The following issues were found
drivers/firmware/efi/libstub/efi-stub-helper.c
4 issues
Line: 163
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt = printk_skip_level(fmt);
va_start(args, fmt);
printed = vsnprintf(printf_buf, sizeof(printf_buf), fmt, args);
va_end(args);
efi_puts(printf_buf);
if (printed >= sizeof(printf_buf)) {
efi_puts("[Message truncated]\n");
Reported by FlawFinder.
Line: 136
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
int efi_printk(const char *fmt, ...)
{
char printf_buf[256];
va_list args;
int printed;
int loglevel = printk_get_level(fmt);
switch (loglevel) {
Reported by FlawFinder.
Line: 202
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (status != EFI_SUCCESS)
return status;
memcpy(buf, cmdline, len - 1);
buf[len - 1] = '\0';
str = skip_spaces(buf);
while (*str) {
char *param, *val;
Reported by FlawFinder.
Line: 234
Column: 36
CWE codes:
126
efi_loglevel = CONSOLE_LOGLEVEL_DEBUG;
} else if (!strcmp(param, "video") &&
val && strstarts(val, "efifb:")) {
efi_parse_option_graphics(val + strlen("efifb:"));
}
}
efi_bs_call(free_pool, buf);
return EFI_SUCCESS;
}
Reported by FlawFinder.
drivers/firmware/pcdp.c
4 issues
Line: 28
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char parity;
mmio = (uart->addr.space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY);
p += sprintf(p, "uart8250,%s,0x%llx",
mmio ? "mmio" : "io", uart->addr.address);
if (uart->baud) {
p += sprintf(p, ",%llu", uart->baud);
if (uart->bits) {
switch (uart->parity) {
Reported by FlawFinder.
Line: 24
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
#ifdef CONFIG_SERIAL_8250_CONSOLE
int mmio;
static char options[64], *p = options;
char parity;
mmio = (uart->addr.space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY);
p += sprintf(p, "uart8250,%s,0x%llx",
mmio ? "mmio" : "io", uart->addr.address);
Reported by FlawFinder.
Line: 31
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p += sprintf(p, "uart8250,%s,0x%llx",
mmio ? "mmio" : "io", uart->addr.address);
if (uart->baud) {
p += sprintf(p, ",%llu", uart->baud);
if (uart->bits) {
switch (uart->parity) {
case 0x2: parity = 'e'; break;
case 0x3: parity = 'o'; break;
default: parity = 'n';
Reported by FlawFinder.
Line: 38
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case 0x3: parity = 'o'; break;
default: parity = 'n';
}
p += sprintf(p, "%c%d", parity, uart->bits);
}
}
add_preferred_console("uart", 8250, &options[9]);
return setup_earlycon(options);
Reported by FlawFinder.
drivers/firmware/ti_sci.c
4 issues
Line: 164
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct device *dev = &pdev->dev;
struct resource *res;
char debug_name[50] = "ti_sci_debug@";
/* Debug region is optional */
res = platform_get_resource_byname(pdev, IORESOURCE_MEM,
"debug_messages");
info->debug_region = devm_ioremap_resource(dev, res);
Reported by FlawFinder.
Line: 281
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ti_sci_dump_header_dbg(dev, hdr);
/* Take a copy to the rx buffer.. */
memcpy(xfer->xfer_buf, mbox_msg->buf, xfer->rx_len);
complete(&xfer->done);
}
/**
* ti_sci_get_one_xfer() - Allocate one message
Reported by FlawFinder.
Line: 181
Column: 32
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
/* Setup NULL termination */
info->debug_buffer[info->debug_region_size] = 0;
info->d = debugfs_create_file(strncat(debug_name, dev_name(dev),
sizeof(debug_name) -
sizeof("ti_sci_debug@")),
0444, NULL, info, &ti_sci_debug_fops);
if (IS_ERR(info->d))
return PTR_ERR(info->d);
Reported by FlawFinder.
Line: 472
Column: 2
CWE codes:
120
ver->abi_major = rev_info->abi_major;
ver->abi_minor = rev_info->abi_minor;
ver->firmware_revision = rev_info->firmware_revision;
strncpy(ver->firmware_description, rev_info->firmware_description,
sizeof(ver->firmware_description));
fail:
ti_sci_put_one_xfer(&info->minfo, xfer);
return ret;
Reported by FlawFinder.
drivers/firmware/turris-mox-rwtm.c
4 issues
Line: 137
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
struct mox_rwtm *rwtm = to_rwtm(kobj); \
if (!rwtm->has_##cat) \
return -ENODATA; \
return sprintf(buf, format, rwtm->name); \
} \
static struct kobj_attribute mox_attr_##name = __ATTR_RO(name)
MOX_ATTR_RO(serial_number, "%016llX\n", board_info);
MOX_ATTR_RO(board_version, "%i\n", board_info);
Reported by FlawFinder.
Line: 254
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u32 *s = reply->status;
rwtm->has_pubkey = 1;
sprintf(rwtm->pubkey,
"%06x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x",
ret, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7],
s[8], s[9], s[10], s[11], s[12], s[13], s[14], s[15]);
}
Reported by FlawFinder.
Line: 317
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret < 0)
goto unlock_mutex;
memcpy(data, rwtm->buf, max);
ret = max;
unlock_mutex:
mutex_unlock(&rwtm->busy);
return ret;
Reported by FlawFinder.
Line: 415
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* computed by the rWTM firmware and convert their words from
* LE to BE.
*/
memcpy(rwtm->last_sig, rwtm->buf + 68, 136);
cpu_to_be32_array(rwtm->last_sig, rwtm->last_sig, 34);
rwtm->last_sig_done = 1;
mutex_unlock(&rwtm->busy);
return len;
Reported by FlawFinder.
drivers/fpga/dfl-fme-perf.c
4 issues
Line: 532
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
eattr = container_of(attr, struct dev_ext_attribute, attr);
config = (unsigned long)eattr->var;
ptr += sprintf(ptr, "event=0x%02x", (unsigned int)get_event(config));
ptr += sprintf(ptr, ",evtype=0x%02x", (unsigned int)get_evtype(config));
if (is_portid_root(get_portid(config)))
ptr += sprintf(ptr, ",portid=0x%02x\n", FME_PORTID_ROOT);
else
Reported by FlawFinder.
Line: 533
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
config = (unsigned long)eattr->var;
ptr += sprintf(ptr, "event=0x%02x", (unsigned int)get_event(config));
ptr += sprintf(ptr, ",evtype=0x%02x", (unsigned int)get_evtype(config));
if (is_portid_root(get_portid(config)))
ptr += sprintf(ptr, ",portid=0x%02x\n", FME_PORTID_ROOT);
else
ptr += sprintf(ptr, ",portid=?\n");
Reported by FlawFinder.
Line: 536
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ptr += sprintf(ptr, ",evtype=0x%02x", (unsigned int)get_evtype(config));
if (is_portid_root(get_portid(config)))
ptr += sprintf(ptr, ",portid=0x%02x\n", FME_PORTID_ROOT);
else
ptr += sprintf(ptr, ",portid=?\n");
return (ssize_t)(ptr - buf);
}
Reported by FlawFinder.
Line: 538
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (is_portid_root(get_portid(config)))
ptr += sprintf(ptr, ",portid=0x%02x\n", FME_PORTID_ROOT);
else
ptr += sprintf(ptr, ",portid=?\n");
return (ssize_t)(ptr - buf);
}
#define FME_EVENT_ATTR(_name) \
Reported by FlawFinder.
drivers/fsi/fsi-core.c
4 issues
Line: 821
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct fsi_slave *slave = to_fsi_slave(dev);
return sprintf(buf, "%u\n", slave->t_send_delay);
}
static ssize_t slave_send_echo_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 865
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct fsi_slave *slave = to_fsi_slave(dev);
return sprintf(buf, "%d\n", slave->chip_id);
}
static DEVICE_ATTR_RO(chip_id);
static ssize_t cfam_id_show(struct device *dev,
Reported by FlawFinder.
Line: 876
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct fsi_slave *slave = to_fsi_slave(dev);
return sprintf(buf, "0x%x\n", slave->cfam_id);
}
static DEVICE_ATTR_RO(cfam_id);
static struct attribute *cfam_attr[] = {
Reported by FlawFinder.
Line: 1146
Column: 16
CWE codes:
120
20
rc = fsi_check_access(addr, size);
if (!rc)
rc = master->read(master, link, slave_id, addr, val, size);
trace_fsi_master_rw_result(master, link, slave_id, addr, size,
false, val, rc);
return rc;
Reported by FlawFinder.
drivers/fsi/fsi-master-ast-cf.c
4 issues
Line: 268
CWE codes:
476
msg_push_bits(cmd, addr, addr_bits);
msg_push_bits(cmd, ds, 1);
for (i = 0; write && i < size; i++)
msg_push_bits(cmd, ((uint8_t *)data)[i], 8);
msg_push_crc(cmd);
msg_finish_cmd(cmd);
}
Reported by Cppcheck.
Line: 268
CWE codes:
476
msg_push_bits(cmd, addr, addr_bits);
msg_push_bits(cmd, ds, 1);
for (i = 0; write && i < size; i++)
msg_push_bits(cmd, ((uint8_t *)data)[i], 8);
msg_push_crc(cmd);
msg_finish_cmd(cmd);
}
Reported by Cppcheck.
Line: 442
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void dump_ucode_trace(struct fsi_master_acf *master)
{
char trbuf[52];
char *p;
int i;
dev_dbg(master->dev,
"CMDSTAT:%08x RTAG=%02x RCRC=%02x RDATA=%02x #INT=%08x\n",
Reported by FlawFinder.
Line: 459
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if ((i % 16) == 0)
p = trbuf;
v = ioread8(master->sram + TRACEBUF + i);
p += sprintf(p, "%02x ", v);
if (((i % 16) == 15) || v == TR_END)
dev_dbg(master->dev, "%s\n", trbuf);
if (v == TR_END)
break;
}
Reported by FlawFinder.
drivers/gpio/gpio-104-dio-48e.c
4 issues
Line: 48
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct dio48e_gpio {
struct gpio_chip chip;
unsigned char io_state[6];
unsigned char out_state[6];
unsigned char control[2];
raw_spinlock_t lock;
unsigned int base;
unsigned char irq_mask;
Reported by FlawFinder.
Line: 49
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dio48e_gpio {
struct gpio_chip chip;
unsigned char io_state[6];
unsigned char out_state[6];
unsigned char control[2];
raw_spinlock_t lock;
unsigned int base;
unsigned char irq_mask;
};
Reported by FlawFinder.
Line: 50
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gpio_chip chip;
unsigned char io_state[6];
unsigned char out_state[6];
unsigned char control[2];
raw_spinlock_t lock;
unsigned int base;
unsigned char irq_mask;
};
Reported by FlawFinder.
Line: 352
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
#define DIO48E_NGPIO 48
static const char *dio48e_names[DIO48E_NGPIO] = {
"PPI Group 0 Port A 0", "PPI Group 0 Port A 1", "PPI Group 0 Port A 2",
"PPI Group 0 Port A 3", "PPI Group 0 Port A 4", "PPI Group 0 Port A 5",
"PPI Group 0 Port A 6", "PPI Group 0 Port A 7", "PPI Group 0 Port B 0",
"PPI Group 0 Port B 1", "PPI Group 0 Port B 2", "PPI Group 0 Port B 3",
"PPI Group 0 Port B 4", "PPI Group 0 Port B 5", "PPI Group 0 Port B 6",
Reported by FlawFinder.
drivers/gpio/gpio-gpio-mm.c
4 issues
Line: 41
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct gpiomm_gpio {
struct gpio_chip chip;
unsigned char io_state[6];
unsigned char out_state[6];
unsigned char control[2];
spinlock_t lock;
unsigned int base;
};
Reported by FlawFinder.
Line: 42
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gpiomm_gpio {
struct gpio_chip chip;
unsigned char io_state[6];
unsigned char out_state[6];
unsigned char control[2];
spinlock_t lock;
unsigned int base;
};
Reported by FlawFinder.
Line: 43
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gpio_chip chip;
unsigned char io_state[6];
unsigned char out_state[6];
unsigned char control[2];
spinlock_t lock;
unsigned int base;
};
static int gpiomm_gpio_get_direction(struct gpio_chip *chip,
Reported by FlawFinder.
Line: 244
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
#define GPIOMM_NGPIO 48
static const char *gpiomm_names[GPIOMM_NGPIO] = {
"Port 1A0", "Port 1A1", "Port 1A2", "Port 1A3", "Port 1A4", "Port 1A5",
"Port 1A6", "Port 1A7", "Port 1B0", "Port 1B1", "Port 1B2", "Port 1B3",
"Port 1B4", "Port 1B5", "Port 1B6", "Port 1B7", "Port 1C0", "Port 1C1",
"Port 1C2", "Port 1C3", "Port 1C4", "Port 1C5", "Port 1C6", "Port 1C7",
"Port 2A0", "Port 2A1", "Port 2A2", "Port 2A3", "Port 2A4", "Port 2A5",
Reported by FlawFinder.
drivers/gpio/gpio-pcf857x.c
4 issues
Line: 82
Column: 8
CWE codes:
120
20
unsigned irq_enabled; /* enabled irqs */
int (*write)(struct i2c_client *client, unsigned data);
int (*read)(struct i2c_client *client);
};
/*-------------------------------------------------------------------------*/
/* Talk to 8-bit I/O expander */
Reported by FlawFinder.
Line: 141
Column: 16
CWE codes:
120
20
struct pcf857x *gpio = gpiochip_get_data(chip);
int value;
value = gpio->read(gpio->client);
return (value < 0) ? value : !!(value & (1 << offset));
}
static int pcf857x_output(struct gpio_chip *chip, unsigned offset, int value)
{
Reported by FlawFinder.
Line: 174
Column: 17
CWE codes:
120
20
struct pcf857x *gpio = data;
unsigned long change, i, status;
status = gpio->read(gpio->client);
/*
* call the interrupt handler iff gpio is used as
* interrupt source, just to avoid bad irqs
*/
Reported by FlawFinder.
Line: 335
Column: 23
CWE codes:
120
20
* reset state. Otherwise it flags pins to be driven low.
*/
gpio->out = ~n_latch;
gpio->status = gpio->read(gpio->client);
/* Enable irqchip if we have an interrupt */
if (client->irq) {
struct gpio_irq_chip *girq;
Reported by FlawFinder.