The following issues were found
drivers/md/bcache/btree.c
6 issues
Line: 2704
CWE codes:
587
return false;
spin_lock(&buf->lock);
w = RB_GREATER(&buf->keys, s, node, keybuf_nonoverlapping_cmp);
while (w && bkey_cmp(&START_KEY(&w->key), end) < 0) {
p = w;
w = RB_NEXT(w, node);
Reported by Cppcheck.
Line: 381
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct bvec_iter_all iter_all;
bio_for_each_segment_all(bv, b->bio, iter_all) {
memcpy(page_address(bv->bv_page), addr, PAGE_SIZE);
addr += PAGE_SIZE;
}
bch_submit_bbio(b->bio, b->c, &k.key, 0);
Reported by FlawFinder.
Line: 1415
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (last)
bkey_copy_key(&new_nodes[i]->key, last);
memcpy(bset_bkey_last(n1),
n2->start,
(void *) bset_bkey_idx(n2, keys) - (void *) n2->start);
n1->keys += keys;
r[i].keys = n1->keys;
Reported by FlawFinder.
Line: 1823
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stats.key_bytes *= sizeof(uint64_t);
stats.data <<= 9;
bch_update_bucket_in_use(c, &stats);
memcpy(&c->gc_stats, &stats, sizeof(struct gc_stat));
trace_bcache_gc_end(c);
bch_moving_gc(c);
}
Reported by FlawFinder.
Line: 2010
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bkey *k = NULL;
struct btree_iter iter;
struct btree_check_state *check_state;
char name[32];
/* check and mark root node keys */
for_each_key_filter(&c->root->keys, k, &iter, bch_ptr_invalid)
bch_initial_mark_key(c, c->root->level, k);
Reported by FlawFinder.
Line: 2254
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
btree_bset_first(n2)->keys = btree_bset_first(n1)->keys - keys;
btree_bset_first(n1)->keys = keys;
memcpy(btree_bset_first(n2)->start,
bset_bkey_last(btree_bset_first(n1)),
btree_bset_first(n2)->keys * sizeof(uint64_t));
bkey_copy_key(&n2->key, &b->key);
Reported by FlawFinder.
drivers/infiniband/hw/mthca/mthca_mr.c
6 issues
Line: 430
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
int mthca_mr_alloc(struct mthca_dev *dev, u32 pd, int buffer_size_shift,
u64 iova, u64 total_size, u32 access, struct mthca_mr *mr)
{
struct mthca_mailbox *mailbox;
struct mthca_mpt_entry *mpt_entry;
u32 key;
int i;
Reported by FlawFinder.
Line: 462
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
mpt_entry->flags = cpu_to_be32(MTHCA_MPT_FLAG_SW_OWNS |
MTHCA_MPT_FLAG_MIO |
MTHCA_MPT_FLAG_REGION |
access);
if (!mr->mtt)
mpt_entry->flags |= cpu_to_be32(MTHCA_MPT_FLAG_PHYSICAL);
mpt_entry->page_size = cpu_to_be32(buffer_size_shift - 12);
mpt_entry->key = cpu_to_be32(key);
Reported by FlawFinder.
Line: 513
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
int mthca_mr_alloc_notrans(struct mthca_dev *dev, u32 pd,
u32 access, struct mthca_mr *mr)
{
mr->mtt = NULL;
return mthca_mr_alloc(dev, pd, 12, 0, ~0ULL, access, mr);
}
Reported by FlawFinder.
Line: 516
Column: 47
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u32 access, struct mthca_mr *mr)
{
mr->mtt = NULL;
return mthca_mr_alloc(dev, pd, 12, 0, ~0ULL, access, mr);
}
int mthca_mr_alloc_phys(struct mthca_dev *dev, u32 pd,
u64 *buffer_list, int buffer_size_shift,
int list_len, u64 iova, u64 total_size,
Reported by FlawFinder.
Line: 522
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int mthca_mr_alloc_phys(struct mthca_dev *dev, u32 pd,
u64 *buffer_list, int buffer_size_shift,
int list_len, u64 iova, u64 total_size,
u32 access, struct mthca_mr *mr)
{
int err;
mr->mtt = mthca_alloc_mtt(dev, list_len);
if (IS_ERR(mr->mtt))
Reported by FlawFinder.
Line: 537
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
err = mthca_mr_alloc(dev, pd, buffer_size_shift, iova,
total_size, access, mr);
if (err)
mthca_free_mtt(dev, mr->mtt);
return err;
}
Reported by FlawFinder.
drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c
6 issues
Line: 96
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h[1] |= (sc << OPA_16B_SC_SHFT);
h[2] |= ((u32)pkey << OPA_16B_PKEY_SHFT);
memcpy(hdr, h, OPA_VNIC_HDR_LEN);
}
/*
* Using a simple hash table for mac table implementation with the last octet
* of mac address as a key.
Reported by FlawFinder.
Line: 178
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* populate entry in the tbl corresponding to the index */
entry = &tbl->tbl_entries[node->index - loffset];
memcpy(entry->mac_addr, nentry->mac_addr,
ARRAY_SIZE(entry->mac_addr));
memcpy(entry->mac_addr_mask, nentry->mac_addr_mask,
ARRAY_SIZE(entry->mac_addr_mask));
entry->dlid_sd = cpu_to_be32(nentry->dlid_sd);
}
Reported by FlawFinder.
Line: 180
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
entry = &tbl->tbl_entries[node->index - loffset];
memcpy(entry->mac_addr, nentry->mac_addr,
ARRAY_SIZE(entry->mac_addr));
memcpy(entry->mac_addr_mask, nentry->mac_addr_mask,
ARRAY_SIZE(entry->mac_addr_mask));
entry->dlid_sd = cpu_to_be32(nentry->dlid_sd);
}
tbl->mac_tbl_digest = cpu_to_be32(adapter->info.vport.mac_tbl_digest);
get_mac_done:
Reported by FlawFinder.
Line: 249
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
node->index = loffset + i;
nentry = &node->entry;
memcpy(nentry->mac_addr, entry->mac_addr,
ARRAY_SIZE(nentry->mac_addr));
memcpy(nentry->mac_addr_mask, entry->mac_addr_mask,
ARRAY_SIZE(nentry->mac_addr_mask));
nentry->dlid_sd = be32_to_cpu(entry->dlid_sd);
key = node->entry.mac_addr[OPA_VNIC_MAC_HASH_IDX];
Reported by FlawFinder.
Line: 251
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nentry = &node->entry;
memcpy(nentry->mac_addr, entry->mac_addr,
ARRAY_SIZE(nentry->mac_addr));
memcpy(nentry->mac_addr_mask, entry->mac_addr_mask,
ARRAY_SIZE(nentry->mac_addr_mask));
nentry->dlid_sd = be32_to_cpu(entry->dlid_sd);
key = node->entry.mac_addr[OPA_VNIC_MAC_HASH_IDX];
vnic_hash_add(new_mactbl, &node->hlist, key);
}
Reported by FlawFinder.
Line: 275
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
new_node->index = node->index;
memcpy(&new_node->entry, &node->entry, sizeof(node->entry));
key = new_node->entry.mac_addr[OPA_VNIC_MAC_HASH_IDX];
vnic_hash_add(new_mactbl, &new_node->hlist, key);
}
switch_tbl:
Reported by FlawFinder.
drivers/infiniband/hw/mlx5/mad.c
6 issues
Line: 174
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ib_class_port_info cpi = {};
cpi.capability_mask = IB_PMA_CLASS_CAP_EXT_WIDTH;
memcpy((out_mad->data + 40), &cpi, sizeof(cpi));
err = IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_REPLY;
goto done;
}
if (in_mad->mad_hdr.attr_id == IB_PMA_PORT_COUNTERS_EXT) {
Reported by FlawFinder.
Line: 345
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto out;
memcpy(sys_image_guid, out_mad->data + 4, 8);
out:
kfree(out_mad);
return err;
Reported by FlawFinder.
Line: 415
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto out;
memcpy(node_desc, out_mad->data, IB_DEVICE_NODE_DESC_MAX);
out:
kfree(in_mad);
kfree(out_mad);
return err;
}
Reported by FlawFinder.
Line: 440
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto out;
memcpy(node_guid, out_mad->data + 12, 8);
out:
kfree(in_mad);
kfree(out_mad);
return err;
}
Reported by FlawFinder.
Line: 497
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto out;
memcpy(gid->raw, out_mad->data + 8, 8);
init_query_mad(in_mad);
in_mad->attr_id = IB_SMP_ATTR_GUID_INFO;
in_mad->attr_mod = cpu_to_be32(index / 8);
Reported by FlawFinder.
Line: 508
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto out;
memcpy(gid->raw + 8, out_mad->data + (index % 8) * 8, 8);
out:
kfree(in_mad);
kfree(out_mad);
return err;
Reported by FlawFinder.
drivers/input/joystick/analog.c
6 issues
Line: 429
CWE codes:
628
if (analog->mask & ANALOG_HATS_ALL)
snprintf(analog->name, sizeof(analog->name), "%s %d-hat",
analog->name, hweight16(analog->mask & ANALOG_HATS_ALL));
if (analog->mask & ANALOG_HAT_FCS)
strlcat(analog->name, " FCS", sizeof(analog->name));
if (analog->mask & ANALOG_ANY_CHF)
strlcat(analog->name, (analog->mask & ANALOG_SAITEK) ? " Saitek" : " CHF",
Reported by Cppcheck.
Line: 41
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ANALOG_PORTS 16
static char *js[ANALOG_PORTS];
static unsigned int js_nargs;
static int analog_options[ANALOG_PORTS];
module_param_array_named(map, js, charp, &js_nargs, 0);
MODULE_PARM_DESC(map, "Describes analog joysticks type/capabilities");
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct input_dev *dev;
int mask;
short *buttons;
char name[ANALOG_MAX_NAME_LENGTH];
char phys[ANALOG_MAX_PHYS_LENGTH];
};
struct analog_port {
struct gameport *gameport;
Reported by FlawFinder.
Line: 102
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mask;
short *buttons;
char name[ANALOG_MAX_NAME_LENGTH];
char phys[ANALOG_MAX_PHYS_LENGTH];
};
struct analog_port {
struct gameport *gameport;
struct analog analog[2];
Reported by FlawFinder.
Line: 239
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gameport *gameport = port->gameport;
u64 time[4], start, loop, now;
unsigned int loopout, timeout;
unsigned char data[4], this, last;
unsigned long flags;
int i, j;
loopout = (ANALOG_LOOP_TIME * port->loop) / 1000;
timeout = ANALOG_MAX_TIME * port->speed;
Reported by FlawFinder.
Line: 752
Column: 8
CWE codes:
126
if (end != js[i]) continue;
analog_options[i] = 0xff;
if (!strlen(js[i])) continue;
printk(KERN_WARNING "analog.c: Bad config for port %d - \"%s\"\n", i, js[i]);
}
for (; i < ANALOG_PORTS; i++)
Reported by FlawFinder.
drivers/input/joystick/adi.c
6 issues
Line: 397
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
t = adi->id < ADI_ID_MAX ? adi->id : ADI_ID_MAX;
snprintf(buf, ADI_MAX_PHYS_LENGTH, adi_names[t], adi->id);
snprintf(adi->name, ADI_MAX_NAME_LENGTH, "Logitech %s [%s]", buf, adi->cname);
snprintf(adi->phys, ADI_MAX_PHYS_LENGTH, "%s/input%d", port->gameport->phys, half);
adi->abs = adi_abs[t];
adi->key = adi_key[t];
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hats;
char *abs;
short *key;
char name[ADI_MAX_NAME_LENGTH];
char cname[ADI_MAX_CNAME_LENGTH];
char phys[ADI_MAX_PHYS_LENGTH];
unsigned char data[ADI_MAX_LENGTH];
};
Reported by FlawFinder.
Line: 106
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *abs;
short *key;
char name[ADI_MAX_NAME_LENGTH];
char cname[ADI_MAX_CNAME_LENGTH];
char phys[ADI_MAX_PHYS_LENGTH];
unsigned char data[ADI_MAX_LENGTH];
};
struct adi_port {
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
short *key;
char name[ADI_MAX_NAME_LENGTH];
char cname[ADI_MAX_CNAME_LENGTH];
char phys[ADI_MAX_PHYS_LENGTH];
unsigned char data[ADI_MAX_LENGTH];
};
struct adi_port {
struct gameport *gameport;
Reported by FlawFinder.
Line: 108
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char name[ADI_MAX_NAME_LENGTH];
char cname[ADI_MAX_CNAME_LENGTH];
char phys[ADI_MAX_PHYS_LENGTH];
unsigned char data[ADI_MAX_LENGTH];
};
struct adi_port {
struct gameport *gameport;
struct adi adi[2];
Reported by FlawFinder.
Line: 388
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int adi_init_input(struct adi *adi, struct adi_port *port, int half)
{
struct input_dev *input_dev;
char buf[ADI_MAX_NAME_LENGTH];
int i, t;
adi->dev = input_dev = input_allocate_device();
if (!input_dev)
return -ENOMEM;
Reported by FlawFinder.
drivers/input/joydev.c
6 issues
Line: 36
Column: 6
CWE codes:
362
#define JOYDEV_BUFFER_SIZE 64
struct joydev {
int open;
struct input_handle handle;
wait_queue_head_t wait;
struct list_head client_list;
spinlock_t client_lock; /* protects client_list */
struct mutex mutex;
Reported by FlawFinder.
Line: 222
Column: 34
CWE codes:
362
{
mutex_lock(&joydev->mutex);
if (joydev->exist && !--joydev->open)
input_close_device(&joydev->handle);
mutex_unlock(&joydev->mutex);
}
Reported by FlawFinder.
Line: 465
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(joydev->abspam, abspam, len);
for (i = 0; i < joydev->nabs; i++)
joydev->absmap[joydev->abspam[i]] = i;
out:
Reported by FlawFinder.
Line: 499
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(joydev->keypam, keypam, len);
for (i = 0; i < joydev->nkey; i++)
joydev->keymap[joydev->keypam[i] - BTN_MISC] = i;
out:
Reported by FlawFinder.
Line: 744
Column: 14
CWE codes:
362
joydev_hangup(joydev);
/* joydev is marked dead so no one else accesses joydev->open */
if (joydev->open)
input_close_device(handle);
}
/*
* These codes are copied from from hid-ids.h, unfortunately there is no common
Reported by FlawFinder.
Line: 587
Column: 39
CWE codes:
126
if (!name)
return 0;
len = min_t(size_t, _IOC_SIZE(cmd), strlen(name) + 1);
return copy_to_user(argp, name, len) ? -EFAULT : len;
}
return -EINVAL;
}
Reported by FlawFinder.
drivers/hwmon/lm80.c
6 issues
Line: 268
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", IN_FROM_REG(data->in[nr][index]));
}
static ssize_t in_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 301
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct lm80_data *data = lm80_update_device(dev);
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", FAN_FROM_REG(data->fan[nr][index],
DIV_FROM_REG(data->fan_div[index])));
}
static ssize_t fan_div_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 312
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct lm80_data *data = lm80_update_device(dev);
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", DIV_FROM_REG(data->fan_div[nr]));
}
static ssize_t fan_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 408
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct lm80_data *data = lm80_update_device(dev);
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[attr->index]));
}
static ssize_t temp_store(struct device *dev,
struct device_attribute *devattr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 437
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct lm80_data *data = lm80_update_device(dev);
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%u\n", data->alarms);
}
static ssize_t alarm_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 447
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct lm80_data *data = lm80_update_device(dev);
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%u\n", (data->alarms >> bitnr) & 1);
}
static SENSOR_DEVICE_ATTR_2_RW(in0_min, in, i_min, 0);
static SENSOR_DEVICE_ATTR_2_RW(in1_min, in, i_min, 1);
static SENSOR_DEVICE_ATTR_2_RW(in2_min, in, i_min, 2);
Reported by FlawFinder.
drivers/hv/channel_mgmt.c
6 issues
Line: 941
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
channel->sig_event = offer->connection_id;
}
memcpy(&channel->offermsg, offer,
sizeof(struct vmbus_channel_offer_channel));
channel->monitor_grp = (u8)offer->monitorid / 32;
channel->monitor_bit = (u8)offer->monitorid % 32;
channel->device_id = hv_get_dev_type(channel);
}
Reported by FlawFinder.
Line: 1310
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(struct vmbus_channel_open_channel *)msginfo->msg;
if (openmsg->child_relid == result->child_relid &&
openmsg->openid == result->openid) {
memcpy(&msginfo->response.open_result,
result,
sizeof(
struct vmbus_channel_open_result));
complete(&msginfo->waitevent);
break;
Reported by FlawFinder.
Line: 1359
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((gpadlcreated->child_relid ==
gpadlheader->child_relid) &&
(gpadlcreated->gpadl == gpadlheader->gpadl)) {
memcpy(&msginfo->response.gpadl_created,
gpadlcreated,
sizeof(
struct vmbus_channel_gpadl_created));
complete(&msginfo->waitevent);
break;
Reported by FlawFinder.
Line: 1401
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
modifymsg = (struct vmbus_channel_modifychannel *)msginfo->msg;
if (modifymsg->child_relid == response->child_relid) {
memcpy(&msginfo->response.modify_response, response,
sizeof(*response));
complete(&msginfo->waitevent);
break;
}
}
Reported by FlawFinder.
Line: 1446
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(struct vmbus_channel_gpadl_teardown *)requestheader;
if (gpadl_torndown->gpadl == gpadl_teardown->gpadl) {
memcpy(&msginfo->response.gpadl_torndown,
gpadl_torndown,
sizeof(
struct vmbus_channel_gpadl_torndown));
complete(&msginfo->waitevent);
break;
Reported by FlawFinder.
Line: 1486
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (requestheader->msgtype ==
CHANNELMSG_INITIATE_CONTACT) {
memcpy(&msginfo->response.version_response,
version_response,
sizeof(struct vmbus_channel_version_response));
complete(&msginfo->waitevent);
}
}
Reported by FlawFinder.
arch/s390/include/asm/debug.h
6 issues
Line: 228
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
extern debug_entry_t *
__debug_sprintf_event(debug_info_t *id, int level, char *string, ...)
__attribute__ ((format(printf, 3, 4)));
/**
* debug_sprintf_event() - writes debug entry with format string
* and varargs (longs) to active debug area
* (if level $<=$ actual debug level).
Reported by FlawFinder.
Line: 356
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
extern debug_entry_t *
__debug_sprintf_exception(debug_info_t *id, int level, char *string, ...)
__attribute__ ((format(printf, 3, 4)));
/**
* debug_sprintf_exception() - writes debug entry with format string and
* varargs (longs) to active debug area
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dentry *debugfs_root_entry;
struct dentry *debugfs_entries[DEBUG_MAX_VIEWS];
struct debug_view *views[DEBUG_MAX_VIEWS];
char name[DEBUG_MAX_NAME_LEN];
umode_t mode;
} debug_info_t;
typedef int (debug_header_proc_t) (debug_info_t *id,
struct debug_view *view,
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int area, debug_entry_t *entry, char *out_buf);
struct debug_view {
char name[DEBUG_MAX_NAME_LEN];
debug_prolog_proc_t *prolog_proc;
debug_header_proc_t *header_proc;
debug_format_proc_t *format_proc;
debug_input_proc_t *input_proc;
void *private_data;
Reported by FlawFinder.
Line: 219
Column: 44
CWE codes:
126
{
if ((!id) || (level > id->level) || (id->pages_per_area == 0))
return NULL;
return debug_event_common(id, level, txt, strlen(txt));
}
/*
* IMPORTANT: Use "%s" in sprintf format strings with care! Only pointers are
* stored in the s390dbf. See Documentation/s390/s390dbf.rst for more details!
Reported by FlawFinder.
Line: 347
Column: 48
CWE codes:
126
{
if ((!id) || (level > id->level) || (id->pages_per_area == 0))
return NULL;
return debug_exception_common(id, level, txt, strlen(txt));
}
/*
* IMPORTANT: Use "%s" in sprintf format strings with care! Only pointers are
* stored in the s390dbf. See Documentation/s390/s390dbf.rst for more details!
Reported by FlawFinder.