STRING;
*(buf + 1) = strlen(TEST_STRING_DATA) + 1;
strcpy(buf + 3, TEST_STRING_DATA);
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_STRING_BUF_OFFSET;
*buf = AA_STRING;
*(buf + 1) = strlen(TEST_STRING_DATA) + 1;
strcpy(buf + 3, TEST_STRING_DATA);
buf = e->start + TEST_NAMED_U32_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_U32_NAME) + 1;
strcpy(buf + 3, TEST_U32_NAME);
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_NAMED_U32_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_U32_NAME) + 1;
strcpy(buf + 3, TEST_U32_NAME);
*(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32;
*((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA;
buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
*buf = AA_NAME;
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_U64_NAME) + 1;
strcpy(buf + 3, TEST_U64_NAME);
*(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64;
*((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA;
buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
*buf = AA_NAME;
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_BLOB_NAME) + 1;
strcpy(buf + 3, TEST_BLOB_NAME);
*(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB;
*(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE;
memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6,
TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE);
Reported by FlawFinder.
Line: 102
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
strcpy(buf + 3, TEST_ARRAY_NAME);
*(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY;
*((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE;
return e;
}
Reported by FlawFinder.
Line: 96
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
strcpy(buf + 3, TEST_BLOB_NAME);
*(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB;
*(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE;
memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6,
TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE);
buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
Reported by FlawFinder.
Line: 14
Column: 7
CWE codes:
126
#define TEST_STRING_NAME "TEST_STRING"
#define TEST_STRING_DATA "testing"
#define TEST_STRING_BUF_OFFSET \
(3 + strlen(TEST_STRING_NAME) + 1)
#define TEST_U32_NAME "U32_TEST"
#define TEST_U32_DATA ((u32)0x01020304)
#define TEST_NAMED_U32_BUF_OFFSET \
(TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
Reported by FlawFinder.
Line: 19
Column: 32
CWE codes:
126
#define TEST_U32_NAME "U32_TEST"
#define TEST_U32_DATA ((u32)0x01020304)
#define TEST_NAMED_U32_BUF_OFFSET \
(TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
#define TEST_U32_BUF_OFFSET \
(TEST_NAMED_U32_BUF_OFFSET + 3 + strlen(TEST_U32_NAME) + 1)
#define TEST_U16_OFFSET (TEST_U32_BUF_OFFSET + 3)
#define TEST_U16_DATA ((u16)(TEST_U32_DATA >> 16))
Reported by FlawFinder.
Line: 21
Column: 35
CWE codes:
126
#define TEST_NAMED_U32_BUF_OFFSET \
(TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
#define TEST_U32_BUF_OFFSET \
(TEST_NAMED_U32_BUF_OFFSET + 3 + strlen(TEST_U32_NAME) + 1)
#define TEST_U16_OFFSET (TEST_U32_BUF_OFFSET + 3)
#define TEST_U16_DATA ((u16)(TEST_U32_DATA >> 16))
#define TEST_U64_NAME "U64_TEST"
Reported by FlawFinder.
tools/perf/util/symbol.c
34 issues
Line: 1122
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
char *name;
strcpy(filename, kallsyms_filename);
name = strrchr(filename, '/');
if (!name)
return false;
name += 1;
Reported by FlawFinder.
Line: 1130
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
name += 1;
if (!strcmp(name, "kallsyms")) {
strcpy(name, base_name);
return true;
}
return false;
}
Reported by FlawFinder.
Line: 1718
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (nsi->need_setns) {
snprintf(filebuf, bufsz, "/tmp/perf-%d.map", nsi->nstgid);
nsinfo__mountns_enter(nsi, &nsc);
rc = access(filebuf, R_OK);
nsinfo__mountns_exit(&nsc);
if (rc == 0)
return rc;
}
Reported by FlawFinder.
Line: 2274
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!kallsyms_filename)
return -1;
} else {
sprintf(path, "%s/proc/kallsyms", machine->root_dir);
kallsyms_filename = path;
}
err = dso__load_kallsyms(dso, kallsyms_filename, map);
if (err > 0)
Reported by FlawFinder.
Line: 2353
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
for (i = 0; i < ARRAY_SIZE(vmlinux_paths_upd); i++) {
snprintf(bf, sizeof(bf), vmlinux_paths_upd[i], kernel_version);
if (vmlinux_path__add(bf) < 0)
goto out_fail;
}
return 0;
Reported by FlawFinder.
Line: 934
Column: 13
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
bool restricted = false;
if (symbol_conf.kptr_restrict) {
char *r = realpath(filename, NULL);
if (r != NULL) {
restricted = strcmp(r, restricted_filename) == 0;
free(r);
return restricted;
Reported by FlawFinder.
Line: 2533
Column: 10
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
* A path to symbols of "/" is identical to ""
* reset here for simplicity.
*/
symfs = realpath(symbol_conf.symfs, NULL);
if (symfs == NULL)
symfs = symbol_conf.symfs;
if (strcmp(symfs, "/") == 0)
symbol_conf.symfs = "";
if (symfs != symbol_conf.symfs)
Reported by FlawFinder.
Line: 290
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_debug4("%s: %s %#" PRIx64 "-%#" PRIx64 "\n",
__func__, name, start, sym->end);
memcpy(sym->name, name, namelen);
return sym;
}
void symbol__delete(struct symbol *sym)
Reported by FlawFinder.
Line: 600
Column: 9
CWE codes:
362
FILE *file;
int err = 0;
file = fopen(filename, "r");
if (file == NULL)
return -1;
while (1) {
char name[PATH_MAX];
Reported by FlawFinder.
Line: 605
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return -1;
while (1) {
char name[PATH_MAX];
u64 start, size;
char *sep, *endptr;
ssize_t line_len;
line_len = getline(&line, &n, file);
Reported by FlawFinder.
drivers/staging/rtl8723bs/core/rtw_recv.c
34 issues
Line: 484
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* get ether_type */
ptr = ptr+pfhdr->attrib.hdrlen+pfhdr->attrib.iv_len+LLC_HEADER_SIZE;
memcpy(&be_tmp, ptr, 2);
ether_type = ntohs(be_tmp);
if (ether_type == eapol_type)
prtnframe = precv_frame;
else {
Reported by FlawFinder.
Line: 712
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) == true) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
Reported by FlawFinder.
Line: 713
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) == true) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
Reported by FlawFinder.
Line: 714
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) == true) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else
Reported by FlawFinder.
Line: 715
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else
ret = _FAIL;
Reported by FlawFinder.
Line: 716
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else
ret = _FAIL;
Reported by FlawFinder.
Line: 799
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if ((check_fwstate(pmlmepriv, WIFI_MP_STATE) == true) &&
(check_fwstate(pmlmepriv, _FW_LINKED) == true)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
Reported by FlawFinder.
Line: 800
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if ((check_fwstate(pmlmepriv, WIFI_MP_STATE) == true) &&
(check_fwstate(pmlmepriv, _FW_LINKED) == true)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
/* */
Reported by FlawFinder.
Line: 801
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(check_fwstate(pmlmepriv, _FW_LINKED) == true)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
/* */
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
Reported by FlawFinder.
Line: 802
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
/* */
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
Reported by FlawFinder.
net/wireless/nl80211.c
34 issues
Line: 1425
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
result->params[parse.idx].cipher = parse.p.cipher;
result->params[parse.idx].key_len = parse.p.key_len;
result->params[parse.idx].key = result->data[parse.idx];
memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
/* must be WEP key if we got here */
if (no_ht)
*no_ht = true;
}
Reported by FlawFinder.
Line: 3904
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
IEEE80211_MAX_MESH_ID_LEN);
wdev->mesh_id_up_len =
nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
wdev->mesh_id_up_len);
wdev_unlock(wdev);
}
if (info->attrs[NL80211_ATTR_4ADDR]) {
Reported by FlawFinder.
Line: 4012
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
IEEE80211_MAX_MESH_ID_LEN);
wdev->mesh_id_up_len =
nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
wdev->mesh_id_up_len);
wdev_unlock(wdev);
break;
case NL80211_IFTYPE_NAN:
case NL80211_IFTYPE_P2P_DEVICE:
Reported by FlawFinder.
Line: 4529
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ERR_PTR(-ENOMEM);
nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
i++;
}
acl->n_acl_entries = n_entries;
acl->acl_policy = acl_policy;
Reported by FlawFinder.
Line: 5528
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wdev->beacon_interval = params.beacon_interval;
wdev->chandef = params.chandef;
wdev->ssid_len = params.ssid_len;
memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
wdev->conn_owner_nlportid = info->snd_portid;
}
wdev_unlock(wdev);
Reported by FlawFinder.
Line: 8135
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
return -EINVAL;
memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
/* don't allow or configure an mcast address */
if (!is_multicast_ether_addr(mac_addr_mask) ||
is_multicast_ether_addr(mac_addr))
Reported by FlawFinder.
Line: 8136
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
/* don't allow or configure an mcast address */
if (!is_multicast_ether_addr(mac_addr_mask) ||
is_multicast_ether_addr(mac_addr))
return -EINVAL;
Reported by FlawFinder.
Line: 8407
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_free;
}
request->ssids[i].ssid_len = nla_len(attr);
memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
i++;
}
}
if (info->attrs[NL80211_ATTR_IE]) {
Reported by FlawFinder.
Line: 8414
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (info->attrs[NL80211_ATTR_IE]) {
request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
memcpy((void *)request->ie,
nla_data(info->attrs[NL80211_ATTR_IE]),
request->ie_len);
}
for (i = 0; i < NUM_NL80211_BANDS; i++)
Reported by FlawFinder.
Line: 8472
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
*/
if (info->attrs[NL80211_ATTR_BSSID])
memcpy(request->bssid,
nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
info->attrs[NL80211_ATTR_MAC])
memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
ETH_ALEN);
Reported by FlawFinder.
tools/perf/util/parse-events.c
34 issues
Line: 272
Column: 25
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
path = zalloc(sizeof(*path));
if (!path)
return NULL;
if (asprintf(&path->system, "%.*s", MAX_EVENT_LENGTH, sys_dirent->d_name) < 0) {
free(path);
return NULL;
}
if (asprintf(&path->name, "%.*s", MAX_EVENT_LENGTH, evt_dirent->d_name) < 0) {
zfree(&path->system);
Reported by FlawFinder.
Line: 277
Column: 19
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return NULL;
}
if (asprintf(&path->name, "%.*s", MAX_EVENT_LENGTH, evt_dirent->d_name) < 0) {
zfree(&path->system);
free(path);
return NULL;
}
return path;
}
Reported by FlawFinder.
Line: 307
Column: 16
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
path->name = strdup(str+1);
if (path->system == NULL || path->name == NULL) {
zfree(&path->system);
zfree(&path->name);
zfree(&path);
}
return path;
Reported by FlawFinder.
Line: 3257
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(buf, ",");
else
first = false;
strcat(buf, name);
}
}
/*
* Return string contains valid config terms of an event.
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int tp_event_has_id(const char *dir_path, struct dirent *evt_dir)
{
char evt_path[MAXPATHLEN];
int fd;
snprintf(evt_path, MAXPATHLEN, "%s/%s/id", dir_path, evt_dir->d_name);
fd = open(evt_path, O_RDONLY);
if (fd < 0)
Reported by FlawFinder.
Line: 179
Column: 7
CWE codes:
362
int fd;
snprintf(evt_path, MAXPATHLEN, "%s/%s/id", dir_path, evt_dir->d_name);
fd = open(evt_path, O_RDONLY);
if (fd < 0)
return -EINVAL;
close(fd);
return 0;
Reported by FlawFinder.
Line: 234
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tracepoint_path *path = NULL;
DIR *sys_dir, *evt_dir;
struct dirent *sys_dirent, *evt_dirent;
char id_buf[24];
int fd;
u64 id;
char evt_path[MAXPATHLEN];
char *dir_path;
Reported by FlawFinder.
Line: 237
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char id_buf[24];
int fd;
u64 id;
char evt_path[MAXPATHLEN];
char *dir_path;
sys_dir = tracing_events__opendir();
if (!sys_dir)
return NULL;
Reported by FlawFinder.
Line: 256
Column: 9
CWE codes:
362
scnprintf(evt_path, MAXPATHLEN, "%s/%s/id", dir_path,
evt_dirent->d_name);
fd = open(evt_path, O_RDONLY);
if (fd < 0)
continue;
if (read(fd, id_buf, sizeof(id_buf)) < 0) {
close(fd);
continue;
Reported by FlawFinder.
Line: 469
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct perf_event_attr attr;
LIST_HEAD(config_terms);
char name[MAX_NAME_LEN], *config_name;
int cache_type = -1, cache_op = -1, cache_result = -1;
char *op_result[2] = { op_result1, op_result2 };
int i, n, ret;
bool hybrid;
Reported by FlawFinder.
tools/perf/builtin-trace.c
34 issues
Line: 1388
Column: 8
CWE codes:
362
20
Suggestion:
Reconsider approach
if (lstat(linkname, &st) < 0 || st.st_size + 1 > (off_t)sizeof(pathname))
return -1;
ret = readlink(linkname, pathname, sizeof(pathname));
if (ret < 0 || ret > st.st_size)
return -1;
pathname[ret] = '\0';
Reported by FlawFinder.
Line: 2591
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ttrace->filename.name = f;
}
strcpy(ttrace->filename.name, filename);
ttrace->filename.pending_open = true;
if (!ttrace->filename.ptr)
goto out_put;
Reported by FlawFinder.
Line: 2854
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(f, "%s@", al->map->dso->long_name);
if ((verbose > 0 || print_sym) && al->sym)
fprintf(f, "%s+0x%" PRIx64, al->sym->name,
al->addr - al->sym->start);
else if (al->map)
fprintf(f, "0x%" PRIx64, al->addr);
else
fprintf(f, "0x%" PRIx64, sample->addr);
Reported by FlawFinder.
Line: 2857
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(f, "%s+0x%" PRIx64, al->sym->name,
al->addr - al->sym->start);
else if (al->map)
fprintf(f, "0x%" PRIx64, al->addr);
else
fprintf(f, "0x%" PRIx64, sample->addr);
}
static int trace__pgfault(struct trace *trace,
Reported by FlawFinder.
Line: 2859
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
else if (al->map)
fprintf(f, "0x%" PRIx64, al->addr);
else
fprintf(f, "0x%" PRIx64, sample->addr);
}
static int trace__pgfault(struct trace *trace,
struct evsel *evsel,
union perf_event *event __maybe_unused,
Reported by FlawFinder.
Line: 3113
Column: 60
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
evlist__for_each_entry(evlist, evsel) {
struct evsel_trace *et = evsel->priv;
if (!et || !evsel->tp_format || strcmp(evsel->tp_format->system, "syscalls"))
continue;
free(et->fmt);
free(et);
}
Reported by FlawFinder.
Line: 4545
Column: 32
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (evsel->priv || !evsel->tp_format)
continue;
if (strcmp(evsel->tp_format->system, "syscalls")) {
evsel__init_tp_arg_scnprintf(evsel);
continue;
}
if (evsel__init_syscall_tp(evsel))
Reported by FlawFinder.
Line: 4617
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
s = fmt->name;
} else {
path__join(group_name, sizeof(group_name), strace_groups_dir, s);
if (access(group_name, R_OK) == 0)
list = 1;
}
do_concat:
if (lists[list]) {
sprintf(lists[list] + strlen(lists[list]), ",%s", s);
Reported by FlawFinder.
Line: 4622
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
do_concat:
if (lists[list]) {
sprintf(lists[list] + strlen(lists[list]), ",%s", s);
} else {
lists[list] = malloc(len);
if (lists[list] == NULL)
goto out;
strcpy(lists[list], s);
Reported by FlawFinder.
Line: 4627
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
lists[list] = malloc(len);
if (lists[list] == NULL)
goto out;
strcpy(lists[list], s);
}
if (!sep)
break;
Reported by FlawFinder.
drivers/scsi/st.c
34 issues
Line: 4649
Column: 6
CWE codes:
134
Suggestion:
Use a constant for the format specification
char *fmt;
fmt = STm->default_density >= 0 ? "0x%02x\n" : "%d\n";
l = snprintf(buf, PAGE_SIZE, fmt, STm->default_density);
return l;
}
static DEVICE_ATTR_RO(default_density);
static ssize_t
Reported by FlawFinder.
Line: 532
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp = SRpnt->bio;
if (rq->sense_len)
memcpy(SRpnt->sense, rq->sense, SCSI_SENSE_BUFFERSIZE);
if (SRpnt->waiting)
complete(SRpnt->waiting);
blk_rq_unmap_user(tmp);
blk_put_request(req);
Reported by FlawFinder.
Line: 583
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SRpnt->bio = req->bio;
rq->cmd_len = COMMAND_SIZE(cmd[0]);
memset(rq->cmd, 0, BLK_MAX_CDB);
memcpy(rq->cmd, cmd, rq->cmd_len);
req->timeout = timeout;
rq->retries = retries;
req->end_io_data = SRpnt;
blk_execute_rq_nowait(NULL, req, 1, st_scsi_execute_end);
Reported by FlawFinder.
Line: 732
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int cross_eof(struct scsi_tape * STp, int forward)
{
struct st_request *SRpnt;
unsigned char cmd[MAX_COMMAND_SIZE];
cmd[0] = SPACE;
cmd[1] = 0x01; /* Space FileMarks */
if (forward) {
cmd[2] = cmd[3] = 0;
Reported by FlawFinder.
Line: 769
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int transfer, blks;
int result;
unsigned char cmd[MAX_COMMAND_SIZE];
struct st_request *SRpnt;
struct st_partstat *STps;
result = write_behind_check(STp);
if (result)
Reported by FlawFinder.
Line: 971
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int attentions, waits, max_wait, scode;
int retval = CHKRES_READY, new_session = 0;
unsigned char cmd[MAX_COMMAND_SIZE];
struct st_request *SRpnt = NULL;
struct st_cmdstatus *cmdstatp = &STp->buffer->cmdstat;
max_wait = do_wait ? ST_BLOCK_SECONDS : 0;
Reported by FlawFinder.
Line: 1044
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int check_tape(struct scsi_tape *STp, struct file *filp)
{
int i, retval, new_session = 0, do_wait;
unsigned char cmd[MAX_COMMAND_SIZE], saved_cleaning;
unsigned short st_flags = filp->f_flags;
struct st_request *SRpnt = NULL;
struct st_modedef *STm;
struct st_partstat *STps;
struct inode *inode = file_inode(filp);
Reported by FlawFinder.
Line: 1345
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int st_flush(struct file *filp, fl_owner_t id)
{
int result = 0, result2;
unsigned char cmd[MAX_COMMAND_SIZE];
struct st_request *SRpnt;
struct scsi_tape *STp = filp->private_data;
struct st_modedef *STm = &(STp->modes[STp->current_mode]);
struct st_partstat *STps = &(STp->ps[STp->partition]);
Reported by FlawFinder.
Line: 1628
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ssize_t retval;
int undone, retry_eot = 0, scode;
int async_write;
unsigned char cmd[MAX_COMMAND_SIZE];
const char __user *b_point;
struct st_request *SRpnt = NULL;
struct scsi_tape *STp = filp->private_data;
struct st_modedef *STm;
struct st_partstat *STps;
Reported by FlawFinder.
Line: 1904
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct st_request ** aSRpnt)
{
int transfer, blks, bytes;
unsigned char cmd[MAX_COMMAND_SIZE];
struct st_request *SRpnt;
struct st_modedef *STm;
struct st_partstat *STps;
struct st_buffer *STbp;
int retval = 0;
Reported by FlawFinder.
sound/isa/gus/interwave.c
34 issues
Line: 725
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
memset(&id2, 0, sizeof(id2));
id1.iface = id2.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
strcpy(id1.name, "Master Playback Switch");
strcpy(id2.name, id1.name);
id2.index = 1;
err = snd_ctl_rename_id(card, &id1, &id2);
if (err < 0)
return err;
strcpy(id1.name, "Master Playback Volume");
Reported by FlawFinder.
Line: 731
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(id1.name, "Master Playback Volume");
strcpy(id2.name, id1.name);
err = snd_ctl_rename_id(card, &id1, &id2);
if (err < 0)
return err;
err = snd_tea6330t_update_mixer(card, i2c_bus, 0, 1);
if (err < 0)
Reported by FlawFinder.
Line: 753
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#else
str = "InterWave STB";
#endif
strcpy(card->driver, str);
strcpy(card->shortname, str);
sprintf(card->longname, "%s at 0x%lx, irq %i, dma %d",
str,
gus->gf1.port,
xirq,
Reported by FlawFinder.
Line: 754
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
str = "InterWave STB";
#endif
strcpy(card->driver, str);
strcpy(card->shortname, str);
sprintf(card->longname, "%s at 0x%lx, irq %i, dma %d",
str,
gus->gf1.port,
xirq,
xdma1);
Reported by FlawFinder.
Line: 755
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#endif
strcpy(card->driver, str);
strcpy(card->shortname, str);
sprintf(card->longname, "%s at 0x%lx, irq %i, dma %d",
str,
gus->gf1.port,
xirq,
xdma1);
if (xdma2 >= 0)
Reported by FlawFinder.
Line: 36
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_ISAPNP; /* Enable this card */
#ifdef CONFIG_PNP
static bool isapnp[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = 1};
#endif
static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* 0x210,0x220,0x230,0x240,0x250,0x260 */
Reported by FlawFinder.
Line: 196
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long port;
struct snd_i2c_bus *bus;
struct snd_card *card = iwcard->card;
char name[32];
int err;
*rbus = NULL;
port = port_tc[dev];
if (port == SNDRV_AUTO_PORT) {
Reported by FlawFinder.
Line: 220
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENODEV;
}
sprintf(name, "InterWave-%i", card->number);
err = snd_i2c_bus_create(card, name, NULL, &bus);
if (err < 0)
return err;
bus->private_value = port;
bus->hw_ops.bit = &snd_interwave_i2c_bit_ops;
Reported by FlawFinder.
Line: 271
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
(rev1 & 0x0f) != (rev2 & 0x0f)) {
snd_printdd("[0x%lx] InterWave check - passed\n", gus->gf1.port);
gus->interwave = 1;
strcpy(gus->card->shortname, "AMD InterWave");
gus->revision = rev1 >> 4;
#ifndef SNDRV_STB
return 0; /* ok.. We have an InterWave board */
#else
return snd_interwave_detect_stb(iwcard, gus, dev, rbus);
Reported by FlawFinder.
Line: 349
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct rom_hdr {
/* 000 */ unsigned char iwave[8];
/* 008 */ unsigned char rom_hdr_revision;
/* 009 */ unsigned char series_number;
/* 010 */ unsigned char series_name[16];
/* 026 */ unsigned char date[10];
/* 036 */ unsigned short vendor_revision_major;
Reported by FlawFinder.
tools/power/cpupower/utils/helpers/sysfs.c
34 issues
Line: 57
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char *endp;
struct stat statbuf;
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u", cpu);
if (stat(path, &statbuf) != 0)
return 0;
/*
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
* kernel without CONFIG_HOTPLUG_CPU
* -> cpuX directory exists, but not cpuX/online file
*/
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/online", cpu);
if (stat(path, &statbuf) != 0)
return 1;
fd = open(path, O_RDONLY);
if (fd == -1)
Reported by FlawFinder.
Line: 111
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct stat statbuf;
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/cpuidle/state%u/%s",
cpu, idlestate, fname);
if (stat(path, &statbuf) != 0)
return 0;
return 1;
}
Reported by FlawFinder.
Line: 131
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
int fd;
ssize_t numread;
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/cpuidle/state%u/%s",
cpu, idlestate, fname);
fd = open(path, O_RDONLY);
if (fd == -1)
return 0;
Reported by FlawFinder.
Line: 166
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
int fd;
ssize_t numwrite;
snprintf(path, sizeof(path), PATH_TO_CPU "cpu%u/cpuidle/state%u/%s",
cpu, idlestate, fname);
fd = open(path, O_WRONLY);
if (fd == -1)
return 0;
Reported by FlawFinder.
Line: 361
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
int idlestates = 1;
snprintf(file, SYSFS_PATH_MAX, PATH_TO_CPU "cpuidle");
if (stat(file, &statbuf) != 0 || !S_ISDIR(statbuf.st_mode))
return 0;
snprintf(file, SYSFS_PATH_MAX, PATH_TO_CPU "cpu%u/cpuidle/state0", cpu);
if (stat(file, &statbuf) != 0 || !S_ISDIR(statbuf.st_mode))
Reported by FlawFinder.
Line: 365
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (stat(file, &statbuf) != 0 || !S_ISDIR(statbuf.st_mode))
return 0;
snprintf(file, SYSFS_PATH_MAX, PATH_TO_CPU "cpu%u/cpuidle/state0", cpu);
if (stat(file, &statbuf) != 0 || !S_ISDIR(statbuf.st_mode))
return 0;
while (stat(file, &statbuf) == 0 && S_ISDIR(statbuf.st_mode)) {
snprintf(file, SYSFS_PATH_MAX, PATH_TO_CPU
Reported by FlawFinder.
Line: 370
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
return 0;
while (stat(file, &statbuf) == 0 && S_ISDIR(statbuf.st_mode)) {
snprintf(file, SYSFS_PATH_MAX, PATH_TO_CPU
"cpu%u/cpuidle/state%d", cpu, idlestates);
idlestates++;
}
idlestates--;
return idlestates;
Reported by FlawFinder.
Line: 389
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
char path[SYSFS_PATH_MAX];
snprintf(path, sizeof(path), PATH_TO_CPU "cpuidle/%s", fname);
return sysfs_read_file(path, buf, buflen);
}
Reported by FlawFinder.
Line: 23
Column: 7
CWE codes:
362
int fd;
ssize_t numread;
fd = open(path, O_RDONLY);
if (fd == -1)
return 0;
numread = read(fd, buf, buflen - 1);
if (numread < 1) {
Reported by FlawFinder.