The following issues were found
drivers/of/overlay.c
6 issues
Line: 259
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!new_prop->name || !new_prop->value)
goto err_free_new_prop;
strcpy(new_prop->value, target_path);
strcpy(new_prop->value + target_path_len, path_tail);
of_property_set_flag(new_prop, OF_DYNAMIC);
kfree(target_path);
Reported by FlawFinder.
Line: 260
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto err_free_new_prop;
strcpy(new_prop->value, target_path);
strcpy(new_prop->value + target_path_len, path_tail);
of_property_set_flag(new_prop, OF_DYNAMIC);
kfree(target_path);
Reported by FlawFinder.
Line: 1047
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
new_fdt_align = PTR_ALIGN(new_fdt, FDT_ALIGN_SIZE);
memcpy(new_fdt_align, overlay_fdt, size);
of_fdt_unflatten_tree(new_fdt_align, NULL, &overlay_root);
if (!overlay_root) {
pr_err("unable to unflatten overlay_fdt\n");
ret = -EINVAL;
Reported by FlawFinder.
Line: 220
Column: 13
CWE codes:
126
if (strnlen(prop->value, prop->length) >= prop->length)
return NULL;
path = prop->value;
path_len = strlen(path);
if (path_len < 1)
return NULL;
fragment_node = __of_find_node_by_path(ovcs->overlay_tree, path + 1);
overlay_node = __of_find_node_by_path(fragment_node, "__overlay__/");
Reported by FlawFinder.
Line: 242
Column: 18
CWE codes:
126
if (overlay_name_len > path_len)
return NULL;
path_tail = path + overlay_name_len;
path_tail_len = strlen(path_tail);
target_path = kasprintf(GFP_KERNEL, "%pOF", fragment->target);
if (!target_path)
return NULL;
target_path_len = strlen(target_path);
Reported by FlawFinder.
Line: 247
Column: 20
CWE codes:
126
target_path = kasprintf(GFP_KERNEL, "%pOF", fragment->target);
if (!target_path)
return NULL;
target_path_len = strlen(target_path);
new_prop = kzalloc(sizeof(*new_prop), GFP_KERNEL);
if (!new_prop)
goto err_free_target_path;
Reported by FlawFinder.
drivers/of/pdt.c
6 issues
Line: 52
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!of_pdt_prom_ops->pkg2path(dp->phandle, path, sizeof(path), &len)) {
name = kbasename(path);
buf = prom_early_alloc(strlen(name) + 1);
strcpy(buf, name);
return buf;
}
name = of_get_property(dp, "name", &len);
buf = prom_early_alloc(len + 16);
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
name = of_get_property(dp, "name", &len);
buf = prom_early_alloc(len + 16);
sprintf(buf, "%s@unknown%i", name, failsafe_id++);
pr_err("%s: pkg2path failed; assigning %s\n", __func__, buf);
return buf;
}
#endif /* !CONFIG_SPARC */
Reported by FlawFinder.
Line: 85
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
p->name = (char *) (p + 1);
if (special_name) {
strcpy(p->name, special_name);
p->length = special_len;
p->value = prom_early_alloc(special_len);
memcpy(p->value, special_val, special_len);
} else {
err = of_pdt_prom_ops->nextprop(node, prev, p->name);
Reported by FlawFinder.
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static int failsafe_id = 0; /* for generating unique names on failure */
const char *name;
char path[256];
char *buf;
int len;
if (!of_pdt_prom_ops->pkg2path(dp->phandle, path, sizeof(path), &len)) {
name = kbasename(path);
Reported by FlawFinder.
Line: 88
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
strcpy(p->name, special_name);
p->length = special_len;
p->value = prom_early_alloc(special_len);
memcpy(p->value, special_val, special_len);
} else {
err = of_pdt_prom_ops->nextprop(node, prev, p->name);
if (err) {
tmp = p;
return NULL;
Reported by FlawFinder.
Line: 51
Column: 26
CWE codes:
126
if (!of_pdt_prom_ops->pkg2path(dp->phandle, path, sizeof(path), &len)) {
name = kbasename(path);
buf = prom_early_alloc(strlen(name) + 1);
strcpy(buf, name);
return buf;
}
name = of_get_property(dp, "name", &len);
Reported by FlawFinder.
drivers/parisc/led.c
6 issues
Line: 61
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned int led_heartbeat __read_mostly = 1;
static unsigned int led_diskio __read_mostly = 1;
static unsigned int led_lanrxtx __read_mostly = 1;
static char lcd_text[32] __read_mostly;
static char lcd_text_default[32] __read_mostly;
static int lcd_no_led_support __read_mostly = 0; /* KittyHawk doesn't support LED on its LCD */
static struct workqueue_struct *led_wq;
Reported by FlawFinder.
Line: 62
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned int led_diskio __read_mostly = 1;
static unsigned int led_lanrxtx __read_mostly = 1;
static char lcd_text[32] __read_mostly;
static char lcd_text_default[32] __read_mostly;
static int lcd_no_led_support __read_mostly = 0; /* KittyHawk doesn't support LED on its LCD */
static struct workqueue_struct *led_wq;
static void led_work_func(struct work_struct *);
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *pos)
{
void *data = PDE_DATA(file_inode(file));
char *cur, lbuf[32];
int d;
if (!capable(CAP_SYS_ADMIN))
return -EACCES;
Reported by FlawFinder.
Line: 311
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void led_LCD_driver(unsigned char leds)
{
static int i;
static unsigned char mask[4] = { LED_HEARTBEAT, LED_DISK_IO,
LED_LAN_RCV, LED_LAN_TX };
static struct lcd_block * blockp[4] = {
&lcd_info.heartbeat,
&lcd_info.disk_io,
Reported by FlawFinder.
Line: 215
Column: 19
CWE codes:
126
break;
case LED_HASLCD:
if (*cur && cur[strlen(cur)-1] == '\n')
cur[strlen(cur)-1] = 0;
if (*cur == 0)
cur = lcd_text_default;
lcd_print(cur);
break;
Reported by FlawFinder.
Line: 216
Column: 8
CWE codes:
126
break;
case LED_HASLCD:
if (*cur && cur[strlen(cur)-1] == '\n')
cur[strlen(cur)-1] = 0;
if (*cur == 0)
cur = lcd_text_default;
lcd_print(cur);
break;
default:
Reported by FlawFinder.
drivers/parport/probe.c
6 issues
Line: 64
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pr_warn("%s probe: memory squeeze\n", port->name);
return;
}
strcpy(txt, str);
while (p) {
char *sep;
q = strchr(p, ';');
if (q) *q = 0;
sep = strchr(p, ':');
Reported by FlawFinder.
Line: 135
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t parport_read_device_id (struct parport *port, char *buffer,
size_t count)
{
unsigned char length[2];
unsigned lelen, belen;
size_t idlens[4];
unsigned numidlens;
unsigned current_idlen;
ssize_t retval;
Reported by FlawFinder.
Line: 153
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (count < 2)
return 0;
memcpy(buffer, length, 2);
len = 2;
/* Some devices wrongly send LE length, and some send it two
* bytes short. Construct a sorted array of lengths to try. */
belen = (length[0] << 8) + length[1];
Reported by FlawFinder.
Line: 231
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
idlen = idlens[current_idlen];
len2 = len;
while(len2 < idlen && retval > 0) {
char tmp[4];
retval = parport_read (port, tmp,
min(sizeof tmp, idlen-len2));
if (retval < 0)
return retval;
len2 += retval;
Reported by FlawFinder.
Line: 55
Column: 22
CWE codes:
126
static void parse_data(struct parport *port, int device, char *str)
{
char *txt = kmalloc(strlen(str)+1, GFP_KERNEL);
char *p = txt, *q;
int guessed_class = PARPORT_CLASS_UNSPEC;
struct parport_device_info *info = &port->probe_info[device + 1];
if (!txt) {
Reported by FlawFinder.
Line: 74
Column: 14
CWE codes:
126
char *u;
*(sep++) = 0;
/* Get rid of trailing blanks */
u = sep + strlen (sep) - 1;
while (u >= p && *u == ' ')
*u-- = '\0';
string_upper(p, p);
if (!strcmp(p, "MFG") || !strcmp(p, "MANUFACTURER")) {
kfree(info->mfr);
Reported by FlawFinder.
drivers/scsi/aic94xx/aic94xx_task.c
6 issues
Line: 186
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (SAS_STATUS_BUF_SIZE >= sizeof(*resp)) {
resp->frame_len = le16_to_cpu(*(__le16 *)(r+6));
memcpy(&resp->ending_fis[0], r+16, ATA_RESP_FIS_SIZE);
ts->buf_valid_size = sizeof(*resp);
}
}
asd_invalidate_edb(escb, edb_id);
Reported by FlawFinder.
Line: 373
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scb->ata_task.fis.flags |= 0x80; /* C=1: update ATA cmd reg */
scb->ata_task.fis.flags &= 0xF0; /* PM_PORT field shall be 0 */
if (dev->sata_dev.class == ATA_DEV_ATAPI)
memcpy(scb->ata_task.atapi_packet, task->ata_task.atapi_packet,
16);
scb->ata_task.sister_scb = cpu_to_le16(0xFFFF);
scb->ata_task.conn_handle = cpu_to_le16(
(u16)(unsigned long)dev->lldd_dev);
Reported by FlawFinder.
Line: 479
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scb->ssp_task.proto_conn_rate |= dev->linkrate;
scb->ssp_task.total_xfer_len = cpu_to_le32(task->total_xfer_len);
scb->ssp_task.ssp_frame.frame_type = SSP_DATA;
memcpy(scb->ssp_task.ssp_frame.hashed_dest_addr, dev->hashed_sas_addr,
HASHED_SAS_ADDR_SIZE);
memcpy(scb->ssp_task.ssp_frame.hashed_src_addr,
dev->port->ha->hashed_sas_addr, HASHED_SAS_ADDR_SIZE);
scb->ssp_task.ssp_frame.tptt = cpu_to_be16(0xFFFF);
Reported by FlawFinder.
Line: 481
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scb->ssp_task.ssp_frame.frame_type = SSP_DATA;
memcpy(scb->ssp_task.ssp_frame.hashed_dest_addr, dev->hashed_sas_addr,
HASHED_SAS_ADDR_SIZE);
memcpy(scb->ssp_task.ssp_frame.hashed_src_addr,
dev->port->ha->hashed_sas_addr, HASHED_SAS_ADDR_SIZE);
scb->ssp_task.ssp_frame.tptt = cpu_to_be16(0xFFFF);
memcpy(scb->ssp_task.ssp_cmd.lun, task->ssp_task.LUN, 8);
if (task->ssp_task.enable_first_burst)
Reported by FlawFinder.
Line: 485
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->port->ha->hashed_sas_addr, HASHED_SAS_ADDR_SIZE);
scb->ssp_task.ssp_frame.tptt = cpu_to_be16(0xFFFF);
memcpy(scb->ssp_task.ssp_cmd.lun, task->ssp_task.LUN, 8);
if (task->ssp_task.enable_first_burst)
scb->ssp_task.ssp_cmd.efb_prio_attr |= EFB_MASK;
scb->ssp_task.ssp_cmd.efb_prio_attr |= (task->ssp_task.task_prio << 3);
scb->ssp_task.ssp_cmd.efb_prio_attr |= (task->ssp_task.task_attr & 7);
memcpy(scb->ssp_task.ssp_cmd.cdb, task->ssp_task.cmd->cmnd,
Reported by FlawFinder.
Line: 490
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scb->ssp_task.ssp_cmd.efb_prio_attr |= EFB_MASK;
scb->ssp_task.ssp_cmd.efb_prio_attr |= (task->ssp_task.task_prio << 3);
scb->ssp_task.ssp_cmd.efb_prio_attr |= (task->ssp_task.task_attr & 7);
memcpy(scb->ssp_task.ssp_cmd.cdb, task->ssp_task.cmd->cmnd,
task->ssp_task.cmd->cmd_len);
scb->ssp_task.sister_scb = cpu_to_le16(0xFFFF);
scb->ssp_task.conn_handle = cpu_to_le16(
(u16)(unsigned long)dev->lldd_dev);
Reported by FlawFinder.
drivers/pcmcia/soc_common.c
6 issues
Line: 693
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *b = *p;
int i;
b += sprintf(b, "%-9s:", prefix);
for (i = 0; i < sz; i++)
if (val & bits[i].mask)
b += sprintf(b, " %s", bits[i].name);
*b++ = '\n';
*p = b;
Reported by FlawFinder.
Line: 696
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
b += sprintf(b, "%-9s:", prefix);
for (i = 0; i < sz; i++)
if (val & bits[i].mask)
b += sprintf(b, " %s", bits[i].name);
*b++ = '\n';
*p = b;
}
/*
Reported by FlawFinder.
Line: 713
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
container_of(dev, struct soc_pcmcia_socket, socket.dev);
char *p = buf;
p += sprintf(p, "slot : %d\n", skt->nr);
dump_bits(&p, "status", skt->status,
status_bits, ARRAY_SIZE(status_bits));
dump_bits(&p, "csc_mask", skt->cs_state.csc_mask,
status_bits, ARRAY_SIZE(status_bits));
Reported by FlawFinder.
Line: 722
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dump_bits(&p, "cs_flags", skt->cs_state.flags,
conf_bits, ARRAY_SIZE(conf_bits));
p += sprintf(p, "Vcc : %d\n", skt->cs_state.Vcc);
p += sprintf(p, "Vpp : %d\n", skt->cs_state.Vpp);
p += sprintf(p, "IRQ : %d (%d)\n", skt->cs_state.io_irq,
skt->socket.pci_irq);
if (skt->ops->show_timing)
p += skt->ops->show_timing(skt, p);
Reported by FlawFinder.
Line: 723
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
conf_bits, ARRAY_SIZE(conf_bits));
p += sprintf(p, "Vcc : %d\n", skt->cs_state.Vcc);
p += sprintf(p, "Vpp : %d\n", skt->cs_state.Vpp);
p += sprintf(p, "IRQ : %d (%d)\n", skt->cs_state.io_irq,
skt->socket.pci_irq);
if (skt->ops->show_timing)
p += skt->ops->show_timing(skt, p);
Reported by FlawFinder.
Line: 724
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "Vcc : %d\n", skt->cs_state.Vcc);
p += sprintf(p, "Vpp : %d\n", skt->cs_state.Vpp);
p += sprintf(p, "IRQ : %d (%d)\n", skt->cs_state.io_irq,
skt->socket.pci_irq);
if (skt->ops->show_timing)
p += skt->ops->show_timing(skt, p);
return p-buf;
Reported by FlawFinder.
drivers/pinctrl/renesas/sh_pfc.h
6 issues
Line: 664
#define PORT_1(pn, fn, pfx, sfx) fn(pn, pfx, sfx)
#define PORT_10(pn, fn, pfx, sfx) \
PORT_1(pn, fn, pfx##0, sfx), PORT_1(pn+1, fn, pfx##1, sfx), \
PORT_1(pn+2, fn, pfx##2, sfx), PORT_1(pn+3, fn, pfx##3, sfx), \
PORT_1(pn+4, fn, pfx##4, sfx), PORT_1(pn+5, fn, pfx##5, sfx), \
PORT_1(pn+6, fn, pfx##6, sfx), PORT_1(pn+7, fn, pfx##7, sfx), \
PORT_1(pn+8, fn, pfx##8, sfx), PORT_1(pn+9, fn, pfx##9, sfx)
Reported by Cppcheck.
Line: 664
#define PORT_1(pn, fn, pfx, sfx) fn(pn, pfx, sfx)
#define PORT_10(pn, fn, pfx, sfx) \
PORT_1(pn, fn, pfx##0, sfx), PORT_1(pn+1, fn, pfx##1, sfx), \
PORT_1(pn+2, fn, pfx##2, sfx), PORT_1(pn+3, fn, pfx##3, sfx), \
PORT_1(pn+4, fn, pfx##4, sfx), PORT_1(pn+5, fn, pfx##5, sfx), \
PORT_1(pn+6, fn, pfx##6, sfx), PORT_1(pn+7, fn, pfx##7, sfx), \
PORT_1(pn+8, fn, pfx##8, sfx), PORT_1(pn+9, fn, pfx##9, sfx)
Reported by Cppcheck.
Line: 650
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* are absorbed by wrapping them inside dummy attributes.
*/
#define _GP_ENTRY(bank, pin, name, sfx, cfg) \
deprecated)); char name[(bank * 32) + pin] __attribute__((deprecated
#define GP_ASSIGN_LAST() \
GP_LAST = sizeof(union { \
char dummy[0] __attribute__((deprecated, \
CPU_ALL_GP(_GP_ENTRY, unused), \
deprecated)); \
Reported by FlawFinder.
Line: 653
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
deprecated)); char name[(bank * 32) + pin] __attribute__((deprecated
#define GP_ASSIGN_LAST() \
GP_LAST = sizeof(union { \
char dummy[0] __attribute__((deprecated, \
CPU_ALL_GP(_GP_ENTRY, unused), \
deprecated)); \
})
/*
Reported by FlawFinder.
Line: 717
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* commas are absorbed by wrapping them inside dummy attributes.
*/
#define _PORT_ENTRY(pn, pfx, sfx) \
deprecated)); char pfx[pn] __attribute__((deprecated
#define PORT_ASSIGN_LAST() \
PORT_LAST = sizeof(union { \
char dummy[0] __attribute__((deprecated, \
CPU_ALL_PORT(_PORT_ENTRY, PORT, unused), \
deprecated)); \
Reported by FlawFinder.
Line: 720
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
deprecated)); char pfx[pn] __attribute__((deprecated
#define PORT_ASSIGN_LAST() \
PORT_LAST = sizeof(union { \
char dummy[0] __attribute__((deprecated, \
CPU_ALL_PORT(_PORT_ENTRY, PORT, unused), \
deprecated)); \
})
/* GPIO_FN(name) - Expand to a sh_pfc_pin entry for a function GPIO */
Reported by FlawFinder.
drivers/s390/cio/cio.c
6 issues
Line: 115
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (cio_update_schib(sch))
return -ENODEV;
sprintf(dbf_text, "no%s", dev_name(&sch->dev));
CIO_TRACE_EVENT(0, dbf_text);
CIO_HEX_EVENT(0, &sch->schib, sizeof (struct schib));
return (sch->lpm ? -EACCES : -ENODEV);
}
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
cio_start_handle_notoper(struct subchannel *sch, __u8 lpm)
{
char dbf_text[15];
if (lpm != 0)
sch->lpm &= ~lpm;
else
sch->lpm = 0;
Reported by FlawFinder.
Line: 431
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENODEV;
if (cio_check_config(sch, &schib)) {
/* commit changes from local schib */
memcpy(&sch->schib, &schib, sizeof(schib));
return 0;
}
ret = -EAGAIN;
break;
case 1: /* status pending */
Reported by FlawFinder.
Line: 465
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (stsch(sch->schid, &schib) || !css_sch_is_valid(&schib))
return -ENODEV;
memcpy(&sch->schib, &schib, sizeof(schib));
return 0;
}
EXPORT_SYMBOL_GPL(cio_update_schib);
/**
Reported by FlawFinder.
Line: 553
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Store interrupt response block to lowcore. */
if (tsch(tpi_info->schid, irb) == 0) {
/* Keep subchannel information word up to date. */
memcpy (&sch->schib.scsw, &irb->scsw, sizeof (irb->scsw));
/* Call interrupt handler if there is one. */
if (sch->driver && sch->driver->irq)
sch->driver->irq(sch);
else
inc_irq_stat(IRQIO_CIO);
Reported by FlawFinder.
Line: 592
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (tsch(sch->schid, irb) != 0)
/* Not status pending or not operational. */
return;
memcpy(&sch->schib.scsw, &irb->scsw, sizeof(union scsw));
/* Call interrupt handler with updated status. */
irq_context = in_interrupt();
if (!irq_context) {
local_bh_disable();
irq_enter();
Reported by FlawFinder.
drivers/s390/char/sclp_ocf.c
6 issues
Line: 29
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define OCF_LENGTH_HMC_NETWORK 8UL
#define OCF_LENGTH_CPC_NAME 8UL
static char hmc_network[OCF_LENGTH_HMC_NETWORK + 1];
static char cpc_name[OCF_LENGTH_CPC_NAME]; /* in EBCDIC */
static DEFINE_SPINLOCK(sclp_ocf_lock);
static struct work_struct sclp_ocf_change_work;
Reported by FlawFinder.
Line: 30
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define OCF_LENGTH_CPC_NAME 8UL
static char hmc_network[OCF_LENGTH_HMC_NETWORK + 1];
static char cpc_name[OCF_LENGTH_CPC_NAME]; /* in EBCDIC */
static DEFINE_SPINLOCK(sclp_ocf_lock);
static struct work_struct sclp_ocf_change_work;
static struct kset *ocf_kset;
Reported by FlawFinder.
Line: 70
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock(&sclp_ocf_lock);
if (netid) {
size = min(OCF_LENGTH_HMC_NETWORK, (size_t) netid->length);
memcpy(hmc_network, netid + 1, size);
EBCASC(hmc_network, size);
hmc_network[size] = 0;
}
if (cpc) {
size = min(OCF_LENGTH_CPC_NAME, (size_t) cpc->length);
Reported by FlawFinder.
Line: 77
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cpc) {
size = min(OCF_LENGTH_CPC_NAME, (size_t) cpc->length);
memset(cpc_name, 0, OCF_LENGTH_CPC_NAME);
memcpy(cpc_name, cpc + 1, size);
}
spin_unlock(&sclp_ocf_lock);
schedule_work(&sclp_ocf_change_work);
}
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void sclp_ocf_cpc_name_copy(char *dst)
{
spin_lock_irq(&sclp_ocf_lock);
memcpy(dst, cpc_name, OCF_LENGTH_CPC_NAME);
spin_unlock_irq(&sclp_ocf_lock);
}
EXPORT_SYMBOL(sclp_ocf_cpc_name_copy);
static ssize_t cpc_name_show(struct kobject *kobj,
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t cpc_name_show(struct kobject *kobj,
struct kobj_attribute *attr, char *page)
{
char name[OCF_LENGTH_CPC_NAME + 1];
sclp_ocf_cpc_name_copy(name);
name[OCF_LENGTH_CPC_NAME] = 0;
EBCASC(name, OCF_LENGTH_CPC_NAME);
return snprintf(page, PAGE_SIZE, "%s\n", name);
Reported by FlawFinder.
drivers/platform/mellanox/mlxbf-bootctl.c
6 issues
Line: 119
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (action < 0)
return action;
return sprintf(buf, "%s\n", mlxbf_bootctl_action_to_string(action));
}
static int mlxbf_bootctl_store(int smc_op, const char *buf, size_t count)
{
int ret, action;
Reported by FlawFinder.
Line: 185
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (lc_state & MLXBF_BOOTCTL_SB_TEST_MASK) {
lc_state &= MLXBF_BOOTCTL_SB_SECURE_MASK;
return sprintf(buf, "%s(test)\n",
mlxbf_bootctl_lifecycle_states[lc_state]);
}
return sprintf(buf, "%s\n", mlxbf_bootctl_lifecycle_states[lc_state]);
}
Reported by FlawFinder.
Line: 189
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mlxbf_bootctl_lifecycle_states[lc_state]);
}
return sprintf(buf, "%s\n", mlxbf_bootctl_lifecycle_states[lc_state]);
}
static ssize_t secure_boot_fuse_state_show(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 240
Column: 14
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
status = valid ? "Invalid" : "Free";
}
buf_len += sprintf(buf + buf_len, "%d:%s ", key, status);
}
buf_len += sprintf(buf + buf_len, "\n");
return buf_len;
}
Reported by FlawFinder.
Line: 90
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", ret);
}
static ssize_t post_reset_wdog_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 242
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
buf_len += sprintf(buf + buf_len, "%d:%s ", key, status);
}
buf_len += sprintf(buf + buf_len, "\n");
return buf_len;
}
static DEVICE_ATTR_RW(post_reset_wdog);
Reported by FlawFinder.