The following issues were found
drivers/message/fusion/mptbase.c
26 issues
Line: 2108
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
spin_unlock_irqrestore(&ioc->fw_event_lock, flags);
destroy_workqueue(wq);
snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s/summary", ioc->name);
remove_proc_entry(pname, NULL);
snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s/info", ioc->name);
remove_proc_entry(pname, NULL);
snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s", ioc->name);
remove_proc_entry(pname, NULL);
Reported by FlawFinder.
Line: 2110
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s/summary", ioc->name);
remove_proc_entry(pname, NULL);
snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s/info", ioc->name);
remove_proc_entry(pname, NULL);
snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s", ioc->name);
remove_proc_entry(pname, NULL);
/* call per device driver remove entry point */
Reported by FlawFinder.
Line: 2112
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
remove_proc_entry(pname, NULL);
snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s/info", ioc->name);
remove_proc_entry(pname, NULL);
snprintf(pname, sizeof(pname), MPT_PROCFS_MPTBASEDIR "/%s", ioc->name);
remove_proc_entry(pname, NULL);
/* call per device driver remove entry point */
for(cb_idx = 0; cb_idx < MPT_MAX_PROTOCOL_DRIVERS; cb_idx++) {
if(MptDeviceDriverHandlers[cb_idx] &&
Reported by FlawFinder.
Line: 6806
Column: 6
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/*
* Shorter summary of attached ioc's...
*/
y = sprintf(buffer+len, "%s: %s, %s%08xh%s, Ports=%d, MaxQ=%d",
ioc->name,
ioc->prod_name,
MPT_FW_REV_MAGIC_ID_STRING, /* "FwRev=" or somesuch */
ioc->facts.FWVersion.Word,
expVer,
Reported by FlawFinder.
Line: 114
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_PARM_DESC(mpt_fwfault_debug,
"Enable detection of Firmware fault and halt Firmware on fault - (default=0)");
static char MptCallbacksName[MPT_MAX_PROTOCOL_DRIVERS]
[MPT_MAX_CALLBACKNAME_LEN+1];
#ifdef MFCNT
static int mfcounter = 0;
#define PRINT_MF_COUNT 20000
Reported by FlawFinder.
Line: 649
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
ioc->mptbase_cmds.status |= MPT_MGMT_STATUS_COMMAND_GOOD;
ioc->mptbase_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
memcpy(ioc->mptbase_cmds.reply, reply,
min(MPT_DEFAULT_FRAME_SIZE,
4 * reply->u.reply.MsgLength));
if (ioc->mptbase_cmds.status & MPT_MGMT_STATUS_PENDING) {
ioc->mptbase_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
complete(&ioc->mptbase_cmds.done);
Reported by FlawFinder.
Line: 1789
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
ioc->id = mpt_ids++;
sprintf(ioc->name, "ioc%d", ioc->id);
dinitprintk(ioc, printk(KERN_WARNING MYNAM ": mpt_adapter_install\n"));
/*
* set initial debug level
* (refer to mptdebug.h)
Reported by FlawFinder.
Line: 2087
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mpt_detach(struct pci_dev *pdev)
{
MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
char pname[64];
u8 cb_idx;
unsigned long flags;
struct workqueue_struct *wq;
/*
Reported by FlawFinder.
Line: 4986
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((rc = mpt_config(ioc, &cfg)) == 0) {
/* save the data */
copy_sz = min_t(int, sizeof(LANPage0_t), data_sz);
memcpy(&ioc->lan_cnfg_page0, ppage0_alloc, copy_sz);
}
pci_free_consistent(ioc->pcidev, data_sz, (u8 *) ppage0_alloc, page0_dma);
Reported by FlawFinder.
Line: 5031
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((rc = mpt_config(ioc, &cfg)) == 0) {
/* save the data */
copy_sz = min_t(int, sizeof(LANPage1_t), data_sz);
memcpy(&ioc->lan_cnfg_page1, ppage1_alloc, copy_sz);
}
pci_free_consistent(ioc->pcidev, data_sz, (u8 *) ppage1_alloc, page1_dma);
/* FIXME!
Reported by FlawFinder.
tools/perf/util/probe-event.c
26 issues
Line: 62
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int ret;
va_list ap;
va_start(ap, format);
ret = vsnprintf(str, size, format, ap);
va_end(ap);
if (ret >= (int)size)
ret = -E2BIG;
return ret;
}
Reported by FlawFinder.
Line: 2499
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
}
INIT_LIST_HEAD(&node->list);
list_add_tail(&node->list, blacklist);
if (sscanf(buf, "0x%" PRIx64 "-0x%" PRIx64, &node->start, &node->end) != 2) {
ret = -EINVAL;
break;
}
p = strchr(buf, '\t');
if (p) {
Reported by FlawFinder.
Line: 195
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int convert_exec_to_group(const char *exec, char **result)
{
char *ptr1, *ptr2, *exec_copy;
char buf[64];
int ret;
exec_copy = strdup(exec);
if (!exec_copy)
return -ENOMEM;
Reported by FlawFinder.
Line: 279
Column: 7
CWE codes:
362
char *mod_name = NULL;
int name_offset;
fd = open(module, O_RDONLY);
if (fd < 0)
return NULL;
elf = elf_begin(fd, PERF_ELF_C_READ_MMAP, NULL);
if (elf == NULL)
Reported by FlawFinder.
Line: 332
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = 0;
if (module) {
char module_name[128];
snprintf(module_name, sizeof(module_name), "[%s]", module);
map = maps__find_by_name(&host_machine->kmaps, module_name);
if (map) {
dso = map->dso;
Reported by FlawFinder.
Line: 425
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
int ret;
memcpy(tmp, &pev->point, sizeof(*tmp));
memset(&pev->point, 0, sizeof(pev->point));
ret = find_alternative_probe_point(dinfo, tmp, &pev->point, pev->target,
pev->nsi, pev->uprobes);
if (ret < 0)
memcpy(&pev->point, tmp, sizeof(*tmp));
Reported by FlawFinder.
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = find_alternative_probe_point(dinfo, tmp, &pev->point, pev->target,
pev->nsi, pev->uprobes);
if (ret < 0)
memcpy(&pev->point, tmp, sizeof(*tmp));
return ret;
}
static int get_alternative_line_range(struct debuginfo *dinfo,
Reported by FlawFinder.
Line: 467
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool silent)
{
debuginfod_client *c = debuginfod_begin();
char sbuild_id[SBUILD_ID_SIZE + 1];
struct debuginfo *ret = NULL;
struct nscookie nsc;
char *path;
int fd;
Reported by FlawFinder.
Line: 510
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool silent)
{
const char *path = module;
char reason[STRERR_BUFSIZE];
struct debuginfo *ret = NULL;
struct dso *dso = NULL;
struct nscookie nsc;
int err;
Reported by FlawFinder.
Line: 521
Column: 6
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0) {
if (!dso || dso->load_errno == 0) {
if (!str_error_r(-err, reason, STRERR_BUFSIZE))
strcpy(reason, "(unknown)");
} else
dso__strerror_load(dso, reason, STRERR_BUFSIZE);
if (dso)
ret = open_from_debuginfod(dso, nsi, silent);
if (ret)
Reported by FlawFinder.
drivers/scsi/qla2xxx/qla_mbx.c
26 issues
Line: 2028
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Names are little-endian. */
memcpy(fcport->node_name, pd24->node_name, WWN_SIZE);
memcpy(fcport->port_name, pd24->port_name, WWN_SIZE);
/* Get port_id of device. */
fcport->d_id.b.domain = pd24->port_id[0];
fcport->d_id.b.area = pd24->port_id[1];
Reported by FlawFinder.
Line: 2029
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Names are little-endian. */
memcpy(fcport->node_name, pd24->node_name, WWN_SIZE);
memcpy(fcport->port_name, pd24->port_name, WWN_SIZE);
/* Get port_id of device. */
fcport->d_id.b.domain = pd24->port_id[0];
fcport->d_id.b.area = pd24->port_id[1];
fcport->d_id.b.al_pa = pd24->port_id[2];
Reported by FlawFinder.
Line: 2073
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Names are little-endian. */
memcpy(fcport->node_name, pd->node_name, WWN_SIZE);
memcpy(fcport->port_name, pd->port_name, WWN_SIZE);
/* Get port_id of device. */
fcport->d_id.b.domain = pd->port_id[0];
fcport->d_id.b.area = pd->port_id[3];
Reported by FlawFinder.
Line: 2074
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Names are little-endian. */
memcpy(fcport->node_name, pd->node_name, WWN_SIZE);
memcpy(fcport->port_name, pd->port_name, WWN_SIZE);
/* Get port_id of device. */
fcport->d_id.b.domain = pd->port_id[0];
fcport->d_id.b.area = pd->port_id[3];
fcport->d_id.b.al_pa = pd->port_id[2];
Reported by FlawFinder.
Line: 3082
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pmap, pmap[0] + 1);
if (pos_map)
memcpy(pos_map, pmap, FCAL_MAP_SIZE);
}
dma_pool_free(ha->s_dma_pool, pmap, pmap_dma);
if (rval != QLA_SUCCESS) {
ql_dbg(ql_dbg_mbx, vha, 0x1082, "Failed=%x.\n", rval);
Reported by FlawFinder.
Line: 3806
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"Done %s.\n", __func__);
if (mb)
memcpy(mb, mcp->mb, 8 * sizeof(*mb));
if (dwords)
*dwords = buffers;
}
return rval;
Reported by FlawFinder.
Line: 4089
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ha->flags.fawwpn_enabled &&
(rptid_entry->u.f1.flags &
BIT_6)) {
memcpy(vha->port_name,
rptid_entry->u.f1.port_name,
WWN_SIZE);
}
qlt_update_host_map(vha, id);
Reported by FlawFinder.
Line: 4222
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qlt_modify_vp_config(vha, vpmod);
memcpy(vpmod->node_name_idx1, vha->node_name, WWN_SIZE);
memcpy(vpmod->port_name_idx1, vha->port_name, WWN_SIZE);
vpmod->entry_count = 1;
rval = qla2x00_issue_iocb(base_vha, vpmod, vpmod_dma, 0);
if (rval != QLA_SUCCESS) {
Reported by FlawFinder.
Line: 4223
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qlt_modify_vp_config(vha, vpmod);
memcpy(vpmod->node_name_idx1, vha->node_name, WWN_SIZE);
memcpy(vpmod->port_name_idx1, vha->port_name, WWN_SIZE);
vpmod->entry_count = 1;
rval = qla2x00_issue_iocb(base_vha, vpmod, vpmod_dma, 0);
if (rval != QLA_SUCCESS) {
ql_dbg(ql_dbg_mbx, vha, 0x10bd,
Reported by FlawFinder.
Line: 4610
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"Entered %s.\n", __func__);
mcp->mb[0] = MBC_IDC_ACK;
memcpy(&mcp->mb[1], mb, QLA_IDC_ACK_REGS * sizeof(uint16_t));
mcp->out_mb = MBX_7|MBX_6|MBX_5|MBX_4|MBX_3|MBX_2|MBX_1|MBX_0;
mcp->in_mb = MBX_0;
mcp->tov = MBX_TOV_SECONDS;
mcp->flags = 0;
rval = qla2x00_mailbox_command(vha, mcp);
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
26 issues
Line: 1095
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
ver.l = cpu_to_le32(adapter->fw_release_number);
sprintf(fw_ver, "%u.%u.%u.p%u", ver.c[2], ver.c[1], ver.c[0], ver.c[3]);
snprintf(version, max_len, driver_version, fw_ver);
mwifiex_dbg(adapter, MSG, "info: MWIFIEX VERSION: %s\n", version);
return 0;
}
Reported by FlawFinder.
Line: 46
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct netdev_hw_addr *ha;
netdev_for_each_mc_addr(ha, dev)
memcpy(&mlist->mac_list[i++], ha->addr, ETH_ALEN);
return i;
}
/*
Reported by FlawFinder.
Line: 163
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(bss_desc->mac_address, bss->bssid, ETH_ALEN);
bss_desc->rssi = bss->signal;
/* The caller of this function will free beacon_ie */
bss_desc->beacon_buf = beacon_ie;
bss_desc->beacon_buf_size = beacon_ie_len;
bss_desc->beacon_period = bss->beacon_interval;
Reported by FlawFinder.
Line: 200
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (priv->adapter->dt_node) {
char txpwr[] = {"marvell,00_txpwrlimit"};
memcpy(&txpwr[8], priv->adapter->country_code, 2);
mwifiex_dnld_dt_cfgdata(priv, priv->adapter->dt_node, txpwr);
}
}
static int mwifiex_process_country_ie(struct mwifiex_private *priv,
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(priv->adapter->country_code, &country_ie[2], 2);
domain_info->country_code[0] = country_ie[2];
domain_info->country_code[1] = country_ie[3];
domain_info->country_code[2] = ' ';
Reported by FlawFinder.
Line: 252
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
domain_info->no_of_triplet =
country_ie_len / sizeof(struct ieee80211_country_ie_triplet);
memcpy((u8 *)domain_info->triplet,
&country_ie[2] + IEEE80211_COUNTRY_STRING_LEN, country_ie_len);
rcu_read_unlock();
if (mwifiex_send_cmd(priv, HostCmd_CMD_802_11D_DOMAIN_INFO,
Reported by FlawFinder.
Line: 592
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->bss_mode = priv->bss_mode;
memcpy(&info->ssid, &bss_desc->ssid, sizeof(struct cfg80211_ssid));
memcpy(&info->bssid, &bss_desc->mac_address, ETH_ALEN);
info->bss_chan = bss_desc->channel;
Reported by FlawFinder.
Line: 594
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&info->ssid, &bss_desc->ssid, sizeof(struct cfg80211_ssid));
memcpy(&info->bssid, &bss_desc->mac_address, ETH_ALEN);
info->bss_chan = bss_desc->channel;
memcpy(info->country_code, adapter->country_code,
IEEE80211_COUNTRY_STRING_LEN);
Reported by FlawFinder.
Line: 598
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->bss_chan = bss_desc->channel;
memcpy(info->country_code, adapter->country_code,
IEEE80211_COUNTRY_STRING_LEN);
info->media_connected = priv->media_connected;
info->max_power_level = priv->max_tx_power_level;
Reported by FlawFinder.
Line: 796
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"failed to copy WPA IE, too big\n");
return -1;
}
memcpy(priv->wpa_ie, ie_data_ptr, ie_len);
priv->wpa_ie_len = ie_len;
mwifiex_dbg(priv->adapter, CMD,
"cmd: Set Wpa_ie_len=%d IE=%#x\n",
priv->wpa_ie_len, priv->wpa_ie[0]);
Reported by FlawFinder.
drivers/net/ethernet/broadcom/bnxt/bnxt_hsi.h
26 issues
Line: 594
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 roce_fw_min_8b;
u8 roce_fw_bld_8b;
u8 roce_fw_rsvd_8b;
char hwrm_fw_name[16];
char mgmt_fw_name[16];
char netctrl_fw_name[16];
char active_pkg_name[16];
char roce_fw_name[16];
__le16 chip_num;
Reported by FlawFinder.
Line: 595
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 roce_fw_bld_8b;
u8 roce_fw_rsvd_8b;
char hwrm_fw_name[16];
char mgmt_fw_name[16];
char netctrl_fw_name[16];
char active_pkg_name[16];
char roce_fw_name[16];
__le16 chip_num;
u8 chip_rev;
Reported by FlawFinder.
Line: 596
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 roce_fw_rsvd_8b;
char hwrm_fw_name[16];
char mgmt_fw_name[16];
char netctrl_fw_name[16];
char active_pkg_name[16];
char roce_fw_name[16];
__le16 chip_num;
u8 chip_rev;
u8 chip_metal;
Reported by FlawFinder.
Line: 597
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hwrm_fw_name[16];
char mgmt_fw_name[16];
char netctrl_fw_name[16];
char active_pkg_name[16];
char roce_fw_name[16];
__le16 chip_num;
u8 chip_rev;
u8 chip_metal;
u8 chip_bond_id;
Reported by FlawFinder.
Line: 598
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char mgmt_fw_name[16];
char netctrl_fw_name[16];
char active_pkg_name[16];
char roce_fw_name[16];
__le16 chip_num;
u8 chip_rev;
u8 chip_metal;
u8 chip_bond_id;
u8 chip_platform_type;
Reported by FlawFinder.
Line: 3700
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 option_flags;
#define PORT_PHY_QCFG_RESP_OPTION_FLAGS_MEDIA_AUTO_DETECT 0x1UL
#define PORT_PHY_QCFG_RESP_OPTION_FLAGS_SIGNAL_MODE_KNOWN 0x2UL
char phy_vendor_name[16];
char phy_vendor_partnumber[16];
__le16 support_pam4_speeds;
#define PORT_PHY_QCFG_RESP_SUPPORT_PAM4_SPEEDS_50G 0x1UL
#define PORT_PHY_QCFG_RESP_SUPPORT_PAM4_SPEEDS_100G 0x2UL
#define PORT_PHY_QCFG_RESP_SUPPORT_PAM4_SPEEDS_200G 0x4UL
Reported by FlawFinder.
Line: 3701
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PORT_PHY_QCFG_RESP_OPTION_FLAGS_MEDIA_AUTO_DETECT 0x1UL
#define PORT_PHY_QCFG_RESP_OPTION_FLAGS_SIGNAL_MODE_KNOWN 0x2UL
char phy_vendor_name[16];
char phy_vendor_partnumber[16];
__le16 support_pam4_speeds;
#define PORT_PHY_QCFG_RESP_SUPPORT_PAM4_SPEEDS_50G 0x1UL
#define PORT_PHY_QCFG_RESP_SUPPORT_PAM4_SPEEDS_100G 0x2UL
#define PORT_PHY_QCFG_RESP_SUPPORT_PAM4_SPEEDS_200G 0x4UL
__le16 force_pam4_link_speed;
Reported by FlawFinder.
Line: 4906
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define QUEUE_QPORTCFG_RESP_QUEUE_ID0_SERVICE_PROFILE_TYPE_ROCE 0x1UL
#define QUEUE_QPORTCFG_RESP_QUEUE_ID0_SERVICE_PROFILE_TYPE_NIC 0x2UL
#define QUEUE_QPORTCFG_RESP_QUEUE_ID0_SERVICE_PROFILE_TYPE_CNP 0x4UL
char qid0_name[16];
char qid1_name[16];
char qid2_name[16];
char qid3_name[16];
char qid4_name[16];
char qid5_name[16];
Reported by FlawFinder.
Line: 4907
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define QUEUE_QPORTCFG_RESP_QUEUE_ID0_SERVICE_PROFILE_TYPE_NIC 0x2UL
#define QUEUE_QPORTCFG_RESP_QUEUE_ID0_SERVICE_PROFILE_TYPE_CNP 0x4UL
char qid0_name[16];
char qid1_name[16];
char qid2_name[16];
char qid3_name[16];
char qid4_name[16];
char qid5_name[16];
char qid6_name[16];
Reported by FlawFinder.
Line: 4908
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define QUEUE_QPORTCFG_RESP_QUEUE_ID0_SERVICE_PROFILE_TYPE_CNP 0x4UL
char qid0_name[16];
char qid1_name[16];
char qid2_name[16];
char qid3_name[16];
char qid4_name[16];
char qid5_name[16];
char qid6_name[16];
char qid7_name[16];
Reported by FlawFinder.
include/uapi/linux/iso_fs.h
26 issues
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iso_volume_descriptor {
__u8 type[ISODCL(1,1)]; /* 711 */
char id[ISODCL(2,6)];
__u8 version[ISODCL(7,7)];
__u8 data[ISODCL(8,2048)];
};
/* volume descriptor types */
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iso_primary_descriptor {
__u8 type [ISODCL ( 1, 1)]; /* 711 */
char id [ISODCL ( 2, 6)];
__u8 version [ISODCL ( 7, 7)]; /* 711 */
__u8 unused1 [ISODCL ( 8, 8)];
char system_id [ISODCL ( 9, 40)]; /* achars */
char volume_id [ISODCL ( 41, 72)]; /* dchars */
__u8 unused2 [ISODCL ( 73, 80)];
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char id [ISODCL ( 2, 6)];
__u8 version [ISODCL ( 7, 7)]; /* 711 */
__u8 unused1 [ISODCL ( 8, 8)];
char system_id [ISODCL ( 9, 40)]; /* achars */
char volume_id [ISODCL ( 41, 72)]; /* dchars */
__u8 unused2 [ISODCL ( 73, 80)];
__u8 volume_space_size [ISODCL ( 81, 88)]; /* 733 */
__u8 unused3 [ISODCL ( 89, 120)];
__u8 volume_set_size [ISODCL (121, 124)]; /* 723 */
Reported by FlawFinder.
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 version [ISODCL ( 7, 7)]; /* 711 */
__u8 unused1 [ISODCL ( 8, 8)];
char system_id [ISODCL ( 9, 40)]; /* achars */
char volume_id [ISODCL ( 41, 72)]; /* dchars */
__u8 unused2 [ISODCL ( 73, 80)];
__u8 volume_space_size [ISODCL ( 81, 88)]; /* 733 */
__u8 unused3 [ISODCL ( 89, 120)];
__u8 volume_set_size [ISODCL (121, 124)]; /* 723 */
__u8 volume_sequence_number [ISODCL (125, 128)]; /* 723 */
Reported by FlawFinder.
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 type_m_path_table [ISODCL (149, 152)]; /* 732 */
__u8 opt_type_m_path_table [ISODCL (153, 156)]; /* 732 */
__u8 root_directory_record [ISODCL (157, 190)]; /* 9.1 */
char volume_set_id [ISODCL (191, 318)]; /* dchars */
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 opt_type_m_path_table [ISODCL (153, 156)]; /* 732 */
__u8 root_directory_record [ISODCL (157, 190)]; /* 9.1 */
char volume_set_id [ISODCL (191, 318)]; /* dchars */
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 root_directory_record [ISODCL (157, 190)]; /* 9.1 */
char volume_set_id [ISODCL (191, 318)]; /* dchars */
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
__u8 creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char volume_set_id [ISODCL (191, 318)]; /* dchars */
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
__u8 creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */
__u8 modification_date [ISODCL (831, 847)]; /* 8.4.26.1 */
Reported by FlawFinder.
Line: 52
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
__u8 creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */
__u8 modification_date [ISODCL (831, 847)]; /* 8.4.26.1 */
__u8 expiration_date [ISODCL (848, 864)]; /* 8.4.26.1 */
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
__u8 creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */
__u8 modification_date [ISODCL (831, 847)]; /* 8.4.26.1 */
__u8 expiration_date [ISODCL (848, 864)]; /* 8.4.26.1 */
__u8 effective_date [ISODCL (865, 881)]; /* 8.4.26.1 */
Reported by FlawFinder.
tools/perf/util/dso.c
26 issues
Line: 105
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Check predefined locations where debug file might reside */
ret = -1;
for (i = 0; i < ARRAY_SIZE(debuglink_paths); i++) {
snprintf(filename, size,
debuglink_paths[i], dso_dir, symfile);
if (is_regular_file(filename)) {
ret = 0;
break;
}
Reported by FlawFinder.
Line: 523
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
decomp = true;
strcpy(name, newpath);
}
fd = do_open(name);
if (decomp)
Reported by FlawFinder.
Line: 1261
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct dso *dso = calloc(1, sizeof(*dso) + strlen(name) + 1);
if (dso != NULL) {
strcpy(dso->name, name);
if (id)
dso->id = *id;
dso__set_long_name_id(dso, dso->name, id, false);
dso__set_short_name(dso, dso->name, false);
dso->symbols = dso->symbol_names = RB_ROOT_CACHED;
Reported by FlawFinder.
Line: 1362
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (machine__is_default_guest(machine))
return;
sprintf(path, "%s/sys/kernel/notes", machine->root_dir);
if (sysfs__read_build_id(path, &dso->bid) == 0)
dso->has_build_id = true;
}
int dso__kernel_module_get_build_id(struct dso *dso,
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum dso_binary_type type,
char *root_dir, char *filename, size_t size)
{
char build_id_hex[SBUILD_ID_SIZE];
int ret = 0;
size_t len;
switch (type) {
case DSO_BINARY_TYPE__DEBUGLINK:
Reported by FlawFinder.
Line: 81
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
case DSO_BINARY_TYPE__DEBUGLINK:
{
const char *last_slash;
char dso_dir[PATH_MAX];
char symfile[PATH_MAX];
unsigned int i;
len = __symbol__join_symfs(filename, size, dso->long_name);
last_slash = filename + len;
Reported by FlawFinder.
Line: 82
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char *last_slash;
char dso_dir[PATH_MAX];
char symfile[PATH_MAX];
unsigned int i;
len = __symbol__join_symfs(filename, size, dso->long_name);
last_slash = filename + len;
while (last_slash != filename && *last_slash != '/')
Reported by FlawFinder.
Line: 302
Column: 10
CWE codes:
362
* descriptor to the uncompressed file.
*/
if (!compressions[comp].is_compressed(name))
return open(name, O_RDONLY);
fd = mkstemp(tmpbuf);
if (fd < 0) {
*err = errno;
return -1;
Reported by FlawFinder.
Line: 304
Column: 7
CWE codes:
377
if (!compressions[comp].is_compressed(name))
return open(name, O_RDONLY);
fd = mkstemp(tmpbuf);
if (fd < 0) {
*err = errno;
return -1;
}
Reported by FlawFinder.
Line: 475
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int do_open(char *name)
{
int fd;
char sbuf[STRERR_BUFSIZE];
do {
fd = open(name, O_RDONLY|O_CLOEXEC);
if (fd >= 0)
return fd;
Reported by FlawFinder.
drivers/scsi/csiostor/csio_lnode.c
26 issues
Line: 255
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len += 4; /* includes attribute type and length */
len = (len + 3) & ~3; /* should be multiple of 4 bytes */
ae->len = htons(len);
memcpy(ae->value, val, val_len);
if (len > val_len)
memset(ae->value + val_len, 0, len - val_len);
*ptr += len;
}
Reported by FlawFinder.
Line: 330
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Prepare RPA payload */
pld = (uint8_t *)csio_ct_get_pld(cmd);
port_name = (struct fc_fdmi_port_name *)pld;
memcpy(&port_name->portname, csio_ln_wwpn(ln), 8);
pld += sizeof(*port_name);
/* Start appending Port attributes */
attrib_blk = (struct fs_fdmi_attrs *)pld;
attrib_blk->numattrs = 0;
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
&mfs, sizeof(mfs));
numattrs++;
strcpy(buf, "csiostor");
csio_append_attrib(&pld, FC_FDMI_PORT_ATTR_OSDEVICENAME, buf,
strlen(buf));
numattrs++;
if (!csio_hostname(buf, sizeof(buf))) {
Reported by FlawFinder.
Line: 442
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Prepare RHBA payload */
pld = (uint8_t *)csio_ct_get_pld(cmd);
hbaid = (struct fc_fdmi_hba_identifier *)pld;
memcpy(&hbaid->id, csio_ln_wwpn(ln), 8); /* HBA identifer */
pld += sizeof(*hbaid);
/* Register one port per hba */
reg_pl = (struct fc_fdmi_rpl *)pld;
reg_pl->numport = htonl(1);
Reported by FlawFinder.
Line: 448
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Register one port per hba */
reg_pl = (struct fc_fdmi_rpl *)pld;
reg_pl->numport = htonl(1);
memcpy(®_pl->port[0].portname, csio_ln_wwpn(ln), 8);
pld += sizeof(*reg_pl);
/* Start appending HBA attributes hba */
attrib_blk = (struct fs_fdmi_attrs *)pld;
attrib_blk->numattrs = 0;
Reported by FlawFinder.
Line: 463
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
memset(buf, 0, sizeof(buf));
strcpy(buf, "Chelsio Communications");
csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_MANUFACTURER, buf,
strlen(buf));
numattrs++;
csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_SERIALNUMBER,
hw->vpd.sn, sizeof(hw->vpd.sn));
Reported by FlawFinder.
Line: 544
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
csio_fill_ct_iu(cmd, FC_FST_MGMT, FC_FDMI_SUBTYPE, FC_FDMI_DPRT);
len = FC_CT_HDR_LEN;
port_name = (struct fc_fdmi_port_name *)csio_ct_get_pld(cmd);
memcpy(&port_name->portname, csio_ln_wwpn(ln), 8);
len += sizeof(*port_name);
/* Submit FDMI request */
spin_lock_irqsave(&hw->lock, flags);
if (csio_ln_mgmt_submit_req(fdmi_req, csio_ln_fdmi_dprt_cbfn,
Reported by FlawFinder.
Line: 594
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = FC_CT_HDR_LEN;
hbaid = (struct fc_fdmi_hba_identifier *)csio_ct_get_pld(cmd);
memcpy(&hbaid->id, csio_ln_wwpn(ln), 8);
len += sizeof(*hbaid);
/* Submit FDMI request */
if (csio_ln_mgmt_submit_req(fdmi_req, csio_ln_fdmi_dhba_cbfn,
FCOE_CT, &fdmi_req->dma_buf, len)) {
Reported by FlawFinder.
Line: 634
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_irq(&hw->lock);
memcpy(ln->mac, rsp->vnport_mac, sizeof(ln->mac));
memcpy(&nport_id, &rsp->vnport_mac[3], sizeof(uint8_t)*3);
ln->nport_id = ntohl(nport_id);
ln->nport_id = ln->nport_id >> 8;
/* Update WWNs */
/*
Reported by FlawFinder.
Line: 644
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* does, but is absolutely necessary if the vnpi changes between
* a FCOE LINK UP and FCOE LINK DOWN.
*/
memcpy(csio_ln_wwnn(ln), rsp->vnport_wwnn, 8);
memcpy(csio_ln_wwpn(ln), rsp->vnport_wwpn, 8);
/* Copy common sparam */
csp = (struct fc_els_csp *)rsp->cmn_srv_parms;
ln->ln_sparm.csp.sp_hi_ver = csp->sp_hi_ver;
Reported by FlawFinder.
drivers/media/usb/dvb-usb/dw2102.c
26 issues
Line: 104
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (flags == DW210X_WRITE_MSG)
memcpy(u8buf, data, len);
ret = usb_control_msg(dev, pipe, request, request_type | USB_TYPE_VENDOR,
value, index , u8buf, len, 2000);
if (flags == DW210X_READ_MSG)
memcpy(data, u8buf, len);
Reported by FlawFinder.
Line: 109
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
value, index , u8buf, len, 2000);
if (flags == DW210X_READ_MSG)
memcpy(data, u8buf, len);
kfree(u8buf);
return ret;
}
Reported by FlawFinder.
Line: 225
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* read si2109 register */
dw210x_op_rw(d->udev, 0xc3, 0xd0, 0,
buf6, msg[1].len + 2, DW210X_READ_MSG);
memcpy(msg[1].buf, buf6 + 2, msg[1].len);
break;
case 1:
switch (msg[0].addr) {
case 0x68:
Reported by FlawFinder.
Line: 241
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* write to si2109 register */
buf6[0] = msg[0].addr << 1;
buf6[1] = msg[0].len;
memcpy(buf6 + 2, msg[0].buf, msg[0].len);
dw210x_op_rw(d->udev, 0xc2, 0, 0, buf6,
msg[0].len + 2, DW210X_WRITE_MSG);
break;
case(DW2102_RC_QUERY):
dw210x_op_rw(d->udev, 0xb8, 0, 0,
Reported by FlawFinder.
Line: 303
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* second read registers */
dw210x_op_rw(d->udev, 0xc3, 0xd1 , 0,
ibuf, msg[1].len + 2, DW210X_READ_MSG);
memcpy(msg[1].buf, ibuf + 2, msg[1].len);
break;
}
case 1:
switch (msg[0].addr) {
Reported by FlawFinder.
Line: 322
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
obuf[0] = msg[0].addr << 1;
obuf[1] = msg[0].len;
memcpy(obuf + 2, msg[0].buf, msg[0].len);
dw210x_op_rw(d->udev, 0xc2, 0, 0,
obuf, msg[0].len + 2, DW210X_WRITE_MSG);
break;
}
case 0x61: {
Reported by FlawFinder.
Line: 340
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
obuf[0] = msg[0].addr << 1;
obuf[1] = msg[0].len;
memcpy(obuf + 2, msg[0].buf, msg[0].len);
dw210x_op_rw(d->udev, 0xc2, 0, 0,
obuf, msg[0].len + 2, DW210X_WRITE_MSG);
break;
}
case(DW2102_RC_QUERY): {
Reported by FlawFinder.
Line: 349
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 ibuf[2];
dw210x_op_rw(d->udev, 0xb8, 0, 0,
ibuf, 2, DW210X_READ_MSG);
memcpy(msg[0].buf, ibuf , 2);
break;
}
case(DW2102_VOLTAGE_CTRL): {
u8 obuf[2];
obuf[0] = 0x30;
Reported by FlawFinder.
Line: 387
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 ibuf[2];
dw210x_op_rw(d->udev, 0xb8, 0, 0,
ibuf, 2, DW210X_READ_MSG);
memcpy(msg[j].buf, ibuf , 2);
break;
}
case(DW2102_VOLTAGE_CTRL): {
u8 obuf[2];
obuf[0] = 0x30;
Reported by FlawFinder.
Line: 418
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(msg[j].addr << 1) + 1, 0,
ibuf, msg[j].len + 2,
DW210X_READ_MSG);
memcpy(msg[j].buf, ibuf + 2, msg[j].len);
mdelay(10);
} else if (((msg[j].buf[0] == 0xb0) &&
(msg[j].addr == 0x68)) ||
((msg[j].buf[0] == 0xf7) &&
(msg[j].addr == 0x55))) {
Reported by FlawFinder.
drivers/scsi/bfa/bfa_defs.h
26 issues
Line: 266
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct bfa_adapter_attr_s {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfa_adapter_attr_s {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 270
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
Reported by FlawFinder.
Line: 273
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
Reported by FlawFinder.
Line: 274
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
Reported by FlawFinder.
Line: 275
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
u8 nports;
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
u8 nports;
u8 max_speed;
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Driver and firmware versions.
*/
struct bfa_ioc_driver_attr_s {
char driver[BFA_IOC_DRIVER_LEN]; /* driver name */
char driver_ver[BFA_VERSION_LEN]; /* driver version */
char fw_ver[BFA_VERSION_LEN]; /* firmware version */
char bios_ver[BFA_VERSION_LEN]; /* bios version */
char efi_ver[BFA_VERSION_LEN]; /* EFI version */
char ob_ver[BFA_VERSION_LEN]; /* openboot version */
Reported by FlawFinder.