The following issues were found
drivers/ata/sata_fsl.c
5 issues
Line: 323
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t fsl_sata_intr_coalescing_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d %d\n",
intr_coalescing_count, intr_coalescing_ticks);
}
static ssize_t fsl_sata_intr_coalescing_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 360
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rx_watermark &= 0x1f;
spin_unlock_irqrestore(&host->lock, flags);
return sprintf(buf, "%d\n", rx_watermark);
}
static ssize_t fsl_sata_rx_watermark_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 535
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ata_is_atapi(qc->tf.protocol)) {
desc_info |= ATAPI_CMD;
memset((void *)&cd->acmd, 0, 32);
memcpy((void *)&cd->acmd, qc->cdb, qc->dev->cdb_len);
}
if (qc->flags & ATA_QCFLAG_DMAMAP)
num_prde = sata_fsl_fill_sg(qc, (void *)cd,
&ttl_dwords, cd_paddr,
Reported by FlawFinder.
Line: 343
Column: 9
CWE codes:
126
fsl_sata_set_irq_coalescing(dev_get_drvdata(dev),
coalescing_count, coalescing_ticks);
return strlen(buf);
}
static ssize_t fsl_sata_rx_watermark_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 385
Column: 9
CWE codes:
126
iowrite32(temp | rx_watermark, csr_base + TRANSCFG);
spin_unlock_irqrestore(&host->lock, flags);
return strlen(buf);
}
static inline unsigned int sata_fsl_tag(unsigned int tag,
void __iomem *hcr_base)
{
Reported by FlawFinder.
drivers/char/virtio_console.c
5 issues
Line: 1282
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
port = dev_get_drvdata(dev);
return sprintf(buffer, "%s\n", port->name);
}
static DEVICE_ATTR(name, S_IRUGO, show_port_name, NULL);
static struct attribute *port_sysfs_entries[] = {
Reported by FlawFinder.
Line: 681
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return -EFAULT;
} else {
memcpy((__force char *)out_buf, buf->buf + buf->offset,
out_count);
}
buf->offset += out_count;
Reported by FlawFinder.
Line: 896
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = PAGE_SIZE - offset;
src = kmap_atomic(buf->page);
memcpy(page_address(page) + offset, src + buf->offset, len);
kunmap_atomic(src);
sg_set_page(&(sgl->sg[sgl->n]), page, len, offset);
}
sgl->n++;
Reported by FlawFinder.
Line: 1360
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int add_port(struct ports_device *portdev, u32 id)
{
char debugfs_name[16];
struct port *port;
dev_t devt;
int err;
port = kmalloc(sizeof(*port), GFP_KERNEL);
Reported by FlawFinder.
Line: 1672
Column: 3
CWE codes:
120
"Not enough space to store port name\n");
break;
}
strncpy(port->name, buf->buf + buf->offset + sizeof(*cpkt),
name_size - 1);
port->name[name_size - 1] = 0;
/*
* Since we only have one sysfs attribute, 'name',
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.h
5 issues
Line: 310
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum amdgpu_ras_error_type type;
uint32_t sub_block_index;
/* block name */
char name[32];
};
struct amdgpu_ras {
/* ras infrastructure */
/* for ras itself. */
Reported by FlawFinder.
Line: 351
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct ras_fs_data {
char sysfs_name[32];
char debugfs_name[32];
};
struct ras_err_data {
unsigned long ue_count;
Reported by FlawFinder.
Line: 352
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ras_fs_data {
char sysfs_name[32];
char debugfs_name[32];
};
struct ras_err_data {
unsigned long ue_count;
unsigned long ce_count;
Reported by FlawFinder.
Line: 420
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* interfaces for IP */
struct ras_fs_if {
struct ras_common_if head;
char sysfs_name[32];
char debugfs_name[32];
};
struct ras_query_if {
struct ras_common_if head;
Reported by FlawFinder.
Line: 421
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ras_fs_if {
struct ras_common_if head;
char sysfs_name[32];
char debugfs_name[32];
};
struct ras_query_if {
struct ras_common_if head;
unsigned long ue_count;
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c
5 issues
Line: 259
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct amdgpu_hive_info *hive)
{
int ret = 0;
char node[10] = { 0 };
/* Create xgmi device id file */
ret = device_create_file(adev->dev, &dev_attr_xgmi_device_id);
if (ret) {
dev_err(adev->dev, "XGMI: Failed to create device file xgmi_device_id\n");
Reported by FlawFinder.
Line: 284
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
sprintf(node, "node%d", atomic_read(&hive->number_devices));
/* Create sysfs link form the hive folder to yourself */
ret = sysfs_create_link(&hive->kobj, &adev->dev->kobj, node);
if (ret) {
dev_err(adev->dev, "XGMI: Failed to create link from hive info");
goto remove_link;
Reported by FlawFinder.
Line: 308
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void amdgpu_xgmi_sysfs_rem_dev_info(struct amdgpu_device *adev,
struct amdgpu_hive_info *hive)
{
char node[10];
memset(node, 0, sizeof(node));
device_remove_file(adev->dev, &dev_attr_xgmi_device_id);
device_remove_file(adev->dev, &dev_attr_xgmi_error);
Reported by FlawFinder.
Line: 317
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (hive->kobj.parent != (&adev->dev->kobj))
sysfs_remove_link(&adev->dev->kobj,"xgmi_hive_info");
sprintf(node, "node%d", atomic_read(&hive->number_devices));
sysfs_remove_link(&hive->kobj, node);
}
Reported by FlawFinder.
Line: 654
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
adev->gmc.xgmi.ras_if->block = AMDGPU_RAS_BLOCK__XGMI_WAFL;
adev->gmc.xgmi.ras_if->type = AMDGPU_RAS_ERROR__MULTI_UNCORRECTABLE;
adev->gmc.xgmi.ras_if->sub_block_index = 0;
strcpy(adev->gmc.xgmi.ras_if->name, "xgmi_wafl");
}
ih_info.head = fs_info.head = *adev->gmc.xgmi.ras_if;
r = amdgpu_ras_late_init(adev, adev->gmc.xgmi.ras_if,
&fs_info, &ih_info);
if (r || !amdgpu_ras_is_supported(adev, adev->gmc.xgmi.ras_if->block)) {
Reported by FlawFinder.
crypto/streebog_generic.c
5 issues
Line: 999
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
streebog_add512(&ctx->Sigma, &ctx->m, &ctx->Sigma);
streebog_g(&ctx->h, &buffer0, &ctx->N);
streebog_g(&ctx->h, &buffer0, &ctx->Sigma);
memcpy(&ctx->hash, &ctx->h, sizeof(struct streebog_uint512));
}
static int streebog_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
Reported by FlawFinder.
Line: 1012
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
chunksize = STREEBOG_BLOCK_SIZE - ctx->fillsize;
if (chunksize > len)
chunksize = len;
memcpy(&ctx->buffer[ctx->fillsize], data, chunksize);
ctx->fillsize += chunksize;
len -= chunksize;
data += chunksize;
if (ctx->fillsize == STREEBOG_BLOCK_SIZE) {
Reported by FlawFinder.
Line: 1030
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (len) {
memcpy(&ctx->buffer, data, len);
ctx->fillsize = len;
}
return 0;
}
Reported by FlawFinder.
Line: 1043
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
streebog_stage3(ctx);
ctx->fillsize = 0;
if (crypto_shash_digestsize(desc->tfm) == STREEBOG256_DIGEST_SIZE)
memcpy(digest, &ctx->hash.qword[4], STREEBOG256_DIGEST_SIZE);
else
memcpy(digest, &ctx->hash.qword[0], STREEBOG512_DIGEST_SIZE);
return 0;
}
Reported by FlawFinder.
Line: 1045
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (crypto_shash_digestsize(desc->tfm) == STREEBOG256_DIGEST_SIZE)
memcpy(digest, &ctx->hash.qword[4], STREEBOG256_DIGEST_SIZE);
else
memcpy(digest, &ctx->hash.qword[0], STREEBOG512_DIGEST_SIZE);
return 0;
}
static struct shash_alg algs[2] = { {
.digestsize = STREEBOG256_DIGEST_SIZE,
Reported by FlawFinder.
drivers/char/mem.c
5 issues
Line: 728
Column: 17
CWE codes:
362
filp->f_op = dev->fops;
filp->f_mode |= dev->fmode;
if (dev->fops->open)
return dev->fops->open(inode, filp);
return 0;
}
Reported by FlawFinder.
Line: 729
Column: 21
CWE codes:
362
filp->f_mode |= dev->fmode;
if (dev->fops->open)
return dev->fops->open(inode, filp);
return 0;
}
static const struct file_operations memory_fops = {
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/atom.c
5 issues
Line: 1325
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c_ptr = (unsigned char *)(p_rom + off_to_vbios_str);
} else {
/* do not know where to find name */
memcpy(ctx->name, na, 7);
ctx->name[7] = 0;
return;
}
/*
Reported by FlawFinder.
Line: 1344
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
c_ptr += 2;
name_size = strnlen(c_ptr, STRLEN_LONG - 1);
memcpy(ctx->name, c_ptr, name_size);
back = ctx->name + name_size;
while ((*--back) == ' ')
;
*(back + 1) = '\0';
}
Reported by FlawFinder.
Line: 1450
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (vbios_ver != NULL) {
/* skip ATOMBIOSBK-AMD VER */
vbios_ver += 18;
memcpy(ctx->vbios_ver_str, vbios_ver, STRLEN_NORMAL);
} else {
ctx->vbios_ver_str[0] = '\0';
}
}
Reported by FlawFinder.
Line: 1480
Column: 7
CWE codes:
126
}
if (strncmp
(CSTR(ATOM_ATI_MAGIC_PTR), ATOM_ATI_MAGIC,
strlen(ATOM_ATI_MAGIC))) {
pr_info("Invalid ATI magic\n");
kfree(ctx);
return NULL;
}
Reported by FlawFinder.
Line: 1489
Column: 7
CWE codes:
126
base = CU16(ATOM_ROM_TABLE_PTR);
if (strncmp
(CSTR(base + ATOM_ROM_MAGIC_PTR), ATOM_ROM_MAGIC,
strlen(ATOM_ROM_MAGIC))) {
pr_info("Invalid ATOM magic\n");
kfree(ctx);
return NULL;
}
Reported by FlawFinder.
crypto/shash.c
5 issues
Line: 57
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
memcpy(alignbuffer, key, keylen);
err = shash->setkey(tfm, alignbuffer, keylen);
kfree_sensitive(buffer);
return err;
}
Reported by FlawFinder.
Line: 113
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unaligned_len > len)
unaligned_len = len;
memcpy(buf, data, unaligned_len);
err = shash->update(desc, buf, unaligned_len);
memset(buf, 0, unaligned_len);
return err ?:
shash->update(desc, data + unaligned_len, len - unaligned_len);
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto out;
memcpy(out, buf, ds);
out:
memset(buf, 0, ds);
return err;
}
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int shash_default_export(struct shash_desc *desc, void *out)
{
memcpy(out, shash_desc_ctx(desc), crypto_shash_descsize(desc->tfm));
return 0;
}
static int shash_default_import(struct shash_desc *desc, const void *in)
{
Reported by FlawFinder.
Line: 245
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int shash_default_import(struct shash_desc *desc, const void *in)
{
memcpy(shash_desc_ctx(desc), in, crypto_shash_descsize(desc->tfm));
return 0;
}
static int shash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
unsigned int keylen)
Reported by FlawFinder.
drivers/gpu/drm/amd/amdkfd/kfd_crat.c
5 issues
Line: 1171
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err;
}
memcpy(top_dev->oem_id, crat_table->oem_id, CRAT_OEMID_LENGTH);
memcpy(top_dev->oem_table_id, crat_table->oem_table_id,
CRAT_OEMTABLEID_LENGTH);
top_dev->oem_revision = crat_table->oem_revision;
sub_type_hdr = (struct crat_subtype_generic *)(crat_table+1);
Reported by FlawFinder.
Line: 1172
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(top_dev->oem_id, crat_table->oem_id, CRAT_OEMID_LENGTH);
memcpy(top_dev->oem_table_id, crat_table->oem_table_id,
CRAT_OEMTABLEID_LENGTH);
top_dev->oem_revision = crat_table->oem_revision;
sub_type_hdr = (struct crat_subtype_generic *)(crat_table+1);
while ((char *)sub_type_hdr + sizeof(struct crat_subtype_generic) <
Reported by FlawFinder.
Line: 1577
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(pcrat_image, crat_table, crat_table->length);
*crat_image = pcrat_image;
*size = crat_table->length;
out:
acpi_put_table(crat_table);
return rc;
Reported by FlawFinder.
Line: 1761
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_warn("DSDT table not found for OEM information\n");
else {
crat_table->oem_revision = acpi_table->revision;
memcpy(crat_table->oem_id, acpi_table->oem_id,
CRAT_OEMID_LENGTH);
memcpy(crat_table->oem_table_id, acpi_table->oem_table_id,
CRAT_OEMTABLEID_LENGTH);
acpi_put_table(acpi_table);
}
Reported by FlawFinder.
Line: 1763
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
crat_table->oem_revision = acpi_table->revision;
memcpy(crat_table->oem_id, acpi_table->oem_id,
CRAT_OEMID_LENGTH);
memcpy(crat_table->oem_table_id, acpi_table->oem_table_id,
CRAT_OEMTABLEID_LENGTH);
acpi_put_table(acpi_table);
}
crat_table->total_entries = 0;
crat_table->num_domains = 0;
Reported by FlawFinder.
drivers/char/ipmi/ipmi_poweroff.c
5 issues
Line: 216
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ipmi_system_interface_addr smi_addr;
struct kernel_ipmi_msg send_msg;
int rv;
unsigned char data[1];
/*
* Configure IPMI address for local access
*/
smi_addr.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
Reported by FlawFinder.
Line: 251
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ipmi_system_interface_addr smi_addr;
struct kernel_ipmi_msg send_msg;
int rv;
unsigned char data[4];
/*
* Configure IPMI address for local access
*/
smi_addr.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
Reported by FlawFinder.
Line: 322
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ipmi_ipmb_addr ipmb_addr;
struct kernel_ipmi_msg send_msg;
int rv;
unsigned char data[1];
int slot;
unsigned char hotswap_ipmb;
unsigned char aer_addr;
unsigned char aer_lun;
Reported by FlawFinder.
Line: 429
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char ipmi_version_major = ipmi_version & 0xF;
const char ipmi_version_minor = (ipmi_version >> 4) & 0xF;
const char mfr[3] = DELL_IANA_MFR_ID;
if (!memcmp(mfr, &mfg_id, sizeof(mfr)) &&
ipmi_version_major <= 1 &&
ipmi_version_minor < 5)
return 1;
return 0;
Reported by FlawFinder.
Line: 473
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ipmi_system_interface_addr smi_addr;
struct kernel_ipmi_msg send_msg;
int rv;
unsigned char data[1];
/*
* Configure IPMI address for local access
*/
smi_addr.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
Reported by FlawFinder.