The following issues were found
drivers/crypto/axis/artpec6_crypto.c
25 issues
Line: 164
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __packed;
struct pdma_short_descr {
unsigned char data[7];
} __packed;
struct pdma_descr {
struct pdma_descr_ctrl ctrl;
union {
Reported by FlawFinder.
Line: 291
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct artpec6_hash_request_context {
char partial_buffer[SHA256_BLOCK_SIZE];
char partial_buffer_out[SHA256_BLOCK_SIZE];
char key_buffer[SHA256_BLOCK_SIZE];
char pad_buffer[SHA256_BLOCK_SIZE + 32];
unsigned char digeststate[SHA256_DIGEST_SIZE];
size_t partial_bytes;
Reported by FlawFinder.
Line: 292
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct artpec6_hash_request_context {
char partial_buffer[SHA256_BLOCK_SIZE];
char partial_buffer_out[SHA256_BLOCK_SIZE];
char key_buffer[SHA256_BLOCK_SIZE];
char pad_buffer[SHA256_BLOCK_SIZE + 32];
unsigned char digeststate[SHA256_DIGEST_SIZE];
size_t partial_bytes;
u64 digcnt;
Reported by FlawFinder.
Line: 293
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct artpec6_hash_request_context {
char partial_buffer[SHA256_BLOCK_SIZE];
char partial_buffer_out[SHA256_BLOCK_SIZE];
char key_buffer[SHA256_BLOCK_SIZE];
char pad_buffer[SHA256_BLOCK_SIZE + 32];
unsigned char digeststate[SHA256_DIGEST_SIZE];
size_t partial_bytes;
u64 digcnt;
u32 key_md;
Reported by FlawFinder.
Line: 294
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char partial_buffer[SHA256_BLOCK_SIZE];
char partial_buffer_out[SHA256_BLOCK_SIZE];
char key_buffer[SHA256_BLOCK_SIZE];
char pad_buffer[SHA256_BLOCK_SIZE + 32];
unsigned char digeststate[SHA256_DIGEST_SIZE];
size_t partial_bytes;
u64 digcnt;
u32 key_md;
u32 hash_md;
Reported by FlawFinder.
Line: 295
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char partial_buffer_out[SHA256_BLOCK_SIZE];
char key_buffer[SHA256_BLOCK_SIZE];
char pad_buffer[SHA256_BLOCK_SIZE + 32];
unsigned char digeststate[SHA256_DIGEST_SIZE];
size_t partial_bytes;
u64 digcnt;
u32 key_md;
u32 hash_md;
enum artpec6_crypto_hash_flags hash_flags;
Reported by FlawFinder.
Line: 305
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct artpec6_hash_export_state {
char partial_buffer[SHA256_BLOCK_SIZE];
unsigned char digeststate[SHA256_DIGEST_SIZE];
size_t partial_bytes;
u64 digcnt;
int oper;
unsigned int hash_flags;
Reported by FlawFinder.
Line: 306
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct artpec6_hash_export_state {
char partial_buffer[SHA256_BLOCK_SIZE];
unsigned char digeststate[SHA256_DIGEST_SIZE];
size_t partial_bytes;
u64 digcnt;
int oper;
unsigned int hash_flags;
};
Reported by FlawFinder.
Line: 314
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct artpec6_hashalg_context {
char hmac_key[SHA256_BLOCK_SIZE];
size_t hmac_key_length;
struct crypto_shash *child_hash;
};
struct artpec6_crypto_request_context {
Reported by FlawFinder.
Line: 326
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct artpec6_cryptotfm_context {
unsigned char aes_key[2*AES_MAX_KEY_SIZE];
size_t key_length;
u32 key_md;
int crypto_type;
struct crypto_sync_skcipher *fallback;
};
Reported by FlawFinder.
drivers/scsi/qla2xxx/qla_os.c
25 issues
Line: 666
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
break;
default:
sprintf(un_str, "(%x)", ha->fw_attributes);
strcat(str, un_str);
break;
}
if (ha->fw_attributes & 0x100)
strcat(str, "X");
Reported by FlawFinder.
Line: 4866
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
INIT_DELAYED_WORK(&vha->scan.scan_work, qla_scan_work_fn);
sprintf(vha->host_str, "%s_%lu", QLA2XXX_DRIVER_NAME, vha->host_no);
ql_dbg(ql_dbg_init, vha, 0x0041,
"Allocated the host=%p hw=%p vha=%p dev_name=%s",
vha->host, vha->hw, vha,
dev_name(&(ha->pdev->dev)));
Reported by FlawFinder.
Line: 7979
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
/* Derive version string. */
strcpy(qla2x00_version_str, QLA2XXX_VERSION);
if (ql2xextended_error_logging)
strcat(qla2x00_version_str, "-debug");
if (ql2xextended_error_logging == 1)
ql2xextended_error_logging = QL_DBG_DEFAULT1_MASK;
Reported by FlawFinder.
Line: 28
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* Driver version
*/
char qla2x00_version_str[40];
static int apidev_major;
/*
* SRB allocation cache
Reported by FlawFinder.
Line: 640
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *
qla2x00_fw_version_str(struct scsi_qla_host *vha, char *str, size_t size)
{
char un_str[10];
struct qla_hw_data *ha = vha->hw;
snprintf(str, size, "%d.%02d.%02d ", ha->fw_major_version,
ha->fw_minor_version, ha->fw_subminor_version);
Reported by FlawFinder.
Line: 647
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
ha->fw_minor_version, ha->fw_subminor_version);
if (ha->fw_attributes & BIT_9) {
strcat(str, "FLX");
return (str);
}
switch (ha->fw_attributes & 0xFF) {
case 0x7:
Reported by FlawFinder.
Line: 653
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
switch (ha->fw_attributes & 0xFF) {
case 0x7:
strcat(str, "EF");
break;
case 0x17:
strcat(str, "TP");
break;
case 0x37:
Reported by FlawFinder.
Line: 656
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(str, "EF");
break;
case 0x17:
strcat(str, "TP");
break;
case 0x37:
strcat(str, "IP");
break;
case 0x77:
Reported by FlawFinder.
Line: 659
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(str, "TP");
break;
case 0x37:
strcat(str, "IP");
break;
case 0x77:
strcat(str, "VI");
break;
default:
Reported by FlawFinder.
Line: 662
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(str, "IP");
break;
case 0x77:
strcat(str, "VI");
break;
default:
sprintf(un_str, "(%x)", ha->fw_attributes);
strcat(str, un_str);
break;
Reported by FlawFinder.
drivers/atm/iphase.c
25 issues
Line: 987
Column: 17
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u_char* pBuf = prntBuf;
count = 0;
while(count < length){
pBuf += sprintf( pBuf, "%s", prefix );
for(col = 0;count + col < length && col < 16; col++){
if (col != 0 && (col % 4) == 0)
pBuf += sprintf( pBuf, " " );
pBuf += sprintf( pBuf, "%02X ", cp[count + col] );
}
Reported by FlawFinder.
Line: 536
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TstSchedTbl = (u16*)(SchedTbl+testSlot); //set index and read in value
IF_CBR(printk("CBR Testslot 0x%x AT Location 0x%p, NumToAssign=%d\n",
testSlot, TstSchedTbl,toBeAssigned);)
memcpy((caddr_t)&cbrVC,(caddr_t)TstSchedTbl,sizeof(cbrVC));
while (cbrVC) // If another VC at this location, we have to keep looking
{
inc++;
testSlot = idealSlot - inc;
if (testSlot < 0) { // Wrap if necessary
Reported by FlawFinder.
Line: 547
Column: 11
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SchedTbl,testSlot);)
}
TstSchedTbl = (u16 *)(SchedTbl + testSlot); // set table index
memcpy((caddr_t)&cbrVC,(caddr_t)TstSchedTbl,sizeof(cbrVC));
if (!cbrVC)
break;
testSlot = idealSlot + inc;
if (testSlot >= (int)dev->CbrTotEntries) { // Wrap if necessary
testSlot -= dev->CbrTotEntries;
Reported by FlawFinder.
Line: 561
Column: 11
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TstSchedTbl = (u16*)(SchedTbl + testSlot);
IF_CBR(printk("Reading CBR Tbl from 0x%p, CbrVal=0x%x Iteration %d\n",
TstSchedTbl,cbrVC,inc);)
memcpy((caddr_t)&cbrVC,(caddr_t)TstSchedTbl,sizeof(cbrVC));
} /* while */
// Move this VCI number into this location of the CBR Sched table.
memcpy((caddr_t)TstSchedTbl, (caddr_t)&vcIndex, sizeof(*TstSchedTbl));
dev->CbrRemEntries--;
toBeAssigned--;
Reported by FlawFinder.
Line: 564
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy((caddr_t)&cbrVC,(caddr_t)TstSchedTbl,sizeof(cbrVC));
} /* while */
// Move this VCI number into this location of the CBR Sched table.
memcpy((caddr_t)TstSchedTbl, (caddr_t)&vcIndex, sizeof(*TstSchedTbl));
dev->CbrRemEntries--;
toBeAssigned--;
} /* while */
/* IaFFrednCbrEnable */
Reported by FlawFinder.
Line: 991
Column: 21
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for(col = 0;count + col < length && col < 16; col++){
if (col != 0 && (col % 4) == 0)
pBuf += sprintf( pBuf, " " );
pBuf += sprintf( pBuf, "%02X ", cp[count + col] );
}
while(col++ < 16){ /* pad end of buffer with blanks */
if ((col % 4) == 0)
sprintf( pBuf, " " );
pBuf += sprintf( pBuf, " " );
Reported by FlawFinder.
Line: 996
Column: 21
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
while(col++ < 16){ /* pad end of buffer with blanks */
if ((col % 4) == 0)
sprintf( pBuf, " " );
pBuf += sprintf( pBuf, " " );
}
pBuf += sprintf( pBuf, " " );
for(col = 0;count + col < length && col < 16; col++){
u_char c = cp[count + col];
Reported by FlawFinder.
Line: 998
Column: 17
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf( pBuf, " " );
pBuf += sprintf( pBuf, " " );
}
pBuf += sprintf( pBuf, " " );
for(col = 0;count + col < length && col < 16; col++){
u_char c = cp[count + col];
if (isascii(c) && isprint(c))
pBuf += sprintf(pBuf, "%c", c);
Reported by FlawFinder.
Line: 1003
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u_char c = cp[count + col];
if (isascii(c) && isprint(c))
pBuf += sprintf(pBuf, "%c", c);
else
pBuf += sprintf(pBuf, ".");
}
printk("%s\n", prntBuf);
count += col;
Reported by FlawFinder.
Line: 3107
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
IADEV *iadev = INPH_IA_DEV(dev);
if(!left--) {
if (iadev->phy_type == FE_25MBIT_PHY) {
n = sprintf(page, " Board Type : Iphase5525-1KVC-128K\n");
return n;
}
if (iadev->phy_type == FE_DS3_PHY)
n = sprintf(page, " Board Type : Iphase-ATM-DS3");
else if (iadev->phy_type == FE_E3_PHY)
Reported by FlawFinder.
drivers/crypto/bcm/cipher.c
25 issues
Line: 816
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flow_log("chunk_start: %u chunk_size: %u\n", chunk_start, chunksize);
/* Prepend SPU header with type 3 BCM header */
memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
hash_parms.prebuf_len = local_nbuf;
spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
BCM_HDR_LEN,
&req_opts, &cipher_parms,
Reported by FlawFinder.
Line: 952
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct iproc_ctx_s *ctx = rctx->ctx;
int err;
memcpy(req->result, rctx->msg_buf.digest, ctx->digestsize);
if (spu->spu_type == SPU_TYPE_SPUM) {
/* byte swap the output from the UPDT function to network byte
* order
*/
Reported by FlawFinder.
Line: 1006
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Save hash to use as input to next op if incremental. Might be copying
* too much, but that's easier than figuring out actual digest size here
*/
memcpy(rctx->incr_hash, rctx->msg_buf.digest, MAX_DIGEST_SIZE);
flow_log("%s() blocksize:%u digestsize:%u\n",
__func__, blocksize, ctx->digestsize);
atomic64_add(ctx->digestsize, &iproc_priv.bytes_in);
Reported by FlawFinder.
Line: 1431
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flow_log("%s()-sent chunksize:%u\n", __func__, chunksize);
/* Prepend SPU header with type 3 BCM header */
memcpy(rctx->msg_buf.bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
spu_hdr_len = spu->spu_create_request(rctx->msg_buf.bcm_spu_req_hdr +
BCM_HDR_LEN, &req_opts,
&cipher_parms, &hash_parms,
&aead_parms, chunksize);
Reported by FlawFinder.
Line: 1749
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->cipher.mode == CIPHER_MODE_CCM) {
rctx->iv_ctr_len =
crypto_skcipher_ivsize(crypto_skcipher_reqtfm(req));
memcpy(rctx->msg_buf.iv_ctr, req->iv, rctx->iv_ctr_len);
} else {
rctx->iv_ctr_len = 0;
}
/* Choose a SPU to process this request */
Reported by FlawFinder.
Line: 1848
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
return err;
memcpy(ctx->enckey, key, keylen);
ctx->enckeylen = keylen;
/* SPU needs XTS keys in the reverse order the crypto API presents */
if ((ctx->cipher.alg == CIPHER_ALG_AES) &&
(ctx->cipher.mode == CIPHER_MODE_XTS)) {
Reported by FlawFinder.
Line: 1856
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(ctx->cipher.mode == CIPHER_MODE_XTS)) {
unsigned int xts_keylen = keylen / 2;
memcpy(ctx->enckey, key + xts_keylen, xts_keylen);
memcpy(ctx->enckey + xts_keylen, key, xts_keylen);
}
if (spu->spu_type == SPU_TYPE_SPUM)
alloc_len = BCM_HDR_LEN + SPU_HEADER_ALLOC_LEN;
Reported by FlawFinder.
Line: 1857
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int xts_keylen = keylen / 2;
memcpy(ctx->enckey, key + xts_keylen, xts_keylen);
memcpy(ctx->enckey + xts_keylen, key, xts_keylen);
}
if (spu->spu_type == SPU_TYPE_SPUM)
alloc_len = BCM_HDR_LEN + SPU_HEADER_ALLOC_LEN;
else if (spu->spu_type == SPU_TYPE_SPU2)
Reported by FlawFinder.
Line: 1876
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cipher_parms.key_len = ctx->enckeylen;
/* Prepend SPU request message with BCM header */
memcpy(ctx->bcm_spu_req_hdr, BCMHEADER, BCM_HDR_LEN);
ctx->spu_req_hdr_len =
spu->spu_cipher_req_init(ctx->bcm_spu_req_hdr + BCM_HDR_LEN,
&cipher_parms);
ctx->spu_resp_hdr_len = spu->spu_response_hdr_len(ctx->authkeylen,
Reported by FlawFinder.
Line: 2280
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_err("%s() Error: unknown hash alg\n", __func__);
return -EINVAL;
}
memcpy(ctx->authkey, key, keylen);
ctx->authkeylen = keylen;
return 0;
}
Reported by FlawFinder.
net/ipv6/addrconf.c
25 issues
Line: 1345
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
in6_ifa_hold(ifp);
memcpy(addr.s6_addr, ifp->addr.s6_addr, 8);
ipv6_gen_rnd_iid(&addr);
age = (now - ifp->tstamp) / HZ;
regen_advance = idev->cnf.regen_max_retry *
Reported by FlawFinder.
Line: 2215
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
switch (dev->addr_len) {
case ETH_ALEN:
memcpy(eui, dev->dev_addr, 3);
eui[3] = 0xFF;
eui[4] = 0xFE;
memcpy(eui + 5, dev->dev_addr + 3, 3);
break;
case EUI64_ADDR_LEN:
Reported by FlawFinder.
Line: 2218
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(eui, dev->dev_addr, 3);
eui[3] = 0xFF;
eui[4] = 0xFE;
memcpy(eui + 5, dev->dev_addr + 3, 3);
break;
case EUI64_ADDR_LEN:
memcpy(eui, dev->dev_addr, EUI64_ADDR_LEN);
eui[0] ^= 2;
break;
Reported by FlawFinder.
Line: 2221
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(eui + 5, dev->dev_addr + 3, 3);
break;
case EUI64_ADDR_LEN:
memcpy(eui, dev->dev_addr, EUI64_ADDR_LEN);
eui[0] ^= 2;
break;
default:
return -1;
}
Reported by FlawFinder.
Line: 2240
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ha = (union fwnet_hwaddr *)dev->dev_addr;
memcpy(eui, &ha->uc.uniq_id, sizeof(ha->uc.uniq_id));
eui[0] ^= 2;
return 0;
}
static int addrconf_ifid_arcnet(u8 *eui, struct net_device *dev)
Reported by FlawFinder.
Line: 2259
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (dev->addr_len != INFINIBAND_ALEN)
return -1;
memcpy(eui, dev->dev_addr + 12, 8);
eui[0] |= 2;
return 0;
}
static int __ipv6_isatap_ifid(u8 *eui, __be32 addr)
Reported by FlawFinder.
Line: 2277
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eui[1] = 0;
eui[2] = 0x5E;
eui[3] = 0xFE;
memcpy(eui + 4, &addr, 4);
return 0;
}
static int addrconf_ifid_sit(u8 *eui, struct net_device *dev)
{
Reported by FlawFinder.
Line: 2295
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int addrconf_ifid_ip6tnl(u8 *eui, struct net_device *dev)
{
memcpy(eui, dev->perm_addr, 3);
memcpy(eui + 5, dev->perm_addr + 3, 3);
eui[3] = 0xFF;
eui[4] = 0xFE;
eui[0] ^= 2;
return 0;
Reported by FlawFinder.
Line: 2296
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int addrconf_ifid_ip6tnl(u8 *eui, struct net_device *dev)
{
memcpy(eui, dev->perm_addr, 3);
memcpy(eui + 5, dev->perm_addr + 3, 3);
eui[3] = 0xFF;
eui[4] = 0xFE;
eui[0] ^= 2;
return 0;
}
Reported by FlawFinder.
Line: 2340
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ifp->scope > IFA_LINK)
break;
if (ifp->scope == IFA_LINK && !(ifp->flags&IFA_F_TENTATIVE)) {
memcpy(eui, ifp->addr.s6_addr+8, 8);
err = 0;
break;
}
}
read_unlock_bh(&idev->lock);
Reported by FlawFinder.
drivers/scsi/BusLogic.c
25 issues
Line: 3669
.slave_configure = blogic_slaveconfig,
.bios_param = blogic_diskparam,
.eh_host_reset_handler = blogic_hostreset,
#if 0
.eh_abort_handler = blogic_abort,
#endif
.max_sectors = 128,
};
Reported by Cppcheck.
Line: 1263
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
for (i = 0; i < sizeof(fpinfo->model); i++)
*tgt++ = fpinfo->model[i];
*tgt++ = '\0';
strcpy(adapter->fw_ver, FLASHPOINT_FW_VER);
adapter->scsi_id = fpinfo->scsi_id;
adapter->ext_trans_enable = fpinfo->ext_trans_enable;
adapter->parity = fpinfo->parity;
adapter->reset_enabled = !fpinfo->softreset;
adapter->level_int = true;
Reported by FlawFinder.
Line: 1634
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
Initialize the Host Adapter Full Model Name from the Model Name.
*/
strcpy(adapter->full_model, "BusLogic ");
strcat(adapter->full_model, adapter->model);
/*
Select an appropriate value for the Tagged Queue Depth either from a
BusLogic Driver Options specification, or based on whether this Host
Adapter requires that ISA Bounce Buffers be used. The Tagged Queue
Depth is left at 0 for automatic determination in
Reported by FlawFinder.
Line: 3439
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
int len = 0;
va_start(args, adapter);
len = vsprintf(buf, fmt, args);
va_end(args);
if (msglevel == BLOGIC_ANNOUNCE_LEVEL) {
static int msglines = 0;
strcpy(&adapter->msgbuf[adapter->msgbuflen], buf);
adapter->msgbuflen += len;
Reported by FlawFinder.
Line: 3443
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
va_end(args);
if (msglevel == BLOGIC_ANNOUNCE_LEVEL) {
static int msglines = 0;
strcpy(&adapter->msgbuf[adapter->msgbuflen], buf);
adapter->msgbuflen += len;
if (++msglines <= 2)
printk("%sscsi: %s", blogic_msglevelmap[msglevel], buf);
} else if (msglevel == BLOGIC_INFO_LEVEL) {
strcpy(&adapter->msgbuf[adapter->msgbuflen], buf);
Reported by FlawFinder.
Line: 3448
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (++msglines <= 2)
printk("%sscsi: %s", blogic_msglevelmap[msglevel], buf);
} else if (msglevel == BLOGIC_INFO_LEVEL) {
strcpy(&adapter->msgbuf[adapter->msgbuflen], buf);
adapter->msgbuflen += len;
if (begin) {
if (buf[0] != '\n' || len > 1)
printk("%sscsi%d: %s", blogic_msglevelmap[msglevel], adapter->host_no, buf);
} else
Reported by FlawFinder.
Line: 509
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
replylen = reply_b;
for (i = 0; i < replylen; i++)
blogic_notice(" %02X", adapter,
((unsigned char *) reply)[i]);
blogic_notice("\n", adapter);
}
/*
Process Command Invalid conditions.
*/
Reported by FlawFinder.
Line: 587
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(probeinfo1->dev > probeinfo2->dev))) {
struct blogic_probeinfo tmp_probeinfo;
memcpy(&tmp_probeinfo, probeinfo1,
sizeof(struct blogic_probeinfo));
memcpy(probeinfo1, probeinfo2,
sizeof(struct blogic_probeinfo));
memcpy(probeinfo2, &tmp_probeinfo,
sizeof(struct blogic_probeinfo));
Reported by FlawFinder.
Line: 589
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&tmp_probeinfo, probeinfo1,
sizeof(struct blogic_probeinfo));
memcpy(probeinfo1, probeinfo2,
sizeof(struct blogic_probeinfo));
memcpy(probeinfo2, &tmp_probeinfo,
sizeof(struct blogic_probeinfo));
last_exchange = j;
}
Reported by FlawFinder.
Line: 591
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct blogic_probeinfo));
memcpy(probeinfo1, probeinfo2,
sizeof(struct blogic_probeinfo));
memcpy(probeinfo2, &tmp_probeinfo,
sizeof(struct blogic_probeinfo));
last_exchange = j;
}
}
}
Reported by FlawFinder.
drivers/net/wireless/ti/wlcore/cmd.c
25 issues
Line: 250
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_free;
}
memcpy(cmd->mac_address, addr, ETH_ALEN);
cmd->role_type = role_type;
ret = wl1271_cmd_send(wl, CMD_ROLE_ENABLE, cmd, sizeof(*cmd), 0);
if (ret < 0) {
wl1271_error("failed to initiate cmd role enable");
Reported by FlawFinder.
Line: 530
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->sta.beacon_interval = cpu_to_le16(wlvif->beacon_int);
cmd->sta.ssid_type = WL12XX_SSID_TYPE_ANY;
cmd->sta.ssid_len = wlvif->ssid_len;
memcpy(cmd->sta.ssid, wlvif->ssid, wlvif->ssid_len);
memcpy(cmd->sta.bssid, vif->bss_conf.bssid, ETH_ALEN);
supported_rates = CONF_TX_ENABLED_RATES | CONF_TX_MCS_RATES |
wlcore_hw_sta_get_ap_rate_mask(wl, wlvif);
if (wlvif->p2p)
Reported by FlawFinder.
Line: 531
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->sta.ssid_type = WL12XX_SSID_TYPE_ANY;
cmd->sta.ssid_len = wlvif->ssid_len;
memcpy(cmd->sta.ssid, wlvif->ssid, wlvif->ssid_len);
memcpy(cmd->sta.bssid, vif->bss_conf.bssid, ETH_ALEN);
supported_rates = CONF_TX_ENABLED_RATES | CONF_TX_MCS_RATES |
wlcore_hw_sta_get_ap_rate_mask(wl, wlvif);
if (wlvif->p2p)
supported_rates &= ~CONF_TX_CCK_RATES;
Reported by FlawFinder.
Line: 677
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* take the SSID from the beacon for backward compatibility */
cmd->ap.ssid_type = WL12XX_SSID_TYPE_PUBLIC;
cmd->ap.ssid_len = wlvif->ssid_len;
memcpy(cmd->ap.ssid, wlvif->ssid, wlvif->ssid_len);
} else {
cmd->ap.ssid_type = WL12XX_SSID_TYPE_HIDDEN;
cmd->ap.ssid_len = bss_conf->ssid_len;
memcpy(cmd->ap.ssid, bss_conf->ssid, bss_conf->ssid_len);
}
Reported by FlawFinder.
Line: 681
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
cmd->ap.ssid_type = WL12XX_SSID_TYPE_HIDDEN;
cmd->ap.ssid_len = bss_conf->ssid_len;
memcpy(cmd->ap.ssid, bss_conf->ssid, bss_conf->ssid_len);
}
supported_rates = CONF_TX_ENABLED_RATES | CONF_TX_MCS_RATES |
wlcore_hw_ap_get_mimo_wide_rate_mask(wl, wlvif);
if (wlvif->p2p)
Reported by FlawFinder.
Line: 783
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->ibss.dtim_interval = bss_conf->dtim_period;
cmd->ibss.ssid_type = WL12XX_SSID_TYPE_ANY;
cmd->ibss.ssid_len = wlvif->ssid_len;
memcpy(cmd->ibss.ssid, wlvif->ssid, wlvif->ssid_len);
memcpy(cmd->ibss.bssid, vif->bss_conf.bssid, ETH_ALEN);
cmd->sta.local_rates = cpu_to_le32(wlvif->rate_set);
if (wlvif->sta.hlid == WL12XX_INVALID_LINK_ID) {
ret = wl12xx_allocate_link(wl, wlvif, &wlvif->sta.hlid);
Reported by FlawFinder.
Line: 784
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->ibss.ssid_type = WL12XX_SSID_TYPE_ANY;
cmd->ibss.ssid_len = wlvif->ssid_len;
memcpy(cmd->ibss.ssid, wlvif->ssid, wlvif->ssid_len);
memcpy(cmd->ibss.bssid, vif->bss_conf.bssid, ETH_ALEN);
cmd->sta.local_rates = cpu_to_le32(wlvif->rate_set);
if (wlvif->sta.hlid == WL12XX_INVALID_LINK_ID) {
ret = wl12xx_allocate_link(wl, wlvif, &wlvif->sta.hlid);
if (ret)
Reported by FlawFinder.
Line: 1041
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->index = index;
if (buf)
memcpy(cmd->template_data, buf, buf_len);
ret = wl1271_cmd_send(wl, CMD_SET_TEMPLATE, cmd, sizeof(*cmd), 0);
if (ret < 0) {
wl1271_warning("cmd set_template failed: %d", ret);
goto out_free;
Reported by FlawFinder.
Line: 1237
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmpl = skb_put_zero(skb, sizeof(*tmpl));
/* llc layer */
memcpy(tmpl->llc_hdr, rfc1042_header, sizeof(rfc1042_header));
tmpl->llc_type = cpu_to_be16(ETH_P_ARP);
/* arp header */
arp_hdr = &tmpl->arp_hdr;
arp_hdr->ar_hrd = cpu_to_be16(ARPHRD_ETHER);
Reported by FlawFinder.
Line: 1249
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
arp_hdr->ar_op = cpu_to_be16(ARPOP_REPLY);
/* arp payload */
memcpy(tmpl->sender_hw, vif->addr, ETH_ALEN);
tmpl->sender_ip = wlvif->ip_addr;
/* encryption space */
switch (wlvif->encryption_type) {
case KEY_TKIP:
Reported by FlawFinder.
arch/x86/kvm/mmu/mmu.c
25 issues
Line: 285
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
static void mark_mmio_spte(struct kvm_vcpu *vcpu, u64 *sptep, u64 gfn,
unsigned int access)
{
u64 spte = make_mmio_spte(vcpu, gfn, access);
trace_mark_mmio_spte(sptep, gfn, spte);
mmu_spte_set(sptep, spte);
Reported by FlawFinder.
Line: 287
Column: 39
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static void mark_mmio_spte(struct kvm_vcpu *vcpu, u64 *sptep, u64 gfn,
unsigned int access)
{
u64 spte = make_mmio_spte(vcpu, gfn, access);
trace_mark_mmio_spte(sptep, gfn, spte);
mmu_spte_set(sptep, spte);
}
Reported by FlawFinder.
Line: 323
Column: 66
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return likely(kvm_gen == spte_gen);
}
static gpa_t translate_gpa(struct kvm_vcpu *vcpu, gpa_t gpa, u32 access,
struct x86_exception *exception)
{
/* Check if guest physical address doesn't exceed guest maximum */
if (kvm_vcpu_is_illegal_gpa(vcpu, gpa)) {
exception->error_code |= PFERR_RSVD_MASK;
Reported by FlawFinder.
Line: 2023
Column: 24
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
gva_t gaddr,
unsigned level,
int direct,
unsigned int access)
{
bool direct_mmu = vcpu->arch.mmu->direct_map;
union kvm_mmu_page_role role;
struct hlist_head *sp_list;
unsigned quadrant;
Reported by FlawFinder.
Line: 2038
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
role.direct = direct;
if (role.direct)
role.gpte_is_8_bytes = true;
role.access = access;
if (!direct_mmu && vcpu->arch.mmu->root_level <= PT32_ROOT_LEVEL) {
quadrant = gaddr >> (PAGE_SHIFT + (PT64_PT_BITS * level));
quadrant &= (1 << ((PT32_PT_BITS - PT64_PT_BITS) * level)) - 1;
role.quadrant = quadrant;
}
Reported by FlawFinder.
Line: 2751
Column: 33
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
struct page *pages[PTE_PREFETCH_NUM];
struct kvm_memory_slot *slot;
unsigned int access = sp->role.access;
int i, ret;
gfn_t gfn;
gfn = kvm_mmu_page_get_gfn(sp, start - sp->spt);
slot = gfn_to_memslot_dirty_bitmap(vcpu, gfn, access & ACC_WRITE_MASK);
Reported by FlawFinder.
Line: 2756
Column: 48
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
gfn_t gfn;
gfn = kvm_mmu_page_get_gfn(sp, start - sp->spt);
slot = gfn_to_memslot_dirty_bitmap(vcpu, gfn, access & ACC_WRITE_MASK);
if (!slot)
return -1;
ret = gfn_to_page_many_atomic(slot, gfn, pages, end - start);
if (ret <= 0)
Reported by FlawFinder.
Line: 2765
Column: 29
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return -1;
for (i = 0; i < ret; i++, gfn++, start++) {
mmu_set_spte(vcpu, start, access, false, sp->role.level, gfn,
page_to_pfn(pages[i]), true, true);
put_page(pages[i]);
}
return 0;
Reported by FlawFinder.
Line: 3014
Column: 33
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
static bool handle_abnormal_pfn(struct kvm_vcpu *vcpu, gva_t gva, gfn_t gfn,
kvm_pfn_t pfn, unsigned int access,
int *ret_val)
{
/* The pfn is invalid, report the error! */
if (unlikely(is_error_pfn(pfn))) {
*ret_val = kvm_handle_bad_page(vcpu, gfn, pfn);
Reported by FlawFinder.
Line: 3025
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (unlikely(is_noslot_pfn(pfn))) {
vcpu_cache_mmio_info(vcpu, gva, gfn,
access & shadow_mmio_access_mask);
/*
* If MMIO caching is disabled, emulate immediately without
* touching the shadow page tables as attempting to install an
* MMIO SPTE will just be an expensive nop.
*/
Reported by FlawFinder.
drivers/scsi/FlashPoint.c
25 issues
Line: 2172
CWE codes:
788
unsigned char lun, qtag;
struct sccb_mgr_tar_info *currTar_Info;
currTar_Info = &FPT_sccbMgrTbl[p_card][target];
currTar_Info->TarSelQ_Cnt = 0;
currTar_Info->TarSyncCtrl = 0;
currTar_Info->TarSelQ_Head = NULL;
Reported by Cppcheck.
Line: 2188
CWE codes:
788
}
for (qtag = 0; qtag < QUEUE_DEPTH; qtag++) {
if (FPT_BL_Card[p_card].discQ_Tbl[qtag] != NULL) {
if (FPT_BL_Card[p_card].discQ_Tbl[qtag]->TargID ==
target) {
FPT_BL_Card[p_card].discQ_Tbl[qtag] = NULL;
FPT_BL_Card[p_card].discQCount--;
}
Reported by Cppcheck.
Line: 3608
CWE codes:
788
WR_HARPOON(port + hp_int_mask, (RD_HARPOON(port + hp_int_mask) | 0x00));
for (scsiID = 0; scsiID < MAX_SCSI_TAR; scsiID++) {
currTar_Info = &FPT_sccbMgrTbl[p_card][scsiID];
if (currTar_Info->TarEEValue & EE_SYNC_MASK) {
currTar_Info->TarSyncCtrl = 0;
currTar_Info->TarStatus &= ~TAR_SYNC_MASK;
}
Reported by Cppcheck.
Line: 3624
CWE codes:
788
FPT_SccbMgrTableInitTarget(p_card, scsiID);
}
FPT_BL_Card[p_card].scanIndex = 0x00;
FPT_BL_Card[p_card].currentSCCB = NULL;
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
Reported by Cppcheck.
Line: 3625
CWE codes:
788
}
FPT_BL_Card[p_card].scanIndex = 0x00;
FPT_BL_Card[p_card].currentSCCB = NULL;
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
Reported by Cppcheck.
Line: 3626
CWE codes:
788
FPT_BL_Card[p_card].scanIndex = 0x00;
FPT_BL_Card[p_card].currentSCCB = NULL;
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
Reported by Cppcheck.
Line: 3628
CWE codes:
788
FPT_BL_Card[p_card].currentSCCB = NULL;
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
for (i = 0; i < QUEUE_DEPTH; i++)
FPT_BL_Card[p_card].discQ_Tbl[i] = NULL;
Reported by Cppcheck.
Line: 3629
CWE codes:
788
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
for (i = 0; i < QUEUE_DEPTH; i++)
FPT_BL_Card[p_card].discQ_Tbl[i] = NULL;
Reported by Cppcheck.
Line: 3630
CWE codes:
788
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
for (i = 0; i < QUEUE_DEPTH; i++)
FPT_BL_Card[p_card].discQ_Tbl[i] = NULL;
WR_HARPOON(port + hp_page_ctrl,
Reported by Cppcheck.
Line: 5436
CWE codes:
788
struct sccb_card *currCard;
struct nvram_info *pCurrNvRam;
currCard = &FPT_BL_Card[p_card];
p_port = currCard->ioPort;
pCurrNvRam = currCard->pNvRamInfo;
if (pCurrNvRam) {
ScamFlg = pCurrNvRam->niScamConf;
Reported by Cppcheck.
drivers/misc/habanalabs/goya/goya.c
25 issues
Line: 4539
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_ECC:
case GOYA_ASYNC_EVENT_ID_TPC7_ECC:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_ECC) / 3;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_SRAM0 ... GOYA_ASYNC_EVENT_ID_SRAM29:
index = event_type - GOYA_ASYNC_EVENT_ID_SRAM0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4543
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_SRAM0 ... GOYA_ASYNC_EVENT_ID_SRAM29:
index = event_type - GOYA_ASYNC_EVENT_ID_SRAM0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_PLL0 ... GOYA_ASYNC_EVENT_ID_PLL6:
index = event_type - GOYA_ASYNC_EVENT_ID_PLL0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4547
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_PLL0 ... GOYA_ASYNC_EVENT_ID_PLL6:
index = event_type - GOYA_ASYNC_EVENT_ID_PLL0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_DEC:
case GOYA_ASYNC_EVENT_ID_TPC1_DEC:
case GOYA_ASYNC_EVENT_ID_TPC2_DEC:
case GOYA_ASYNC_EVENT_ID_TPC3_DEC:
Reported by FlawFinder.
Line: 4558
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_DEC:
case GOYA_ASYNC_EVENT_ID_TPC7_DEC:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_DEC) / 3;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC1_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC2_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC3_KRN_ERR:
Reported by FlawFinder.
Line: 4569
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC7_KRN_ERR:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_KRN_ERR) / 10;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_CMDQ ... GOYA_ASYNC_EVENT_ID_TPC7_CMDQ:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_CMDQ;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4573
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_TPC0_CMDQ ... GOYA_ASYNC_EVENT_ID_TPC7_CMDQ:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_CMDQ;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_QM ... GOYA_ASYNC_EVENT_ID_TPC7_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4577
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_TPC0_QM ... GOYA_ASYNC_EVENT_ID_TPC7_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA0_QM ... GOYA_ASYNC_EVENT_ID_DMA4_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4581
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_DMA0_QM ... GOYA_ASYNC_EVENT_ID_DMA4_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA0_CH ... GOYA_ASYNC_EVENT_ID_DMA4_CH:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_CH;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4585
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_DMA0_CH ... GOYA_ASYNC_EVENT_ID_DMA4_CH:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_CH;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC1_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC2_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC3_BMON_SPMU:
Reported by FlawFinder.
Line: 4596
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC7_BMON_SPMU:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_BMON_SPMU) / 10;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA_BM_CH0 ... GOYA_ASYNC_EVENT_ID_DMA_BM_CH4:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA_BM_CH0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.