The following issues were found
drivers/acpi/acpica/rsutils.c
4 issues
Line: 14
#include "acresrc.h"
#define _COMPONENT ACPI_RESOURCES
ACPI_MODULE_NAME("rsutils")
/*******************************************************************************
*
* FUNCTION: acpi_rs_decode_bitmask
*
Reported by Cppcheck.
Line: 398
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* Copy the resource_source string */
strcpy(ACPI_CAST_PTR(char, &aml_resource_source[1]),
resource_source->string_ptr);
/*
* Add the length of the string (+ 1 for null terminator) to the
* final descriptor length
Reported by FlawFinder.
Line: 115
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case ACPI_RSC_MOVE_SERIAL_VEN:
case ACPI_RSC_MOVE_SERIAL_RES:
memcpy(destination, source, item_count);
return;
/*
* 16-, 32-, and 64-bit cases must use the move macros that perform
* endian conversion and/or accommodate hardware that cannot perform
Reported by FlawFinder.
Line: 330
Column: 12
CWE codes:
126
* Zero the entire area of the buffer.
*/
total_length =
(u32)strlen(ACPI_CAST_PTR(char, &aml_resource_source[1])) +
1;
total_length = (u32)ACPI_ROUND_UP_TO_NATIVE_WORD(total_length);
memset(resource_source->string_ptr, 0, total_length);
Reported by FlawFinder.
drivers/acpi/acpica/utids.c
4 issues
Line: 15
#include "acinterp.h"
#define _COMPONENT ACPI_UTILITIES
ACPI_MODULE_NAME("utids")
/*******************************************************************************
*
* FUNCTION: acpi_ut_execute_HID
*
Reported by Cppcheck.
Line: 80
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (obj_desc->common.type == ACPI_TYPE_INTEGER) {
acpi_ex_eisa_id_to_string(hid->string, obj_desc->integer.value);
} else {
strcpy(hid->string, obj_desc->string.pointer);
}
hid->length = length;
*return_id = hid;
Reported by FlawFinder.
Line: 158
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (obj_desc->common.type == ACPI_TYPE_INTEGER) {
acpi_ex_integer_to_string(uid->string, obj_desc->integer.value);
} else {
strcpy(uid->string, obj_desc->string.pointer);
}
uid->length = length;
*return_id = uid;
Reported by FlawFinder.
Line: 292
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
length = ACPI_EISAID_STRING_SIZE;
} else { /* ACPI_TYPE_STRING */
/* Copy the String CID from the returned object */
strcpy(next_id_string, cid_objects[i]->string.pointer);
length = cid_objects[i]->string.length + 1;
}
cid_list->ids[i].string = next_id_string;
cid_list->ids[i].length = length;
Reported by FlawFinder.
drivers/acpi/apei/ghes.c
4 issues
Line: 687
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
pfx = KERN_ERR;
}
curr_seqno = atomic_inc_return(&seqno);
snprintf(pfx_seq, sizeof(pfx_seq), "%s{%u}" HW_ERR, pfx, curr_seqno);
printk("%s""Hardware error from APEI Generic Hardware Error Source: %d\n",
pfx_seq, generic->header.source_id);
cper_estatus_print(pfx_seq, estatus);
}
Reported by FlawFinder.
Line: 618
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
copied_gdata = GHES_GDATA_FROM_VENDOR_ENTRY(entry);
memcpy(copied_gdata, gdata, acpi_hest_get_record_size(gdata));
entry->error_severity = sev;
INIT_WORK(&entry->work, ghes_vendor_record_work_func);
schedule_work(&entry->work);
}
Reported by FlawFinder.
Line: 677
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static atomic_t seqno;
unsigned int curr_seqno;
char pfx_seq[64];
if (pfx == NULL) {
if (ghes_severity(estatus->error_severity) <=
GHES_SEV_CORRECTED)
pfx = KERN_WARNING;
Reported by FlawFinder.
Line: 768
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
}
cache_estatus = GHES_ESTATUS_FROM_CACHE(cache);
memcpy(cache_estatus, estatus, len);
cache->estatus_len = len;
atomic_set(&cache->count, 0);
cache->generic = generic;
cache->time_in = sched_clock();
return cache;
Reported by FlawFinder.
drivers/acpi/glue.c
4 issues
Line: 158
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
static void acpi_physnode_link_name(char *buf, unsigned int node_id)
{
if (node_id > 0)
snprintf(buf, PHYSICAL_NODE_NAME_SIZE,
PHYSICAL_NODE_STRING "%u", node_id);
else
strcpy(buf, PHYSICAL_NODE_STRING);
}
Reported by FlawFinder.
Line: 161
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snprintf(buf, PHYSICAL_NODE_NAME_SIZE,
PHYSICAL_NODE_STRING "%u", node_id);
else
strcpy(buf, PHYSICAL_NODE_STRING);
}
int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev)
{
struct acpi_device_physical_node *physical_node, *pn;
Reported by FlawFinder.
Line: 167
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int acpi_bind_one(struct device *dev, struct acpi_device *acpi_dev)
{
struct acpi_device_physical_node *physical_node, *pn;
char physical_node_name[PHYSICAL_NODE_NAME_SIZE];
struct list_head *physnode_list;
unsigned int node_id;
int retval = -EINVAL;
if (has_acpi_companion(dev)) {
Reported by FlawFinder.
Line: 267
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
list_for_each_entry(entry, &acpi_dev->physical_node_list, node)
if (entry->dev == dev) {
char physnode_name[PHYSICAL_NODE_NAME_SIZE];
list_del(&entry->node);
acpi_dev->physical_node_count--;
acpi_physnode_link_name(physnode_name, entry->node_id);
Reported by FlawFinder.
drivers/acpi/utils.c
4 issues
Line: 200
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 'S':
pointer = (u8 **) head;
*pointer = tail;
memcpy(tail, element->string.pointer,
element->string.length);
head += sizeof(char *);
tail += element->string.length * sizeof(char);
/* NULL terminate string */
*tail = (char)0;
Reported by FlawFinder.
Line: 211
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 'B':
pointer = (u8 **) head;
*pointer = tail;
memcpy(tail, element->buffer.pointer,
element->buffer.length);
head += sizeof(u8 *);
tail += element->buffer.length;
break;
default:
Reported by FlawFinder.
Line: 921
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* acpi_backlight= handling, this is done here rather then in video_detect.c
* because __setup cannot be used in modules.
*/
char acpi_video_backlight_string[16];
EXPORT_SYMBOL(acpi_video_backlight_string);
static int __init acpi_backlight(char *str)
{
strlcpy(acpi_video_backlight_string, str,
Reported by FlawFinder.
Line: 960
Column: 22
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
if ((plat->pred == all_versions) ||
(plat->pred == less_than_or_equal && hdr.oem_revision <= plat->oem_revision) ||
(plat->pred == greater_than_or_equal && hdr.oem_revision >= plat->oem_revision) ||
(plat->pred == equal && hdr.oem_revision == plat->oem_revision))
return idx;
}
return -ENODEV;
}
Reported by FlawFinder.
drivers/ata/ahci.c
4 issues
Line: 1124
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
const struct dmi_system_id *match;
int year, month, date;
char buf[9];
match = dmi_first_match(sysids);
if (pdev->bus->number != 0 || pdev->devfn != PCI_DEVFN(0x12, 0) ||
!match)
return false;
Reported by FlawFinder.
Line: 1259
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
const struct dmi_system_id *dmi = dmi_first_match(sysids);
int year, month, date;
char buf[9];
if (!dmi || pdev->bus->number || pdev->devfn != PCI_DEVFN(0x1f, 2))
return false;
dmi_get_date(DMI_BIOS_DATE, &year, &month, &date);
Reported by FlawFinder.
Line: 1312
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
const struct dmi_system_id *dmi = dmi_first_match(sysids);
int year, month, date;
char buf[9];
if (!dmi)
return false;
dmi_get_date(DMI_BIOS_DATE, &year, &month, &date);
Reported by FlawFinder.
Line: 1662
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct ata_host *host = dev_get_drvdata(dev);
struct ahci_host_priv *hpriv = host->private_data;
return sprintf(buf, "%u\n", hpriv->remapped_nvme);
}
static DEVICE_ATTR_RO(remapped_nvme);
static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
Reported by FlawFinder.
drivers/ata/libata-sff.c
4 issues
Line: 553
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Transfer trailing byte, if any. */
if (unlikely(buflen & 0x01)) {
unsigned char pad[2] = { };
/* Point buf to the tail of buffer */
buf += buflen - 1;
/*
Reported by FlawFinder.
Line: 613
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Transfer trailing bytes, if any */
if (unlikely(slop)) {
unsigned char pad[4] = { };
/* Point buf to the tail of buffer */
buf += buflen - slop;
/*
Reported by FlawFinder.
Line: 627
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ioread16_rep(data_addr, pad, 1);
else
ioread32_rep(data_addr, pad, 1);
memcpy(buf, pad, slop);
} else {
memcpy(pad, buf, slop);
if (slop < 3)
iowrite16_rep(data_addr, pad, 1);
else
Reported by FlawFinder.
Line: 629
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ioread32_rep(data_addr, pad, 1);
memcpy(buf, pad, slop);
} else {
memcpy(pad, buf, slop);
if (slop < 3)
iowrite16_rep(data_addr, pad, 1);
else
iowrite32_rep(data_addr, pad, 1);
}
Reported by FlawFinder.
drivers/base/devcoredump.c
4 issues
Line: 29
Column: 12
CWE codes:
120
20
void *data;
size_t datalen;
struct module *owner;
ssize_t (*read)(char *buffer, loff_t offset, size_t count,
void *data, size_t datalen);
void (*free)(void *data);
struct delayed_work del_wk;
struct device *failing_dev;
};
Reported by FlawFinder.
Line: 77
Column: 16
CWE codes:
120
20
struct device *dev = kobj_to_dev(kobj);
struct devcd_entry *devcd = dev_to_devcd(dev);
return devcd->read(buffer, offset, count, devcd->data, devcd->datalen);
}
static ssize_t devcd_data_write(struct file *filp, struct kobject *kobj,
struct bin_attribute *bin_attr,
char *buffer, loff_t offset, size_t count)
Reported by FlawFinder.
Line: 250
Column: 16
CWE codes:
120
20
*/
void dev_coredumpm(struct device *dev, struct module *owner,
void *data, size_t datalen, gfp_t gfp,
ssize_t (*read)(char *buffer, loff_t offset, size_t count,
void *data, size_t datalen),
void (*free)(void *data))
{
static atomic_t devcd_count = ATOMIC_INIT(0);
struct devcd_entry *devcd;
Reported by FlawFinder.
Line: 278
Column: 16
CWE codes:
120
20
devcd->owner = owner;
devcd->data = data;
devcd->datalen = datalen;
devcd->read = read;
devcd->free = free;
devcd->failing_dev = get_device(dev);
device_initialize(&devcd->devcd_dev);
Reported by FlawFinder.
drivers/base/regmap/regmap-sdw.c
4 issues
drivers/bcma/driver_pci_host.c
4 issues
Line: 532
Column: 21
CWE codes:
120
20
/* Early PCI fixup for a device on the PCI-core bridge. */
static void bcma_core_pci_fixup_pcibridge(struct pci_dev *dev)
{
if (dev->bus->ops->read != bcma_core_pci_hostmode_read_config) {
/* This is not a device on the PCI-core bridge. */
return;
}
if (PCI_SLOT(dev->devfn) != 0)
return;
Reported by FlawFinder.
Line: 559
Column: 21
CWE codes:
120
20
struct resource *res;
int pos, err;
if (dev->bus->ops->read != bcma_core_pci_hostmode_read_config) {
/* This is not a device on the PCI-core bridge. */
return;
}
if (PCI_SLOT(dev->devfn) == 0)
return;
Reported by FlawFinder.
Line: 587
Column: 21
CWE codes:
120
20
struct bcma_drv_pci_host *pc_host;
int readrq;
if (dev->bus->ops->read != bcma_core_pci_hostmode_read_config) {
/* This is not a device on the PCI-core bridge. */
return -ENODEV;
}
pc_host = container_of(dev->bus->ops, struct bcma_drv_pci_host,
pci_ops);
Reported by FlawFinder.
Line: 614
Column: 21
CWE codes:
120
20
{
struct bcma_drv_pci_host *pc_host;
if (dev->bus->ops->read != bcma_core_pci_hostmode_read_config) {
/* This is not a device on the PCI-core bridge. */
return -ENODEV;
}
pc_host = container_of(dev->bus->ops, struct bcma_drv_pci_host,
Reported by FlawFinder.