The following issues were found
tools/bpf/bpftool/common.c
25 issues
Line: 307
Column: 6
CWE codes:
362
20
Suggestion:
Reconsider approach
snprintf(path, sizeof(path), "/proc/self/fd/%d", fd);
n = readlink(path, buf, sizeof(buf));
if (n < 0) {
p_err("can't read link type: %s", strerror(errno));
return -1;
}
if (n == sizeof(path)) {
Reported by FlawFinder.
Line: 84
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
jsonw_end_object(json_wtr);
} else {
fprintf(stderr, "Error: ");
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
}
va_end(ap);
}
Reported by FlawFinder.
Line: 98
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}
static bool is_bpffs(char *path)
Reported by FlawFinder.
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -1;
}
strcpy(file, name);
dir = dirname(file);
if (is_bpffs(dir))
/* nothing to do if already mounted */
goto out_free;
Reported by FlawFinder.
Line: 649
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
print_all_levels(__maybe_unused enum libbpf_print_level level,
const char *format, va_list args)
{
return vfprintf(stderr, format, args);
}
static int prog_fd_by_nametag(void *nametag, int **fds, bool tag)
{
unsigned int id = 0;
Reported by FlawFinder.
Line: 737
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
NEXT_ARGP();
if (sscanf(**argv, BPF_TAG_FMT, tag, tag + 1, tag + 2,
tag + 3, tag + 4, tag + 5, tag + 6, tag + 7)
!= BPF_TAG_SIZE) {
p_err("can't parse tag");
return -1;
}
Reported by FlawFinder.
Line: 33
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define BPF_FS_MAGIC 0xcafe4a11
#endif
const char * const attach_type_name[__MAX_BPF_ATTACH_TYPE] = {
[BPF_CGROUP_INET_INGRESS] = "ingress",
[BPF_CGROUP_INET_EGRESS] = "egress",
[BPF_CGROUP_INET_SOCK_CREATE] = "sock_create",
[BPF_CGROUP_INET_SOCK_RELEASE] = "sock_release",
[BPF_CGROUP_SOCK_OPS] = "sock_ops",
Reported by FlawFinder.
Line: 154
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mount_tracefs(const char *target)
{
char err_str[ERR_MAX_LEN];
int err;
err = mnt_fs(target, "tracefs", err_str, ERR_MAX_LEN);
if (err) {
err_str[ERR_MAX_LEN - 1] = '\0';
Reported by FlawFinder.
Line: 219
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mount_bpffs_for_pin(const char *name)
{
char err_str[ERR_MAX_LEN];
char *file;
char *dir;
int err = 0;
file = malloc(strlen(name) + 1);
Reported by FlawFinder.
Line: 301
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int get_fd_type(int fd)
{
char path[PATH_MAX];
char buf[512];
ssize_t n;
snprintf(path, sizeof(path), "/proc/self/fd/%d", fd);
Reported by FlawFinder.
drivers/misc/habanalabs/goya/goya.c
25 issues
Line: 4539
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_ECC:
case GOYA_ASYNC_EVENT_ID_TPC7_ECC:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_ECC) / 3;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_SRAM0 ... GOYA_ASYNC_EVENT_ID_SRAM29:
index = event_type - GOYA_ASYNC_EVENT_ID_SRAM0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4543
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_SRAM0 ... GOYA_ASYNC_EVENT_ID_SRAM29:
index = event_type - GOYA_ASYNC_EVENT_ID_SRAM0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_PLL0 ... GOYA_ASYNC_EVENT_ID_PLL6:
index = event_type - GOYA_ASYNC_EVENT_ID_PLL0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4547
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_PLL0 ... GOYA_ASYNC_EVENT_ID_PLL6:
index = event_type - GOYA_ASYNC_EVENT_ID_PLL0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_DEC:
case GOYA_ASYNC_EVENT_ID_TPC1_DEC:
case GOYA_ASYNC_EVENT_ID_TPC2_DEC:
case GOYA_ASYNC_EVENT_ID_TPC3_DEC:
Reported by FlawFinder.
Line: 4558
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_DEC:
case GOYA_ASYNC_EVENT_ID_TPC7_DEC:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_DEC) / 3;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC1_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC2_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC3_KRN_ERR:
Reported by FlawFinder.
Line: 4569
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_KRN_ERR:
case GOYA_ASYNC_EVENT_ID_TPC7_KRN_ERR:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_KRN_ERR) / 10;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_CMDQ ... GOYA_ASYNC_EVENT_ID_TPC7_CMDQ:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_CMDQ;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4573
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_TPC0_CMDQ ... GOYA_ASYNC_EVENT_ID_TPC7_CMDQ:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_CMDQ;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_QM ... GOYA_ASYNC_EVENT_ID_TPC7_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4577
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_TPC0_QM ... GOYA_ASYNC_EVENT_ID_TPC7_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_TPC0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA0_QM ... GOYA_ASYNC_EVENT_ID_DMA4_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4581
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_DMA0_QM ... GOYA_ASYNC_EVENT_ID_DMA4_QM:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_QM;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA0_CH ... GOYA_ASYNC_EVENT_ID_DMA4_CH:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_CH;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
Line: 4585
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
break;
case GOYA_ASYNC_EVENT_ID_DMA0_CH ... GOYA_ASYNC_EVENT_ID_DMA4_CH:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA0_CH;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_TPC0_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC1_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC2_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC3_BMON_SPMU:
Reported by FlawFinder.
Line: 4596
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case GOYA_ASYNC_EVENT_ID_TPC6_BMON_SPMU:
case GOYA_ASYNC_EVENT_ID_TPC7_BMON_SPMU:
index = (event_type - GOYA_ASYNC_EVENT_ID_TPC0_BMON_SPMU) / 10;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
case GOYA_ASYNC_EVENT_ID_DMA_BM_CH0 ... GOYA_ASYNC_EVENT_ID_DMA_BM_CH4:
index = event_type - GOYA_ASYNC_EVENT_ID_DMA_BM_CH0;
snprintf(desc, size, _goya_get_event_desc(event_type), index);
break;
Reported by FlawFinder.
drivers/md/dm-integrity.c
25 issues
Line: 2254
CWE codes:
562
if (need_sync_io) {
init_completion(&read_comp);
dio->completion = &read_comp;
} else
dio->completion = NULL;
dm_bio_record(&dio->bio_details, bio);
bio_set_dev(bio, ic->dev->bdev);
Reported by Cppcheck.
Line: 855
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dm_integrity_io_error(ic, "crypto_shash_final", r);
goto err;
}
memcpy(result, digest, JOURNAL_MAC_SIZE);
}
return;
err:
memset(result, 0, JOURNAL_MAC_SIZE);
Reported by FlawFinder.
Line: 877
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct journal_sector *js = access_journal(ic, section, j);
if (likely(wr))
memcpy(&js->mac, result + (j * JOURNAL_MAC_PER_SECTOR), JOURNAL_MAC_PER_SECTOR);
else {
if (memcmp(&js->mac, result + (j * JOURNAL_MAC_PER_SECTOR), JOURNAL_MAC_PER_SECTOR))
dm_integrity_io_error(ic, "journal mac", -EILSEQ);
}
}
Reported by FlawFinder.
Line: 1013
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ivsize = crypto_skcipher_ivsize(ic->journal_crypt);
iv = req->iv;
memcpy(iv, iv + ivsize, ivsize);
req->src = source_sg[section];
req->dst = target_sg[section];
if (unlikely(do_crypt(encrypt, req, comp)))
Reported by FlawFinder.
Line: 1430
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
to_copy = min((1U << SECTOR_SHIFT << ic->log2_buffer_sectors) - *metadata_offset, total_size);
dp = data + *metadata_offset;
if (op == TAG_READ) {
memcpy(tag, dp, to_copy);
} else if (op == TAG_WRITE) {
if (memcmp(dp, tag, to_copy)) {
memcpy(dp, tag, to_copy);
dm_bufio_mark_partial_buffer_dirty(b, *metadata_offset, *metadata_offset + to_copy);
}
Reported by FlawFinder.
Line: 1433
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tag, dp, to_copy);
} else if (op == TAG_WRITE) {
if (memcmp(dp, tag, to_copy)) {
memcpy(dp, tag, to_copy);
dm_bufio_mark_partial_buffer_dirty(b, *metadata_offset, *metadata_offset + to_copy);
}
} else {
/* e.g.: op == TAG_CMP */
Reported by FlawFinder.
Line: 1707
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bio *bio = dm_bio_from_per_bio_data(dio, sizeof(struct dm_integrity_io));
char *checksums;
unsigned extra_space = unlikely(digest_size > ic->tag_size) ? digest_size - ic->tag_size : 0;
char checksums_onstack[max((size_t)HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)];
sector_t sector;
unsigned sectors_to_process;
if (unlikely(ic->mode == 'R'))
goto skip_io;
Reported by FlawFinder.
Line: 1784
Column: 6
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
checksums_ptr - checksums, dio->op == REQ_OP_READ ? TAG_CMP : TAG_WRITE);
if (unlikely(r)) {
if (r > 0) {
char b[BDEVNAME_SIZE];
DMERR_LIMIT("%s: Checksum failed at sector 0x%llx", bio_devname(bio, b),
(sector - ((r + ic->tag_size - 1) / ic->tag_size)));
r = -EILSEQ;
atomic64_inc(&ic->number_of_mismatches);
}
Reported by FlawFinder.
Line: 1981
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mem_ptr = mem + bv.bv_offset;
s = 0;
do {
memcpy(mem_ptr, js, JOURNAL_SECTOR_DATA);
*(commit_id_t *)(mem_ptr + JOURNAL_SECTOR_DATA) = je->last_bytes[s];
js++;
mem_ptr += 1 << SECTOR_SHIFT;
} while (++s < ic->sectors_per_block);
#ifdef INTERNAL_VERIFY
Reported by FlawFinder.
Line: 1988
Column: 6
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} while (++s < ic->sectors_per_block);
#ifdef INTERNAL_VERIFY
if (ic->internal_hash) {
char checksums_onstack[max((size_t)HASH_MAX_DIGESTSIZE, MAX_TAG_SIZE)];
integrity_sector_checksum(ic, logical_sector, mem + bv.bv_offset, checksums_onstack);
if (unlikely(memcmp(checksums_onstack, journal_entry_tag(ic, je), ic->tag_size))) {
DMERR_LIMIT("Checksum failed when reading from journal, at sector 0x%llx",
logical_sector);
Reported by FlawFinder.
drivers/net/ethernet/brocade/bna/bfa_defs.h
25 issues
Line: 37
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct bfa_adapter_attr {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfa_adapter_attr {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
Reported by FlawFinder.
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
u8 mac[ETH_ALEN];
Reported by FlawFinder.
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
u8 mac[ETH_ALEN];
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
u8 mac[ETH_ALEN];
u8 nports;
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd vpd;
u8 mac[ETH_ALEN];
u8 nports;
u8 max_speed;
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Driver and firmware versions. */
struct bfa_ioc_driver_attr {
char driver[BFA_IOC_DRIVER_LEN]; /*!< driver name */
char driver_ver[BFA_VERSION_LEN]; /*!< driver version */
char fw_ver[BFA_VERSION_LEN]; /*!< firmware version */
char bios_ver[BFA_VERSION_LEN]; /*!< bios version */
char efi_ver[BFA_VERSION_LEN]; /*!< EFI version */
char ob_ver[BFA_VERSION_LEN]; /*!< openboot version */
Reported by FlawFinder.
drivers/memstick/core/mspro_block.c
25 issues
Line: 149
Column: 24
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
unsigned short heads;
unsigned short sectors_per_track;
unsigned char system;
unsigned char read_only:1,
eject:1,
data_dir:1,
active:1;
unsigned char transfer_cmd;
Reported by FlawFinder.
Line: 675
Column: 18
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
struct mspro_block_data *msb = memstick_get_drvdata(card);
struct mspro_param_register param = {
.system = msb->system,
.data_count = cpu_to_be16((uint16_t)(length / msb->page_size)),
/* ISO C90 warning precludes direct initialization for now. */
.data_address = 0,
.tpc_param = 0
};
Reported by FlawFinder.
Line: 948
Column: 46
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
rc = memstick_set_rw_addr(card);
if (!rc)
rc = mspro_block_set_interface(card, msb->system);
if (!rc) {
msleep(150);
rc = mspro_block_wait_for_ced(card);
if (rc)
Reported by FlawFinder.
Line: 1147
Column: 11
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return rc;
dev_dbg(&card->dev, "card activated\n");
if (msb->system != MEMSTICK_SYS_SERIAL)
msb->caps |= MEMSTICK_CAP_AUTO_GET_INT;
card->next_request = h_mspro_block_req_init;
msb->mrq_handler = h_mspro_block_get_ro;
memstick_init_req(&card->current_mrq, MS_TPC_READ_REG, NULL,
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t size;
void *data;
unsigned char id;
char name[32];
struct device_attribute dev_attr;
};
struct mspro_attr_entry {
__be32 address;
Reported by FlawFinder.
Line: 57
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 address;
__be32 size;
unsigned char id;
unsigned char reserved[3];
} __attribute__((packed));
struct mspro_attribute {
__be16 signature;
unsigned short version;
Reported by FlawFinder.
Line: 64
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be16 signature;
unsigned short version;
unsigned char count;
unsigned char reserved[11];
struct mspro_attr_entry entries[];
} __attribute__((packed));
struct mspro_sys_info {
unsigned char class;
Reported by FlawFinder.
Line: 75
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be16 block_count;
__be16 user_block_count;
__be16 page_size;
unsigned char reserved1[2];
unsigned char assembly_date[8];
__be32 serial_number;
unsigned char assembly_maker_code;
unsigned char assembly_model_code[3];
__be16 memory_maker_code;
Reported by FlawFinder.
Line: 76
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be16 user_block_count;
__be16 page_size;
unsigned char reserved1[2];
unsigned char assembly_date[8];
__be32 serial_number;
unsigned char assembly_maker_code;
unsigned char assembly_model_code[3];
__be16 memory_maker_code;
__be16 memory_model_code;
Reported by FlawFinder.
Line: 79
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char assembly_date[8];
__be32 serial_number;
unsigned char assembly_maker_code;
unsigned char assembly_model_code[3];
__be16 memory_maker_code;
__be16 memory_model_code;
unsigned char reserved2[4];
unsigned char vcc;
unsigned char vpp;
Reported by FlawFinder.
drivers/platform/x86/asus-laptop.c
25 issues
Line: 855
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
* so we don't set eof to 1
*/
len += sprintf(page, ASUS_LAPTOP_NAME " " ASUS_LAPTOP_VERSION "\n");
len += sprintf(page + len, "Model reference : %s\n", asus->name);
/*
* The SFUN method probably allows the original driver to get the list
* of features supported by a given model. For now, 0x0100 or 0x0800
* bit signifies that the laptop is equipped with a Wi-Fi MiniPCI card.
Reported by FlawFinder.
Line: 856
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
len += sprintf(page, ASUS_LAPTOP_NAME " " ASUS_LAPTOP_VERSION "\n");
len += sprintf(page + len, "Model reference : %s\n", asus->name);
/*
* The SFUN method probably allows the original driver to get the list
* of features supported by a given model. For now, 0x0100 or 0x0800
* bit signifies that the laptop is equipped with a Wi-Fi MiniPCI card.
* The significance of others is yet to be found.
Reported by FlawFinder.
Line: 892
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(uint) temp);
if (asus->dsdt_info) {
snprintf(buf, 16, "%d", asus->dsdt_info->length);
len += sprintf(page + len, "DSDT length : %s\n", buf);
snprintf(buf, 16, "%d", asus->dsdt_info->checksum);
len += sprintf(page + len, "DSDT checksum : %s\n", buf);
snprintf(buf, 16, "%d", asus->dsdt_info->revision);
len += sprintf(page + len, "DSDT revision : %s\n", buf);
snprintf(buf, 7, "%s", asus->dsdt_info->oem_id);
Reported by FlawFinder.
Line: 894
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snprintf(buf, 16, "%d", asus->dsdt_info->length);
len += sprintf(page + len, "DSDT length : %s\n", buf);
snprintf(buf, 16, "%d", asus->dsdt_info->checksum);
len += sprintf(page + len, "DSDT checksum : %s\n", buf);
snprintf(buf, 16, "%d", asus->dsdt_info->revision);
len += sprintf(page + len, "DSDT revision : %s\n", buf);
snprintf(buf, 7, "%s", asus->dsdt_info->oem_id);
len += sprintf(page + len, "OEM id : %s\n", buf);
snprintf(buf, 9, "%s", asus->dsdt_info->oem_table_id);
Reported by FlawFinder.
Line: 896
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snprintf(buf, 16, "%d", asus->dsdt_info->checksum);
len += sprintf(page + len, "DSDT checksum : %s\n", buf);
snprintf(buf, 16, "%d", asus->dsdt_info->revision);
len += sprintf(page + len, "DSDT revision : %s\n", buf);
snprintf(buf, 7, "%s", asus->dsdt_info->oem_id);
len += sprintf(page + len, "OEM id : %s\n", buf);
snprintf(buf, 9, "%s", asus->dsdt_info->oem_table_id);
len += sprintf(page + len, "OEM table id : %s\n", buf);
snprintf(buf, 16, "%x", asus->dsdt_info->oem_revision);
Reported by FlawFinder.
Line: 898
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snprintf(buf, 16, "%d", asus->dsdt_info->revision);
len += sprintf(page + len, "DSDT revision : %s\n", buf);
snprintf(buf, 7, "%s", asus->dsdt_info->oem_id);
len += sprintf(page + len, "OEM id : %s\n", buf);
snprintf(buf, 9, "%s", asus->dsdt_info->oem_table_id);
len += sprintf(page + len, "OEM table id : %s\n", buf);
snprintf(buf, 16, "%x", asus->dsdt_info->oem_revision);
len += sprintf(page + len, "OEM revision : 0x%s\n", buf);
snprintf(buf, 5, "%s", asus->dsdt_info->asl_compiler_id);
Reported by FlawFinder.
Line: 900
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snprintf(buf, 7, "%s", asus->dsdt_info->oem_id);
len += sprintf(page + len, "OEM id : %s\n", buf);
snprintf(buf, 9, "%s", asus->dsdt_info->oem_table_id);
len += sprintf(page + len, "OEM table id : %s\n", buf);
snprintf(buf, 16, "%x", asus->dsdt_info->oem_revision);
len += sprintf(page + len, "OEM revision : 0x%s\n", buf);
snprintf(buf, 5, "%s", asus->dsdt_info->asl_compiler_id);
len += sprintf(page + len, "ASL comp vendor id : %s\n", buf);
snprintf(buf, 16, "%x", asus->dsdt_info->asl_compiler_revision);
Reported by FlawFinder.
Line: 902
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snprintf(buf, 9, "%s", asus->dsdt_info->oem_table_id);
len += sprintf(page + len, "OEM table id : %s\n", buf);
snprintf(buf, 16, "%x", asus->dsdt_info->oem_revision);
len += sprintf(page + len, "OEM revision : 0x%s\n", buf);
snprintf(buf, 5, "%s", asus->dsdt_info->asl_compiler_id);
len += sprintf(page + len, "ASL comp vendor id : %s\n", buf);
snprintf(buf, 16, "%x", asus->dsdt_info->asl_compiler_revision);
len += sprintf(page + len, "ASL comp revision : 0x%s\n", buf);
}
Reported by FlawFinder.
Line: 904
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snprintf(buf, 16, "%x", asus->dsdt_info->oem_revision);
len += sprintf(page + len, "OEM revision : 0x%s\n", buf);
snprintf(buf, 5, "%s", asus->dsdt_info->asl_compiler_id);
len += sprintf(page + len, "ASL comp vendor id : %s\n", buf);
snprintf(buf, 16, "%x", asus->dsdt_info->asl_compiler_revision);
len += sprintf(page + len, "ASL comp revision : 0x%s\n", buf);
}
return len;
Reported by FlawFinder.
Line: 906
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snprintf(buf, 5, "%s", asus->dsdt_info->asl_compiler_id);
len += sprintf(page + len, "ASL comp vendor id : %s\n", buf);
snprintf(buf, 16, "%x", asus->dsdt_info->asl_compiler_revision);
len += sprintf(page + len, "ASL comp revision : 0x%s\n", buf);
}
return len;
}
static DEVICE_ATTR_RO(infos);
Reported by FlawFinder.
tools/testing/selftests/powerpc/utils.c
25 issues
Line: 27
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "utils.h"
static char auxv[4096];
int read_auxv(char *buf, ssize_t buf_size)
{
ssize_t num;
int rc, fd;
Reported by FlawFinder.
Line: 34
Column: 7
CWE codes:
362
ssize_t num;
int rc, fd;
fd = open("/proc/self/auxv", O_RDONLY);
if (fd == -1) {
perror("open");
return -errno;
}
Reported by FlawFinder.
Line: 144
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int read_sysfs_file(char *fpath, char *result, size_t result_size)
{
char path[PATH_MAX] = "/sys/";
int rc = -1, fd;
strncat(path, fpath, PATH_MAX - strlen(path) - 1);
if ((fd = open(path, O_RDONLY)) < 0)
Reported by FlawFinder.
Line: 149
Column: 12
CWE codes:
362
strncat(path, fpath, PATH_MAX - strlen(path) - 1);
if ((fd = open(path, O_RDONLY)) < 0)
return rc;
rc = read(fd, result, result_size);
close(fd);
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int read_debugfs_file(char *debugfs_file, int *result)
{
int rc = -1, fd;
char path[PATH_MAX];
char value[16];
strcpy(path, "/sys/kernel/debug/");
strncat(path, debugfs_file, PATH_MAX - strlen(path) - 1);
Reported by FlawFinder.
Line: 166
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int rc = -1, fd;
char path[PATH_MAX];
char value[16];
strcpy(path, "/sys/kernel/debug/");
strncat(path, debugfs_file, PATH_MAX - strlen(path) - 1);
if ((fd = open(path, O_RDONLY)) < 0)
Reported by FlawFinder.
Line: 168
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
char path[PATH_MAX];
char value[16];
strcpy(path, "/sys/kernel/debug/");
strncat(path, debugfs_file, PATH_MAX - strlen(path) - 1);
if ((fd = open(path, O_RDONLY)) < 0)
return rc;
Reported by FlawFinder.
Line: 171
Column: 12
CWE codes:
362
strcpy(path, "/sys/kernel/debug/");
strncat(path, debugfs_file, PATH_MAX - strlen(path) - 1);
if ((fd = open(path, O_RDONLY)) < 0)
return rc;
if ((rc = read(fd, value, sizeof(value))) < 0)
return rc;
Reported by FlawFinder.
Line: 178
Column: 12
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return rc;
value[15] = 0;
*result = atoi(value);
close(fd);
return 0;
}
Reported by FlawFinder.
Line: 187
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int write_debugfs_file(char *debugfs_file, int result)
{
int rc = -1, fd;
char path[PATH_MAX];
char value[16];
strcpy(path, "/sys/kernel/debug/");
strncat(path, debugfs_file, PATH_MAX - strlen(path) - 1);
Reported by FlawFinder.
sound/pci/rme9652/hdsp.c
24 issues
Line: 4555
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (RPM != hdsp->io_type) {
hdsp->creg_spdif_stream = hdsp->creg_spdif;
hdsp->spdif_ctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(hdsp->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &hdsp->spdif_ctl->id);
}
return 0;
}
Reported by FlawFinder.
Line: 4574
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
spin_unlock_irq(&hdsp->lock);
if (RPM != hdsp->io_type) {
hdsp->spdif_ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(hdsp->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &hdsp->spdif_ctl->id);
}
return 0;
}
Reported by FlawFinder.
Line: 5008
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
hdsp->pcm = pcm;
pcm->private_data = hdsp;
strcpy(pcm->name, hdsp->card_name);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &snd_hdsp_playback_ops);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_hdsp_capture_ops);
pcm->info_flags = SNDRV_PCM_INFO_JOINT_DUPLEX;
Reported by FlawFinder.
Line: 5157
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(hdsp->state & HDSP_InitializationComplete)) {
strcpy(card->shortname, "Hammerfall DSP");
sprintf(card->longname, "%s at 0x%lx, irq %d", hdsp->card_name,
hdsp->port, hdsp->irq);
err = snd_card_register(card);
if (err < 0) {
dev_err(card->dev,
Reported by FlawFinder.
Line: 5477
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto free_card;
strcpy(card->shortname, "Hammerfall DSP");
sprintf(card->longname, "%s at 0x%lx, irq %d", hdsp->card_name,
hdsp->port, hdsp->irq);
err = snd_card_register(card);
if (err) {
free_card:
snd_card_free(card);
Reported by FlawFinder.
Line: 35
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/current.h>
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for RME Hammerfall DSP interface.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 502
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
where the data for that channel can be read/written from/to.
*/
static const char channel_map_df_ss[HDSP_MAX_CHANNELS] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
18, 19, 20, 21, 22, 23, 24, 25
};
static const char channel_map_mf_ss[HDSP_MAX_CHANNELS] = { /* Multiface */
Reported by FlawFinder.
Line: 507
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
18, 19, 20, 21, 22, 23, 24, 25
};
static const char channel_map_mf_ss[HDSP_MAX_CHANNELS] = { /* Multiface */
/* Analog */
0, 1, 2, 3, 4, 5, 6, 7,
/* ADAT 2 */
16, 17, 18, 19, 20, 21, 22, 23,
/* SPDIF */
Reported by FlawFinder.
Line: 517
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
-1, -1, -1, -1, -1, -1, -1, -1
};
static const char channel_map_ds[HDSP_MAX_CHANNELS] = {
/* ADAT channels are remapped */
1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23,
/* channels 12 and 13 are S/PDIF */
24, 25,
/* others don't exist */
Reported by FlawFinder.
Line: 526
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
static const char channel_map_H9632_ss[HDSP_MAX_CHANNELS] = {
/* ADAT channels */
0, 1, 2, 3, 4, 5, 6, 7,
/* SPDIF */
8, 9,
/* Analog */
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/cfg80211.c
24 issues
Line: 2236
CWE codes:
476
}
/* Now handle infra mode. "sme" is valid for infra mode only */
if (sme->auth_type == NL80211_AUTHTYPE_AUTOMATIC) {
auth_type = NL80211_AUTHTYPE_OPEN_SYSTEM;
priv->sec_info.is_authtype_auto = 1;
} else {
auth_type = sme->auth_type;
}
Reported by Cppcheck.
Line: 2240
CWE codes:
476
auth_type = NL80211_AUTHTYPE_OPEN_SYSTEM;
priv->sec_info.is_authtype_auto = 1;
} else {
auth_type = sme->auth_type;
}
if (sme->crypto.n_ciphers_pairwise) {
priv->sec_info.encryption_mode =
sme->crypto.ciphers_pairwise[0];
Reported by Cppcheck.
Line: 2243
CWE codes:
476
auth_type = sme->auth_type;
}
if (sme->crypto.n_ciphers_pairwise) {
priv->sec_info.encryption_mode =
sme->crypto.ciphers_pairwise[0];
priv->sec_info.authentication_mode = auth_type;
}
Reported by Cppcheck.
Line: 2880
CWE codes:
758
/* Set MCS for 1x1/2x2 */
memset(mcs, 0xff, rx_mcs_supp);
/* Clear all the other values */
memset(&mcs[rx_mcs_supp], 0,
sizeof(struct ieee80211_mcs_info) - rx_mcs_supp);
if (priv->bss_mode == NL80211_IFTYPE_STATION ||
ISSUPP_CHANWIDTH40(adapter->hw_dot_11n_dev_cap))
/* Set MCS32 for infra mode or ad-hoc mode with 40MHz support */
SETHT_MCS32(mcs_set.rx_mask);
Reported by Cppcheck.
Line: 186
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_reserve(skb, MWIFIEX_MIN_DATA_HEADER_LEN +
MWIFIEX_MGMT_FRAME_HEADER_SIZE + sizeof(pkt_len));
memcpy(skb_push(skb, sizeof(pkt_len)), &pkt_len, sizeof(pkt_len));
memcpy(skb_push(skb, sizeof(tx_control)),
&tx_control, sizeof(tx_control));
memcpy(skb_push(skb, sizeof(pkt_type)), &pkt_type, sizeof(pkt_type));
Reported by FlawFinder.
Line: 188
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MWIFIEX_MGMT_FRAME_HEADER_SIZE + sizeof(pkt_len));
memcpy(skb_push(skb, sizeof(pkt_len)), &pkt_len, sizeof(pkt_len));
memcpy(skb_push(skb, sizeof(tx_control)),
&tx_control, sizeof(tx_control));
memcpy(skb_push(skb, sizeof(pkt_type)), &pkt_type, sizeof(pkt_type));
/* Add packet data and address4 */
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(skb_push(skb, sizeof(tx_control)),
&tx_control, sizeof(tx_control));
memcpy(skb_push(skb, sizeof(pkt_type)), &pkt_type, sizeof(pkt_type));
/* Add packet data and address4 */
skb_put_data(skb, buf, sizeof(struct ieee80211_hdr_3addr));
skb_put_data(skb, addr, ETH_ALEN);
skb_put_data(skb, buf + sizeof(struct ieee80211_hdr_3addr),
Reported by FlawFinder.
Line: 485
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (params->key && params->key_len) {
wep_key = &priv->wep_key[key_index];
memset(wep_key, 0, sizeof(struct mwifiex_wep_key));
memcpy(wep_key->key_material, params->key,
params->key_len);
wep_key->key_index = key_index;
wep_key->key_length = params->key_len;
priv->sec_info.wep_enabled = 1;
}
Reported by FlawFinder.
Line: 670
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (strncmp(request->alpha2, "00", 2) &&
strncmp(request->alpha2, adapter->country_code,
sizeof(request->alpha2))) {
memcpy(adapter->country_code, request->alpha2,
sizeof(request->alpha2));
mwifiex_send_domain_info_cmd_fw(wiphy);
mwifiex_dnld_txpwr_table(priv);
}
}
Reported by FlawFinder.
Line: 1999
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bss_cfg->dtim_period = params->dtim_period;
if (params->ssid && params->ssid_len) {
memcpy(bss_cfg->ssid.ssid, params->ssid, params->ssid_len);
bss_cfg->ssid.ssid_len = params->ssid_len;
}
if (params->inactivity_timeout > 0) {
/* sta_ao_timer/ps_sta_ao_timer is in unit of 100ms */
bss_cfg->sta_ao_timer = 10 * params->inactivity_timeout;
Reported by FlawFinder.
drivers/usb/gadget/configfs.c
24 issues
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!str)
return -ENOMEM;
}
strcpy(str, s);
if (str[ret - 1] == '\n')
str[ret - 1] = '\0';
*s_copy = str;
return 0;
}
Reported by FlawFinder.
Line: 236
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&gi->lock);
udc_name = gi->composite.gadget_driver.udc_name;
ret = sprintf(page, "%s\n", udc_name ?: "");
mutex_unlock(&gi->lock);
return ret;
}
Reported by FlawFinder.
Line: 305
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
enum usb_device_speed speed = to_gadget_info(item)->composite.max_speed;
return sprintf(page, "%s\n", usb_speed_string(speed));
}
static ssize_t gadget_dev_desc_max_speed_store(struct config_item *item,
const char *page, size_t len)
{
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usb_composite_dev cdev;
bool use_os_desc;
char b_vendor_code;
char qw_sign[OS_STRING_QW_SIGN_LEN];
spinlock_t spinlock;
bool unbind;
};
static inline struct gadget_info *to_gadget_info(struct config_item *item)
Reported by FlawFinder.
Line: 129
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
char *page) \
{ \
return sprintf(page, "0x%02x\n", \
to_gadget_info(item)->cdev.desc.__name); \
}
#define GI_DEVICE_DESC_SIMPLE_R_u16(__name) \
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
Reported by FlawFinder.
Line: 137
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
char *page) \
{ \
return sprintf(page, "0x%04x\n", \
le16_to_cpup(&to_gadget_info(item)->cdev.desc.__name)); \
}
#define GI_DEVICE_DESC_SIMPLE_W_u8(_name) \
Reported by FlawFinder.
Line: 508
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_config_desc_MaxPower_show(struct config_item *item,
char *page)
{
return sprintf(page, "%u\n", to_config_usb_cfg(item)->c.MaxPower);
}
static ssize_t gadget_config_desc_MaxPower_store(struct config_item *item,
const char *page, size_t len)
{
Reported by FlawFinder.
Line: 528
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_config_desc_bmAttributes_show(struct config_item *item,
char *page)
{
return sprintf(page, "0x%02x\n",
to_config_usb_cfg(item)->c.bmAttributes);
}
static ssize_t gadget_config_desc_bmAttributes_store(struct config_item *item,
const char *page, size_t len)
Reported by FlawFinder.
Line: 583
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gadget_info *gi;
struct usb_function_instance *fi;
char buf[MAX_NAME_LEN];
char *func_name;
char *instance_name;
int ret;
ret = snprintf(buf, MAX_NAME_LEN, "%s", name);
Reported by FlawFinder.
Line: 677
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gadget_info *gi;
struct config_usb_cfg *cfg;
char buf[MAX_NAME_LEN];
char *num_str;
u8 num;
int ret;
gi = container_of(group, struct gadget_info, configs_group);
Reported by FlawFinder.