The following issues were found
drivers/edac/e752x_edac.c
6 issues
Line: 498
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
e752x_mc_printk(mci, KERN_WARNING, "Memory threshold CE\n");
}
static char *global_message[11] = {
"PCI Express C1",
"PCI Express C",
"PCI Express B1",
"PCI Express B",
"PCI Express A1",
Reported by FlawFinder.
Line: 514
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DRAM_ENTRY 9
static char *fatal_message[2] = { "Non-Fatal ", "Fatal " };
static void do_global_error(int fatal, u32 errors)
{
int i;
Reported by FlawFinder.
Line: 543
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
do_global_error(fatal, errors);
}
static char *hub_message[7] = {
"HI Address or Command Parity", "HI Illegal Access",
"HI Internal Parity", "Out of Range Access",
"HI Data Parity", "Enhanced Config Access",
"Hub Interface Target Abort"
};
Reported by FlawFinder.
Line: 574
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define NSI_NON_FATAL_MASK 0x23a0ba64
#define NSI_ERR_MASK (NSI_FATAL_MASK | NSI_NON_FATAL_MASK)
static char *nsi_message[30] = {
"NSI Link Down", /* NSI_FERR/NSI_NERR bit 0, fatal error */
"", /* reserved */
"NSI Parity Error", /* bit 2, non-fatal */
"", /* reserved */
"", /* reserved */
Reported by FlawFinder.
Line: 627
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
do_nsi_error(fatal, errors);
}
static char *membuf_message[4] = {
"Internal PMWB to DRAM parity",
"Internal PMWB to System Bus Parity",
"Internal System Bus or IO to PMWB Parity",
"Internal DRAM to PMWB Parity"
};
Reported by FlawFinder.
Line: 653
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
do_membuf_error(errors);
}
static char *sysbus_message[10] = {
"Addr or Request Parity",
"Data Strobe Glitch",
"Addr Strobe Glitch",
"Data Parity",
"Addr Above TOM",
Reported by FlawFinder.
drivers/clk/clk-lmk04832.c
6 issues
Line: 606
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int lmk04832_register_vco(struct lmk04832 *lmk)
{
const char *parent_names[1];
struct clk_init_data init;
int ret;
init.name = "lmk-vco";
parent_names[0] = __clk_get_name(lmk->oscin);
Reported by FlawFinder.
Line: 968
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int lmk04832_register_sclk(struct lmk04832 *lmk)
{
const char *parent_names[1];
struct clk_init_data init;
int ret;
init.name = "lmk-sclk";
parent_names[0] = clk_hw_get_name(&lmk->vco);
Reported by FlawFinder.
Line: 1310
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char name[] = "lmk-clkoutXX";
char dclk_name[] = "lmk-dclkXX_YY";
const char *parent_names[2];
struct clk_init_data init;
int dclk_num = num / 2;
int ret;
if (num % 2 == 0) {
Reported by FlawFinder.
Line: 1316
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int ret;
if (num % 2 == 0) {
sprintf(dclk_name, "lmk-dclk%02d_%02d", num, num + 1);
init.name = dclk_name;
parent_names[0] = clk_hw_get_name(&lmk->vco);
init.ops = &lmk04832_dclk_ops;
init.flags = CLK_SET_RATE_PARENT;
init.num_parents = 1;
Reported by FlawFinder.
Line: 1331
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
} else {
sprintf(dclk_name, "lmk-dclk%02d_%02d", num - 1, num);
}
if (of_property_read_string_index(lmk->dev->of_node,
"clock-output-names",
num, &init.name)) {
Reported by FlawFinder.
Line: 1337
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (of_property_read_string_index(lmk->dev->of_node,
"clock-output-names",
num, &init.name)) {
sprintf(name, "lmk-clkout%02d", num);
init.name = name;
}
parent_names[0] = dclk_name;
parent_names[1] = clk_hw_get_name(&lmk->sclk);
Reported by FlawFinder.
drivers/dma/qcom/gpi.c
6 issues
Line: 697
CWE codes:
476
if (gpi_cmd >= GPI_MAX_CMD)
return -EINVAL;
if (IS_CHAN_CMD(gpi_cmd))
chid = gchan->chid;
dev_dbg(gpii->gpi_dev->dev,
"sending cmd: %s:%u\n", TO_GPI_CMD_STR(gpi_cmd), chid);
/* send opcode and wait for completion */
Reported by Cppcheck.
Line: 300
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MAX_EV_STATES
};
static const char *const gpi_ev_state_str[MAX_EV_STATES] = {
[EV_STATE_NOT_ALLOCATED] = "NOT ALLOCATED",
[EV_STATE_ALLOCATED] = "ALLOCATED",
};
#define TO_GPI_EV_STATE_STR(_state) (((_state) >= MAX_EV_STATES) ? \
Reported by FlawFinder.
Line: 340
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IS_CHAN_CMD(_cmd) ((_cmd) <= GPI_CH_CMD_END)
static const char *const gpi_cmd_str[GPI_MAX_CMD] = {
[GPI_CH_CMD_ALLOCATE] = "CH ALLOCATE",
[GPI_CH_CMD_START] = "CH START",
[GPI_CH_CMD_STOP] = "CH STOP",
[GPI_CH_CMD_RESET] = "CH_RESET",
[GPI_CH_CMD_DE_ALLOC] = "DE ALLOC",
Reported by FlawFinder.
Line: 379
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define REG_ACCESS_VALID(_pm_state) ((_pm_state) >= PREPARE_HARDWARE)
static const char *const gpi_pm_state_str[MAX_PM_STATE] = {
[DISABLE_STATE] = "DISABLE",
[CONFIG_STATE] = "CONFIG",
[PREPARE_HARDWARE] = "PREPARE HARDWARE",
[ACTIVE_STATE] = "ACTIVE",
[PREPARE_TERMINATE] = "PREPARE TERMINATE",
Reported by FlawFinder.
Line: 1469
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy the tre info */
memcpy(ch_tre, gpi_tre, sizeof(*ch_tre));
*wp = ch_tre;
}
/* reset and restart transfer channel */
static int gpi_terminate_all(struct dma_chan *chan)
Reported by FlawFinder.
Line: 1632
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!gchan->config)
return -ENOMEM;
memcpy(gchan->config, config->peripheral_config, config->peripheral_size);
return 0;
}
static int gpi_create_i2c_tre(struct gchan *chan, struct gpi_desc *desc,
Reported by FlawFinder.
drivers/firmware/tegra/bpmp.c
6 issues
Line: 204
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int err;
if (data && size > 0)
memcpy(data, channel->ib->data, size);
err = tegra_bpmp_ack_response(channel);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 248
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
channel->ob->flags = flags;
if (data && size > 0)
memcpy(channel->ob->data, data, size);
return tegra_bpmp_post_request(channel);
}
static struct tegra_bpmp_channel *
Reported by FlawFinder.
Line: 423
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
channel->ob->code = code;
if (data && size > 0)
memcpy(channel->ob->data, data, size);
err = tegra_bpmp_post_response(channel);
if (WARN_ON(err < 0))
return;
Reported by FlawFinder.
Line: 611
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
local_irq_restore(flags);
if (err == 0)
memcpy(tag, virt, TAG_SZ);
dma_free_coherent(bpmp->dev, TAG_SZ, virt, phys);
return err;
}
Reported by FlawFinder.
Line: 642
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (msg.rx.ret < 0)
return -EINVAL;
memcpy(tag, resp.tag, sizeof(resp.tag));
return 0;
}
return tegra_bpmp_get_firmware_tag_old(bpmp, tag, size);
}
Reported by FlawFinder.
Line: 691
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int tegra_bpmp_probe(struct platform_device *pdev)
{
struct tegra_bpmp *bpmp;
char tag[TAG_SZ];
size_t size;
int err;
bpmp = devm_kzalloc(&pdev->dev, sizeof(*bpmp), GFP_KERNEL);
if (!bpmp)
Reported by FlawFinder.
drivers/crypto/nx/nx-842.c
6 issues
Line: 151
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(buf, hdr, s);
print_hex_dump_debug("header ", DUMP_PREFIX_OFFSET, 16, 1, buf, s, 0);
return 0;
}
Reported by FlawFinder.
Line: 188
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
slen = min(slen, BOUNCE_BUFFER_SIZE);
if (adj_slen > slen)
memset(ctx->sbounce + slen, 0, adj_slen - slen);
memcpy(ctx->sbounce, src, slen);
src = ctx->sbounce;
slen = adj_slen;
pr_debug("using comp sbounce buffer, len %x\n", slen);
}
Reported by FlawFinder.
Line: 232
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dskip += hdrsize;
if (dst == ctx->dbounce)
memcpy(p->out + dskip, dst, dlen);
g->padding = cpu_to_be16(dskip);
g->compressed_length = cpu_to_be32(dlen);
g->uncompressed_length = cpu_to_be32(slen);
Reported by FlawFinder.
Line: 374
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (slen < adj_slen)
memset(ctx->sbounce + slen, 0, adj_slen - slen);
memcpy(ctx->sbounce, src, slen);
src = ctx->sbounce;
spadding = adj_slen - slen;
slen = adj_slen;
pr_debug("using decomp sbounce buffer, len %x\n", slen);
}
Reported by FlawFinder.
Line: 424
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_debug("ignoring last %x bytes\n", ignore);
if (dst == ctx->dbounce)
memcpy(p->out, dst, dlen);
pr_debug("decompress slen %x padding %x dlen %x ignore %x\n",
slen, padding, dlen, ignore);
return update_param(p, slen + padding, dlen);
Reported by FlawFinder.
Line: 492
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto unlock;
}
memcpy(&ctx->header, src, hdr_len);
hdr = &ctx->header;
for (n = 0; n < hdr->groups; n++) {
/* ignore applies to last group */
if (n + 1 == hdr->groups)
Reported by FlawFinder.
drivers/acpi/acpi_tad.c
6 issues
Line: 326
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -EIO;
if ((u32)retval == ACPI_TAD_WAKE_DISABLED)
return sprintf(buf, "%s\n", specval);
return sprintf(buf, "%u\n", (u32)retval);
}
static const char *alarm_specval = "disabled";
Reported by FlawFinder.
Line: 133
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!data->valid)
goto out_free;
memcpy(rt, data, sizeof(*rt));
ret = 0;
out_free:
ACPI_FREE(output.pointer);
return ret;
Reported by FlawFinder.
Line: 235
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%u:%u:%u:%u:%u:%u:%d:%u\n",
rt.year, rt.month, rt.day, rt.hour, rt.minute, rt.second,
rt.tz, rt.daylight);
}
static DEVICE_ATTR_RW(time);
Reported by FlawFinder.
Line: 328
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if ((u32)retval == ACPI_TAD_WAKE_DISABLED)
return sprintf(buf, "%s\n", specval);
return sprintf(buf, "%u\n", (u32)retval);
}
static const char *alarm_specval = "disabled";
static int acpi_tad_alarm_write(struct device *dev, const char *buf,
Reported by FlawFinder.
Line: 422
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ACPI_FAILURE(status))
return -EIO;
return sprintf(buf, "0x%02X\n", (u32)retval);
}
static ssize_t caps_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 430
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct acpi_tad_driver_data *dd = dev_get_drvdata(dev);
return sprintf(buf, "0x%02X\n", dd->capabilities);
}
static DEVICE_ATTR_RO(caps);
static ssize_t ac_alarm_store(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
drivers/gpu/drm/drm_debugfs_crc.c
6 issues
Line: 290
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct drm_crtc *crtc = filep->f_inode->i_private;
struct drm_crtc_crc *crc = &crtc->crc;
struct drm_crtc_crc_entry *entry;
char buf[MAX_LINE_LEN];
int ret, i;
spin_lock_irq(&crc->lock);
if (!crc->source) {
Reported by FlawFinder.
Line: 330
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
spin_unlock_irq(&crc->lock);
if (entry->has_frame_counter)
sprintf(buf, "0x%08x", entry->frame);
else
sprintf(buf, "XXXXXXXXXX");
for (i = 0; i < crc->values_cnt; i++)
sprintf(buf + 10 + i * 11, " 0x%08x", entry->crcs[i]);
Reported by FlawFinder.
Line: 332
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (entry->has_frame_counter)
sprintf(buf, "0x%08x", entry->frame);
else
sprintf(buf, "XXXXXXXXXX");
for (i = 0; i < crc->values_cnt; i++)
sprintf(buf + 10 + i * 11, " 0x%08x", entry->crcs[i]);
sprintf(buf + 10 + crc->values_cnt * 11, "\n");
Reported by FlawFinder.
Line: 335
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(buf, "XXXXXXXXXX");
for (i = 0; i < crc->values_cnt; i++)
sprintf(buf + 10 + i * 11, " 0x%08x", entry->crcs[i]);
sprintf(buf + 10 + crc->values_cnt * 11, "\n");
if (copy_to_user(user_buf, buf, LINE_LEN(crc->values_cnt)))
return -EFAULT;
Reported by FlawFinder.
Line: 427
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
entry = &crc->entries[head];
entry->frame = frame;
entry->has_frame_counter = has_frame;
memcpy(&entry->crcs, crcs, sizeof(*crcs) * crc->values_cnt);
head = (head + 1) & (DRM_CRC_ENTRIES_NR - 1);
crc->head = head;
spin_unlock_irqrestore(&crc->lock, flags);
Reported by FlawFinder.
Line: 336
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < crc->values_cnt; i++)
sprintf(buf + 10 + i * 11, " 0x%08x", entry->crcs[i]);
sprintf(buf + 10 + crc->values_cnt * 11, "\n");
if (copy_to_user(user_buf, buf, LINE_LEN(crc->values_cnt)))
return -EFAULT;
return LINE_LEN(crc->values_cnt);
Reported by FlawFinder.
drivers/acpi/apei/erst.c
6 issues
Line: 523
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GFP_KERNEL);
if (!new_entries)
return -ENOMEM;
memcpy(new_entries, entries,
erst_record_id_cache.len * sizeof(entries[0]));
kvfree(entries);
erst_record_id_cache.entries = entries = new_entries;
erst_record_id_cache.size = new_size;
}
Reported by FlawFinder.
Line: 792
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!raw_spin_trylock_irqsave(&erst_lock, flags))
return -EBUSY;
memcpy(erst_erange.vaddr, record, record->record_length);
rcd_erange = erst_erange.vaddr;
/* signature for serialization system */
memcpy(&rcd_erange->persistence_information, "ER", 2);
rc = __erst_write_to_storage(0);
Reported by FlawFinder.
Line: 795
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(erst_erange.vaddr, record, record->record_length);
rcd_erange = erst_erange.vaddr;
/* signature for serialization system */
memcpy(&rcd_erange->persistence_information, "ER", 2);
rc = __erst_write_to_storage(0);
raw_spin_unlock_irqrestore(&erst_lock, flags);
return rc;
Reported by FlawFinder.
Line: 833
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rcd_tmp = erst_erange.vaddr + offset;
len = rcd_tmp->record_length;
if (len <= buflen)
memcpy(record, rcd_tmp, len);
return len;
}
/*
Reported by FlawFinder.
Line: 1015
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rc = -ENOMEM;
goto out;
}
memcpy(record->buf, rcd->data, len - sizeof(*rcd));
record->id = record_id;
record->compressed = false;
record->ecc_notice_size = 0;
if (guid_equal(&rcd->sec_hdr.section_type, &CPER_SECTION_TYPE_DMESG_Z)) {
record->type = PSTORE_TYPE_DMESG;
Reported by FlawFinder.
Line: 1047
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int ret;
memset(rcd, 0, sizeof(*rcd));
memcpy(rcd->hdr.signature, CPER_SIG_RECORD, CPER_SIG_SIZE);
rcd->hdr.revision = CPER_RECORD_REV;
rcd->hdr.signature_end = CPER_SIG_END;
rcd->hdr.section_count = 1;
rcd->hdr.error_severity = CPER_SEV_FATAL;
/* timestamp valid. platform_id, partition_id are invalid */
Reported by FlawFinder.
drivers/crypto/allwinner/sun4i-ss/sun4i-ss-hash.c
6 issues
Line: 70
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
octx->byte_count = op->byte_count + op->len;
memcpy(octx->block, op->buf, op->len);
if (op->byte_count) {
for (i = 0; i < 4; i++)
octx->hash[i] = op->hash[i];
} else {
Reported by FlawFinder.
Line: 96
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
op->byte_count = ictx->byte_count & ~0x3F;
op->len = ictx->byte_count & 0x3F;
memcpy(op->buf, ictx->block, op->len);
for (i = 0; i < 4; i++)
op->hash[i] = ictx->hash[i];
return 0;
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
octx->count = op->byte_count + op->len;
memcpy(octx->buffer, op->buf, op->len);
if (op->byte_count) {
for (i = 0; i < 5; i++)
octx->state[i] = op->hash[i];
} else {
Reported by FlawFinder.
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
op->byte_count = ictx->count & ~0x3F;
op->len = ictx->count & 0x3F;
memcpy(op->buf, ictx->buffer, op->len);
for (i = 0; i < 5; i++)
op->hash[i] = ictx->state[i];
return 0;
Reported by FlawFinder.
Line: 293
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* how many bytes we can read from current SG */
in_r = min(end - i, 64 - op->len);
in_r = min_t(size_t, mi.length - in_i, in_r);
memcpy(op->buf + op->len, mi.addr + in_i, in_r);
op->len += in_r;
i += in_r;
in_i += in_r;
if (in_i == mi.length) {
sg_miter_next(&mi);
Reported by FlawFinder.
Line: 341
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* how many bytes we can read from current SG */
in_r = min(areq->nbytes - i, 64 - op->len);
in_r = min_t(size_t, mi.length - in_i, in_r);
memcpy(op->buf + op->len, mi.addr + in_i, in_r);
op->len += in_r;
i += in_r;
in_i += in_r;
if (in_i == mi.length) {
sg_miter_next(&mi);
Reported by FlawFinder.
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
6 issues
Line: 74
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t wr_buf_count = 0;
int r;
char *sub_str = NULL;
const char delimiter[3] = {' ', '\n', '\0'};
uint8_t param_index = 0;
*param_nums = 0;
wr_buf_ptr = wr_buf;
Reported by FlawFinder.
Line: 200
Column: 12
CWE codes:
126
rd_buf_ptr = rd_buf;
str_len = strlen("Current: %d %d %d ");
snprintf(rd_buf_ptr, str_len, "Current: %d %d %d ",
link->cur_link_settings.lane_count,
link->cur_link_settings.link_rate,
link->cur_link_settings.link_spread);
rd_buf_ptr += str_len;
Reported by FlawFinder.
Line: 207
Column: 12
CWE codes:
126
link->cur_link_settings.link_spread);
rd_buf_ptr += str_len;
str_len = strlen("Verified: %d %d %d ");
snprintf(rd_buf_ptr, str_len, "Verified: %d %d %d ",
link->verified_link_cap.lane_count,
link->verified_link_cap.link_rate,
link->verified_link_cap.link_spread);
rd_buf_ptr += str_len;
Reported by FlawFinder.
Line: 214
Column: 12
CWE codes:
126
link->verified_link_cap.link_spread);
rd_buf_ptr += str_len;
str_len = strlen("Reported: %d %d %d ");
snprintf(rd_buf_ptr, str_len, "Reported: %d %d %d ",
link->reported_link_cap.lane_count,
link->reported_link_cap.link_rate,
link->reported_link_cap.link_spread);
rd_buf_ptr += str_len;
Reported by FlawFinder.
Line: 221
Column: 12
CWE codes:
126
link->reported_link_cap.link_spread);
rd_buf_ptr += str_len;
str_len = strlen("Preferred: %d %d %d ");
snprintf(rd_buf_ptr, str_len, "Preferred: %d %d %d\n",
link->preferred_link_setting.lane_count,
link->preferred_link_setting.link_rate,
link->preferred_link_setting.link_spread);
Reported by FlawFinder.
Line: 3259
Column: 9
CWE codes:
126
for (i = 0; i < num_pipes; i++)
offset += snprintf(rd_buf + offset, rd_buf_size - offset,
"%d ", dcc_en_bits[i]);
rd_buf[strlen(rd_buf)] = '\n';
kfree(dcc_en_bits);
while (size) {
if (*pos >= rd_buf_size)
Reported by FlawFinder.