The following issues were found
drivers/hwmon/w83l786ng.c
6 issues
Line: 229
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{ \
int nr = to_sensor_dev_attr(attr)->index; \
struct w83l786ng_data *data = w83l786ng_update_device(dev); \
return sprintf(buf, "%d\n", IN_FROM_REG(data->reg[nr])); \
}
show_in_reg(in)
show_in_reg(in_min)
show_in_reg(in_max)
Reported by FlawFinder.
Line: 283
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{ \
int nr = to_sensor_dev_attr(attr)->index; \
struct w83l786ng_data *data = w83l786ng_update_device(dev); \
return sprintf(buf, "%d\n", \
FAN_FROM_REG(data->reg[nr], DIV_FROM_REG(data->fan_div[nr]))); \
}
show_fan_reg(fan);
show_fan_reg(fan_min);
Reported by FlawFinder.
Line: 319
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct w83l786ng_data *data = w83l786ng_update_device(dev);
return sprintf(buf, "%u\n", DIV_FROM_REG(data->fan_div[nr]));
}
/*
* Note: we save and restore the fan minimum here, because its value is
* determined in part by the fan divisor. This follows the principle of
Reported by FlawFinder.
Line: 413
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = sensor_attr->nr;
int index = sensor_attr->index;
struct w83l786ng_data *data = w83l786ng_update_device(dev);
return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[nr][index]));
}
static ssize_t
store_temp(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 467
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{ \
struct w83l786ng_data *data = w83l786ng_update_device(dev); \
int nr = to_sensor_dev_attr(attr)->index; \
return sprintf(buf, "%d\n", data->reg[nr]); \
}
show_pwm_reg(pwm_mode)
show_pwm_reg(pwm_enable)
show_pwm_reg(pwm)
Reported by FlawFinder.
Line: 579
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct w83l786ng_data *data = w83l786ng_update_device(dev);
return sprintf(buf, "%ld\n", (long)data->tolerance[nr]);
}
static ssize_t
store_tolerance(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/hid/hid-roccat-kone.c
6 issues
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
USB_TYPE_CLASS | USB_RECIP_INTERFACE | USB_DIR_IN,
usb_command, 0, buf, size, USB_CTRL_SET_TIMEOUT);
memcpy(data, buf, size);
kfree(buf);
return ((len < 0) ? len : ((len != size) ? -EIO : 0));
}
static int kone_send(struct usb_device *usb_dev, uint usb_command,
Reported by FlawFinder.
Line: 279
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count = sizeof(struct kone_settings) - off;
mutex_lock(&kone->kone_lock);
memcpy(buf, ((char const *)&kone->settings) + off, count);
mutex_unlock(&kone->kone_lock);
return count;
}
Reported by FlawFinder.
Line: 318
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto unlock;
old_profile = kone->settings.startup_profile;
memcpy(&kone->settings, settings, sizeof(struct kone_settings));
kone_profile_activated(kone, kone->settings.startup_profile);
if (kone->settings.startup_profile != old_profile)
kone_profile_report(kone, kone->settings.startup_profile);
Reported by FlawFinder.
Line: 349
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count = sizeof(struct kone_profile) - off;
mutex_lock(&kone->kone_lock);
memcpy(buf, ((char const *)&kone->profiles[*(uint *)(attr->private)]) + off, count);
mutex_unlock(&kone->kone_lock);
return count;
}
Reported by FlawFinder.
Line: 378
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(struct kone_profile const *)buf,
*(uint *)(attr->private) + 1);
if (!retval)
memcpy(profile, buf, sizeof(struct kone_profile));
}
mutex_unlock(&kone->kone_lock);
if (retval)
return retval;
Reported by FlawFinder.
Line: 857
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Workaround sends only one event per press.
*/
if (memcmp(&kone->last_mouse_event.tilt, &event->tilt, 5))
memcpy(&kone->last_mouse_event, event,
sizeof(struct kone_mouse_event));
else
memset(&event->tilt, 0, 5);
kone_keep_values_up_to_date(kone, event);
Reported by FlawFinder.
drivers/hwmon/ultra45_env.c
6 issues
Line: 112
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
rpm = 0;
return sprintf(buf, "%d\n", rpm);
}
static ssize_t set_fan_speed(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 145
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int fan_nr = to_sensor_dev_attr(attr)->index;
struct env *p = dev_get_drvdata(dev);
u8 val = env_read(p, IREG_FAN_STAT);
return sprintf(buf, "%d\n", (val & (1 << fan_nr)) ? 1 : 0);
}
#define fan(index) \
static SENSOR_DEVICE_ATTR(fan##index##_speed, S_IRUGO | S_IWUSR, \
show_fan_speed, set_fan_speed, index); \
Reported by FlawFinder.
Line: 170
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
s8 val;
val = env_read(p, IREG_LCL_TEMP + temp_nr);
return sprintf(buf, "%d\n", ((int) val) - 64);
}
static SENSOR_DEVICE_ATTR(adt7462_local_temp, S_IRUGO, show_temp, NULL, 0);
static SENSOR_DEVICE_ATTR(cpu0_temp, S_IRUGO, show_temp, NULL, 1);
static SENSOR_DEVICE_ATTR(cpu1_temp, S_IRUGO, show_temp, NULL, 2);
Reported by FlawFinder.
Line: 191
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u8 val;
val = readb(p->regs + REG_STAT);
return sprintf(buf, "%d\n", (val & (1 << index)) ? 1 : 0);
}
static SENSOR_DEVICE_ATTR(fan_failure, S_IRUGO, show_stat_bit, NULL, 0);
static SENSOR_DEVICE_ATTR(env_bus_busy, S_IRUGO, show_stat_bit, NULL, 1);
static SENSOR_DEVICE_ATTR(env_data_stale, S_IRUGO, show_stat_bit, NULL, 2);
Reported by FlawFinder.
Line: 207
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u8 val;
val = readb(p->regs + REG_STAT);
return sprintf(buf, "%d\n", val >> 4);
}
static SENSOR_DEVICE_ATTR(firmware_version, S_IRUGO, show_fwver, NULL, 0);
static ssize_t show_name(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 215
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_name(struct device *dev, struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "ultra45\n");
}
static SENSOR_DEVICE_ATTR(name, S_IRUGO, show_name, NULL, 0);
static struct attribute *env_attributes[] = {
Reported by FlawFinder.
drivers/input/touchscreen/exc3000.c
6 issues
Line: 284
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%s\n", &response[1]);
}
static DEVICE_ATTR_RO(fw_version);
static ssize_t model_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 300
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%s\n", &response[1]);
}
static DEVICE_ATTR_RO(model);
static ssize_t type_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 316
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%s\n", &response[1]);
}
static DEVICE_ATTR_RO(type);
static struct attribute *sysfs_attrs[] = {
&dev_attr_fw_version.attr,
Reported by FlawFinder.
Line: 229
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reinit_completion(&data->wait_event);
buf[5] = request_len;
memcpy(&buf[6], request, request_len);
ret = i2c_master_send(data->client, buf, EXC3000_LEN_VENDOR_REQUEST);
if (ret < 0)
goto out_unlock;
Reported by FlawFinder.
Line: 248
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_unlock;
}
memcpy(response, &data->buf[4], data->buf[3]);
ret = data->buf[3];
}
out_unlock:
mutex_unlock(&data->query_lock);
Reported by FlawFinder.
Line: 278
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* version, so we just use the bootloader version info.
*/
if (response[2] || response[3])
return sprintf(buf, "%d.%d\n", response[2], response[3]);
ret = exc3000_vendor_data_request(data, (u8[]){'D'}, 1, response, 1);
if (ret < 0)
return ret;
Reported by FlawFinder.
drivers/input/touchscreen/elo.c
6 issues
Line: 60
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int idx;
unsigned char expected_packet;
unsigned char csum;
unsigned char data[ELO_MAX_LENGTH];
unsigned char response[ELO10_PACKET_LEN];
char phys[32];
};
static void elo_process_data_10(struct elo *elo, unsigned char data)
Reported by FlawFinder.
Line: 61
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char expected_packet;
unsigned char csum;
unsigned char data[ELO_MAX_LENGTH];
unsigned char response[ELO10_PACKET_LEN];
char phys[32];
};
static void elo_process_data_10(struct elo *elo, unsigned char data)
{
Reported by FlawFinder.
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char csum;
unsigned char data[ELO_MAX_LENGTH];
unsigned char response[ELO10_PACKET_LEN];
char phys[32];
};
static void elo_process_data_10(struct elo *elo, unsigned char data)
{
struct input_dev *dev = elo->dev;
Reported by FlawFinder.
Line: 109
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
elo->expected_packet = ELO10_TOUCH_PACKET;
complete(&elo->cmd_done);
} else {
memcpy(elo->response, &elo->data[1], ELO10_PACKET_LEN);
elo->expected_packet = ELO10_ACK_PACKET;
}
break;
}
elo->csum += data;
Reported by FlawFinder.
Line: 249
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (elo->expected_packet == ELO10_TOUCH_PACKET) {
/* We are back in reporting mode, the command was ACKed */
memcpy(packet, elo->response, ELO10_PACKET_LEN);
rc = 0;
}
out:
mutex_unlock(&elo->cmd_mutex);
Reported by FlawFinder.
Line: 262
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static const char *elo_types[] = { "Accu", "Dura", "Intelli", "Carroll" };
struct input_dev *dev = elo->dev;
unsigned char packet[ELO10_PACKET_LEN] = { ELO10_ID_CMD };
if (elo_command_10(elo, packet))
return -1;
dev->id.version = (packet[5] << 8) | packet[4];
Reported by FlawFinder.
drivers/input/touchscreen/edt-ft5x06.c
6 issues
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int report_rate;
int max_support_points;
char name[EDT_NAME_LEN];
struct edt_reg_addr reg_addr;
enum edt_ver version;
};
Reported by FlawFinder.
Line: 710
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int val, i, error;
size_t read = 0;
int colbytes;
char wrbuf[3];
u8 *rdbuf;
if (*off < 0 || *off >= tsdata->raw_bufsize)
return 0;
Reported by FlawFinder.
Line: 1083
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct input_dev *input;
unsigned long irq_flags;
int error;
char fw_version[EDT_NAME_LEN];
dev_dbg(&client->dev, "probing for EDT FT5x06 I2C\n");
tsdata = devm_kzalloc(&client->dev, sizeof(*tsdata), GFP_KERNEL);
if (!tsdata) {
Reported by FlawFinder.
Line: 768
Column: 51
CWE codes:
120
20
}
read = min_t(size_t, count, tsdata->raw_bufsize - *off);
if (copy_to_user(buf, tsdata->raw_buffer + *off, read)) {
error = -EFAULT;
goto out;
}
*off += read;
Reported by FlawFinder.
Line: 776
Column: 18
CWE codes:
120
20
*off += read;
out:
mutex_unlock(&tsdata->mutex);
return error ?: read;
};
static const struct file_operations debugfs_raw_data_fops = {
.open = simple_open,
.read = edt_ft5x06_debugfs_raw_data_read,
Reported by FlawFinder.
drivers/hid/hid-ft260.c
6 issues
Line: 447
CWE codes:
476
rep->report = FT260_I2C_DATA_REPORT_ID(len);
if (data_len > 0)
memcpy(&rep->data[1], data, data_len);
ft260_dbg("rep %#02x addr %#02x cmd %#02x datlen %d replen %d\n",
rep->report, addr, cmd, rep->length, len);
ret = ft260_hid_output_report_check_status(dev, (u8 *)rep, len);
Reported by Cppcheck.
Line: 253
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = hid_hw_raw_request(hdev, report_id, buf, len, HID_FEATURE_REPORT,
HID_REQ_GET_REPORT);
if (likely(ret == len))
memcpy(data, buf, len);
else if (ret >= 0)
ret = -EIO;
kfree(buf);
return ret;
}
Reported by FlawFinder.
Line: 405
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rep->length = len;
rep->flag = flag;
memcpy(rep->data, &data[idx], len);
ft260_dbg("rep %#02x addr %#02x off %d len %d d[0] %#02x\n",
rep->report, addr, idx, len, data[0]);
ret = ft260_hid_output_report_check_status(dev, (u8 *)rep,
Reported by FlawFinder.
Line: 447
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rep->report = FT260_I2C_DATA_REPORT_ID(len);
if (data_len > 0)
memcpy(&rep->data[1], data, data_len);
ft260_dbg("rep %#02x addr %#02x cmd %#02x datlen %d replen %d\n",
rep->report, addr, cmd, rep->length, len);
ret = ft260_hid_output_report_check_status(dev, (u8 *)rep, len);
Reported by FlawFinder.
Line: 526
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EOPNOTSUPP;
}
memcpy(&read_off, msgs[0].buf, msgs[0].len);
do {
if (left_len <= FT260_RD_DATA_MAX)
len = left_len;
else
Reported by FlawFinder.
Line: 1023
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ft260_dbg("i2c resp: rep %#02x len %d\n", xfer->report,
xfer->length);
memcpy(&dev->read_buf[dev->read_idx], &xfer->data,
xfer->length);
dev->read_idx += xfer->length;
if (dev->read_idx == dev->read_len)
complete(&dev->wait);
Reported by FlawFinder.
drivers/hwmon/mc13783-adc.c
6 issues
Line: 37
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct mc13783_adc_priv *priv = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", priv->name);
}
static int mc13783_adc_read(struct device *dev,
struct device_attribute *devattr, unsigned int *val)
{
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mc13783_adc_priv {
struct mc13xxx *mc13xxx;
struct device *hwmon_dev;
char name[PLATFORM_NAME_SIZE];
};
static ssize_t name_show(struct device *dev, struct device_attribute *devattr,
char *buf)
{
Reported by FlawFinder.
Line: 87
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
val = DIV_ROUND_CLOSEST(val * 9, 4) + 2400;
return sprintf(buf, "%u\n", val);
}
static ssize_t mc13783_adc_gp_show(struct device *dev,
struct device_attribute *devattr,
char *buf)
Reported by FlawFinder.
Line: 106
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
val = DIV_ROUND_CLOSEST(val * 9, 4);
return sprintf(buf, "%u\n", val);
}
static ssize_t mc13783_adc_uid_show(struct device *dev,
struct device_attribute *devattr,
char *buf)
Reported by FlawFinder.
Line: 128
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* MC13783 have 0.9 divider, input range is [0, 2.555V] */
val = DIV_ROUND_CLOSEST(val * 2555, 1024);
return sprintf(buf, "%u\n", val);
}
static ssize_t mc13783_adc_temp_show(struct device *dev,
struct device_attribute *devattr,
char *buf)
Reported by FlawFinder.
Line: 159
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = 346480 - 1140 * val;
}
return sprintf(buf, "%d\n", ret);
}
static DEVICE_ATTR_RO(name);
static SENSOR_DEVICE_ATTR_RO(in2_input, mc13783_adc_bp, 2);
static SENSOR_DEVICE_ATTR_RO(in5_input, mc13783_adc_gp, 5);
Reported by FlawFinder.
drivers/input/touchscreen/atmel_mxt_ts.c
6 issues
Line: 286
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mxt_data {
struct i2c_client *client;
struct input_dev *input_dev;
char phys[64]; /* device physical location */
struct mxt_object *object_table;
struct mxt_info *info;
void *raw_info_block;
unsigned int irq;
unsigned int max_x;
Reported by FlawFinder.
Line: 715
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0] = reg & 0xff;
buf[1] = (reg >> 8) & 0xff;
memcpy(&buf[2], val, len);
retry:
ret = i2c_master_send(client, buf, count);
if (ret == count) {
ret = 0;
Reported by FlawFinder.
Line: 1122
Column: 13
CWE codes:
120
20
static int mxt_process_messages_until_invalid(struct mxt_data *data)
{
struct device *dev = &data->client->dev;
int count, read;
u8 tries = 2;
count = data->max_reportid;
/* Read messages until we force an invalid */
Reported by FlawFinder.
Line: 1130
Column: 7
CWE codes:
120
20
/* Read messages until we force an invalid */
do {
read = mxt_read_and_process_messages(data, count);
if (read < count)
return 0;
} while (--tries);
if (data->update_input) {
mxt_input_sync(data);
Reported by FlawFinder.
Line: 1531
Column: 38
CWE codes:
126
mxt_update_crc(data, MXT_COMMAND_REPORTALL, 1);
if (strncmp(cfg.raw, MXT_CFG_MAGIC, strlen(MXT_CFG_MAGIC))) {
dev_err(dev, "Unrecognised config file\n");
ret = -EINVAL;
goto release_raw;
}
Reported by FlawFinder.
Line: 1537
Column: 16
CWE codes:
126
goto release_raw;
}
cfg.raw_pos = strlen(MXT_CFG_MAGIC);
/* Load information block and check */
for (i = 0; i < sizeof(struct mxt_info); i++) {
ret = sscanf(cfg.raw + cfg.raw_pos, "%hhx%n",
(unsigned char *)&cfg.info + i,
Reported by FlawFinder.
drivers/iio/chemical/sps30_serial.c
6 issues
Line: 45
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sps30_serial_priv {
struct completion new_frame;
unsigned char buf[SPS30_SERIAL_MAX_BUF_SIZE];
size_t num;
bool escaped;
bool done;
};
Reported by FlawFinder.
Line: 194
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const void *arg, size_t arg_size, void *rsp, size_t rsp_size)
{
struct sps30_serial_priv *priv = state->priv;
unsigned char buf[SPS30_SERIAL_MAX_BUF_SIZE];
int ret, size;
size = sps30_serial_prep_frame(buf, cmd, arg, arg_size);
ret = sps30_serial_xfer(state, buf, size);
if (ret)
Reported by FlawFinder.
Line: 207
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rsp) {
rsp_size = min_t(size_t, priv->buf[SPS30_SERIAL_FRAME_MISO_LEN_OFFSET], rsp_size);
memcpy(rsp, &priv->buf[SPS30_SERIAL_FRAME_MISO_DATA_OFFSET], rsp_size);
}
return rsp_size;
}
Reported by FlawFinder.
Line: 340
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sps30_serial_write_cleaning_period(struct sps30_state *state, __be32 period)
{
unsigned char buf[5] = { 0x00 };
memcpy(buf + 1, &period, sizeof(period));
return sps30_serial_command(state, SPS30_SERIAL_PERIOD, buf, sizeof(buf), NULL, 0);
}
Reported by FlawFinder.
Line: 342
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
unsigned char buf[5] = { 0x00 };
memcpy(buf + 1, &period, sizeof(period));
return sps30_serial_command(state, SPS30_SERIAL_PERIOD, buf, sizeof(buf), NULL, 0);
}
static int sps30_serial_show_info(struct sps30_state *state)
Reported by FlawFinder.
Line: 353
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* tell device do return serial number and add extra nul byte just in case
* serial number isn't a valid string
*/
unsigned char buf[32 + 1] = { 0x03 };
struct device *dev = state->dev;
int ret;
ret = sps30_serial_command(state, SPS30_SERIAL_DEV_INFO, buf, 1, buf, sizeof(buf) - 1);
if (ret < 0)
Reported by FlawFinder.