The following issues were found
drivers/scsi/scsi_scan.c
6 issues
Line: 100
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SCSI_SCAN_TYPE_DEFAULT "sync"
#endif
char scsi_scan_type[7] = SCSI_SCAN_TYPE_DEFAULT;
module_param_string(scan, scsi_scan_type, sizeof(scsi_scan_type),
S_IRUGO|S_IWUSR);
MODULE_PARM_DESC(scan, "sync, async, manual, or none. "
"Setting to 'manual' disables automatic scanning, but allows "
Reported by FlawFinder.
Line: 188
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void scsi_unlock_floptical(struct scsi_device *sdev,
unsigned char *result)
{
unsigned char scsi_cmd[MAX_COMMAND_SIZE];
sdev_printk(KERN_NOTICE, sdev, "unlocking floptical drive\n");
scsi_cmd[0] = MODE_SENSE;
scsi_cmd[1] = 0;
scsi_cmd[2] = 0x2e;
Reported by FlawFinder.
Line: 585
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int scsi_probe_lun(struct scsi_device *sdev, unsigned char *inq_result,
int result_len, blist_flags_t *bflags)
{
unsigned char scsi_cmd[MAX_COMMAND_SIZE];
int first_inquiry_len, try_inquiry_len, next_inquiry_len;
int response_len = 0;
int pass, count, result;
struct scsi_sense_hdr sshdr;
Reported by FlawFinder.
Line: 1133
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
" added\n"))
if (lun == 0) {
SCSI_LOG_SCAN_BUS(1, {
unsigned char vend[9];
unsigned char mod[17];
sdev_printk(KERN_INFO, sdev,
"scsi scan: consider passing scsi_mod."
"dev_flags=%s:%s:0x240 or 0x1000240\n",
Reported by FlawFinder.
Line: 1134
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (lun == 0) {
SCSI_LOG_SCAN_BUS(1, {
unsigned char vend[9];
unsigned char mod[17];
sdev_printk(KERN_INFO, sdev,
"scsi scan: consider passing scsi_mod."
"dev_flags=%s:%s:0x240 or 0x1000240\n",
scsi_inq_str(vend, result, 8, 16),
Reported by FlawFinder.
Line: 1314
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int scsi_report_lun_scan(struct scsi_target *starget, blist_flags_t bflags,
enum scsi_scan_mode rescan)
{
unsigned char scsi_cmd[MAX_COMMAND_SIZE];
unsigned int length;
u64 lun;
unsigned int num_luns;
unsigned int retries;
int result;
Reported by FlawFinder.
drivers/usb/storage/sddr55.c
6 issues
Line: 100
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *pba_to_lba; /* physical to logical map */
int fatal_error; /* set if we detect something nasty */
unsigned long last_access; /* number of jiffies since we last talked to device */
unsigned char sense_data[18];
};
#define NOT_ALLOCATED 0xffffffff
#define BAD_BLOCK 0xffff
Reported by FlawFinder.
Line: 778
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sddr55_transport(struct scsi_cmnd *srb, struct us_data *us)
{
int result;
static unsigned char inquiry_response[8] = {
0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
};
// write-protected for now, no block descriptor support
static unsigned char mode_page_01[20] = {
0x0, 0x12, 0x00, 0x80, 0x0, 0x0, 0x0, 0x0,
Reported by FlawFinder.
Line: 782
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x80, 0x00, 0x02, 0x1F, 0x00, 0x00, 0x00
};
// write-protected for now, no block descriptor support
static unsigned char mode_page_01[20] = {
0x0, 0x12, 0x00, 0x80, 0x0, 0x0, 0x0, 0x0,
0x01, 0x0A,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
unsigned char *ptr = us->iobuf;
Reported by FlawFinder.
Line: 811
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->sense_data[12],
info->sense_data[13]);
memcpy (ptr, info->sense_data, sizeof info->sense_data);
ptr[0] = 0x70;
ptr[7] = 11;
usb_stor_set_xfer_buf (ptr, sizeof info->sense_data, srb);
memset (info->sense_data, 0, sizeof info->sense_data);
Reported by FlawFinder.
Line: 828
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (srb->cmnd[0] == INQUIRY) {
memcpy(ptr, inquiry_response, 8);
fill_inquiry_response(us, ptr, 36);
return USB_STOR_TRANSPORT_GOOD;
}
/*
Reported by FlawFinder.
Line: 897
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (srb->cmnd[0] == MODE_SENSE_10) {
memcpy(ptr, mode_page_01, sizeof mode_page_01);
ptr[3] = (info->read_only || info->force_read_only) ? 0x80 : 0;
usb_stor_set_xfer_buf(ptr, sizeof(mode_page_01), srb);
if ( (srb->cmnd[2] & 0x3F) == 0x01 ) {
usb_stor_dbg(us, "Dummy up request for mode page 1\n");
Reported by FlawFinder.
drivers/staging/rtl8723bs/core/rtw_ioctl_set.c
6 issues
Line: 98
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pibss = padapter->registrypriv.dev_network.MacAddress;
memcpy(&pdev_network->Ssid, &pmlmepriv->assoc_ssid, sizeof(struct ndis_802_11_ssid));
rtw_update_registrypriv_dev_network(padapter);
rtw_generate_random_ibss(pibss);
Reported by FlawFinder.
Line: 186
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memset(&pmlmepriv->assoc_ssid, 0, sizeof(struct ndis_802_11_ssid));
memcpy(&pmlmepriv->assoc_bssid, bssid, ETH_ALEN);
pmlmepriv->assoc_by_bssid = true;
if (check_fwstate(pmlmepriv, _FW_UNDER_SURVEY) == true)
pmlmepriv->to_join = true;
else
Reported by FlawFinder.
Line: 273
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto release_mlme_lock;
}
memcpy(&pmlmepriv->assoc_ssid, ssid, sizeof(struct ndis_802_11_ssid));
pmlmepriv->assoc_by_bssid = false;
if (check_fwstate(pmlmepriv, _FW_UNDER_SURVEY) == true)
pmlmepriv->to_join = true;
else
Reported by FlawFinder.
Line: 329
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (ssid && ssid_valid)
memcpy(&pmlmepriv->assoc_ssid, ssid, sizeof(struct ndis_802_11_ssid));
else
memset(&pmlmepriv->assoc_ssid, 0, sizeof(struct ndis_802_11_ssid));
if (bssid && bssid_valid) {
memcpy(&pmlmepriv->assoc_bssid, bssid, ETH_ALEN);
Reported by FlawFinder.
Line: 334
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&pmlmepriv->assoc_ssid, 0, sizeof(struct ndis_802_11_ssid));
if (bssid && bssid_valid) {
memcpy(&pmlmepriv->assoc_bssid, bssid, ETH_ALEN);
pmlmepriv->assoc_by_bssid = true;
} else {
pmlmepriv->assoc_by_bssid = false;
}
Reported by FlawFinder.
Line: 516
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memcpy(&(psecuritypriv->dot11DefKey[keyid].skey[0]), &(wep->KeyMaterial), wep->KeyLength);
psecuritypriv->dot11DefKeylen[keyid] = wep->KeyLength;
psecuritypriv->dot11PrivacyKeyIndex = keyid;
Reported by FlawFinder.
drivers/video/fbdev/neofb.c
6 issues
Line: 1793
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// 640x480@60
par->NeoPanelWidth = 640;
par->NeoPanelHeight = 480;
memcpy(info->monspecs.modedb, &vesa_modes[3], sizeof(struct fb_videomode));
break;
case 0x01:
par->NeoPanelWidth = 800;
if (par->libretto) {
par->NeoPanelHeight = 480;
Reported by FlawFinder.
Line: 1799
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
par->NeoPanelWidth = 800;
if (par->libretto) {
par->NeoPanelHeight = 480;
memcpy(info->monspecs.modedb, &mode800x480, sizeof(struct fb_videomode));
} else {
// 800x600@60
par->NeoPanelHeight = 600;
memcpy(info->monspecs.modedb, &vesa_modes[8], sizeof(struct fb_videomode));
}
Reported by FlawFinder.
Line: 1803
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
// 800x600@60
par->NeoPanelHeight = 600;
memcpy(info->monspecs.modedb, &vesa_modes[8], sizeof(struct fb_videomode));
}
break;
case 0x02:
// 1024x768@60
par->NeoPanelWidth = 1024;
Reported by FlawFinder.
Line: 1810
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// 1024x768@60
par->NeoPanelWidth = 1024;
par->NeoPanelHeight = 768;
memcpy(info->monspecs.modedb, &vesa_modes[13], sizeof(struct fb_videomode));
break;
case 0x03:
/* 1280x1024@60 panel support needs to be added */
#ifdef NOT_DONE
par->NeoPanelWidth = 1280;
Reported by FlawFinder.
Line: 1817
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef NOT_DONE
par->NeoPanelWidth = 1280;
par->NeoPanelHeight = 1024;
memcpy(info->monspecs.modedb, &vesa_modes[20], sizeof(struct fb_videomode));
break;
#else
printk(KERN_ERR
"neofb: Only 640x480, 800x600/480 and 1024x768 panels are currently supported\n");
kfree(info->monspecs.modedb);
Reported by FlawFinder.
Line: 1829
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// 640x480@60
par->NeoPanelWidth = 640;
par->NeoPanelHeight = 480;
memcpy(info->monspecs.modedb, &vesa_modes[3], sizeof(struct fb_videomode));
break;
}
printk(KERN_INFO "Panel is a %dx%d %s %s display\n",
par->NeoPanelWidth,
Reported by FlawFinder.
drivers/scsi/scsi_transport_srp.c
6 issues
Line: 151
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
name = srp_rport_role_names[i].name;
break;
}
return sprintf(buf, "%s\n", name ? : "unknown");
}
static DEVICE_ATTR(roles, S_IRUGO, show_srp_rport_roles, NULL);
static ssize_t store_srp_rport_delete(struct device *dev,
Reported by FlawFinder.
Line: 187
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct srp_rport *rport = transport_class_to_srp_rport(dev);
enum srp_rport_state state = rport->state;
return sprintf(buf, "%s\n",
(unsigned)state < ARRAY_SIZE(state_name) ?
state_name[state] : "???");
}
static DEVICE_ATTR(state, S_IRUGO, show_srp_rport_state, NULL);
Reported by FlawFinder.
Line: 125
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
struct srp_rport *rport = transport_class_to_srp_rport(dev);
return sprintf(buf, "%16phC\n", rport->port_id);
}
static DEVICE_ATTR(port_id, S_IRUGO, show_srp_rport_id, NULL);
static const struct {
Reported by FlawFinder.
Line: 196
Column: 48
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t srp_show_tmo(char *buf, int tmo)
{
return tmo >= 0 ? sprintf(buf, "%d\n", tmo) : sprintf(buf, "off\n");
}
int srp_parse_tmo(int *tmo, const char *buf)
{
int res = 0;
Reported by FlawFinder.
Line: 196
Column: 20
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t srp_show_tmo(char *buf, int tmo)
{
return tmo >= 0 ? sprintf(buf, "%d\n", tmo) : sprintf(buf, "off\n");
}
int srp_parse_tmo(int *tmo, const char *buf)
{
int res = 0;
Reported by FlawFinder.
Line: 257
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct srp_rport *rport = transport_class_to_srp_rport(dev);
return sprintf(buf, "%d\n", rport->failed_reconnects);
}
static DEVICE_ATTR(failed_reconnects, S_IRUGO, show_failed_reconnects, NULL);
static ssize_t show_srp_rport_fast_io_fail_tmo(struct device *dev,
Reported by FlawFinder.
drivers/usb/misc/sisusbvga/sisusb_con.c
6 issues
Line: 405
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* because the vt does this AFTER calling us.
*/
memcpy(sisusb_vaddr(sisusb, c, x, y), s, count * 2);
if (sisusb_is_inactive(c, sisusb)) {
mutex_unlock(&sisusb->lock);
return;
}
Reported by FlawFinder.
Line: 511
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(int)(sisusb->scrbuf + sisusb->scrbuf_size - c->vc_origin));
/* Restore the screen contents */
memcpy((u16 *)c->vc_origin, (u16 *)c->vc_screenbuf, length);
sisusb_copy_memory(sisusb, (u8 *)c->vc_origin,
sisusb_haddr(sisusb, c, 0, 0), length);
mutex_unlock(&sisusb->lock);
Reported by FlawFinder.
Line: 548
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(int)(sisusb->scrbuf + sisusb->scrbuf_size - c->vc_origin));
/* Save the screen contents to vc's private buffer */
memcpy((u16 *)c->vc_screenbuf, (u16 *)c->vc_origin, length);
mutex_unlock(&sisusb->lock);
}
/* interface routine */
Reported by FlawFinder.
Line: 862
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (c->vc_scr_end + delta >=
sisusb->scrbuf + sisusb->scrbuf_size) {
memcpy((u16 *)sisusb->scrbuf,
(u16 *)(oldorigin + delta),
c->vc_screenbuf_size - delta);
c->vc_origin = sisusb->scrbuf;
sisusb->con_rolled_over = oldorigin - sisusb->scrbuf;
copyall = 1;
Reported by FlawFinder.
Line: 1230
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sisusb->font_backup = vmalloc(array_size(charcount, 32));
if (sisusb->font_backup) {
memcpy(sisusb->font_backup, font->data, array_size(charcount, 32));
sisusb->font_backup_size = charcount;
sisusb->font_backup_height = font->height;
sisusb->font_backup_512 = (charcount == 512) ? 1 : 0;
}
Reported by FlawFinder.
Line: 1271
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy 256 chars only, like vgacon */
memcpy(font->data, sisusb->font_backup, 256 * 32);
mutex_unlock(&sisusb->lock);
return 0;
}
Reported by FlawFinder.
drivers/soc/qcom/qmi_encdec.c
6 issues
Line: 28
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define QMI_ENCDEC_ENCODE_N_BYTES(p_dst, p_src, size) \
do { \
memcpy(p_dst, p_src, size); \
p_dst = (u8 *)p_dst + size; \
p_src = (u8 *)p_src + size; \
} while (0)
#define QMI_ENCDEC_DECODE_N_BYTES(p_dst, p_src, size) \
Reported by FlawFinder.
Line: 35
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define QMI_ENCDEC_DECODE_N_BYTES(p_dst, p_src, size) \
do { \
memcpy(p_dst, p_src, size); \
p_dst = (u8 *)p_dst + size; \
p_src = (u8 *)p_src + size; \
} while (0)
#define UPDATE_ENCODE_VARIABLES(temp_si, buf_dst, \
Reported by FlawFinder.
Line: 341
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case QMI_DATA_LEN:
memcpy(&data_len_value, buf_src, temp_ei->elem_size);
data_len_sz = temp_ei->elem_size == sizeof(u8) ?
sizeof(u8) : sizeof(u16);
/* Check to avoid out of range buffer access */
if ((data_len_sz + encoded_bytes + TLV_LEN_SIZE +
TLV_TYPE_SIZE) > out_buf_len) {
Reported by FlawFinder.
Line: 637
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf_dst = out_c_struct + temp_ei->offset;
if (temp_ei->data_type == QMI_OPT_FLAG) {
memcpy(buf_dst, &opt_flag_value, sizeof(u8));
temp_ei = temp_ei + 1;
buf_dst = out_c_struct + temp_ei->offset;
}
if (temp_ei->data_type == QMI_DATA_LEN) {
Reported by FlawFinder.
Line: 647
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(u8) : sizeof(u16);
rc = qmi_decode_basic_elem(&data_len_value, buf_src,
1, data_len_sz);
memcpy(buf_dst, &data_len_value, sizeof(u32));
temp_ei = temp_ei + 1;
buf_dst = out_c_struct + temp_ei->offset;
tlv_len -= data_len_sz;
UPDATE_DECODE_VARIABLES(buf_src, decoded_bytes, rc);
}
Reported by FlawFinder.
Line: 246
Column: 15
CWE codes:
126
u32 string_len = 0;
u32 string_len_sz = 0;
string_len = strlen(buf_src);
string_len_sz = temp_ei->elem_len <= U8_MAX ?
sizeof(u8) : sizeof(u16);
if (string_len > temp_ei->elem_len) {
pr_err("%s: String to be encoded is longer - %d > %d\n",
__func__, string_len, temp_ei->elem_len);
Reported by FlawFinder.
drivers/staging/rtl8712/rtl871x_security.c
6 issues
Line: 153
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
void r8712_wep_encrypt(struct _adapter *padapter, u8 *pxmitframe)
{ /* exclude ICV */
unsigned char crc[4];
struct arc4context mycontext;
u32 curfragnum, length, keylength, pki;
u8 *pframe, *payload, *iv; /*,*wepkey*/
u8 wepkey[16];
struct pkt_attrib *pattrib = &((struct xmit_frame *)
Reported by FlawFinder.
Line: 173
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (curfragnum = 0; curfragnum < pattrib->nr_frags;
curfragnum++) {
iv = pframe + pattrib->hdrlen;
memcpy(&wepkey[0], iv, 3);
memcpy(&wepkey[3], &psecuritypriv->DefKey[
psecuritypriv->PrivacyKeyIndex].skey[0],
keylength);
payload = pframe + pattrib->iv_len + pattrib->hdrlen;
if ((curfragnum + 1) == pattrib->nr_frags) {
Reported by FlawFinder.
Line: 174
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
curfragnum++) {
iv = pframe + pattrib->hdrlen;
memcpy(&wepkey[0], iv, 3);
memcpy(&wepkey[3], &psecuritypriv->DefKey[
psecuritypriv->PrivacyKeyIndex].skey[0],
keylength);
payload = pframe + pattrib->iv_len + pattrib->hdrlen;
if ((curfragnum + 1) == pattrib->nr_frags) {
length = pattrib->last_txcmdsz -
Reported by FlawFinder.
Line: 228
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iv = pframe + prxattrib->hdrlen;
keyindex = (iv[3] & 0x3);
keylength = psecuritypriv->DefKeylen[keyindex];
memcpy(&wepkey[0], iv, 3);
memcpy(&wepkey[3], &psecuritypriv->DefKey[
psecuritypriv->PrivacyKeyIndex].skey[0],
keylength);
length = ((union recv_frame *)precvframe)->
u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
Reported by FlawFinder.
Line: 229
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
keyindex = (iv[3] & 0x3);
keylength = psecuritypriv->DefKeylen[keyindex];
memcpy(&wepkey[0], iv, 3);
memcpy(&wepkey[3], &psecuritypriv->DefKey[
psecuritypriv->PrivacyKeyIndex].skey[0],
keylength);
length = ((union recv_frame *)precvframe)->
u.hdr.len - prxattrib->hdrlen - prxattrib->iv_len;
payload = pframe + prxattrib->iv_len + prxattrib->hdrlen;
Reported by FlawFinder.
Line: 1268
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pframe[payload_index++] = chain_buffer[j];
}
/* start to calculate the mic */
memcpy((void *)message, pframe, (hdrlen + plen + 8));
pn_vector[0] = pframe[hdrlen];
pn_vector[1] = pframe[hdrlen + 1];
pn_vector[2] = pframe[hdrlen + 4];
pn_vector[3] = pframe[hdrlen + 5];
pn_vector[4] = pframe[hdrlen + 6];
Reported by FlawFinder.
drivers/scsi/qla2xxx/qla_dbg.h
6 issues
Line: 324
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
extern uint ql_errlev;
void __attribute__((format (printf, 4, 5)))
ql_dbg(uint, scsi_qla_host_t *vha, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_dbg_pci(uint, struct pci_dev *pdev, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_dbg_qp(uint32_t, struct qla_qpair *, int32_t, const char *fmt, ...);
Reported by FlawFinder.
Line: 326
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
void __attribute__((format (printf, 4, 5)))
ql_dbg(uint, scsi_qla_host_t *vha, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_dbg_pci(uint, struct pci_dev *pdev, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_dbg_qp(uint32_t, struct qla_qpair *, int32_t, const char *fmt, ...);
Reported by FlawFinder.
Line: 328
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
ql_dbg(uint, scsi_qla_host_t *vha, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_dbg_pci(uint, struct pci_dev *pdev, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_dbg_qp(uint32_t, struct qla_qpair *, int32_t, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_log(uint, scsi_qla_host_t *vha, uint, const char *fmt, ...);
Reported by FlawFinder.
Line: 332
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
ql_dbg_qp(uint32_t, struct qla_qpair *, int32_t, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_log(uint, scsi_qla_host_t *vha, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_log_pci(uint, struct pci_dev *pdev, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
Reported by FlawFinder.
Line: 334
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
void __attribute__((format (printf, 4, 5)))
ql_log(uint, scsi_qla_host_t *vha, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_log_pci(uint, struct pci_dev *pdev, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_log_qp(uint32_t, struct qla_qpair *, int32_t, const char *fmt, ...);
Reported by FlawFinder.
Line: 337
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
void __attribute__((format (printf, 4, 5)))
ql_log_pci(uint, struct pci_dev *pdev, uint, const char *fmt, ...);
void __attribute__((format (printf, 4, 5)))
ql_log_qp(uint32_t, struct qla_qpair *, int32_t, const char *fmt, ...);
/* Debug Levels */
/* The 0x40000000 is the max value any debug level can have
* as ql2xextended_error_logging is of type signed int
Reported by FlawFinder.
drivers/soc/qcom/pdr_internal.h
6 issues
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SERVREG_GET_DOMAIN_LIST_RESP_MAX_LEN 2389
struct servreg_location_entry {
char name[SERVREG_NAME_LENGTH + 1];
u8 service_data_valid;
u32 service_data;
u32 instance;
};
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct servreg_get_domain_list_req {
char service_name[SERVREG_NAME_LENGTH + 1];
u8 domain_offset_valid;
u32 domain_offset;
};
struct qmi_elem_info servreg_get_domain_list_req_ei[] = {
Reported by FlawFinder.
Line: 199
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct servreg_register_listener_req {
u8 enable;
char service_path[SERVREG_NAME_LENGTH + 1];
};
struct qmi_elem_info servreg_register_listener_req_ei[] = {
{
.data_type = QMI_UNSIGNED_1_BYTE,
Reported by FlawFinder.
Line: 263
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct servreg_restart_pd_req {
char service_path[SERVREG_NAME_LENGTH + 1];
};
struct qmi_elem_info servreg_restart_pd_req_ei[] = {
{
.data_type = QMI_STRING,
Reported by FlawFinder.
Line: 299
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct servreg_state_updated_ind {
enum servreg_service_state curr_state;
char service_path[SERVREG_NAME_LENGTH + 1];
u16 transaction_id;
};
struct qmi_elem_info servreg_state_updated_ind_ei[] = {
{
Reported by FlawFinder.
Line: 335
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct servreg_set_ack_req {
char service_path[SERVREG_NAME_LENGTH + 1];
u16 transaction_id;
};
struct qmi_elem_info servreg_set_ack_req_ei[] = {
{
Reported by FlawFinder.