The following issues were found
drivers/net/wireless/marvell/mwifiex/join.c
32 issues
Line: 63
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Wrap the generic IE buffer with a pass through TLV type */
ie_header.type = cpu_to_le16(TLV_TYPE_PASSTHROUGH);
ie_header.len = cpu_to_le16(priv->gen_ie_buf_len);
memcpy(*buffer, &ie_header, sizeof(ie_header));
/* Increment the return size and the return buffer pointer
param */
*buffer += sizeof(ie_header);
ret_len += sizeof(ie_header);
Reported by FlawFinder.
Line: 72
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the generic IE buffer to the output buffer, advance
pointer */
memcpy(*buffer, priv->gen_ie_buf, priv->gen_ie_buf_len);
/* Increment the return size and the return buffer pointer
param */
*buffer += priv->gen_ie_buf_len;
ret_len += priv->gen_ie_buf_len;
Reported by FlawFinder.
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tsf_tlv.header.type = cpu_to_le16(TLV_TYPE_TSFTIMESTAMP);
tsf_tlv.header.len = cpu_to_le16(2 * sizeof(tsf_val));
memcpy(*buffer, &tsf_tlv, sizeof(tsf_tlv.header));
*buffer += sizeof(tsf_tlv.header);
/* TSF at the time when beacon/probe_response was received */
tsf_val = cpu_to_le64(bss_desc->fw_tsf);
memcpy(*buffer, &tsf_val, sizeof(tsf_val));
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* TSF at the time when beacon/probe_response was received */
tsf_val = cpu_to_le64(bss_desc->fw_tsf);
memcpy(*buffer, &tsf_val, sizeof(tsf_val));
*buffer += sizeof(tsf_val);
tsf_val = cpu_to_le64(bss_desc->timestamp);
mwifiex_dbg(priv->adapter, INFO,
Reported by FlawFinder.
Line: 132
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"info: %s: TSF offset calc: %016llx - %016llx\n",
__func__, bss_desc->timestamp, bss_desc->fw_tsf);
memcpy(*buffer, &tsf_val, sizeof(tsf_val));
*buffer += sizeof(tsf_val);
return sizeof(tsf_tlv.header) + (2 * sizeof(tsf_val));
}
Reported by FlawFinder.
Line: 211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 card_rates_size;
/* Copy AP supported rates */
memcpy(out_rates, bss_desc->supported_rates, MWIFIEX_SUPPORTED_RATES);
/* Get the STA supported rates */
card_rates_size = mwifiex_get_active_data_rates(priv, card_rates);
/* Get the common rates between AP and STA supported rates */
if (mwifiex_get_common_rates(priv, out_rates, MWIFIEX_SUPPORTED_RATES,
card_rates, card_rates_size)) {
Reported by FlawFinder.
Line: 258
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Wrap the generic IE buffer with a pass through TLV type */
ie_header.type = cpu_to_le16(TLV_TYPE_PASSTHROUGH);
ie_header.len = cpu_to_le16(priv->wps_ie_len);
memcpy(*buffer, &ie_header, sizeof(ie_header));
*buffer += sizeof(ie_header);
retLen += sizeof(ie_header);
memcpy(*buffer, priv->wps_ie, priv->wps_ie_len);
*buffer += priv->wps_ie_len;
Reported by FlawFinder.
Line: 262
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*buffer += sizeof(ie_header);
retLen += sizeof(ie_header);
memcpy(*buffer, priv->wps_ie, priv->wps_ie_len);
*buffer += priv->wps_ie_len;
retLen += priv->wps_ie_len;
}
Reported by FlawFinder.
Line: 305
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Wrap the generic IE buffer with a pass through TLV type */
ie_header.type = cpu_to_le16(TLV_TYPE_WAPI_IE);
ie_header.len = cpu_to_le16(priv->wapi_ie_len);
memcpy(*buffer, &ie_header, sizeof(ie_header));
/* Increment the return size and the return buffer pointer
param */
*buffer += sizeof(ie_header);
retLen += sizeof(ie_header);
Reported by FlawFinder.
Line: 314
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the wapi IE buffer to the output buffer, advance
pointer */
memcpy(*buffer, priv->wapi_ie, priv->wapi_ie_len);
/* Increment the return size and the return buffer pointer
param */
*buffer += priv->wapi_ie_len;
retLen += priv->wapi_ie_len;
Reported by FlawFinder.
sound/pci/ac97/ac97_codec.c
32 issues
Line: 1231
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
kctl->tlv.p = tlv;
if (tlv)
kctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
}
/*
* create a volume for normal stereo/mono controls
*/
Reported by FlawFinder.
Line: 1288
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 0;
if (snd_ac97_try_bit(ac97, reg, 15)) {
sprintf(name, "%s Switch", pfx);
err = snd_ac97_cmute_new_stereo(card, name, reg,
check_stereo, check_amix,
ac97);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 1297
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
check_volume_resolution(ac97, reg, &lo_max, &hi_max);
if (lo_max) {
sprintf(name, "%s Volume", pfx);
err = snd_ac97_cvol_new(card, name, reg, lo_max, hi_max, ac97);
if (err < 0)
return err;
}
return 0;
Reported by FlawFinder.
Line: 1856
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (! pid)
return;
strcpy(name, pid->name);
if (ac97 && pid->patch) {
if ((modem && (pid->flags & AC97_MODEM_PATCH)) ||
(! modem && ! (pid->flags & AC97_MODEM_PATCH)))
pid->patch(ac97);
}
Reported by FlawFinder.
Line: 1866
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
pid = look_for_codec_id(snd_ac97_codec_ids, id);
if (pid) {
strcat(name, " ");
strcat(name, pid->name);
if (pid->mask != 0xffffffff)
sprintf(name + strlen(name), " rev %d", id & ~pid->mask);
if (ac97 && pid->patch) {
if ((modem && (pid->flags & AC97_MODEM_PATCH)) ||
(! modem && ! (pid->flags & AC97_MODEM_PATCH)))
Reported by FlawFinder.
Line: 2307
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (ac97_is_audio(ac97)) {
char comp[16];
if (card->mixername[0] == '\0') {
strcpy(card->mixername, name);
} else {
if (strlen(card->mixername) + 1 + strlen(name) + 1 <= sizeof(card->mixername)) {
strcat(card->mixername, ",");
strcat(card->mixername, name);
}
Reported by FlawFinder.
Line: 2311
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
} else {
if (strlen(card->mixername) + 1 + strlen(name) + 1 <= sizeof(card->mixername)) {
strcat(card->mixername, ",");
strcat(card->mixername, name);
}
}
sprintf(comp, "AC97a:%08x", ac97->id);
err = snd_component_add(card, comp);
if (err < 0) {
Reported by FlawFinder.
Line: 2328
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (ac97_is_modem(ac97)) {
char comp[16];
if (card->mixername[0] == '\0') {
strcpy(card->mixername, name);
} else {
if (strlen(card->mixername) + 1 + strlen(name) + 1 <= sizeof(card->mixername)) {
strcat(card->mixername, ",");
strcat(card->mixername, name);
}
Reported by FlawFinder.
Line: 2332
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
} else {
if (strlen(card->mixername) + 1 + strlen(name) + 1 <= sizeof(card->mixername)) {
strcat(card->mixername, ",");
strcat(card->mixername, name);
}
}
sprintf(comp, "AC97m:%08x", ac97->id);
err = snd_component_add(card, comp);
if (err < 0) {
Reported by FlawFinder.
Line: 2659
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static void set_ctl_name(char *dst, const char *src, const char *suffix)
{
if (suffix)
sprintf(dst, "%s %s", src, suffix);
else
strcpy(dst, src);
}
/* remove the control with the given name and optional suffix */
Reported by FlawFinder.
drivers/net/wireless/marvell/mwl8k.c
32 issues
Line: 664
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (length) {
int block_size = length > 256 ? 256 : length;
memcpy(cmd->payload, data + done, block_size);
cmd->length = cpu_to_le16(block_size);
rc = mwl8k_send_fw_load_cmd(priv, cmd,
sizeof(*cmd) + block_size);
if (rc)
Reported by FlawFinder.
Line: 730
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
prev_block_size = block_size;
memcpy(buffer, data + done, block_size);
rc = mwl8k_send_fw_load_cmd(priv, buffer, block_size);
if (rc)
break;
}
Reported by FlawFinder.
Line: 1409
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_put(skb, pkt_len);
mwl8k_remove_dma_header(skb, qos);
memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status));
ieee80211_rx_irqsafe(hw, skb);
processed++;
}
Reported by FlawFinder.
Line: 2316
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct mwl8k_priv *priv = hw->priv;
BUILD_BUG_ON(sizeof(priv->channels_24) != sizeof(mwl8k_channels_24));
memcpy(priv->channels_24, mwl8k_channels_24, sizeof(mwl8k_channels_24));
BUILD_BUG_ON(sizeof(priv->rates_24) != sizeof(mwl8k_rates_24));
memcpy(priv->rates_24, mwl8k_rates_24, sizeof(mwl8k_rates_24));
priv->band_24.band = NL80211_BAND_2GHZ;
Reported by FlawFinder.
Line: 2319
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->channels_24, mwl8k_channels_24, sizeof(mwl8k_channels_24));
BUILD_BUG_ON(sizeof(priv->rates_24) != sizeof(mwl8k_rates_24));
memcpy(priv->rates_24, mwl8k_rates_24, sizeof(mwl8k_rates_24));
priv->band_24.band = NL80211_BAND_2GHZ;
priv->band_24.channels = priv->channels_24;
priv->band_24.n_channels = ARRAY_SIZE(mwl8k_channels_24);
priv->band_24.bitrates = priv->rates_24;
Reported by FlawFinder.
Line: 2335
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct mwl8k_priv *priv = hw->priv;
BUILD_BUG_ON(sizeof(priv->channels_50) != sizeof(mwl8k_channels_50));
memcpy(priv->channels_50, mwl8k_channels_50, sizeof(mwl8k_channels_50));
BUILD_BUG_ON(sizeof(priv->rates_50) != sizeof(mwl8k_rates_50));
memcpy(priv->rates_50, mwl8k_rates_50, sizeof(mwl8k_rates_50));
priv->band_50.band = NL80211_BAND_5GHZ;
Reported by FlawFinder.
Line: 2338
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->channels_50, mwl8k_channels_50, sizeof(mwl8k_channels_50));
BUILD_BUG_ON(sizeof(priv->rates_50) != sizeof(mwl8k_rates_50));
memcpy(priv->rates_50, mwl8k_rates_50, sizeof(mwl8k_rates_50));
priv->band_50.band = NL80211_BAND_5GHZ;
priv->band_50.channels = priv->channels_50;
priv->band_50.n_channels = ARRAY_SIZE(mwl8k_channels_50);
priv->band_50.bitrates = priv->rates_50;
Reported by FlawFinder.
Line: 2721
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->action |= cpu_to_le16(MWL8K_ENABLE_RX_MULTICAST);
cmd->numaddr = cpu_to_le16(mc_count);
netdev_hw_addr_list_for_each(ha, mc_list) {
memcpy(cmd->addr[i], ha->addr, ETH_ALEN);
}
}
return &cmd->header;
}
Reported by FlawFinder.
Line: 2979
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_BEACON);
cmd->header.length = cpu_to_le16(sizeof(*cmd) + len);
cmd->beacon_len = cpu_to_le16(len);
memcpy(cmd->beacon, beacon, len);
rc = mwl8k_post_pervif_cmd(hw, vif, &cmd->header);
kfree(cmd);
return rc;
Reported by FlawFinder.
Line: 3075
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->header.code = cpu_to_le16(MWL8K_CMD_SET_POST_SCAN);
cmd->header.length = cpu_to_le16(sizeof(*cmd));
cmd->isibss = 0;
memcpy(cmd->bssid, mac, ETH_ALEN);
rc = mwl8k_post_cmd(hw, &cmd->header);
kfree(cmd);
return rc;
Reported by FlawFinder.
drivers/video/fbdev/macfb.c
32 issues
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct {
unsigned char addr;
char pad1[3]; /* word aligned */
unsigned char lut;
char pad2[3]; /* word aligned */
unsigned char cntl; /* a guess as to purpose */
} __iomem *rbv_cmap_regs;
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char addr;
char pad1[3]; /* word aligned */
unsigned char lut;
char pad2[3]; /* word aligned */
unsigned char cntl; /* a guess as to purpose */
} __iomem *rbv_cmap_regs;
static struct {
unsigned long reset;
Reported by FlawFinder.
Line: 72
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct {
unsigned long reset;
unsigned long pad1[3];
unsigned char pad2[3];
unsigned char lut;
} __iomem *dafb_cmap_regs;
static struct {
unsigned char addr; /* OFFSET: 0x00 */
Reported by FlawFinder.
Line: 78
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct {
unsigned char addr; /* OFFSET: 0x00 */
unsigned char pad1[15];
unsigned char lut; /* OFFSET: 0x10 */
unsigned char pad2[15];
unsigned char status; /* OFFSET: 0x20 */
unsigned char pad3[7];
unsigned long vbl_addr; /* OFFSET: 0x28 */
Reported by FlawFinder.
Line: 80
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char addr; /* OFFSET: 0x00 */
unsigned char pad1[15];
unsigned char lut; /* OFFSET: 0x10 */
unsigned char pad2[15];
unsigned char status; /* OFFSET: 0x20 */
unsigned char pad3[7];
unsigned long vbl_addr; /* OFFSET: 0x28 */
unsigned int status2; /* OFFSET: 0x2C */
} __iomem *civic_cmap_regs;
Reported by FlawFinder.
Line: 82
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char lut; /* OFFSET: 0x10 */
unsigned char pad2[15];
unsigned char status; /* OFFSET: 0x20 */
unsigned char pad3[7];
unsigned long vbl_addr; /* OFFSET: 0x28 */
unsigned int status2; /* OFFSET: 0x2C */
} __iomem *civic_cmap_regs;
static struct {
Reported by FlawFinder.
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __iomem *civic_cmap_regs;
static struct {
char pad1[0x40];
unsigned char clut_waddr; /* 0x40 */
char pad2;
unsigned char clut_data; /* 0x42 */
char pad3[0x3];
unsigned char clut_raddr; /* 0x46 */
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char clut_waddr; /* 0x40 */
char pad2;
unsigned char clut_data; /* 0x42 */
char pad3[0x3];
unsigned char clut_raddr; /* 0x46 */
} __iomem *csc_cmap_regs;
/* The registers in these structs are in NuBus slot space */
struct mdc_cmap_regs {
Reported by FlawFinder.
Line: 98
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The registers in these structs are in NuBus slot space */
struct mdc_cmap_regs {
char pad1[0x200200];
unsigned char addr;
char pad2[6];
unsigned char lut;
};
Reported by FlawFinder.
Line: 100
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mdc_cmap_regs {
char pad1[0x200200];
unsigned char addr;
char pad2[6];
unsigned char lut;
};
struct toby_cmap_regs {
char pad1[0x90018];
Reported by FlawFinder.
kernel/trace/trace_events_synth.c
32 issues
Line: 531
CWE codes:
682
/* When len=0, we just calculate the needed length */
#define LEN_OR_ZERO (len ? len - pos : 0)
pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
for (i = 0; i < event->n_fields; i++) {
fmt = synth_field_fmt(event->fields[i]->type);
pos += snprintf(buf + pos, LEN_OR_ZERO, "%s=%s%s",
event->fields[i]->name, fmt,
i == event->n_fields - 1 ? "" : ", ");
Reported by Cppcheck.
Line: 534
CWE codes:
682
pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
for (i = 0; i < event->n_fields; i++) {
fmt = synth_field_fmt(event->fields[i]->type);
pos += snprintf(buf + pos, LEN_OR_ZERO, "%s=%s%s",
event->fields[i]->name, fmt,
i == event->n_fields - 1 ? "" : ", ");
}
pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
Reported by Cppcheck.
Line: 538
CWE codes:
682
event->fields[i]->name, fmt,
i == event->n_fields - 1 ? "" : ", ");
}
pos += snprintf(buf + pos, LEN_OR_ZERO, "\"");
for (i = 0; i < event->n_fields; i++) {
if (event->fields[i]->is_string &&
event->fields[i]->is_dynamic)
pos += snprintf(buf + pos, LEN_OR_ZERO,
Reported by Cppcheck.
Line: 70
Column: 43
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
static int synth_event_show(struct seq_file *m, struct dyn_event *ev);
static int synth_event_release(struct dyn_event *ev);
static bool synth_event_is_busy(struct dyn_event *ev);
static bool synth_event_match(const char *system, const char *event,
int argc, const char **argv, struct dyn_event *ev);
static struct dyn_event_operations synth_event_ops = {
.create = create_synth_event,
.show = synth_event_show,
Reported by FlawFinder.
Line: 98
Column: 43
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return event->ref != 0;
}
static bool synth_event_match(const char *system, const char *event,
int argc, const char **argv, struct dyn_event *ev)
{
struct synth_event *sev = to_synth_event(ev);
return strcmp(sev->name, event) == 0 &&
Reported by FlawFinder.
Line: 104
Column: 22
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
struct synth_event *sev = to_synth_event(ev);
return strcmp(sev->name, event) == 0 &&
(!system || strcmp(system, SYNTH_SYSTEM) == 0);
}
struct synth_trace_event {
struct trace_entry ent;
u64 fields[];
Reported by FlawFinder.
Line: 104
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
struct synth_event *sev = to_synth_event(ev);
return strcmp(sev->name, event) == 0 &&
(!system || strcmp(system, SYNTH_SYSTEM) == 0);
}
struct synth_trace_event {
struct trace_entry ent;
u64 fields[];
Reported by FlawFinder.
Line: 777
Column: 20
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
event->call.class = &event->class;
event->class.system = kstrdup(SYNTH_SYSTEM, GFP_KERNEL);
if (!event->class.system) {
ret = -ENOMEM;
goto out;
}
event->tp = alloc_synth_tracepoint(event->name);
Reported by FlawFinder.
Line: 846
Column: 21
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
kfree(event->fields);
kfree(event->dynamic_fields);
kfree(event->name);
kfree(event->class.system);
free_synth_tracepoint(event->tp);
free_synth_event_print_fmt(&event->call);
kfree(event);
}
Reported by FlawFinder.
Line: 2146
Column: 38
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
struct synth_event *event = to_synth_event(ev);
seq_printf(m, "s:%s/", event->class.system);
return __synth_event_show(m, event);
}
static int synth_events_seq_show(struct seq_file *m, void *v)
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/core_hwmon.c
32 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_attribute dev_attr;
struct mlxsw_hwmon *hwmon;
unsigned int type_index;
char name[32];
};
static int mlxsw_hwmon_get_attr_index(int index, int count)
{
if (index >= count)
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_hwmon_attr *mlwsw_hwmon_attr =
container_of(attr, struct mlxsw_hwmon_attr, dev_attr);
struct mlxsw_hwmon *mlxsw_hwmon = mlwsw_hwmon_attr->hwmon;
char mtmp_pl[MLXSW_REG_MTMP_LEN];
int temp, index;
int err;
index = mlxsw_hwmon_get_attr_index(mlwsw_hwmon_attr->type_index,
mlxsw_hwmon->module_sensor_max);
Reported by FlawFinder.
Line: 76
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return err;
}
mlxsw_reg_mtmp_unpack(mtmp_pl, &temp, NULL, NULL, NULL, NULL);
return sprintf(buf, "%d\n", temp);
}
static ssize_t mlxsw_hwmon_temp_max_show(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_hwmon_attr *mlwsw_hwmon_attr =
container_of(attr, struct mlxsw_hwmon_attr, dev_attr);
struct mlxsw_hwmon *mlxsw_hwmon = mlwsw_hwmon_attr->hwmon;
char mtmp_pl[MLXSW_REG_MTMP_LEN];
int temp_max, index;
int err;
index = mlxsw_hwmon_get_attr_index(mlwsw_hwmon_attr->type_index,
mlxsw_hwmon->module_sensor_max);
Reported by FlawFinder.
Line: 99
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return err;
}
mlxsw_reg_mtmp_unpack(mtmp_pl, NULL, &temp_max, NULL, NULL, NULL);
return sprintf(buf, "%d\n", temp_max);
}
static ssize_t mlxsw_hwmon_temp_rst_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 109
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_hwmon_attr *mlwsw_hwmon_attr =
container_of(attr, struct mlxsw_hwmon_attr, dev_attr);
struct mlxsw_hwmon *mlxsw_hwmon = mlwsw_hwmon_attr->hwmon;
char mtmp_pl[MLXSW_REG_MTMP_LEN] = {0};
unsigned long val;
int index;
int err;
err = kstrtoul(buf, 10, &val);
Reported by FlawFinder.
Line: 144
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_hwmon_attr *mlwsw_hwmon_attr =
container_of(attr, struct mlxsw_hwmon_attr, dev_attr);
struct mlxsw_hwmon *mlxsw_hwmon = mlwsw_hwmon_attr->hwmon;
char mfsm_pl[MLXSW_REG_MFSM_LEN];
int err;
mlxsw_reg_mfsm_pack(mfsm_pl, mlwsw_hwmon_attr->type_index);
err = mlxsw_reg_query(mlxsw_hwmon->core, MLXSW_REG(mfsm), mfsm_pl);
if (err) {
Reported by FlawFinder.
Line: 153
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dev_err(mlxsw_hwmon->bus_info->dev, "Failed to query fan\n");
return err;
}
return sprintf(buf, "%u\n", mlxsw_reg_mfsm_rpm_get(mfsm_pl));
}
static ssize_t mlxsw_hwmon_fan_fault_show(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 163
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_hwmon_attr *mlwsw_hwmon_attr =
container_of(attr, struct mlxsw_hwmon_attr, dev_attr);
struct mlxsw_hwmon *mlxsw_hwmon = mlwsw_hwmon_attr->hwmon;
char fore_pl[MLXSW_REG_FORE_LEN];
bool fault;
int err;
err = mlxsw_reg_query(mlxsw_hwmon->core, MLXSW_REG(fore), fore_pl);
if (err) {
Reported by FlawFinder.
Line: 174
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
mlxsw_reg_fore_unpack(fore_pl, mlwsw_hwmon_attr->type_index, &fault);
return sprintf(buf, "%u\n", fault);
}
static ssize_t mlxsw_hwmon_pwm_show(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
drivers/usb/cdns3/cdns3-debug.h
32 issues
Line: 24
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = sprintf(str, "IRQ %08x = ", usb_ists);
if (usb_ists & (USB_ISTS_CON2I | USB_ISTS_CONI)) {
ret += sprintf(str + ret, "Connection %s\n",
usb_speed_string(speed));
}
if (usb_ists & USB_ISTS_DIS2I || usb_ists & USB_ISTS_DISI)
ret += sprintf(str + ret, "Disconnection ");
if (usb_ists & USB_ISTS_L2ENTI)
Reported by FlawFinder.
Line: 57
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int ret;
ret = sprintf(str, "IRQ for %s: %08x ", ep_name, ep_sts);
if (ep_sts & EP_STS_SETUP)
ret += sprintf(str + ret, "SETUP ");
if (ep_sts & EP_STS_IOC)
ret += sprintf(str + ret, "IOC ");
Reported by FlawFinder.
Line: 122
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
trb_per_sector = GET_TRBS_PER_SEGMENT(priv_ep->type);
trb = &priv_ep->trb_pool[priv_ep->dequeue];
ret += sprintf(str + ret, "\n\t\tRing contents for %s:", priv_ep->name);
ret += sprintf(str + ret,
"\n\t\tRing deq index: %d, trb: %p (virt), 0x%llx (dma)\n",
priv_ep->dequeue, trb,
(unsigned long long)cdns3_trb_virt_to_dma(priv_ep, trb));
Reported by FlawFinder.
Line: 21
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int ret;
ret = sprintf(str, "IRQ %08x = ", usb_ists);
if (usb_ists & (USB_ISTS_CON2I | USB_ISTS_CONI)) {
ret += sprintf(str + ret, "Connection %s\n",
usb_speed_string(speed));
}
Reported by FlawFinder.
Line: 28
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
usb_speed_string(speed));
}
if (usb_ists & USB_ISTS_DIS2I || usb_ists & USB_ISTS_DISI)
ret += sprintf(str + ret, "Disconnection ");
if (usb_ists & USB_ISTS_L2ENTI)
ret += sprintf(str + ret, "suspended ");
if (usb_ists & USB_ISTS_L1ENTI)
ret += sprintf(str + ret, "L1 enter ");
if (usb_ists & USB_ISTS_L1EXTI)
Reported by FlawFinder.
Line: 30
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (usb_ists & USB_ISTS_DIS2I || usb_ists & USB_ISTS_DISI)
ret += sprintf(str + ret, "Disconnection ");
if (usb_ists & USB_ISTS_L2ENTI)
ret += sprintf(str + ret, "suspended ");
if (usb_ists & USB_ISTS_L1ENTI)
ret += sprintf(str + ret, "L1 enter ");
if (usb_ists & USB_ISTS_L1EXTI)
ret += sprintf(str + ret, "L1 exit ");
if (usb_ists & USB_ISTS_L2ENTI)
Reported by FlawFinder.
Line: 32
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (usb_ists & USB_ISTS_L2ENTI)
ret += sprintf(str + ret, "suspended ");
if (usb_ists & USB_ISTS_L1ENTI)
ret += sprintf(str + ret, "L1 enter ");
if (usb_ists & USB_ISTS_L1EXTI)
ret += sprintf(str + ret, "L1 exit ");
if (usb_ists & USB_ISTS_L2ENTI)
ret += sprintf(str + ret, "L2 enter ");
if (usb_ists & USB_ISTS_L2EXTI)
Reported by FlawFinder.
Line: 34
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (usb_ists & USB_ISTS_L1ENTI)
ret += sprintf(str + ret, "L1 enter ");
if (usb_ists & USB_ISTS_L1EXTI)
ret += sprintf(str + ret, "L1 exit ");
if (usb_ists & USB_ISTS_L2ENTI)
ret += sprintf(str + ret, "L2 enter ");
if (usb_ists & USB_ISTS_L2EXTI)
ret += sprintf(str + ret, "L2 exit ");
if (usb_ists & USB_ISTS_U3EXTI)
Reported by FlawFinder.
Line: 36
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (usb_ists & USB_ISTS_L1EXTI)
ret += sprintf(str + ret, "L1 exit ");
if (usb_ists & USB_ISTS_L2ENTI)
ret += sprintf(str + ret, "L2 enter ");
if (usb_ists & USB_ISTS_L2EXTI)
ret += sprintf(str + ret, "L2 exit ");
if (usb_ists & USB_ISTS_U3EXTI)
ret += sprintf(str + ret, "U3 exit ");
if (usb_ists & USB_ISTS_UWRESI)
Reported by FlawFinder.
Line: 38
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (usb_ists & USB_ISTS_L2ENTI)
ret += sprintf(str + ret, "L2 enter ");
if (usb_ists & USB_ISTS_L2EXTI)
ret += sprintf(str + ret, "L2 exit ");
if (usb_ists & USB_ISTS_U3EXTI)
ret += sprintf(str + ret, "U3 exit ");
if (usb_ists & USB_ISTS_UWRESI)
ret += sprintf(str + ret, "Warm Reset ");
if (usb_ists & USB_ISTS_UHRESI)
Reported by FlawFinder.
arch/powerpc/xmon/xmon.c
32 issues
Line: 1094
Column: 6
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case 'z':
if (xmon_is_ro) {
printf(xmon_ro_msg);
break;
}
memzcan();
break;
case 'i':
Reported by FlawFinder.
Line: 1164
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case 'p':
if (xmon_is_ro) {
printf(xmon_ro_msg);
break;
}
proccall();
break;
case 'P':
Reported by FlawFinder.
Line: 1545
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
int mode;
case 'd': /* bd - hardware data breakpoint */
if (xmon_is_ro) {
printf(xmon_ro_msg);
break;
}
if (!ppc_breakpoint_available()) {
printf("Hardware data breakpoint not supported on this cpu\n");
break;
Reported by FlawFinder.
Line: 1567
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
dabr[i].enabled = 0;
if (scanhex(&dabr[i].address)) {
if (!is_kernel_addr(dabr[i].address)) {
printf(badaddr);
break;
}
dabr[i].address &= ~HW_BRK_TYPE_DABR;
dabr[i].enabled = mode | BP_DABR;
}
Reported by FlawFinder.
Line: 1579
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
case 'i': /* bi - hardware instr breakpoint */
if (xmon_is_ro) {
printf(xmon_ro_msg);
break;
}
if (!cpu_has_feature(CPU_FTR_ARCH_207S)) {
printf("Hardware instruction breakpoint "
"not supported on this cpu\n");
Reported by FlawFinder.
Line: 1637
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
termch = cmd;
cmd = skipbl();
if (cmd == '?') {
printf(breakpoint_help_string);
break;
}
termch = cmd;
if (xmon_is_ro || !scanhex(&a)) {
Reported by FlawFinder.
Line: 1899
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (trap == INTERRUPT_PROGRAM)
print_bug_trap(fp);
printf(linux_banner);
}
static void prregs(struct pt_regs *fp)
{
int n, trap;
Reported by FlawFinder.
Line: 2014
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
write_spr(int n, unsigned long val)
{
if (xmon_is_ro) {
printf(xmon_ro_msg);
return;
}
if (setjmp(bus_error_jmp) == 0) {
catch_spr_faults = 1;
Reported by FlawFinder.
Line: 2276
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
n = 0;
if (xmon_is_ro) {
printf(xmon_ro_msg);
return n;
}
if (setjmp(bus_error_jmp) == 0) {
catch_memory_errors = 1;
Reported by FlawFinder.
Line: 2429
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
scanhex((void *)&adrs);
cmd = skipbl();
if (cmd == '?') {
printf(memex_help_string);
return;
} else {
termch = cmd;
}
last_cmd = "m\n";
Reported by FlawFinder.
tools/testing/selftests/net/nettest.c
32 issues
Line: 162
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
timestamp(timebuf, sizeof(timebuf)),
server_mode ? "server" : "client");
va_start(args, format);
vfprintf(stdout, format, args);
va_end(args);
fflush(stdout);
}
Reported by FlawFinder.
Line: 180
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
timestamp(timebuf, sizeof(timebuf)),
server_mode ? "server" : "client");
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
fflush(stderr);
}
Reported by FlawFinder.
Line: 198
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
timestamp(timebuf, sizeof(timebuf)),
server_mode ? "server" : "client");
va_start(args, fmt);
vfprintf(stderr, fmt, args);
va_end(args);
fprintf(stderr, ": %d: %s\n", errno, strerror(errno));
fflush(stderr);
}
Reported by FlawFinder.
Line: 338
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
memset(&ifdata, 0, sizeof(ifdata));
strcpy(ifdata.ifr_name, ifname);
sd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
if (sd < 0) {
log_err_errno("socket failed");
return -1;
Reported by FlawFinder.
Line: 1896
Column: 15
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
* process input args
*/
while ((rc = getopt(argc, argv, GETOPT_STR)) != -1) {
switch (rc) {
case 'B':
both_mode = 1;
break;
case 's':
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void log_msg(const char *format, ...)
{
char timebuf[64];
va_list args;
if (quiet)
return;
Reported by FlawFinder.
Line: 170
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void log_error(const char *format, ...)
{
char timebuf[64];
va_list args;
if (quiet)
return;
Reported by FlawFinder.
Line: 188
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void log_err_errno(const char *fmt, ...)
{
char timebuf[64];
va_list args;
if (quiet)
return;
Reported by FlawFinder.
Line: 207
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void log_address(const char *desc, struct sockaddr *sa)
{
char addrstr[64];
if (quiet)
return;
if (sa->sa_family == AF_INET) {
Reported by FlawFinder.
Line: 236
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int switch_ns(const char *ns)
{
char path[PATH_MAX];
int fd, ret;
if (geteuid())
log_error("warning: likely need root to set netns %s!\n", ns);
Reported by FlawFinder.
kernel/locking/lockdep.c
32 issues
Line: 670
Column: 48
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return c;
}
void get_usage_chars(struct lock_class *class, char usage[LOCK_USAGE_CHARS])
{
int i = 0;
#define LOCKDEP_STATE(__STATE) \
usage[i++] = get_usage_char(class, LOCK_USED_IN_##__STATE); \
Reported by FlawFinder.
Line: 685
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __print_lock_name(struct lock_class *class)
{
char str[KSYM_NAME_LEN];
const char *name;
name = class->name;
if (!name) {
name = __get_key_name(class->key, str);
Reported by FlawFinder.
Line: 703
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void print_lock_name(struct lock_class *class)
{
char usage[LOCK_USAGE_CHARS];
get_usage_chars(class, usage);
printk(KERN_CONT " (");
__print_lock_name(class);
Reported by FlawFinder.
Line: 717
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void print_lockdep_cache(struct lockdep_map *lock)
{
const char *name;
char str[KSYM_NAME_LEN];
name = lock->name;
if (!name)
name = __get_key_name(lock->key->subkeys, str);
Reported by FlawFinder.
Line: 324
Column: 13
CWE codes:
120
20
holdtime = lockstat_clock() - hlock->holdtime_stamp;
stats = get_lock_stats(hlock_class(hlock));
if (hlock->read)
lock_time_inc(&stats->read_holdtime, holdtime);
else
lock_time_inc(&stats->write_holdtime, holdtime);
}
#else
Reported by FlawFinder.
Line: 401
Column: 37
CWE codes:
120
20
{
BUILD_BUG_ON(MAX_LOCKDEP_KEYS_BITS + 2 > 16);
return (hlock->class_idx | (hlock->read << MAX_LOCKDEP_KEYS_BITS));
}
static inline unsigned int chain_hlock_class_idx(u16 hlock_id)
{
return hlock_id & (MAX_LOCKDEP_KEYS - 1);
Reported by FlawFinder.
Line: 1576
Column: 37
CWE codes:
120
20
static inline unsigned int
__calc_dep_bit(struct held_lock *prev, struct held_lock *next)
{
return (prev->read == 0) + ((next->read != 2) << 1);
}
static inline u8 calc_dep(struct held_lock *prev, struct held_lock *next)
{
return 1U << __calc_dep_bit(prev, next);
Reported by FlawFinder.
Line: 1591
Column: 16
CWE codes:
120
20
static inline unsigned int
__calc_dep_bitb(struct held_lock *prev, struct held_lock *next)
{
return (next->read != 2) + ((prev->read == 0) << 1);
}
static inline u8 calc_depb(struct held_lock *prev, struct held_lock *next)
{
return 1U << __calc_dep_bitb(prev, next);
Reported by FlawFinder.
Line: 1637
Column: 26
CWE codes:
120
20
struct held_lock *hlock)
{
__bfs_init_root(lock, hlock_class(hlock));
lock->only_xr = (hlock->read != 0);
}
static inline struct lock_list *__bfs_next(struct lock_list *lock, int offset)
{
if (!lock || !lock->parent)
Reported by FlawFinder.
Line: 2977
Column: 34
CWE codes:
120
20
* Allow read-after-read recursion of the same
* lock class (i.e. read_lock(lock)+read_lock(lock)):
*/
if ((next->read == 2) && prev->read)
continue;
/*
* We're holding the nest_lock, which serializes this lock's
* nesting behaviour.
Reported by FlawFinder.