The following issues were found
arch/s390/kernel/topology.c
7 issues
Line: 391
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ssize_t count;
mutex_lock(&smp_cpu_state_mutex);
count = sprintf(buf, "%d\n", cpu_management);
mutex_unlock(&smp_cpu_state_mutex);
return count;
}
static ssize_t dispatching_store(struct device *dev,
Reported by FlawFinder.
Line: 434
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&smp_cpu_state_mutex);
switch (smp_cpu_get_polarization(cpu)) {
case POLARIZATION_HRZ:
count = sprintf(buf, "horizontal\n");
break;
case POLARIZATION_VL:
count = sprintf(buf, "vertical:low\n");
break;
case POLARIZATION_VM:
Reported by FlawFinder.
Line: 437
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
count = sprintf(buf, "horizontal\n");
break;
case POLARIZATION_VL:
count = sprintf(buf, "vertical:low\n");
break;
case POLARIZATION_VM:
count = sprintf(buf, "vertical:medium\n");
break;
case POLARIZATION_VH:
Reported by FlawFinder.
Line: 440
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
count = sprintf(buf, "vertical:low\n");
break;
case POLARIZATION_VM:
count = sprintf(buf, "vertical:medium\n");
break;
case POLARIZATION_VH:
count = sprintf(buf, "vertical:high\n");
break;
default:
Reported by FlawFinder.
Line: 443
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
count = sprintf(buf, "vertical:medium\n");
break;
case POLARIZATION_VH:
count = sprintf(buf, "vertical:high\n");
break;
default:
count = sprintf(buf, "unknown\n");
break;
}
Reported by FlawFinder.
Line: 446
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
count = sprintf(buf, "vertical:high\n");
break;
default:
count = sprintf(buf, "unknown\n");
break;
}
mutex_unlock(&smp_cpu_state_mutex);
return count;
}
Reported by FlawFinder.
Line: 470
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ssize_t count;
mutex_lock(&smp_cpu_state_mutex);
count = sprintf(buf, "%d\n", topology_cpu_dedicated(cpu));
mutex_unlock(&smp_cpu_state_mutex);
return count;
}
static DEVICE_ATTR(dedicated, 0444, cpu_dedicated_show, NULL);
Reported by FlawFinder.
arch/mips/loongson64/reset.c
7 issues
Line: 93
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
int offt;
str = (char *)argv + KEXEC_ARGV_SIZE/2;
memcpy(str, image->segment[i].buf, KEXEC_ARGV_SIZE/2);
ptr = strchr(str, ' ');
while (ptr && (argc < MAX_ARGS)) {
*ptr = '\0';
if (ptr[1] != ' ') {
Reported by FlawFinder.
Line: 135
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kexec_args[0] = kexec_argc;
kexec_args[1] = fw_arg1;
kexec_args[2] = fw_arg2;
memcpy((void *)fw_arg1, kexec_argv, KEXEC_ARGV_SIZE);
memcpy((void *)fw_arg2, kexec_envp, KEXEC_ENVP_SIZE);
}
static void loongson_crash_shutdown(struct pt_regs *regs)
{
Reported by FlawFinder.
Line: 136
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kexec_args[1] = fw_arg1;
kexec_args[2] = fw_arg2;
memcpy((void *)fw_arg1, kexec_argv, KEXEC_ARGV_SIZE);
memcpy((void *)fw_arg2, kexec_envp, KEXEC_ENVP_SIZE);
}
static void loongson_crash_shutdown(struct pt_regs *regs)
{
default_machine_crash_shutdown(regs);
Reported by FlawFinder.
Line: 148
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef CONFIG_SMP
secondary_kexec_args[0] = TO_UNCAC(0x3ff01000);
#endif
memcpy((void *)fw_arg1, kdump_argv, KEXEC_ARGV_SIZE);
memcpy((void *)fw_arg2, kexec_envp, KEXEC_ENVP_SIZE);
}
#endif
Reported by FlawFinder.
Line: 149
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
secondary_kexec_args[0] = TO_UNCAC(0x3ff01000);
#endif
memcpy((void *)fw_arg1, kdump_argv, KEXEC_ARGV_SIZE);
memcpy((void *)fw_arg2, kexec_envp, KEXEC_ENVP_SIZE);
}
#endif
static int __init mips_reboot_setup(void)
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kdump_argv = kmalloc(KEXEC_ARGV_SIZE, GFP_KERNEL);
kexec_envp = kmalloc(KEXEC_ENVP_SIZE, GFP_KERNEL);
fw_arg1 = KEXEC_ARGV_ADDR;
memcpy(kexec_envp, (void *)fw_arg2, KEXEC_ENVP_SIZE);
_machine_kexec_prepare = loongson_kexec_prepare;
_machine_kexec_shutdown = loongson_kexec_shutdown;
_machine_crash_shutdown = loongson_crash_shutdown;
#endif
Reported by FlawFinder.
Line: 86
Column: 5
CWE codes:
126
for (i = 0; i < image->nr_segments; i++) {
if (!strncmp(bootloader, (char *)image->segment[i].buf,
strlen(bootloader))) {
/*
* convert command line string to array
* of parameters (as bootloader does).
*/
int offt;
Reported by FlawFinder.
arch/x86/platform/efi/efi.c
7 issues
Line: 264
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
u64 end = (md->num_pages << EFI_PAGE_SHIFT) + md->phys_addr - 1;
u64 end_hi = 0;
char buf[64];
if (md->num_pages == 0) {
end = 0;
} else if (md->num_pages > EFI_PAGES_MAX ||
EFI_PAGES_MAX - md->num_pages <
Reported by FlawFinder.
Line: 304
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = n_removal = 0; in < end; i++) {
if (efi_memmap_entry_valid(in, i)) {
if (out != in)
memcpy(out, in, efi.memmap.desc_size);
out = (void *)out + efi.memmap.desc_size;
} else {
n_removal++;
}
in = (void *)in + efi.memmap.desc_size;
Reported by FlawFinder.
Line: 332
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i = 0;
for_each_efi_memory_desc(md) {
char buf[64];
pr_info("mem%02u: %s range=[0x%016llx-0x%016llx] (%lluMB)\n",
i++, efi_md_typeattr_format(buf, sizeof(buf), md),
md->phys_addr,
md->phys_addr + (md->num_pages << EFI_PAGE_SHIFT) - 1,
Reported by FlawFinder.
Line: 546
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!old_memmap)
return ret;
memcpy(ret, old_memmap, PAGE_SIZE << old_shift);
out:
free_pages((unsigned long)old_memmap, old_shift);
return ret;
}
Reported by FlawFinder.
Line: 697
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(*pg_shift)++;
}
memcpy(new_memmap + (*count * desc_size), md, desc_size);
left -= desc_size;
(*count)++;
}
Reported by FlawFinder.
Line: 886
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *efi_systab_show_arch(char *str)
{
if (uga_phys != EFI_INVALID_TABLE_ADDR)
str += sprintf(str, "UGA=0x%lx\n", uga_phys);
return str;
}
#define EFI_FIELD(var) efi_ ## var
Reported by FlawFinder.
Line: 896
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t name##_show(struct kobject *kobj, \
struct kobj_attribute *attr, char *buf) \
{ \
return sprintf(buf, "0x%lx\n", EFI_FIELD(name)); \
}
EFI_ATTR_SHOW(fw_vendor);
EFI_ATTR_SHOW(runtime);
EFI_ATTR_SHOW(config_table);
Reported by FlawFinder.
arch/mips/ralink/rt305x.c
7 issues
Line: 122
CWE codes:
908
ralink_clk_add("cpu", cpu_rate);
ralink_clk_add("sys", sys_rate);
ralink_clk_add("10000900.i2c", uart_rate);
ralink_clk_add("10000a00.i2s", uart_rate);
ralink_clk_add("10000b00.spi", sys_rate);
ralink_clk_add("10000b40.spi", sys_rate);
ralink_clk_add("10000100.timer", wdt_rate);
ralink_clk_add("10000120.watchdog", wdt_rate);
Reported by Cppcheck.
Line: 123
CWE codes:
908
ralink_clk_add("cpu", cpu_rate);
ralink_clk_add("sys", sys_rate);
ralink_clk_add("10000900.i2c", uart_rate);
ralink_clk_add("10000a00.i2s", uart_rate);
ralink_clk_add("10000b00.spi", sys_rate);
ralink_clk_add("10000b40.spi", sys_rate);
ralink_clk_add("10000100.timer", wdt_rate);
ralink_clk_add("10000120.watchdog", wdt_rate);
ralink_clk_add("10000500.uart", uart_rate);
Reported by Cppcheck.
Line: 126
CWE codes:
908
ralink_clk_add("10000a00.i2s", uart_rate);
ralink_clk_add("10000b00.spi", sys_rate);
ralink_clk_add("10000b40.spi", sys_rate);
ralink_clk_add("10000100.timer", wdt_rate);
ralink_clk_add("10000120.watchdog", wdt_rate);
ralink_clk_add("10000500.uart", uart_rate);
ralink_clk_add("10000c00.uartlite", uart_rate);
ralink_clk_add("10100000.ethernet", sys_rate);
ralink_clk_add("10180000.wmac", wmac_rate);
Reported by Cppcheck.
Line: 127
CWE codes:
908
ralink_clk_add("10000b00.spi", sys_rate);
ralink_clk_add("10000b40.spi", sys_rate);
ralink_clk_add("10000100.timer", wdt_rate);
ralink_clk_add("10000120.watchdog", wdt_rate);
ralink_clk_add("10000500.uart", uart_rate);
ralink_clk_add("10000c00.uartlite", uart_rate);
ralink_clk_add("10100000.ethernet", sys_rate);
ralink_clk_add("10180000.wmac", wmac_rate);
}
Reported by Cppcheck.
Line: 128
CWE codes:
908
ralink_clk_add("10000b40.spi", sys_rate);
ralink_clk_add("10000100.timer", wdt_rate);
ralink_clk_add("10000120.watchdog", wdt_rate);
ralink_clk_add("10000500.uart", uart_rate);
ralink_clk_add("10000c00.uartlite", uart_rate);
ralink_clk_add("10100000.ethernet", sys_rate);
ralink_clk_add("10180000.wmac", wmac_rate);
}
Reported by Cppcheck.
Line: 129
CWE codes:
908
ralink_clk_add("10000100.timer", wdt_rate);
ralink_clk_add("10000120.watchdog", wdt_rate);
ralink_clk_add("10000500.uart", uart_rate);
ralink_clk_add("10000c00.uartlite", uart_rate);
ralink_clk_add("10100000.ethernet", sys_rate);
ralink_clk_add("10180000.wmac", wmac_rate);
}
void __init ralink_of_remap(void)
Reported by Cppcheck.
Line: 187
CWE codes:
908
snprintf(soc_info->sys_type, RAMIPS_SYS_TYPE_LEN,
"Ralink %s id:%u rev:%u",
name,
(id >> CHIP_ID_ID_SHIFT) & CHIP_ID_ID_MASK,
(id & CHIP_ID_REV_MASK));
soc_info->mem_base = RT305X_SDRAM_BASE;
if (soc_is_rt5350()) {
Reported by Cppcheck.
arch/alpha/boot/tools/objstrip.c
7 issues
Line: 57
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
size_t nwritten, tocopy, n, mem_size, fil_size, pad = 0;
int fd, ofd, i, j, verbose = 0, primary = 0;
char buf[8192], *inname;
struct exec * aout; /* includes file & aout header */
long offset;
#ifdef __ELF__
struct elfhdr *elf;
struct elf_phdr *elf_phdr; /* program header */
Reported by FlawFinder.
Line: 91
Column: 10
CWE codes:
362
}
inname = argv[i++];
fd = open(inname, O_RDONLY);
if (fd == -1) {
perror("open");
exit(1);
}
Reported by FlawFinder.
Line: 99
Column: 8
CWE codes:
362
ofd = 1;
if (i < argc) {
ofd = open(argv[i++], O_WRONLY | O_CREAT | O_TRUNC, 0666);
if (ofd == -1) {
perror("open");
exit(1);
}
}
Reported by FlawFinder.
Line: 125
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
size = (st.st_size + BLOCK_SIZE - 1) & ~(BLOCK_SIZE - 1);
memset(bb, 0, sizeof(bb));
strcpy((char *) bb, "Linux SRM bootblock");
bb[60] = size / BLOCK_SIZE; /* count */
bb[61] = 1; /* starting sector # */
bb[62] = 0; /* flags---must be 0 */
for (i = 0; i < 63; ++i) {
sum += bb[i];
Reported by FlawFinder.
Line: 171
Column: 6
CWE codes:
120
20
e_entry = elf->e_entry;
lseek(fd, elf->e_phoff, SEEK_SET);
if (read(fd, buf, sizeof(*elf_phdr)) != sizeof(*elf_phdr)) {
perror("read");
exit(1);
}
elf_phdr = (struct elf_phdr *) buf;
Reported by FlawFinder.
arch/s390/hypfs/hypfs_vm.c
7 issues
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 idle_samp;
__u32 other_samp;
__u32 total_samp;
char guest_name[NAME_LEN];
};
struct diag2fc_parm_list {
char userid[NAME_LEN];
char aci_grp[NAME_LEN];
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct diag2fc_parm_list {
char userid[NAME_LEN];
char aci_grp[NAME_LEN];
__u64 addr;
__u32 size;
__u32 fmt;
};
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct diag2fc_parm_list {
char userid[NAME_LEN];
char aci_grp[NAME_LEN];
__u64 addr;
__u32 size;
__u32 fmt;
};
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned long rc;
struct diag2fc_parm_list parm_list;
memcpy(parm_list.userid, query, NAME_LEN);
ASCEBC(parm_list.userid, NAME_LEN);
parm_list.addr = (unsigned long) addr ;
parm_list.size = size;
parm_list.fmt = 0x02;
memset(parm_list.aci_grp, 0x40, NAME_LEN);
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int hypfs_vm_create_guest(struct dentry *systems_dir,
struct diag2fc_data *data)
{
char guest_name[NAME_LEN + 1] = {};
struct dentry *guest_dir, *cpus_dir, *samples_dir, *mem_dir;
int dedicated_flag, capped_value;
capped_value = (data->flags & 0x00000006) >> 1;
dedicated_flag = (data->flags & 0x00000008) >> 3;
Reported by FlawFinder.
Line: 132
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dedicated_flag = (data->flags & 0x00000008) >> 3;
/* guest dir */
memcpy(guest_name, data->guest_name, NAME_LEN);
EBCASC(guest_name, NAME_LEN);
strim(guest_name);
guest_dir = hypfs_mkdir(systems_dir, guest_name);
if (IS_ERR(guest_dir))
return PTR_ERR(guest_dir);
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 version; /* Version of header */
union tod_clock tod_ext; /* TOD clock for d2fc */
u64 count; /* Number of VM guests in d2fc buffer */
char reserved[30];
} __attribute__ ((packed));
struct dbfs_d2fc {
struct dbfs_d2fc_hdr hdr; /* 64 byte header */
char buf[]; /* d2fc buffer */
Reported by FlawFinder.
arch/s390/hypfs/hypfs_diag.c
7 issues
Line: 101
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *name)
{
if (type == DIAG204_INFO_SIMPLE)
memcpy(name, ((struct diag204_part_hdr *)hdr)->part_name,
DIAG204_LPAR_NAME_LEN);
else /* DIAG204_INFO_EXT */
memcpy(name, ((struct diag204_x_part_hdr *)hdr)->part_name,
DIAG204_LPAR_NAME_LEN);
EBCASC(name, DIAG204_LPAR_NAME_LEN);
Reported by FlawFinder.
Line: 104
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(name, ((struct diag204_part_hdr *)hdr)->part_name,
DIAG204_LPAR_NAME_LEN);
else /* DIAG204_INFO_EXT */
memcpy(name, ((struct diag204_x_part_hdr *)hdr)->part_name,
DIAG204_LPAR_NAME_LEN);
EBCASC(name, DIAG204_LPAR_NAME_LEN);
name[DIAG204_LPAR_NAME_LEN] = 0;
strim(name);
}
Reported by FlawFinder.
Line: 385
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int diag224_idx2name(int index, char *name)
{
memcpy(name, diag224_cpu_names + ((index + 1) * DIAG204_CPU_NAME_LEN),
DIAG204_CPU_NAME_LEN);
name[DIAG204_CPU_NAME_LEN] = 0;
strim(name);
return 0;
}
Reported by FlawFinder.
Line: 396
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 len; /* Length of d204 buffer without header */
u16 version; /* Version of header */
u8 sc; /* Used subcode */
char reserved[53];
} __attribute__ ((packed));
struct dbfs_d204 {
struct dbfs_d204_hdr hdr; /* 64 byte header */
char buf[]; /* d204 buffer */
Reported by FlawFinder.
Line: 475
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int hypfs_create_cpu_files(struct dentry *cpus_dir, void *cpu_info)
{
struct dentry *cpu_dir;
char buffer[TMP_SIZE];
void *rc;
snprintf(buffer, TMP_SIZE, "%d", cpu_info__cpu_addr(diag204_info_type,
cpu_info));
cpu_dir = hypfs_mkdir(cpus_dir, buffer);
Reported by FlawFinder.
Line: 506
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dentry *cpus_dir;
struct dentry *lpar_dir;
char lpar_name[DIAG204_LPAR_NAME_LEN + 1];
void *cpu_info;
int i;
part_hdr__part_name(diag204_info_type, part_hdr, lpar_name);
lpar_name[DIAG204_LPAR_NAME_LEN] = 0;
Reported by FlawFinder.
Line: 532
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int hypfs_create_phys_cpu_files(struct dentry *cpus_dir, void *cpu_info)
{
struct dentry *cpu_dir;
char buffer[TMP_SIZE];
void *rc;
snprintf(buffer, TMP_SIZE, "%i", phys_cpu__cpu_addr(diag204_info_type,
cpu_info));
cpu_dir = hypfs_mkdir(cpus_dir, buffer);
Reported by FlawFinder.
drivers/firewire/core-device.c
7 issues
Line: 214
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int fw_unit_uevent(struct device *dev, struct kobj_uevent_env *env)
{
struct fw_unit *unit = fw_unit(dev);
char modalias[64];
get_modalias(unit, modalias, sizeof(modalias));
if (add_uevent_var(env, "MODALIAS=%s", modalias))
return -ENOMEM;
Reported by FlawFinder.
Line: 289
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
container_of(dattr, struct config_rom_attribute, attr);
const u32 *dir;
size_t bufsize;
char dummy_buf[2];
int ret;
down_read(&fw_device_rwsem);
if (is_fw_unit(dev))
Reported by FlawFinder.
Line: 395
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
down_read(&fw_device_rwsem);
length = device->config_rom_length * 4;
memcpy(buf, device->config_rom, length);
up_read(&fw_device_rwsem);
return length;
}
Reported by FlawFinder.
Line: 420
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct fw_device *device = fw_device(dev);
return sprintf(buf, "%u\n", device->is_local);
}
static int units_sprintf(char *buf, const u32 *directory)
{
struct fw_csr_iterator ci;
Reported by FlawFinder.
Line: 442
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
return sprintf(buf, "0x%06x:0x%06x ", specifier_id, version);
}
static ssize_t units_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 312
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* Strip trailing whitespace and add newline. */
while (ret > 0 && isspace(buf[ret - 1]))
ret--;
strcpy(buf + ret, "\n");
ret++;
}
up_read(&fw_device_rwsem);
Reported by FlawFinder.
Line: 366
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
int length;
length = get_modalias(unit, buf, PAGE_SIZE);
strcpy(buf + length, "\n");
return length + 1;
}
static ssize_t rom_index_show(struct device *dev,
Reported by FlawFinder.
drivers/firmware/dmi-sysfs.c
7 issues
Line: 277
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (sizeof(sel) > dmi_entry_length(dh)) \
return -EIO; \
memcpy(&sel, dh, sizeof(sel)); \
return sprintf(buf, "%u\n", sel._field); \
} \
static DMI_SYSFS_MAPPED_ATTR(sel, _field)
DMI_SYSFS_SEL_FIELD(area_length);
DMI_SYSFS_SEL_FIELD(header_start_offset);
Reported by FlawFinder.
Line: 482
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t dmi_sysfs_entry_length(struct dmi_sysfs_entry *entry, char *buf)
{
return sprintf(buf, "%d\n", entry->dh.length);
}
static ssize_t dmi_sysfs_entry_handle(struct dmi_sysfs_entry *entry, char *buf)
{
return sprintf(buf, "%d\n", entry->dh.handle);
Reported by FlawFinder.
Line: 487
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t dmi_sysfs_entry_handle(struct dmi_sysfs_entry *entry, char *buf)
{
return sprintf(buf, "%d\n", entry->dh.handle);
}
static ssize_t dmi_sysfs_entry_type(struct dmi_sysfs_entry *entry, char *buf)
{
return sprintf(buf, "%d\n", entry->dh.type);
Reported by FlawFinder.
Line: 492
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t dmi_sysfs_entry_type(struct dmi_sysfs_entry *entry, char *buf)
{
return sprintf(buf, "%d\n", entry->dh.type);
}
static ssize_t dmi_sysfs_entry_instance(struct dmi_sysfs_entry *entry,
char *buf)
{
Reported by FlawFinder.
Line: 498
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t dmi_sysfs_entry_instance(struct dmi_sysfs_entry *entry,
char *buf)
{
return sprintf(buf, "%d\n", entry->instance);
}
static ssize_t dmi_sysfs_entry_position(struct dmi_sysfs_entry *entry,
char *buf)
{
Reported by FlawFinder.
Line: 504
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t dmi_sysfs_entry_position(struct dmi_sysfs_entry *entry,
char *buf)
{
return sprintf(buf, "%d\n", entry->position);
}
static DMI_SYSFS_ATTR(entry, length);
static DMI_SYSFS_ATTR(entry, handle);
static DMI_SYSFS_ATTR(entry, type);
Reported by FlawFinder.
Line: 597
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Set the key */
memcpy(&entry->dh, dh, sizeof(*dh));
entry->instance = instance_counts[dh->type]++;
entry->position = position_count++;
entry->kobj.kset = dmi_kset;
*ret = kobject_init_and_add(&entry->kobj, &dmi_sysfs_entry_ktype, NULL,
Reported by FlawFinder.
drivers/char/hw_random/optee-rng.c
7 issues
Line: 110
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
rng_size = param[0].u.memref.size;
memcpy(buf, rng_data, rng_size);
return rng_size;
}
static int optee_rng_read(struct hwrng *rng, void *buf, size_t max, bool wait)
Reported by FlawFinder.
Line: 125
Column: 9
CWE codes:
120
20
if (max > MAX_ENTROPY_REQ_SZ)
max = MAX_ENTROPY_REQ_SZ;
while (read < max) {
rng_size = get_optee_rng_data(pvt_data, data, (max - read));
data += rng_size;
read += rng_size;
Reported by FlawFinder.
Line: 126
Column: 56
CWE codes:
120
20
max = MAX_ENTROPY_REQ_SZ;
while (read < max) {
rng_size = get_optee_rng_data(pvt_data, data, (max - read));
data += rng_size;
read += rng_size;
if (wait && pvt_data->data_rate) {
Reported by FlawFinder.
Line: 133
Column: 12
CWE codes:
120
20
if (wait && pvt_data->data_rate) {
if ((timeout-- == 0) || (read == max))
return read;
msleep((1000 * (max - read)) / pvt_data->data_rate);
} else {
return read;
}
}
Reported by FlawFinder.
Line: 134
Column: 26
CWE codes:
120
20
if (wait && pvt_data->data_rate) {
if ((timeout-- == 0) || (read == max))
return read;
msleep((1000 * (max - read)) / pvt_data->data_rate);
} else {
return read;
}
}
Reported by FlawFinder.