The following issues were found
scripts/asn1_compiler.c
24 issues
Line: 314
Column: 49
CWE codes:
134
Suggestion:
Use a constant for the format specification
static bool verbose_opt;
static bool debug_opt;
#define verbose(fmt, ...) do { if (verbose_opt) printf(fmt, ## __VA_ARGS__); } while (0)
#define debug(fmt, ...) do { if (debug_opt) printf(fmt, ## __VA_ARGS__); } while (0)
static int directive_compare(const void *_key, const void *_pdir)
{
const struct token *token = _key;
Reported by FlawFinder.
Line: 315
Column: 45
CWE codes:
134
Suggestion:
Use a constant for the format specification
static bool debug_opt;
#define verbose(fmt, ...) do { if (verbose_opt) printf(fmt, ## __VA_ARGS__); } while (0)
#define debug(fmt, ...) do { if (debug_opt) printf(fmt, ## __VA_ARGS__); } while (0)
static int directive_compare(const void *_key, const void *_pdir)
{
const struct token *token = _key;
const char *const *pdir = _pdir, *dir = *pdir;
Reported by FlawFinder.
Line: 1221
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (e->class == 0 && e->method == 0 && e->tag == 0)
strcpy(tag, "<...>");
else if (e->class == ASN1_UNIV)
sprintf(tag, "%s %s %s",
asn1_classes[e->class],
asn1_methods[e->method],
asn1_universal_tags[e->tag]);
else
sprintf(tag, "%s %s %u",
Reported by FlawFinder.
Line: 1226
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
asn1_methods[e->method],
asn1_universal_tags[e->tag]);
else
sprintf(tag, "%s %s %u",
asn1_classes[e->class],
asn1_methods[e->method],
e->tag);
printf("%c%c%c%c%c %c %*s[*] \e[33m%s\e[m %s %s \e[35m%s\e[m\n",
Reported by FlawFinder.
Line: 1263
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
static int render_depth = 1;
static struct element *render_list, **render_list_p = &render_list;
__attribute__((format(printf, 2, 3)))
static void render_opcode(FILE *out, const char *fmt, ...)
{
va_list va;
if (out) {
Reported by FlawFinder.
Line: 1271
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (out) {
fprintf(out, "\t[%4d] =%*s", nr_entries, render_depth, "");
va_start(va, fmt);
vfprintf(out, fmt, va);
va_end(va);
}
nr_entries++;
}
Reported by FlawFinder.
Line: 1277
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
nr_entries++;
}
__attribute__((format(printf, 2, 3)))
static void render_more(FILE *out, const char *fmt, ...)
{
va_list va;
if (out) {
Reported by FlawFinder.
Line: 1284
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (out) {
va_start(va, fmt);
vfprintf(out, fmt, va);
va_end(va);
}
}
/*
Reported by FlawFinder.
Line: 569
Column: 19
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
char *kbuild_verbose;
int fd;
kbuild_verbose = getenv("KBUILD_VERBOSE");
if (kbuild_verbose)
verbose_opt = atoi(kbuild_verbose);
while (argc > 4) {
if (strcmp(argv[1], "-v") == 0)
Reported by FlawFinder.
Line: 118
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NR__TOKENS
};
static const unsigned char token_to_tag[NR__TOKENS] = {
/* EOC goes first */
[DIRECTIVE_BOOLEAN] = ASN1_BOOL,
[DIRECTIVE_INTEGER] = ASN1_INT,
[DIRECTIVE_BIT] = ASN1_BTS,
[DIRECTIVE_OCTET] = ASN1_OTS,
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/cfg80211.c
24 issues
Line: 2236
CWE codes:
476
}
/* Now handle infra mode. "sme" is valid for infra mode only */
if (sme->auth_type == NL80211_AUTHTYPE_AUTOMATIC) {
auth_type = NL80211_AUTHTYPE_OPEN_SYSTEM;
priv->sec_info.is_authtype_auto = 1;
} else {
auth_type = sme->auth_type;
}
Reported by Cppcheck.
Line: 2240
CWE codes:
476
auth_type = NL80211_AUTHTYPE_OPEN_SYSTEM;
priv->sec_info.is_authtype_auto = 1;
} else {
auth_type = sme->auth_type;
}
if (sme->crypto.n_ciphers_pairwise) {
priv->sec_info.encryption_mode =
sme->crypto.ciphers_pairwise[0];
Reported by Cppcheck.
Line: 2243
CWE codes:
476
auth_type = sme->auth_type;
}
if (sme->crypto.n_ciphers_pairwise) {
priv->sec_info.encryption_mode =
sme->crypto.ciphers_pairwise[0];
priv->sec_info.authentication_mode = auth_type;
}
Reported by Cppcheck.
Line: 2880
CWE codes:
758
/* Set MCS for 1x1/2x2 */
memset(mcs, 0xff, rx_mcs_supp);
/* Clear all the other values */
memset(&mcs[rx_mcs_supp], 0,
sizeof(struct ieee80211_mcs_info) - rx_mcs_supp);
if (priv->bss_mode == NL80211_IFTYPE_STATION ||
ISSUPP_CHANWIDTH40(adapter->hw_dot_11n_dev_cap))
/* Set MCS32 for infra mode or ad-hoc mode with 40MHz support */
SETHT_MCS32(mcs_set.rx_mask);
Reported by Cppcheck.
Line: 186
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_reserve(skb, MWIFIEX_MIN_DATA_HEADER_LEN +
MWIFIEX_MGMT_FRAME_HEADER_SIZE + sizeof(pkt_len));
memcpy(skb_push(skb, sizeof(pkt_len)), &pkt_len, sizeof(pkt_len));
memcpy(skb_push(skb, sizeof(tx_control)),
&tx_control, sizeof(tx_control));
memcpy(skb_push(skb, sizeof(pkt_type)), &pkt_type, sizeof(pkt_type));
Reported by FlawFinder.
Line: 188
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MWIFIEX_MGMT_FRAME_HEADER_SIZE + sizeof(pkt_len));
memcpy(skb_push(skb, sizeof(pkt_len)), &pkt_len, sizeof(pkt_len));
memcpy(skb_push(skb, sizeof(tx_control)),
&tx_control, sizeof(tx_control));
memcpy(skb_push(skb, sizeof(pkt_type)), &pkt_type, sizeof(pkt_type));
/* Add packet data and address4 */
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(skb_push(skb, sizeof(tx_control)),
&tx_control, sizeof(tx_control));
memcpy(skb_push(skb, sizeof(pkt_type)), &pkt_type, sizeof(pkt_type));
/* Add packet data and address4 */
skb_put_data(skb, buf, sizeof(struct ieee80211_hdr_3addr));
skb_put_data(skb, addr, ETH_ALEN);
skb_put_data(skb, buf + sizeof(struct ieee80211_hdr_3addr),
Reported by FlawFinder.
Line: 485
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (params->key && params->key_len) {
wep_key = &priv->wep_key[key_index];
memset(wep_key, 0, sizeof(struct mwifiex_wep_key));
memcpy(wep_key->key_material, params->key,
params->key_len);
wep_key->key_index = key_index;
wep_key->key_length = params->key_len;
priv->sec_info.wep_enabled = 1;
}
Reported by FlawFinder.
Line: 670
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (strncmp(request->alpha2, "00", 2) &&
strncmp(request->alpha2, adapter->country_code,
sizeof(request->alpha2))) {
memcpy(adapter->country_code, request->alpha2,
sizeof(request->alpha2));
mwifiex_send_domain_info_cmd_fw(wiphy);
mwifiex_dnld_txpwr_table(priv);
}
}
Reported by FlawFinder.
Line: 1999
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bss_cfg->dtim_period = params->dtim_period;
if (params->ssid && params->ssid_len) {
memcpy(bss_cfg->ssid.ssid, params->ssid, params->ssid_len);
bss_cfg->ssid.ssid_len = params->ssid_len;
}
if (params->inactivity_timeout > 0) {
/* sta_ao_timer/ps_sta_ao_timer is in unit of 100ms */
bss_cfg->sta_ao_timer = 10 * params->inactivity_timeout;
Reported by FlawFinder.
drivers/staging/rtl8188eu/core/rtw_mlme.c
24 issues
Line: 247
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
__le16 val;
memcpy((u8 *)&val, rtw_get_capability_from_ie(bss->ies), 2);
return le16_to_cpu(val);
}
u8 *rtw_get_beacon_interval_from_ie(u8 *ie)
Reported by FlawFinder.
Line: 284
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u16 s_cap, d_cap;
__le16 le_scap, le_dcap;
memcpy((u8 *)&le_scap, rtw_get_capability_from_ie(src->ies), 2);
memcpy((u8 *)&le_dcap, rtw_get_capability_from_ie(dst->ies), 2);
s_cap = le16_to_cpu(le_scap);
d_cap = le16_to_cpu(le_dcap);
Reported by FlawFinder.
Line: 285
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__le16 le_scap, le_dcap;
memcpy((u8 *)&le_scap, rtw_get_capability_from_ie(src->ies), 2);
memcpy((u8 *)&le_dcap, rtw_get_capability_from_ie(dst->ies), 2);
s_cap = le16_to_cpu(le_scap);
d_cap = le16_to_cpu(le_dcap);
return ((src->ssid.ssid_length == dst->ssid.ssid_length) &&
Reported by FlawFinder.
Line: 353
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
if (update_ie)
memcpy((u8 *)dst, (u8 *)src, get_wlan_bssid_ex_sz(src));
dst->PhyInfo.SignalStrength = ss_final;
dst->PhyInfo.SignalQuality = sq_final;
dst->Rssi = rssi_final;
}
Reported by FlawFinder.
Line: 404
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rtw_hal_get_def_var(adapter, HAL_DEF_CURRENT_ANTENNA,
&target->PhyInfo.Optimum_antenna);
memcpy(&pnetwork->network, target,
get_wlan_bssid_ex_sz(target));
/* variable initialize */
pnetwork->fixed = false;
pnetwork->last_scanned = jiffies;
Reported by FlawFinder.
Line: 429
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
target->Length = bssid_ex_sz;
rtw_hal_get_def_var(adapter, HAL_DEF_CURRENT_ANTENNA,
&target->PhyInfo.Optimum_antenna);
memcpy(&pnetwork->network, target, bssid_ex_sz);
pnetwork->last_scanned = jiffies;
/* bss info not receiving from the right channel */
if (pnetwork->network.PhyInfo.SignalQuality == 101)
Reported by FlawFinder.
Line: 528
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!memcmp(&pmlmepriv->cur_network.network.MacAddress, pnetwork->MacAddress, ETH_ALEN)) {
struct wlan_network *ibss_wlan = NULL;
memcpy(pmlmepriv->cur_network.network.ies, pnetwork->ies, 8);
spin_lock_bh(&pmlmepriv->scanned_queue.lock);
ibss_wlan = rtw_find_network(&pmlmepriv->scanned_queue, pnetwork->MacAddress);
if (ibss_wlan) {
memcpy(ibss_wlan->network.ies, pnetwork->ies, 8);
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
Reported by FlawFinder.
Line: 532
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_bh(&pmlmepriv->scanned_queue.lock);
ibss_wlan = rtw_find_network(&pmlmepriv->scanned_queue, pnetwork->MacAddress);
if (ibss_wlan) {
memcpy(ibss_wlan->network.ies, pnetwork->ies, 8);
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
goto exit;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
}
Reported by FlawFinder.
Line: 584
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
_clr_fwstate_(pmlmepriv, _FW_UNDER_SURVEY);
memcpy(&pdev_network->ssid, &pmlmepriv->assoc_ssid, sizeof(struct ndis_802_11_ssid));
rtw_update_registrypriv_dev_network(adapter);
rtw_generate_random_ibss(pibss);
pmlmepriv->fw_state = WIFI_ADHOC_MASTER_STATE;
Reported by FlawFinder.
Line: 842
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct wlan_network *cur_network = &pmlmepriv->cur_network;
/* why not use ptarget_wlan?? */
memcpy(&cur_network->network, &pnetwork->network, pnetwork->network.Length);
/* some ies in pnetwork is wrong, so we should use ptarget_wlan ies */
cur_network->network.ie_length = ptarget_wlan->network.ie_length;
memcpy(&cur_network->network.ies[0], &ptarget_wlan->network.ies[0], MAX_IE_SZ);
cur_network->aid = pnetwork->join_res;
Reported by FlawFinder.
drivers/usb/serial/io_edgeport.c
24 issues
Line: 179
Column: 9
CWE codes:
362
__u8 validDataMask;
__u32 baudRate;
bool open;
bool openPending;
bool commandPending;
bool closePending;
bool chaseResponsePending;
Reported by FlawFinder.
Line: 195
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* This structure holds all of the individual device information */
struct edgeport_serial {
char name[MAX_NAME_LEN+2]; /* string name of this device */
struct edge_manuf_descriptor manuf_descriptor; /* the manufacturer descriptor */
struct edge_boot_descriptor boot_descriptor; /* the boot firmware descriptor */
struct edgeport_product_info product_info; /* Product Info */
struct edge_compatibility_descriptor epic_descriptor; /* Edgeport compatible descriptor */
Reported by FlawFinder.
Line: 482
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
product_info->BootBuildNumber =
edge_serial->boot_descriptor.BuildNumber;
memcpy(product_info->ManufactureDescDate,
edge_serial->manuf_descriptor.DescDate,
sizeof(edge_serial->manuf_descriptor.DescDate));
/* check if this is 2nd generation hardware */
if (le16_to_cpu(edge_serial->serial->dev->descriptor.idProduct)
Reported by FlawFinder.
Line: 545
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
300);
if (result == sizeof(*epic)) {
ep->is_epic = 1;
memcpy(&ep->epic_descriptor, epic, sizeof(*epic));
memset(product_info, 0, sizeof(struct edgeport_product_info));
product_info->NumPorts = epic->NumPorts;
product_info->ProdInfoVer = 0;
product_info->FirmwareMajorVersion = epic->MajorVersion;
Reported by FlawFinder.
Line: 676
Column: 33
CWE codes:
362
if (txCredits) {
port = edge_serial->serial->port[portNumber];
edge_port = usb_get_serial_port_data(port);
if (edge_port && edge_port->open) {
spin_lock_irqsave(&edge_port->ep_lock,
flags);
edge_port->txCredits += txCredits;
spin_unlock_irqrestore(&edge_port->ep_lock,
flags);
Reported by FlawFinder.
Line: 786
Column: 17
CWE codes:
362
__func__, status);
}
if (edge_port->open)
tty_port_tty_wakeup(&edge_port->port->port);
/* Release the Write URB */
edge_port->write_in_progress = false;
Reported by FlawFinder.
Line: 827
Column: 17
CWE codes:
362
}
/* tell the tty driver that something has changed */
if (edge_port->open)
tty_port_tty_wakeup(&edge_port->port->port);
/* we have completed the command */
edge_port->commandPending = false;
wake_up(&edge_port->wait_command);
Reported by FlawFinder.
Line: 935
Column: 18
CWE codes:
362
wait_event_timeout(edge_port->wait_open, !edge_port->openPending,
OPEN_TIMEOUT);
if (!edge_port->open) {
/* open timed out */
dev_dbg(dev, "%s - open timedout\n", __func__);
edge_port->openPending = false;
return -ENODEV;
}
Reported by FlawFinder.
Line: 1191
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
firsthalf, bytesleft);
/* now copy our data */
memcpy(&fifo->fifo[fifo->head], data, firsthalf);
usb_serial_debug_data(&port->dev, __func__, firsthalf, &fifo->fifo[fifo->head]);
/* update the index and size */
fifo->head += firsthalf;
fifo->count += firsthalf;
Reported by FlawFinder.
Line: 1206
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (secondhalf) {
dev_dbg(&port->dev, "%s - copy rest of data %d\n", __func__, secondhalf);
memcpy(&fifo->fifo[fifo->head], &data[firsthalf], secondhalf);
usb_serial_debug_data(&port->dev, __func__, secondhalf, &fifo->fifo[fifo->head]);
/* update the index and size */
fifo->count += secondhalf;
fifo->head += secondhalf;
/* No need to check for wrap since we can not get to end of
Reported by FlawFinder.
sound/pci/rme9652/hdsp.c
24 issues
Line: 4555
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (RPM != hdsp->io_type) {
hdsp->creg_spdif_stream = hdsp->creg_spdif;
hdsp->spdif_ctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(hdsp->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &hdsp->spdif_ctl->id);
}
return 0;
}
Reported by FlawFinder.
Line: 4574
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
spin_unlock_irq(&hdsp->lock);
if (RPM != hdsp->io_type) {
hdsp->spdif_ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(hdsp->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &hdsp->spdif_ctl->id);
}
return 0;
}
Reported by FlawFinder.
Line: 5008
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
hdsp->pcm = pcm;
pcm->private_data = hdsp;
strcpy(pcm->name, hdsp->card_name);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &snd_hdsp_playback_ops);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_hdsp_capture_ops);
pcm->info_flags = SNDRV_PCM_INFO_JOINT_DUPLEX;
Reported by FlawFinder.
Line: 5157
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(hdsp->state & HDSP_InitializationComplete)) {
strcpy(card->shortname, "Hammerfall DSP");
sprintf(card->longname, "%s at 0x%lx, irq %d", hdsp->card_name,
hdsp->port, hdsp->irq);
err = snd_card_register(card);
if (err < 0) {
dev_err(card->dev,
Reported by FlawFinder.
Line: 5477
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto free_card;
strcpy(card->shortname, "Hammerfall DSP");
sprintf(card->longname, "%s at 0x%lx, irq %d", hdsp->card_name,
hdsp->port, hdsp->irq);
err = snd_card_register(card);
if (err) {
free_card:
snd_card_free(card);
Reported by FlawFinder.
Line: 35
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/current.h>
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for RME Hammerfall DSP interface.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 502
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
where the data for that channel can be read/written from/to.
*/
static const char channel_map_df_ss[HDSP_MAX_CHANNELS] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
18, 19, 20, 21, 22, 23, 24, 25
};
static const char channel_map_mf_ss[HDSP_MAX_CHANNELS] = { /* Multiface */
Reported by FlawFinder.
Line: 507
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
18, 19, 20, 21, 22, 23, 24, 25
};
static const char channel_map_mf_ss[HDSP_MAX_CHANNELS] = { /* Multiface */
/* Analog */
0, 1, 2, 3, 4, 5, 6, 7,
/* ADAT 2 */
16, 17, 18, 19, 20, 21, 22, 23,
/* SPDIF */
Reported by FlawFinder.
Line: 517
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
-1, -1, -1, -1, -1, -1, -1, -1
};
static const char channel_map_ds[HDSP_MAX_CHANNELS] = {
/* ADAT channels are remapped */
1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23,
/* channels 12 and 13 are S/PDIF */
24, 25,
/* others don't exist */
Reported by FlawFinder.
Line: 526
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
static const char channel_map_H9632_ss[HDSP_MAX_CHANNELS] = {
/* ADAT channels */
0, 1, 2, 3, 4, 5, 6, 7,
/* SPDIF */
8, 9,
/* Analog */
Reported by FlawFinder.
drivers/atm/lanai.c
24 issues
Line: 2448
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
loff_t left = *pos;
struct lanai_vcc *lvcc;
if (left-- == 0)
return sprintf(page, DEV_LABEL "(itf %d): chip=LANAI%s, "
"serial=%u, magic=0x%08X, num_vci=%d\n",
atmdev->number, lanai->type==lanai2 ? "2" : "HB",
(unsigned int) lanai->serialno,
(unsigned int) lanai->magicno, lanai->num_vci);
if (left-- == 0)
Reported by FlawFinder.
Line: 1070
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void status_message(int itf, const char *name, int status)
{
static const char *onoff[2] = { "off to on", "on to off" };
printk(KERN_INFO DEV_LABEL "(itf %d): %s changed from %s\n",
itf, name, onoff[!status]);
}
static void lanai_check_status(struct lanai_dev *lanai)
Reported by FlawFinder.
Line: 1205
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m = e - (unsigned char *) lvcc->tx.buf.end;
if (m < 0)
m = 0;
memcpy(lvcc->tx.buf.ptr, src, n - m);
if (m != 0) {
memcpy(lvcc->tx.buf.start, src + n - m, m);
e = ((unsigned char *) lvcc->tx.buf.start) + m;
}
lvcc->tx.buf.ptr = (u32 *) e;
Reported by FlawFinder.
Line: 1207
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m = 0;
memcpy(lvcc->tx.buf.ptr, src, n - m);
if (m != 0) {
memcpy(lvcc->tx.buf.start, src + n - m, m);
e = ((unsigned char *) lvcc->tx.buf.start) + m;
}
lvcc->tx.buf.ptr = (u32 *) e;
}
Reported by FlawFinder.
Line: 1370
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
((const unsigned char *) (lvcc->rx.buf.end));
if (m < 0)
m = 0;
memcpy(dest, lvcc->rx.buf.ptr, n - m);
memcpy(dest + n - m, lvcc->rx.buf.start, m);
/* Make sure that these copies don't get reordered */
barrier();
}
Reported by FlawFinder.
Line: 1371
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (m < 0)
m = 0;
memcpy(dest, lvcc->rx.buf.ptr, n - m);
memcpy(dest + n - m, lvcc->rx.buf.start, m);
/* Make sure that these copies don't get reordered */
barrier();
}
/* Receive AAL5 data on a VCC with a particular endptr */
Reported by FlawFinder.
Line: 2214
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lanai->conf1 |= CONFIG1_POWERDOWN;
conf1_write(lanai);
#endif
memcpy(atmdev->esi, eeprom_mac(lanai), ESI_LEN);
lanai_timed_poll_start(lanai);
printk(KERN_NOTICE DEV_LABEL "(itf %d): rev.%d, base=%p, irq=%u "
"(%pMF)\n", lanai->number, (int) lanai->pci->revision,
lanai->base, lanai->pci->irq, atmdev->esi);
printk(KERN_NOTICE DEV_LABEL "(itf %d): LANAI%s, serialno=%u(0x%X), "
Reported by FlawFinder.
Line: 2454
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(unsigned int) lanai->serialno,
(unsigned int) lanai->magicno, lanai->num_vci);
if (left-- == 0)
return sprintf(page, "revision: board=%d, pci_if=%d\n",
lanai->board_rev, (int) lanai->pci->revision);
if (left-- == 0)
return sprintf(page, "EEPROM ESI: %pM\n",
&lanai->eeprom[EEPROM_MAC]);
if (left-- == 0)
Reported by FlawFinder.
Line: 2457
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(page, "revision: board=%d, pci_if=%d\n",
lanai->board_rev, (int) lanai->pci->revision);
if (left-- == 0)
return sprintf(page, "EEPROM ESI: %pM\n",
&lanai->eeprom[EEPROM_MAC]);
if (left-- == 0)
return sprintf(page, "status: SOOL=%d, LOCD=%d, LED=%d, "
"GPIN=%d\n", (lanai->status & STATUS_SOOL) ? 1 : 0,
(lanai->status & STATUS_LOCD) ? 1 : 0,
Reported by FlawFinder.
Line: 2460
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(page, "EEPROM ESI: %pM\n",
&lanai->eeprom[EEPROM_MAC]);
if (left-- == 0)
return sprintf(page, "status: SOOL=%d, LOCD=%d, LED=%d, "
"GPIN=%d\n", (lanai->status & STATUS_SOOL) ? 1 : 0,
(lanai->status & STATUS_LOCD) ? 1 : 0,
(lanai->status & STATUS_LED) ? 1 : 0,
(lanai->status & STATUS_GPIN) ? 1 : 0);
if (left-- == 0)
Reported by FlawFinder.
drivers/usb/gadget/configfs.c
24 issues
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!str)
return -ENOMEM;
}
strcpy(str, s);
if (str[ret - 1] == '\n')
str[ret - 1] = '\0';
*s_copy = str;
return 0;
}
Reported by FlawFinder.
Line: 236
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&gi->lock);
udc_name = gi->composite.gadget_driver.udc_name;
ret = sprintf(page, "%s\n", udc_name ?: "");
mutex_unlock(&gi->lock);
return ret;
}
Reported by FlawFinder.
Line: 305
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
enum usb_device_speed speed = to_gadget_info(item)->composite.max_speed;
return sprintf(page, "%s\n", usb_speed_string(speed));
}
static ssize_t gadget_dev_desc_max_speed_store(struct config_item *item,
const char *page, size_t len)
{
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usb_composite_dev cdev;
bool use_os_desc;
char b_vendor_code;
char qw_sign[OS_STRING_QW_SIGN_LEN];
spinlock_t spinlock;
bool unbind;
};
static inline struct gadget_info *to_gadget_info(struct config_item *item)
Reported by FlawFinder.
Line: 129
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
char *page) \
{ \
return sprintf(page, "0x%02x\n", \
to_gadget_info(item)->cdev.desc.__name); \
}
#define GI_DEVICE_DESC_SIMPLE_R_u16(__name) \
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
Reported by FlawFinder.
Line: 137
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
char *page) \
{ \
return sprintf(page, "0x%04x\n", \
le16_to_cpup(&to_gadget_info(item)->cdev.desc.__name)); \
}
#define GI_DEVICE_DESC_SIMPLE_W_u8(_name) \
Reported by FlawFinder.
Line: 508
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_config_desc_MaxPower_show(struct config_item *item,
char *page)
{
return sprintf(page, "%u\n", to_config_usb_cfg(item)->c.MaxPower);
}
static ssize_t gadget_config_desc_MaxPower_store(struct config_item *item,
const char *page, size_t len)
{
Reported by FlawFinder.
Line: 528
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_config_desc_bmAttributes_show(struct config_item *item,
char *page)
{
return sprintf(page, "0x%02x\n",
to_config_usb_cfg(item)->c.bmAttributes);
}
static ssize_t gadget_config_desc_bmAttributes_store(struct config_item *item,
const char *page, size_t len)
Reported by FlawFinder.
Line: 583
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gadget_info *gi;
struct usb_function_instance *fi;
char buf[MAX_NAME_LEN];
char *func_name;
char *instance_name;
int ret;
ret = snprintf(buf, MAX_NAME_LEN, "%s", name);
Reported by FlawFinder.
Line: 677
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gadget_info *gi;
struct config_usb_cfg *cfg;
char buf[MAX_NAME_LEN];
char *num_str;
u8 num;
int ret;
gi = container_of(group, struct gadget_info, configs_group);
Reported by FlawFinder.
drivers/atm/idt77252.c
24 issues
Line: 3457
CWE codes:
908
linkrate = 149760000;
#endif
card->link_pcr = (linkrate / 8 / 53);
printk("%s: Linkrate on ATM line : %u bit/s, %u cell/s.\n",
card->name, linkrate, card->link_pcr);
#ifdef ATM_IDT77252_SEND_IDLE
card->utopia_pcr = card->link_pcr;
Reported by Cppcheck.
Line: 2614
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(&vcc->qos, qos, sizeof(struct atm_qos));
set_bit(ATM_VF_HASQOS, &vcc->flags);
out:
mutex_unlock(&card->mutex);
Reported by FlawFinder.
Line: 2631
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
left = (int) *pos;
if (!left--)
return sprintf(page, "IDT77252 Interrupts:\n");
if (!left--)
return sprintf(page, "TSIF: %lu\n", card->irqstat[15]);
if (!left--)
return sprintf(page, "TXICP: %lu\n", card->irqstat[14]);
if (!left--)
Reported by FlawFinder.
Line: 2633
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "IDT77252 Interrupts:\n");
if (!left--)
return sprintf(page, "TSIF: %lu\n", card->irqstat[15]);
if (!left--)
return sprintf(page, "TXICP: %lu\n", card->irqstat[14]);
if (!left--)
return sprintf(page, "TSQF: %lu\n", card->irqstat[12]);
if (!left--)
Reported by FlawFinder.
Line: 2635
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "TSIF: %lu\n", card->irqstat[15]);
if (!left--)
return sprintf(page, "TXICP: %lu\n", card->irqstat[14]);
if (!left--)
return sprintf(page, "TSQF: %lu\n", card->irqstat[12]);
if (!left--)
return sprintf(page, "TMROF: %lu\n", card->irqstat[11]);
if (!left--)
Reported by FlawFinder.
Line: 2637
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "TXICP: %lu\n", card->irqstat[14]);
if (!left--)
return sprintf(page, "TSQF: %lu\n", card->irqstat[12]);
if (!left--)
return sprintf(page, "TMROF: %lu\n", card->irqstat[11]);
if (!left--)
return sprintf(page, "PHYI: %lu\n", card->irqstat[10]);
if (!left--)
Reported by FlawFinder.
Line: 2639
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "TSQF: %lu\n", card->irqstat[12]);
if (!left--)
return sprintf(page, "TMROF: %lu\n", card->irqstat[11]);
if (!left--)
return sprintf(page, "PHYI: %lu\n", card->irqstat[10]);
if (!left--)
return sprintf(page, "FBQ3A: %lu\n", card->irqstat[8]);
if (!left--)
Reported by FlawFinder.
Line: 2641
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "TMROF: %lu\n", card->irqstat[11]);
if (!left--)
return sprintf(page, "PHYI: %lu\n", card->irqstat[10]);
if (!left--)
return sprintf(page, "FBQ3A: %lu\n", card->irqstat[8]);
if (!left--)
return sprintf(page, "FBQ2A: %lu\n", card->irqstat[7]);
if (!left--)
Reported by FlawFinder.
Line: 2643
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "PHYI: %lu\n", card->irqstat[10]);
if (!left--)
return sprintf(page, "FBQ3A: %lu\n", card->irqstat[8]);
if (!left--)
return sprintf(page, "FBQ2A: %lu\n", card->irqstat[7]);
if (!left--)
return sprintf(page, "RSQF: %lu\n", card->irqstat[6]);
if (!left--)
Reported by FlawFinder.
Line: 2645
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "FBQ3A: %lu\n", card->irqstat[8]);
if (!left--)
return sprintf(page, "FBQ2A: %lu\n", card->irqstat[7]);
if (!left--)
return sprintf(page, "RSQF: %lu\n", card->irqstat[6]);
if (!left--)
return sprintf(page, "EPDU: %lu\n", card->irqstat[5]);
if (!left--)
Reported by FlawFinder.
drivers/crypto/ccree/cc_aead.c
24 issues
Line: 576
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy nonce from last 4 bytes in CTR key to
* first 4 bytes in CTR IV
*/
memcpy(ctx->ctr_nonce, enckey + ctx->enc_keylen -
CTR_RFC3686_NONCE_SIZE, CTR_RFC3686_NONCE_SIZE);
/* Set CTR key size */
ctx->enc_keylen -= CTR_RFC3686_NONCE_SIZE;
}
} else { /* non-authenc - has just one key */
Reported by FlawFinder.
Line: 595
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* STAT_PHASE_1: Copy key to ctx */
/* Get key material */
memcpy(ctx->enckey, enckey, ctx->enc_keylen);
if (ctx->enc_keylen == 24)
memset(ctx->enckey + 24, 0, CC_AES_KEY_SIZE_MAX - 24);
if (ctx->auth_mode == DRV_HASH_XCBC_MAC) {
memcpy(ctx->auth_state.xcbc.xcbc_keys, authkey,
ctx->auth_keylen);
Reported by FlawFinder.
Line: 599
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->enc_keylen == 24)
memset(ctx->enckey + 24, 0, CC_AES_KEY_SIZE_MAX - 24);
if (ctx->auth_mode == DRV_HASH_XCBC_MAC) {
memcpy(ctx->auth_state.xcbc.xcbc_keys, authkey,
ctx->auth_keylen);
} else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC */
rc = cc_get_plain_hmac_key(tfm, authkey, ctx->auth_keylen);
if (rc)
return rc;
Reported by FlawFinder.
Line: 664
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
keylen -= 3;
memcpy(ctx->ctr_nonce, key + keylen, 3);
return cc_aead_setkey(tfm, key, keylen);
}
static int cc_aead_setauthsize(struct crypto_aead *authenc,
Reported by FlawFinder.
Line: 1404
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EOVERFLOW;
data = cpu_to_be32(msglen);
memcpy(block - csize, (u8 *)&data + 4 - csize, csize);
return 0;
}
static int cc_ccm(struct aead_request *req, struct cc_hw_desc desc[],
Reported by FlawFinder.
Line: 1562
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_dbg(dev, "illegal iv value %X\n", req->iv[0]);
return -EINVAL;
}
memcpy(b0, req->iv, AES_BLOCK_SIZE);
/* format control info per RFC 3610 and
* NIST Special Publication 800-38C
*/
*b0 |= (8 * ((m - 2) / 2));
Reported by FlawFinder.
Line: 1584
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(req->iv + 15 - req->iv[0], 0, req->iv[0] + 1);
req->iv[15] = 1;
memcpy(ctr_count_0, req->iv, AES_BLOCK_SIZE);
ctr_count_0[15] = 0;
return 0;
}
Reported by FlawFinder.
Line: 1606
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* In RFC 4309 there is an 11-bytes nonce+IV part,
* that we build here.
*/
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_NONCE_OFFSET, ctx->ctr_nonce,
CCM_BLOCK_NONCE_SIZE);
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_IV_OFFSET, req->iv,
CCM_BLOCK_IV_SIZE);
req->iv = areq_ctx->ctr_iv;
}
Reported by FlawFinder.
Line: 1608
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_NONCE_OFFSET, ctx->ctr_nonce,
CCM_BLOCK_NONCE_SIZE);
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_IV_OFFSET, req->iv,
CCM_BLOCK_IV_SIZE);
req->iv = areq_ctx->ctr_iv;
}
static void cc_set_ghash_desc(struct aead_request *req,
Reported by FlawFinder.
Line: 1849
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(req_ctx->mac_buf, 0, AES_BLOCK_SIZE);
memcpy(req->iv + 12, &counter, 4);
memcpy(req_ctx->gcm_iv_inc2, req->iv, 16);
counter = cpu_to_be32(1);
memcpy(req->iv + 12, &counter, 4);
memcpy(req_ctx->gcm_iv_inc1, req->iv, 16);
Reported by FlawFinder.
tools/testing/kunit/kunit_json.py
24 issues
Line: 33
Column: 3
"git_branch": "kselftest",
}
test_cases = []
# TODO: Add attachments attribute in test_case with detailed
# failure message, see https://api.kernelci.org/schema-test-case.html#get
for case in test_suite.cases:
test_case = {"name": case.name, "status": "FAIL"}
if case.status == TestStatus.SUCCESS:
test_case["status"] = "PASS"
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: GPL-2.0
#
# Generates JSON from KUnit results according to
# KernelCI spec: https://github.com/kernelci/kernelci-doc/wiki/Test-API
#
# Copyright (C) 2020, Google LLC.
# Author: Heidi Fahim <heidifahim@google.com>
import json
Reported by Pylint.
Line: 16
Column: 1
from kunit_parser import TestStatus
def get_json_result(test_result, def_config, build_dir, json_path) -> str:
sub_groups = []
# Each test suite is mapped to a KernelCI sub_group
for test_suite in test_result.suites:
sub_group = {
Reported by Pylint.
Line: 17
Column: 1
from kunit_parser import TestStatus
def get_json_result(test_result, def_config, build_dir, json_path) -> str:
sub_groups = []
# Each test suite is mapped to a KernelCI sub_group
for test_suite in test_result.suites:
sub_group = {
"name": test_suite.name,
Reported by Pylint.
Line: 20
Column: 1
sub_groups = []
# Each test suite is mapped to a KernelCI sub_group
for test_suite in test_result.suites:
sub_group = {
"name": test_suite.name,
"arch": "UM",
"defconfig": def_config,
"build_environment": build_dir,
Reported by Pylint.
Line: 21
Column: 1
# Each test suite is mapped to a KernelCI sub_group
for test_suite in test_result.suites:
sub_group = {
"name": test_suite.name,
"arch": "UM",
"defconfig": def_config,
"build_environment": build_dir,
"test_cases": [],
Reported by Pylint.
Line: 32
Column: 1
"job": None,
"git_branch": "kselftest",
}
test_cases = []
# TODO: Add attachments attribute in test_case with detailed
# failure message, see https://api.kernelci.org/schema-test-case.html#get
for case in test_suite.cases:
test_case = {"name": case.name, "status": "FAIL"}
if case.status == TestStatus.SUCCESS:
Reported by Pylint.
Line: 35
Column: 1
test_cases = []
# TODO: Add attachments attribute in test_case with detailed
# failure message, see https://api.kernelci.org/schema-test-case.html#get
for case in test_suite.cases:
test_case = {"name": case.name, "status": "FAIL"}
if case.status == TestStatus.SUCCESS:
test_case["status"] = "PASS"
elif case.status == TestStatus.TEST_CRASHED:
test_case["status"] = "ERROR"
Reported by Pylint.
Line: 36
Column: 1
# TODO: Add attachments attribute in test_case with detailed
# failure message, see https://api.kernelci.org/schema-test-case.html#get
for case in test_suite.cases:
test_case = {"name": case.name, "status": "FAIL"}
if case.status == TestStatus.SUCCESS:
test_case["status"] = "PASS"
elif case.status == TestStatus.TEST_CRASHED:
test_case["status"] = "ERROR"
test_cases.append(test_case)
Reported by Pylint.
Line: 37
Column: 1
# failure message, see https://api.kernelci.org/schema-test-case.html#get
for case in test_suite.cases:
test_case = {"name": case.name, "status": "FAIL"}
if case.status == TestStatus.SUCCESS:
test_case["status"] = "PASS"
elif case.status == TestStatus.TEST_CRASHED:
test_case["status"] = "ERROR"
test_cases.append(test_case)
sub_group["test_cases"] = test_cases
Reported by Pylint.