The following issues were found
drivers/net/wireless/zydas/zd1201.h
4 issues
Line: 34
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct urb *rx_urb;
struct urb *tx_urb;
unsigned char rxdata[ZD1201_RXSIZE];
int rxlen;
wait_queue_head_t rxdataq;
int rxdatas;
struct hlist_head fraglist;
unsigned char txdata[ZD1201_RXSIZE];
Reported by FlawFinder.
Line: 39
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wait_queue_head_t rxdataq;
int rxdatas;
struct hlist_head fraglist;
unsigned char txdata[ZD1201_RXSIZE];
int ap;
char essid[IW_ESSID_MAX_SIZE+1];
int essidlen;
int mac_enabled;
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char txdata[ZD1201_RXSIZE];
int ap;
char essid[IW_ESSID_MAX_SIZE+1];
int essidlen;
int mac_enabled;
int was_enabled;
int monitor;
int encode_enabled;
Reported by FlawFinder.
Line: 49
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int monitor;
int encode_enabled;
int encode_restricted;
unsigned char encode_keys[ZD1201_NUMKEYS][ZD1201_MAXKEYLEN];
int encode_keylen[ZD1201_NUMKEYS];
};
struct zd1201_frag {
struct hlist_node fnode;
Reported by FlawFinder.
drivers/remoteproc/pru_rproc.c
4 issues
Line: 377
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct device *dev = &rproc->dev;
struct pru_rproc *pru = rproc->priv;
const char *names[PRU_TYPE_MAX] = { "PRU", "RTU", "Tx_PRU" };
u32 val;
int ret;
dev_dbg(dev, "starting %s%d: entry-point = 0x%llx\n",
names[pru->data->type], pru->id, (rproc->bootaddr >> 2));
Reported by FlawFinder.
Line: 404
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct device *dev = &rproc->dev;
struct pru_rproc *pru = rproc->priv;
const char *names[PRU_TYPE_MAX] = { "PRU", "RTU", "Tx_PRU" };
u32 val;
dev_dbg(dev, "stopping %s%d\n", names[pru->data->type], pru->id);
val = pru_control_read_reg(pru, PRU_CTRL_CTRL);
Reported by FlawFinder.
Line: 638
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
} else {
memcpy(ptr, elf_data + phdr->p_offset, filesz);
}
/* skip the memzero logic performed by remoteproc ELF loader */
}
Reported by FlawFinder.
Line: 777
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct resource *res;
int i, ret;
const struct pru_private_data *data;
const char *mem_names[PRU_IOMEM_MAX] = { "iram", "control", "debug" };
data = of_device_get_match_data(&pdev->dev);
if (!data)
return -ENODEV;
Reported by FlawFinder.
drivers/scsi/fcoe/fcoe_transport.c
4 issues
Line: 255
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fc_lport *n_port = shost_priv(shost);
struct fc_lport *vn_port;
int rc = 0;
char buf[32];
mutex_lock(&n_port->lp_mutex);
fcoe_wwn_to_str(vport->port_name, buf, sizeof(buf));
/* Check if the wwpn is not same as that of the lport */
Reported by FlawFinder.
Line: 603
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i, j;
struct fcoe_transport *ft = NULL;
i = j = sprintf(buffer, "Attached FCoE transports:");
mutex_lock(&ft_mutex);
list_for_each_entry(ft, &fcoe_transports, list) {
if (i >= PAGE_SIZE - IFNAMSIZ)
break;
i += snprintf(&buffer[i], IFNAMSIZ, "%s ", ft->name);
Reported by FlawFinder.
Line: 711
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct net_device *fcoe_if_to_netdev(const char *buffer)
{
char *cp;
char ifname[IFNAMSIZ + 2];
if (buffer) {
strlcpy(ifname, buffer, IFNAMSIZ);
cp = ifname + strlen(ifname);
while (--cp >= ifname && *cp == '\n')
Reported by FlawFinder.
Line: 715
Column: 17
CWE codes:
126
if (buffer) {
strlcpy(ifname, buffer, IFNAMSIZ);
cp = ifname + strlen(ifname);
while (--cp >= ifname && *cp == '\n')
*cp = '\0';
return dev_get_by_name(&init_net, ifname);
}
return NULL;
Reported by FlawFinder.
drivers/pci/proc.c
4 issues
Line: 415
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct pci_bus *bus = dev->bus;
struct proc_dir_entry *e;
char name[16];
if (!proc_initialized)
return -EACCES;
if (!bus->procdir) {
Reported by FlawFinder.
Line: 422
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!bus->procdir) {
if (pci_proc_domain(bus)) {
sprintf(name, "%04x:%02x", pci_domain_nr(bus),
bus->number);
} else {
sprintf(name, "%02x", bus->number);
}
bus->procdir = proc_mkdir(name, proc_bus_pci_dir);
Reported by FlawFinder.
Line: 425
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(name, "%04x:%02x", pci_domain_nr(bus),
bus->number);
} else {
sprintf(name, "%02x", bus->number);
}
bus->procdir = proc_mkdir(name, proc_bus_pci_dir);
if (!bus->procdir)
return -ENOMEM;
}
Reported by FlawFinder.
Line: 432
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
}
sprintf(name, "%02x.%x", PCI_SLOT(dev->devfn), PCI_FUNC(dev->devfn));
e = proc_create_data(name, S_IFREG | S_IRUGO | S_IWUSR, bus->procdir,
&proc_bus_pci_ops, dev);
if (!e)
return -ENOMEM;
proc_set_size(e, dev->cfg_size);
Reported by FlawFinder.
drivers/net/wireless/ti/wlcore/boot.c
4 issues
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int *fw_ver = wl->chip.fw_ver;
unsigned int *min_ver = (wl->fw_type == WL12XX_FW_TYPE_MULTI) ?
wl->min_mr_fw_ver : wl->min_sr_fw_ver;
char min_fw_str[32] = "";
int off = 0;
int i;
/* the chip must be exactly equal */
if ((min_ver[FW_VER_CHIP] != WLCORE_FW_VER_IGNORE) &&
Reported by FlawFinder.
Line: 215
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* 10.3 upload the chunk */
addr = dest + chunk_num * CHUNK_SIZE;
p = buf + chunk_num * CHUNK_SIZE;
memcpy(chunk, p, CHUNK_SIZE);
wl1271_debug(DEBUG_BOOT, "uploading fw chunk 0x%p to 0x%x",
p, addr);
ret = wlcore_write(wl, addr, chunk, CHUNK_SIZE, false);
if (ret < 0)
goto out;
Reported by FlawFinder.
Line: 228
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* 10.4 upload the last chunk */
addr = dest + chunk_num * CHUNK_SIZE;
p = buf + chunk_num * CHUNK_SIZE;
memcpy(chunk, p, fw_data_len % CHUNK_SIZE);
wl1271_debug(DEBUG_BOOT, "uploading fw last chunk (%zd B) 0x%p to 0x%x",
fw_data_len % CHUNK_SIZE, p, addr);
ret = wlcore_write(wl, addr, chunk, fw_data_len % CHUNK_SIZE, false);
out:
Reported by FlawFinder.
Line: 44
Column: 2
CWE codes:
120
{
int ret;
strncpy(wl->chip.fw_ver_str, static_data->fw_version,
sizeof(wl->chip.fw_ver_str));
/* make sure the string is NULL-terminated */
wl->chip.fw_ver_str[sizeof(wl->chip.fw_ver_str) - 1] = '\0';
Reported by FlawFinder.
drivers/platform/x86/dell/alienware-wmi.c
4 issues
Line: 326
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct platform_zone *target_zone;
target_zone = match_zone(attr);
if (target_zone == NULL)
return sprintf(buf, "red: -1, green: -1, blue: -1\n");
return sprintf(buf, "red: %d, green: %d, blue: %d\n",
target_zone->colors.red,
target_zone->colors.green, target_zone->colors.blue);
}
Reported by FlawFinder.
Line: 327
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
target_zone = match_zone(attr);
if (target_zone == NULL)
return sprintf(buf, "red: -1, green: -1, blue: -1\n");
return sprintf(buf, "red: %d, green: %d, blue: %d\n",
target_zone->colors.red,
target_zone->colors.green, target_zone->colors.blue);
}
Reported by FlawFinder.
Line: 432
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int alienware_zone_init(struct platform_device *dev)
{
u8 zone;
char buffer[10];
char *name;
if (interface == WMAX) {
lighting_control_state = WMAX_RUNNING;
} else if (interface == LEGACY) {
Reported by FlawFinder.
Line: 469
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
for (zone = 0; zone < quirks->num_zones; zone++) {
sprintf(buffer, "zone%02hhX", zone);
name = kstrdup(buffer, GFP_KERNEL);
if (name == NULL)
return 1;
sysfs_attr_init(&zone_dev_attrs[zone].attr);
zone_dev_attrs[zone].attr.name = name;
Reported by FlawFinder.
drivers/net/wireless/realtek/rtlwifi/rtl8192ee/fw.c
4 issues
Line: 303
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 2:
case 3:
/*boxcontent[0] &= ~(BIT(7));*/
memcpy((u8 *)(boxcontent) + 1,
cmdbuffer + buf_index, cmd_len);
for (idx = 0; idx < 4; idx++) {
rtl_write_byte(rtlpriv, box_reg + idx,
boxcontent[idx]);
Reported by FlawFinder.
Line: 316
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 6:
case 7:
/*boxcontent[0] |= (BIT(7));*/
memcpy((u8 *)(boxextcontent),
cmdbuffer + buf_index+3, cmd_len-3);
memcpy((u8 *)(boxcontent) + 1,
cmdbuffer + buf_index, 3);
for (idx = 0; idx < 4; idx++) {
Reported by FlawFinder.
Line: 318
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*boxcontent[0] |= (BIT(7));*/
memcpy((u8 *)(boxextcontent),
cmdbuffer + buf_index+3, cmd_len-3);
memcpy((u8 *)(boxcontent) + 1,
cmdbuffer + buf_index, 3);
for (idx = 0; idx < 4; idx++) {
rtl_write_byte(rtlpriv, box_extreg + idx,
boxextcontent[idx]);
Reported by FlawFinder.
Line: 368
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memset(tmp_cmdbuf, 0, 8);
memcpy(tmp_cmdbuf, cmdbuffer, cmd_len);
_rtl92ee_fill_h2c_command(hw, element_id, cmd_len, (u8 *)&tmp_cmdbuf);
}
void rtl92ee_firmware_selfreset(struct ieee80211_hw *hw)
{
Reported by FlawFinder.
drivers/scsi/fnic/fnic_isr.c
4 issues
Line: 191
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case VNIC_DEV_INTR_MODE_MSIX:
sprintf(fnic->msix[FNIC_MSIX_RQ].devname,
"%.11s-fcs-rq", fnic->name);
fnic->msix[FNIC_MSIX_RQ].isr = fnic_isr_msix_rq;
fnic->msix[FNIC_MSIX_RQ].devid = fnic;
sprintf(fnic->msix[FNIC_MSIX_WQ].devname,
Reported by FlawFinder.
Line: 196
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
fnic->msix[FNIC_MSIX_RQ].isr = fnic_isr_msix_rq;
fnic->msix[FNIC_MSIX_RQ].devid = fnic;
sprintf(fnic->msix[FNIC_MSIX_WQ].devname,
"%.11s-fcs-wq", fnic->name);
fnic->msix[FNIC_MSIX_WQ].isr = fnic_isr_msix_wq;
fnic->msix[FNIC_MSIX_WQ].devid = fnic;
sprintf(fnic->msix[FNIC_MSIX_WQ_COPY].devname,
Reported by FlawFinder.
Line: 201
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
fnic->msix[FNIC_MSIX_WQ].isr = fnic_isr_msix_wq;
fnic->msix[FNIC_MSIX_WQ].devid = fnic;
sprintf(fnic->msix[FNIC_MSIX_WQ_COPY].devname,
"%.11s-scsi-wq", fnic->name);
fnic->msix[FNIC_MSIX_WQ_COPY].isr = fnic_isr_msix_wq_copy;
fnic->msix[FNIC_MSIX_WQ_COPY].devid = fnic;
sprintf(fnic->msix[FNIC_MSIX_ERR_NOTIFY].devname,
Reported by FlawFinder.
Line: 206
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
fnic->msix[FNIC_MSIX_WQ_COPY].isr = fnic_isr_msix_wq_copy;
fnic->msix[FNIC_MSIX_WQ_COPY].devid = fnic;
sprintf(fnic->msix[FNIC_MSIX_ERR_NOTIFY].devname,
"%.11s-err-notify", fnic->name);
fnic->msix[FNIC_MSIX_ERR_NOTIFY].isr =
fnic_isr_msix_err_notify;
fnic->msix[FNIC_MSIX_ERR_NOTIFY].devid = fnic;
Reported by FlawFinder.
drivers/power/supply/sbs-battery.c
4 issues
Line: 214
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mutex mode_lock;
u32 flags;
int technology;
char strings[NR_STRING_BUFFERS][I2C_SMBUS_BLOCK_MAX + 1];
};
static char *sbs_get_string_buf(struct sbs_info *chip,
enum power_supply_property psp)
{
Reported by FlawFinder.
Line: 415
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* block_buffer[0] == block_length */
memcpy(values, block_buffer + 1, block_length);
values[block_length] = '\0';
return ret;
}
Reported by FlawFinder.
Line: 818
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
}
static char sbs_serial[5];
static int sbs_get_battery_serial_number(struct i2c_client *client,
union power_supply_propval *val)
{
int ret;
Reported by FlawFinder.
Line: 828
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
sprintf(sbs_serial, "%04x", ret);
val->strval = sbs_serial;
return 0;
}
Reported by FlawFinder.
drivers/net/wireless/realtek/rtlwifi/rtl8188ee/fw.c
4 issues
Line: 283
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 2:
case 3:
/*boxcontent[0] &= ~(BIT(7));*/
memcpy((u8 *)(boxcontent) + 1,
cmd_b + buf_index, cmd_len);
for (idx = 0; idx < 4; idx++) {
rtl_write_byte(rtlpriv, box_reg + idx,
boxcontent[idx]);
Reported by FlawFinder.
Line: 296
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 6:
case 7:
/*boxcontent[0] |= (BIT(7));*/
memcpy((u8 *)(boxextcontent),
cmd_b + buf_index+3, cmd_len-3);
memcpy((u8 *)(boxcontent) + 1,
cmd_b + buf_index, 3);
for (idx = 0; idx < 2; idx++) {
Reported by FlawFinder.
Line: 298
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*boxcontent[0] |= (BIT(7));*/
memcpy((u8 *)(boxextcontent),
cmd_b + buf_index+3, cmd_len-3);
memcpy((u8 *)(boxcontent) + 1,
cmd_b + buf_index, 3);
for (idx = 0; idx < 2; idx++) {
rtl_write_byte(rtlpriv, box_extreg + idx,
boxextcontent[idx]);
Reported by FlawFinder.
Line: 348
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memset(tmp_cmdbuf, 0, 8);
memcpy(tmp_cmdbuf, cmdbuffer, cmd_len);
_rtl88e_fill_h2c_command(hw, element_id, cmd_len, (u8 *)&tmp_cmdbuf);
return;
}
Reported by FlawFinder.