The following issues were found
drivers/video/fbdev/sis/oem310.h
6 issues
Line: 232
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0a,0x0a
};
static const unsigned char SiS310_TVAntiFlick1[6][2] =
{
{0x4,0x0},
{0x4,0x8},
{0x0,0x0},
{0x0,0x0},
Reported by FlawFinder.
Line: 242
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{0x0,0x0}
};
static const unsigned char SiS310_TVEdge1[6][2] =
{
{0x0,0x4},
{0x0,0x4},
{0x0,0x0},
{0x0,0x0},
Reported by FlawFinder.
Line: 252
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{0x0,0x0}
};
static const unsigned char SiS310_TVYFilter1[5][8][4] =
{
{
{0x00,0xf4,0x10,0x38}, /* NTSC */
{0x00,0xf4,0x10,0x38},
{0xeb,0x04,0x25,0x18},
Reported by FlawFinder.
Line: 306
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
};
static const unsigned char SiS310_TVYFilter2[5][9][7] =
{
{
{0xFF,0x03,0x02,0xF6,0xFC,0x27,0x46}, /* NTSC */
{0x01,0x02,0xFE,0xF7,0x03,0x27,0x3C},
{0xFF,0x03,0x02,0xF6,0xFC,0x27,0x46},
Reported by FlawFinder.
Line: 365
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
};
static const unsigned char SiS310_TVPhaseIncr1[3][2][4] =
{
{
{0x21,0xed,0xba,0x08},
{0x21,0xed,0xba,0x08}
},
Reported by FlawFinder.
Line: 381
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
};
static const unsigned char SiS310_TVPhaseIncr2[3][2][4] =
{
{
{0x21,0xf0,0x7b,0xd6},
{0x21,0xf0,0x7b,0xd6}
},
Reported by FlawFinder.
drivers/video/fbdev/sis/init301.c
6 issues
Line: 6039
CWE codes:
369
SiS_SetReg(SiS_Pr->SiS_Part1Port,0x1F,temp);
if(SiS_Pr->ChipType >= SIS_315H) {
tempeax = (SiS_Pr->SiS_VGAVDE << 18) / tempvcfact;
tempbx = (unsigned short)(tempeax & 0xFFFF);
} else {
tempeax = SiS_Pr->SiS_VGAVDE << 6;
tempbx = tempvcfact & 0x3f;
if(tempbx == 0) tempbx = 64;
Reported by Cppcheck.
Line: 85
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SiS_I2CDELAY 1000
#define SiS_I2CDELAYSHORT 150
static const unsigned char SiS_YPbPrTable[3][64] = {
{
0x17,0x1d,0x03,0x09,0x05,0x06,0x0c,0x0c,
0x94,0x49,0x01,0x0a,0x06,0x0d,0x04,0x0a,
0x06,0x14,0x0d,0x04,0x0a,0x00,0x85,0x1b,
0x0c,0x50,0x00,0x97,0x00,0xda,0x4a,0x17,
Reported by FlawFinder.
Line: 291
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
#ifdef CONFIG_FB_SIS_300
static unsigned char SiS300_TrumpionData[14][80] = {
{ 0x02,0x0A,0x0A,0x01,0x04,0x01,0x00,0x03,0x0D,0x00,0x0D,0x10,0x7F,0x00,0x80,0x02,
0x20,0x03,0x0B,0x00,0x90,0x01,0xC1,0x01,0x60,0x0C,0x30,0x10,0x00,0x00,0x04,0x23,
0x00,0x00,0x03,0x28,0x03,0x10,0x05,0x08,0x40,0x10,0x00,0x10,0x04,0x23,0x00,0x23,
0x03,0x11,0x60,0xBC,0x01,0xFF,0x03,0xFF,0x19,0x01,0x00,0x05,0x09,0x04,0x04,0x05,
0x04,0x0C,0x09,0x05,0x02,0xB0,0x00,0x00,0x02,0xBA,0xF0,0x5A,0x01,0xBE,0x01,0x00 },
Reported by FlawFinder.
Line: 6091
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *ROMAddr = SiS_Pr->VirtualRomBase;
unsigned char *trumpdata;
int i, j = crt2crtc;
unsigned char TrumpMode13[4] = { 0x01, 0x10, 0x2c, 0x00 };
unsigned char TrumpMode10_1[4] = { 0x01, 0x10, 0x27, 0x00 };
unsigned char TrumpMode10_2[4] = { 0x01, 0x16, 0x10, 0x00 };
if(SiS_Pr->SiS_UseROM) {
trumpdata = &ROMAddr[0x8001 + (j * 80)];
Reported by FlawFinder.
Line: 6092
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *trumpdata;
int i, j = crt2crtc;
unsigned char TrumpMode13[4] = { 0x01, 0x10, 0x2c, 0x00 };
unsigned char TrumpMode10_1[4] = { 0x01, 0x10, 0x27, 0x00 };
unsigned char TrumpMode10_2[4] = { 0x01, 0x16, 0x10, 0x00 };
if(SiS_Pr->SiS_UseROM) {
trumpdata = &ROMAddr[0x8001 + (j * 80)];
} else {
Reported by FlawFinder.
Line: 6093
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, j = crt2crtc;
unsigned char TrumpMode13[4] = { 0x01, 0x10, 0x2c, 0x00 };
unsigned char TrumpMode10_1[4] = { 0x01, 0x10, 0x27, 0x00 };
unsigned char TrumpMode10_2[4] = { 0x01, 0x16, 0x10, 0x00 };
if(SiS_Pr->SiS_UseROM) {
trumpdata = &ROMAddr[0x8001 + (j * 80)];
} else {
if(SiS_Pr->SiS_LCDTypeInfo == 0x0e) j += 7;
Reported by FlawFinder.
include/linux/hyperv.h
6 issues
Line: 288
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
/* Non-pipes: The user has MAX_USER_DEFINED_BYTES bytes. */
struct {
unsigned char user_def[MAX_USER_DEFINED_BYTES];
} std;
/*
* Pipes:
* The following structure is an integrated pipe protocol, which
Reported by FlawFinder.
Line: 300
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct {
u32 pipe_mode;
unsigned char user_def[MAX_PIPE_USER_DEFINED_BYTES];
} pipe;
} u;
/*
* The sub_channel_index is defined in Win8: a value of zero means a
* primary channel and a value of non-zero means a sub-channel.
Reported by FlawFinder.
Line: 414
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 total_bytes;
u32 offset;
u32 byte_cnt;
unsigned char data[1];
} __packed;
union vmpacket_largest_possible_header {
struct vmpacket_descriptor simple_hdr;
struct vmtransfer_page_packet_header xfer_page_hdr;
Reported by FlawFinder.
Line: 587
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 downstream_ringbuffer_pageoffset;
/* User-specific data to be passed along to the server endpoint. */
unsigned char userdata[MAX_USER_DEFINED_BYTES];
} __packed;
/* Open Channel Result parameters */
struct vmbus_channel_open_result {
struct vmbus_channel_message_header header;
Reported by FlawFinder.
Line: 193
Column: 34
CWE codes:
120
20
static inline u32 hv_get_bytes_to_read(const struct hv_ring_buffer_info *rbi)
{
u32 read_loc, write_loc, dsize, read;
dsize = rbi->ring_datasize;
read_loc = rbi->ring_buffer->read_index;
write_loc = READ_ONCE(rbi->ring_buffer->write_index);
Reported by FlawFinder.
Line: 202
Column: 9
CWE codes:
120
20
read = write_loc >= read_loc ? (write_loc - read_loc) :
(dsize - read_loc) + write_loc;
return read;
}
static inline u32 hv_get_bytes_to_write(const struct hv_ring_buffer_info *rbi)
{
u32 read_loc, write_loc, dsize, write;
Reported by FlawFinder.
fs/cifs/inode.c
6 issues
Line: 444
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cifs_fid fid;
struct cifs_open_parms oparms;
struct cifs_io_parms io_parms = {0};
char buf[24];
unsigned int bytes_read;
char *pbuf;
int buf_type = CIFS_NO_BUFFER;
pbuf = buf;
Reported by FlawFinder.
Line: 481
Column: 31
CWE codes:
362
oplock = REQ_OPLOCK;
else
oplock = 0;
rc = tcon->ses->server->ops->open(xid, &oparms, &oplock, NULL);
if (rc) {
cifs_dbg(FYI, "check sfu type of %s, open rc = %d\n", path, rc);
cifs_put_tlink(tlink);
return rc;
}
Reported by FlawFinder.
Line: 554
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
#ifdef CONFIG_CIFS_XATTR
ssize_t rc;
char ea_value[4];
__u32 mode;
struct tcon_link *tlink;
struct cifs_tcon *tcon;
tlink = cifs_sb_tlink(cifs_sb);
Reported by FlawFinder.
Line: 1331
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (path == NULL)
return ERR_PTR(-ENOMEM);
path[0] = '/';
memcpy(path+1, cifs_sb->prepath, len);
} else {
path = kstrdup("", GFP_KERNEL);
if (path == NULL)
return ERR_PTR(-ENOMEM);
}
Reported by FlawFinder.
Line: 893
Column: 33
CWE codes:
126
}
/* If no errors, check for zero root inode (invalid) */
if (fattr->cf_uniqueid == 0 && strlen(full_path) == 0) {
cifs_dbg(FYI, "Invalid (0) inodenum\n");
if (*inode) {
/* reuse */
fattr->cf_uniqueid = CIFS_I(*inode)->uniqueid;
} else {
Reported by FlawFinder.
Line: 1326
Column: 9
CWE codes:
126
if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_USE_PREFIX_PATH)
&& cifs_sb->prepath) {
len = strlen(cifs_sb->prepath);
path = kzalloc(len + 2 /* leading sep + null */, GFP_KERNEL);
if (path == NULL)
return ERR_PTR(-ENOMEM);
path[0] = '/';
memcpy(path+1, cifs_sb->prepath, len);
Reported by FlawFinder.
fs/omfs/omfs_fs.h
6 issues
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define OMFS_MAX_BLOCKS (1ul << 31)
struct omfs_super_block {
char s_fill1[256];
__be64 s_root_block; /* block number of omfs_root_block */
__be64 s_num_blocks; /* total number of FS blocks */
__be32 s_magic; /* OMFS_MAGIC */
__be32 s_blocksize; /* size of a block */
__be32 s_mirrors; /* # of mirrors of system blocks */
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be64 h_self; /* FS block where this is located */
__be32 h_body_size; /* size of useful data after header */
__be16 h_crc; /* crc-ccitt of body_size bytes */
char h_fill1[2];
u8 h_version; /* version, always 1 */
char h_type; /* OMFS_INODE_X */
u8 h_magic; /* OMFS_IMAGIC */
u8 h_check_xor; /* XOR of header bytes before this */
__be32 h_fill2;
Reported by FlawFinder.
Line: 55
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 r_blocksize; /* size of a block */
__be32 r_clustersize; /* size allocated for data blocks */
__be64 r_mirrors; /* # of mirrors of system blocks */
char r_name[OMFS_NAMELEN]; /* partition label */
};
struct omfs_inode {
struct omfs_header i_head; /* header */
__be64 i_parent; /* parent containing this inode */
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be64 i_parent; /* parent containing this inode */
__be64 i_sibling; /* next inode in hash bucket */
__be64 i_ctime; /* ctime, in milliseconds */
char i_fill1[35];
char i_type; /* OMFS_[DIR,FILE] */
__be32 i_fill2;
char i_fill3[64];
char i_name[OMFS_NAMELEN]; /* filename */
__be64 i_size; /* size of file, in bytes */
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char i_fill1[35];
char i_type; /* OMFS_[DIR,FILE] */
__be32 i_fill2;
char i_fill3[64];
char i_name[OMFS_NAMELEN]; /* filename */
__be64 i_size; /* size of file, in bytes */
};
struct omfs_extent_entry {
Reported by FlawFinder.
Line: 67
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char i_type; /* OMFS_[DIR,FILE] */
__be32 i_fill2;
char i_fill3[64];
char i_name[OMFS_NAMELEN]; /* filename */
__be64 i_size; /* size of file, in bytes */
};
struct omfs_extent_entry {
__be64 e_cluster; /* start location of a set of blocks */
Reported by FlawFinder.
drivers/xen/xen-pciback/xenbus.c
6 issues
Line: 209
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int err;
int len;
char str[64];
len = snprintf(str, sizeof(str), "vdev-%d", devid);
if (unlikely(len >= (sizeof(str) - 1))) {
err = -ENOMEM;
goto out;
Reported by FlawFinder.
Line: 307
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned int d, b;
int i, root_num, len, err;
char str[64];
dev_dbg(&pdev->xdev->dev, "Publishing pci roots\n");
err = xenbus_scanf(XBT_NIL, pdev->xdev->nodename,
"root_num", "%d", &root_num);
Reported by FlawFinder.
Line: 370
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int domain, bus, slot, func;
unsigned int substate;
int i, len;
char state_str[64];
char dev_str[64];
dev_dbg(&pdev->xdev->dev, "Reconfiguring device ...\n");
Reported by FlawFinder.
Line: 371
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int substate;
int i, len;
char state_str[64];
char dev_str[64];
dev_dbg(&pdev->xdev->dev, "Reconfiguring device ...\n");
mutex_lock(&pdev->dev_lock);
Reported by FlawFinder.
Line: 568
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int domain, bus, slot, func;
int err = 0;
int i, num_devs;
char dev_str[64];
char state_str[64];
mutex_lock(&pdev->dev_lock);
/* It's possible we could get the call to setup twice, so make sure
* we're not already connected.
Reported by FlawFinder.
Line: 569
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int err = 0;
int i, num_devs;
char dev_str[64];
char state_str[64];
mutex_lock(&pdev->dev_lock);
/* It's possible we could get the call to setup twice, so make sure
* we're not already connected.
*/
Reported by FlawFinder.
fs/nfs/nfs42xattr.c
6 issues
Line: 209
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (name != NULL) {
namep = buf + sizeof(struct nfs4_xattr_entry);
memcpy(namep, name, slen);
} else {
namep = NULL;
}
Reported by FlawFinder.
Line: 228
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (valp != NULL) {
if (value != NULL)
memcpy(valp, value, len);
else
_copy_from_pages(valp, pages, 0, len);
}
entry->flags = flags;
Reported by FlawFinder.
Line: 632
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (buflen < entry->xattr_size)
ret = -ERANGE;
else {
memcpy(buf, entry->xattr_value, entry->xattr_size);
ret = entry->xattr_size;
}
kref_put(&entry->ref, nfs4_xattr_free_entry_cb);
} else {
dprintk("%s: cache miss '%s'\n", __func__, name);
Reported by FlawFinder.
Line: 670
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (entry->xattr_size > buflen)
ret = -ERANGE;
else {
memcpy(buf, entry->xattr_value, entry->xattr_size);
ret = entry->xattr_size;
}
} else {
ret = -ENOENT;
}
Reported by FlawFinder.
Line: 190
Column: 10
CWE codes:
126
alloclen = sizeof(struct nfs4_xattr_entry);
if (name != NULL) {
slen = strlen(name) + 1;
alloclen += slen;
} else
slen = 0;
if (alloclen + len <= PAGE_SIZE) {
Reported by FlawFinder.
Line: 507
Column: 37
CWE codes:
126
static inline struct nfs4_xattr_bucket *
nfs4_xattr_hash_bucket(struct nfs4_xattr_cache *cache, const char *name)
{
return &cache->buckets[jhash(name, strlen(name), 0) &
(ARRAY_SIZE(cache->buckets) - 1)];
}
static struct nfs4_xattr_entry *
nfs4_xattr_get_entry(struct nfs4_xattr_bucket *bucket, const char *name)
Reported by FlawFinder.
fs/nfsd/nfs3xdr.c
6 issues
Line: 596
Column: 40
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (!svcxdr_decode_nfs_fh3(xdr, &args->fh))
return 0;
if (xdr_stream_decode_u32(xdr, &args->access) < 0)
return 0;
return 1;
}
Reported by FlawFinder.
Line: 906
Column: 40
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
case nfs_ok:
if (!svcxdr_encode_post_op_attr(rqstp, xdr, &resp->fh))
return 0;
if (xdr_stream_encode_u32(xdr, resp->access) < 0)
return 0;
break;
default:
if (!svcxdr_encode_post_op_attr(rqstp, xdr, &resp->fh))
return 0;
Reported by FlawFinder.
Line: 95
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
fh_init(fhp, NFS3_FHSIZE);
fhp->fh_handle.fh_size = size;
memcpy(&fhp->fh_handle.fh_base, p, size);
return true;
}
/**
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*p++ = cpu_to_be32(size);
if (size)
p[XDR_QUADLEN(size) - 1] = 0;
memcpy(p, &fhp->fh_handle.fh_base, size);
return true;
}
static bool
Reported by FlawFinder.
Line: 158
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_reserve_space(xdr, NFS3_COOKIEVERFSIZE);
if (!p)
return false;
memcpy(p, verf, NFS3_COOKIEVERFSIZE);
return true;
}
static bool
Reported by FlawFinder.
Line: 171
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_reserve_space(xdr, NFS3_WRITEVERFSIZE);
if (!p)
return false;
memcpy(p, verf, NFS3_WRITEVERFSIZE);
return true;
}
static bool
Reported by FlawFinder.
fs/ntfs/compress.c
6 issues
Line: 279
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto return_overflow;
/* Copy the block and advance the source position. */
memcpy(dp_addr, cb, NTFS_SB_SIZE);
cb += NTFS_SB_SIZE;
/* Advance destination position to next sub-block. */
*dest_ofs += NTFS_SB_SIZE;
if (!(*dest_ofs &= ~PAGE_MASK)) {
Reported by FlawFinder.
Line: 396
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (length <= max_non_overlap) {
/* The byte sequence doesn't overlap, just copy it. */
memcpy(dp_addr, dp_back_addr, length);
/* Advance destination pointer. */
dp_addr += length;
} else {
/*
Reported by FlawFinder.
Line: 407
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* overlapping part. Also, advance the destination
* pointer.
*/
memcpy(dp_addr, dp_back_addr, max_non_overlap);
dp_addr += max_non_overlap;
dp_back_addr += max_non_overlap;
length -= max_non_overlap;
while (length--)
*dp_addr++ = *dp_back_addr++;
Reported by FlawFinder.
Line: 707
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the buffer heads into the contiguous buffer. */
for (i = 0; i < nr_bhs; i++) {
memcpy(cb_pos, bhs[i]->b_data, block_size);
cb_pos += block_size;
}
/* Just a precaution. */
if (cb_pos + 2 <= cb + cb_size)
Reported by FlawFinder.
Line: 797
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (; cur_page < cb_max_page; cur_page++) {
page = pages[cur_page];
if (page)
memcpy(page_address(page) + cur_ofs, cb_pos,
PAGE_SIZE - cur_ofs);
cb_pos += PAGE_SIZE - cur_ofs;
cur_ofs = 0;
if (cb_pos >= cb_end)
break;
Reported by FlawFinder.
Line: 808
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cb_max_ofs && cb_pos < cb_end) {
page = pages[cur_page];
if (page)
memcpy(page_address(page) + cur_ofs, cb_pos,
cb_max_ofs - cur_ofs);
cb_pos += cb_max_ofs - cur_ofs;
cur_ofs = cb_max_ofs;
}
/* We can sleep from now on, so drop lock. */
Reported by FlawFinder.
drivers/virtio/virtio.c
6 issues
Line: 16
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct virtio_device *dev = dev_to_virtio(_d);
return sprintf(buf, "0x%04x\n", dev->id.device);
}
static DEVICE_ATTR_RO(device);
static ssize_t vendor_show(struct device *_d,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 24
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct virtio_device *dev = dev_to_virtio(_d);
return sprintf(buf, "0x%04x\n", dev->id.vendor);
}
static DEVICE_ATTR_RO(vendor);
static ssize_t status_show(struct device *_d,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 32
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct virtio_device *dev = dev_to_virtio(_d);
return sprintf(buf, "0x%08x\n", dev->config->get_status(dev));
}
static DEVICE_ATTR_RO(status);
static ssize_t modalias_show(struct device *_d,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 40
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct virtio_device *dev = dev_to_virtio(_d);
return sprintf(buf, "virtio:d%08Xv%08X\n",
dev->id.device, dev->id.vendor);
}
static DEVICE_ATTR_RO(modalias);
static ssize_t features_show(struct device *_d,
Reported by FlawFinder.
Line: 55
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* We actually represent this as a bitstring, as it could be
* arbitrary length in future. */
for (i = 0; i < sizeof(dev->features)*8; i++)
len += sprintf(buf+len, "%c",
__virtio_test_bit(dev, i) ? '1' : '0');
len += sprintf(buf+len, "\n");
return len;
}
static DEVICE_ATTR_RO(features);
Reported by FlawFinder.
Line: 57
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < sizeof(dev->features)*8; i++)
len += sprintf(buf+len, "%c",
__virtio_test_bit(dev, i) ? '1' : '0');
len += sprintf(buf+len, "\n");
return len;
}
static DEVICE_ATTR_RO(features);
static struct attribute *virtio_dev_attrs[] = {
Reported by FlawFinder.