The following issues were found
drivers/video/fbdev/omap/omapfb_main.c
6 issues
Line: 599
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
var->yoffset != fbi->var.yoffset) {
struct fb_var_screeninfo *new_var = &fbdev->new_var;
memcpy(new_var, &fbi->var, sizeof(*new_var));
new_var->xoffset = var->xoffset;
new_var->yoffset = var->yoffset;
if (set_fb_var(fbi, new_var))
r = -EINVAL;
else {
Reported by FlawFinder.
Line: 605
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (set_fb_var(fbi, new_var))
r = -EINVAL;
else {
memcpy(&fbi->var, new_var, sizeof(*new_var));
ctrl_change_mode(fbi);
}
}
omapfb_rqueue_unlock(fbdev);
Reported by FlawFinder.
Line: 843
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (old_size != size && size) {
if (size) {
memcpy(new_var, &fbi->var, sizeof(*new_var));
r = set_fb_var(fbi, new_var);
if (r < 0)
goto out;
}
}
Reported by FlawFinder.
Line: 1569
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int omapfb_find_ctrl(struct omapfb_device *fbdev)
{
struct omapfb_platform_data *conf;
char name[17];
int i;
conf = dev_get_platdata(fbdev->dev);
fbdev->ctrl = NULL;
Reported by FlawFinder.
Line: 1451
Column: 2
CWE codes:
120
info->fbops = &omapfb_ops;
info->flags = FBINFO_FLAG_DEFAULT;
strncpy(fix->id, MODULE_NAME, sizeof(fix->id));
info->pseudo_palette = fbdev->pseudo_palette;
var->accel_flags = def_accel ? FB_ACCELF_TEXT : 0;
var->xres = def_vxres;
Reported by FlawFinder.
Line: 1576
Column: 2
CWE codes:
120
fbdev->ctrl = NULL;
strncpy(name, conf->lcd.ctrl_name, sizeof(name) - 1);
name[sizeof(name) - 1] = '\0';
if (strcmp(name, "internal") == 0) {
fbdev->ctrl = fbdev->int_ctrl;
return 0;
Reported by FlawFinder.
drivers/video/fbdev/fsl-diu-fb.c
6 issues
Line: 1674
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (data->monitor_port) {
case FSL_DIU_PORT_DVI:
return sprintf(buf, "DVI\n");
case FSL_DIU_PORT_LVDS:
return sprintf(buf, "Single-link LVDS\n");
case FSL_DIU_PORT_DLVDS:
return sprintf(buf, "Dual-link LVDS\n");
}
Reported by FlawFinder.
Line: 1676
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case FSL_DIU_PORT_DVI:
return sprintf(buf, "DVI\n");
case FSL_DIU_PORT_LVDS:
return sprintf(buf, "Single-link LVDS\n");
case FSL_DIU_PORT_DLVDS:
return sprintf(buf, "Dual-link LVDS\n");
}
return 0;
Reported by FlawFinder.
Line: 1678
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case FSL_DIU_PORT_LVDS:
return sprintf(buf, "Single-link LVDS\n");
case FSL_DIU_PORT_DLVDS:
return sprintf(buf, "Dual-link LVDS\n");
}
return 0;
}
Reported by FlawFinder.
Line: 1731
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Initialize the AOI data structure */
mfbi = info->par;
memcpy(mfbi, &mfb_template[i], sizeof(struct mfb_info));
mfbi->parent = data;
mfbi->ad = &data->ad[i];
}
/* Get the EDID data from the device tree, if present */
Reported by FlawFinder.
Line: 1739
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Get the EDID data from the device tree, if present */
prop = of_get_property(np, "edid", &ret);
if (prop && ret == EDID_LENGTH) {
memcpy(data->edid_data, prop, EDID_LENGTH);
data->has_edid = true;
}
data->diu_reg = of_iomap(np, 0);
if (!data->diu_reg) {
Reported by FlawFinder.
Line: 790
Column: 2
CWE codes:
120
struct fb_var_screeninfo *var = &info->var;
struct mfb_info *mfbi = info->par;
strncpy(fix->id, mfbi->id, sizeof(fix->id));
fix->line_length = var->xres_virtual * var->bits_per_pixel / 8;
fix->type = FB_TYPE_PACKED_PIXELS;
fix->accel = FB_ACCEL_NONE;
fix->visual = FB_VISUAL_TRUECOLOR;
fix->xpanstep = 1;
Reported by FlawFinder.
drivers/scsi/qedf/qedf_debugfs.c
6 issues
Line: 194
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct qedf_ctx, dbg_ctx);
QEDF_INFO(qedf_dbg, QEDF_LOG_DEBUGFS, "entered\n");
cnt = sprintf(buffer, "%s\n",
qedf->stop_io_on_error ? "true" : "false");
cnt = min_t(int, count, cnt - *ppos);
*ppos += cnt;
return cnt;
Reported by FlawFinder.
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct qedf_debugfs_ops *dops,
const struct file_operations *fops)
{
char host_dirname[32];
QEDF_INFO(qedf, QEDF_LOG_DEBUGFS, "Creating debugfs host node\n");
/* create pf dir */
sprintf(host_dirname, "host%u", qedf->host_no);
qedf->bdf_dentry = debugfs_create_dir(host_dirname, qedf_dbg_root);
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
QEDF_INFO(qedf, QEDF_LOG_DEBUGFS, "Creating debugfs host node\n");
/* create pf dir */
sprintf(host_dirname, "host%u", qedf->host_no);
qedf->bdf_dentry = debugfs_create_dir(host_dirname, qedf_dbg_root);
/* create debugfs files */
while (dops) {
if (!(dops->name))
Reported by FlawFinder.
Line: 111
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
QEDF_INFO(qedf_dbg, QEDF_LOG_DEBUGFS, "entered\n");
cnt = sprintf(buffer, "\nFastpath I/O completions\n\n");
for (id = 0; id < qedf->num_queues; id++) {
fp = &(qedf->fp_array[id]);
if (fp->sb_id == QEDF_SB_ID_NULL)
continue;
Reported by FlawFinder.
Line: 117
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
fp = &(qedf->fp_array[id]);
if (fp->sb_id == QEDF_SB_ID_NULL)
continue;
cnt += sprintf((buffer + cnt), "#%d: %lu\n", id,
fp->completions);
}
cnt = min_t(int, count, cnt - *ppos);
*ppos += cnt;
Reported by FlawFinder.
Line: 145
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(struct qedf_dbg_ctx *)filp->private_data;
QEDF_INFO(qedf_dbg, QEDF_LOG_DEBUGFS, "debug mask=0x%x\n", qedf_debug);
cnt = sprintf(buffer, "debug mask = 0x%x\n", qedf_debug);
cnt = min_t(int, count, cnt - *ppos);
*ppos += cnt;
return cnt;
}
Reported by FlawFinder.
drivers/usb/gadget/udc/dummy_hcd.c
6 issues
Line: 728
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req = &dum->fifo_req;
req->req = *_req;
req->req.buf = dum->fifo_buf;
memcpy(dum->fifo_buf, _req->buf, _req->length);
req->req.context = dum;
req->req.complete = fifo_complete;
list_add_tail(&req->queue, &ep->queue);
spin_unlock(&dum->lock);
Reported by FlawFinder.
Line: 1349
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!urb->num_sgs) {
ubuf = urb->transfer_buffer + urb->actual_length;
if (to_host)
memcpy(ubuf, rbuf, len);
else
memcpy(rbuf, ubuf, len);
return len;
}
Reported by FlawFinder.
Line: 1351
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (to_host)
memcpy(ubuf, rbuf, len);
else
memcpy(rbuf, ubuf, len);
return len;
}
if (!urbp->miter_started) {
u32 flags = SG_MITER_ATOMIC;
Reported by FlawFinder.
Line: 1378
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
trans += this_sg;
if (to_host)
memcpy(ubuf, rbuf, this_sg);
else
memcpy(rbuf, ubuf, this_sg);
len -= this_sg;
if (!len)
Reported by FlawFinder.
Line: 1380
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (to_host)
memcpy(ubuf, rbuf, this_sg);
else
memcpy(rbuf, ubuf, this_sg);
len -= this_sg;
if (!len)
break;
next_sg = sg_miter_next(miter);
Reported by FlawFinder.
Line: 2176
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((wValue >> 8) != USB_DT_BOS)
goto error;
memcpy(buf, &usb3_bos_desc, sizeof(usb3_bos_desc));
retval = sizeof(usb3_bos_desc);
break;
case GetHubStatus:
*(__le32 *) buf = cpu_to_le32(0);
Reported by FlawFinder.
drivers/thermal/thermal_hwmon.c
6 issues
Line: 96
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
mutex_lock(&thermal_hwmon_list_lock);
list_for_each_entry(hwmon, &thermal_hwmon_list, node) {
strcpy(type, tz->type);
strreplace(type, '-', '_');
if (!strcmp(hwmon->type, type)) {
mutex_unlock(&thermal_hwmon_list_lock);
return hwmon;
}
Reported by FlawFinder.
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* hwmon sys I/F */
/* thermal zone devices with the same type share one hwmon device */
struct thermal_hwmon_device {
char type[THERMAL_NAME_LENGTH];
struct device *device;
int count;
struct list_head tz_list;
struct list_head node;
};
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct thermal_hwmon_attr {
struct device_attribute attr;
char name[16];
};
/* one temperature input for each thermal zone */
struct thermal_hwmon_temp {
struct list_head hwmon_node;
Reported by FlawFinder.
Line: 65
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%d\n", temperature);
}
static ssize_t
temp_crit_show(struct device *dev, struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 84
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%d\n", temperature);
}
static struct thermal_hwmon_device *
thermal_hwmon_lookup_by_type(const struct thermal_zone_device *tz)
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
thermal_hwmon_lookup_by_type(const struct thermal_zone_device *tz)
{
struct thermal_hwmon_device *hwmon;
char type[THERMAL_NAME_LENGTH];
mutex_lock(&thermal_hwmon_list_lock);
list_for_each_entry(hwmon, &thermal_hwmon_list, node) {
strcpy(type, tz->type);
strreplace(type, '-', '_');
Reported by FlawFinder.
drivers/tty/vt/vc_screen.c
6 issues
Line: 527
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* header */
if (pos < HEADER_SIZE) {
char header[HEADER_SIZE];
getconsxy(vc, header + 2);
while (pos < HEADER_SIZE && count > 0) {
count--;
header[pos++] = *con_buf++;
Reported by FlawFinder.
Line: 370
Column: 15
CWE codes:
120
20
struct inode *inode = file_inode(file);
struct vc_data *vc;
struct vcs_poll_data *poll;
unsigned int read;
ssize_t ret;
char *con_buf;
loff_t pos;
bool viewed, attr, uni_mode;
Reported by FlawFinder.
drivers/scsi/mpt3sas/mpt3sas_transport.c
6 issues
Line: 304
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 1;
ioc->transport_cmds.status |= MPT3_CMD_COMPLETE;
if (mpi_reply) {
memcpy(ioc->transport_cmds.reply, mpi_reply,
mpi_reply->MsgLength*4);
ioc->transport_cmds.status |= MPT3_CMD_REPLY_VALID;
}
ioc->transport_cmds.status &= ~MPT3_CMD_PENDING;
complete(&ioc->transport_cmds.done);
Reported by FlawFinder.
Line: 2154
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__func__,
le16_to_cpu(mpi_reply->ResponseDataLength)));
memcpy(job->reply, mpi_reply, sizeof(*mpi_reply));
job->reply_len = sizeof(*mpi_reply);
reslen = le16_to_cpu(mpi_reply->ResponseDataLength);
if (addr_in) {
sg_copy_to_buffer(job->reply_payload.sg_list,
Reported by FlawFinder.
Line: 461
Column: 3
CWE codes:
120
goto out;
manufacture_reply = data_out + sizeof(struct rep_manu_request);
strncpy(edev->vendor_id, manufacture_reply->vendor_id,
SAS_EXPANDER_VENDOR_ID_LEN);
strncpy(edev->product_id, manufacture_reply->product_id,
SAS_EXPANDER_PRODUCT_ID_LEN);
strncpy(edev->product_rev, manufacture_reply->product_rev,
SAS_EXPANDER_PRODUCT_REV_LEN);
Reported by FlawFinder.
Line: 463
Column: 3
CWE codes:
120
manufacture_reply = data_out + sizeof(struct rep_manu_request);
strncpy(edev->vendor_id, manufacture_reply->vendor_id,
SAS_EXPANDER_VENDOR_ID_LEN);
strncpy(edev->product_id, manufacture_reply->product_id,
SAS_EXPANDER_PRODUCT_ID_LEN);
strncpy(edev->product_rev, manufacture_reply->product_rev,
SAS_EXPANDER_PRODUCT_REV_LEN);
edev->level = manufacture_reply->sas_format & 1;
if (edev->level) {
Reported by FlawFinder.
Line: 465
Column: 3
CWE codes:
120
SAS_EXPANDER_VENDOR_ID_LEN);
strncpy(edev->product_id, manufacture_reply->product_id,
SAS_EXPANDER_PRODUCT_ID_LEN);
strncpy(edev->product_rev, manufacture_reply->product_rev,
SAS_EXPANDER_PRODUCT_REV_LEN);
edev->level = manufacture_reply->sas_format & 1;
if (edev->level) {
strncpy(edev->component_vendor_id,
manufacture_reply->component_vendor_id,
Reported by FlawFinder.
Line: 469
Column: 4
CWE codes:
120
SAS_EXPANDER_PRODUCT_REV_LEN);
edev->level = manufacture_reply->sas_format & 1;
if (edev->level) {
strncpy(edev->component_vendor_id,
manufacture_reply->component_vendor_id,
SAS_EXPANDER_COMPONENT_VENDOR_ID_LEN);
tmp = (u8 *)&manufacture_reply->component_id;
edev->component_id = tmp[0] << 8 | tmp[1];
edev->component_revision_id =
Reported by FlawFinder.
drivers/usb/gadget/function/f_uac2.c
6 issues
Line: 1292
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
str = "unknown"; \
break; \
} \
result = sprintf(page, "%s\n", str); \
mutex_unlock(&opts->lock); \
\
return result; \
} \
\
Reported by FlawFinder.
Line: 83
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
STR_AS_IN_ALT1,
};
static char clksrc_in[8];
static char clksrc_out[8];
static struct usb_string strings_fn[] = {
[STR_ASSOC].s = "Source/Sink",
[STR_IF_CTRL].s = "Topology Control",
Reported by FlawFinder.
Line: 84
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static char clksrc_in[8];
static char clksrc_out[8];
static struct usb_string strings_fn[] = {
[STR_ASSOC].s = "Source/Sink",
[STR_IF_CTRL].s = "Topology Control",
[STR_CLKSRC_IN].s = clksrc_in,
Reported by FlawFinder.
Line: 1080
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c.dCUR = cpu_to_le32(c_srate);
value = min_t(unsigned, w_length, sizeof c);
memcpy(req->buf, &c, value);
} else if (control_selector == UAC2_CS_CONTROL_CLOCK_VALID) {
*(u8 *)req->buf = 1;
value = min_t(unsigned, w_length, 1);
} else {
dev_err(&agdev->gadget->dev,
Reported by FlawFinder.
Line: 1125
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
r.wNumSubRanges = cpu_to_le16(1);
value = min_t(unsigned, w_length, sizeof r);
memcpy(req->buf, &r, value);
} else {
dev_err(&agdev->gadget->dev,
"%s:%d control_selector=%d TODO!\n",
__func__, __LINE__, control_selector);
}
Reported by FlawFinder.
Line: 1239
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result; \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%u\n", opts->name); \
mutex_unlock(&opts->lock); \
\
return result; \
} \
\
Reported by FlawFinder.
drivers/video/fbdev/amifb.c
6 issues
Line: 1879
CWE codes:
768
asm volatile ("movew %1@(%3:w:2),%0 ; swap %0 ; movew %1@+,%0"
: "=d" (datawords), "=a" (lspr) : "1" (lspr), "d" (delta));
#else
datawords = (*(lspr + delta) << 16) | (*lspr++);
#endif
}
--bits;
#ifdef __mc68000__
asm volatile (
Reported by Cppcheck.
Line: 3564
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!info)
return -ENOMEM;
strcpy(info->fix.id, "Amiga ");
info->fix.visual = FB_VISUAL_PSEUDOCOLOR;
info->fix.accel = FB_ACCEL_AMIGABLITT;
switch (amiga_chipset) {
#ifdef CONFIG_FB_AMIGA_OCS
Reported by FlawFinder.
Line: 3571
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
switch (amiga_chipset) {
#ifdef CONFIG_FB_AMIGA_OCS
case CS_OCS:
strcat(info->fix.id, "OCS");
default_chipset:
chipset = TAG_OCS;
maxdepth[TAG_SHRES] = 0; /* OCS means no SHRES */
maxdepth[TAG_HIRES] = 4;
maxdepth[TAG_LORES] = 6;
Reported by FlawFinder.
Line: 3585
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
#ifdef CONFIG_FB_AMIGA_ECS
case CS_ECS:
strcat(info->fix.id, "ECS");
chipset = TAG_ECS;
maxdepth[TAG_SHRES] = 2;
maxdepth[TAG_HIRES] = 4;
maxdepth[TAG_LORES] = 6;
maxfmode = TAG_FMODE_1;
Reported by FlawFinder.
Line: 3607
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
#ifdef CONFIG_FB_AMIGA_AGA
case CS_AGA:
strcat(info->fix.id, "AGA");
chipset = TAG_AGA;
maxdepth[TAG_SHRES] = 8;
maxdepth[TAG_HIRES] = 8;
maxdepth[TAG_LORES] = 8;
maxfmode = TAG_FMODE_4;
Reported by FlawFinder.
Line: 3625
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
default:
#ifdef CONFIG_FB_AMIGA_OCS
printk("Unknown graphics chipset, defaulting to OCS\n");
strcat(info->fix.id, "Unknown");
goto default_chipset;
#else /* CONFIG_FB_AMIGA_OCS */
err = -ENODEV;
goto release;
#endif /* CONFIG_FB_AMIGA_OCS */
Reported by FlawFinder.
drivers/video/fbdev/atafb.c
6 issues
Line: 562
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
int mode;
strcpy(fix->id, "Atari Builtin");
fix->smem_start = phys_screen_base;
fix->smem_len = screen_len;
fix->type = FB_TYPE_INTERLEAVED_PLANES;
fix->type_aux = 2;
fix->visual = FB_VISUAL_PSEUDOCOLOR;
Reported by FlawFinder.
Line: 858
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static int falcon_encode_fix(struct fb_fix_screeninfo *fix,
struct atafb_par *par)
{
strcpy(fix->id, "Atari Builtin");
fix->smem_start = phys_screen_base;
fix->smem_len = screen_len;
fix->type = FB_TYPE_INTERLEAVED_PLANES;
fix->type_aux = 2;
fix->visual = FB_VISUAL_PSEUDOCOLOR;
Reported by FlawFinder.
Line: 1784
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
int mode;
strcpy(fix->id, "Atari Builtin");
fix->smem_start = phys_screen_base;
fix->smem_len = screen_len;
fix->type = FB_TYPE_INTERLEAVED_PLANES;
fix->type_aux = 2;
fix->visual = FB_VISUAL_PSEUDOCOLOR;
Reported by FlawFinder.
Line: 2083
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static int ext_encode_fix(struct fb_fix_screeninfo *fix, struct atafb_par *par)
{
strcpy(fix->id, "Unknown Extern");
fix->smem_start = external_addr;
fix->smem_len = PAGE_ALIGN(external_len);
if (external_depth == 1) {
fix->type = FB_TYPE_PACKED_PIXELS;
/* The letters 'n' and 'i' in the "atavideo=external:" stand
Reported by FlawFinder.
Line: 2740
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void check_default_par(int detected_mode)
{
char default_name[10];
int i;
struct fb_var_screeninfo var;
unsigned long min_mem;
/* First try the user supplied mode */
Reported by FlawFinder.
Line: 2763
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!default_par) {
/* try default1, default2... */
for (i = 1; i < 10; i++) {
sprintf(default_name,"default%d", i);
default_par = get_video_mode(default_name);
if (!default_par)
panic("can't set default video mode");
var = atafb_predefined[default_par - 1];
var.activate = FB_ACTIVATE_TEST;
Reported by FlawFinder.