The following issues were found
drivers/s390/net/qeth_core_sys.c
27 issues
Line: 29
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "DOWN\n");
case CARD_STATE_SOFTSETUP:
if (card->dev->flags & IFF_UP)
return sprintf(buf, "UP (LAN %s)\n",
netif_carrier_ok(card->dev) ? "ONLINE" :
"OFFLINE");
return sprintf(buf, "SOFTSETUP\n");
default:
return sprintf(buf, "UNKNOWN\n");
Reported by FlawFinder.
Line: 55
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct qeth_card *card = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", netdev_name(card->dev));
}
static DEVICE_ATTR(if_name, 0444, qeth_dev_if_name_show, NULL);
static ssize_t qeth_dev_card_type_show(struct device *dev,
Reported by FlawFinder.
Line: 65
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct qeth_card *card = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", qeth_get_cardname_short(card));
}
static DEVICE_ATTR(card_type, 0444, qeth_dev_card_type_show, NULL);
static const char *qeth_get_bufsize_str(struct qeth_card *card)
Reported by FlawFinder.
Line: 89
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct qeth_card *card = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", qeth_get_bufsize_str(card));
}
static DEVICE_ATTR(inbuf_size, 0444, qeth_dev_inbuf_size_show, NULL);
static ssize_t qeth_dev_portno_show(struct device *dev,
Reported by FlawFinder.
Line: 160
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (card->qdio.do_prio_queueing) {
case QETH_PRIO_Q_ING_PREC:
return sprintf(buf, "%s\n", "by precedence");
case QETH_PRIO_Q_ING_TOS:
return sprintf(buf, "%s\n", "by type of service");
case QETH_PRIO_Q_ING_SKB:
return sprintf(buf, "%s\n", "by skb-priority");
case QETH_PRIO_Q_ING_VLAN:
Reported by FlawFinder.
Line: 162
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case QETH_PRIO_Q_ING_PREC:
return sprintf(buf, "%s\n", "by precedence");
case QETH_PRIO_Q_ING_TOS:
return sprintf(buf, "%s\n", "by type of service");
case QETH_PRIO_Q_ING_SKB:
return sprintf(buf, "%s\n", "by skb-priority");
case QETH_PRIO_Q_ING_VLAN:
return sprintf(buf, "%s\n", "by VLAN headers");
case QETH_PRIO_Q_ING_FIXED:
Reported by FlawFinder.
Line: 164
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case QETH_PRIO_Q_ING_TOS:
return sprintf(buf, "%s\n", "by type of service");
case QETH_PRIO_Q_ING_SKB:
return sprintf(buf, "%s\n", "by skb-priority");
case QETH_PRIO_Q_ING_VLAN:
return sprintf(buf, "%s\n", "by VLAN headers");
case QETH_PRIO_Q_ING_FIXED:
return sprintf(buf, "always queue %i\n",
card->qdio.default_out_queue);
Reported by FlawFinder.
Line: 166
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case QETH_PRIO_Q_ING_SKB:
return sprintf(buf, "%s\n", "by skb-priority");
case QETH_PRIO_Q_ING_VLAN:
return sprintf(buf, "%s\n", "by VLAN headers");
case QETH_PRIO_Q_ING_FIXED:
return sprintf(buf, "always queue %i\n",
card->qdio.default_out_queue);
default:
return sprintf(buf, "disabled\n");
Reported by FlawFinder.
Line: 483
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
rc = sprintf(buf, "unknown");
if (sw_info.capabilities & QETH_SWITCH_FORW_802_1)
rc = sprintf(buf, (sw_info.settings & QETH_SWITCH_FORW_802_1 ?
"[802.1]" : "802.1"));
if (sw_info.capabilities & QETH_SWITCH_FORW_REFL_RELAY)
rc += sprintf(buf + rc,
(sw_info.settings & QETH_SWITCH_FORW_REFL_RELAY ?
" [rr]" : " rr"));
Reported by FlawFinder.
Line: 486
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
rc = sprintf(buf, (sw_info.settings & QETH_SWITCH_FORW_802_1 ?
"[802.1]" : "802.1"));
if (sw_info.capabilities & QETH_SWITCH_FORW_REFL_RELAY)
rc += sprintf(buf + rc,
(sw_info.settings & QETH_SWITCH_FORW_REFL_RELAY ?
" [rr]" : " rr"));
rc += sprintf(buf + rc, "\n");
return rc;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/core.c
27 issues
Line: 387
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
mlxsw_emad_reg_tlv_type_set(reg_tlv, MLXSW_EMAD_TLV_TYPE_REG);
mlxsw_emad_reg_tlv_len_set(reg_tlv, reg->len / sizeof(u32) + 1);
memcpy(reg_tlv + sizeof(u32), payload, reg->len);
}
static void mlxsw_emad_pack_string_tlv(char *string_tlv)
{
mlxsw_emad_string_tlv_type_set(string_tlv, MLXSW_EMAD_TLV_TYPE_STRING);
Reported by FlawFinder.
Line: 945
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcqi_pl[MLXSW_REG_MCQI_LEN];
int err;
mlxsw_reg_mcqi_pack(mcqi_pl, component_index);
err = mlxsw_reg_query(mlxsw_core, MLXSW_REG(mcqi), mcqi_pl);
if (err)
Reported by FlawFinder.
Line: 964
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
u8 control_state;
int err;
mlxsw_reg_mcc_pack(mcc_pl, 0, 0, 0, 0);
err = mlxsw_reg_query(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
Reported by FlawFinder.
Line: 987
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_UPDATE_COMPONENT,
component_index, fwhandle, component_size);
return mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
Line: 1000
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcda_pl[MLXSW_REG_MCDA_LEN];
mlxsw_reg_mcda_pack(mcda_pl, fwhandle, offset, size, data);
return mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcda), mcda_pl);
}
Reported by FlawFinder.
Line: 1012
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_VERIFY_COMPONENT,
component_index, fwhandle, 0);
return mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
Line: 1024
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_ACTIVATE, 0, fwhandle, 0);
return mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
Line: 1037
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
u8 control_state;
u8 error_code;
int err;
mlxsw_reg_mcc_pack(mcc_pl, 0, 0, fwhandle, 0);
Reported by FlawFinder.
Line: 1058
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_CANCEL, 0, fwhandle, 0);
mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
Line: 1069
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_RELEASE_UPDATE_HANDLE, 0, fwhandle, 0);
mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
tools/perf/util/annotate.c
27 issues
Line: 1669
Column: 8
CWE codes:
362
20
Suggestion:
Reconsider approach
if (dso__is_kcore(dso))
goto fallback;
len = readlink(build_id_path, linkname, sizeof(linkname) - 1);
if (len < 0)
goto fallback;
linkname[len] = '\0';
if (strstr(linkname, DSO__NAME_KALLSYMS) ||
Reported by FlawFinder.
Line: 1675
Column: 3
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
linkname[len] = '\0';
if (strstr(linkname, DSO__NAME_KALLSYMS) ||
access(filename, R_OK)) {
fallback:
/*
* If we don't have build-ids or the build-id file isn't in the
* cache, or is just a kallsyms file, well, lets hope that this
* DSO is the same as when 'perf record' ran.
Reported by FlawFinder.
Line: 1740
Column: 26
CWE codes:
134
Suggestion:
Use a constant for the format specification
goto out;
}
init_disassemble_info(&info, s,
(fprintf_ftype) fprintf);
info.arch = bfd_get_arch(bfdf);
info.mach = bfd_get_mach(bfdf);
info_node = perf_env__find_bpf_prog_info(dso->bpf_prog.env,
Reported by FlawFinder.
Line: 1988
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -1;
decomp = true;
strcpy(symfs_filename, tmp);
}
err = asprintf(&command,
"%s %s%s --start-address=0x%016" PRIx64
" --stop-address=0x%016" PRIx64
Reported by FlawFinder.
Line: 2487
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, fmt);
vfprintf(fp, fmt, args);
va_end(args);
}
static void FILE__write_graph(void *fp, int graph)
{
Reported by FlawFinder.
Line: 3078
Column: 43
CWE codes:
134
Suggestion:
Use a constant for the format specification
wops->change_color, wops->width, wops->obj,
opts->percent_type,
wops->set_color, wops->set_percent_color,
wops->set_jumps_percent_color, wops->printf,
wops->write_graph);
}
int symbol__annotate2(struct map_symbol *ms, struct evsel *evsel,
struct annotation_options *options, struct arch **parch)
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (new_instructions == NULL)
return -1;
memcpy(new_instructions, arch->instructions, arch->nr_instructions);
goto out_update_instructions;
}
static int arch__associate_ins_ops(struct arch* arch, const char *name, struct ins_ops *ops)
{
Reported by FlawFinder.
Line: 1496
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
/* /filename:linenr ? Save line number and ignore. */
if (regexec(&file_lineno, parsed_line, 2, match, 0) == 0) {
*line_nr = atoi(parsed_line + match[1].rm_so);
*fileloc = strdup(parsed_line);
return 0;
}
/* Process hex address followed by ':'. */
Reported by FlawFinder.
Line: 1591
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
switch (errnum) {
case SYMBOL_ANNOTATE_ERRNO__NO_VMLINUX: {
char bf[SBUILD_ID_SIZE + 15] = " with build id ";
char *build_id_msg = NULL;
if (dso->has_build_id) {
build_id__sprintf(&dso->bid, bf + 15);
build_id_msg = bf;
Reported by FlawFinder.
Line: 1633
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int dso__disassemble_filename(struct dso *dso, char *filename, size_t filename_size)
{
char linkname[PATH_MAX];
char *build_id_filename;
char *build_id_path = NULL;
char *pos;
int len;
Reported by FlawFinder.
tools/perf/util/scripting-engines/trace-event-python.c
27 issues
Line: 877
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
const char *default_handler_name = "trace_unhandled";
if (!event) {
snprintf(handler_name, sizeof(handler_name),
"ug! no event found for type %" PRIu64, (u64)evsel->core.attr.config);
Py_FatalError(handler_name);
}
pid = raw_field_value(event, "common_pid", data);
Reported by FlawFinder.
Line: 884
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pid = raw_field_value(event, "common_pid", data);
sprintf(handler_name, "%s__%s", event->system, event->name);
if (!test_and_set_bit(event->id, events_defined))
define_event_symbols(event, handler_name, event->print_fmt.args);
handler = get_handler(handler_name);
Reported by FlawFinder.
Line: 884
Column: 41
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
pid = raw_field_value(event, "common_pid", data);
sprintf(handler_name, "%s__%s", event->system, event->name);
if (!test_and_set_bit(event->id, events_defined))
define_event_symbols(event, handler_name, event->print_fmt.args);
handler = get_handler(handler_name);
Reported by FlawFinder.
Line: 1825
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
fp = fopen(script, "r");
if (!fp) {
sprintf(buf, "Can't open python script \"%s\"", script);
perror(buf);
err = -1;
goto error;
}
Reported by FlawFinder.
Line: 1893
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char fname[PATH_MAX];
FILE *ofp;
sprintf(fname, "%s.py", outfile);
ofp = fopen(fname, "w");
if (ofp == NULL) {
fprintf(stderr, "couldn't open %s\n", fname);
return -1;
}
Reported by FlawFinder.
Line: 1940
Column: 38
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
for (i = 0; all_events && i < nr_events; i++) {
event = all_events[i];
fprintf(ofp, "def %s__%s(", event->system, event->name);
fprintf(ofp, "event_name, ");
fprintf(ofp, "context, ");
fprintf(ofp, "common_cpu,\n");
fprintf(ofp, "\tcommon_secs, ");
fprintf(ofp, "common_nsecs, ");
Reported by FlawFinder.
Line: 2016
Column: 39
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
count = 4;
}
fprintf(ofp, "flag_str(\"");
fprintf(ofp, "%s__%s\", ", event->system,
event->name);
fprintf(ofp, "\"%s\", %s)", f->name,
f->name);
} else if (f->flags & TEP_FIELD_IS_SYMBOLIC) {
if ((count - 1) % 5 != 0) {
Reported by FlawFinder.
Line: 2026
Column: 39
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
count = 4;
}
fprintf(ofp, "symbol_str(\"");
fprintf(ofp, "%s__%s\", ", event->system,
event->name);
fprintf(ofp, "\"%s\", %s)", f->name,
f->name);
} else
fprintf(ofp, "%s", f->name);
Reported by FlawFinder.
Line: 568
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct branch_entry *entries = perf_sample__branch_entries(sample);
PyObject *pylist;
u64 i;
char bf[512];
struct addr_location al;
pylist = PyList_New(0);
if (!pylist)
Py_FatalError("couldn't create Python list");
Reported by FlawFinder.
Line: 679
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_sample *sample)
{
struct mem_info mi = { .data_src.val = sample->data_src };
char decode[100];
pydict_set_item_string_decref(dict, "datasrc",
PyLong_FromUnsignedLongLong(sample->data_src));
perf_script__meminfo_scnprintf(decode, 100, &mi);
Reported by FlawFinder.
drivers/md/dm-crypt.c
27 issues
Line: 458
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* LMK seed is on the position of LMK_KEYS + 1 key */
if (lmk->seed)
memcpy(lmk->seed, cc->key + (cc->tfms_count * subkey_size),
crypto_shash_digestsize(lmk->hash_tfm));
return 0;
}
Reported by FlawFinder.
Line: 517
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < MD5_HASH_WORDS; i++)
__cpu_to_le32s(&md5state.hash[i]);
memcpy(iv, &md5state.hash, cc->iv_size);
return 0;
}
static int crypt_iv_lmk_gen(struct crypt_config *cc, u8 *iv,
Reported by FlawFinder.
Line: 614
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
int key_offset = cc->key_size - cc->iv_size - TCW_WHITENING_SIZE;
memcpy(tcw->iv_seed, &cc->key[key_offset], cc->iv_size);
memcpy(tcw->whitening, &cc->key[key_offset + cc->iv_size],
TCW_WHITENING_SIZE);
return 0;
}
Reported by FlawFinder.
Line: 615
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int key_offset = cc->key_size - cc->iv_size - TCW_WHITENING_SIZE;
memcpy(tcw->iv_seed, &cc->key[key_offset], cc->iv_size);
memcpy(tcw->whitening, &cc->key[key_offset + cc->iv_size],
TCW_WHITENING_SIZE);
return 0;
}
Reported by FlawFinder.
Line: 981
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) {
sg2 = crypt_get_sg_data(cc, dmreq->sg_in);
data2 = kmap_atomic(sg_page(sg2));
memcpy(data_offset, data2 + sg2->offset, cc->sector_size);
kunmap_atomic(data2);
}
if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) {
diffuser_disk_to_cpu((u32*)data_offset, cc->sector_size / sizeof(u32));
Reported by FlawFinder.
Line: 1336
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cc->iv_gen_ops) {
/* For READs use IV stored in integrity metadata */
if (cc->integrity_iv_size && bio_data_dir(ctx->bio_in) != WRITE) {
memcpy(org_iv, tag_iv, cc->iv_size);
} else {
r = cc->iv_gen_ops->generator(cc, org_iv, dmreq);
if (r < 0)
return r;
/* Store generated IV in integrity metadata */
Reported by FlawFinder.
Line: 1343
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return r;
/* Store generated IV in integrity metadata */
if (cc->integrity_iv_size)
memcpy(tag_iv, org_iv, cc->iv_size);
}
/* Working copy of IV, to be modified in crypto API */
memcpy(iv, org_iv, cc->iv_size);
}
Reported by FlawFinder.
Line: 1346
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tag_iv, org_iv, cc->iv_size);
}
/* Working copy of IV, to be modified in crypto API */
memcpy(iv, org_iv, cc->iv_size);
}
aead_request_set_ad(req, sizeof(uint64_t) + cc->iv_size);
if (bio_data_dir(ctx->bio_in) == WRITE) {
aead_request_set_crypt(req, dmreq->sg_in, dmreq->sg_out,
Reported by FlawFinder.
Line: 1364
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (r == -EBADMSG) {
char b[BDEVNAME_SIZE];
DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu", bio_devname(ctx->bio_in, b),
(unsigned long long)le64_to_cpu(*sector));
}
if (!r && cc->iv_gen_ops && cc->iv_gen_ops->post)
Reported by FlawFinder.
Line: 1423
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cc->iv_gen_ops) {
/* For READs use IV stored in integrity metadata */
if (cc->integrity_iv_size && bio_data_dir(ctx->bio_in) != WRITE) {
memcpy(org_iv, tag_iv, cc->integrity_iv_size);
} else {
r = cc->iv_gen_ops->generator(cc, org_iv, dmreq);
if (r < 0)
return r;
/* Data can be already preprocessed in generator */
Reported by FlawFinder.
tools/perf/pmu-events/jevents.c
27 issues
Line: 114
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_start(args, fmt);
ret = vfprintf(stderr, fmt, args);
va_end(args);
return ret;
}
Reported by FlawFinder.
Line: 139
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!olen)
*(*dst) = 0;
else
strcat(*dst, sep);
strcat(*dst, a);
if (bt)
strncat(*dst, map + bt->start, blen);
}
Reported by FlawFinder.
Line: 140
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
*(*dst) = 0;
else
strcat(*dst, sep);
strcat(*dst, a);
if (bt)
strncat(*dst, map + bt->start, blen);
}
static void fixname(char *s)
Reported by FlawFinder.
Line: 996
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char path[PATH_MAX];
struct stat st;
sprintf(path, "%s/%s", fpath, dir->d_name);
if (stat(path, &st))
break;
if (S_ISDIR(st.st_mode)) {
res = 0;
Reported by FlawFinder.
Line: 1221
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 2;
}
sprintf(ldirname, "%s/%s", start_dirname, arch);
/* If architecture does not have any event lists, bail out */
if (stat(ldirname, &stbuf) < 0) {
pr_info("%s: Arch %s has no PMU event lists\n", prog, arch);
empty_map = 1;
Reported by FlawFinder.
Line: 1252
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (rc)
goto err_processing_dir;
sprintf(ldirname, "%s/test", start_dirname);
rc = nftw(ldirname, preprocess_arch_std_files, maxfds, 0);
if (rc)
goto err_processing_std_arch_event_dir;
Reported by FlawFinder.
Line: 528
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; fixed[i].name; i++)
if (!strcasecmp(name, fixed[i].name))
return (char *)fixed[i].event;
return event;
}
static int
try_fixup(const char *fn, char *arch_std, struct json_event *je, char **event)
Reported by FlawFinder.
Line: 561
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
jsmntok_t *tokens, *tok;
int i, j, len;
char *map;
char buf[128];
if (!fn)
return -ENOENT;
tokens = parse_json(fn, &map, &size, &len);
Reported by FlawFinder.
Line: 864
Column: 10
CWE codes:
362
if (!line)
return -1;
mapfp = fopen(fpath, "r");
if (!mapfp) {
pr_info("%s: Error %s opening %s\n", prog, strerror(errno),
fpath);
free(line);
return -1;
Reported by FlawFinder.
Line: 944
Column: 10
CWE codes:
362
pr_info("%s: Creating empty pmu_events_map[] table\n", prog);
/* Truncate file to clear any partial writes to it */
outfp = fopen(output_file, "w");
if (!outfp) {
perror("fopen()");
_Exit(1);
}
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/debug.c
27 issues
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void ath10k_debug_print_hwfw_info(struct ath10k *ar)
{
const struct firmware *firmware;
char fw_features[128] = {};
u32 crc = 0;
ath10k_core_get_fw_features_str(ar, fw_features, sizeof(fw_features));
ath10k_info(ar, "%s target 0x%08x chip_id 0x%08x sub %04x:%04x",
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void ath10k_debug_print_board_info(struct ath10k *ar)
{
char boardinfo[100];
const struct firmware *board;
u32 crc;
if (ar->id.bmi_ids_valid)
scnprintf(boardinfo, sizeof(boardinfo), "%d:%d",
Reported by FlawFinder.
Line: 546
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath10k *ar = file->private_data;
char buf[32] = {0};
ssize_t rc;
int ret;
/* filter partial writes and invalid commands */
if (*ppos != 0 || count >= sizeof(buf) || count == 0)
Reported by FlawFinder.
Line: 618
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath10k *ar = file->private_data;
size_t len;
char buf[50];
len = scnprintf(buf, sizeof(buf), "0x%08x\n", ar->bus_param.chip_id);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
Reported by FlawFinder.
Line: 908
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath10k *ar = file->private_data;
char buf[32];
size_t len;
len = scnprintf(buf, sizeof(buf), "%lu\n", ar->debug.htt_stats_mask);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
Reported by FlawFinder.
Line: 961
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath10k *ar = file->private_data;
char buf[64];
u8 amsdu, ampdu;
size_t len;
mutex_lock(&ar->conf_mutex);
Reported by FlawFinder.
Line: 982
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath10k *ar = file->private_data;
int res;
char buf[64] = {0};
unsigned int amsdu, ampdu;
res = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos,
user_buf, count);
if (res <= 0)
Reported by FlawFinder.
Line: 1024
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath10k *ar = file->private_data;
size_t len;
char buf[96];
len = scnprintf(buf, sizeof(buf), "0x%16llx %u\n",
ar->debug.fw_dbglog_mask, ar->debug.fw_dbglog_level);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
Reported by FlawFinder.
Line: 1038
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath10k *ar = file->private_data;
int ret;
char buf[96] = {0};
unsigned int log_level;
u64 mask;
ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos,
user_buf, count);
Reported by FlawFinder.
Line: 1142
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 sset, u8 *data)
{
if (sset == ETH_SS_STATS)
memcpy(data, *ath10k_gstrings_stats,
sizeof(ath10k_gstrings_stats));
}
int ath10k_debug_get_et_sset_count(struct ieee80211_hw *hw,
struct ieee80211_vif *vif, int sset)
Reported by FlawFinder.
drivers/net/wireless/ath/ath11k/wmi.c
27 issues
Line: 388
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_cap_info[0] = mac_phy_caps->he_cap_info_2g;
cap_band->he_cap_info[1] = mac_phy_caps->he_cap_info_2g_ext;
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_2g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_2g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet2g,
sizeof(struct ath11k_ppe_threshold));
}
Reported by FlawFinder.
Line: 390
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_2g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_2g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet2g,
sizeof(struct ath11k_ppe_threshold));
}
if (mac_phy_caps->supported_bands & WMI_HOST_WLAN_5G_CAP) {
cap_band = &pdev_cap->band[NL80211_BAND_5GHZ];
Reported by FlawFinder.
Line: 402
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_cap_info[0] = mac_phy_caps->he_cap_info_5g;
cap_band->he_cap_info[1] = mac_phy_caps->he_cap_info_5g_ext;
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_5g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_5g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet5g,
sizeof(struct ath11k_ppe_threshold));
}
Reported by FlawFinder.
Line: 404
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_5g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_5g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet5g,
sizeof(struct ath11k_ppe_threshold));
}
cap_band = &pdev_cap->band[NL80211_BAND_6GHZ];
cap_band->max_bw_supported = mac_phy_caps->max_bw_supported_5g;
Reported by FlawFinder.
Line: 414
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_cap_info[0] = mac_phy_caps->he_cap_info_5g;
cap_band->he_cap_info[1] = mac_phy_caps->he_cap_info_5g_ext;
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_5g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_5g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet5g,
sizeof(struct ath11k_ppe_threshold));
return 0;
Reported by FlawFinder.
Line: 416
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_5g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_5g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet5g,
sizeof(struct ath11k_ppe_threshold));
return 0;
}
Reported by FlawFinder.
Line: 609
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frame_tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_BYTE) |
FIELD_PREP(WMI_TLV_LEN, buf_len);
memcpy(frame_tlv->value, frame->data, buf_len);
ath11k_ce_byte_swap(frame_tlv->value, buf_len);
ret = ath11k_wmi_cmd_send(wmi, skb, WMI_MGMT_TX_SEND_CMDID);
if (ret) {
Reported by FlawFinder.
Line: 862
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!restart) {
if (arg->ssid) {
cmd->ssid.ssid_len = arg->ssid_len;
memcpy(cmd->ssid.ssid, arg->ssid, arg->ssid_len);
}
if (arg->hidden_ssid)
cmd->flags |= WMI_VDEV_START_HIDDEN_SSID;
if (arg->pmf_enabled)
cmd->flags |= WMI_VDEV_START_PMF_ENABLED;
Reported by FlawFinder.
Line: 1627
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tlv = ptr;
tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_BYTE) |
FIELD_PREP(WMI_TLV_LEN, aligned_len);
memcpy(tlv->value, bcn->data, bcn->len);
ret = ath11k_wmi_cmd_send(wmi, skb, WMI_BCN_TMPL_CMDID);
if (ret) {
ath11k_warn(ar->ab, "failed to send WMI_BCN_TMPL_CMDID\n");
dev_kfree_skb(skb);
Reported by FlawFinder.
Line: 1667
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->key_rxmic_len = arg->key_rxmic_len;
if (arg->key_rsc_counter)
memcpy(&cmd->key_rsc_counter, &arg->key_rsc_counter,
sizeof(struct wmi_key_seq_counter));
tlv = (struct wmi_tlv *)(skb->data + sizeof(*cmd));
tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_BYTE) |
FIELD_PREP(WMI_TLV_LEN, key_len_aligned);
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmsmac/main.c
27 issues
Line: 319
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char * const fifo_names[] = {
"AC_BK", "AC_BE", "AC_VI", "AC_VO", "BCMC", "ATIM" };
#else
static const char fifo_names[6][1];
#endif
#ifdef DEBUG
/* pointer to most recently allocated wl/wlc */
static struct brcms_c_info *wlc_info_dbg = (struct brcms_c_info *) (NULL);
Reported by FlawFinder.
Line: 1107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool brcms_b_attach_dmapio(struct brcms_c_info *wlc, uint j, bool wme)
{
uint i;
char name[8];
/*
* ucode host flag 2 needed for pio mode, independent of band and fifo
*/
u16 pio_mhf2 = 0;
struct brcms_hardware *wlc_hw = wlc->hw;
Reported by FlawFinder.
Line: 1537
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
be_bit = (bcma_read32(core, D11REGOFFS(maccontrol)) & MCTL_BIGEND) != 0;
while (len > 0) {
memcpy(&word, buf, sizeof(u32));
if (be_bit) {
word_be = cpu_to_be32(word);
word = *(u32 *)&word_be;
} else {
Reported by FlawFinder.
Line: 1897
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* If macaddr exists, use it (Sromrev4, CIS, ...). */
if (!is_zero_ether_addr(sprom->il0mac)) {
memcpy(etheraddr, sprom->il0mac, ETH_ALEN);
return;
}
if (wlc_hw->_nbands > 1)
memcpy(etheraddr, sprom->et1mac, ETH_ALEN);
Reported by FlawFinder.
Line: 1902
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (wlc_hw->_nbands > 1)
memcpy(etheraddr, sprom->et1mac, ETH_ALEN);
else
memcpy(etheraddr, sprom->il0mac, ETH_ALEN);
}
/* power both the pll and external oscillator on/off */
Reported by FlawFinder.
Line: 1904
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (wlc_hw->_nbands > 1)
memcpy(etheraddr, sprom->et1mac, ETH_ALEN);
else
memcpy(etheraddr, sprom->il0mac, ETH_ALEN);
}
/* power both the pll and external oscillator on/off */
static void brcms_b_xtal(struct brcms_hardware *wlc_hw, bool want)
{
Reported by FlawFinder.
Line: 3787
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 len = min_t(u8, sizeof(wlc->bsscfg->SSID), ssid_len);
memset(wlc->bsscfg->SSID, 0, sizeof(wlc->bsscfg->SSID));
memcpy(wlc->bsscfg->SSID, ssid, len);
wlc->bsscfg->SSID_len = len;
}
static void brcms_b_set_shortslot(struct brcms_hardware *wlc_hw, bool shortslot)
{
Reported by FlawFinder.
Line: 5321
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
brcms_c_rateset_mcs_build(&wlc->default_bss->rateset,
wlc->stf->txstreams);
for (i = 0; i < wlc->pub->_nbands; i++)
memcpy(wlc->bandstate[i]->hw_rateset.mcs,
wlc->default_bss->rateset.mcs, MCSSET_LEN);
return 0;
}
Reported by FlawFinder.
Line: 5334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct brcms_c_rateset rs, new;
uint bandunit;
memcpy(&rs, rs_arg, sizeof(struct brcms_c_rateset));
/* check for bad count value */
if ((rs.count == 0) || (rs.count > BRCMS_NUMRATES))
return -EINVAL;
Reported by FlawFinder.
Line: 5342
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* try the current band */
bandunit = wlc->band->bandunit;
memcpy(&new, &rs, sizeof(struct brcms_c_rateset));
if (brcms_c_rate_hwrs_filter_sort_validate
(&new, &wlc->bandstate[bandunit]->hw_rateset, true,
wlc->stf->txstreams))
goto good;
Reported by FlawFinder.
drivers/hid/hid-sensor-custom.c
27 issues
Line: 287
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
bool input = false;
int value = 0;
if (sscanf(attr->attr.name, "feature-%x-%x-%s", &index, &usage,
name) == 3) {
feature = true;
field_index = index + sensor_inst->input_field_count;
} else if (sscanf(attr->attr.name, "input-%x-%x-%s", &index, &usage,
name) == 3) {
Reported by FlawFinder.
Line: 291
Column: 13
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
name) == 3) {
feature = true;
field_index = index + sensor_inst->input_field_count;
} else if (sscanf(attr->attr.name, "input-%x-%x-%s", &index, &usage,
name) == 3) {
input = true;
field_index = index;
} else
return -EINVAL;
Reported by FlawFinder.
Line: 392
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
char name[HID_CUSTOM_NAME_LENGTH];
int value, ret;
if (sscanf(attr->attr.name, "feature-%x-%x-%s", &index, &usage,
name) == 3) {
field_index = index + sensor_inst->input_field_count;
} else
return -EINVAL;
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hid_sensor_custom_field {
int report_id;
char group_name[HID_CUSTOM_NAME_LENGTH];
struct hid_sensor_hub_attribute_info attribute;
struct device_attribute sd_attrs[HID_CUSTOM_MAX_CORE_ATTRS];
char attr_name[HID_CUSTOM_TOTAL_ATTRS][HID_CUSTOM_NAME_LENGTH];
struct attribute *attrs[HID_CUSTOM_TOTAL_ATTRS];
struct attribute_group hid_custom_attribute_group;
Reported by FlawFinder.
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char group_name[HID_CUSTOM_NAME_LENGTH];
struct hid_sensor_hub_attribute_info attribute;
struct device_attribute sd_attrs[HID_CUSTOM_MAX_CORE_ATTRS];
char attr_name[HID_CUSTOM_TOTAL_ATTRS][HID_CUSTOM_NAME_LENGTH];
struct attribute *attrs[HID_CUSTOM_TOTAL_ATTRS];
struct attribute_group hid_custom_attribute_group;
};
struct hid_sensor_custom {
Reported by FlawFinder.
Line: 157
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct hid_sensor_custom *sensor_inst = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", sensor_inst->enable);
}
static int set_power_report_state(struct hid_sensor_custom *sensor_inst,
bool state)
{
Reported by FlawFinder.
Line: 282
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hid_sensor_custom *sensor_inst = dev_get_drvdata(dev);
struct hid_sensor_hub_attribute_info *attribute;
int index, usage, field_index;
char name[HID_CUSTOM_NAME_LENGTH];
bool feature = false;
bool input = false;
int value = 0;
if (sscanf(attr->attr.name, "feature-%x-%x-%s", &index, &usage,
Reported by FlawFinder.
Line: 377
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return snprintf(buf, PAGE_SIZE, "%s\n",
usage_desc->desc);
else
return sprintf(buf, "not-specified\n");
} else
return -EINVAL;
return sprintf(buf, "%d\n", value);
}
Reported by FlawFinder.
Line: 381
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else
return -EINVAL;
return sprintf(buf, "%d\n", value);
}
static ssize_t store_value(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 389
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct hid_sensor_custom *sensor_inst = dev_get_drvdata(dev);
int index, field_index, usage;
char name[HID_CUSTOM_NAME_LENGTH];
int value, ret;
if (sscanf(attr->attr.name, "feature-%x-%x-%s", &index, &usage,
name) == 3) {
field_index = index + sensor_inst->input_field_count;
Reported by FlawFinder.