The following issues were found
drivers/hid/hid-wiimote-modules.c
7 issues
Line: 1456
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (j = 0; j < 4; ++j) {
val = wdata->state.calib_bboard[j][i];
if (i == 2 && j == 3)
ret += sprintf(&out[ret], "%04x\n", val);
else
ret += sprintf(&out[ret], "%04x:", val);
}
}
Reported by FlawFinder.
Line: 1458
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (i == 2 && j == 3)
ret += sprintf(&out[ret], "%04x\n", val);
else
ret += sprintf(&out[ret], "%04x:", val);
}
}
return ret;
}
Reported by FlawFinder.
Line: 1821
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int r;
r = 0;
r += sprintf(&out[r], "%+06hd:", wdata->state.calib_pro_sticks[0]);
r += sprintf(&out[r], "%+06hd ", wdata->state.calib_pro_sticks[1]);
r += sprintf(&out[r], "%+06hd:", wdata->state.calib_pro_sticks[2]);
r += sprintf(&out[r], "%+06hd\n", wdata->state.calib_pro_sticks[3]);
return r;
Reported by FlawFinder.
Line: 1822
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
r = 0;
r += sprintf(&out[r], "%+06hd:", wdata->state.calib_pro_sticks[0]);
r += sprintf(&out[r], "%+06hd ", wdata->state.calib_pro_sticks[1]);
r += sprintf(&out[r], "%+06hd:", wdata->state.calib_pro_sticks[2]);
r += sprintf(&out[r], "%+06hd\n", wdata->state.calib_pro_sticks[3]);
return r;
}
Reported by FlawFinder.
Line: 1823
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
r = 0;
r += sprintf(&out[r], "%+06hd:", wdata->state.calib_pro_sticks[0]);
r += sprintf(&out[r], "%+06hd ", wdata->state.calib_pro_sticks[1]);
r += sprintf(&out[r], "%+06hd:", wdata->state.calib_pro_sticks[2]);
r += sprintf(&out[r], "%+06hd\n", wdata->state.calib_pro_sticks[3]);
return r;
}
Reported by FlawFinder.
Line: 1824
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
r += sprintf(&out[r], "%+06hd:", wdata->state.calib_pro_sticks[0]);
r += sprintf(&out[r], "%+06hd ", wdata->state.calib_pro_sticks[1]);
r += sprintf(&out[r], "%+06hd:", wdata->state.calib_pro_sticks[2]);
r += sprintf(&out[r], "%+06hd\n", wdata->state.calib_pro_sticks[3]);
return r;
}
static ssize_t wiimod_pro_calib_store(struct device *dev,
Reported by FlawFinder.
Line: 342
Column: 18
CWE codes:
126
struct wiimote_data *wdata)
{
struct device *dev = &wdata->hdev->dev;
size_t namesz = strlen(dev_name(dev)) + 9;
struct led_classdev *led;
unsigned long flags;
char *name;
int ret;
Reported by FlawFinder.
drivers/infiniband/hw/mlx4/sysfs.c
7 issues
Line: 226
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int add_port_entries(struct mlx4_ib_dev *device, int port_num)
{
int i;
char buff[11];
struct mlx4_ib_iov_port *port = NULL;
int ret = 0 ;
struct ib_port_attr attr;
memset(&attr, 0, sizeof(attr));
Reported by FlawFinder.
Line: 253
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = -ENOMEM;
goto err;
}
sprintf(buff, "%d", port_num);
port->cur_port = kobject_create_and_add(buff,
kobject_get(device->ports_parent));
if (!port->cur_port) {
ret = -ENOMEM;
goto kobj_create_err;
Reported by FlawFinder.
Line: 268
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto err_admin_guids;
}
for (i = 0 ; i < attr.gid_tbl_len; i++) {
sprintf(buff, "%d", i);
port->dentr_ar->dentries[i].entry_num = i;
ret = create_sysfs_entry(port, &port->dentr_ar->dentries[i],
buff, port->admin_alias_parent,
show_admin_alias_guid, store_admin_alias_guid);
if (ret)
Reported by FlawFinder.
Line: 286
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0 ; i < attr.gid_tbl_len; i++) {
sprintf(buff, "%d", i);
port->dentr_ar->dentries[attr.gid_tbl_len + i].entry_num = i;
ret = create_sysfs_entry(port,
&port->dentr_ar->dentries[attr.gid_tbl_len + i],
buff,
port->gids_parent, show_port_gid, NULL);
Reported by FlawFinder.
Line: 305
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0 ; i < attr.pkey_tbl_len; i++) {
sprintf(buff, "%d", i);
port->dentr_ar->dentries[2 * attr.gid_tbl_len + i].entry_num = i;
ret = create_sysfs_entry(port,
&port->dentr_ar->dentries[2 * attr.gid_tbl_len + i],
buff, port->pkeys_parent,
show_phys_port_pkey, NULL);
Reported by FlawFinder.
Line: 437
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct port_table_attribute {
struct port_attribute attr;
char name[8];
int index;
};
static ssize_t show_port_pkey(struct mlx4_port *p, struct port_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 696
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int register_one_pkey_tree(struct mlx4_ib_dev *dev, int slave)
{
char name[32];
int err;
int port;
struct kobject *p, *t;
struct mlx4_port *mport;
struct mlx4_active_ports actv_ports;
Reported by FlawFinder.
drivers/input/touchscreen/wacom_w8001.c
7 issues
Line: 92
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int id;
int idx;
unsigned char response_type;
unsigned char response[W8001_MAX_LENGTH];
unsigned char data[W8001_MAX_LENGTH];
char phys[W8001_MAX_PHYS];
int type;
unsigned int pktlen;
u16 max_touch_x;
Reported by FlawFinder.
Line: 93
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int idx;
unsigned char response_type;
unsigned char response[W8001_MAX_LENGTH];
unsigned char data[W8001_MAX_LENGTH];
char phys[W8001_MAX_PHYS];
int type;
unsigned int pktlen;
u16 max_touch_x;
u16 max_touch_y;
Reported by FlawFinder.
Line: 94
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char response_type;
unsigned char response[W8001_MAX_LENGTH];
unsigned char data[W8001_MAX_LENGTH];
char phys[W8001_MAX_PHYS];
int type;
unsigned int pktlen;
u16 max_touch_x;
u16 max_touch_y;
u16 max_pen_x;
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 max_touch_y;
u16 max_pen_x;
u16 max_pen_y;
char pen_name[64];
char touch_name[64];
int open_count;
struct mutex mutex;
};
Reported by FlawFinder.
Line: 102
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 max_pen_x;
u16 max_pen_y;
char pen_name[64];
char touch_name[64];
int open_count;
struct mutex mutex;
};
static void parse_pen_data(u8 *data, struct w8001_coord *coord)
Reported by FlawFinder.
Line: 335
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
w8001->idx = 0;
memcpy(w8001->response, w8001->data, W8001_MAX_LENGTH);
w8001->response_type = W8001_QUERY_PACKET;
complete(&w8001->cmd_done);
break;
/* 2 finger touch packet */
Reported by FlawFinder.
Line: 598
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct w8001 *w8001;
struct input_dev *input_dev_pen;
struct input_dev *input_dev_touch;
char basename[64];
int err, err_pen, err_touch;
w8001 = kzalloc(sizeof(struct w8001), GFP_KERNEL);
input_dev_pen = input_allocate_device();
input_dev_touch = input_allocate_device();
Reported by FlawFinder.
drivers/iio/accel/sca3000.c
7 issues
Line: 457
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sca3000_state *st = iio_priv(indio_dev);
int len;
len = sprintf(buf, "%d", st->info->measurement_mode_3db_freq);
if (st->info->option_mode_1)
len += sprintf(buf + len, " %d",
st->info->option_mode_1_3db_freq);
if (st->info->option_mode_2)
len += sprintf(buf + len, " %d",
Reported by FlawFinder.
Line: 459
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len = sprintf(buf, "%d", st->info->measurement_mode_3db_freq);
if (st->info->option_mode_1)
len += sprintf(buf + len, " %d",
st->info->option_mode_1_3db_freq);
if (st->info->option_mode_2)
len += sprintf(buf + len, " %d",
st->info->option_mode_2_3db_freq);
len += sprintf(buf + len, "\n");
Reported by FlawFinder.
Line: 462
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len += sprintf(buf + len, " %d",
st->info->option_mode_1_3db_freq);
if (st->info->option_mode_2)
len += sprintf(buf + len, " %d",
st->info->option_mode_2_3db_freq);
len += sprintf(buf + len, "\n");
return len;
}
Reported by FlawFinder.
Line: 833
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (val & SCA3000_REG_MODE_MODE_MASK) {
case SCA3000_REG_MODE_MEAS_MODE_NORMAL:
len += sprintf(buf + len, "%d %d %d\n",
st->info->measurement_mode_freq,
st->info->measurement_mode_freq / 2,
st->info->measurement_mode_freq / 4);
break;
case SCA3000_REG_MODE_MEAS_MODE_OP_1:
Reported by FlawFinder.
Line: 839
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
st->info->measurement_mode_freq / 4);
break;
case SCA3000_REG_MODE_MEAS_MODE_OP_1:
len += sprintf(buf + len, "%d %d %d\n",
st->info->option_mode_1_freq,
st->info->option_mode_1_freq / 2,
st->info->option_mode_1_freq / 4);
break;
case SCA3000_REG_MODE_MEAS_MODE_OP_2:
Reported by FlawFinder.
Line: 845
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
st->info->option_mode_1_freq / 4);
break;
case SCA3000_REG_MODE_MEAS_MODE_OP_2:
len += sprintf(buf + len, "%d %d %d\n",
st->info->option_mode_2_freq,
st->info->option_mode_2_freq / 2,
st->info->option_mode_2_freq / 4);
break;
}
Reported by FlawFinder.
Line: 464
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (st->info->option_mode_2)
len += sprintf(buf + len, " %d",
st->info->option_mode_2_3db_freq);
len += sprintf(buf + len, "\n");
return len;
}
static IIO_DEVICE_ATTR(in_accel_filter_low_pass_3db_frequency_available,
Reported by FlawFinder.
drivers/gpu/drm/i915/gvt/firmware.c
7 issues
Line: 237
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
firmware->mmio = mem;
sprintf(path, "%s/vid_0x%04x_did_0x%04x_rid_0x%02x.golden_hw_state",
GVT_FIRMWARE_PATH, pdev->vendor, pdev->device,
pdev->revision);
gvt_dbg_core("request hw state firmware %s...\n", path);
Reported by FlawFinder.
Line: 48
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 cfg_space_offset; /* offset in the file */
u64 mmio_size;
u64 mmio_offset; /* offset in the file */
unsigned char data[1];
};
#define dev_to_drm_minor(d) dev_get_drvdata((d))
static ssize_t
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct bin_attribute *attr, char *buf,
loff_t offset, size_t count)
{
memcpy(buf, attr->private + offset, count);
return count;
}
static struct bin_attribute firmware_attr = {
.attr = {.name = "gvt_firmware", .mode = (S_IRUSR)},
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < h->cfg_space_size; i += 4)
pci_read_config_dword(pdev, i, p + i);
memcpy(gvt->firmware.cfg_space, p, info->cfg_space_size);
p = firmware + h->mmio_offset;
/* Take a snapshot of hw mmio registers. */
intel_gvt_for_each_tracked_mmio(gvt, mmio_snapshot_handler, p);
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Take a snapshot of hw mmio registers. */
intel_gvt_for_each_tracked_mmio(gvt, mmio_snapshot_handler, p);
memcpy(gvt->firmware.mmio, p, info->mmio_size);
crc32_start = offsetof(struct gvt_firmware_header, crc32) + 4;
h->crc32 = crc32_le(0, firmware + crc32_start, size - crc32_start);
firmware_attr.size = size;
Reported by FlawFinder.
Line: 259
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h = (struct gvt_firmware_header *)fw->data;
memcpy(firmware->cfg_space, fw->data + h->cfg_space_offset,
h->cfg_space_size);
memcpy(firmware->mmio, fw->data + h->mmio_offset,
h->mmio_size);
release_firmware(fw);
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(firmware->cfg_space, fw->data + h->cfg_space_offset,
h->cfg_space_size);
memcpy(firmware->mmio, fw->data + h->mmio_offset,
h->mmio_size);
release_firmware(fw);
firmware->firmware_loaded = true;
return 0;
Reported by FlawFinder.
drivers/hwmon/thmc50.c
7 issues
Line: 122
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct thmc50_data *data = thmc50_update_device(dev);
return sprintf(buf, "%d\n", data->analog_out);
}
static ssize_t analog_out_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 159
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t pwm_mode_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "0\n");
}
/* Temperatures */
static ssize_t temp_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 168
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct thmc50_data *data = thmc50_update_device(dev);
return sprintf(buf, "%d\n", data->temp_input[nr] * 1000);
}
static ssize_t temp_min_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 176
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct thmc50_data *data = thmc50_update_device(dev);
return sprintf(buf, "%d\n", data->temp_min[nr] * 1000);
}
static ssize_t temp_min_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 206
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct thmc50_data *data = thmc50_update_device(dev);
return sprintf(buf, "%d\n", data->temp_max[nr] * 1000);
}
static ssize_t temp_max_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 236
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct thmc50_data *data = thmc50_update_device(dev);
return sprintf(buf, "%d\n", data->temp_critical[nr] * 1000);
}
static ssize_t alarm_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 245
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int index = to_sensor_dev_attr(attr)->index;
struct thmc50_data *data = thmc50_update_device(dev);
return sprintf(buf, "%u\n", (data->alarms >> index) & 1);
}
static SENSOR_DEVICE_ATTR_RO(temp1_input, temp, 0);
static SENSOR_DEVICE_ATTR_RW(temp1_min, temp_min, 0);
static SENSOR_DEVICE_ATTR_RW(temp1_max, temp_max, 0);
Reported by FlawFinder.
drivers/md/dm-verity-target.c
7 issues
Line: 216
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
unsigned long long block)
{
char verity_env[DM_VERITY_ENV_LENGTH];
char *envp[] = { verity_env, NULL };
const char *type_str = "";
struct mapped_device *md = dm_table_get_md(v->ti->table);
/* Corruption should be visible in device status in all modes */
Reported by FlawFinder.
Line: 322
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
data += offset;
memcpy(want_digest, data, v->digest_size);
r = 0;
release_ret_r:
dm_bufio_release(buf);
return r;
Reported by FlawFinder.
Line: 352
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(digest, v->root_digest, v->digest_size);
for (i = v->levels - 1; i >= 0; i--) {
r = verity_verify_level(v, io, block, i, false, digest);
if (unlikely(r))
goto out;
Reported by FlawFinder.
Line: 1138
Column: 6
CWE codes:
126
r = -ENOMEM;
goto bad;
}
if (strlen(argv[8]) != v->digest_size * 2 ||
hex2bin(v->root_digest, argv[8], v->digest_size)) {
ti->error = "Invalid root digest";
r = -EINVAL;
goto bad;
}
Reported by FlawFinder.
Line: 1147
Column: 18
CWE codes:
126
root_hash_digest_to_validate = argv[8];
if (strcmp(argv[9], "-")) {
v->salt_size = strlen(argv[9]) / 2;
v->salt = kmalloc(v->salt_size, GFP_KERNEL);
if (!v->salt) {
ti->error = "Cannot allocate salt";
r = -ENOMEM;
goto bad;
Reported by FlawFinder.
Line: 1154
Column: 7
CWE codes:
126
r = -ENOMEM;
goto bad;
}
if (strlen(argv[9]) != v->salt_size * 2 ||
hex2bin(v->salt, argv[9], v->salt_size)) {
ti->error = "Invalid salt";
r = -EINVAL;
goto bad;
}
Reported by FlawFinder.
Line: 1177
Column: 9
CWE codes:
126
/* Root hash signature is a optional parameter*/
r = verity_verify_root_hash(root_hash_digest_to_validate,
strlen(root_hash_digest_to_validate),
verify_args.sig,
verify_args.sig_size);
if (r < 0) {
ti->error = "Root hash verification failed";
goto bad;
Reported by FlawFinder.
drivers/mtd/nand/raw/mtk_nand.c
7 issues
Line: 688
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(nfc->buffer, 0xff, mtd->writesize + mtd->oobsize);
for (i = 0; i < chip->ecc.steps; i++) {
memcpy(mtk_data_ptr(chip, i), data_ptr(chip, buf, i),
chip->ecc.size);
if (start > i || i >= end)
continue;
Reported by FlawFinder.
Line: 697
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i == mtk_nand->bad_mark.sec)
mtk_nand->bad_mark.bm_swap(mtd, nfc->buffer, 1);
memcpy(mtk_oob_ptr(chip, i), oob_ptr(chip, i), fdm->reg_size);
/* program the CRC back to the OOB */
ret = mtk_nfc_sector_encode(chip, mtk_data_ptr(chip, i));
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 719
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(nfc->buffer, 0xff, mtd->writesize + mtd->oobsize);
for (i = 0; i < chip->ecc.steps; i++) {
if (buf)
memcpy(mtk_data_ptr(chip, i), data_ptr(chip, buf, i),
chip->ecc.size);
if (i == mtk_nand->bad_mark.sec)
mtk_nand->bad_mark.bm_swap(mtd, nfc->buffer, 1);
Reported by FlawFinder.
Line: 725
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i == mtk_nand->bad_mark.sec)
mtk_nand->bad_mark.bm_swap(mtd, nfc->buffer, 1);
memcpy(mtk_oob_ptr(chip, i), oob_ptr(chip, i), fdm->reg_size);
}
}
static inline void mtk_nfc_read_fdm(struct nand_chip *chip, u32 start,
u32 sectors)
Reported by FlawFinder.
Line: 856
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(nfc->buffer, buf, mtd->writesize);
mtk_nand->bad_mark.bm_swap(mtd, nfc->buffer, raw);
bufpoi = nfc->buffer;
/* write OOB into the FDM registers (OOB area in MTK NAND) */
mtk_nfc_write_fdm(chip);
Reported by FlawFinder.
Line: 1070
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
for (i = 0; i < chip->ecc.steps; i++) {
memcpy(oob_ptr(chip, i), mtk_oob_ptr(chip, i), fdm->reg_size);
if (i == mtk_nand->bad_mark.sec)
mtk_nand->bad_mark.bm_swap(mtd, nfc->buffer, 1);
if (buf)
Reported by FlawFinder.
Line: 1076
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mtk_nand->bad_mark.bm_swap(mtd, nfc->buffer, 1);
if (buf)
memcpy(data_ptr(chip, buf, i), mtk_data_ptr(chip, i),
chip->ecc.size);
}
return ret;
}
Reported by FlawFinder.
drivers/memory/brcmstb_dpfe.c
7 issues
Line: 707
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = __send_command(priv, command, response);
if (ret < 0)
return sprintf(buf, "ERROR: %s\n", get_error_text(-ret));
return 0;
}
static ssize_t show_info(struct device *dev, struct device_attribute *devattr,
Reported by FlawFinder.
Line: 414
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dev_emerg(priv->dev, "invalid message reply from DCPU: %#x\n",
response);
if (buf && size)
*size = sprintf(buf,
"FATAL: communication error with DCPU\n");
}
return ptr;
}
Reported by FlawFinder.
Line: 703
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int ret;
if (!priv)
return sprintf(buf, "ERROR: driver private data not set\n");
ret = __send_command(priv, command, response);
if (ret < 0)
return sprintf(buf, "ERROR: %s\n", get_error_text(-ret));
Reported by FlawFinder.
Line: 727
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
info = response[MSG_ARG0];
return sprintf(buf, "%u.%u.%u.%u\n",
(info >> 24) & 0xff,
(info >> 16) & 0xff,
(info >> 8) & 0xff,
info & 0xff);
}
Reported by FlawFinder.
Line: 762
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
thermal_offs = (mr4 >> DRAM_MR4_TH_OFFS) & DRAM_MR4_TH_OFFS_MASK;
tuf = (mr4 >> DRAM_MR4_TUF) & DRAM_MR4_TUF_MASK;
return sprintf(buf, "%#x %#x %#x %#x %#x %#x %#x\n",
readl_relaxed(info + DRAM_INFO_INTERVAL),
refresh, sr_abort, ppre, thermal_offs, tuf,
readl_relaxed(info + DRAM_INFO_ERROR));
}
Reported by FlawFinder.
Line: 822
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
DRAM_VENDOR_MASK;
err = readl_relaxed(info + DRAM_VENDOR_ERROR) & DRAM_VENDOR_MASK;
return sprintf(buf, "%#x %#x %#x %#x %#x\n", mr5, mr6, mr7, mr8, err);
}
static ssize_t show_dram(struct device *dev, struct device_attribute *devattr,
char *buf)
{
Reported by FlawFinder.
Line: 845
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mr8 = response[MSG_ARG0 + 4] & DRAM_DDR_INFO_MASK;
err = response[MSG_ARG0 + 5] & DRAM_DDR_INFO_MASK;
return sprintf(buf, "%#x %#x %#x %#x %#x %#x\n", mr4, mr5, mr6, mr7,
mr8, err);
}
static int brcmstb_dpfe_resume(struct platform_device *pdev)
{
Reported by FlawFinder.
drivers/media/usb/pvrusb2/pvrusb2-ctrl.c
7 issues
Line: 366
CWE codes:
476
*valptr = 0;
if (!names) namecnt = 0;
for (idx = 0; idx < namecnt; idx++) {
if (!names[idx]) continue;
slen = strlen(names[idx]);
if (slen != len) continue;
if (memcmp(names[idx],ptr,slen)) continue;
*valptr = idx;
return 0;
Reported by Cppcheck.
Line: 358
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *valptr,
const char * const *names, unsigned int namecnt)
{
char buf[33];
unsigned int slen;
unsigned int idx;
int negfl;
char *p2;
*valptr = 0;
Reported by FlawFinder.
Line: 379
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr++; len--;
}
if (len >= sizeof(buf)) return -EINVAL;
memcpy(buf,ptr,len);
buf[len] = 0;
*valptr = simple_strtol(buf,&p2,0);
if (negfl) *valptr = -(*valptr);
if (*p2) return -EINVAL;
return 1;
Reported by FlawFinder.
Line: 392
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *valptr,
const char **names,int valid_bits)
{
char buf[33];
unsigned int slen;
unsigned int idx;
char *p2;
int msk;
*valptr = 0;
Reported by FlawFinder.
Line: 409
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
}
if (len >= sizeof(buf)) return -EINVAL;
memcpy(buf,ptr,len);
buf[len] = 0;
*valptr = simple_strtol(buf,&p2,0);
if (*p2) return -EINVAL;
return 0;
}
Reported by FlawFinder.
Line: 367
Column: 10
CWE codes:
126
if (!names) namecnt = 0;
for (idx = 0; idx < namecnt; idx++) {
if (!names[idx]) continue;
slen = strlen(names[idx]);
if (slen != len) continue;
if (memcmp(names[idx],ptr,slen)) continue;
*valptr = idx;
return 0;
}
Reported by FlawFinder.
Line: 402
Column: 10
CWE codes:
126
if (!(msk & valid_bits)) continue;
valid_bits &= ~msk;
if (!names[idx]) continue;
slen = strlen(names[idx]);
if (slen != len) continue;
if (memcmp(names[idx],ptr,slen)) continue;
*valptr = msk;
return 0;
}
Reported by FlawFinder.