The following issues were found
drivers/soundwire/master.c
5 issues
Line: 43
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
char *buf) \
{ \
struct sdw_master_device *md = dev_to_sdw_master_device(dev); \
return sprintf(buf, format_string, md->bus->prop.field); \
} \
static DEVICE_ATTR_RO(field)
sdw_master_attr(revision, "0x%x\n");
sdw_master_attr(clk_stop_modes, "0x%x\n");
Reported by FlawFinder.
Line: 64
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i;
for (i = 0; i < md->bus->prop.num_clk_freq; i++)
size += sprintf(buf + size, "%8d ",
md->bus->prop.clk_freq[i]);
size += sprintf(buf + size, "\n");
return size;
}
Reported by FlawFinder.
Line: 80
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i;
for (i = 0; i < md->bus->prop.num_clk_gears; i++)
size += sprintf(buf + size, "%8d ",
md->bus->prop.clk_gears[i]);
size += sprintf(buf + size, "\n");
return size;
}
Reported by FlawFinder.
Line: 66
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < md->bus->prop.num_clk_freq; i++)
size += sprintf(buf + size, "%8d ",
md->bus->prop.clk_freq[i]);
size += sprintf(buf + size, "\n");
return size;
}
static DEVICE_ATTR_RO(clock_frequencies);
Reported by FlawFinder.
Line: 82
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < md->bus->prop.num_clk_gears; i++)
size += sprintf(buf + size, "%8d ",
md->bus->prop.clk_gears[i]);
size += sprintf(buf + size, "\n");
return size;
}
static DEVICE_ATTR_RO(clock_gears);
Reported by FlawFinder.
drivers/staging/emxx_udc/emxx_udc.c
5 issues
Line: 499
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (count) {
p = req->req.buf;
p += (req->req.actual - count);
memcpy(data, p, count);
}
}
if (req->mapped) {
if (req->unaligned) {
Reported by FlawFinder.
Line: 506
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (req->mapped) {
if (req->unaligned) {
if (direct == USB_DIR_OUT)
memcpy(req->req.buf, ep->virt_buf,
req->req.actual & 0xfffffffc);
} else {
dma_unmap_single(udc->gadget.dev.parent,
req->req.dma, req->req.length,
(direct == USB_DIR_IN)
Reported by FlawFinder.
Line: 529
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (count) {
p = req->req.buf;
p += (req->req.actual - count);
memcpy(p, data, count);
}
}
#endif
/*-------------------------------------------------------------------------*/
Reported by FlawFinder.
Line: 1519
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (result >= 0) {
memcpy(udc->ep0_buf, &status_data, length);
_nbu2ss_create_ep0_packet(udc, udc->ep0_buf, length);
_nbu2ss_ep0_in_transfer(udc, &udc->ep0_req);
} else {
dev_err(udc->dev, " Error GET_STATUS\n");
Reported by FlawFinder.
Line: 2599
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GFP_ATOMIC | GFP_DMA);
if (ep->epnum > 0) {
if (ep->direct == USB_DIR_IN)
memcpy(ep->virt_buf, req->req.buf,
req->req.length);
}
}
if ((ep->epnum > 0) && (ep->direct == USB_DIR_OUT) &&
Reported by FlawFinder.
drivers/staging/fieldbus/dev_core.c
5 issues
Line: 119
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%s\n", t);
}
static DEVICE_ATTR_RO(fieldbus_type);
static struct attribute *fieldbus_attrs[] = {
&dev_attr_enabled.attr,
Reported by FlawFinder.
Line: 31
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct fieldbus_dev *fb = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", !!fb->online);
}
static DEVICE_ATTR_RO(online);
static ssize_t enabled_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 42
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!fb->enable_get)
return -EINVAL;
return sprintf(buf, "%d\n", !!fb->enable_get(fb));
}
static ssize_t enabled_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t n)
{
Reported by FlawFinder.
Line: 82
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct fieldbus_dev *fb = dev_get_drvdata(dev);
return sprintf(buf, "%zu\n", fb->read_area_sz);
}
static DEVICE_ATTR_RO(read_area_size);
static ssize_t write_area_size_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 91
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct fieldbus_dev *fb = dev_get_drvdata(dev);
return sprintf(buf, "%zu\n", fb->write_area_sz);
}
static DEVICE_ATTR_RO(write_area_size);
static ssize_t fieldbus_id_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
drivers/staging/gdm724x/gdm_usb.c
5 issues
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 mac_address[ETH_ALEN] = {0, };
if (tlv->type == MAC_ADDRESS && udev->request_mac_addr) {
memcpy(mac_address, tlv->data, tlv->len);
if (register_lte_device(phy_dev,
&udev->intf->dev, mac_address) < 0)
pr_err("register lte device failed\n");
Reported by FlawFinder.
Line: 619
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
list_del(&t_sdu->list);
spin_unlock_irqrestore(&tx->lock, flags);
memcpy(multi_sdu->data + send_len, t_sdu->buf, t_sdu->len);
send_len += (t_sdu->len + 3) & 0xfffc;
num_packet++;
if (tx->avail_count > 10)
Reported by FlawFinder.
Line: 735
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sdu->cmd_evt = gdm_cpu_to_dev16(udev->gdm_ed, LTE_TX_SDU);
if (nic_type == NIC_TYPE_ARP) {
send_len = len + SDU_PARAM_LEN;
memcpy(sdu->data, data, len);
} else {
send_len = len - ETH_HLEN;
send_len += SDU_PARAM_LEN;
memcpy(sdu->data, data + ETH_HLEN, len - ETH_HLEN);
}
Reported by FlawFinder.
Line: 739
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
send_len = len - ETH_HLEN;
send_len += SDU_PARAM_LEN;
memcpy(sdu->data, data + ETH_HLEN, len - ETH_HLEN);
}
sdu->len = gdm_cpu_to_dev16(udev->gdm_ed, send_len);
sdu->dft_eps_ID = gdm_cpu_to_dev32(udev->gdm_ed, dft_eps_ID);
sdu->bearer_ID = gdm_cpu_to_dev32(udev->gdm_ed, eps_ID);
Reported by FlawFinder.
Line: 781
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(t->buf, data, len);
t->callback = cb;
t->cb_data = cb_data;
t->len = len;
t->tx = tx;
t->is_sdu = 0;
Reported by FlawFinder.
drivers/staging/greybus/arche-apb-ctrl.c
5 issues
Line: 302
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (apb->state) {
case ARCHE_PLATFORM_STATE_OFF:
return sprintf(buf, "off%s\n",
apb->init_disabled ? ",disabled" : "");
case ARCHE_PLATFORM_STATE_ACTIVE:
return sprintf(buf, "active\n");
case ARCHE_PLATFORM_STATE_STANDBY:
return sprintf(buf, "standby\n");
Reported by FlawFinder.
Line: 305
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "off%s\n",
apb->init_disabled ? ",disabled" : "");
case ARCHE_PLATFORM_STATE_ACTIVE:
return sprintf(buf, "active\n");
case ARCHE_PLATFORM_STATE_STANDBY:
return sprintf(buf, "standby\n");
case ARCHE_PLATFORM_STATE_FW_FLASHING:
return sprintf(buf, "fw_flashing\n");
default:
Reported by FlawFinder.
Line: 307
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case ARCHE_PLATFORM_STATE_ACTIVE:
return sprintf(buf, "active\n");
case ARCHE_PLATFORM_STATE_STANDBY:
return sprintf(buf, "standby\n");
case ARCHE_PLATFORM_STATE_FW_FLASHING:
return sprintf(buf, "fw_flashing\n");
default:
return sprintf(buf, "unknown state\n");
}
Reported by FlawFinder.
Line: 309
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case ARCHE_PLATFORM_STATE_STANDBY:
return sprintf(buf, "standby\n");
case ARCHE_PLATFORM_STATE_FW_FLASHING:
return sprintf(buf, "fw_flashing\n");
default:
return sprintf(buf, "unknown state\n");
}
}
Reported by FlawFinder.
Line: 311
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case ARCHE_PLATFORM_STATE_FW_FLASHING:
return sprintf(buf, "fw_flashing\n");
default:
return sprintf(buf, "unknown state\n");
}
}
static DEVICE_ATTR_RW(state);
Reported by FlawFinder.
drivers/staging/greybus/arche-platform.c
5 issues
Line: 376
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (arche_pdata->state) {
case ARCHE_PLATFORM_STATE_OFF:
return sprintf(buf, "off\n");
case ARCHE_PLATFORM_STATE_ACTIVE:
return sprintf(buf, "active\n");
case ARCHE_PLATFORM_STATE_STANDBY:
return sprintf(buf, "standby\n");
case ARCHE_PLATFORM_STATE_FW_FLASHING:
Reported by FlawFinder.
Line: 378
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case ARCHE_PLATFORM_STATE_OFF:
return sprintf(buf, "off\n");
case ARCHE_PLATFORM_STATE_ACTIVE:
return sprintf(buf, "active\n");
case ARCHE_PLATFORM_STATE_STANDBY:
return sprintf(buf, "standby\n");
case ARCHE_PLATFORM_STATE_FW_FLASHING:
return sprintf(buf, "fw_flashing\n");
default:
Reported by FlawFinder.
Line: 380
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case ARCHE_PLATFORM_STATE_ACTIVE:
return sprintf(buf, "active\n");
case ARCHE_PLATFORM_STATE_STANDBY:
return sprintf(buf, "standby\n");
case ARCHE_PLATFORM_STATE_FW_FLASHING:
return sprintf(buf, "fw_flashing\n");
default:
return sprintf(buf, "unknown state\n");
}
Reported by FlawFinder.
Line: 382
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case ARCHE_PLATFORM_STATE_STANDBY:
return sprintf(buf, "standby\n");
case ARCHE_PLATFORM_STATE_FW_FLASHING:
return sprintf(buf, "fw_flashing\n");
default:
return sprintf(buf, "unknown state\n");
}
}
Reported by FlawFinder.
Line: 384
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case ARCHE_PLATFORM_STATE_FW_FLASHING:
return sprintf(buf, "fw_flashing\n");
default:
return sprintf(buf, "unknown state\n");
}
}
static DEVICE_ATTR_RW(state);
Reported by FlawFinder.
drivers/staging/greybus/audio_codec.h
5 issues
Line: 122
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int pid;
int type;
int set_uevent;
char vstr[NAME_SIZE];
char pstr[NAME_SIZE];
struct list_head list;
/* need to share this info to above user space */
int manager_id;
char name[NAME_SIZE];
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int type;
int set_uevent;
char vstr[NAME_SIZE];
char pstr[NAME_SIZE];
struct list_head list;
/* need to share this info to above user space */
int manager_id;
char name[NAME_SIZE];
unsigned int ip_devices;
Reported by FlawFinder.
Line: 127
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head list;
/* need to share this info to above user space */
int manager_id;
char name[NAME_SIZE];
unsigned int ip_devices;
unsigned int op_devices;
/* jack related */
char jack_name[NAME_SIZE];
Reported by FlawFinder.
Line: 132
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int op_devices;
/* jack related */
char jack_name[NAME_SIZE];
char button_name[NAME_SIZE];
int jack_type;
int jack_mask;
int button_mask;
int button_status;
Reported by FlawFinder.
Line: 133
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* jack related */
char jack_name[NAME_SIZE];
char button_name[NAME_SIZE];
int jack_type;
int jack_mask;
int button_mask;
int button_status;
struct gbaudio_jack headset;
Reported by FlawFinder.
drivers/staging/greybus/power_supply.c
5 issues
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool registered;
struct power_supply *psy;
struct power_supply_desc desc;
char name[64];
struct gb_power_supplies *supplies;
struct delayed_work work;
char *manufacturer;
char *model_name;
char *serial_number;
Reported by FlawFinder.
Line: 450
Column: 7
CWE codes:
126
int ret = 0;
struct power_supply *psy;
if (!strlen(init_name))
init_name = "gb_power_supply";
strscpy(name, init_name, len);
while ((ret < len) && (psy = power_supply_get_by_name(name))) {
power_supply_put(psy);
Reported by FlawFinder.
Line: 466
Column: 6
CWE codes:
126
static void _gb_power_supply_append_props(struct gb_power_supply *gbpsy)
{
if (strlen(gbpsy->manufacturer))
prop_append(gbpsy, POWER_SUPPLY_PROP_MANUFACTURER);
if (strlen(gbpsy->model_name))
prop_append(gbpsy, POWER_SUPPLY_PROP_MODEL_NAME);
if (strlen(gbpsy->serial_number))
prop_append(gbpsy, POWER_SUPPLY_PROP_SERIAL_NUMBER);
Reported by FlawFinder.
Line: 468
Column: 6
CWE codes:
126
{
if (strlen(gbpsy->manufacturer))
prop_append(gbpsy, POWER_SUPPLY_PROP_MANUFACTURER);
if (strlen(gbpsy->model_name))
prop_append(gbpsy, POWER_SUPPLY_PROP_MODEL_NAME);
if (strlen(gbpsy->serial_number))
prop_append(gbpsy, POWER_SUPPLY_PROP_SERIAL_NUMBER);
}
Reported by FlawFinder.
Line: 470
Column: 6
CWE codes:
126
prop_append(gbpsy, POWER_SUPPLY_PROP_MANUFACTURER);
if (strlen(gbpsy->model_name))
prop_append(gbpsy, POWER_SUPPLY_PROP_MODEL_NAME);
if (strlen(gbpsy->serial_number))
prop_append(gbpsy, POWER_SUPPLY_PROP_SERIAL_NUMBER);
}
static int gb_power_supply_description_get(struct gb_power_supply *gbpsy)
{
Reported by FlawFinder.
drivers/staging/iio/adc/ad7280a.c
5 issues
Line: 137
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int slave_num;
int scan_cnt;
int readback_delay_us;
unsigned char crc_tab[CRC8_TABLE_SIZE];
unsigned char ctrl_hb;
unsigned char ctrl_lb;
unsigned char cell_threshhigh;
unsigned char cell_threshlow;
unsigned char aux_threshhigh;
Reported by FlawFinder.
Line: 144
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char cell_threshlow;
unsigned char aux_threshhigh;
unsigned char aux_threshlow;
unsigned char cb_mask[AD7280A_MAX_CHAIN];
struct mutex lock; /* protect sensor state */
__be32 buf[2] ____cacheline_aligned;
};
Reported by FlawFinder.
Line: 407
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct ad7280_state *st = iio_priv(indio_dev);
struct iio_dev_attr *this_attr = to_iio_dev_attr(attr);
return sprintf(buf, "%d\n",
!!(st->cb_mask[this_attr->address >> 8] &
(1 << ((this_attr->address & 0xFF) + 2))));
}
static ssize_t ad7280_store_balance_sw(struct device *dev,
Reported by FlawFinder.
Line: 464
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
msecs = (ret >> 3) * 71500;
return sprintf(buf, "%u\n", msecs);
}
static ssize_t ad7280_store_balance_timer(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
Line: 710
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -EINVAL;
}
return sprintf(buf, "%u\n", val);
}
static ssize_t ad7280_write_channel_config(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
drivers/staging/media/atomisp/pci/sh_css_firmware.c
5 issues
Line: 63
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *isp2401_release_version = STR(irci_ecr - master_20150911_0724);
#define MAX_FW_REL_VER_NAME 300
static char FW_rel_ver_name[MAX_FW_REL_VER_NAME] = "---";
struct ia_css_fw_info sh_css_sp_fw;
struct ia_css_blob_descr *sh_css_blob_info; /* Only ISP blob info (no SP) */
unsigned int sh_css_num_binaries; /* This includes 1 SP binary */
Reported by FlawFinder.
Line: 98
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!sh_css_fw->blob.code)
return -ENOMEM;
memcpy((void *)sh_css_fw->blob.code, blob_data, fw->blob.size);
sh_css_fw->blob.data = (char *)sh_css_fw->blob.code + fw->blob.data_source;
fw_minibuffer[binary_id].buffer = sh_css_fw->blob.code;
return 0;
}
Reported by FlawFinder.
Line: 166
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fw_minibuffer[index].buffer = parambuf;
/* copy ia_css_memory_offsets */
memcpy(parambuf, (void *)(fw +
bi->blob.memory_offsets.offsets[IA_CSS_PARAM_CLASS_PARAM]),
paramstruct_size);
bd->mem_offsets.array[IA_CSS_PARAM_CLASS_PARAM].ptr = parambuf;
/* copy ia_css_config_memory_offsets */
Reported by FlawFinder.
Line: 172
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bd->mem_offsets.array[IA_CSS_PARAM_CLASS_PARAM].ptr = parambuf;
/* copy ia_css_config_memory_offsets */
memcpy(parambuf + paramstruct_size,
(void *)(fw + bi->blob.memory_offsets.offsets[IA_CSS_PARAM_CLASS_CONFIG]),
configstruct_size);
bd->mem_offsets.array[IA_CSS_PARAM_CLASS_CONFIG].ptr = parambuf +
paramstruct_size;
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
paramstruct_size;
/* copy ia_css_state_memory_offsets */
memcpy(parambuf + paramstruct_size + configstruct_size,
(void *)(fw + bi->blob.memory_offsets.offsets[IA_CSS_PARAM_CLASS_STATE]),
statestruct_size);
bd->mem_offsets.array[IA_CSS_PARAM_CLASS_STATE].ptr = parambuf +
paramstruct_size + configstruct_size;
}
Reported by FlawFinder.