The following issues were found
drivers/infiniband/hw/bnxt_re/ib_verbs.c
25 issues
Line: 1872
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
qp->qplib_qp.access =
__from_ib_access_flags(qp_attr->qp_access_flags);
/* LOCAL_WRITE access must be set to allow RC receive */
qp->qplib_qp.access |= BNXT_QPLIB_ACCESS_LOCAL_WRITE;
/* Temp: Set all params on QP as of now */
qp->qplib_qp.access |= CMDQ_MODIFY_QP_ACCESS_REMOTE_WRITE;
qp->qplib_qp.access |= CMDQ_MODIFY_QP_ACCESS_REMOTE_READ;
}
if (qp_attr_mask & IB_QP_PKEY_INDEX) {
Reported by FlawFinder.
Line: 1874
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* LOCAL_WRITE access must be set to allow RC receive */
qp->qplib_qp.access |= BNXT_QPLIB_ACCESS_LOCAL_WRITE;
/* Temp: Set all params on QP as of now */
qp->qplib_qp.access |= CMDQ_MODIFY_QP_ACCESS_REMOTE_WRITE;
qp->qplib_qp.access |= CMDQ_MODIFY_QP_ACCESS_REMOTE_READ;
}
if (qp_attr_mask & IB_QP_PKEY_INDEX) {
qp->qplib_qp.modify_flags |= CMDQ_MODIFY_QP_MODIFY_MASK_PKEY;
qp->qplib_qp.pkey_index = qp_attr->pkey_index;
Reported by FlawFinder.
Line: 1875
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
qp->qplib_qp.access |= BNXT_QPLIB_ACCESS_LOCAL_WRITE;
/* Temp: Set all params on QP as of now */
qp->qplib_qp.access |= CMDQ_MODIFY_QP_ACCESS_REMOTE_WRITE;
qp->qplib_qp.access |= CMDQ_MODIFY_QP_ACCESS_REMOTE_READ;
}
if (qp_attr_mask & IB_QP_PKEY_INDEX) {
qp->qplib_qp.modify_flags |= CMDQ_MODIFY_QP_MODIFY_MASK_PKEY;
qp->qplib_qp.pkey_index = qp_attr->pkey_index;
}
Reported by FlawFinder.
Line: 2076
Column: 60
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
qp_attr->qp_state = __to_ib_qp_state(qplib_qp->state);
qp_attr->cur_qp_state = __to_ib_qp_state(qplib_qp->cur_qp_state);
qp_attr->en_sqd_async_notify = qplib_qp->en_sqd_async_notify ? 1 : 0;
qp_attr->qp_access_flags = __to_ib_access_flags(qplib_qp->access);
qp_attr->pkey_index = qplib_qp->pkey_index;
qp_attr->qkey = qplib_qp->qkey;
qp_attr->ah_attr.type = RDMA_AH_ATTR_TYPE_ROCE;
rdma_ah_set_grh(&qp_attr->ah_attr, NULL, qplib_qp->ah.flow_label,
qplib_qp->ah.host_sgid_index,
Reported by FlawFinder.
Line: 2459
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
struct bnxt_re_mr *mr = container_of(wr->mr, struct bnxt_re_mr, ib_mr);
struct bnxt_qplib_frpl *qplib_frpl = &mr->qplib_frpl;
int access = wr->access;
wqe->frmr.pbl_ptr = (__le64 *)qplib_frpl->hwq.pbl_ptr[0];
wqe->frmr.pbl_dma_ptr = qplib_frpl->hwq.pbl_dma_ptr[0];
wqe->frmr.page_list = mr->pages;
wqe->frmr.page_list_len = mr->npages;
Reported by FlawFinder.
Line: 2477
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (wr->wr.send_flags & IB_SEND_SIGNALED)
wqe->flags |= BNXT_QPLIB_SWQE_FLAGS_SIGNAL_COMP;
if (access & IB_ACCESS_LOCAL_WRITE)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_LOCAL_WRITE;
if (access & IB_ACCESS_REMOTE_READ)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_READ;
if (access & IB_ACCESS_REMOTE_WRITE)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_WRITE;
Reported by FlawFinder.
Line: 2479
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (access & IB_ACCESS_LOCAL_WRITE)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_LOCAL_WRITE;
if (access & IB_ACCESS_REMOTE_READ)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_READ;
if (access & IB_ACCESS_REMOTE_WRITE)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_WRITE;
if (access & IB_ACCESS_REMOTE_ATOMIC)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_ATOMIC;
Reported by FlawFinder.
Line: 2481
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_LOCAL_WRITE;
if (access & IB_ACCESS_REMOTE_READ)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_READ;
if (access & IB_ACCESS_REMOTE_WRITE)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_WRITE;
if (access & IB_ACCESS_REMOTE_ATOMIC)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_ATOMIC;
if (access & IB_ACCESS_MW_BIND)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_WINDOW_BIND;
Reported by FlawFinder.
Line: 2483
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_READ;
if (access & IB_ACCESS_REMOTE_WRITE)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_WRITE;
if (access & IB_ACCESS_REMOTE_ATOMIC)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_ATOMIC;
if (access & IB_ACCESS_MW_BIND)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_WINDOW_BIND;
wqe->frmr.l_key = wr->key;
Reported by FlawFinder.
Line: 2485
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_WRITE;
if (access & IB_ACCESS_REMOTE_ATOMIC)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_REMOTE_ATOMIC;
if (access & IB_ACCESS_MW_BIND)
wqe->frmr.access_cntl |= SQ_FR_PMR_ACCESS_CNTL_WINDOW_BIND;
wqe->frmr.l_key = wr->key;
wqe->frmr.length = wr->mr->length;
wqe->frmr.pbl_pg_sz_log = (wr->mr->page_size >> PAGE_SHIFT_4K) - 1;
Reported by FlawFinder.
tools/bpf/bpftool/common.c
25 issues
Line: 307
Column: 6
CWE codes:
362
20
Suggestion:
Reconsider approach
snprintf(path, sizeof(path), "/proc/self/fd/%d", fd);
n = readlink(path, buf, sizeof(buf));
if (n < 0) {
p_err("can't read link type: %s", strerror(errno));
return -1;
}
if (n == sizeof(path)) {
Reported by FlawFinder.
Line: 84
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
jsonw_end_object(json_wtr);
} else {
fprintf(stderr, "Error: ");
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
}
va_end(ap);
}
Reported by FlawFinder.
Line: 98
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}
static bool is_bpffs(char *path)
Reported by FlawFinder.
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -1;
}
strcpy(file, name);
dir = dirname(file);
if (is_bpffs(dir))
/* nothing to do if already mounted */
goto out_free;
Reported by FlawFinder.
Line: 649
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
print_all_levels(__maybe_unused enum libbpf_print_level level,
const char *format, va_list args)
{
return vfprintf(stderr, format, args);
}
static int prog_fd_by_nametag(void *nametag, int **fds, bool tag)
{
unsigned int id = 0;
Reported by FlawFinder.
Line: 737
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
NEXT_ARGP();
if (sscanf(**argv, BPF_TAG_FMT, tag, tag + 1, tag + 2,
tag + 3, tag + 4, tag + 5, tag + 6, tag + 7)
!= BPF_TAG_SIZE) {
p_err("can't parse tag");
return -1;
}
Reported by FlawFinder.
Line: 33
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define BPF_FS_MAGIC 0xcafe4a11
#endif
const char * const attach_type_name[__MAX_BPF_ATTACH_TYPE] = {
[BPF_CGROUP_INET_INGRESS] = "ingress",
[BPF_CGROUP_INET_EGRESS] = "egress",
[BPF_CGROUP_INET_SOCK_CREATE] = "sock_create",
[BPF_CGROUP_INET_SOCK_RELEASE] = "sock_release",
[BPF_CGROUP_SOCK_OPS] = "sock_ops",
Reported by FlawFinder.
Line: 154
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mount_tracefs(const char *target)
{
char err_str[ERR_MAX_LEN];
int err;
err = mnt_fs(target, "tracefs", err_str, ERR_MAX_LEN);
if (err) {
err_str[ERR_MAX_LEN - 1] = '\0';
Reported by FlawFinder.
Line: 219
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mount_bpffs_for_pin(const char *name)
{
char err_str[ERR_MAX_LEN];
char *file;
char *dir;
int err = 0;
file = malloc(strlen(name) + 1);
Reported by FlawFinder.
Line: 301
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int get_fd_type(int fd)
{
char path[PATH_MAX];
char buf[512];
ssize_t n;
snprintf(path, sizeof(path), "/proc/self/fd/%d", fd);
Reported by FlawFinder.
drivers/misc/habanalabs/goya/goya.c
25 issues
Line: 4539
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_ECC:
case GOYA_ASYNC_EVENT_ID_TPC7_ECC:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_ECC) / 3;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_SRAM0 ... GOYA_ASYNC_EVENT_ID_SRAM29:
index = event_type - GOYA_ASYNC_EVENT_ID_SRAM0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4543
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_SRAM0 ... GOYA_ASYNC_EVENT_ID_SRAM29:
index = event_type - GOYA_ASYNC_EVENT_ID_SRAM0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_PLL0 ... GOYA_ASYNC_EVENT_ID_PLL6:
index = event_type - GOYA_ASYNC_EVENT_ID_PLL0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4547
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_PLL0 ... GOYA_ASYNC_EVENT_ID_PLL6:
index = event_type - GOYA_ASYNC_EVENT_ID_PLL0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_DEC:
case GOYA_ASYNC_EVENT_ID_TPC1_DEC:
case GOYA_ASYNC_EVENT_ID_TPC2_DEC:
case GOYA_ASYNC_EVENT_ID_TPC3_DEC:
Reported by FlawFinder.
Line: 4558
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_DEC:
case GOYA_ASYNC_EVENT_ID_TPC7_DEC:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_DEC) / 3;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC1_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC2_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC3_KRN_ERR:
Reported by FlawFinder.
Line: 4569
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC7_KRN_ERR:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_KRN_ERR) / 10;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_CMDQ ... GOYA_ASYNC_EVENT_ID_TPC7_CMDQ:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_CMDQ;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4573
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_TPC0_CMDQ ... GOYA_ASYNC_EVENT_ID_TPC7_CMDQ:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_CMDQ;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_QM ... GOYA_ASYNC_EVENT_ID_TPC7_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4577
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_TPC0_QM ... GOYA_ASYNC_EVENT_ID_TPC7_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA0_QM ... GOYA_ASYNC_EVENT_ID_DMA4_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4581
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_DMA0_QM ... GOYA_ASYNC_EVENT_ID_DMA4_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA0_CH ... GOYA_ASYNC_EVENT_ID_DMA4_CH:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_CH;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4585
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_DMA0_CH ... GOYA_ASYNC_EVENT_ID_DMA4_CH:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_CH;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC1_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC2_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC3_BMON_SPMU:
Reported by FlawFinder.
Line: 4596
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC7_BMON_SPMU:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_BMON_SPMU) / 10;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA_BM_CH0 ... GOYA_ASYNC_EVENT_ID_DMA_BM_CH4:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA_BM_CH0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
sound/usb/mixer_quirks.c
25 issues
Line: 3163
20, 26, TLV_DB_MINMAX_ITEM(-1910, -1393),
27, 31, TLV_DB_MINMAX_ITEM(-1322, -1032),
32, 40, TLV_DB_MINMAX_ITEM(-968, -490),
41, 50, TLV_DB_MINMAX_ITEM(-441, 0),
);
if (cval->min == 0 && cval->max == 50) {
usb_audio_info(mixer->chip, "applying DragonFly dB scale quirk (0-50 variant)\n");
kctl->tlv.p = scale;
Reported by Cppcheck.
Line: 93
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
/* Set name */
snprintf(kctl->id.name, sizeof(kctl->id.name), name);
kctl->private_free = snd_usb_mixer_elem_free;
/* set TLV */
if (tlv_callback) {
kctl->tlv.c = tlv_callback;
Reported by FlawFinder.
Line: 99
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* set TLV */
if (tlv_callback) {
kctl->tlv.c = tlv_callback;
kctl->vd[0].access |=
SNDRV_CTL_ELEM_ACCESS_TLV_READ |
SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
}
/* Add control to mixer */
return snd_usb_mixer_add_control(&cval->head, kctl);
Reported by FlawFinder.
Line: 3169
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (cval->min == 0 && cval->max == 50) {
usb_audio_info(mixer->chip, "applying DragonFly dB scale quirk (0-50 variant)\n");
kctl->tlv.p = scale;
kctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
} else if (cval->min == 0 && cval->max <= 1000) {
/* Some other clearly broken DragonFly variant.
* At least a 0..53 variant (hw v1.0) exists.
Reported by FlawFinder.
Line: 3170
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
usb_audio_info(mixer->chip, "applying DragonFly dB scale quirk (0-50 variant)\n");
kctl->tlv.p = scale;
kctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
} else if (cval->min == 0 && cval->max <= 1000) {
/* Some other clearly broken DragonFly variant.
* At least a 0..53 variant (hw v1.0) exists.
*/
Reported by FlawFinder.
Line: 3177
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* At least a 0..53 variant (hw v1.0) exists.
*/
usb_audio_info(mixer->chip, "ignoring too narrow dB range on a DragonFly device");
kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK;
}
}
void snd_usb_mixer_fu_apply_quirk(struct usb_mixer_interface *mixer,
struct usb_mixer_elem_info *cval, int unitid,
Reported by FlawFinder.
Line: 455
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_emu0204_ch_switch_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[2] = {"1/2", "3/4"};
return snd_ctl_enum_info(uinfo, 1, ARRAY_SIZE(texts), texts);
}
static int snd_emu0204_ch_switch_get(struct snd_kcontrol *kcontrol,
Reported by FlawFinder.
Line: 472
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct snd_usb_audio *chip = mixer->chip;
int err;
unsigned char buf[2];
err = snd_usb_lock_shutdown(chip);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 610
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct snd_usb_audio *chip = mixer->chip;
int err;
unsigned char buff[3];
err = snd_usb_lock_shutdown(chip);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 695
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_mbox1_switch_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char *const texts[2] = {
"Internal",
"S/PDIF"
};
return snd_ctl_enum_info(uinfo, 1, ARRAY_SIZE(texts), texts);
Reported by FlawFinder.
drivers/devfreq/devfreq.c
25 issues
Line: 1363
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct devfreq *df = to_devfreq(dev);
return sprintf(buf, "%s\n", dev_name(df->dev.parent));
}
static DEVICE_ATTR_RO(name);
static ssize_t governor_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 1375
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!df->governor)
return -EINVAL;
return sprintf(buf, "%s\n", df->governor->name);
}
static ssize_t governor_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 1792
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!df->profile)
return -EINVAL;
return sprintf(buf, "%s\n", timer_name[df->profile->timer]);
}
static ssize_t timer_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 1383
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct devfreq *df = to_devfreq(dev);
int ret;
char str_governor[DEVFREQ_NAME_LEN + 1];
const struct devfreq_governor *governor, *prev_governor;
if (!df->governor)
return -EINVAL;
Reported by FlawFinder.
Line: 1515
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (df->profile->get_cur_freq &&
!df->profile->get_cur_freq(df->dev.parent, &freq))
return sprintf(buf, "%lu\n", freq);
return sprintf(buf, "%lu\n", df->previous_freq);
}
static DEVICE_ATTR_RO(cur_freq);
Reported by FlawFinder.
Line: 1517
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
!df->profile->get_cur_freq(df->dev.parent, &freq))
return sprintf(buf, "%lu\n", freq);
return sprintf(buf, "%lu\n", df->previous_freq);
}
static DEVICE_ATTR_RO(cur_freq);
static ssize_t target_freq_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 1526
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct devfreq *df = to_devfreq(dev);
return sprintf(buf, "%lu\n", df->previous_freq);
}
static DEVICE_ATTR_RO(target_freq);
static ssize_t min_freq_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1567
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
get_freq_range(df, &min_freq, &max_freq);
mutex_unlock(&df->lock);
return sprintf(buf, "%lu\n", min_freq);
}
static DEVICE_ATTR_RW(min_freq);
static ssize_t max_freq_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1621
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
get_freq_range(df, &min_freq, &max_freq);
mutex_unlock(&df->lock);
return sprintf(buf, "%lu\n", max_freq);
}
static DEVICE_ATTR_RW(max_freq);
static ssize_t available_frequencies_show(struct device *d,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 1666
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
max_state = df->profile->max_state;
if (max_state == 0)
return sprintf(buf, "Not Supported.\n");
mutex_lock(&df->lock);
if (!df->stop_polling &&
devfreq_update_status(df, df->previous_freq)) {
mutex_unlock(&df->lock);
Reported by FlawFinder.
drivers/scsi/FlashPoint.c
25 issues
Line: 2172
CWE codes:
788
unsigned char lun, qtag;
struct sccb_mgr_tar_info *currTar_Info;
currTar_Info = &FPT_sccbMgrTbl[p_card][target];
currTar_Info->TarSelQ_Cnt = 0;
currTar_Info->TarSyncCtrl = 0;
currTar_Info->TarSelQ_Head = NULL;
Reported by Cppcheck.
Line: 2188
CWE codes:
788
}
for (qtag = 0; qtag < QUEUE_DEPTH; qtag++) {
if (FPT_BL_Card[p_card].discQ_Tbl[qtag] != NULL) {
if (FPT_BL_Card[p_card].discQ_Tbl[qtag]->TargID ==
target) {
FPT_BL_Card[p_card].discQ_Tbl[qtag] = NULL;
FPT_BL_Card[p_card].discQCount--;
}
Reported by Cppcheck.
Line: 3608
CWE codes:
788
WR_HARPOON(port + hp_int_mask, (RD_HARPOON(port + hp_int_mask) | 0x00));
for (scsiID = 0; scsiID < MAX_SCSI_TAR; scsiID++) {
currTar_Info = &FPT_sccbMgrTbl[p_card][scsiID];
if (currTar_Info->TarEEValue & EE_SYNC_MASK) {
currTar_Info->TarSyncCtrl = 0;
currTar_Info->TarStatus &= ~TAR_SYNC_MASK;
}
Reported by Cppcheck.
Line: 3624
CWE codes:
788
FPT_SccbMgrTableInitTarget(p_card, scsiID);
}
FPT_BL_Card[p_card].scanIndex = 0x00;
FPT_BL_Card[p_card].currentSCCB = NULL;
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
Reported by Cppcheck.
Line: 3625
CWE codes:
788
}
FPT_BL_Card[p_card].scanIndex = 0x00;
FPT_BL_Card[p_card].currentSCCB = NULL;
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
Reported by Cppcheck.
Line: 3626
CWE codes:
788
FPT_BL_Card[p_card].scanIndex = 0x00;
FPT_BL_Card[p_card].currentSCCB = NULL;
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
Reported by Cppcheck.
Line: 3628
CWE codes:
788
FPT_BL_Card[p_card].currentSCCB = NULL;
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
for (i = 0; i < QUEUE_DEPTH; i++)
FPT_BL_Card[p_card].discQ_Tbl[i] = NULL;
Reported by Cppcheck.
Line: 3629
CWE codes:
788
FPT_BL_Card[p_card].globalFlags &= ~(F_TAG_STARTED | F_HOST_XFER_ACT
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
for (i = 0; i < QUEUE_DEPTH; i++)
FPT_BL_Card[p_card].discQ_Tbl[i] = NULL;
Reported by Cppcheck.
Line: 3630
CWE codes:
788
| F_NEW_SCCB_CMD);
FPT_BL_Card[p_card].cmdCounter = 0x00;
FPT_BL_Card[p_card].discQCount = 0x00;
FPT_BL_Card[p_card].tagQ_Lst = 0x01;
for (i = 0; i < QUEUE_DEPTH; i++)
FPT_BL_Card[p_card].discQ_Tbl[i] = NULL;
WR_HARPOON(port + hp_page_ctrl,
Reported by Cppcheck.
Line: 5436
CWE codes:
788
struct sccb_card *currCard;
struct nvram_info *pCurrNvRam;
currCard = &FPT_BL_Card[p_card];
p_port = currCard->ioPort;
pCurrNvRam = currCard->pNvRamInfo;
if (pCurrNvRam) {
ScamFlg = pCurrNvRam->niScamConf;
Reported by Cppcheck.
drivers/net/ethernet/brocade/bna/bfa_defs.h
25 issues
Line: 37
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct bfa_adapter_attr {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfa_adapter_attr {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
Reported by FlawFinder.
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
u8 mac[ETH_ALEN];
Reported by FlawFinder.
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
u8 mac[ETH_ALEN];
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
u8 mac[ETH_ALEN];
u8 nports;
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
u8 mac[ETH_ALEN];
u8 nports;
u8 max_speed;
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Driver and firmware versions. */
struct bfa_ioc_driver_attr {
char driver[BFA_IOC_DRIVER_LEN]; /*!< driver name */
char driver_ver[BFA_VERSION_LEN]; /*!< driver version */
char fw_ver[BFA_VERSION_LEN]; /*!< firmware version */
char bios_ver[BFA_VERSION_LEN]; /*!< bios version */
char efi_ver[BFA_VERSION_LEN]; /*!< EFI version */
char ob_ver[BFA_VERSION_LEN]; /*!< openboot version */
Reported by FlawFinder.
drivers/hwtracing/coresight/coresight-cti-sysfs.c
25 issues
Line: 949
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
container_of(attr, struct dev_ext_attribute, attr);
struct cti_trig_con *con = (struct cti_trig_con *)ext_attr->var;
return sprintf(buf, "%s\n", con->con_dev_name);
}
static ssize_t trigin_sig_show(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 1004
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (sig_idx = 0; sig_idx < con->con_in->nr_sigs; sig_idx++) {
name = cti_sig_type_name(con, sig_idx, true);
used += sprintf(buf + used, "%s ", name);
}
used += sprintf(buf + used, "\n");
return used;
}
Reported by FlawFinder.
Line: 1022
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (sig_idx = 0; sig_idx < con->con_out->nr_sigs; sig_idx++) {
name = cti_sig_type_name(con, sig_idx, false);
used += sprintf(buf + used, "%s ", name);
}
used += sprintf(buf + used, "\n");
return used;
}
Reported by FlawFinder.
Line: 70
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Names for the connection attributes */
static const char * const con_attr_names[CTI_CON_ATTR_MAX] = {
"name",
"in_signals",
"out_signals",
"in_types",
"out_types",
Reported by FlawFinder.
Line: 94
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
spin_unlock(&drvdata->spinlock);
if (powered)
return sprintf(buf, "%d\n", enabled);
else
return sprintf(buf, "%d\n", !!enable_req);
}
static ssize_t enable_store(struct device *dev,
Reported by FlawFinder.
Line: 96
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (powered)
return sprintf(buf, "%d\n", enabled);
else
return sprintf(buf, "%d\n", !!enable_req);
}
static ssize_t enable_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t size)
Reported by FlawFinder.
Line: 132
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
powered = drvdata->config.hw_powered;
spin_unlock(&drvdata->spinlock);
return sprintf(buf, "%d\n", powered);
}
static DEVICE_ATTR_RO(powered);
static ssize_t ctmid_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 141
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct cti_drvdata *drvdata = dev_get_drvdata(dev->parent);
return sprintf(buf, "%d\n", drvdata->ctidev.ctm_id);
}
static DEVICE_ATTR_RO(ctmid);
static ssize_t nr_trigger_cons_show(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 151
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct cti_drvdata *drvdata = dev_get_drvdata(dev->parent);
return sprintf(buf, "%d\n", drvdata->ctidev.nr_trig_con);
}
static DEVICE_ATTR_RO(nr_trigger_cons);
/* attribute and group sysfs tables. */
static struct attribute *coresight_cti_attrs[] = {
Reported by FlawFinder.
Line: 179
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = readl_relaxed(drvdata->base + offset); \
spin_unlock(&drvdata->spinlock); \
pm_runtime_put_sync(dev->parent); \
return sprintf(buf, "0x%x\n", val); \
} \
static DEVICE_ATTR_RO(name)
/* coresight management registers */
coresight_cti_reg(devaff0, CTIDEVAFF0);
Reported by FlawFinder.
tools/power/x86/intel-speed-select/isst-display.c
25 issues
Line: 88
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *value)
{
char *spaces = " ";
static char delimiters[256];
int i, j = 0;
if (!level)
return;
Reported by FlawFinder.
Line: 115
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void format_and_print(FILE *outf, int level, char *header, char *value)
{
char *spaces = " ";
static char delimiters[256];
int i;
if (!out_format_is_json()) {
format_and_print_txt(outf, level, header, value);
return;
Reported by FlawFinder.
Line: 171
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int print_package_info(int cpu, FILE *outf)
{
char header[256];
if (out_format_is_json()) {
snprintf(header, sizeof(header), "package-%d:die-%d:cpu-%d",
get_physical_package_id(cpu), get_physical_die_id(cpu),
cpu);
Reported by FlawFinder.
Line: 195
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct isst_pbf_info *pbf_info,
int disp_level)
{
char header[256];
char value[512];
snprintf(header, sizeof(header), "speed-select-base-freq-properties");
format_and_print(outf, disp_level, header, NULL);
Reported by FlawFinder.
Line: 196
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int disp_level)
{
char header[256];
char value[512];
snprintf(header, sizeof(header), "speed-select-base-freq-properties");
format_and_print(outf, disp_level, header, NULL);
snprintf(header, sizeof(header), "high-priority-base-frequency(MHz)");
Reported by FlawFinder.
Line: 240
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int base_level)
{
struct isst_fact_bucket_info *bucket_info = fact_info->bucket_info;
char header[256];
char value[256];
int print = 0, j;
for (j = 0; j < ISST_FACT_MAX_BUCKETS; ++j) {
if (fact_bucket != 0xff && fact_bucket != j)
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct isst_fact_bucket_info *bucket_info = fact_info->bucket_info;
char header[256];
char value[256];
int print = 0, j;
for (j = 0; j < ISST_FACT_MAX_BUCKETS; ++j) {
if (fact_bucket != 0xff && fact_bucket != j)
continue;
Reported by FlawFinder.
Line: 325
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void isst_ctdp_display_core_info(int cpu, FILE *outf, char *prefix,
unsigned int val, char *str0, char *str1)
{
char header[256];
char value[256];
int level = 1;
if (out_format_is_json()) {
snprintf(header, sizeof(header), "package-%d:die-%d:cpu-%d",
Reported by FlawFinder.
Line: 326
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int val, char *str0, char *str1)
{
char header[256];
char value[256];
int level = 1;
if (out_format_is_json()) {
snprintf(header, sizeof(header), "package-%d:die-%d:cpu-%d",
get_physical_package_id(cpu), get_physical_die_id(cpu),
Reported by FlawFinder.
Line: 359
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void isst_ctdp_display_information(int cpu, FILE *outf, int tdp_level,
struct isst_pkg_ctdp *pkg_dev)
{
char header[256];
char value[512];
static int level;
int i;
if (pkg_dev->processed)
Reported by FlawFinder.
drivers/memstick/core/mspro_block.c
25 issues
Line: 149
Column: 24
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
unsigned short heads;
unsigned short sectors_per_track;
unsigned char system;
unsigned char read_only:1,
eject:1,
data_dir:1,
active:1;
unsigned char transfer_cmd;
Reported by FlawFinder.
Line: 675
Column: 18
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
struct mspro_block_data *msb = memstick_get_drvdata(card);
struct mspro_param_register param = {
.system = msb->system,
.data_count = cpu_to_be16((uint16_t)(length / msb->page_size)),
/* ISO C90 warning precludes direct initialization for now. */
.data_address = 0,
.tpc_param = 0
};
Reported by FlawFinder.
Line: 948
Column: 46
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
rc = memstick_set_rw_addr(card);
if (!rc)
rc = mspro_block_set_interface(card, msb->system);
if (!rc) {
msleep(150);
rc = mspro_block_wait_for_ced(card);
if (rc)
Reported by FlawFinder.
Line: 1147
Column: 11
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return rc;
dev_dbg(&card->dev, "card activated\n");
if (msb->system != MEMSTICK_SYS_SERIAL)
msb->caps |= MEMSTICK_CAP_AUTO_GET_INT;
card->next_request = h_mspro_block_req_init;
msb->mrq_handler = h_mspro_block_get_ro;
memstick_init_req(&card->current_mrq, MS_TPC_READ_REG, NULL,
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t size;
void *data;
unsigned char id;
char name[32];
struct device_attribute dev_attr;
};
struct mspro_attr_entry {
__be32 address;
Reported by FlawFinder.
Line: 57
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 address;
__be32 size;
unsigned char id;
unsigned char reserved[3];
} __attribute__((packed));
struct mspro_attribute {
__be16 signature;
unsigned short version;
Reported by FlawFinder.
Line: 64
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be16 signature;
unsigned short version;
unsigned char count;
unsigned char reserved[11];
struct mspro_attr_entry entries[];
} __attribute__((packed));
struct mspro_sys_info {
unsigned char class;
Reported by FlawFinder.
Line: 75
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be16 block_count;
__be16 user_block_count;
__be16 page_size;
unsigned char reserved1[2];
unsigned char assembly_date[8];
__be32 serial_number;
unsigned char assembly_maker_code;
unsigned char assembly_model_code[3];
__be16 memory_maker_code;
Reported by FlawFinder.
Line: 76
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be16 user_block_count;
__be16 page_size;
unsigned char reserved1[2];
unsigned char assembly_date[8];
__be32 serial_number;
unsigned char assembly_maker_code;
unsigned char assembly_model_code[3];
__be16 memory_maker_code;
__be16 memory_model_code;
Reported by FlawFinder.
Line: 79
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char assembly_date[8];
__be32 serial_number;
unsigned char assembly_maker_code;
unsigned char assembly_model_code[3];
__be16 memory_maker_code;
__be16 memory_model_code;
unsigned char reserved2[4];
unsigned char vcc;
unsigned char vpp;
Reported by FlawFinder.