The following issues were found
drivers/usb/gadget/function/u_audio.c
7 issues
Line: 782
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strscpy(card->driver, card_name, sizeof(card->driver));
strscpy(card->shortname, card_name, sizeof(card->shortname));
sprintf(card->longname, "%s %i", card_name, card->dev->id);
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_CONTINUOUS,
NULL, 0, BUFF_SIZE_MAX);
err = snd_card_register(card);
Reported by FlawFinder.
Line: 192
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) {
if (unlikely(pending < req->actual)) {
memcpy(req->buf, runtime->dma_area + hw_ptr, pending);
memcpy(req->buf + pending, runtime->dma_area,
req->actual - pending);
} else {
memcpy(req->buf, runtime->dma_area + hw_ptr,
req->actual);
Reported by FlawFinder.
Line: 193
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) {
if (unlikely(pending < req->actual)) {
memcpy(req->buf, runtime->dma_area + hw_ptr, pending);
memcpy(req->buf + pending, runtime->dma_area,
req->actual - pending);
} else {
memcpy(req->buf, runtime->dma_area + hw_ptr,
req->actual);
}
Reported by FlawFinder.
Line: 196
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(req->buf + pending, runtime->dma_area,
req->actual - pending);
} else {
memcpy(req->buf, runtime->dma_area + hw_ptr,
req->actual);
}
} else {
if (unlikely(pending < req->actual)) {
memcpy(runtime->dma_area + hw_ptr, req->buf, pending);
Reported by FlawFinder.
Line: 201
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else {
if (unlikely(pending < req->actual)) {
memcpy(runtime->dma_area + hw_ptr, req->buf, pending);
memcpy(runtime->dma_area, req->buf + pending,
req->actual - pending);
} else {
memcpy(runtime->dma_area + hw_ptr, req->buf,
req->actual);
Reported by FlawFinder.
Line: 202
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
if (unlikely(pending < req->actual)) {
memcpy(runtime->dma_area + hw_ptr, req->buf, pending);
memcpy(runtime->dma_area, req->buf + pending,
req->actual - pending);
} else {
memcpy(runtime->dma_area + hw_ptr, req->buf,
req->actual);
}
Reported by FlawFinder.
Line: 205
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(runtime->dma_area, req->buf + pending,
req->actual - pending);
} else {
memcpy(runtime->dma_area + hw_ptr, req->buf,
req->actual);
}
}
/* update hw_ptr after data is copied to memory */
Reported by FlawFinder.
drivers/tty/n_tty.c
7 issues
Line: 113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char push:1;
/* shared by producer and consumer */
char read_buf[N_TTY_BUF_SIZE];
DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
unsigned char echo_buf[N_TTY_BUF_SIZE];
/* consumer-published */
size_t read_tail;
Reported by FlawFinder.
Line: 115
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* shared by producer and consumer */
char read_buf[N_TTY_BUF_SIZE];
DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
unsigned char echo_buf[N_TTY_BUF_SIZE];
/* consumer-published */
size_t read_tail;
size_t line_start;
Reported by FlawFinder.
Line: 176
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (n > size) {
tty_audit_add_data(tty, from, size);
memcpy(to, from, size);
zero_buffer(tty, from, size);
to += size;
n -= size;
from = ldata->read_buf;
}
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
tty_audit_add_data(tty, from, n);
memcpy(to, from, n);
zero_buffer(tty, from, n);
}
/**
* n_tty_kick_worker - start input worker (if required)
Reported by FlawFinder.
Line: 1484
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
memcpy(read_buf_addr(ldata, head), cp, n);
ldata->read_head += n;
cp += n;
count -= n;
head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
Reported by FlawFinder.
Line: 1491
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
memcpy(read_buf_addr(ldata, head), cp, n);
ldata->read_head += n;
}
static void
n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
Reported by FlawFinder.
Line: 1910
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n = min(*nr, n);
if (n) {
unsigned char *from = read_buf_addr(ldata, tail);
memcpy(*kbp, from, n);
is_eof = n == 1 && *from == EOF_CHAR(tty);
tty_audit_add_data(tty, from, n);
zero_buffer(tty, from, n);
smp_store_release(&ldata->read_tail, ldata->read_tail + n);
/* Turn single EOF into zero-length read */
Reported by FlawFinder.
drivers/tty/amiserial.c
7 issues
Line: 805
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (c <= 0) {
break;
}
memcpy(info->xmit.buf + info->xmit.head, buf, c);
info->xmit.head = ((info->xmit.head + c) &
(SERIAL_XMIT_SIZE-1));
buf += c;
count -= c;
ret += c;
Reported by FlawFinder.
Line: 1416
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline void line_info(struct seq_file *m, int line,
struct serial_state *state)
{
char stat_buf[30], control, status;
unsigned long flags;
seq_printf(m, "%d: uart:amiga_builtin", line);
local_irq_save(flags);
Reported by FlawFinder.
Line: 1429
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
stat_buf[0] = 0;
stat_buf[1] = 0;
if(!(control & SER_RTS))
strcat(stat_buf, "|RTS");
if(!(status & SER_CTS))
strcat(stat_buf, "|CTS");
if(!(control & SER_DTR))
strcat(stat_buf, "|DTR");
if(!(status & SER_DSR))
Reported by FlawFinder.
Line: 1431
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if(!(control & SER_RTS))
strcat(stat_buf, "|RTS");
if(!(status & SER_CTS))
strcat(stat_buf, "|CTS");
if(!(control & SER_DTR))
strcat(stat_buf, "|DTR");
if(!(status & SER_DSR))
strcat(stat_buf, "|DSR");
if(!(status & SER_DCD))
Reported by FlawFinder.
Line: 1433
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if(!(status & SER_CTS))
strcat(stat_buf, "|CTS");
if(!(control & SER_DTR))
strcat(stat_buf, "|DTR");
if(!(status & SER_DSR))
strcat(stat_buf, "|DSR");
if(!(status & SER_DCD))
strcat(stat_buf, "|CD");
Reported by FlawFinder.
Line: 1435
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if(!(control & SER_DTR))
strcat(stat_buf, "|DTR");
if(!(status & SER_DSR))
strcat(stat_buf, "|DSR");
if(!(status & SER_DCD))
strcat(stat_buf, "|CD");
if (state->quot)
seq_printf(m, " baud:%d", state->baud_base / state->quot);
Reported by FlawFinder.
Line: 1437
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if(!(status & SER_DSR))
strcat(stat_buf, "|DSR");
if(!(status & SER_DCD))
strcat(stat_buf, "|CD");
if (state->quot)
seq_printf(m, " baud:%d", state->baud_base / state->quot);
seq_printf(m, " tx:%d rx:%d", state->icount.tx, state->icount.rx);
Reported by FlawFinder.
drivers/thunderbolt/property.c
7 issues
Line: 88
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!property)
return NULL;
strcpy(property->key, key);
property->type = type;
INIT_LIST_HEAD(&property->list);
return property;
}
Reported by FlawFinder.
Line: 552
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
p->value.text = kzalloc(p->length * 4, GFP_KERNEL);
if (!p->value.text)
goto err_free;
strcpy(p->value.text, property->value.text);
break;
case TB_PROPERTY_TYPE_VALUE:
p->value.immediate = property->value.immediate;
break;
Reported by FlawFinder.
Line: 667
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -ENOMEM;
}
strcpy(property->value.text, text);
list_add_tail(&property->list, &parent->properties);
return 0;
}
EXPORT_SYMBOL_GPL(tb_property_add_text);
Reported by FlawFinder.
Line: 98
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct tb_property *tb_property_parse(const u32 *block, size_t block_len,
const struct tb_property_entry *entry)
{
char key[TB_PROPERTY_KEY_SIZE + 1];
struct tb_property *property;
struct tb_property_dir *dir;
if (!tb_property_entry_valid(entry, block_len))
return NULL;
Reported by FlawFinder.
Line: 631
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(property->value.data, buf, buflen);
list_add_tail(&property->list, &parent->properties);
return 0;
}
EXPORT_SYMBOL_GPL(tb_property_add_data);
Reported by FlawFinder.
Line: 76
Column: 16
CWE codes:
126
static bool tb_property_key_valid(const char *key)
{
return key && strlen(key) <= TB_PROPERTY_KEY_SIZE;
}
static struct tb_property *
tb_property_alloc(const char *key, enum tb_property_type type)
{
Reported by FlawFinder.
Line: 650
Column: 25
CWE codes:
126
const char *text)
{
/* Need to pad to dword boundary */
size_t size = round_up(strlen(text) + 1, 4);
struct tb_property *property;
if (!tb_property_key_valid(key))
return -EINVAL;
Reported by FlawFinder.
drivers/usb/host/xhci-dbgcap.c
7 issues
Line: 1004
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p = "unknown";
}
return sprintf(buf, "%s\n", p);
}
static ssize_t dbc_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 47
Column: 37
CWE codes:
126
/* Serial string: */
s_desc = (struct usb_string_descriptor *)strings->serial;
utf8s_to_utf16s(DBC_STRING_SERIAL, strlen(DBC_STRING_SERIAL),
UTF16_LITTLE_ENDIAN, (wchar_t *)s_desc->wData,
DBC_MAX_STRING_LENGTH);
s_desc->bLength = (strlen(DBC_STRING_SERIAL) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
Reported by FlawFinder.
Line: 51
Column: 22
CWE codes:
126
UTF16_LITTLE_ENDIAN, (wchar_t *)s_desc->wData,
DBC_MAX_STRING_LENGTH);
s_desc->bLength = (strlen(DBC_STRING_SERIAL) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
string_length = s_desc->bLength;
string_length <<= 8;
/* Product string: */
Reported by FlawFinder.
Line: 58
Column: 38
CWE codes:
126
/* Product string: */
s_desc = (struct usb_string_descriptor *)strings->product;
utf8s_to_utf16s(DBC_STRING_PRODUCT, strlen(DBC_STRING_PRODUCT),
UTF16_LITTLE_ENDIAN, (wchar_t *)s_desc->wData,
DBC_MAX_STRING_LENGTH);
s_desc->bLength = (strlen(DBC_STRING_PRODUCT) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
Reported by FlawFinder.
Line: 62
Column: 22
CWE codes:
126
UTF16_LITTLE_ENDIAN, (wchar_t *)s_desc->wData,
DBC_MAX_STRING_LENGTH);
s_desc->bLength = (strlen(DBC_STRING_PRODUCT) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
string_length += s_desc->bLength;
string_length <<= 8;
/* Manufacture string: */
Reported by FlawFinder.
Line: 70
Column: 4
CWE codes:
126
/* Manufacture string: */
s_desc = (struct usb_string_descriptor *)strings->manufacturer;
utf8s_to_utf16s(DBC_STRING_MANUFACTURER,
strlen(DBC_STRING_MANUFACTURER),
UTF16_LITTLE_ENDIAN, (wchar_t *)s_desc->wData,
DBC_MAX_STRING_LENGTH);
s_desc->bLength = (strlen(DBC_STRING_MANUFACTURER) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
Reported by FlawFinder.
Line: 74
Column: 22
CWE codes:
126
UTF16_LITTLE_ENDIAN, (wchar_t *)s_desc->wData,
DBC_MAX_STRING_LENGTH);
s_desc->bLength = (strlen(DBC_STRING_MANUFACTURER) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
string_length += s_desc->bLength;
string_length <<= 8;
/* String0: */
Reported by FlawFinder.
drivers/video/fbdev/mb862xx/mb862xxfbdrv.c
7 issues
Line: 432
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
fbi->screen_base = par->fb_base;
fbi->screen_size = par->mapped_vram;
strcpy(fbi->fix.id, DRV_NAME);
fbi->fix.smem_start = (unsigned long)par->fb_base_phys;
fbi->fix.mmio_start = (unsigned long)par->mmio_base_phys;
fbi->fix.mmio_len = par->mmio_len;
fbi->fix.accel = FB_ACCEL_NONE;
fbi->fix.type = FB_TYPE_PACKED_PIXELS;
Reported by FlawFinder.
Line: 554
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
unsigned int reg;
for (reg = GC_DCM0; reg <= GC_L0DY_L0DX; reg += 4)
ptr += sprintf(ptr, "%08x = %08x\n",
reg, inreg(disp, reg));
for (reg = GC_CPM_CUTC; reg <= GC_CUY1_CUX1; reg += 4)
ptr += sprintf(ptr, "%08x = %08x\n",
reg, inreg(disp, reg));
Reported by FlawFinder.
Line: 558
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg, inreg(disp, reg));
for (reg = GC_CPM_CUTC; reg <= GC_CUY1_CUX1; reg += 4)
ptr += sprintf(ptr, "%08x = %08x\n",
reg, inreg(disp, reg));
for (reg = GC_DCM1; reg <= GC_L0WH_L0WW; reg += 4)
ptr += sprintf(ptr, "%08x = %08x\n",
reg, inreg(disp, reg));
Reported by FlawFinder.
Line: 562
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg, inreg(disp, reg));
for (reg = GC_DCM1; reg <= GC_L0WH_L0WW; reg += 4)
ptr += sprintf(ptr, "%08x = %08x\n",
reg, inreg(disp, reg));
for (reg = 0x400; reg <= 0x410; reg += 4)
ptr += sprintf(ptr, "geo %08x = %08x\n",
reg, inreg(geo, reg));
Reported by FlawFinder.
Line: 566
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg, inreg(disp, reg));
for (reg = 0x400; reg <= 0x410; reg += 4)
ptr += sprintf(ptr, "geo %08x = %08x\n",
reg, inreg(geo, reg));
for (reg = 0x400; reg <= 0x410; reg += 4)
ptr += sprintf(ptr, "draw %08x = %08x\n",
reg, inreg(draw, reg));
Reported by FlawFinder.
Line: 570
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg, inreg(geo, reg));
for (reg = 0x400; reg <= 0x410; reg += 4)
ptr += sprintf(ptr, "draw %08x = %08x\n",
reg, inreg(draw, reg));
for (reg = 0x440; reg <= 0x450; reg += 4)
ptr += sprintf(ptr, "draw %08x = %08x\n",
reg, inreg(draw, reg));
Reported by FlawFinder.
Line: 574
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg, inreg(draw, reg));
for (reg = 0x440; reg <= 0x450; reg += 4)
ptr += sprintf(ptr, "draw %08x = %08x\n",
reg, inreg(draw, reg));
return ptr - buf;
}
Reported by FlawFinder.
drivers/thermal/intel/int340x_thermal/int3400_thermal.c
7 issues
Line: 147
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (priv->current_uuid_index == -1)
return sprintf(buf, "INVALID\n");
return sprintf(buf, "%s\n",
int3400_thermal_uuids[priv->current_uuid_index]);
}
static ssize_t current_uuid_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 33
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
INT3400_THERMAL_MAXIMUM_UUID,
};
static char *int3400_thermal_uuids[INT3400_THERMAL_MAXIMUM_UUID] = {
"42A441D6-AE6A-462b-A84B-4A8CE79027D3",
"3A95C389-E4B8-4629-A526-C52C88626BAE",
"97C68AE7-15FA-499c-B8C9-5DA81D606E0A",
"63BE270F-1C11-48FD-A6F7-3AF253FF3E2D",
"5349962F-71E6-431D-9AE8-0A635B710AEE",
Reported by FlawFinder.
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static ssize_t data_vault_read(struct file *file, struct kobject *kobj,
struct bin_attribute *attr, char *buf, loff_t off, size_t count)
{
memcpy(buf, attr->private + off, count);
return count;
}
static BIN_ATTR_RO(data_vault, 0);
Reported by FlawFinder.
Line: 125
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int length = 0;
if (!priv->uuid_bitmap)
return sprintf(buf, "UNKNOWN\n");
for (i = 0; i < INT3400_THERMAL_MAXIMUM_UUID; i++) {
if (priv->uuid_bitmap & (1 << i))
if (PAGE_SIZE - length > 0)
length += scnprintf(&buf[length],
Reported by FlawFinder.
Line: 145
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct int3400_thermal_priv *priv = dev_get_drvdata(dev);
if (priv->current_uuid_index == -1)
return sprintf(buf, "INVALID\n");
return sprintf(buf, "%s\n",
int3400_thermal_uuids[priv->current_uuid_index]);
}
Reported by FlawFinder.
Line: 279
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
odvp_attr = container_of(attr, struct odvp_attr, attr);
return sprintf(buf, "%d\n", odvp_attr->priv->odvp[odvp_attr->odvp]);
}
static void cleanup_odvp(struct int3400_thermal_priv *priv)
{
int i;
Reported by FlawFinder.
Line: 377
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *data)
{
struct int3400_thermal_priv *priv = data;
char *thermal_prop[5];
int therm_event;
if (!priv)
return;
Reported by FlawFinder.
drivers/soc/tegra/fuse/fuse-tegra.c
7 issues
Line: 27
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tegra_sku_info tegra_sku_info;
EXPORT_SYMBOL(tegra_sku_info);
static const char *tegra_revision_name[TEGRA_REVISION_MAX] = {
[TEGRA_REVISION_UNKNOWN] = "unknown",
[TEGRA_REVISION_A01] = "A01",
[TEGRA_REVISION_A02] = "A02",
[TEGRA_REVISION_A03] = "A03",
[TEGRA_REVISION_A03p] = "A03 prime",
Reported by FlawFinder.
Line: 309
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t major_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%d\n", tegra_get_major_rev());
}
static DEVICE_ATTR_RO(major);
static ssize_t minor_show(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 317
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t minor_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%d\n", tegra_get_minor_rev());
}
static DEVICE_ATTR_RO(minor);
static struct attribute *tegra_soc_attr[] = {
Reported by FlawFinder.
Line: 343
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* platform type is silicon and all other non-zero values indicate
* the type of simulation platform is being used.
*/
return sprintf(buf, "%d\n", tegra_get_platform());
}
static DEVICE_ATTR_RO(platform);
static struct attribute *tegra194_soc_attr[] = {
Reported by FlawFinder.
Line: 90
Column: 21
CWE codes:
120
20
u32 *buffer = value;
for (i = 0; i < count; i++)
buffer[i] = fuse->read(fuse, offset + i * 4);
return 0;
}
static const struct nvmem_cell_info tegra_fuse_cells[] = {
Reported by FlawFinder.
Line: 277
Column: 13
CWE codes:
120
20
int tegra_fuse_readl(unsigned long offset, u32 *value)
{
if (!fuse->read || !fuse->clk)
return -EPROBE_DEFER;
if (IS_ERR(fuse->clk))
return PTR_ERR(fuse->clk);
Reported by FlawFinder.
drivers/usb/misc/sisusbvga/sisusb.c
7 issues
Line: 382
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (fromkern) {
memcpy(buffer, kernbuffer, passsize);
kernbuffer += passsize;
}
retry = 5;
Reported by FlawFinder.
Line: 514
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(kernbuffer, buffer, thispass);
kernbuffer += thispass;
}
}
Reported by FlawFinder.
Line: 1111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ssize_t *bytes_read)
{
int ret = 0;
char buf[4];
u16 swap16;
u32 swap32;
(*bytes_read = 0);
Reported by FlawFinder.
Line: 1311
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void sisusb_testreadwrite(struct sisusb_usb_data *sisusb)
{
static u8 srcbuffer[] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 };
char destbuffer[10];
int i, j;
sisusb_copy_memory(sisusb, srcbuffer, sisusb->vrambase, 7);
for (i = 1; i <= 7; i++) {
Reported by FlawFinder.
Line: 2082
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 tmp8, tmp82, ramtype;
int bw = 0;
char *ramtypetext1 = NULL;
static const char ram_datarate[4] = {'S', 'S', 'D', 'D'};
static const char ram_dynamictype[4] = {'D', 'G', 'D', 'G'};
static const int busSDR[4] = {64, 64, 128, 128};
static const int busDDR[4] = {32, 32, 64, 64};
static const int busDDRA[4] = {64+32, 64+32, (64+32)*2, (64+32)*2};
Reported by FlawFinder.
Line: 2083
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int bw = 0;
char *ramtypetext1 = NULL;
static const char ram_datarate[4] = {'S', 'S', 'D', 'D'};
static const char ram_dynamictype[4] = {'D', 'G', 'D', 'G'};
static const int busSDR[4] = {64, 64, 128, 128};
static const int busDDR[4] = {32, 32, 64, 64};
static const int busDDRA[4] = {64+32, 64+32, (64+32)*2, (64+32)*2};
sisusb_getidxreg(sisusb, SISSR, 0x14, &tmp8);
Reported by FlawFinder.
Line: 2294
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 1;
for (i = 0; i < 256; i++)
memcpy(tempbuf + (i * 32), myfont->data + (i * 16), 16);
/* Upload default font */
ret = sisusbcon_do_font_op(sisusb, 1, 0, tempbuf, 8192,
0, 1, NULL, 16, 0);
Reported by FlawFinder.
drivers/target/target_core_iblock.c
7 issues
Line: 641
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ssize_t bl = 0;
if (bd)
bl += sprintf(b + bl, "iBlock device: %s",
bdevname(bd, buf));
if (ib_dev->ibd_flags & IBDF_HAS_UDEV_PATH)
bl += sprintf(b + bl, " UDEV PATH: %s",
ib_dev->ibd_udev_path);
bl += sprintf(b + bl, " readonly: %d\n", ib_dev->ibd_readonly);
Reported by FlawFinder.
Line: 644
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
bl += sprintf(b + bl, "iBlock device: %s",
bdevname(bd, buf));
if (ib_dev->ibd_flags & IBDF_HAS_UDEV_PATH)
bl += sprintf(b + bl, " UDEV PATH: %s",
ib_dev->ibd_udev_path);
bl += sprintf(b + bl, " readonly: %d\n", ib_dev->ibd_readonly);
bl += sprintf(b + bl, " ");
if (bd) {
Reported by FlawFinder.
Line: 650
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
bl += sprintf(b + bl, " ");
if (bd) {
bl += sprintf(b + bl, "Major: %d Minor: %d %s\n",
MAJOR(bd->bd_dev), MINOR(bd->bd_dev),
"CLAIMED: IBLOCK");
} else {
bl += sprintf(b + bl, "Major: 0 Minor: 0\n");
}
Reported by FlawFinder.
Line: 637
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct iblock_dev *ib_dev = IBLOCK_DEV(dev);
struct block_device *bd = ib_dev->ibd_bd;
char buf[BDEVNAME_SIZE];
ssize_t bl = 0;
if (bd)
bl += sprintf(b + bl, "iBlock device: %s",
bdevname(bd, buf));
Reported by FlawFinder.
Line: 646
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ib_dev->ibd_flags & IBDF_HAS_UDEV_PATH)
bl += sprintf(b + bl, " UDEV PATH: %s",
ib_dev->ibd_udev_path);
bl += sprintf(b + bl, " readonly: %d\n", ib_dev->ibd_readonly);
bl += sprintf(b + bl, " ");
if (bd) {
bl += sprintf(b + bl, "Major: %d Minor: %d %s\n",
MAJOR(bd->bd_dev), MINOR(bd->bd_dev),
Reported by FlawFinder.
Line: 648
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ib_dev->ibd_udev_path);
bl += sprintf(b + bl, " readonly: %d\n", ib_dev->ibd_readonly);
bl += sprintf(b + bl, " ");
if (bd) {
bl += sprintf(b + bl, "Major: %d Minor: %d %s\n",
MAJOR(bd->bd_dev), MINOR(bd->bd_dev),
"CLAIMED: IBLOCK");
} else {
Reported by FlawFinder.
Line: 654
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
MAJOR(bd->bd_dev), MINOR(bd->bd_dev),
"CLAIMED: IBLOCK");
} else {
bl += sprintf(b + bl, "Major: 0 Minor: 0\n");
}
return bl;
}
Reported by FlawFinder.