The following issues were found
drivers/net/wireless/marvell/libertas_tf/cmd.c
7 issues
Line: 49
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint16_t copy_len;
copy_len = min(le16_to_cpu(buf->size), le16_to_cpu(resp->size));
memcpy(buf, resp, copy_len);
return 0;
}
EXPORT_SYMBOL_GPL(lbtf_cmd_copyback);
#define CHAN_TO_IDX(chan) ((chan) - 1)
Reported by FlawFinder.
Line: 89
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&cmd, 0, sizeof(cmd));
cmd.hdr.size = cpu_to_le16(sizeof(cmd));
memcpy(cmd.permanentaddr, priv->current_addr, ETH_ALEN);
ret = lbtf_cmd_with_response(priv, CMD_GET_HW_SPEC, &cmd);
if (ret)
goto out;
priv->fwcapinfo = le32_to_cpu(cmd.fwcapinfo);
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = sizeof(cmd) - sizeof(cmd.beacon) + beacon->len;
cmd.hdr.size = cpu_to_le16(size);
cmd.len = cpu_to_le16(beacon->len);
memcpy(cmd.beacon, (u8 *) beacon->data, beacon->len);
lbtf_cmd_async(priv, CMD_802_11_BEACON_SET, &cmd.hdr, size);
lbtf_deb_leave_args(LBTF_DEB_CMD, "ret %d", 0);
return 0;
Reported by FlawFinder.
Line: 329
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lbtf_deb_cmd("MULTICAST_ADR: setting %d addresses\n", cmd.nr_of_adrs);
memcpy(cmd.maclist, priv->multicastlist,
priv->nr_of_multicastmacaddr * ETH_ALEN);
lbtf_cmd_async(priv, CMD_MAC_MULTICAST_ADR, &cmd.hdr, sizeof(cmd));
lbtf_deb_leave(LBTF_DEB_CMD);
Reported by FlawFinder.
Line: 359
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd.hdr.size = cpu_to_le16(sizeof(cmd));
cmd.activate = activate ? 1 : 0;
if (activate)
memcpy(cmd.bssid, bssid, ETH_ALEN);
lbtf_cmd_async(priv, CMD_802_11_SET_BSSID, &cmd.hdr, sizeof(cmd));
lbtf_deb_leave(LBTF_DEB_CMD);
}
Reported by FlawFinder.
Line: 373
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd.hdr.size = cpu_to_le16(sizeof(cmd));
cmd.action = cpu_to_le16(CMD_ACT_SET);
memcpy(cmd.macadd, mac_addr, ETH_ALEN);
lbtf_cmd_async(priv, CMD_802_11_MAC_ADDRESS, &cmd.hdr, sizeof(cmd));
lbtf_deb_leave(LBTF_DEB_CMD);
return 0;
}
Reported by FlawFinder.
Line: 633
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmdnode->callback_arg = callback_arg;
/* Copy the incoming command to the buffer */
memcpy(cmdnode->cmdbuf, in_cmd, in_cmd_size);
/* Set sequence number, clean result, move to buffer */
priv->seqnum++;
cmdnode->cmdbuf->command = cpu_to_le16(command);
cmdnode->cmdbuf->size = cpu_to_le16(in_cmd_size);
Reported by FlawFinder.
drivers/s390/block/dasd_eckd.h
7 issues
Line: 385
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __attribute__ ((packed));
struct dasd_rssd_features {
char feature[256];
} __attribute__((packed));
struct dasd_rssd_messages {
__u16 length;
__u8 format;
Reported by FlawFinder.
Line: 394
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 code;
__u32 message_id;
__u8 flags;
char messages[4087];
} __packed;
/*
* Read Subsystem Data - Volume Storage Query
*/
Reported by FlawFinder.
Line: 459
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 unused0:5;
__u8 unused1;
} __packed header_flags;
char sfi_type[6]; /* Storage Facility Image Type (EBCDIC) */
char sfi_model[3]; /* Storage Facility Image Model (EBCDIC) */
__u8 sfi_seq_num[10]; /* Storage Facility Image Sequence Number */
__u8 reserved[7];
struct dasd_ext_pool_sum ext_pool_sum[448];
} __packed;
Reported by FlawFinder.
Line: 460
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 unused1;
} __packed header_flags;
char sfi_type[6]; /* Storage Facility Image Type (EBCDIC) */
char sfi_model[3]; /* Storage Facility Image Model (EBCDIC) */
__u8 sfi_seq_num[10]; /* Storage Facility Image Sequence Number */
__u8 reserved[7];
struct dasd_ext_pool_sum ext_pool_sum[448];
} __packed;
Reported by FlawFinder.
Line: 537
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char lss;
unsigned char volume;
unsigned char suborder;
unsigned char varies[5];
} __attribute__ ((packed));
/*
* Perform Subsystem Function - Set Subsystem Characteristics
*/
Reported by FlawFinder.
Line: 546
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dasd_psf_ssc_data {
unsigned char order;
unsigned char flags;
unsigned char cu_type[4];
unsigned char suborder;
unsigned char reserved[59];
} __attribute__((packed));
/* Maximum number of extents for a single Release Allocated Space command */
Reported by FlawFinder.
Line: 548
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char flags;
unsigned char cu_type[4];
unsigned char suborder;
unsigned char reserved[59];
} __attribute__((packed));
/* Maximum number of extents for a single Release Allocated Space command */
#define DASD_ECKD_RAS_EXTS_MAX 110U
Reported by FlawFinder.
drivers/s390/char/vmur.c
7 issues
Line: 879
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto fail_free_cdev;
if (urd->cdev->id.cu_type == READER_PUNCH_DEVTYPE) {
if (urd->class == DEV_CLASS_UR_I)
sprintf(node_id, "vmrdr-%s", dev_name(&cdev->dev));
if (urd->class == DEV_CLASS_UR_O)
sprintf(node_id, "vmpun-%s", dev_name(&cdev->dev));
} else if (urd->cdev->id.cu_type == PRINTER_DEVTYPE) {
sprintf(node_id, "vmprt-%s", dev_name(&cdev->dev));
} else {
Reported by FlawFinder.
Line: 881
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (urd->class == DEV_CLASS_UR_I)
sprintf(node_id, "vmrdr-%s", dev_name(&cdev->dev));
if (urd->class == DEV_CLASS_UR_O)
sprintf(node_id, "vmpun-%s", dev_name(&cdev->dev));
} else if (urd->cdev->id.cu_type == PRINTER_DEVTYPE) {
sprintf(node_id, "vmprt-%s", dev_name(&cdev->dev));
} else {
rc = -EOPNOTSUPP;
goto fail_free_cdev;
Reported by FlawFinder.
Line: 883
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (urd->class == DEV_CLASS_UR_O)
sprintf(node_id, "vmpun-%s", dev_name(&cdev->dev));
} else if (urd->cdev->id.cu_type == PRINTER_DEVTYPE) {
sprintf(node_id, "vmprt-%s", dev_name(&cdev->dev));
} else {
rc = -EOPNOTSUPP;
goto fail_free_cdev;
}
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct urdev *urdev_get_from_devno(u16 devno)
{
char bus_id[16];
struct ccw_device *cdev;
struct urdev *urd;
sprintf(bus_id, "0.0.%04x", devno);
cdev = get_ccwdev_by_busid(&ur_driver, bus_id);
Reported by FlawFinder.
Line: 150
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct ccw_device *cdev;
struct urdev *urd;
sprintf(bus_id, "0.0.%04x", devno);
cdev = get_ccwdev_by_busid(&ur_driver, bus_id);
if (!cdev)
return NULL;
urd = urdev_get_from_cdev(cdev);
put_device(&cdev->dev);
Reported by FlawFinder.
Line: 320
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
urd = urdev_get_from_cdev(to_ccwdev(dev));
if (!urd)
return -ENODEV;
rc = sprintf(buf, "%zu\n", urd->reclen);
urdev_put(urd);
return rc;
}
static DEVICE_ATTR(reclen, 0444, ur_attr_reclen_show, NULL);
Reported by FlawFinder.
Line: 844
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct urdev *urd;
int minor, major, rc;
char node_id[16];
TRACE("ur_set_online: cdev=%p\n", cdev);
mutex_lock(&vmur_mutex);
urd = urdev_get_from_cdev(cdev);
Reported by FlawFinder.
drivers/scsi/elx/libefc/efclib.h
7 issues
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void (*release)(struct kref *arg);
struct efc *efc;
u32 instance_index;
char display_name[EFC_NAME_LENGTH];
bool is_vport;
bool free_req_pending;
bool attached;
bool p2p_winner;
struct efc_domain *domain;
Reported by FlawFinder.
Line: 209
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct efc_domain {
struct efc *efc;
char display_name[EFC_NAME_LENGTH];
struct list_head nport_list;
struct kref ref;
void (*release)(struct kref *arg);
void *ini_domain;
void *tgt_domain;
Reported by FlawFinder.
Line: 319
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct efc_node {
struct efc *efc;
char display_name[EFC_NAME_LENGTH];
struct efc_nport *nport;
struct kref ref;
void (*release)(struct kref *arg);
bool hold_frames;
bool els_io_enabled;
Reported by FlawFinder.
Line: 361
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 els_cmpl_cnt;
u32 abort_cnt;
char current_state_name[EFC_SM_NAME_LENGTH];
char prev_state_name[EFC_SM_NAME_LENGTH];
int current_evt;
int prev_evt;
void (*nodedb_state)(struct efc_sm_ctx *ctx,
Reported by FlawFinder.
Line: 362
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 abort_cnt;
char current_state_name[EFC_SM_NAME_LENGTH];
char prev_state_name[EFC_SM_NAME_LENGTH];
int current_evt;
int prev_evt;
void (*nodedb_state)(struct efc_sm_ctx *ctx,
u32 evt, void *arg);
Reported by FlawFinder.
Line: 371
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct timer_list gidpt_delay_timer;
u64 time_last_gidpt_msec;
char wwnn[EFC_WWN_LENGTH];
char wwpn[EFC_WWN_LENGTH];
};
/**
* NPIV port
Reported by FlawFinder.
Line: 372
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 time_last_gidpt_msec;
char wwnn[EFC_WWN_LENGTH];
char wwpn[EFC_WWN_LENGTH];
};
/**
* NPIV port
*
Reported by FlawFinder.
drivers/scsi/esas2r/esas2r.h
7 issues
Line: 338
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* PCI data structure in expansion ROM images */
struct __packed esas2r_boot_header {
char signature[4];
u16 vendor_id;
u16 device_id;
u16 VPD;
u16 struct_length;
u8 struct_revision;
Reported by FlawFinder.
Line: 737
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 dev_ix;
u8 part_num;
u8 raid_grp_ix;
char raid_grp_name[16];
struct esas2r_target *curr_targ;
u16 curr_virt_id;
u16 curr_phys_id;
u8 scan_gen;
u8 dev_addr_type;
Reported by FlawFinder.
Line: 897
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 disc_start_time;
u32 disc_wait_time;
u32 flash_ver;
char flash_rev[16];
char fw_rev[16];
char image_type[16];
struct esas2r_flash_context flash_context;
u32 num_targets_backend;
u32 ioctl_tunnel;
Reported by FlawFinder.
Line: 898
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 disc_wait_time;
u32 flash_ver;
char flash_rev[16];
char fw_rev[16];
char image_type[16];
struct esas2r_flash_context flash_context;
u32 num_targets_backend;
u32 ioctl_tunnel;
struct tasklet_struct tasklet;
Reported by FlawFinder.
Line: 899
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 flash_ver;
char flash_rev[16];
char fw_rev[16];
char image_type[16];
struct esas2r_flash_context flash_context;
u32 num_targets_backend;
u32 ioctl_tunnel;
struct tasklet_struct tasklet;
struct pci_dev *pcid;
Reported by FlawFinder.
Line: 907
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pci_dev *pcid;
struct Scsi_Host *host;
unsigned int index;
char name[32];
struct timer_list timer;
struct esas2r_firmware firmware;
wait_queue_head_t nvram_waiter;
int nvram_command_done;
wait_queue_head_t fm_api_waiter;
Reported by FlawFinder.
Line: 932
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head fw_event_list;
spinlock_t fw_event_lock;
u8 fw_events_off; /* if '1', then ignore events */
char fw_event_q_name[ESAS2R_KOBJ_NAME_LEN];
/*
* intr_mode stores the interrupt mode currently being used by this
* adapter. it is based on the interrupt_mode module parameter, but
* can be changed based on the ability (or not) to utilize the
* mode requested by the parameter.
Reported by FlawFinder.
drivers/scsi/lpfc/lpfc_nportdisc.c
7 issues
Line: 151
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(hsp->cmn.bbRcvSizeMsb & 0x0F);
}
memcpy(&ndlp->nlp_nodename, &sp->nodeName, sizeof (struct lpfc_name));
memcpy(&ndlp->nlp_portname, &sp->portName, sizeof (struct lpfc_name));
return 1;
bad_service_param:
lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,
"0207 Device %x "
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(&ndlp->nlp_nodename, &sp->nodeName, sizeof (struct lpfc_name));
memcpy(&ndlp->nlp_portname, &sp->portName, sizeof (struct lpfc_name));
return 1;
bad_service_param:
lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,
"0207 Device %x "
"(%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x) sent "
Reported by FlawFinder.
Line: 485
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
phba->fc_edtov = ed_tov;
phba->fc_ratov = (2 * phba->fc_edtov) / 1000;
memcpy(&phba->fc_fabparam, sp, sizeof(struct serv_parm));
/* Issue CONFIG_LINK for SLI3 or REG_VFI for SLI4,
* to account for updated TOV's / parameters
*/
if (phba->sli_rev == LPFC_SLI_REV4)
Reported by FlawFinder.
Line: 530
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
/* Save info from cmd IOCB to be used in rsp after all mbox completes */
memcpy((uint8_t *)save_iocb, (uint8_t *)cmdiocb,
sizeof(struct lpfc_iocbq));
/* Registering an existing RPI behaves differently for SLI3 vs SLI4 */
if (phba->sli_rev == LPFC_SLI_REV4)
lpfc_unreg_rpi(vport, ndlp);
Reported by FlawFinder.
Line: 715
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (elsiocb) {
/* Save info from cmd IOCB used in rsp */
memcpy((uint8_t *)elsiocb, (uint8_t *)cmdiocb,
sizeof(struct lpfc_iocbq));
/* Save the ELS cmd */
elsiocb->drvrTimeout = cmd;
Reported by FlawFinder.
Line: 1388
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
phba->fc_edtov = ed_tov;
phba->fc_ratov = (2 * phba->fc_edtov) / 1000;
memcpy(&phba->fc_fabparam, sp, sizeof(struct serv_parm));
/* Issue config_link / reg_vfi to account for updated TOV's */
if (phba->sli_rev == LPFC_SLI_REV4) {
lpfc_issue_reg_vfi(vport);
} else {
Reported by FlawFinder.
Line: 1436
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case NameServer_DID:
mbox->mbox_cmpl = lpfc_mbx_cmpl_ns_reg_login;
/* Fabric Controller Node needs these parameters. */
memcpy(&ndlp->fc_sparam, sp, sizeof(struct serv_parm));
break;
case FDMI_DID:
mbox->mbox_cmpl = lpfc_mbx_cmpl_fdmi_reg_login;
break;
default:
Reported by FlawFinder.
drivers/s390/net/ctcm_main.c
7 issues
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void channel_remove(struct channel *ch)
{
struct channel **c = &channels;
char chid[CTCM_ID_SIZE+1];
int ok = 0;
if (ch == NULL)
return;
else
Reported by FlawFinder.
Line: 491
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
header.length = l;
header.type = be16_to_cpu(skb->protocol);
header.unused = 0;
memcpy(skb_push(skb, LL_HEADER_LENGTH), &header,
LL_HEADER_LENGTH);
skb_queue_tail(&ch->collect_queue, skb);
ch->collect_len += l;
}
spin_unlock_irqrestore(&ch->collect_lock, saveflags);
Reported by FlawFinder.
Line: 509
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
header.length = skb->len + LL_HEADER_LENGTH;
header.type = be16_to_cpu(skb->protocol);
header.unused = 0;
memcpy(skb_push(skb, LL_HEADER_LENGTH), &header, LL_HEADER_LENGTH);
block_len = skb->len + 2;
*((__u16 *)skb_push(skb, 2)) = block_len;
/*
* IDAL support in CTCM is broken, so we have to
Reported by FlawFinder.
Line: 1211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy interruption response block. */
memcpy(ch->irb, irb, sizeof(struct irb));
/* Issue error message and return on subchannel error code */
if (irb->scsw.cmd.cstat) {
fsm_event(ch->fsm, CTC_EVENT_SC_UNKNOWN, ch);
CTCM_DBF_TEXT_(TRACE, CTC_DBF_WARN,
Reported by FlawFinder.
Line: 1484
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int ctcm_new_device(struct ccwgroup_device *cgdev)
{
char read_id[CTCM_ID_SIZE];
char write_id[CTCM_ID_SIZE];
int direction;
enum ctcm_channel_types type;
struct ctcm_priv *priv;
struct net_device *dev;
Reported by FlawFinder.
Line: 1485
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ctcm_new_device(struct ccwgroup_device *cgdev)
{
char read_id[CTCM_ID_SIZE];
char write_id[CTCM_ID_SIZE];
int direction;
enum ctcm_channel_types type;
struct ctcm_priv *priv;
struct net_device *dev;
struct ccw_device *cdev0;
Reported by FlawFinder.
Line: 209
Column: 3
CWE codes:
120
if (ch == NULL)
return;
else
strncpy(chid, ch->id, CTCM_ID_SIZE);
channel_free(ch);
while (*c) {
if (*c == ch) {
*c = ch->next;
Reported by FlawFinder.
drivers/power/supply/cros_usbpd-charger.c
7 issues
Line: 633
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
psy_cfg.drv_data = port;
if (cros_usbpd_charger_port_is_dedicated(port)) {
sprintf(port->name, CHARGER_DEDICATED_DIR_NAME);
psy_desc->type = POWER_SUPPLY_TYPE_MAINS;
psy_desc->properties =
cros_usbpd_dedicated_charger_props;
psy_desc->num_properties =
ARRAY_SIZE(cros_usbpd_dedicated_charger_props);
Reported by FlawFinder.
Line: 640
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
psy_desc->num_properties =
ARRAY_SIZE(cros_usbpd_dedicated_charger_props);
} else {
sprintf(port->name, CHARGER_USBPD_DIR_NAME, i);
psy_desc->type = POWER_SUPPLY_TYPE_USB;
psy_desc->properties = cros_usbpd_charger_props;
psy_desc->num_properties =
ARRAY_SIZE(cros_usbpd_charger_props);
psy_desc->usb_types = cros_usbpd_charger_usb_types;
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct port_data {
int port_number;
char name[CHARGER_DIR_NAME_LENGTH];
char manufacturer[CHARGER_MANUFACTURER_MODEL_LENGTH];
char model_name[CHARGER_MANUFACTURER_MODEL_LENGTH];
struct power_supply *psy;
struct power_supply_desc psy_desc;
int psy_usb_type;
Reported by FlawFinder.
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct port_data {
int port_number;
char name[CHARGER_DIR_NAME_LENGTH];
char manufacturer[CHARGER_MANUFACTURER_MODEL_LENGTH];
char model_name[CHARGER_MANUFACTURER_MODEL_LENGTH];
struct power_supply *psy;
struct power_supply_desc psy_desc;
int psy_usb_type;
int psy_online;
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int port_number;
char name[CHARGER_DIR_NAME_LENGTH];
char manufacturer[CHARGER_MANUFACTURER_MODEL_LENGTH];
char model_name[CHARGER_MANUFACTURER_MODEL_LENGTH];
struct power_supply *psy;
struct power_supply_desc psy_desc;
int psy_usb_type;
int psy_online;
int psy_status;
Reported by FlawFinder.
Line: 117
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->insize = insize;
if (outsize)
memcpy(msg->data, outdata, outsize);
ret = cros_ec_cmd_xfer_status(charger->ec_device, msg);
if (ret >= 0 && insize)
memcpy(indata, msg->data, insize);
Reported by FlawFinder.
Line: 121
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = cros_ec_cmd_xfer_status(charger->ec_device, msg);
if (ret >= 0 && insize)
memcpy(indata, msg->data, insize);
kfree(msg);
return ret;
}
Reported by FlawFinder.
drivers/parisc/lba_pci.c
7 issues
Line: 1089
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p->end = extend_lmmio_len(p->start,
p->end, lba_len);
sprintf(lba_dev->hba.lmmio_name,
"PCI%02x LMMIO",
(int)lba_dev->hba.bus_num.start);
lba_dev->hba.lmmio_space_offset = p->start -
io->start;
r = &lba_dev->hba.lmmio_space;
Reported by FlawFinder.
Line: 1097
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
r = &lba_dev->hba.lmmio_space;
r->name = lba_dev->hba.lmmio_name;
} else if (!lba_dev->hba.elmmio_space.flags) {
sprintf(lba_dev->hba.elmmio_name,
"PCI%02x ELMMIO",
(int)lba_dev->hba.bus_num.start);
r = &lba_dev->hba.elmmio_space;
r->name = lba_dev->hba.elmmio_name;
} else {
Reported by FlawFinder.
Line: 1116
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case PAT_GMMIO:
/* MMIO space > 4GB phys addr; for 64-bit BAR */
sprintf(lba_dev->hba.gmmio_name, "PCI%02x GMMIO",
(int)lba_dev->hba.bus_num.start);
r = &lba_dev->hba.gmmio_space;
r->name = lba_dev->hba.gmmio_name;
r->start = p->start;
r->end = p->end;
Reported by FlawFinder.
Line: 1139
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
lba_dev->iop_base = ioremap(p->start, 64 * 1024 * 1024);
sprintf(lba_dev->hba.io_name, "PCI%02x Ports",
(int)lba_dev->hba.bus_num.start);
r = &lba_dev->hba.io_space;
r->name = lba_dev->hba.io_name;
r->start = HBA_PORT_BASE(lba_dev->hba.hba_num);
r->end = r->start + HBA_PORT_SPACE_SIZE - 1;
Reported by FlawFinder.
Line: 1197
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
** Legacy boxes but it's nice to see in /proc/iomem.
*/
r = &(lba_dev->hba.lmmio_space);
sprintf(lba_dev->hba.lmmio_name, "PCI%02x LMMIO",
(int)lba_dev->hba.bus_num.start);
r->name = lba_dev->hba.lmmio_name;
#if 1
/* We want the CPU -> IO routing of addresses.
Reported by FlawFinder.
Line: 1306
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
** an existing (but unused portion of) distributed range.
*/
r = &(lba_dev->hba.elmmio_space);
sprintf(lba_dev->hba.elmmio_name, "PCI%02x ELMMIO",
(int)lba_dev->hba.bus_num.start);
r->name = lba_dev->hba.elmmio_name;
#if 1
/* See comment which precedes call to sba_directed_lmmio() */
Reported by FlawFinder.
Line: 1328
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#endif
r = &(lba_dev->hba.io_space);
sprintf(lba_dev->hba.io_name, "PCI%02x Ports",
(int)lba_dev->hba.bus_num.start);
r->name = lba_dev->hba.io_name;
r->flags = IORESOURCE_IO;
r->start = READ_REG32(lba_dev->hba.base_addr + LBA_IOS_BASE) & ~1L;
r->end = r->start + (READ_REG32(lba_dev->hba.base_addr + LBA_IOS_MASK) ^ (HBA_PORT_SPACE_SIZE - 1));
Reported by FlawFinder.
drivers/power/supply/charger-manager.c
7 issues
Line: 1081
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct charger_regulator *charger
= container_of(attr, struct charger_regulator, attr_name);
return sprintf(buf, "%s\n", charger->regulator_name);
}
static ssize_t charger_state_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 1094
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!charger->externally_control)
state = regulator_is_enabled(charger->consumer);
return sprintf(buf, "%s\n", state ? "enabled" : "disabled");
}
static ssize_t charger_externally_control_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 1103
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct charger_regulator *charger = container_of(attr,
struct charger_regulator, attr_externally_control);
return sprintf(buf, "%d\n", charger->externally_control);
}
static ssize_t charger_externally_control_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 1519
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
platform_set_drvdata(pdev, cm);
memcpy(&cm->charger_psy_desc, &psy_default, sizeof(psy_default));
if (!desc->psy_name)
strncpy(cm->psy_name_buf, psy_default.name, PSY_NAME_MAX);
else
strncpy(cm->psy_name_buf, desc->psy_name, PSY_NAME_MAX);
Reported by FlawFinder.
Line: 1535
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!properties)
return -ENOMEM;
memcpy(properties, default_charger_props,
sizeof(enum power_supply_property) *
ARRAY_SIZE(default_charger_props));
num_properties = ARRAY_SIZE(default_charger_props);
/* Find which optional psy-properties are available */
Reported by FlawFinder.
Line: 1522
Column: 3
CWE codes:
120
memcpy(&cm->charger_psy_desc, &psy_default, sizeof(psy_default));
if (!desc->psy_name)
strncpy(cm->psy_name_buf, psy_default.name, PSY_NAME_MAX);
else
strncpy(cm->psy_name_buf, desc->psy_name, PSY_NAME_MAX);
cm->charger_psy_desc.name = cm->psy_name_buf;
/* Allocate for psy properties because they may vary */
Reported by FlawFinder.
Line: 1524
Column: 3
CWE codes:
120
if (!desc->psy_name)
strncpy(cm->psy_name_buf, psy_default.name, PSY_NAME_MAX);
else
strncpy(cm->psy_name_buf, desc->psy_name, PSY_NAME_MAX);
cm->charger_psy_desc.name = cm->psy_name_buf;
/* Allocate for psy properties because they may vary */
properties = devm_kcalloc(&pdev->dev,
ARRAY_SIZE(default_charger_props) +
Reported by FlawFinder.