The following issues were found
arch/powerpc/kernel/rtas-proc.c
6 issues
Line: 410
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
const char *loc;
int llen, offs;
sprintf (rstr, SENSOR_PREFIX"%04d", p->token);
loc = of_get_property(rtas_node, rstr, &llen);
/* A sensor may have multiple instances */
for (j = 0, offs = 0; j <= p->quant; j++) {
error = rtas_call(get_sensor_state, 2, 2, &state,
Reported by FlawFinder.
Line: 131
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct rtas_sensors sensors;
static struct device_node *rtas_node = NULL;
static unsigned long power_on_time = 0; /* Save the time the user set */
static char progress_led[MAX_LINELENGTH];
static unsigned long rtas_tone_frequency = 1000;
static unsigned long rtas_tone_volume = 0;
/* ****************************************************************** */
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parse_number(const char __user *p, size_t count, u64 *val)
{
char buf[40];
char *end;
if (count > 39)
return -EINVAL;
Reported by FlawFinder.
Line: 406
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i=0; i<sensors.quant; i++) {
struct individual_sensor *p = &sensors.sensor[i];
char rstr[64];
const char *loc;
int llen, offs;
sprintf (rstr, SENSOR_PREFIX"%04d", p->token);
loc = of_get_property(rtas_node, rstr, &llen);
Reported by FlawFinder.
Line: 421
Column: 13
CWE codes:
126
ppc_rtas_process_sensor(m, p, state, error, loc);
seq_putc(m, '\n');
if (loc) {
offs += strlen(loc) + 1;
loc += strlen(loc) + 1;
if (offs >= llen)
loc = NULL;
}
}
Reported by FlawFinder.
Line: 422
Column: 12
CWE codes:
126
seq_putc(m, '\n');
if (loc) {
offs += strlen(loc) + 1;
loc += strlen(loc) + 1;
if (offs >= llen)
loc = NULL;
}
}
}
Reported by FlawFinder.
arch/x86/kvm/vmx/vmx_ops.h
6 issues
Line: 180
static __always_inline void __vmcs_writel(unsigned long field, unsigned long value)
{
vmx_asm2(vmwrite, "r"(field), "rm"(value), field, value);
}
static __always_inline void vmcs_write16(unsigned long field, u16 value)
{
vmcs_check16(field);
Reported by Cppcheck.
Line: 180
static __always_inline void __vmcs_writel(unsigned long field, unsigned long value)
{
vmx_asm2(vmwrite, "r"(field), "rm"(value), field, value);
}
static __always_inline void vmcs_write16(unsigned long field, u16 value)
{
vmcs_check16(field);
Reported by Cppcheck.
Line: 180
static __always_inline void __vmcs_writel(unsigned long field, unsigned long value)
{
vmx_asm2(vmwrite, "r"(field), "rm"(value), field, value);
}
static __always_inline void vmcs_write16(unsigned long field, u16 value)
{
vmcs_check16(field);
Reported by Cppcheck.
Line: 180
static __always_inline void __vmcs_writel(unsigned long field, unsigned long value)
{
vmx_asm2(vmwrite, "r"(field), "rm"(value), field, value);
}
static __always_inline void vmcs_write16(unsigned long field, u16 value)
{
vmcs_check16(field);
Reported by Cppcheck.
Line: 180
static __always_inline void __vmcs_writel(unsigned long field, unsigned long value)
{
vmx_asm2(vmwrite, "r"(field), "rm"(value), field, value);
}
static __always_inline void vmcs_write16(unsigned long field, u16 value)
{
vmcs_check16(field);
Reported by Cppcheck.
Line: 180
static __always_inline void __vmcs_writel(unsigned long field, unsigned long value)
{
vmx_asm2(vmwrite, "r"(field), "rm"(value), field, value);
}
static __always_inline void vmcs_write16(unsigned long field, u16 value)
{
vmcs_check16(field);
Reported by Cppcheck.
arch/mips/pci/pci-xtalk-bridge.c
6 issues
Line: 571
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int bridge_get_partnum(u64 baddr, char *partnum)
{
struct nvmem_device *nvmem;
char prefix[24];
u8 prom[64];
int i, j;
int ret;
snprintf(prefix, sizeof(prefix), "bridge-%012llx-0b-", baddr);
Reported by FlawFinder.
Line: 615
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pci_host_bridge *host;
struct irq_domain *domain, *parent;
struct fwnode_handle *fn;
char partnum[26];
int slot;
int err;
/* get part number from one wire prom */
if (bridge_get_partnum(virt_to_phys((void *)bd->bridge_addr), partnum))
Reported by FlawFinder.
Line: 552
Column: 9
CWE codes:
126
for (i = 0; i < ARRAY_SIZE(bridge_ioc3_devid); i++)
if (!strncmp(partnum, bridge_ioc3_devid[i].match,
strlen(bridge_ioc3_devid[i].match))) {
bridge_ioc3_devid[i].setup(bc);
}
}
static int bridge_nvmem_match(struct device *dev, const void *data)
Reported by FlawFinder.
Line: 562
Column: 6
CWE codes:
126
const char *name = dev_name(dev);
const char *prefix = data;
if (strlen(name) < strlen(prefix))
return 0;
return memcmp(prefix, dev_name(dev), strlen(prefix)) == 0;
}
Reported by FlawFinder.
Line: 562
Column: 21
CWE codes:
126
const char *name = dev_name(dev);
const char *prefix = data;
if (strlen(name) < strlen(prefix))
return 0;
return memcmp(prefix, dev_name(dev), strlen(prefix)) == 0;
}
Reported by FlawFinder.
Line: 565
Column: 39
CWE codes:
126
if (strlen(name) < strlen(prefix))
return 0;
return memcmp(prefix, dev_name(dev), strlen(prefix)) == 0;
}
static int bridge_get_partnum(u64 baddr, char *partnum)
{
struct nvmem_device *nvmem;
Reported by FlawFinder.
arch/x86/kvm/i8254.c
6 issues
Line: 445
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
struct kvm_pit *pit = dev_to_pit(this);
struct kvm_kpit_state *pit_state = &pit->pit_state;
int channel, access;
struct kvm_kpit_channel_state *s;
u32 val = *(u32 *) data;
if (!pit_in_range(addr))
return -EOPNOTSUPP;
Reported by FlawFinder.
Line: 479
Column: 18
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (access == 0) {
pit_latch_count(pit, channel);
} else {
s->rw_mode = access;
s->read_state = access;
s->write_state = access;
s->mode = (val >> 1) & 7;
if (s->mode > 5)
s->mode -= 4;
Reported by FlawFinder.
Line: 480
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
pit_latch_count(pit, channel);
} else {
s->rw_mode = access;
s->read_state = access;
s->write_state = access;
s->mode = (val >> 1) & 7;
if (s->mode > 5)
s->mode -= 4;
s->bcd = val & 1;
Reported by FlawFinder.
Line: 481
Column: 22
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
} else {
s->rw_mode = access;
s->read_state = access;
s->write_state = access;
s->mode = (val >> 1) & 7;
if (s->mode > 5)
s->mode -= 4;
s->bcd = val & 1;
}
Reported by FlawFinder.
Line: 578
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > sizeof(ret))
len = sizeof(ret);
memcpy(data, (char *)&ret, len);
mutex_unlock(&pit_state->lock);
return 0;
}
Reported by FlawFinder.
Line: 620
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(pit_get_out(pit, 2) << 5) | (refresh_clock << 4));
if (len > sizeof(ret))
len = sizeof(ret);
memcpy(data, (char *)&ret, len);
mutex_unlock(&pit_state->lock);
return 0;
}
static void kvm_pit_reset(struct kvm_pit *pit)
Reported by FlawFinder.
arch/x86/kernel/kprobes/opt.c
6 issues
Line: 67
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (addr == (unsigned long)kp->addr) {
buf[0] = kp->opcode;
memcpy(buf + 1, op->optinsn.copied_insn, DISP32_SIZE);
} else {
offs = addr - (unsigned long)kp->addr - 1;
memcpy(buf, op->optinsn.copied_insn + offs, DISP32_SIZE - offs);
}
Reported by FlawFinder.
Line: 70
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(buf + 1, op->optinsn.copied_insn, DISP32_SIZE);
} else {
offs = addr - (unsigned long)kp->addr - 1;
memcpy(buf, op->optinsn.copied_insn + offs, DISP32_SIZE - offs);
}
return (unsigned long)buf;
}
Reported by FlawFinder.
Line: 435
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy arch-dep-instance from template */
memcpy(buf, optprobe_template_entry, TMPL_END_IDX);
/* Copy instructions into the out-of-line buffer */
ret = copy_optimized_instructions(buf + TMPL_END_IDX, op->kp.addr,
slot + TMPL_END_IDX);
if (ret < 0)
Reported by FlawFinder.
Line: 498
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WARN_ON(kprobe_disabled(&op->kp));
/* Backup instructions which will be replaced by jump address */
memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_INSN_SIZE,
DISP32_SIZE);
insn_buff[0] = JMP32_INSN_OPCODE;
*(s32 *)(&insn_buff[1]) = rel;
Reported by FlawFinder.
Line: 523
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 old[JMP32_INSN_SIZE];
u8 *addr = op->kp.addr;
memcpy(old, op->kp.addr, JMP32_INSN_SIZE);
memcpy(new + INT3_INSN_SIZE,
op->optinsn.copied_insn,
JMP32_INSN_SIZE - INT3_INSN_SIZE);
text_poke(addr, new, INT3_INSN_SIZE);
Reported by FlawFinder.
Line: 524
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *addr = op->kp.addr;
memcpy(old, op->kp.addr, JMP32_INSN_SIZE);
memcpy(new + INT3_INSN_SIZE,
op->optinsn.copied_insn,
JMP32_INSN_SIZE - INT3_INSN_SIZE);
text_poke(addr, new, INT3_INSN_SIZE);
text_poke_sync();
Reported by FlawFinder.
drivers/usb/misc/idmouse.c
6 issues
Line: 75
Column: 6
CWE codes:
362
size_t orig_bi_size; /* same as above, but reported by the device */
__u8 bulk_in_endpointAddr; /* the address of the bulk in endpoint */
int open; /* if the port is open or not */
int present; /* if the device is not disconnected */
struct mutex lock; /* locks this structure */
};
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int bulk_read;
int result;
memcpy(dev->bulk_in_buffer, HEADER, sizeof(HEADER)-1);
bytes_read = sizeof(HEADER)-1;
/* reset the device and set a fast blink rate */
result = ftip_command(dev, FTIP_RELEASE, 0, 0);
if (result < 0)
Reported by FlawFinder.
Line: 238
Column: 11
CWE codes:
362
mutex_lock(&dev->lock);
/* check if already open */
if (dev->open) {
/* already open, so fail */
result = -EBUSY;
} else {
Reported by FlawFinder.
Line: 255
Column: 10
CWE codes:
362
goto error;
/* increment our usage count for the driver */
++dev->open;
/* save our object in the file's private structure */
file->private_data = dev;
}
Reported by FlawFinder.
Line: 281
Column: 9
CWE codes:
362
/* lock our device */
mutex_lock(&dev->lock);
--dev->open;
if (!dev->present) {
/* the device was unplugged before the file was released */
mutex_unlock(&dev->lock);
idmouse_delete(dev);
Reported by FlawFinder.
Line: 391
Column: 12
CWE codes:
362
dev->present = 0;
/* if the device is opened, idmouse_release will clean this up */
if (!dev->open) {
mutex_unlock(&dev->lock);
idmouse_delete(dev);
} else {
/* unlock */
mutex_unlock(&dev->lock);
Reported by FlawFinder.
drivers/usb/typec/ucsi/ucsi_ccg.c
6 issues
Line: 226
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i2c_client *client = uc->client;
const struct i2c_adapter_quirks *quirks = client->adapter->quirks;
unsigned char buf[2];
struct i2c_msg msgs[] = {
{
.addr = client->addr,
.flags = 0x0,
.len = sizeof(buf),
Reported by FlawFinder.
Line: 284
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
put_unaligned_le16(rab, buf);
memcpy(buf + sizeof(rab), data, len);
msgs[0].len = len + sizeof(rab);
msgs[0].buf = buf;
pm_runtime_get_sync(uc->dev);
Reported by FlawFinder.
Line: 887
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the data into the flash read/write memory. */
put_unaligned_le16(REG_FLASH_RW_MEM, buf);
memcpy(buf + 2, data, CCG4_ROW_SIZE);
mutex_lock(&uc->lock);
ret = i2c_master_send(client, buf, CCG4_ROW_SIZE + 2);
if (ret != CCG4_ROW_SIZE + 2) {
Reported by FlawFinder.
Line: 986
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fw->size < sizeof(fw_cfg) + FW_CFG_TABLE_SIG_SIZE)
goto out_release_firmware;
memcpy((uint8_t *)&fw_cfg, fw->data + fw->size -
sizeof(fw_cfg) - FW_CFG_TABLE_SIG_SIZE, sizeof(fw_cfg));
if (fw_cfg.identity != ('F' | 'W' << 8 | 'C' << 16 | 'T' << 24)) {
dev_info(dev, "not a signed image\n");
goto out_release_firmware;
Reported by FlawFinder.
Line: 1096
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fw->size < sizeof(fw_cfg) + sizeof(fw_cfg_sig))
goto not_signed_fw;
memcpy((uint8_t *)&fw_cfg, fw->data + fw->size -
sizeof(fw_cfg) - sizeof(fw_cfg_sig), sizeof(fw_cfg));
if (fw_cfg.identity != ('F' | ('W' << 8) | ('C' << 16) | ('T' << 24))) {
dev_info(dev, "not a signed image\n");
goto not_signed_fw;
Reported by FlawFinder.
Line: 1105
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
eof = fw->data + fw->size - sizeof(fw_cfg) - sizeof(fw_cfg_sig);
memcpy((uint8_t *)&fw_cfg_sig,
fw->data + fw->size - sizeof(fw_cfg_sig), sizeof(fw_cfg_sig));
/* flash fw config table and signature first */
err = ccg_cmd_write_flash_row(uc, 0, (u8 *)&fw_cfg,
FLASH_FWCT1_WR_CMD);
Reported by FlawFinder.
drivers/scsi/mvumi.c
6 issues
Line: 571
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memcpy(ob_data->data, p_outb_frame, mhba->ob_max_size);
p_outb_frame->tag = 0xff;
list_add_tail(&ob_data->list, &mhba->free_ob_list);
}
mhba->ob_cur_slot &= ~regs->cl_slot_num_mask;
Reported by FlawFinder.
Line: 1318
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case SAM_STAT_CHECK_CONDITION:
scmd->result |= (DID_OK << 16);
if (ob_frame->rsp_flag & CL_RSP_FLAG_SENSEDATA) {
memcpy(cmd->scmd->sense_buffer, ob_frame->payload,
sizeof(struct mvumi_sense_data));
}
break;
default:
scmd->result |= (DID_ABORT << 16);
Reported by FlawFinder.
Line: 1345
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ob_frame->req_status == SAM_STAT_CHECK_CONDITION) &&
(ob_frame->rsp_flag & CL_RSP_FLAG_SENSEDATA) &&
cmd->data_buf) {
memcpy(cmd->data_buf, ob_frame->payload,
sizeof(struct mvumi_sense_data));
}
atomic_dec(&cmd->sync_cmd);
wake_up(&mhba->int_cmd_wait_q);
}
Reported by FlawFinder.
Line: 1447
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (mhba->pdev->device == PCI_DEVICE_ID_MARVELL_MV9143)
wwid = id + 1;
else
memcpy((void *)&wwid,
(cmd->data_buf + MVUMI_INQUIRY_UUID_OFF),
MVUMI_INQUIRY_UUID_LEN);
dev_dbg(&mhba->pdev->dev,
"inquiry device(0:%d:0) wwid(%llx)\n", id, wwid);
} else {
Reported by FlawFinder.
Line: 1855
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpu_to_le32(upper_32_bits(cmd->frame_phys));
dle->if_length = (frame_len >> 2) & 0xFFF;
} else {
memcpy(ib_entry, ib_frame, frame_len);
}
return MV_QUEUE_COMMAND_RESULT_SENT;
}
static void mvumi_fire_cmd(struct mvumi_hba *mhba, struct mvumi_cmd *cmd)
Reported by FlawFinder.
Line: 2055
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
pframe->cdb_length = scmd->cmd_len;
memcpy(pframe->cdb, scmd->cmnd, pframe->cdb_length);
pframe->req_function = CL_FUN_SCSI_CMD;
if (scsi_bufflen(scmd)) {
if (mvumi_make_sgl(mhba, scmd, &pframe->payload[0],
&pframe->sg_counts))
goto error;
Reported by FlawFinder.
drivers/usb/misc/cytherm.c
6 issues
Line: 72
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct usb_interface *intf = to_usb_interface(dev);
struct usb_cytherm *cytherm = usb_get_intfdata(intf);
return sprintf(buf, "%i", cytherm->brightness);
}
static ssize_t brightness_store(struct device *dev, struct device_attribute *attr, const char *buf,
size_t count)
{
Reported by FlawFinder.
Line: 145
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
kfree(buffer);
return sprintf(buf, "%c%i.%i", sign ? '-' : '+', temp >> 1,
5*(temp - ((temp >> 1) << 1)));
}
static DEVICE_ATTR_RO(temp);
Reported by FlawFinder.
Line: 203
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
kfree(buffer);
return sprintf(buf, "%d", retval);
}
static ssize_t port0_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 258
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
kfree(buffer);
return sprintf(buf, "%d", retval);
}
static ssize_t port1_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 176
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
kfree(buffer);
if (retval)
return sprintf(buf, "1");
else
return sprintf(buf, "0");
}
static DEVICE_ATTR_RO(button);
Reported by FlawFinder.
Line: 178
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (retval)
return sprintf(buf, "1");
else
return sprintf(buf, "0");
}
static DEVICE_ATTR_RO(button);
static ssize_t port0_show(struct device *dev, struct device_attribute *attr, char *buf)
Reported by FlawFinder.
drivers/target/target_core_xcopy.c
6 issues
Line: 46
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int target_xcopy_locate_se_dev_e4_iter(struct se_device *se_dev,
const unsigned char *dev_wwn)
{
unsigned char tmp_dev_wwn[XCOPY_NAA_IEEE_REGEX_LEN];
int rc;
if (!se_dev->dev_attrib.emulate_3pc) {
pr_debug("XCOPY: emulate_3pc disabled on se_dev %p\n", se_dev);
return 0;
Reported by FlawFinder.
Line: 168
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (cscd_index == xop->stdi) {
memcpy(&xop->src_tid_wwn[0], &desc[8], XCOPY_NAA_IEEE_REGEX_LEN);
/*
* Determine if the source designator matches the local device
*/
if (!memcmp(&xop->local_dev_wwn[0], &xop->src_tid_wwn[0],
XCOPY_NAA_IEEE_REGEX_LEN)) {
Reported by FlawFinder.
Line: 182
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (cscd_index == xop->dtdi) {
memcpy(&xop->dst_tid_wwn[0], &desc[8], XCOPY_NAA_IEEE_REGEX_LEN);
/*
* Determine if the destination designator matches the local
* device. If @cscd_index corresponds to both source (stdi) and
* destination (dtdi), or dtdi comes after stdi, then
* XCOL_DEST_RECV_OP wins.
Reported by FlawFinder.
Line: 394
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xcopy_pt_cmd {
struct se_cmd se_cmd;
struct completion xpt_passthrough_sem;
unsigned char sense_buffer[TRANSPORT_SENSE_BUFFER];
};
struct se_portal_group xcopy_pt_tpg;
static struct se_session xcopy_pt_sess;
static struct se_node_acl xcopy_pt_nacl;
Reported by FlawFinder.
Line: 592
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct se_cmd *se_cmd = &xpt_cmd.se_cmd;
u32 length = (src_sectors * src_dev->dev_attrib.block_size);
int rc;
unsigned char cdb[16];
bool remote_port = (xop->op_origin == XCOL_DEST_RECV_OP);
memset(&xpt_cmd, 0, sizeof(xpt_cmd));
init_completion(&xpt_cmd.xpt_passthrough_sem);
Reported by FlawFinder.
Line: 637
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct se_cmd *se_cmd = &xpt_cmd.se_cmd;
u32 length = (dst_sectors * dst_dev->dev_attrib.block_size);
int rc;
unsigned char cdb[16];
bool remote_port = (xop->op_origin == XCOL_SOURCE_RECV_OP);
memset(&xpt_cmd, 0, sizeof(xpt_cmd));
init_completion(&xpt_cmd.xpt_passthrough_sem);
Reported by FlawFinder.