The following issues were found
sound/soc/generic/simple-card.c
6 issues
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *prefix)
{
struct device_node *node = of_get_parent(np);
char prop[128];
snprintf(prop, sizeof(prop), "%smclk-fs", PREFIX);
of_property_read_u32(top, prop, &props->mclk_fs);
snprintf(prop, sizeof(prop), "%smclk-fs", prefix);
Reported by FlawFinder.
Line: 185
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_node *top = dev->of_node;
struct device_node *node = of_get_parent(np);
char *prefix = "";
char dai_name[64];
int ret;
dev_dbg(dev, "link_of DPCM (%pOF)\n", np);
/* For single DAI link & old style of DT node */
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_node *cpu = NULL;
struct device_node *node = NULL;
struct device_node *plat = NULL;
char dai_name[64];
char prop[128];
char *prefix = "";
int ret, single_cpu = 0;
cpu = np;
Reported by FlawFinder.
Line: 268
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_node *node = NULL;
struct device_node *plat = NULL;
char dai_name[64];
char prop[128];
char *prefix = "";
int ret, single_cpu = 0;
cpu = np;
node = of_get_parent(np);
Reported by FlawFinder.
Line: 688
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dai_link->stream_name = cinfo->name;
dai_link->dai_fmt = cinfo->daifmt;
dai_link->init = asoc_simple_dai_init;
memcpy(dai_props->cpu_dai, &cinfo->cpu_dai,
sizeof(*dai_props->cpu_dai));
memcpy(dai_props->codec_dai, &cinfo->codec_dai,
sizeof(*dai_props->codec_dai));
}
Reported by FlawFinder.
Line: 690
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dai_link->init = asoc_simple_dai_init;
memcpy(dai_props->cpu_dai, &cinfo->cpu_dai,
sizeof(*dai_props->cpu_dai));
memcpy(dai_props->codec_dai, &cinfo->codec_dai,
sizeof(*dai_props->codec_dai));
}
snd_soc_card_set_drvdata(card, priv);
Reported by FlawFinder.
samples/bpf/cookie_uid_helper_example.c
6 issues
Line: 178
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
printf("file path too long: %s\n", file);
exit(1);
}
sprintf(rules, "iptables -A OUTPUT -m bpf --object-pinned %s -j ACCEPT",
file);
ret = system(rules);
if (ret < 0) {
printf("iptables rule update failed: %d/n", WEXITSTATUS(ret));
exit(1);
Reported by FlawFinder.
Line: 180
Column: 8
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
sprintf(rules, "iptables -A OUTPUT -m bpf --object-pinned %s -j ACCEPT",
file);
ret = system(rules);
if (ret < 0) {
printf("iptables rule update failed: %d/n", WEXITSTATUS(ret));
exit(1);
}
}
Reported by FlawFinder.
Line: 289
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
if (argc != 3)
return usage();
while ((opt = getopt(argc, argv, "ts")) != -1) {
switch (opt) {
case 't':
cfg_test_traffic = true;
break;
case 's':
Reported by FlawFinder.
Line: 78
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void prog_load(void)
{
static char log_buf[1 << 16];
struct bpf_insn prog[] = {
/*
* Save sk_buff for future usage. value stored in R6 to R10 will
* not be reset after a bpf helper function call.
Reported by FlawFinder.
Line: 170
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void prog_attach_iptables(char *file)
{
int ret;
char rules[100];
if (bpf_obj_pin(prog_fd, file))
error(1, errno, "bpf_obj_pin");
if (strlen(file) > 50) {
printf("file path too long: %s\n", file);
Reported by FlawFinder.
Line: 174
Column: 6
CWE codes:
126
if (bpf_obj_pin(prog_fd, file))
error(1, errno, "bpf_obj_pin");
if (strlen(file) > 50) {
printf("file path too long: %s\n", file);
exit(1);
}
sprintf(rules, "iptables -A OUTPUT -m bpf --object-pinned %s -j ACCEPT",
file);
Reported by FlawFinder.
samples/acrn/vm-sample.c
6 issues
Line: 82
CWE codes:
570
ret = ioctl(hsm_fd, ACRN_IOCTL_SET_MEMSEG, &ram_map);
printf("Set up VM memory! [%d]\n", ret);
memcpy(guest_memory, guest16, guest16_end-guest16);
/* setup vcpu registers */
memset(®s, 0, sizeof(regs));
regs.vcpu_id = 0;
regs.vcpu_regs.rip = 0;
Reported by Cppcheck.
Line: 27
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *guest_memory;
extern const unsigned char guest16[], guest16_end[];
static char io_request_page[4096] __attribute__((aligned(4096)));
static struct acrn_io_request *io_req_buf = (struct acrn_io_request *)io_request_page;
__u16 vcpu_num;
__u16 vmid;
/* POST_STANDARD_VM_UUID1, refer to https://github.com/projectacrn/acrn-hypervisor/blob/master/hypervisor/include/common/vm_uuids.h */
Reported by FlawFinder.
Line: 64
Column: 11
CWE codes:
362
printf("No enough memory!\n");
return -1;
}
hsm_fd = open("/dev/acrn_hsm", O_RDWR|O_CLOEXEC);
memcpy(&create_vm.uuid, &vm_uuid, 16);
create_vm.ioreq_buf = (__u64)io_req_buf;
ret = ioctl(hsm_fd, ACRN_IOCTL_CREATE_VM, &create_vm);
printf("Created VM! [%d]\n", ret);
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
hsm_fd = open("/dev/acrn_hsm", O_RDWR|O_CLOEXEC);
memcpy(&create_vm.uuid, &vm_uuid, 16);
create_vm.ioreq_buf = (__u64)io_req_buf;
ret = ioctl(hsm_fd, ACRN_IOCTL_CREATE_VM, &create_vm);
printf("Created VM! [%d]\n", ret);
vcpu_num = create_vm.vcpu_num;
vmid = create_vm.vmid;
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = ioctl(hsm_fd, ACRN_IOCTL_SET_MEMSEG, &ram_map);
printf("Set up VM memory! [%d]\n", ret);
memcpy(guest_memory, guest16, guest16_end-guest16);
/* setup vcpu registers */
memset(®s, 0, sizeof(regs));
regs.vcpu_id = 0;
regs.vcpu_regs.rip = 0;
Reported by FlawFinder.
Line: 59
Column: 17
CWE codes:
676
Suggestion:
Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient
argc = argc;
argv = argv;
guest_memory = memalign(4096, GUEST_MEMORY_SIZE);
if (!guest_memory) {
printf("No enough memory!\n");
return -1;
}
hsm_fd = open("/dev/acrn_hsm", O_RDWR|O_CLOEXEC);
Reported by FlawFinder.
net/xfrm/xfrm_policy.c
6 issues
Line: 296
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!IS_ERR(dst)) {
if (prev_saddr != saddr)
memcpy(prev_saddr, saddr, sizeof(*prev_saddr));
if (prev_daddr != daddr)
memcpy(prev_daddr, daddr, sizeof(*prev_daddr));
}
return dst;
Reported by FlawFinder.
Line: 298
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (prev_saddr != saddr)
memcpy(prev_saddr, saddr, sizeof(*prev_saddr));
if (prev_daddr != daddr)
memcpy(prev_daddr, daddr, sizeof(*prev_daddr));
}
return dst;
}
Reported by FlawFinder.
Line: 2312
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newp->index = old->index;
newp->type = old->type;
newp->family = old->family;
memcpy(newp->xfrm_vec, old->xfrm_vec,
newp->xfrm_nr*sizeof(struct xfrm_tmpl));
spin_lock_bh(&net->xfrm.xfrm_policy_lock);
xfrm_sk_policy_link(newp, dir);
spin_unlock_bh(&net->xfrm.xfrm_policy_lock);
xfrm_pol_put(newp);
Reported by FlawFinder.
Line: 2745
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
xdst = (struct xfrm_dst *)dst;
xdst->num_xfrms = err;
xdst->num_pols = num_pols;
memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols);
xdst->policy_genid = atomic_read(&pols[0]->genid);
return xdst;
}
Reported by FlawFinder.
Line: 2991
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
xdst->num_pols = num_pols;
xdst->num_xfrms = num_xfrms;
memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols);
return xdst;
inc_error:
XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
Reported by FlawFinder.
Line: 3102
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
num_pols = xdst->num_pols;
num_xfrms = xdst->num_xfrms;
memcpy(pols, xdst->pols, sizeof(struct xfrm_policy *) * num_pols);
route = xdst->route;
}
dst = &xdst->u.dst;
if (route == NULL && num_xfrms > 0) {
Reported by FlawFinder.
sound/mips/hal2.c
6 issues
Line: 867
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "SGI HAL2 Audio");
strcpy(card->shortname, "SGI HAL2 Audio");
sprintf(card->longname, "%s irq %i",
card->shortname,
SGI_HPCDMA_IRQ);
err = snd_card_register(card);
if (err < 0) {
Reported by FlawFinder.
Line: 579
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct snd_hal2 *hal2 = snd_pcm_substream_chip(substream);
unsigned char *buf = hal2->dac.buffer + rec->hw_data;
memcpy(buf, substream->runtime->dma_area + rec->sw_data, bytes);
dma_sync_single_for_device(hal2->card->dev,
hal2->dac.buffer_dma + rec->hw_data, bytes,
DMA_TO_DEVICE);
}
Reported by FlawFinder.
Line: 667
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_sync_single_for_cpu(hal2->card->dev,
hal2->adc.buffer_dma + rec->hw_data, bytes,
DMA_FROM_DEVICE);
memcpy(substream->runtime->dma_area + rec->sw_data, buf, bytes);
}
static int hal2_capture_ack(struct snd_pcm_substream *substream)
{
struct snd_hal2 *hal2 = snd_pcm_substream_chip(substream);
Reported by FlawFinder.
Line: 709
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
pcm->private_data = hal2;
strcpy(pcm->name, "SGI HAL2");
/* set operators */
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK,
&hal2_playback_ops);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE,
Reported by FlawFinder.
Line: 865
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
}
strcpy(card->driver, "SGI HAL2 Audio");
strcpy(card->shortname, "SGI HAL2 Audio");
sprintf(card->longname, "%s irq %i",
card->shortname,
SGI_HPCDMA_IRQ);
Reported by FlawFinder.
Line: 866
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcpy(card->driver, "SGI HAL2 Audio");
strcpy(card->shortname, "SGI HAL2 Audio");
sprintf(card->longname, "%s irq %i",
card->shortname,
SGI_HPCDMA_IRQ);
err = snd_card_register(card);
Reported by FlawFinder.
sound/mips/sgio2audio.c
6 issues
Line: 897
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "SGI O2 Audio");
strcpy(card->shortname, "SGI O2 Audio");
sprintf(card->longname, "%s irq %i-%i",
card->shortname,
MACEISA_AUDIO1_DMAT_IRQ,
MACEISA_AUDIO3_MERR_IRQ);
err = snd_card_register(card);
Reported by FlawFinder.
Line: 189
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sgio2audio_source_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[3] = {
"Cam Mic", "Mic", "Line"
};
return snd_ctl_enum_info(uinfo, 1, 3, texts);
}
Reported by FlawFinder.
Line: 688
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
pcm->private_data = chip;
strcpy(pcm->name, "SGI O2 DAC1");
/* set operators */
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK,
&snd_sgio2audio_playback1_ops);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE,
Reported by FlawFinder.
Line: 703
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
pcm->private_data = chip;
strcpy(pcm->name, "SGI O2 DAC2");
/* set operators */
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK,
&snd_sgio2audio_playback2_ops);
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_VMALLOC, NULL, 0, 0);
Reported by FlawFinder.
Line: 895
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
}
strcpy(card->driver, "SGI O2 Audio");
strcpy(card->shortname, "SGI O2 Audio");
sprintf(card->longname, "%s irq %i-%i",
card->shortname,
MACEISA_AUDIO1_DMAT_IRQ,
MACEISA_AUDIO3_MERR_IRQ);
Reported by FlawFinder.
Line: 896
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcpy(card->driver, "SGI O2 Audio");
strcpy(card->shortname, "SGI O2 Audio");
sprintf(card->longname, "%s irq %i-%i",
card->shortname,
MACEISA_AUDIO1_DMAT_IRQ,
MACEISA_AUDIO3_MERR_IRQ);
Reported by FlawFinder.
sound/oss/dmasound/dmasound_atari.c
6 issues
Line: 1476
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static int TTStateInfo(char *buffer, size_t space)
{
int len = 0;
len += sprintf(buffer+len, "\tvol left %ddB [-40... 0]\n",
dmasound.volume_left);
len += sprintf(buffer+len, "\tvol right %ddB [-40... 0]\n",
dmasound.volume_right);
len += sprintf(buffer+len, "\tbass %ddB [-12...+12]\n",
dmasound.bass);
Reported by FlawFinder.
Line: 1478
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int len = 0;
len += sprintf(buffer+len, "\tvol left %ddB [-40... 0]\n",
dmasound.volume_left);
len += sprintf(buffer+len, "\tvol right %ddB [-40... 0]\n",
dmasound.volume_right);
len += sprintf(buffer+len, "\tbass %ddB [-12...+12]\n",
dmasound.bass);
len += sprintf(buffer+len, "\ttreble %ddB [-12...+12]\n",
dmasound.treble);
Reported by FlawFinder.
Line: 1480
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dmasound.volume_left);
len += sprintf(buffer+len, "\tvol right %ddB [-40... 0]\n",
dmasound.volume_right);
len += sprintf(buffer+len, "\tbass %ddB [-12...+12]\n",
dmasound.bass);
len += sprintf(buffer+len, "\ttreble %ddB [-12...+12]\n",
dmasound.treble);
if (len >= space) {
printk(KERN_ERR "dmasound_atari: overflowed state buffer alloc.\n") ;
Reported by FlawFinder.
Line: 1482
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dmasound.volume_right);
len += sprintf(buffer+len, "\tbass %ddB [-12...+12]\n",
dmasound.bass);
len += sprintf(buffer+len, "\ttreble %ddB [-12...+12]\n",
dmasound.treble);
if (len >= space) {
printk(KERN_ERR "dmasound_atari: overflowed state buffer alloc.\n") ;
len = space ;
}
Reported by FlawFinder.
Line: 1494
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static int FalconStateInfo(char *buffer, size_t space)
{
int len = 0;
len += sprintf(buffer+len, "\tvol left %ddB [-22.5 ... 0]\n",
dmasound.volume_left);
len += sprintf(buffer+len, "\tvol right %ddB [-22.5 ... 0]\n",
dmasound.volume_right);
if (len >= space) {
printk(KERN_ERR "dmasound_atari: overflowed state buffer alloc.\n") ;
Reported by FlawFinder.
Line: 1496
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int len = 0;
len += sprintf(buffer+len, "\tvol left %ddB [-22.5 ... 0]\n",
dmasound.volume_left);
len += sprintf(buffer+len, "\tvol right %ddB [-22.5 ... 0]\n",
dmasound.volume_right);
if (len >= space) {
printk(KERN_ERR "dmasound_atari: overflowed state buffer alloc.\n") ;
len = space ;
}
Reported by FlawFinder.
sound/parisc/harmony.c
6 issues
Line: 956
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "harmony");
strcpy(card->shortname, "Harmony");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, h->hpa, h->irq);
err = snd_card_register(card);
if (err < 0)
goto free_and_ret;
Reported by FlawFinder.
Line: 618
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->private_data = h;
pcm->info_flags = 0;
strcpy(pcm->name, "harmony");
h->pcm = pcm;
h->psubs = NULL;
h->csubs = NULL;
Reported by FlawFinder.
Line: 748
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
snd_harmony_captureroute_info(struct snd_kcontrol *kc,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[2] = { "Line", "Mic" };
return snd_ctl_enum_info(uinfo, 1, 2, texts);
}
static int
Reported by FlawFinder.
Line: 840
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (snd_BUG_ON(!h))
return -EINVAL;
card = h->card;
strcpy(card->mixername, "Harmony Gain control interface");
for (idx = 0; idx < HARMONY_CONTROLS; idx++) {
err = snd_ctl_add(card,
snd_ctl_new1(&snd_harmony_controls[idx], h));
if (err < 0)
Reported by FlawFinder.
Line: 954
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
goto free_and_ret;
strcpy(card->driver, "harmony");
strcpy(card->shortname, "Harmony");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, h->hpa, h->irq);
err = snd_card_register(card);
Reported by FlawFinder.
Line: 955
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto free_and_ret;
strcpy(card->driver, "harmony");
strcpy(card->shortname, "Harmony");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, h->hpa, h->irq);
err = snd_card_register(card);
if (err < 0)
Reported by FlawFinder.
sound/pci/ad1889.c
6 issues
Line: 608
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->private_data = chip;
pcm->info_flags = 0;
strcpy(pcm->name, chip->card->shortname);
chip->pcm = pcm;
chip->psubs = NULL;
chip->csubs = NULL;
Reported by FlawFinder.
Line: 962
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto free_and_ret;
/* (4) */
sprintf(card->longname, "%s at 0x%lx irq %i",
card->shortname, chip->bar, chip->irq);
/* (5) */
/* register AC97 mixer */
err = snd_ad1889_ac97_init(chip, ac97_quirk[devno]);
Reported by FlawFinder.
Line: 51
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for the AD1889 soundcard.");
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
module_param_array(id, charp, NULL, 0444);
MODULE_PARM_DESC(id, "ID string for the AD1889 soundcard.");
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;
module_param_array(enable, bool, NULL, 0444);
Reported by FlawFinder.
Line: 59
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
module_param_array(enable, bool, NULL, 0444);
MODULE_PARM_DESC(enable, "Enable AD1889 soundcard.");
static char *ac97_quirk[SNDRV_CARDS];
module_param_array(ac97_quirk, charp, NULL, 0444);
MODULE_PARM_DESC(ac97_quirk, "AC'97 workaround for strange hardware.");
#define DEVNAME "ad1889"
#define PFX DEVNAME ": "
Reported by FlawFinder.
Line: 953
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(card->driver, "AD1889");
strcpy(card->shortname, "Analog Devices AD1889");
/* (3) */
err = snd_ad1889_create(card, pci, &chip);
if (err < 0)
Reported by FlawFinder.
Line: 954
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
strcpy(card->driver, "AD1889");
strcpy(card->shortname, "Analog Devices AD1889");
/* (3) */
err = snd_ad1889_create(card, pci, &chip);
if (err < 0)
goto free_and_ret;
Reported by FlawFinder.
samples/configfs/configfs_sample.c
6 issues
Line: 48
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct childless *childless = to_childless(item);
ssize_t pos;
pos = sprintf(page, "%d\n", childless->showme);
childless->showme++;
return pos;
}
Reported by FlawFinder.
Line: 56
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t childless_storeme_show(struct config_item *item, char *page)
{
return sprintf(page, "%d\n", to_childless(item)->storeme);
}
static ssize_t childless_storeme_store(struct config_item *item,
const char *page, size_t count)
{
Reported by FlawFinder.
Line: 74
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t childless_description_show(struct config_item *item, char *page)
{
return sprintf(page,
"[01-childless]\n"
"\n"
"The childless subsystem is the simplest possible subsystem in\n"
"configfs. It does not support the creation of child config_items.\n"
"It only has a few attributes. In fact, it isn't much different\n"
Reported by FlawFinder.
Line: 133
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t simple_child_storeme_show(struct config_item *item, char *page)
{
return sprintf(page, "%d\n", to_simple_child(item)->storeme);
}
static ssize_t simple_child_storeme_store(struct config_item *item,
const char *page, size_t count)
{
Reported by FlawFinder.
Line: 199
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t simple_children_description_show(struct config_item *item,
char *page)
{
return sprintf(page,
"[02-simple-children]\n"
"\n"
"This subsystem allows the creation of child config_items. These\n"
"items have only one attribute that is readable and writeable.\n");
}
Reported by FlawFinder.
Line: 277
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t group_children_description_show(struct config_item *item,
char *page)
{
return sprintf(page,
"[03-group-children]\n"
"\n"
"This subsystem allows the creation of child config_groups. These\n"
"groups are like the subsystem simple-children.\n");
}
Reported by FlawFinder.