The following issues were found
drivers/scsi/bfa/bfa_fcs.c
5 issues
Line: 630
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum bfa_fcs_fabric_event event)
{
struct bfad_s *bfad = (struct bfad_s *)fabric->fcs->bfad;
char pwwn_ptr[BFA_STRING_32];
bfa_trc(fabric->fcs, fabric->bport.port_cfg.pwwn);
bfa_trc(fabric->fcs, event);
wwn2str(pwwn_ptr, fabric->bport.port_cfg.pwwn);
Reported by FlawFinder.
Line: 758
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bfa_fcs_fabric_psymb_init(struct bfa_fcs_fabric_s *fabric)
{
struct bfa_lport_cfg_s *port_cfg = &fabric->bport.port_cfg;
char model[BFA_ADAPTER_MODEL_NAME_LEN] = {0};
struct bfa_fcs_driver_info_s *driver_info = &fabric->fcs->driver_info;
bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model);
/* Model name/number */
Reported by FlawFinder.
Line: 819
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bfa_fcs_fabric_nsymb_init(struct bfa_fcs_fabric_s *fabric)
{
struct bfa_lport_cfg_s *port_cfg = &fabric->bport.port_cfg;
char model[BFA_ADAPTER_MODEL_NAME_LEN] = {0};
struct bfa_fcs_driver_info_s *driver_info = &fabric->fcs->driver_info;
bfa_ioc_get_adapter_model(&fabric->fcs->bfa->ioc, model);
/* Model name/number */
Reported by FlawFinder.
Line: 1397
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wwn_t fabric_name)
{
struct bfad_s *bfad = (struct bfad_s *)fabric->fcs->bfad;
char pwwn_ptr[BFA_STRING_32];
char fwwn_ptr[BFA_STRING_32];
bfa_trc(fabric->fcs, fabric_name);
if (fabric->fabric_name == 0) {
Reported by FlawFinder.
Line: 1398
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct bfad_s *bfad = (struct bfad_s *)fabric->fcs->bfad;
char pwwn_ptr[BFA_STRING_32];
char fwwn_ptr[BFA_STRING_32];
bfa_trc(fabric->fcs, fabric_name);
if (fabric->fabric_name == 0) {
/*
Reported by FlawFinder.
drivers/s390/char/tape_3590.c
5 issues
Line: 46
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* - Read Alternate: implemented
*******************************************************************/
static const char *tape_3590_msg[TAPE_3590_MAX_MSG] = {
[0x00] = "",
[0x10] = "Lost Sense",
[0x11] = "Assigned Elsewhere",
[0x12] = "Allegiance Reset",
[0x13] = "Shared Access Violation",
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (in->type_on_tape == TAPE390_KEKL_TYPE_HASH)
out->flags |= 0x80;
len = min(sizeof(out->label), strlen(in->label));
memcpy(out->label, in->label, len);
memset(out->label + len, ' ', sizeof(out->label) - len);
ASCEBC(out->label, sizeof(out->label));
}
static void int_to_ext_kekl(struct tape3592_kekl *in,
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out->type_on_tape = TAPE390_KEKL_TYPE_HASH;
else
out->type_on_tape = TAPE390_KEKL_TYPE_LABEL;
memcpy(out->label, in->label, sizeof(in->label));
EBCASC(out->label, sizeof(in->label));
strim(out->label);
}
static void int_to_ext_kekl_pair(struct tape3592_kekl_pair *in,
Reported by FlawFinder.
Line: 1509
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
request->cpdata);
rc = tape_do_io(device, request);
if (rc == 0)
memcpy(rdc_data, request->cpdata, sizeof(*rdc_data));
tape_free_request(request);
return rc;
}
/*
Reported by FlawFinder.
Line: 123
Column: 32
CWE codes:
126
out->flags |= 0x40;
if (in->type_on_tape == TAPE390_KEKL_TYPE_HASH)
out->flags |= 0x80;
len = min(sizeof(out->label), strlen(in->label));
memcpy(out->label, in->label, len);
memset(out->label + len, ' ', sizeof(out->label) - len);
ASCEBC(out->label, sizeof(out->label));
}
Reported by FlawFinder.
drivers/nvme/host/nvme.h
5 issues
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct opal_dev *opal_dev;
char name[12];
u16 cntlid;
u32 ctrl_config;
u16 mtfa;
u32 queue_count;
Reported by FlawFinder.
Line: 374
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mutex lock;
struct list_head ctrls;
struct list_head nsheads;
char subnqn[NVMF_NQN_SIZE];
char serial[20];
char model[40];
char firmware_rev[8];
u8 cmic;
u16 vendor_id;
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head ctrls;
struct list_head nsheads;
char subnqn[NVMF_NQN_SIZE];
char serial[20];
char model[40];
char firmware_rev[8];
u8 cmic;
u16 vendor_id;
u16 awupf; /* 0's based awupf value. */
Reported by FlawFinder.
Line: 376
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head nsheads;
char subnqn[NVMF_NQN_SIZE];
char serial[20];
char model[40];
char firmware_rev[8];
u8 cmic;
u16 vendor_id;
u16 awupf; /* 0's based awupf value. */
struct ida ns_ida;
Reported by FlawFinder.
Line: 377
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char subnqn[NVMF_NQN_SIZE];
char serial[20];
char model[40];
char firmware_rev[8];
u8 cmic;
u16 vendor_id;
u16 awupf; /* 0's based awupf value. */
struct ida ns_ida;
#ifdef CONFIG_NVME_MULTIPATH
Reported by FlawFinder.
drivers/nvdimm/btt.c
5 issues
Line: 220
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void arena_debugfs_init(struct arena_info *a, struct dentry *parent,
int idx)
{
char dirname[32];
struct dentry *d;
/* If for some reason, parent bttN was not created, exit */
if (!parent)
return;
Reported by FlawFinder.
Line: 352
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret_ent = (old_flag ? old_ent : (1 - old_ent));
if (ent != NULL)
memcpy(ent, &log.ent[arena->log_index[ret_ent]], LOG_ENT_SIZE);
return ret_ent;
}
/*
Reported by FlawFinder.
Line: 991
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
strncpy(super->signature, BTT_SIG, BTT_SIG_LEN);
memcpy(super->uuid, nd_btt->uuid, 16);
memcpy(super->parent_uuid, parent_uuid, 16);
super->flags = cpu_to_le32(arena->flags);
super->version_major = cpu_to_le16(arena->version_major);
super->version_minor = cpu_to_le16(arena->version_minor);
super->external_lbasize = cpu_to_le32(arena->external_lbasize);
Reported by FlawFinder.
Line: 992
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
strncpy(super->signature, BTT_SIG, BTT_SIG_LEN);
memcpy(super->uuid, nd_btt->uuid, 16);
memcpy(super->parent_uuid, parent_uuid, 16);
super->flags = cpu_to_le32(arena->flags);
super->version_major = cpu_to_le16(arena->version_major);
super->version_minor = cpu_to_le16(arena->version_minor);
super->external_lbasize = cpu_to_le32(arena->external_lbasize);
super->external_nlba = cpu_to_le32(arena->external_nlba);
Reported by FlawFinder.
Line: 990
Column: 2
CWE codes:
120
if (!super)
return -ENOMEM;
strncpy(super->signature, BTT_SIG, BTT_SIG_LEN);
memcpy(super->uuid, nd_btt->uuid, 16);
memcpy(super->parent_uuid, parent_uuid, 16);
super->flags = cpu_to_le32(arena->flags);
super->version_major = cpu_to_le16(arena->version_major);
super->version_minor = cpu_to_le16(arena->version_minor);
Reported by FlawFinder.
drivers/nvdimm/btt_devs.c
5 issues
Line: 100
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ssize_t rc;
nvdimm_bus_lock(dev);
rc = sprintf(buf, "%s\n", nd_btt->ndns
? dev_name(&nd_btt->ndns->dev) : "");
nvdimm_bus_unlock(dev);
return rc;
}
Reported by FlawFinder.
Line: 73
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct nd_btt *nd_btt = to_nd_btt(dev);
if (nd_btt->uuid)
return sprintf(buf, "%pUb\n", nd_btt->uuid);
return sprintf(buf, "\n");
}
static ssize_t uuid_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t len)
Reported by FlawFinder.
Line: 132
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
nd_device_lock(dev);
if (dev->driver)
rc = sprintf(buf, "%llu\n", nd_btt->size);
else {
/* no size to convey if the btt instance is disabled */
rc = -ENXIO;
}
nd_device_unlock(dev);
Reported by FlawFinder.
Line: 146
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t log_zero_flags_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "Y\n");
}
static DEVICE_ATTR_RO(log_zero_flags);
static struct attribute *nd_btt_attributes[] = {
&dev_attr_sector_size.attr,
Reported by FlawFinder.
Line: 74
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (nd_btt->uuid)
return sprintf(buf, "%pUb\n", nd_btt->uuid);
return sprintf(buf, "\n");
}
static ssize_t uuid_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t len)
{
Reported by FlawFinder.
drivers/s390/block/dasd_genhd.c
5 issues
Line: 57
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* dasdaaa - dasdzzz : 17576 devices, added up = 18278
* dasdaaaa - dasdzzzz : 456976 devices, added up = 475252
*/
len = sprintf(gdp->disk_name, "dasd");
if (base->devindex > 25) {
if (base->devindex > 701) {
if (base->devindex > 18277)
len += sprintf(gdp->disk_name + len, "%c",
'a'+(((base->devindex-18278)
Reported by FlawFinder.
Line: 61
Column: 19
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (base->devindex > 25) {
if (base->devindex > 701) {
if (base->devindex > 18277)
len += sprintf(gdp->disk_name + len, "%c",
'a'+(((base->devindex-18278)
/17576)%26));
len += sprintf(gdp->disk_name + len, "%c",
'a'+(((base->devindex-702)/676)%26));
}
Reported by FlawFinder.
Line: 64
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len += sprintf(gdp->disk_name + len, "%c",
'a'+(((base->devindex-18278)
/17576)%26));
len += sprintf(gdp->disk_name + len, "%c",
'a'+(((base->devindex-702)/676)%26));
}
len += sprintf(gdp->disk_name + len, "%c",
'a'+(((base->devindex-26)/26)%26));
}
Reported by FlawFinder.
Line: 67
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len += sprintf(gdp->disk_name + len, "%c",
'a'+(((base->devindex-702)/676)%26));
}
len += sprintf(gdp->disk_name + len, "%c",
'a'+(((base->devindex-26)/26)%26));
}
len += sprintf(gdp->disk_name + len, "%c", 'a'+(base->devindex%26));
if (base->features & DASD_FEATURE_READONLY ||
Reported by FlawFinder.
Line: 70
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len += sprintf(gdp->disk_name + len, "%c",
'a'+(((base->devindex-26)/26)%26));
}
len += sprintf(gdp->disk_name + len, "%c", 'a'+(base->devindex%26));
if (base->features & DASD_FEATURE_READONLY ||
test_bit(DASD_FLAG_DEVICE_RO, &base->flags))
set_disk_ro(gdp, 1);
dasd_add_link_to_gendisk(gdp, base);
Reported by FlawFinder.
drivers/rtc/rtc-88pm860x.c
5 issues
Line: 81
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pm860x_rtc_read_time(struct device *dev, struct rtc_time *tm)
{
struct pm860x_rtc_info *info = dev_get_drvdata(dev);
unsigned char buf[8];
unsigned long ticks, base, data;
pm860x_page_bulk_read(info->i2c, REG0_ADDR, 8, buf);
dev_dbg(info->dev, "%x-%x-%x-%x-%x-%x-%x-%x\n", buf[0], buf[1],
buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]);
Reported by FlawFinder.
Line: 106
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pm860x_rtc_set_time(struct device *dev, struct rtc_time *tm)
{
struct pm860x_rtc_info *info = dev_get_drvdata(dev);
unsigned char buf[4];
unsigned long ticks, base, data;
ticks = rtc_tm_to_time64(tm);
/* load 32-bit read-only counter */
Reported by FlawFinder.
Line: 130
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pm860x_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alrm)
{
struct pm860x_rtc_info *info = dev_get_drvdata(dev);
unsigned char buf[8];
unsigned long ticks, base, data;
int ret;
pm860x_page_bulk_read(info->i2c, REG0_ADDR, 8, buf);
dev_dbg(info->dev, "%x-%x-%x-%x-%x-%x-%x-%x\n", buf[0], buf[1],
Reported by FlawFinder.
Line: 158
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct pm860x_rtc_info *info = dev_get_drvdata(dev);
unsigned long ticks, base, data;
unsigned char buf[8];
int mask;
pm860x_set_bits(info->i2c, PM8607_RTC1, ALARM_EN, 0);
pm860x_page_bulk_read(info->i2c, REG0_ADDR, 8, buf);
Reported by FlawFinder.
Line: 201
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct pm860x_rtc_info *info = container_of(work,
struct pm860x_rtc_info, calib_work.work);
unsigned char buf[2];
unsigned int sum, data, mean, vrtc_set;
int i;
for (i = 0, sum = 0; i < 16; i++) {
msleep(100);
Reported by FlawFinder.
drivers/scsi/elx/efct/efct_lio.c
5 issues
Line: 785
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct efct *efct;
int ret = -1;
u64 p_wwpn, npiv_wwpn, npiv_wwnn;
char *p, *pbuf, tmp[128];
struct efct_lio_vport_list_t *vport_list;
struct fc_vport *new_fc_vport;
struct fc_vport_identifiers vport_id;
unsigned long flags = 0;
Reported by FlawFinder.
Line: 1176
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
container_of(work, struct efct_lio_wq_data, work);
struct efct *efct = wq_data->efct;
struct efc_node *node = wq_data->ptr;
char wwpn[WWN_NAME_LEN];
struct efct_lio_tpg *tpg;
struct efct_node *tgt_node;
struct se_portal_group *se_tpg;
struct se_session *se_sess;
int watermark;
Reported by FlawFinder.
Line: 1491
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct efct_lio_tpg *tpg = container_of(se_tpg, \
struct efct_lio_tpg, tpg); \
\
return sprintf(page, "%u\n", tpg->tpg_attrib.name); \
} \
\
static ssize_t efct_lio_tpg_attrib_##name##_store( \
struct config_item *item, const char *page, size_t count) \
{ \
Reported by FlawFinder.
Line: 1547
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct efct_lio_tpg *tpg = container_of(se_tpg, \
struct efct_lio_tpg, tpg); \
\
return sprintf(page, "%u\n", tpg->tpg_attrib.name); \
} \
\
static ssize_t efct_lio_npiv_tpg_attrib_##name##_store( \
struct config_item *item, const char *page, size_t count) \
{ \
Reported by FlawFinder.
Line: 805
Column: 38
CWE codes:
126
if (ret)
return ERR_PTR(ret);
ret = efct_lio_parse_npiv_wwn(pbuf, strlen(pbuf), &npiv_wwpn,
&npiv_wwnn);
if (ret)
return ERR_PTR(ret);
efct = efct_find_wwpn(p_wwpn);
Reported by FlawFinder.
drivers/nfc/st-nci/se.c
5 issues
Line: 144
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
if (skb->len <= ST_NCI_ESE_MAX_LENGTH) {
memcpy(info->se_info.atr, skb->data, skb->len);
info->se_info.wt_timeout =
ST_NCI_BWI_TO_TIMEOUT(st_nci_se_get_bwi(ndev));
}
kfree_skb(skb);
Reported by FlawFinder.
Line: 338
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
transaction->aid_len = skb->data[1];
memcpy(transaction->aid, &skb->data[2], transaction->aid_len);
/* Check next byte is PARAMETERS tag (82) */
if (skb->data[transaction->aid_len + 2] !=
NFC_EVT_TRANSACTION_PARAMS_TAG)
return -EPROTO;
Reported by FlawFinder.
Line: 346
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EPROTO;
transaction->params_len = skb->data[transaction->aid_len + 3];
memcpy(transaction->params, skb->data +
transaction->aid_len + 4, transaction->params_len);
r = nfc_se_transaction(ndev->nfc_dev, host, transaction);
break;
default:
Reported by FlawFinder.
Line: 540
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dest_params->length = sizeof(struct dest_spec_params);
spec_params.id = ndev->hci_dev->nfcee_id;
spec_params.protocol = NCI_NFCEE_INTERFACE_HCI_ACCESS;
memcpy(dest_params->value, &spec_params,
sizeof(struct dest_spec_params));
r = nci_core_conn_create(ndev, NCI_DESTINATION_NFCEE, 1,
sizeof(struct core_conn_create_dest_spec_params) +
sizeof(struct dest_spec_params),
dest_params);
Reported by FlawFinder.
Line: 554
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto free_dest_params;
ndev->hci_dev->init_data.gate_count = ARRAY_SIZE(st_nci_gates);
memcpy(ndev->hci_dev->init_data.gates, st_nci_gates,
sizeof(st_nci_gates));
/*
* Session id must include the driver name + i2c bus addr
* persistent info to discriminate 2 identical chips
Reported by FlawFinder.
drivers/net/wireless/intersil/prism54/oid_mgt.c
5 issues
Line: 455
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cache) {
if (!ret && data)
memcpy(cache, _data, dlen);
up_write(&priv->mib_sem);
}
/* re-set given data to what it was */
if (data)
Reported by FlawFinder.
Line: 558
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
memset(res->ptr, 0, reslen);
else {
memcpy(res->ptr, _res, reslen);
mgt_le_to_cpu(isl_oid[n].flags & OID_FLAG_TYPE,
res->ptr);
}
}
if (cache)
Reported by FlawFinder.
Line: 620
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUG_ON(n >= OID_NUM_LAST);
BUG_ON(priv->mib[n] == NULL);
memcpy(priv->mib[n], data, isl_oid[n].size);
mgt_cpu_to_le(isl_oid[n].flags & OID_FLAG_TYPE, priv->mib[n]);
}
void
mgt_get(islpci_private *priv, enum oid_num_t n, void *res)
Reported by FlawFinder.
Line: 631
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUG_ON(priv->mib[n] == NULL);
BUG_ON(res == NULL);
memcpy(res, priv->mib[n], isl_oid[n].size);
mgt_le_to_cpu(isl_oid[n].flags & OID_FLAG_TYPE, res);
}
/* Commits the cache. Lock outside. */
Reported by FlawFinder.
Line: 672
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
isl_oid[GEN_OID_MACADDRESS].size, &res);
if ((ret == 0) && res && (res->header->operation != PIMFOR_OP_ERROR))
memcpy(priv->ndev->dev_addr, res->data, ETH_ALEN);
else
ret = -EIO;
if (res)
islpci_mgt_release(res);
Reported by FlawFinder.