The following issues were found
drivers/video/fbdev/aty/radeon_monitor.c
6 issues
Line: 170
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int radeon_get_panel_info_BIOS(struct radeonfb_info *rinfo)
{
unsigned long tmp, tmp0;
char stmp[30];
int i;
if (!rinfo->bios_seg)
return 0;
Reported by FlawFinder.
Line: 376
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int radeon_parse_monitor_layout(struct radeonfb_info *rinfo,
const char *monitor_layout)
{
char s1[5], s2[5];
int i = 0, second = 0;
const char *s;
if (!monitor_layout)
return 0;
Reported by FlawFinder.
Line: 846
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (rinfo->mon1_type != MT_CRT && !rinfo->panel_info.valid) {
struct fb_videomode *modedb;
int dbsize;
char modename[32];
pr_debug("Guessing panel info...\n");
if (rinfo->panel_info.xres == 0 || rinfo->panel_info.yres == 0) {
u32 tmp = INREG(FP_HORZ_STRETCH) & HORZ_PANEL_SIZE;
rinfo->panel_info.xres = ((tmp >> HORZ_PANEL_SHIFT) + 1) * 8;
Reported by FlawFinder.
Line: 984
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct fb_videomode *candidate = NULL;
/* Start with a copy of the requested mode */
memcpy(dest, src, sizeof(struct fb_var_screeninfo));
/* Check if we have a modedb built from EDID */
if (rinfo->mon1_modedb) {
db = rinfo->mon1_modedb;
dbsize = rinfo->mon1_dbsize;
Reported by FlawFinder.
Line: 141
Column: 10
CWE codes:
126
pname = of_get_property(dp, "name", NULL);
if (!pname)
return MT_NONE;
len = strlen(pname);
pr_debug("head: %s (letter: %c, head_no: %d)\n",
pname, pname[len-1], head_no);
if (pname[len-1] == 'A' && head_no == 0) {
int mt = radeon_parse_montype_prop(dp, out_EDID, 0);
/* Maybe check for LVDS_GEN_CNTL here ? I need to check out
Reported by FlawFinder.
Line: 741
Column: 7
CWE codes:
126
root = of_find_node_by_path("/");
if (root && model) {
l = strlen(model);
cp = of_get_property(root, "model", &len);
if (cp)
rc = memcmp(model, cp, min(len, l)) == 0;
of_node_put(root);
}
Reported by FlawFinder.
drivers/staging/ks7010/ks_wlan.h
6 issues
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* WPA */
struct scan_ext {
unsigned int flag;
char ssid[IW_ESSID_MAX_SIZE + 1];
};
#define CIPHER_ID_WPA_NONE "\x00\x50\xf2\x00"
#define CIPHER_ID_WPA_WEP40 "\x00\x50\xf2\x01"
#define CIPHER_ID_WPA_TKIP "\x00\x50\xf2\x02"
Reported by FlawFinder.
Line: 415
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @size: Size of @data.
*/
struct rx_device_buffer {
unsigned char data[RX_DATA_SIZE];
unsigned int size;
};
/**
* struct rx_device - Rx buffer queue.
Reported by FlawFinder.
Line: 456
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct work_struct wakeup_work;
int scan_ind_count;
unsigned char eth_addr[ETH_ALEN];
struct local_aplist aplist;
struct local_ap current_ap;
struct power_save_status psstatus;
struct sleep_status sleepstatus;
Reported by FlawFinder.
Line: 468
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ks_wlan_parameter reg;
u8 current_rate;
char nick[IW_ESSID_MAX_SIZE + 1];
spinlock_t multicast_spin;
spinlock_t dev_read_lock;
wait_queue_head_t devread_wait;
Reported by FlawFinder.
Line: 483
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
atomic_t rec_count;
int dev_count;
#define DEVICE_STOCK_COUNT 20
unsigned char *dev_data[DEVICE_STOCK_COUNT];
int dev_size[DEVICE_STOCK_COUNT];
/* ioctl : IOCTL_FIRMWARE_VERSION */
unsigned char firmware_version[128 + 1];
int version_size;
Reported by FlawFinder.
Line: 487
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int dev_size[DEVICE_STOCK_COUNT];
/* ioctl : IOCTL_FIRMWARE_VERSION */
unsigned char firmware_version[128 + 1];
int version_size;
bool mac_address_valid;
int dev_state;
Reported by FlawFinder.
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_debugfs.c
6 issues
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct seq_file *f = (struct seq_file *)file->private_data;
int *levp = f->private;
char kbuf[DEBUGFS_WRITE_BUF_SIZE + 1];
memset(kbuf, 0, DEBUGFS_WRITE_BUF_SIZE + 1);
if (count >= DEBUGFS_WRITE_BUF_SIZE)
count = DEBUGFS_WRITE_BUF_SIZE;
Reported by FlawFinder.
Line: 185
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* add an instance (process) to the debugfs entries */
void vchiq_debugfs_add_instance(struct vchiq_instance *instance)
{
char pidstr[16];
struct dentry *top;
snprintf(pidstr, sizeof(pidstr), "%d",
vchiq_instance_get_pid(instance));
Reported by FlawFinder.
Line: 89
Column: 29
CWE codes:
126
return -EFAULT;
kbuf[count - 1] = 0;
if (strncmp("error", kbuf, strlen("error")) == 0)
*levp = VCHIQ_LOG_ERROR;
else if (strncmp("warning", kbuf, strlen("warning")) == 0)
*levp = VCHIQ_LOG_WARNING;
else if (strncmp("info", kbuf, strlen("info")) == 0)
*levp = VCHIQ_LOG_INFO;
Reported by FlawFinder.
Line: 91
Column: 36
CWE codes:
126
if (strncmp("error", kbuf, strlen("error")) == 0)
*levp = VCHIQ_LOG_ERROR;
else if (strncmp("warning", kbuf, strlen("warning")) == 0)
*levp = VCHIQ_LOG_WARNING;
else if (strncmp("info", kbuf, strlen("info")) == 0)
*levp = VCHIQ_LOG_INFO;
else if (strncmp("trace", kbuf, strlen("trace")) == 0)
*levp = VCHIQ_LOG_TRACE;
Reported by FlawFinder.
Line: 93
Column: 33
CWE codes:
126
*levp = VCHIQ_LOG_ERROR;
else if (strncmp("warning", kbuf, strlen("warning")) == 0)
*levp = VCHIQ_LOG_WARNING;
else if (strncmp("info", kbuf, strlen("info")) == 0)
*levp = VCHIQ_LOG_INFO;
else if (strncmp("trace", kbuf, strlen("trace")) == 0)
*levp = VCHIQ_LOG_TRACE;
else
*levp = VCHIQ_LOG_DEFAULT;
Reported by FlawFinder.
Line: 95
Column: 34
CWE codes:
126
*levp = VCHIQ_LOG_WARNING;
else if (strncmp("info", kbuf, strlen("info")) == 0)
*levp = VCHIQ_LOG_INFO;
else if (strncmp("trace", kbuf, strlen("trace")) == 0)
*levp = VCHIQ_LOG_TRACE;
else
*levp = VCHIQ_LOG_DEFAULT;
*ppos += count;
Reported by FlawFinder.
drivers/staging/unisys/visorhba/visorhba_main.c
6 issues
Line: 587
.eh_device_reset_handler = visorhba_device_reset_handler,
.eh_bus_reset_handler = visorhba_bus_reset_handler,
.eh_host_reset_handler = visorhba_host_reset_handler,
.shost_attrs = NULL,
#define visorhba_MAX_CMNDS 128
.can_queue = visorhba_MAX_CMNDS,
.sg_tablesize = 64,
.this_id = -1,
.slave_alloc = visorhba_slave_alloc,
Reported by Cppcheck.
Line: 488
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* save datadir */
cmdrsp->scsi.data_dir =
dma_data_dir_linux_to_spar(scsicmd->sc_data_direction);
memcpy(cmdrsp->scsi.cmnd, cdb, MAX_CMND_SIZE);
cmdrsp->scsi.bufflen = scsi_bufflen(scsicmd);
/* keep track of the max buffer length so far. */
if (cmdrsp->scsi.bufflen > devdata->max_buff_len)
devdata->max_buff_len = cmdrsp->scsi.bufflen;
Reported by FlawFinder.
Line: 743
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct scsi_device *scsidev;
scsidev = scsicmd->device;
memcpy(scsicmd->sense_buffer, cmdrsp->scsi.sensebuf, MAX_SENSE_SIZE);
/* Do not log errors for disk-not-present inquiries */
if (cmdrsp->scsi.cmnd[0] == INQUIRY &&
(host_byte(cmdrsp->scsi.linuxstat) == DID_NO_CONNECT) &&
cmdrsp->scsi.addlstat == ADDL_SEL_TIMEOUT)
Reported by FlawFinder.
Line: 814
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scsidev->lun == 0);
if (scsi_sg_count(scsicmd) == 0) {
memcpy(scsi_sglist(scsicmd), buf,
cmdrsp->scsi.bufflen);
kfree(buf);
return;
}
Reported by FlawFinder.
Line: 824
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
this_page_orig = kmap_atomic(sg_page(sg));
this_page = (void *)((unsigned long)this_page_orig |
sg->offset);
memcpy(this_page, buf + bufind, sg->length);
kunmap_atomic(this_page_orig);
}
kfree(buf);
} else {
vdisk = scsidev->hostdata;
Reported by FlawFinder.
Line: 772
Column: 2
CWE codes:
120
buf[0] = DEV_NOT_CAPABLE;
}
buf[4] = NO_DISK_INQUIRY_RESULT_LEN - 5;
strncpy(buf + 8, "DELLPSEUDO DEVICE .", NO_DISK_INQUIRY_RESULT_LEN - 8);
return 0;
}
/*
* do_scsi_nolinuxstat - Scsi command didn't have linuxstat
Reported by FlawFinder.
drivers/staging/vt6655/baseband.c
6 issues
Line: 55
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*--------------------- Static Variables --------------------------*/
#define CB_VT3253_INIT_FOR_RFMD 446
static const unsigned char by_vt3253_init_tab_rfmd[CB_VT3253_INIT_FOR_RFMD][2] = {
{0x00, 0x30},
{0x01, 0x00},
{0x02, 0x00},
{0x03, 0x00},
{0x04, 0x00},
Reported by FlawFinder.
Line: 505
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
#define CB_VT3253B0_INIT_FOR_RFMD 256
static const unsigned char byVT3253B0_RFMD[CB_VT3253B0_INIT_FOR_RFMD][2] = {
{0x00, 0x31},
{0x01, 0x00},
{0x02, 0x00},
{0x03, 0x00},
{0x04, 0x00},
Reported by FlawFinder.
Line: 767
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define CB_VT3253B0_AGC_FOR_RFMD2959 195
/* For RFMD2959 */
static
unsigned char byVT3253B0_AGC4_RFMD2959[CB_VT3253B0_AGC_FOR_RFMD2959][2] = {
{0xF0, 0x00},
{0xF1, 0x3E},
{0xF0, 0x80},
{0xF0, 0x00},
{0xF1, 0x3E},
Reported by FlawFinder.
Line: 968
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define CB_VT3253B0_INIT_FOR_AIROHA2230 256
/* For AIROHA */
static
unsigned char byVT3253B0_AIROHA2230[CB_VT3253B0_INIT_FOR_AIROHA2230][2] = {
{0x00, 0x31},
{0x01, 0x00},
{0x02, 0x00},
{0x03, 0x00},
{0x04, 0x00},
Reported by FlawFinder.
Line: 1229
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define CB_VT3253B0_INIT_FOR_UW2451 256
/* For UW2451 */
static unsigned char byVT3253B0_UW2451[CB_VT3253B0_INIT_FOR_UW2451][2] = {
{0x00, 0x31},
{0x01, 0x00},
{0x02, 0x00},
{0x03, 0x00},
{0x04, 0x00},
Reported by FlawFinder.
Line: 1490
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define CB_VT3253B0_AGC 193
/* For AIROHA */
static unsigned char byVT3253B0_AGC[CB_VT3253B0_AGC][2] = {
{0xF0, 0x00},
{0xF1, 0x00},
{0xF0, 0x80},
{0xF0, 0x01},
{0xF1, 0x00},
Reported by FlawFinder.
drivers/spi/spi-cadence-quadspi.c
6 issues
Line: 567
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Put the read value into rx_buf */
read_len = (n_rx > 4) ? 4 : n_rx;
memcpy(rxbuf, ®, read_len);
rxbuf += read_len;
if (n_rx > 4) {
reg = readl(reg_base + CQSPI_REG_CMDREADDATAUPPER);
Reported by FlawFinder.
Line: 574
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reg = readl(reg_base + CQSPI_REG_CMDREADDATAUPPER);
read_len = n_rx - read_len;
memcpy(rxbuf, ®, read_len);
}
return 0;
}
Reported by FlawFinder.
Line: 634
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
<< CQSPI_REG_CMDCTRL_WR_BYTES_LSB;
data = 0;
write_len = (n_tx > 4) ? 4 : n_tx;
memcpy(&data, txbuf, write_len);
txbuf += write_len;
writel(data, reg_base + CQSPI_REG_CMDWRITEDATALOWER);
if (n_tx > 4) {
data = 0;
Reported by FlawFinder.
Line: 641
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (n_tx > 4) {
data = 0;
write_len = n_tx - 4;
memcpy(&data, txbuf, write_len);
writel(data, reg_base + CQSPI_REG_CMDWRITEDATAUPPER);
}
}
return cqspi_exec_flash_cmd(cqspi, reg);
Reported by FlawFinder.
Line: 745
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int temp = ioread32(ahb_base);
bytes_to_read = mod_bytes;
memcpy(rxbuf, &temp, min((unsigned int)
(rxbuf_end - rxbuf),
bytes_to_read));
}
rxbuf += bytes_to_read;
remaining -= bytes_to_read;
Reported by FlawFinder.
Line: 879
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (mod_bytes) {
unsigned int temp = 0xFFFFFFFF;
memcpy(&temp, txbuf, mod_bytes);
iowrite32(temp, cqspi->ahb_base);
txbuf += mod_bytes;
}
if (!wait_for_completion_timeout(&cqspi->transfer_complete,
Reported by FlawFinder.
drivers/usb/gadget/legacy/inode.c
6 issues
Line: 198
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usb_ep *ep;
struct usb_request *req;
ssize_t status;
char name [16];
struct usb_endpoint_descriptor desc, hs_desc;
struct list_head epfiles;
wait_queue_head_t wait;
struct dentry *dentry;
};
Reported by FlawFinder.
Line: 737
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail0;
/* we might need to change message format someday */
memcpy(&tag, buf, 4);
if (tag != 1) {
DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
goto fail0;
}
buf += 4;
Reported by FlawFinder.
Line: 750
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
/* full/low speed descriptor, then high speed */
memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
|| data->desc.bDescriptorType != USB_DT_ENDPOINT)
goto fail0;
if (len != USB_DT_ENDPOINT_SIZE) {
if (len != 2 * USB_DT_ENDPOINT_SIZE)
Reported by FlawFinder.
Line: 757
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len != USB_DT_ENDPOINT_SIZE) {
if (len != 2 * USB_DT_ENDPOINT_SIZE)
goto fail0;
memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
USB_DT_ENDPOINT_SIZE);
if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
|| data->hs_desc.bDescriptorType
!= USB_DT_ENDPOINT) {
DBG(data->dev, "config %s, bad hs length or type\n",
Reported by FlawFinder.
Line: 1298
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qual.bNumConfigurations = 1;
qual.bRESERVED = 0;
memcpy (dev->rbuf, &qual, sizeof qual);
}
static int
config_buf (struct dev_data *dev, u8 type, unsigned index)
{
Reported by FlawFinder.
Line: 1590
Column: 3
CWE codes:
120
mutex_init(&data->lock);
init_waitqueue_head (&data->wait);
strncpy (data->name, ep->name, sizeof (data->name) - 1);
refcount_set (&data->count, 1);
data->dev = dev;
get_dev (dev);
data->ep = ep;
Reported by FlawFinder.
drivers/staging/rtl8723bs/os_dep/recv_linux.c
6 issues
Line: 80
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* EtherType
*/
skb_pull(sub_skb, SNAP_SIZE);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
} else {
__be16 len;
/* Leave Ethernet header part of hdr and full payload */
len = htons(sub_skb->len);
Reported by FlawFinder.
Line: 81
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
skb_pull(sub_skb, SNAP_SIZE);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
} else {
__be16 len;
/* Leave Ethernet header part of hdr and full payload */
len = htons(sub_skb->len);
memcpy(skb_push(sub_skb, 2), &len, 2);
Reported by FlawFinder.
Line: 86
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__be16 len;
/* Leave Ethernet header part of hdr and full payload */
len = htons(sub_skb->len);
memcpy(skb_push(sub_skb, 2), &len, 2);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
}
return sub_skb;
Reported by FlawFinder.
Line: 87
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Leave Ethernet header part of hdr and full payload */
len = htons(sub_skb->len);
memcpy(skb_push(sub_skb, 2), &len, 2);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
}
return sub_skb;
}
Reported by FlawFinder.
Line: 88
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = htons(sub_skb->len);
memcpy(skb_push(sub_skb, 2), &len, 2);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->src, ETH_ALEN);
memcpy(skb_push(sub_skb, ETH_ALEN), pattrib->dst, ETH_ALEN);
}
return sub_skb;
}
Reported by FlawFinder.
Line: 181
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ev.src_addr.sa_family = ARPHRD_ETHER;
memcpy(ev.src_addr.sa_data, &pmlmepriv->assoc_bssid[0], ETH_ALEN);
memset(&wrqu, 0x00, sizeof(wrqu));
wrqu.data.length = sizeof(ev);
}
Reported by FlawFinder.
drivers/staging/iio/resolver/ad2s1210.c
6 issues
Line: 205
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ad2s1210_state *st = iio_priv(dev_to_iio_dev(dev));
return sprintf(buf, "%u\n", st->fclkin);
}
static ssize_t ad2s1210_store_fclkin(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
Line: 244
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ad2s1210_state *st = iio_priv(dev_to_iio_dev(dev));
return sprintf(buf, "%u\n", st->fexcit);
}
static ssize_t ad2s1210_store_fexcit(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 285
Column: 25
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&st->lock);
ret = ad2s1210_config_read(st, AD2S1210_REG_CONTROL);
mutex_unlock(&st->lock);
return ret < 0 ? ret : sprintf(buf, "0x%x\n", ret);
}
static ssize_t ad2s1210_store_control(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 336
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ad2s1210_state *st = iio_priv(dev_to_iio_dev(dev));
return sprintf(buf, "%d\n", st->resolution);
}
static ssize_t ad2s1210_store_resolution(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t len)
Reported by FlawFinder.
Line: 395
Column: 21
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = ad2s1210_config_read(st, AD2S1210_REG_FAULT);
mutex_unlock(&st->lock);
return ret ? ret : sprintf(buf, "0x%x\n", ret);
}
static ssize_t ad2s1210_clear_fault(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
Line: 434
Column: 25
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = ad2s1210_config_read(st, iattr->address);
mutex_unlock(&st->lock);
return ret < 0 ? ret : sprintf(buf, "%d\n", ret);
}
static ssize_t ad2s1210_store_reg(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t len)
Reported by FlawFinder.
drivers/tty/serial/samsung_tty.c
6 issues
Line: 1442
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk *clk;
unsigned long rate;
unsigned int cnt, baud, quot, best_quot = 0;
char clkname[MAX_CLK_NAME_LENGTH];
int calc_deviation, deviation = (1 << 30) - 1;
for (cnt = 0; cnt < info->num_clks; cnt++) {
/* Keep selected clock if provided */
if (ourport->cfg->clk_sel &&
Reported by FlawFinder.
Line: 1451
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
!(ourport->cfg->clk_sel & (1 << cnt)))
continue;
sprintf(clkname, "clk_uart_baud%d", cnt);
clk = clk_get(ourport->port.dev, clkname);
if (IS_ERR(clk))
continue;
rate = clk_get_rate(clk);
Reported by FlawFinder.
Line: 1974
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct device *dev = ourport->port.dev;
struct s3c24xx_uart_info *info = ourport->info;
char clk_name[MAX_CLK_NAME_LENGTH];
unsigned int clk_sel;
struct clk *clk;
int clk_num;
int ret;
Reported by FlawFinder.
Line: 1985
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(clk_sel & (1 << clk_num)))
continue;
sprintf(clk_name, "clk_uart_baud%d", clk_num);
clk = clk_get(dev, clk_name);
if (IS_ERR(clk))
continue;
ret = clk_prepare_enable(clk);
Reported by FlawFinder.
Line: 2504
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int ubrdiv;
unsigned long rate;
unsigned int clk_sel;
char clk_name[MAX_CLK_NAME_LENGTH];
ulcon = rd_regl(port, S3C2410_ULCON);
ucon = rd_regl(port, S3C2410_UCON);
ubrdiv = rd_regl(port, S3C2410_UBRDIV);
Reported by FlawFinder.
Line: 2544
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* now calculate the baud rate */
clk_sel = s3c24xx_serial_getsource(port);
sprintf(clk_name, "clk_uart_baud%d", clk_sel);
clk = clk_get(port->dev, clk_name);
if (!IS_ERR(clk))
rate = clk_get_rate(clk);
else
Reported by FlawFinder.