The following issues were found
drivers/s390/cio/cmf.c
7 issues
Line: 289
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
cmb_data = cdev->private->cmb;
hw_block = cmb_data->hw_block;
memcpy(cmb_data->last_block, hw_block, cmb_data->size);
cmb_data->last_update = get_tod_clock();
return 0;
}
struct copy_block_struct {
Reported by FlawFinder.
Line: 980
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t cmb_show_attr(struct device *dev, char *buf, enum cmb_index idx)
{
return sprintf(buf, "%lld\n",
(unsigned long long) cmf_read(to_ccwdev(dev), idx));
}
static ssize_t cmb_show_avg_sample_interval(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 1001
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else
interval = -1;
spin_unlock_irq(cdev->ccwlock);
return sprintf(buf, "%ld\n", interval);
}
static ssize_t cmb_show_avg_utilization(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 1010
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
unsigned long u = cmf_read(to_ccwdev(dev), avg_utilization);
return sprintf(buf, "%02lu.%01lu%%\n", u / 10, u % 10);
}
#define cmf_attr(name) \
static ssize_t show_##name(struct device *dev, \
struct device_attribute *attr, char *buf) \
Reported by FlawFinder.
Line: 1083
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ccw_device *cdev = to_ccwdev(dev);
return sprintf(buf, "%d\n", cmf_enabled(cdev));
}
static ssize_t cmb_enable_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t c)
Reported by FlawFinder.
Line: 109
Column: 9
CWE codes:
120
20
int (*alloc) (struct ccw_device *);
void (*free) (struct ccw_device *);
int (*set) (struct ccw_device *, u32);
u64 (*read) (struct ccw_device *, int);
int (*readall)(struct ccw_device *, struct cmbdata *);
void (*reset) (struct ccw_device *);
/* private: */
struct attribute_group *attr_group;
};
Reported by FlawFinder.
Line: 1212
Column: 17
CWE codes:
120
20
*/
u64 cmf_read(struct ccw_device *cdev, int index)
{
return cmbops->read(cdev, index);
}
/**
* cmf_readall() - read the current channel measurement block
* @cdev: the channel to be read
Reported by FlawFinder.
drivers/scsi/esas2r/esas2r_main.c
7 issues
Line: 748
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
}
}
sprintf(esas2r_info_str,
ESAS2R_LONGNAME " (bus 0x%02X, device 0x%02X, IRQ 0x%02X)"
" driver version: "ESAS2R_VERSION_STR " firmware version: "
"%s\n",
a->pcid->bus->number, a->pcid->devfn, a->pcid->irq,
a->fw_rev[0] ? a->fw_rev : "(none)");
Reported by FlawFinder.
Line: 136
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct esas2r_adapter *a = esas2r_adapter_from_kobj(kobj);
int length = min_t(size_t, sizeof(struct esas2r_sas_nvram), PAGE_SIZE);
memcpy(buf, a->nvram, length);
return length;
}
static ssize_t write_live_nvram(struct file *file, struct kobject *kobj,
struct bin_attribute *attr,
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (handle_hba_ioctl(a, a->local_atto_ioctl) != IOCTL_SUCCESS)
return -ENOMEM;
memcpy(buf, a->local_atto_ioctl, length);
return length;
}
static ssize_t write_hw(struct file *file, struct kobject *kobj,
Reported by FlawFinder.
Line: 208
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memset(a->local_atto_ioctl, 0, sizeof(struct atto_ioctl));
memcpy(a->local_atto_ioctl, buf, length);
return length;
}
#define ESAS2R_RW_BIN_ATTR(_name) \
Reported by FlawFinder.
Line: 712
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *esas2r_info(struct Scsi_Host *sh)
{
struct esas2r_adapter *a = (struct esas2r_adapter *)sh->hostdata;
static char esas2r_info_str[512];
esas2r_log_dev(ESAS2R_LOG_INFO, &(sh->shost_gendev),
"esas2r_info() called");
/*
Reported by FlawFinder.
Line: 851
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rq->vrq->scsi.flags |= cpu_to_le32(FCP_CMND_RDD);
}
memcpy(rq->vrq->scsi.cdb, cmd->cmnd, cmd->cmd_len);
rq->vrq->scsi.length = cpu_to_le32(bufflen);
rq->target_id = cmd->device->id;
rq->vrq->scsi.flags |= cpu_to_le32(cmd->device->lun);
rq->sense_buf = cmd->sense_buffer;
rq->sense_len = SCSI_SENSE_BUFFERSIZE;
Reported by FlawFinder.
Line: 1846
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ae->devfn = a->pcid->devfn;
memcpy(&ae->vda_ae, data, sizeof(ae->vda_ae));
} else {
memcpy(fw_event->data, data, data_sz);
}
fw_event->type = type;
fw_event->a = a;
Reported by FlawFinder.
drivers/net/xen-netback/xenbus.c
7 issues
Line: 879
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
"reading ring references");
return -ENOMEM;
}
strcpy(xspath, dev->otherend);
} else {
xspathsize = strlen(dev->otherend) + xenstore_path_ext_size;
xspath = kzalloc(xspathsize, GFP_KERNEL);
if (!xspath) {
xenbus_dev_fatal(dev, -ENOMEM,
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xenvif_queue *queue =
((struct seq_file *)filp->private_data)->private;
int len;
char write[BUFFER_SIZE];
/* don't allow partial writes and check the length */
if (*ppos != 0)
return 0;
if (count >= sizeof(write))
Reported by FlawFinder.
Line: 178
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
vif->xenvif_dbg_root = debugfs_create_dir(vif->dev->name,
xen_netback_dbg_root);
for (i = 0; i < vif->num_queues; ++i) {
char filename[sizeof("io_ring_q") + 4];
snprintf(filename, sizeof(filename), "io_ring_q%d", i);
debugfs_create_file(filename, 0600, vif->xenvif_dbg_root,
&vif->queues[i],
&xenvif_dbg_io_ring_ops_fops);
Reported by FlawFinder.
Line: 550
Column: 20
CWE codes:
126
{
int err = 0;
char *node;
unsigned maxlen = strlen(dev->nodename) + sizeof("/rate");
if (vif->credit_watch.node)
return -EADDRINUSE;
node = kmalloc(maxlen, GFP_KERNEL);
Reported by FlawFinder.
Line: 598
Column: 20
CWE codes:
126
{
int err = 0;
char *node;
unsigned maxlen = strlen(dev->otherend) +
sizeof("/request-multicast-control");
if (vif->mcast_ctrl_watch.node) {
pr_err_ratelimited("Watch is already registered\n");
return -EADDRINUSE;
Reported by FlawFinder.
Line: 873
Column: 20
CWE codes:
126
* queue-N.
*/
if (num_queues == 1) {
xspath = kzalloc(strlen(dev->otherend) + 1, GFP_KERNEL);
if (!xspath) {
xenbus_dev_fatal(dev, -ENOMEM,
"reading ring references");
return -ENOMEM;
}
Reported by FlawFinder.
Line: 881
Column: 16
CWE codes:
126
}
strcpy(xspath, dev->otherend);
} else {
xspathsize = strlen(dev->otherend) + xenstore_path_ext_size;
xspath = kzalloc(xspathsize, GFP_KERNEL);
if (!xspath) {
xenbus_dev_fatal(dev, -ENOMEM,
"reading ring references");
return -ENOMEM;
Reported by FlawFinder.
drivers/net/wireless/intersil/orinoco/orinoco_usb.c
7 issues
Line: 753
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
req->hermes_rid = cpu_to_le16(rid);
if (data)
memcpy(req->data, data, length);
return total_size;
}
static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
{
Reported by FlawFinder.
Line: 843
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
continue;
memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
if (variant_offset >= addr &&
variant_offset < addr + FW_BUF_SIZE) {
netdev_dbg(upriv->dev,
"Patching card_variant byte at 0x%04X\n",
variant_offset);
Reported by FlawFinder.
Line: 962
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (ans_buff)
memcpy(ans_buff, ans->data, min(exp_len, ans_size));
if (ans_length)
*ans_length = le16_to_cpu(ans->hermes_len);
}
exit:
ezusb_request_context_put(ctx);
Reported by FlawFinder.
Line: 1091
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"in rx frame\n");
return -EINVAL;
}
memcpy(buf, ans->data + offset, len);
return 0;
}
if (EZUSB_IS_INFO(id)) {
/* Include 4 bytes for length/type */
Reported by FlawFinder.
Line: 1102
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"in info frame\n");
return -EFAULT;
}
memcpy(buf, ans->data + offset - 4, len);
} else {
printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
return -EINVAL;
}
Reported by FlawFinder.
Line: 1288
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += sizeof(*tx_cntl);
}
memcpy(buf, skb->data, skb->len);
buf += skb->len;
if (tx_control & HERMES_TXCTRL_MIC) {
u8 *m = mic;
/* Mic has been offset so it can be copied to an even
Reported by FlawFinder.
Line: 1298
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* don't need to copy that first byte. */
if (skb->len % 2)
m++;
memcpy(buf, m, MICHAEL_MIC_LEN);
buf += MICHAEL_MIC_LEN;
}
/* Finally, we actually initiate the send */
netif_stop_queue(dev);
Reported by FlawFinder.
drivers/s390/cio/ccwgroup.c
7 issues
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __ccwgroup_remove_symlinks(struct ccwgroup_device *gdev)
{
int i;
char str[16];
for (i = 0; i < gdev->count; i++) {
sprintf(str, "cdev%d", i);
sysfs_remove_link(&gdev->dev.kobj, str);
sysfs_remove_link(&gdev->cdev[i]->dev.kobj, "group_device");
Reported by FlawFinder.
Line: 42
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char str[16];
for (i = 0; i < gdev->count; i++) {
sprintf(str, "cdev%d", i);
sysfs_remove_link(&gdev->dev.kobj, str);
sysfs_remove_link(&gdev->cdev[i]->dev.kobj, "group_device");
}
}
Reported by FlawFinder.
Line: 230
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __ccwgroup_create_symlinks(struct ccwgroup_device *gdev)
{
char str[16];
int i, rc;
for (i = 0; i < gdev->count; i++) {
rc = sysfs_create_link(&gdev->cdev[i]->dev.kobj,
&gdev->dev.kobj, "group_device");
Reported by FlawFinder.
Line: 244
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
for (i = 0; i < gdev->count; i++) {
sprintf(str, "cdev%d", i);
rc = sysfs_create_link(&gdev->dev.kobj,
&gdev->cdev[i]->dev.kobj, str);
if (rc) {
for (--i; i >= 0; i--) {
sprintf(str, "cdev%d", i);
Reported by FlawFinder.
Line: 249
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
&gdev->cdev[i]->dev.kobj, str);
if (rc) {
for (--i; i >= 0; i--) {
sprintf(str, "cdev%d", i);
sysfs_remove_link(&gdev->dev.kobj, str);
}
for (i = 0; i < gdev->count; i++)
sysfs_remove_link(&gdev->cdev[i]->dev.kobj,
"group_device");
Reported by FlawFinder.
Line: 274
Column: 9
CWE codes:
126
end = strchr(start, '\n');
if (end)
*end = '\0';
len = strlen(start) + 1;
} else {
len = end - start + 1;
end++;
}
if (len <= CCW_BUS_ID_SIZE) {
Reported by FlawFinder.
Line: 363
Column: 33
CWE codes:
126
goto error;
}
/* Check for trailing stuff. */
if (i == num_devices && buf && strlen(buf) > 0) {
rc = -EINVAL;
goto error;
}
/* Check if the devices are bound to the required ccw driver. */
if (gdrv && gdrv->ccw_driver &&
Reported by FlawFinder.
drivers/platform/olpc/olpc-ec.c
7 issues
Line: 258
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define EC_MAX_CMD_REPLY (8)
static DEFINE_MUTEX(ec_dbgfs_lock);
static unsigned char ec_dbgfs_resp[EC_MAX_CMD_REPLY];
static unsigned int ec_dbgfs_resp_bytes;
static ssize_t ec_dbgfs_cmd_write(struct file *file, const char __user *buf,
size_t size, loff_t *ppos)
{
Reported by FlawFinder.
Line: 265
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t size, loff_t *ppos)
{
int i, m;
unsigned char ec_cmd[EC_MAX_CMD_ARGS];
unsigned int ec_cmd_int[EC_MAX_CMD_ARGS];
char cmdbuf[64];
int ec_cmd_bytes;
mutex_lock(&ec_dbgfs_lock);
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, m;
unsigned char ec_cmd[EC_MAX_CMD_ARGS];
unsigned int ec_cmd_int[EC_MAX_CMD_ARGS];
char cmdbuf[64];
int ec_cmd_bytes;
mutex_lock(&ec_dbgfs_lock);
size = simple_write_to_buffer(cmdbuf, sizeof(cmdbuf), ppos, buf, size);
Reported by FlawFinder.
Line: 311
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned int i, r;
char *rp;
char respbuf[64];
mutex_lock(&ec_dbgfs_lock);
rp = respbuf;
rp += sprintf(rp, "%02x", ec_dbgfs_resp[0]);
for (i = 1; i < ec_dbgfs_resp_bytes; i++)
Reported by FlawFinder.
Line: 315
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&ec_dbgfs_lock);
rp = respbuf;
rp += sprintf(rp, "%02x", ec_dbgfs_resp[0]);
for (i = 1; i < ec_dbgfs_resp_bytes; i++)
rp += sprintf(rp, ", %02x", ec_dbgfs_resp[i]);
mutex_unlock(&ec_dbgfs_lock);
rp += sprintf(rp, "\n");
Reported by FlawFinder.
Line: 317
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rp = respbuf;
rp += sprintf(rp, "%02x", ec_dbgfs_resp[0]);
for (i = 1; i < ec_dbgfs_resp_bytes; i++)
rp += sprintf(rp, ", %02x", ec_dbgfs_resp[i]);
mutex_unlock(&ec_dbgfs_lock);
rp += sprintf(rp, "\n");
r = rp - respbuf;
return simple_read_from_buffer(buf, size, ppos, respbuf, r);
Reported by FlawFinder.
Line: 319
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 1; i < ec_dbgfs_resp_bytes; i++)
rp += sprintf(rp, ", %02x", ec_dbgfs_resp[i]);
mutex_unlock(&ec_dbgfs_lock);
rp += sprintf(rp, "\n");
r = rp - respbuf;
return simple_read_from_buffer(buf, size, ppos, respbuf, r);
}
Reported by FlawFinder.
drivers/net/wireless/microchip/wilc1000/wlan_cfg.c
7 issues
Line: 103
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
put_unaligned_le16(id, &frame[offset]);
put_unaligned_le16(size, &frame[offset + 2]);
if (str && size != 0)
memcpy(&frame[offset + 4], str, size);
return (size + 4);
}
static int wilc_wlan_cfg_set_bin(u8 *frame, u32 offset, u16 id, u8 *b, u32 size)
Reported by FlawFinder.
Line: 120
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
put_unaligned_le16(size, &frame[offset + 2]);
if ((b) && size != 0) {
memcpy(&frame[offset + 4], b, size);
for (i = 0; i < size; i++)
checksum += frame[offset + i + 4];
}
frame[offset + size + 4] = checksum;
Reported by FlawFinder.
Line: 182
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i++;
if (cfg->s[i].id == wid)
memcpy(cfg->s[i].str, &info[2], info[2] + 2);
len = 2 + info[2];
break;
default:
Reported by FlawFinder.
Line: 279
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i++;
if (cfg->b[i].id == wid) {
memcpy(buffer, &cfg->b[i].val, 1);
ret = 1;
}
} else if (type == CFG_HWORD_CMD) {
while (cfg->hw[i].id != WID_NIL && cfg->hw[i].id != wid)
i++;
Reported by FlawFinder.
Line: 287
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i++;
if (cfg->hw[i].id == wid) {
memcpy(buffer, &cfg->hw[i].val, 2);
ret = 2;
}
} else if (type == CFG_WORD_CMD) {
while (cfg->w[i].id != WID_NIL && cfg->w[i].id != wid)
i++;
Reported by FlawFinder.
Line: 295
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i++;
if (cfg->w[i].id == wid) {
memcpy(buffer, &cfg->w[i].val, 4);
ret = 4;
}
} else if (type == CFG_STR_CMD) {
while (cfg->s[i].id != WID_NIL && cfg->s[i].id != wid)
i++;
Reported by FlawFinder.
Line: 306
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u16 size = get_unaligned_le16(cfg->s[i].str);
if (buffer_size >= size) {
memcpy(buffer, &cfg->s[i].str[2], size);
ret = size;
}
}
}
return ret;
Reported by FlawFinder.
drivers/nfc/nfcmrvl/fw_dnld.c
7 issues
Line: 494
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!firmware_name || !firmware_name[0])
return -EINVAL;
strcpy(fw_dnld->name, firmware_name);
/*
* Retrieve FW binary file and parse it to initialize FW download
* state machine.
*/
Reported by FlawFinder.
Line: 160
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd.num_params = 1;
cmd.param.id = NFCMRVL_PROP_REF_CLOCK;
cmd.param.len = 4;
memcpy(cmd.param.val, &priv->fw_dnld.header->ref_clock, 4);
nci_send_cmd(priv->ndev, NCI_OP_CORE_SET_CONFIG_CMD, 3 + cmd.param.len,
&cmd);
priv->fw_dnld.state = STATE_SET_REF_CLOCK;
Reported by FlawFinder.
Line: 192
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (priv->phy) {
case NFCMRVL_PHY_UART:
cmd.param.len = 5;
memcpy(cmd.param.val,
&priv->fw_dnld.binary_config->uart.baudrate,
4);
cmd.param.val[4] =
priv->fw_dnld.binary_config->uart.flow_control;
break;
Reported by FlawFinder.
Line: 200
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case NFCMRVL_PHY_I2C:
cmd.param.len = 5;
memcpy(cmd.param.val,
&priv->fw_dnld.binary_config->i2c.clk,
4);
cmd.param.val[4] = 0;
break;
case NFCMRVL_PHY_SPI:
Reported by FlawFinder.
Line: 207
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case NFCMRVL_PHY_SPI:
cmd.param.len = 5;
memcpy(cmd.param.val,
&priv->fw_dnld.binary_config->spi.clk,
4);
cmd.param.val[4] = 0;
break;
default:
Reported by FlawFinder.
Line: 276
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = get_unaligned_le16(skb->data);
skb_pull(skb, 2);
comp_len = get_unaligned_le16(skb->data);
memcpy(&comp_len, skb->data, 2);
skb_pull(skb, 2);
if (((~len) & 0xFFFF) != comp_len) {
nfc_err(priv->dev, "bad len complement: %x %x %x",
len, comp_len, (~len & 0xFFFF));
out_skb = alloc_lc_skb(priv, 1);
Reported by FlawFinder.
Line: 445
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nfcmrvl_fw_dnld_init(struct nfcmrvl_private *priv)
{
char name[32];
INIT_WORK(&priv->fw_dnld.rx_work, fw_dnld_rx_work);
snprintf(name, sizeof(name), "%s_nfcmrvl_fw_dnld_rx_wq",
dev_name(&priv->ndev->nfc_dev->dev));
priv->fw_dnld.rx_wq = create_singlethread_workqueue(name);
Reported by FlawFinder.
drivers/platform/x86/dell/dcdbas.c
7 issues
Line: 101
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* memory zeroed by dma_alloc_coherent */
if (smi_data_buf)
memcpy(buf, smi_data_buf, smi_data_buf_size);
/* free any existing buffer */
smi_data_buf_free();
/* set up new buffer for use */
Reported by FlawFinder.
Line: 122
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%x\n", smi_data_buf_phys_addr);
}
static ssize_t smi_data_buf_size_show(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 129
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%lu\n", smi_data_buf_size);
}
static ssize_t smi_data_buf_size_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
goto out;
memcpy(smi_data_buf + pos, buf, count);
ret = count;
out:
mutex_unlock(&smi_data_lock);
return ret;
}
Reported by FlawFinder.
Line: 190
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%u\n", host_control_action);
}
static ssize_t host_control_action_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 214
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%u\n", host_control_smi_type);
}
static ssize_t host_control_smi_type_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 229
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%u\n", host_control_on_shutdown);
}
static ssize_t host_control_on_shutdown_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/nfc/microread/microread.c
7 issues
Line: 497
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
r = -EINVAL;
goto exit_free;
}
memcpy(targets->nfcid1, &skb->data[MICROREAD_EMCF_A_UID],
targets->nfcid1_len);
break;
case MICROREAD_GATE_ID_MREAD_ISO_A_3:
targets->supported_protocols =
nfc_hci_sak_to_protocol(skb->data[MICROREAD_EMCF_A3_SAK]);
Reported by FlawFinder.
Line: 511
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
r = -EINVAL;
goto exit_free;
}
memcpy(targets->nfcid1, &skb->data[MICROREAD_EMCF_A3_UID],
targets->nfcid1_len);
break;
case MICROREAD_GATE_ID_MREAD_ISO_B:
targets->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
memcpy(targets->nfcid1, &skb->data[MICROREAD_EMCF_B_UID], 4);
Reported by FlawFinder.
Line: 516
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case MICROREAD_GATE_ID_MREAD_ISO_B:
targets->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
memcpy(targets->nfcid1, &skb->data[MICROREAD_EMCF_B_UID], 4);
targets->nfcid1_len = 4;
break;
case MICROREAD_GATE_ID_MREAD_NFC_T1:
targets->supported_protocols = NFC_PROTO_JEWEL_MASK;
targets->sens_res =
Reported by FlawFinder.
Line: 523
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
targets->supported_protocols = NFC_PROTO_JEWEL_MASK;
targets->sens_res =
le16_to_cpu(*(u16 *)&skb->data[MICROREAD_EMCF_T1_ATQA]);
memcpy(targets->nfcid1, &skb->data[MICROREAD_EMCF_T1_UID], 4);
targets->nfcid1_len = 4;
break;
case MICROREAD_GATE_ID_MREAD_NFC_T3:
targets->supported_protocols = NFC_PROTO_FELICA_MASK;
memcpy(targets->nfcid1, &skb->data[MICROREAD_EMCF_T3_UID], 8);
Reported by FlawFinder.
Line: 528
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case MICROREAD_GATE_ID_MREAD_NFC_T3:
targets->supported_protocols = NFC_PROTO_FELICA_MASK;
memcpy(targets->nfcid1, &skb->data[MICROREAD_EMCF_T3_UID], 8);
targets->nfcid1_len = 8;
break;
default:
pr_info("discard target discovered to gate 0x%x\n", gate);
goto exit_free;
Reported by FlawFinder.
Line: 664
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->phy_id = phy_id;
init_data.gate_count = ARRAY_SIZE(microread_gates);
memcpy(init_data.gates, microread_gates, sizeof(microread_gates));
strcpy(init_data.session_id, "MICROREA");
set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks);
Reported by FlawFinder.
Line: 666
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
init_data.gate_count = ARRAY_SIZE(microread_gates);
memcpy(init_data.gates, microread_gates, sizeof(microread_gates));
strcpy(init_data.session_id, "MICROREA");
set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks);
protocols = NFC_PROTO_JEWEL_MASK |
NFC_PROTO_MIFARE_MASK |
Reported by FlawFinder.