The following issues were found
drivers/gpu/drm/i915/gt/intel_workarounds.c
6 issues
Line: 104
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (wal->list) {
memcpy(list, wal->list, sizeof(*wa) * wal->count);
kfree(wal->list);
}
wal->list = list;
}
Reported by FlawFinder.
Line: 1238
Column: 28
CWE codes:
120
20
static bool
wa_verify(const struct i915_wa *wa, u32 cur, const char *name, const char *from)
{
if ((cur ^ wa->set) & wa->read) {
DRM_ERROR("%s workaround lost on %s! (reg[%x]=0x%x, relevant bits were 0x%x vs expected 0x%x)\n",
name, from, i915_mmio_reg_offset(wa->reg),
cur, cur & wa->read, wa->set & wa->read);
return false;
Reported by FlawFinder.
Line: 1241
Column: 41
CWE codes:
120
20
if ((cur ^ wa->set) & wa->read) {
DRM_ERROR("%s workaround lost on %s! (reg[%x]=0x%x, relevant bits were 0x%x vs expected 0x%x)\n",
name, from, i915_mmio_reg_offset(wa->reg),
cur, cur & wa->read, wa->set & wa->read);
return false;
}
return true;
Reported by FlawFinder.
Line: 1241
Column: 21
CWE codes:
120
20
if ((cur ^ wa->set) & wa->read) {
DRM_ERROR("%s workaround lost on %s! (reg[%x]=0x%x, relevant bits were 0x%x vs expected 0x%x)\n",
name, from, i915_mmio_reg_offset(wa->reg),
cur, cur & wa->read, wa->set & wa->read);
return false;
}
return true;
Reported by FlawFinder.
drivers/infiniband/sw/rxe/rxe_net.c
6 issues
Line: 26
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rxe_mcast_add(struct rxe_dev *rxe, union ib_gid *mgid)
{
int err;
unsigned char ll_addr[ETH_ALEN];
ipv6_eth_mc_map((struct in6_addr *)mgid->raw, ll_addr);
err = dev_mc_add(rxe->ndev, ll_addr);
return err;
Reported by FlawFinder.
Line: 37
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rxe_mcast_delete(struct rxe_dev *rxe, union ib_gid *mgid)
{
int err;
unsigned char ll_addr[ETH_ALEN];
ipv6_eth_mc_map((struct in6_addr *)mgid->raw, ll_addr);
err = dev_mc_del(rxe->ndev, ll_addr);
return err;
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&fl, 0, sizeof(fl));
fl.flowi4_oif = ndev->ifindex;
memcpy(&fl.saddr, saddr, sizeof(*saddr));
memcpy(&fl.daddr, daddr, sizeof(*daddr));
fl.flowi4_proto = IPPROTO_UDP;
rt = ip_route_output_key(&init_net, &fl);
if (IS_ERR(rt)) {
Reported by FlawFinder.
Line: 55
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&fl, 0, sizeof(fl));
fl.flowi4_oif = ndev->ifindex;
memcpy(&fl.saddr, saddr, sizeof(*saddr));
memcpy(&fl.daddr, daddr, sizeof(*daddr));
fl.flowi4_proto = IPPROTO_UDP;
rt = ip_route_output_key(&init_net, &fl);
if (IS_ERR(rt)) {
pr_err_ratelimited("no route to %pI4\n", &daddr->s_addr);
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&fl6, 0, sizeof(fl6));
fl6.flowi6_oif = ndev->ifindex;
memcpy(&fl6.saddr, saddr, sizeof(*saddr));
memcpy(&fl6.daddr, daddr, sizeof(*daddr));
fl6.flowi6_proto = IPPROTO_UDP;
ndst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(recv_sockets.sk6->sk),
recv_sockets.sk6->sk, &fl6,
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&fl6, 0, sizeof(fl6));
fl6.flowi6_oif = ndev->ifindex;
memcpy(&fl6.saddr, saddr, sizeof(*saddr));
memcpy(&fl6.daddr, daddr, sizeof(*daddr));
fl6.flowi6_proto = IPPROTO_UDP;
ndst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(recv_sockets.sk6->sk),
recv_sockets.sk6->sk, &fl6,
NULL);
Reported by FlawFinder.
drivers/hwmon/occ/p8_i2c.c
6 issues
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* address is bus-endian; data passed through from user as-is */
buf[0] = address;
memcpy(&buf[1], &data[4], sizeof(u32));
memcpy(&buf[2], data, sizeof(u32));
rc = i2c_master_send(client, (const char *)buf, sizeof(buf));
if (rc < 0)
return rc;
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* address is bus-endian; data passed through from user as-is */
buf[0] = address;
memcpy(&buf[1], &data[4], sizeof(u32));
memcpy(&buf[2], data, sizeof(u32));
rc = i2c_master_send(client, (const char *)buf, sizeof(buf));
if (rc < 0)
return rc;
else if (rc != sizeof(buf))
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u8 buf[8];
memcpy(buf, &data0, 4);
memcpy(buf + 4, &data1, 4);
return p8_i2c_occ_putscom(client, address, buf);
}
Reported by FlawFinder.
Line: 94
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 buf[8];
memcpy(buf, &data0, 4);
memcpy(buf + 4, &data1, 4);
return p8_i2c_occ_putscom(client, address, buf);
}
static int p8_i2c_occ_putscom_be(struct i2c_client *client, u32 address,
Reported by FlawFinder.
Line: 104
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
__be32 data0, data1;
memcpy(&data0, data, 4);
memcpy(&data1, data + 4, 4);
return p8_i2c_occ_putscom_u32(client, address, be32_to_cpu(data0),
be32_to_cpu(data1));
}
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__be32 data0, data1;
memcpy(&data0, data, 4);
memcpy(&data1, data + 4, 4);
return p8_i2c_occ_putscom_u32(client, address, be32_to_cpu(data0),
be32_to_cpu(data1));
}
Reported by FlawFinder.
drivers/infiniband/sw/rxe/rxe_loc.h
6 issues
Line: 75
Column: 45
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* rxe_mr.c */
u8 rxe_get_next_key(u32 last_key);
void rxe_mr_init_dma(struct rxe_pd *pd, int access, struct rxe_mr *mr);
int rxe_mr_init_user(struct rxe_pd *pd, u64 start, u64 length, u64 iova,
int access, struct rxe_mr *mr);
int rxe_mr_init_fast(struct rxe_pd *pd, int max_pages, struct rxe_mr *mr);
int rxe_mr_copy(struct rxe_mr *mr, u64 iova, void *addr, int length,
enum rxe_mr_copy_dir dir, u32 *crcp);
Reported by FlawFinder.
Line: 77
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u8 rxe_get_next_key(u32 last_key);
void rxe_mr_init_dma(struct rxe_pd *pd, int access, struct rxe_mr *mr);
int rxe_mr_init_user(struct rxe_pd *pd, u64 start, u64 length, u64 iova,
int access, struct rxe_mr *mr);
int rxe_mr_init_fast(struct rxe_pd *pd, int max_pages, struct rxe_mr *mr);
int rxe_mr_copy(struct rxe_mr *mr, u64 iova, void *addr, int length,
enum rxe_mr_copy_dir dir, u32 *crcp);
int copy_data(struct rxe_pd *pd, int access,
struct rxe_dma_info *dma, void *addr, int length,
Reported by FlawFinder.
Line: 81
Column: 38
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int rxe_mr_init_fast(struct rxe_pd *pd, int max_pages, struct rxe_mr *mr);
int rxe_mr_copy(struct rxe_mr *mr, u64 iova, void *addr, int length,
enum rxe_mr_copy_dir dir, u32 *crcp);
int copy_data(struct rxe_pd *pd, int access,
struct rxe_dma_info *dma, void *addr, int length,
enum rxe_mr_copy_dir dir, u32 *crcp);
void *iova_to_vaddr(struct rxe_mr *mr, u64 iova, int length);
struct rxe_mr *lookup_mr(struct rxe_pd *pd, int access, u32 key,
enum rxe_mr_lookup_type type);
Reported by FlawFinder.
Line: 85
Column: 49
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct rxe_dma_info *dma, void *addr, int length,
enum rxe_mr_copy_dir dir, u32 *crcp);
void *iova_to_vaddr(struct rxe_mr *mr, u64 iova, int length);
struct rxe_mr *lookup_mr(struct rxe_pd *pd, int access, u32 key,
enum rxe_mr_lookup_type type);
int mr_check_range(struct rxe_mr *mr, u64 iova, size_t length);
int advance_dma_data(struct rxe_dma_info *dma, unsigned int length);
int rxe_invalidate_mr(struct rxe_qp *qp, u32 rkey);
int rxe_dereg_mr(struct ib_mr *ibmr, struct ib_udata *udata);
Reported by FlawFinder.
Line: 98
Column: 53
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int rxe_dealloc_mw(struct ib_mw *ibmw);
int rxe_bind_mw(struct rxe_qp *qp, struct rxe_send_wqe *wqe);
int rxe_invalidate_mw(struct rxe_qp *qp, u32 rkey);
struct rxe_mw *rxe_lookup_mw(struct rxe_qp *qp, int access, u32 rkey);
void rxe_mw_cleanup(struct rxe_pool_entry *arg);
/* rxe_net.c */
void rxe_loopback(struct sk_buff *skb);
int rxe_send(struct rxe_pkt_info *pkt, struct sk_buff *skb);
Reported by FlawFinder.
Line: 221
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (pkt->mask & RXE_LOOPBACK_MASK) {
memcpy(SKB_TO_PKT(skb), pkt, sizeof(*pkt));
rxe_loopback(skb);
err = 0;
} else {
err = rxe_send(pkt, skb);
}
Reported by FlawFinder.
drivers/infiniband/hw/hfi1/qsfp.c
6 issues
Line: 650
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
const char * const hfi1_qsfp_devtech[16] = {
"850nm VCSEL", "1310nm VCSEL", "1550nm VCSEL", "1310nm FP",
"1310nm DFB", "1550nm DFB", "1310nm EML", "1550nm EML",
"Cu Misc", "1490nm DFB", "Cu NoEq", "Cu Eq",
"Undef", "Cu Active BothEq", "Cu FarEq", "Cu NearEq"
};
Reported by FlawFinder.
Line: 739
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((addr + len) > (QSFP_MAX_NUM_PAGES * 128)) {
excess_len = (addr + len) - (QSFP_MAX_NUM_PAGES * 128);
memcpy(data, &ppd->qsfp_info.cache[addr], (len - excess_len));
data += (len - excess_len);
goto set_zeroes;
}
memcpy(data, &ppd->qsfp_info.cache[addr], len);
Reported by FlawFinder.
Line: 744
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto set_zeroes;
}
memcpy(data, &ppd->qsfp_info.cache[addr], len);
if (addr <= QSFP_MONITOR_VAL_END &&
(addr + len) >= QSFP_MONITOR_VAL_START) {
/* Overlap with the dynamic channel monitor range */
if (addr < QSFP_MONITOR_VAL_START) {
Reported by FlawFinder.
Line: 780
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
static const char *pwr_codes[8] = {"N/AW",
"1.5W",
"2.0W",
"2.5W",
"3.5W",
"4.0W",
Reported by FlawFinder.
Line: 794
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
u8 *cache = &ppd->qsfp_info.cache[0];
u8 bin_buff[QSFP_DUMP_CHUNK];
char lenstr[6];
int sofar;
int bidx = 0;
u8 *atten = &cache[QSFP_ATTEN_OFFS];
u8 *vendor_oui = &cache[QSFP_VOUI_OFFS];
u8 power_byte = 0;
Reported by FlawFinder.
Line: 848
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (bidx < QSFP_DEFAULT_HDR_CNT) {
int iidx;
memcpy(bin_buff, &cache[bidx], QSFP_DUMP_CHUNK);
for (iidx = 0; iidx < QSFP_DUMP_CHUNK; ++iidx) {
sofar += scnprintf(buf + sofar, len - sofar,
" %02X", bin_buff[iidx]);
}
sofar += scnprintf(buf + sofar, len - sofar, "\n");
Reported by FlawFinder.
drivers/macintosh/therm_adt746x.c
6 issues
Line: 336
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#define BUILD_SHOW_FUNC_STR(name, data) \
static ssize_t show_##name(struct device *dev, struct device_attribute *attr, char *buf) \
{ \
return sprintf(buf, "%s\n", data); \
}
#define BUILD_SHOW_FUNC_FAN(name, data) \
static ssize_t show_##name(struct device *dev, struct device_attribute *attr, char *buf) \
{ \
Reported by FlawFinder.
Line: 51
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static u8 default_limits_local[3] = {70, 50, 70}; /* local, sensor1, sensor2 */
static u8 default_limits_chip[3] = {80, 65, 80}; /* local, sensor1, sensor2 */
static const char *sensor_location[3] = { "?", "?", "?" };
static int limit_adjust;
static int fan_speed = -1;
static bool verbose;
Reported by FlawFinder.
Line: 324
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_##name(struct device *dev, struct device_attribute *attr, char *buf) \
{ \
struct thermostat *th = dev_get_drvdata(dev); \
return sprintf(buf, "%d\n", data); \
}
#define BUILD_SHOW_FUNC_INT_LITE(name, data) \
static ssize_t show_##name(struct device *dev, struct device_attribute *attr, char *buf) \
{ \
Reported by FlawFinder.
Line: 330
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#define BUILD_SHOW_FUNC_INT_LITE(name, data) \
static ssize_t show_##name(struct device *dev, struct device_attribute *attr, char *buf) \
{ \
return sprintf(buf, "%d\n", data); \
}
#define BUILD_SHOW_FUNC_STR(name, data) \
static ssize_t show_##name(struct device *dev, struct device_attribute *attr, char *buf) \
{ \
Reported by FlawFinder.
Line: 343
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_##name(struct device *dev, struct device_attribute *attr, char *buf) \
{ \
struct thermostat *th = dev_get_drvdata(dev); \
return sprintf(buf, "%d (%d rpm)\n", \
th->last_speed[data], \
read_fan_speed(th, FAN_SPEED[data]) \
); \
}
Reported by FlawFinder.
Line: 496
Column: 14
CWE codes:
126
sensor_location[i] = "";
printk(KERN_INFO "sensor %d: %s\n", i, sensor_location[i]);
offset += strlen(sensor_location[i]) + 1;
}
}
th = kzalloc(sizeof(struct thermostat), GFP_KERNEL);
if (!th)
Reported by FlawFinder.
drivers/leds/leds-max8997.c
6 issues
Line: 175
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (led->led_mode) {
case MAX8997_FLASH_MODE:
ret += sprintf(buf, "FLASH\n");
break;
case MAX8997_MOVIE_MODE:
ret += sprintf(buf, "MOVIE\n");
break;
case MAX8997_FLASH_PIN_CONTROL_MODE:
Reported by FlawFinder.
Line: 178
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret += sprintf(buf, "FLASH\n");
break;
case MAX8997_MOVIE_MODE:
ret += sprintf(buf, "MOVIE\n");
break;
case MAX8997_FLASH_PIN_CONTROL_MODE:
ret += sprintf(buf, "FLASH_PIN_CONTROL\n");
break;
case MAX8997_MOVIE_PIN_CONTROL_MODE:
Reported by FlawFinder.
Line: 181
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret += sprintf(buf, "MOVIE\n");
break;
case MAX8997_FLASH_PIN_CONTROL_MODE:
ret += sprintf(buf, "FLASH_PIN_CONTROL\n");
break;
case MAX8997_MOVIE_PIN_CONTROL_MODE:
ret += sprintf(buf, "MOVIE_PIN_CONTROL\n");
break;
default:
Reported by FlawFinder.
Line: 184
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret += sprintf(buf, "FLASH_PIN_CONTROL\n");
break;
case MAX8997_MOVIE_PIN_CONTROL_MODE:
ret += sprintf(buf, "MOVIE_PIN_CONTROL\n");
break;
default:
ret += sprintf(buf, "NONE\n");
break;
}
Reported by FlawFinder.
Line: 187
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret += sprintf(buf, "MOVIE_PIN_CONTROL\n");
break;
default:
ret += sprintf(buf, "NONE\n");
break;
}
mutex_unlock(&led->mutex);
Reported by FlawFinder.
Line: 238
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct max8997_dev *iodev = dev_get_drvdata(pdev->dev.parent);
struct max8997_platform_data *pdata = dev_get_platdata(iodev->dev);
struct max8997_led *led;
char name[20];
int ret = 0;
if (pdata == NULL) {
dev_err(&pdev->dev, "no platform data\n");
return -ENODEV;
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nouveau_fence.c
6 issues
Line: 146
CWE codes:
908
if ((int)(seq - fence->base.seqno) < 0)
break;
drop |= nouveau_fence_signal(fence);
}
return drop;
}
Reported by Cppcheck.
Line: 192
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else if (chan == chan->drm->channel)
strcpy(fctx->name, "generic kernel channel");
else
strcpy(fctx->name, nvxx_client(&cli->base)->name);
kref_init(&fctx->fence_ref);
if (!priv->uevent)
return;
Reported by FlawFinder.
Line: 188
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
fctx->context = chan->drm->chan.context_base + chan->chid;
if (chan == chan->drm->cechan)
strcpy(fctx->name, "copy engine channel");
else if (chan == chan->drm->channel)
strcpy(fctx->name, "generic kernel channel");
else
strcpy(fctx->name, nvxx_client(&cli->base)->name);
Reported by FlawFinder.
Line: 190
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (chan == chan->drm->cechan)
strcpy(fctx->name, "copy engine channel");
else if (chan == chan->drm->channel)
strcpy(fctx->name, "generic kernel channel");
else
strcpy(fctx->name, nvxx_client(&cli->base)->name);
kref_init(&fctx->fence_ref);
if (!priv->uevent)
Reported by FlawFinder.
Line: 138
Column: 18
CWE codes:
120
20
{
struct nouveau_fence *fence;
int drop = 0;
u32 seq = fctx->read(chan);
while (!list_empty(&fctx->pending)) {
fence = list_entry(fctx->pending.next, typeof(*fence), head);
if ((int)(seq - fence->base.seqno) < 0)
Reported by FlawFinder.
Line: 465
Column: 21
CWE codes:
120
20
rcu_read_lock();
chan = rcu_dereference(fence->channel);
if (chan)
ret = (int)(fctx->read(chan) - fence->base.seqno) >= 0;
rcu_read_unlock();
return ret;
}
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/engine/pm/base.c
6 issues
Line: 465
Column: 3
CWE codes:
120
args->v0.id = di;
args->v0.signal_nr = nvkm_perfdom_count_perfsig(dom);
strncpy(args->v0.name, dom->name, sizeof(args->v0.name) - 1);
/* Currently only global counters (PCOUNTER) are implemented
* but this will be different for local counters (MP). */
args->v0.counter_nr = 4;
}
Reported by FlawFinder.
Line: 516
Column: 4
CWE codes:
120
snprintf(args->v0.name, sizeof(args->v0.name),
"/%s/%02x", dom->name, si);
} else {
strncpy(args->v0.name, sig->name,
sizeof(args->v0.name) - 1);
}
args->v0.signal = si;
args->v0.source_nr = nvkm_perfsig_count_perfsrc(sig);
Reported by FlawFinder.
Line: 575
Column: 3
CWE codes:
120
args->v0.source = sig->source[si];
args->v0.mask = src->mask;
strncpy(args->v0.name, src->name, sizeof(args->v0.name) - 1);
}
if (++si < source_nr) {
args->v0.iter = ++si;
return 0;
Reported by FlawFinder.
Line: 743
Column: 11
CWE codes:
126
src->shift = smux->shift;
src->enable = smux->enable;
len = strlen(ssrc->name) +
strlen(smux->name) + 2;
src->name = kzalloc(len, GFP_KERNEL);
if (!src->name) {
kfree(src);
return -ENOMEM;
Reported by FlawFinder.
Line: 744
Column: 11
CWE codes:
126
src->enable = smux->enable;
len = strlen(ssrc->name) +
strlen(smux->name) + 2;
src->name = kzalloc(len, GFP_KERNEL);
if (!src->name) {
kfree(src);
return -ENOMEM;
}
Reported by FlawFinder.
drivers/hwmon/gl518sm.c
6 issues
Line: 231
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf) \
{ \
struct gl518_data *data = gl518_update_device(dev); \
return sprintf(buf, "%d\n", type##_FROM_REG(data->value)); \
}
show(TEMP, temp_input1, temp_in);
show(TEMP, temp_max1, temp_max);
show(TEMP, temp_hyst1, temp_hyst);
Reported by FlawFinder.
Line: 259
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct gl518_data *data = gl518_update_device(dev);
return sprintf(buf, "%d\n", FAN_FROM_REG(data->fan_in[nr],
DIV_FROM_REG(data->fan_div[nr])));
}
static ssize_t fan_min_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 268
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct gl518_data *data = gl518_update_device(dev);
return sprintf(buf, "%d\n", FAN_FROM_REG(data->fan_min[nr],
DIV_FROM_REG(data->fan_div[nr])));
}
static ssize_t fan_div_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 277
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct gl518_data *data = gl518_update_device(dev);
return sprintf(buf, "%d\n", DIV_FROM_REG(data->fan_div[nr]));
}
#define set(type, suffix, value, reg) \
static ssize_t set_##suffix(struct device *dev, \
struct device_attribute *attr, \
Reported by FlawFinder.
Line: 453
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int bitnr = to_sensor_dev_attr(attr)->index;
struct gl518_data *data = gl518_update_device(dev);
return sprintf(buf, "%u\n", (data->alarms >> bitnr) & 1);
}
static SENSOR_DEVICE_ATTR_RO(in0_alarm, alarm, 0);
static SENSOR_DEVICE_ATTR_RO(in1_alarm, alarm, 1);
static SENSOR_DEVICE_ATTR_RO(in2_alarm, alarm, 2);
Reported by FlawFinder.
Line: 469
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int bitnr = to_sensor_dev_attr(attr)->index;
struct gl518_data *data = gl518_update_device(dev);
return sprintf(buf, "%u\n", (data->beep_mask >> bitnr) & 1);
}
static ssize_t beep_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.