The following issues were found
arch/nios2/boot/compressed/misc.c
7 issues
Line: 56
Column: 20
CWE codes:
134
Suggestion:
Use a constant for the format specification
#ifdef DEBUG
# define Assert(cond, msg) {if (!(cond)) error(msg); }
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ; }
# define Tracevv(x) {if (verbose > 1) fprintf x ; }
# define Tracec(c, x) {if (verbose && (c)) fprintf x ; }
# define Tracecv(c, x) {if (verbose > 1 && (c)) fprintf x ; }
#else
Reported by FlawFinder.
Line: 57
Column: 35
CWE codes:
134
Suggestion:
Use a constant for the format specification
#ifdef DEBUG
# define Assert(cond, msg) {if (!(cond)) error(msg); }
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ; }
# define Tracevv(x) {if (verbose > 1) fprintf x ; }
# define Tracec(c, x) {if (verbose && (c)) fprintf x ; }
# define Tracecv(c, x) {if (verbose > 1 && (c)) fprintf x ; }
#else
# define Assert(cond, msg)
Reported by FlawFinder.
Line: 58
Column: 40
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define Assert(cond, msg) {if (!(cond)) error(msg); }
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ; }
# define Tracevv(x) {if (verbose > 1) fprintf x ; }
# define Tracec(c, x) {if (verbose && (c)) fprintf x ; }
# define Tracecv(c, x) {if (verbose > 1 && (c)) fprintf x ; }
#else
# define Assert(cond, msg)
# define Trace(x)
Reported by FlawFinder.
Line: 59
Column: 45
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define Trace(x) fprintf x
# define Tracev(x) {if (verbose) fprintf x ; }
# define Tracevv(x) {if (verbose > 1) fprintf x ; }
# define Tracec(c, x) {if (verbose && (c)) fprintf x ; }
# define Tracecv(c, x) {if (verbose > 1 && (c)) fprintf x ; }
#else
# define Assert(cond, msg)
# define Trace(x)
# define Tracev(x)
Reported by FlawFinder.
Line: 60
Column: 50
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define Tracev(x) {if (verbose) fprintf x ; }
# define Tracevv(x) {if (verbose > 1) fprintf x ; }
# define Tracec(c, x) {if (verbose && (c)) fprintf x ; }
# define Tracecv(c, x) {if (verbose > 1 && (c)) fprintf x ; }
#else
# define Assert(cond, msg)
# define Trace(x)
# define Tracev(x)
# define Tracevv(x)
Reported by FlawFinder.
Line: 26
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define STATIC static
#undef memset
#undef memcpy
#define memzero(s, n) memset((s), 0, (n))
typedef unsigned char uch;
typedef unsigned short ush;
typedef unsigned long ulg;
Reported by FlawFinder.
Line: 104
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return s;
}
void *memcpy(void *__dest, __const void *__src, size_t __n)
{
int i;
char *d = (char *)__dest, *s = (char *)__src;
for (i = 0; i < __n; i++)
Reported by FlawFinder.
arch/alpha/include/asm/string.h
7 issues
Line: 49
Column: 15
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#define memset __memset
#define __HAVE_ARCH_STRCPY
extern char * strcpy(char *,const char *);
#define __HAVE_ARCH_STRNCPY
extern char * strncpy(char *, const char *, size_t);
#define __HAVE_ARCH_STRCAT
extern char * strcat(char *, const char *);
#define __HAVE_ARCH_STRNCAT
Reported by FlawFinder.
Line: 53
Column: 15
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
#define __HAVE_ARCH_STRNCPY
extern char * strncpy(char *, const char *, size_t);
#define __HAVE_ARCH_STRCAT
extern char * strcat(char *, const char *);
#define __HAVE_ARCH_STRNCAT
extern char * strncat(char *, const char *, size_t);
#define __HAVE_ARCH_STRCHR
extern char * strchr(const char *,int);
#define __HAVE_ARCH_STRRCHR
Reported by FlawFinder.
Line: 15
Column: 15
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
#define __HAVE_ARCH_MEMCPY
extern void * memcpy(void *, const void *, size_t);
#define __HAVE_ARCH_MEMMOVE
extern void * memmove(void *, const void *, size_t);
/* For backward compatibility with modules. Unused otherwise. */
extern void * __memcpy(void *, const void *, size_t);
Reported by FlawFinder.
Line: 22
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* For backward compatibility with modules. Unused otherwise. */
extern void * __memcpy(void *, const void *, size_t);
#define memcpy __builtin_memcpy
#define __HAVE_ARCH_MEMSET
extern void * __constant_c_memset(void *, unsigned long, size_t);
extern void * ___memset(void *, int, size_t);
extern void * __memset(void *, int, size_t);
Reported by FlawFinder.
Line: 51
Column: 15
CWE codes:
120
#define __HAVE_ARCH_STRCPY
extern char * strcpy(char *,const char *);
#define __HAVE_ARCH_STRNCPY
extern char * strncpy(char *, const char *, size_t);
#define __HAVE_ARCH_STRCAT
extern char * strcat(char *, const char *);
#define __HAVE_ARCH_STRNCAT
extern char * strncat(char *, const char *, size_t);
#define __HAVE_ARCH_STRCHR
Reported by FlawFinder.
Line: 55
Column: 15
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
#define __HAVE_ARCH_STRCAT
extern char * strcat(char *, const char *);
#define __HAVE_ARCH_STRNCAT
extern char * strncat(char *, const char *, size_t);
#define __HAVE_ARCH_STRCHR
extern char * strchr(const char *,int);
#define __HAVE_ARCH_STRRCHR
extern char * strrchr(const char *,int);
#define __HAVE_ARCH_STRLEN
Reported by FlawFinder.
Line: 61
Column: 15
CWE codes:
126
#define __HAVE_ARCH_STRRCHR
extern char * strrchr(const char *,int);
#define __HAVE_ARCH_STRLEN
extern size_t strlen(const char *);
#define __HAVE_ARCH_MEMCHR
extern void * memchr(const void *, int, size_t);
/* The following routine is like memset except that it writes 16-bit
aligned values. The DEST and COUNT parameters must be even for
Reported by FlawFinder.
arch/arm/kernel/setup.c
7 issues
Line: 372
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
va_start(ap, str);
vsnprintf(buf, sizeof(buf), str, ap);
va_end(ap);
#ifdef CONFIG_DEBUG_LL
printascii(buf);
#endif
Reported by FlawFinder.
Line: 68
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(CONFIG_FPE_NWFPE) || defined(CONFIG_FPE_FASTFPE)
char fpe_type[8];
static int __init fpe_setup(char *line)
{
memcpy(fpe_type, line, 8);
return 1;
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int __init fpe_setup(char *line)
{
memcpy(fpe_type, line, 8);
return 1;
}
__setup("fpe=", fpe_setup);
#endif
Reported by FlawFinder.
Line: 154
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct stack stacks[NR_CPUS];
#endif
char elf_platform[ELF_PLATFORM_SIZE];
EXPORT_SYMBOL(elf_platform);
static const char *cpu_name;
static const char *machine_name;
static char __initdata cmd_line[COMMAND_LINE_SIZE];
Reported by FlawFinder.
Line: 159
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *cpu_name;
static const char *machine_name;
static char __initdata cmd_line[COMMAND_LINE_SIZE];
const struct machine_desc *machine_desc __initdata;
static union { char c[4]; unsigned long l; } endian_test __initdata = { { 'l', '?', '?', 'b' } };
#define ENDIANNESS ((char)endian_test.l)
Reported by FlawFinder.
Line: 162
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char __initdata cmd_line[COMMAND_LINE_SIZE];
const struct machine_desc *machine_desc __initdata;
static union { char c[4]; unsigned long l; } endian_test __initdata = { { 'l', '?', '?', 'b' } };
#define ENDIANNESS ((char)endian_test.l)
DEFINE_PER_CPU(struct cpuinfo_arm, cpu_data);
/*
Reported by FlawFinder.
Line: 368
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __init early_print(const char *str, ...)
{
extern void printascii(const char *);
char buf[256];
va_list ap;
va_start(ap, str);
vsnprintf(buf, sizeof(buf), str, ap);
va_end(ap);
Reported by FlawFinder.
arch/parisc/boot/compressed/misc.c
7 issues
Line: 175
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
return 0;
}
int printf(const char *fmt, ...)
{
va_list args;
int i = 0;
va_start(args, fmt);
Reported by FlawFinder.
Line: 91
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return s;
}
void *memcpy(void *d, const void *s, size_t len)
{
char *dest = (char *)d;
const char *source = (const char *)s;
while (len--)
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int putchar(int c)
{
char buf[2];
buf[0] = c;
buf[1] = '\0';
puts(buf);
return c;
Reported by FlawFinder.
Line: 157
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int print_num(unsigned long num, int base)
{
const char hex[] = "0123456789abcdef";
char str[40];
int i = sizeof(str)-1;
str[i--] = '\0';
do {
str[i--] = hex[num % base];
Reported by FlawFinder.
Line: 262
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!phdrs)
error("Failed to allocate space for phdrs");
memcpy(phdrs, output + ehdr.e_phoff, sizeof(*phdrs) * ehdr.e_phnum);
for (i = 0; i < ehdr.e_phnum; i++) {
phdr = &phdrs[i];
switch (phdr->p_type) {
Reported by FlawFinder.
Line: 101
Column: 8
CWE codes:
126
return d;
}
size_t strlen(const char *s)
{
const char *sc;
for (sc = s; *sc != '\0'; ++sc)
;
Reported by FlawFinder.
Line: 131
Column: 21
CWE codes:
126
s = nuline + 1;
}
if (*s != '\0')
pdc_iodc_print(s, strlen(s));
return 0;
}
static int putchar(int c)
Reported by FlawFinder.
arch/powerpc/platforms/powernv/pci-ioda.c
7 issues
Line: 2402
CWE codes:
476
msi_region = true;
}
r->start = w->start;
r->end = w->end;
/* The 64KB 32-bits MSI region shouldn't be included in
* the 32-bits bridge window. Otherwise, we can see strange
* issues. One of them is EEH error observed on Garrison.
Reported by Cppcheck.
Line: 2403
CWE codes:
476
}
r->start = w->start;
r->end = w->end;
/* The 64KB 32-bits MSI region shouldn't be included in
* the 32-bits bridge window. Otherwise, we can see strange
* issues. One of them is EEH error observed on Garrison.
*
Reported by Cppcheck.
Line: 60
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct va_format vaf;
va_list args;
char pfix[32];
va_start(args, fmt);
vaf.fmt = fmt;
vaf.va = &args;
Reported by FlawFinder.
Line: 70
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (pe->flags & PNV_IODA_PE_DEV)
strlcpy(pfix, dev_name(&pe->pdev->dev), sizeof(pfix));
else if (pe->flags & (PNV_IODA_PE_BUS | PNV_IODA_PE_BUS_ALL))
sprintf(pfix, "%04x:%02x ",
pci_domain_nr(pe->pbus), pe->pbus->number);
#ifdef CONFIG_PCI_IOV
else if (pe->flags & PNV_IODA_PE_VF)
sprintf(pfix, "%04x:%02x:%2x.%d",
pci_domain_nr(pe->parent_dev->bus),
Reported by FlawFinder.
Line: 74
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pci_domain_nr(pe->pbus), pe->pbus->number);
#ifdef CONFIG_PCI_IOV
else if (pe->flags & PNV_IODA_PE_VF)
sprintf(pfix, "%04x:%02x:%2x.%d",
pci_domain_nr(pe->parent_dev->bus),
(pe->rid & 0xff00) >> 8,
PCI_SLOT(pe->rid), PCI_FUNC(pe->rid));
#endif /* CONFIG_PCI_IOV*/
Reported by FlawFinder.
Line: 2256
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_DEBUG_FS
struct pci_controller *hose, *tmp;
struct pnv_phb *phb;
char name[16];
list_for_each_entry_safe(hose, tmp, &hose_list, list_node) {
phb = hose->private_data;
sprintf(name, "PCI%04x", hose->global_number);
Reported by FlawFinder.
Line: 2261
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
list_for_each_entry_safe(hose, tmp, &hose_list, list_node) {
phb = hose->private_data;
sprintf(name, "PCI%04x", hose->global_number);
phb->dbgfs = debugfs_create_dir(name, powerpc_debugfs_root);
debugfs_create_file_unsafe("dump_diag_regs", 0200, phb->dbgfs,
phb, &pnv_pci_diag_data_fops);
debugfs_create_file_unsafe("dump_ioda_pe_state", 0200, phb->dbgfs,
Reported by FlawFinder.
arch/powerpc/boot/ppcboot.h
7 issues
Line: 40
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
unsigned long bi_bootflags; /* boot / reboot flag (for LynxOS) */
unsigned long bi_ip_addr; /* IP Address */
unsigned char bi_enetaddr[6]; /* Ethernet address */
unsigned short bi_ethspeed; /* Ethernet speed in Mbps */
unsigned long bi_intfreq; /* Internal Freq, in MHz */
unsigned long bi_busfreq; /* Bus Freq, in MHz */
#if defined(TARGET_CPM2)
unsigned long bi_cpmfreq; /* CPM_CLK Freq, in MHz */
Reported by FlawFinder.
Line: 56
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
unsigned long bi_baudrate; /* Console Baudrate */
#if defined(TARGET_4xx)
unsigned char bi_s_version[4]; /* Version of this structure */
unsigned char bi_r_version[32]; /* Version of the ROM (IBM) */
unsigned int bi_procfreq; /* CPU (Internal) Freq, in Hz */
unsigned int bi_plb_busfreq; /* PLB Bus speed, in Hz */
unsigned int bi_pci_busfreq; /* PCI Bus speed, in Hz */
unsigned char bi_pci_enetaddr[6]; /* PCI Ethernet MAC address */
Reported by FlawFinder.
Line: 57
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long bi_baudrate; /* Console Baudrate */
#if defined(TARGET_4xx)
unsigned char bi_s_version[4]; /* Version of this structure */
unsigned char bi_r_version[32]; /* Version of the ROM (IBM) */
unsigned int bi_procfreq; /* CPU (Internal) Freq, in Hz */
unsigned int bi_plb_busfreq; /* PLB Bus speed, in Hz */
unsigned int bi_pci_busfreq; /* PCI Bus speed, in Hz */
unsigned char bi_pci_enetaddr[6]; /* PCI Ethernet MAC address */
#endif
Reported by FlawFinder.
Line: 61
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int bi_procfreq; /* CPU (Internal) Freq, in Hz */
unsigned int bi_plb_busfreq; /* PLB Bus speed, in Hz */
unsigned int bi_pci_busfreq; /* PCI Bus speed, in Hz */
unsigned char bi_pci_enetaddr[6]; /* PCI Ethernet MAC address */
#endif
#if defined(TARGET_HYMOD)
hymod_conf_t bi_hymod_conf; /* hymod configuration information */
#endif
#if defined(TARGET_EVB64260) || defined(TARGET_405EP) || defined(TARGET_44x) || \
Reported by FlawFinder.
Line: 69
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(TARGET_EVB64260) || defined(TARGET_405EP) || defined(TARGET_44x) || \
defined(TARGET_85xx) || defined(TARGET_83xx) || defined(TARGET_HAS_ETH1)
/* second onboard ethernet port */
unsigned char bi_enet1addr[6];
#define HAVE_ENET1ADDR
#endif
#if defined(TARGET_EVB64260) || defined(TARGET_440GX) || \
defined(TARGET_85xx) || defined(TARGET_HAS_ETH2)
/* third onboard ethernet ports */
Reported by FlawFinder.
Line: 75
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(TARGET_EVB64260) || defined(TARGET_440GX) || \
defined(TARGET_85xx) || defined(TARGET_HAS_ETH2)
/* third onboard ethernet ports */
unsigned char bi_enet2addr[6];
#define HAVE_ENET2ADDR
#endif
#if defined(TARGET_440GX) || defined(TARGET_HAS_ETH3)
/* fourth onboard ethernet ports */
unsigned char bi_enet3addr[6];
Reported by FlawFinder.
Line: 80
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
#if defined(TARGET_440GX) || defined(TARGET_HAS_ETH3)
/* fourth onboard ethernet ports */
unsigned char bi_enet3addr[6];
#define HAVE_ENET3ADDR
#endif
#if defined(TARGET_4xx)
unsigned int bi_opbfreq; /* OB clock in Hz */
int bi_iic_fast[2]; /* Use fast i2c mode */
Reported by FlawFinder.
arch/powerpc/platforms/powernv/opal-dump.c
7 issues
Line: 61
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
return sprintf(buf, "0x%x %s\n", dump_obj->type,
dump_type_to_string(dump_obj->type));
}
static ssize_t dump_ack_show(struct dump_obj *dump_obj,
struct dump_attribute *attr,
Reported by FlawFinder.
Line: 43
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct dump_attribute *attr,
char *buf)
{
return sprintf(buf, "0x%x\n", dump_obj->id);
}
static const char* dump_type_to_string(uint32_t type)
{
switch (type) {
Reported by FlawFinder.
Line: 69
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct dump_attribute *attr,
char *buf)
{
return sprintf(buf, "ack - acknowledge dump\n");
}
/*
* Send acknowledgement to OPAL
*/
Reported by FlawFinder.
Line: 117
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct dump_attribute *attr,
char *buf)
{
return sprintf(buf, "1 - initiate Service Processor(FSP) dump\n");
}
static int64_t dump_fips_init(uint8_t type)
{
int rc;
Reported by FlawFinder.
Line: 315
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(buffer, dump->buffer + pos, count);
/* You may think we could free the dump buffer now and retrieve
* it again later if needed, but due to current firmware limitation,
* that's not the case. So, once read into userspace once,
* we keep the dump around until it's acknowledged by userspace.
Reported by FlawFinder.
Line: 392
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int rc;
uint32_t dump_id, dump_size, dump_type;
char name[22];
struct kobject *kobj;
rc = dump_read_info(&dump_id, &dump_size, &dump_type);
if (rc != OPAL_SUCCESS)
return IRQ_HANDLED;
Reported by FlawFinder.
Line: 399
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (rc != OPAL_SUCCESS)
return IRQ_HANDLED;
sprintf(name, "0x%x-0x%x", dump_type, dump_id);
/* we may get notified twice, let's handle
* that gracefully and not create two conflicting
* entries.
*/
Reported by FlawFinder.
arch/powerpc/boot/stdio.c
7 issues
Line: 146
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
return str;
}
int vsprintf(char *buf, const char *fmt, va_list args)
{
int len;
unsigned long long num;
int i, base;
char * str;
Reported by FlawFinder.
Line: 329
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
return str-buf;
}
int sprintf(char * buf, const char *fmt, ...)
{
va_list args;
int i;
va_start(args, fmt);
Reported by FlawFinder.
Line: 335
Column: 4
CWE codes:
134
Suggestion:
Make format string constant
int i;
va_start(args, fmt);
i=vsprintf(buf,fmt,args);
va_end(args);
return i;
}
static char sprint_buf[1024];
Reported by FlawFinder.
Line: 343
Column: 1
CWE codes:
134
Suggestion:
Use a constant for the format specification
static char sprint_buf[1024];
int
printf(const char *fmt, ...)
{
va_list args;
int n;
va_start(args, fmt);
Reported by FlawFinder.
Line: 349
Column: 6
CWE codes:
134
Suggestion:
Make format string constant
int n;
va_start(args, fmt);
n = vsprintf(sprint_buf, fmt, args);
va_end(args);
if (console_ops.write)
console_ops.write(sprint_buf, n);
return n;
}
Reported by FlawFinder.
Line: 81
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char * number(char * str, unsigned long long num, int base, int size, int precision, int type)
{
char c,sign,tmp[66];
const char *digits="0123456789abcdefghijklmnopqrstuvwxyz";
int i;
if (type & LARGE)
digits = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
Reported by FlawFinder.
Line: 340
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return i;
}
static char sprint_buf[1024];
int
printf(const char *fmt, ...)
{
va_list args;
Reported by FlawFinder.
arch/powerpc/boot/stdio.h
7 issues
Line: 11
Column: 63
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define EINVAL 22 /* Invalid argument */
#define ENOSPC 28 /* No space left on device */
extern int printf(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
#define fprintf(fmt, args...) printf(args)
extern int sprintf(char *buf, const char *fmt, ...)
__attribute__((format(printf, 2, 3)));
Reported by FlawFinder.
Line: 11
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define EINVAL 22 /* Invalid argument */
#define ENOSPC 28 /* No space left on device */
extern int printf(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
#define fprintf(fmt, args...) printf(args)
extern int sprintf(char *buf, const char *fmt, ...)
__attribute__((format(printf, 2, 3)));
Reported by FlawFinder.
Line: 13
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
extern int printf(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
#define fprintf(fmt, args...) printf(args)
extern int sprintf(char *buf, const char *fmt, ...)
__attribute__((format(printf, 2, 3)));
extern int vsprintf(char *buf, const char *fmt, va_list args);
Reported by FlawFinder.
Line: 13
Column: 31
CWE codes:
134
Suggestion:
Use a constant for the format specification
extern int printf(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
#define fprintf(fmt, args...) printf(args)
extern int sprintf(char *buf, const char *fmt, ...)
__attribute__((format(printf, 2, 3)));
extern int vsprintf(char *buf, const char *fmt, va_list args);
Reported by FlawFinder.
Line: 15
Column: 12
CWE codes:
134
Suggestion:
Make format string constant
#define fprintf(fmt, args...) printf(args)
extern int sprintf(char *buf, const char *fmt, ...)
__attribute__((format(printf, 2, 3)));
extern int vsprintf(char *buf, const char *fmt, va_list args);
#endif /* _PPC_BOOT_STDIO_H_ */
Reported by FlawFinder.
Line: 16
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define fprintf(fmt, args...) printf(args)
extern int sprintf(char *buf, const char *fmt, ...)
__attribute__((format(printf, 2, 3)));
extern int vsprintf(char *buf, const char *fmt, va_list args);
#endif /* _PPC_BOOT_STDIO_H_ */
Reported by FlawFinder.
Line: 18
Column: 12
CWE codes:
134
Suggestion:
Make format string constant
extern int sprintf(char *buf, const char *fmt, ...)
__attribute__((format(printf, 2, 3)));
extern int vsprintf(char *buf, const char *fmt, va_list args);
#endif /* _PPC_BOOT_STDIO_H_ */
Reported by FlawFinder.
arch/powerpc/platforms/powernv/opal-core.c
7 issues
Line: 60
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *opalcorebuf;
/* NT_AUXV buffer */
char auxv_buf[AUXV_DESC_SZ];
};
struct opalcore {
struct list_head list;
u64 paddr;
Reported by FlawFinder.
Line: 103
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
note->n_descsz = cpu_to_be32(data_len);
note->n_type = cpu_to_be32(type);
buf += DIV_ROUND_UP(sizeof(*note), sizeof(Elf64_Word));
memcpy(buf, name, namesz);
buf += DIV_ROUND_UP(namesz, sizeof(Elf64_Word));
memcpy(buf, data, data_len);
buf += DIV_ROUND_UP(data_len, sizeof(Elf64_Word));
return buf;
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += DIV_ROUND_UP(sizeof(*note), sizeof(Elf64_Word));
memcpy(buf, name, namesz);
buf += DIV_ROUND_UP(namesz, sizeof(Elf64_Word));
memcpy(buf, data, data_len);
buf += DIV_ROUND_UP(data_len, sizeof(Elf64_Word));
return buf;
}
Reported by FlawFinder.
Line: 183
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Read ELF core header and/or PT_NOTE segment */
if (tpos < oc_conf->opalcorebuf_sz) {
tsz = min_t(size_t, oc_conf->opalcorebuf_sz - tpos, count);
memcpy(to, oc_conf->opalcorebuf + tpos, tsz);
to += tsz;
tpos += tsz;
count -= tsz;
}
Reported by FlawFinder.
Line: 199
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tsz = min_t(size_t, m->offset + m->size - tpos, count);
addr = (void *)(m->paddr + tpos - m->offset);
memcpy(to, __va(addr), tsz);
to += tsz;
tpos += tsz;
count -= tsz;
}
}
Reported by FlawFinder.
Line: 357
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bufp = oc_conf->opalcorebuf;
elf = (Elf64_Ehdr *)bufp;
bufp += sizeof(Elf64_Ehdr);
memcpy(elf->e_ident, ELFMAG, SELFMAG);
elf->e_ident[EI_CLASS] = ELF_CLASS;
elf->e_ident[EI_DATA] = ELFDATA2MSB;
elf->e_ident[EI_VERSION] = EV_CURRENT;
elf->e_ident[EI_OSABI] = ELF_OSABI;
memset(elf->e_ident+EI_PAD, 0, EI_NIDENT-EI_PAD);
Reported by FlawFinder.
Line: 97
Column: 22
CWE codes:
126
size_t data_len)
{
Elf64_Nhdr *note = (Elf64_Nhdr *)buf;
Elf64_Word namesz = strlen(name) + 1;
note->n_namesz = cpu_to_be32(namesz);
note->n_descsz = cpu_to_be32(data_len);
note->n_type = cpu_to_be32(type);
buf += DIV_ROUND_UP(sizeof(*note), sizeof(Elf64_Word));
Reported by FlawFinder.