The following issues were found
tools/testing/selftests/bpf/prog_tests/tc_redirect.c
22 issues
Line: 171
Column: 18
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
while (*ns) {
snprintf(cmd, sizeof(cmd), "ip netns %s %s", verb, *ns);
if (!ASSERT_OK(system(cmd), cmd))
return -1;
ns++;
}
return 0;
}
Reported by FlawFinder.
Line: 227
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define SYS(fmt, ...) \
({ \
char cmd[1024]; \
snprintf(cmd, sizeof(cmd), fmt, ##__VA_ARGS__); \
if (!ASSERT_OK(system(cmd), cmd)) \
goto fail; \
})
static int netns_setup_links_and_routes(struct netns_setup_result *result)
Reported by FlawFinder.
Line: 228
Column: 18
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
({ \
char cmd[1024]; \
snprintf(cmd, sizeof(cmd), fmt, ##__VA_ARGS__); \
if (!ASSERT_OK(system(cmd), cmd)) \
goto fail; \
})
static int netns_setup_links_and_routes(struct netns_setup_result *result)
{
Reported by FlawFinder.
Line: 74
Column: 6
CWE codes:
362
{
FILE *f;
f = fopen(path, "r+");
if (!f)
return -1;
if (fwrite(newval, strlen(newval), 1, f) != 1) {
log_err("writing to %s failed", path);
fclose(f);
Reported by FlawFinder.
Line: 131
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct nstoken *open_netns(const char *name)
{
int nsfd;
char nspath[PATH_MAX];
int err;
struct nstoken *token;
token = malloc(sizeof(struct nstoken));
if (!ASSERT_OK_PTR(token, "malloc token"))
Reported by FlawFinder.
Line: 139
Column: 25
CWE codes:
362
if (!ASSERT_OK_PTR(token, "malloc token"))
return NULL;
token->orig_netns_fd = open("/proc/self/ns/net", O_RDONLY);
if (!ASSERT_GE(token->orig_netns_fd, 0, "open /proc/self/ns/net"))
goto fail;
snprintf(nspath, sizeof(nspath), "%s/%s", "/var/run/netns", name);
nsfd = open(nspath, O_RDONLY | O_CLOEXEC);
Reported by FlawFinder.
Line: 144
Column: 9
CWE codes:
362
goto fail;
snprintf(nspath, sizeof(nspath), "%s/%s", "/var/run/netns", name);
nsfd = open(nspath, O_RDONLY | O_CLOEXEC);
if (!ASSERT_GE(nsfd, 0, "open netns fd"))
goto fail;
err = setns_by_fd(nsfd);
if (!ASSERT_OK(err, "setns_by_fd"))
Reported by FlawFinder.
Line: 167
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int netns_setup_namespaces(const char *verb)
{
const char * const *ns = namespaces;
char cmd[128];
while (*ns) {
snprintf(cmd, sizeof(cmd), "ip netns %s %s", verb, *ns);
if (!ASSERT_OK(system(cmd), cmd))
return -1;
Reported by FlawFinder.
Line: 185
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int get_ifaddr(const char *name, char *ifaddr)
{
char path[PATH_MAX];
FILE *f;
int ret;
snprintf(path, PATH_MAX, "/sys/class/net/%s/address", name);
f = fopen(path, "r");
Reported by FlawFinder.
Line: 190
Column: 6
CWE codes:
362
int ret;
snprintf(path, PATH_MAX, "/sys/class/net/%s/address", name);
f = fopen(path, "r");
if (!ASSERT_OK_PTR(f, path))
return -1;
ret = fread(ifaddr, 1, IFADDR_STR_LEN, f);
if (!ASSERT_EQ(ret, IFADDR_STR_LEN, "fread ifaddr")) {
Reported by FlawFinder.
security/selinux/selinuxfs.c
22 issues
Line: 825
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
rc = -EINVAL;
if (sscanf(req, "%s %s %hu %s", oldcon, newcon, &tclass, taskcon) != 4)
goto out;
rc = security_context_str_to_sid(state, oldcon, &osid, GFP_KERNEL);
if (rc)
goto out;
Reported by FlawFinder.
Line: 935
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 995
Column: 10
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
if (nargs < 3 || nargs > 4)
goto out;
if (nargs == 4) {
/*
* If and when the name of new object to be queried contains
Reported by FlawFinder.
Line: 1092
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 1153
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s", con, user) != 2)
goto out;
length = security_context_str_to_sid(state, con, &sid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 1218
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto out;
length = -EINVAL;
if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
goto out;
length = security_context_str_to_sid(state, scon, &ssid, GFP_KERNEL);
if (length)
goto out;
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
enforcing_enabled(fsi->state));
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
Reported by FlawFinder.
Line: 209
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
struct selinux_state *state = fsi->state;
char tmpbuf[TMPBUFLEN];
ssize_t length;
ino_t ino = file_inode(filp)->i_ino;
int handle_unknown = (ino == SEL_REJECT_UNKNOWN) ?
security_get_reject_unknown(state) :
!security_get_allow_unknown(state);
Reported by FlawFinder.
Line: 342
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%u", POLICYDB_VERSION_MAX);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
}
Reported by FlawFinder.
Line: 377
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
char tmpbuf[TMPBUFLEN];
ssize_t length;
length = scnprintf(tmpbuf, TMPBUFLEN, "%d",
security_mls_enabled(fsi->state));
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
Reported by FlawFinder.
security/selinux/ss/policydb.c
22 issues
Line: 47
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define _DEBUG_HASHES
#ifdef DEBUG_HASHES
static const char *symtab_name[SYM_NUM] = {
"common prefixes",
"classes",
"roles",
"types",
"users",
Reported by FlawFinder.
Line: 2191
Column: 11
CWE codes:
126
genfs->fstype, c->u.name);
goto out;
}
len = strlen(newc->u.name);
len2 = strlen(c->u.name);
if (len > len2)
break;
}
Reported by FlawFinder.
Line: 2192
Column: 12
CWE codes:
126
goto out;
}
len = strlen(newc->u.name);
len2 = strlen(c->u.name);
if (len > len2)
break;
}
newc->next = c;
Reported by FlawFinder.
Line: 2431
Column: 13
CWE codes:
126
rc = -EINVAL;
len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) {
pr_err("SELinux: policydb string length %d does not "
"match expected length %zu\n",
len, strlen(POLICYDB_STRING));
goto bad;
}
Reported by FlawFinder.
Line: 2434
Column: 15
CWE codes:
126
if (len != strlen(POLICYDB_STRING)) {
pr_err("SELinux: policydb string length %d does not "
"match expected length %zu\n",
len, strlen(POLICYDB_STRING));
goto bad;
}
rc = -ENOMEM;
policydb_str = kmalloc(len + 1, GFP_KERNEL);
Reported by FlawFinder.
Line: 2786
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(levdatum->isalias);
rc = put_entry(buf, sizeof(u32), 2, fp);
if (rc)
return rc;
Reported by FlawFinder.
Line: 2814
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(catdatum->value);
buf[2] = cpu_to_le32(catdatum->isalias);
rc = put_entry(buf, sizeof(u32), 3, fp);
if (rc)
Reported by FlawFinder.
Line: 2931
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(perdatum->value);
rc = put_entry(buf, sizeof(u32), 2, fp);
if (rc)
return rc;
Reported by FlawFinder.
Line: 2955
Column: 8
CWE codes:
126
size_t len;
int rc;
len = strlen(key);
buf[0] = cpu_to_le32(len);
buf[1] = cpu_to_le32(comdatum->value);
buf[2] = cpu_to_le32(comdatum->permissions.nprim);
buf[3] = cpu_to_le32(comdatum->permissions.table.nel);
rc = put_entry(buf, sizeof(u32), 4, fp);
Reported by FlawFinder.
Line: 3053
Column: 8
CWE codes:
126
size_t len, len2;
int rc;
len = strlen(key);
if (cladatum->comkey)
len2 = strlen(cladatum->comkey);
else
len2 = 0;
Reported by FlawFinder.
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
22 issues
Line: 676
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reg = rvu_read64(rvu, block->addr, NIX_AF_AQ_STATUS);
head = (reg >> 4) & AQ_PTR_MASK;
memcpy((void *)(aq->inst->base + (head * aq->inst->entry_sz)),
(void *)inst, aq->inst->entry_sz);
memset(result, 0, sizeof(*result));
/* sync into memory */
wmb();
Reported by FlawFinder.
Line: 816
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (req->op) {
case NIX_AQ_INSTOP_WRITE:
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(mask, &req->rq_mask,
sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(mask, &req->sq_mask,
sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
Reported by FlawFinder.
Line: 819
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->rq_mask,
sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(mask, &req->sq_mask,
sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(mask, &req->cq_mask,
sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
Reported by FlawFinder.
Line: 822
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->sq_mask,
sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(mask, &req->cq_mask,
sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(mask, &req->rss_mask,
sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
Reported by FlawFinder.
Line: 825
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->cq_mask,
sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(mask, &req->rss_mask,
sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
memcpy(mask, &req->mce_mask,
sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
Reported by FlawFinder.
Line: 828
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->rss_mask,
sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
memcpy(mask, &req->mce_mask,
sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
memcpy(mask, &req->prof_mask,
sizeof(struct nix_bandprof_s));
fallthrough;
Reported by FlawFinder.
Line: 831
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(mask, &req->mce_mask,
sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
memcpy(mask, &req->prof_mask,
sizeof(struct nix_bandprof_s));
fallthrough;
case NIX_AQ_INSTOP_INIT:
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(ctx, &req->rq, sizeof(struct nix_rq_ctx_s));
Reported by FlawFinder.
Line: 836
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fallthrough;
case NIX_AQ_INSTOP_INIT:
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(ctx, &req->rq, sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(ctx, &req->sq, sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(ctx, &req->cq, sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
Reported by FlawFinder.
Line: 838
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (req->ctype == NIX_AQ_CTYPE_RQ)
memcpy(ctx, &req->rq, sizeof(struct nix_rq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(ctx, &req->sq, sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(ctx, &req->cq, sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(ctx, &req->rss, sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
Reported by FlawFinder.
Line: 840
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (req->ctype == NIX_AQ_CTYPE_SQ)
memcpy(ctx, &req->sq, sizeof(struct nix_sq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_CQ)
memcpy(ctx, &req->cq, sizeof(struct nix_cq_ctx_s));
else if (req->ctype == NIX_AQ_CTYPE_RSS)
memcpy(ctx, &req->rss, sizeof(struct nix_rsse_s));
else if (req->ctype == NIX_AQ_CTYPE_MCE)
memcpy(ctx, &req->mce, sizeof(struct nix_rx_mce_s));
else if (req->ctype == NIX_AQ_CTYPE_BANDPROF)
Reported by FlawFinder.
drivers/char/ipmi/ipmi_msghandler.c
22 issues
Line: 98
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
event_str = ipmi_panic_event_str[ipmi_send_panic_event];
return sprintf(buffer, "%s\n", event_str);
}
static const struct kernel_param_ops panic_op_ops = {
.set = panic_op_write_handler,
.get = panic_op_read_handler
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int panic_op_write_handler(const char *val,
const struct kernel_param *kp)
{
char valcp[16];
int e;
strscpy(valcp, val, sizeof(valcp));
e = match_string(ipmi_panic_event_str, -1, strstrip(valcp));
if (e < 0)
Reported by FlawFinder.
Line: 1750
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Now tack on the data to the message. */
if (msg->data_len > 0)
memcpy(&smi_msg->data[i + 9], msg->data, msg->data_len);
smi_msg->data_size = msg->data_len + 9;
/* Now calculate the checksum and tack it on. */
smi_msg->data[i+smi_msg->data_size]
= ipmb_checksum(&smi_msg->data[i + 6], smi_msg->data_size - 6);
Reported by FlawFinder.
Line: 1787
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Now tack on the data to the message. */
if (msg->data_len > 0)
memcpy(&smi_msg->data[10], msg->data, msg->data_len);
smi_msg->data_size = msg->data_len + 10;
/* Now calculate the checksum and tack it on. */
smi_msg->data[smi_msg->data_size]
= ipmb_checksum(&smi_msg->data[7], smi_msg->data_size - 7);
Reported by FlawFinder.
Line: 1867
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));
if ((msg->netfn == IPMI_NETFN_APP_REQUEST)
&& ((msg->cmd == IPMI_SEND_MSG_CMD)
|| (msg->cmd == IPMI_GET_MSG_CMD)
|| (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD))) {
Reported by FlawFinder.
Line: 1906
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
smi_msg->msgid = msgid;
smi_msg->user_data = recv_msg;
if (msg->data_len > 0)
memcpy(&smi_msg->data[2], msg->data, msg->data_len);
smi_msg->data_size = msg->data_len + 2;
ipmi_inc_stat(intf, sent_local_commands);
return 0;
}
Reported by FlawFinder.
Line: 1969
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));
if (recv_msg->msg.netfn & 0x1) {
/*
* It's a response, so use the user's sequence
* from msgid.
Reported by FlawFinder.
Line: 2034
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Copy the message into the recv message data, so we
* can retransmit it later if necessary.
*/
memcpy(recv_msg->msg_data, smi_msg->data,
smi_msg->data_size);
recv_msg->msg.data = recv_msg->msg_data;
recv_msg->msg.data_len = smi_msg->data_size;
/*
Reported by FlawFinder.
Line: 2097
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));
if (recv_msg->msg.netfn & 0x1) {
/*
* It's a response, so use the user's sequence
* from msgid.
Reported by FlawFinder.
Line: 2152
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Copy the message into the recv message data, so we
* can retransmit it later if necessary.
*/
memcpy(recv_msg->msg_data, smi_msg->data,
smi_msg->data_size);
recv_msg->msg.data = recv_msg->msg_data;
recv_msg->msg.data_len = smi_msg->data_size;
/*
Reported by FlawFinder.
drivers/scsi/myrs.c
22 issues
Line: 611
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
model_len--;
model[++model_len] = '\0';
strcpy(cs->model_name, "DAC960 ");
strcat(cs->model_name, model);
/* Initialize the Controller Firmware Version field. */
sprintf(fw_version, "%d.%02d-%02d",
info->fw_major_version, info->fw_minor_version,
info->fw_turn_number);
if (info->fw_major_version == 6 &&
Reported by FlawFinder.
Line: 917
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
case 'E':
if (cs->disable_enc_msg)
break;
sprintf(msg_buf, ev_msg, ev->lun);
shost_printk(KERN_INFO, shost, "event %d: Enclosure %d %s\n",
ev->ev_seq, ev->target, msg_buf);
break;
case 'C':
shost_printk(KERN_INFO, shost, "event %d: Controller %s\n",
Reported by FlawFinder.
Line: 229
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
union myrs_sgl *sgl;
unsigned char status;
memcpy(&ldev_info_orig, ldev_info, sizeof(struct myrs_ldev_info));
ldev_info_addr = dma_map_single(&cs->pdev->dev, ldev_info,
sizeof(struct myrs_ldev_info),
DMA_FROM_DEVICE);
if (dma_mapping_error(&cs->pdev->dev, ldev_info_addr))
return MYRS_STATUS_FAILED;
Reported by FlawFinder.
Line: 587
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct myrs_ctlr_info *info = cs->ctlr_info;
struct Scsi_Host *shost = cs->host;
unsigned char status;
unsigned char model[20];
unsigned char fw_version[12];
int i, model_len;
/* Get data into dma-able area, then copy into permanent location */
mutex_lock(&cs->cinfo_mutex);
Reported by FlawFinder.
Line: 588
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct Scsi_Host *shost = cs->host;
unsigned char status;
unsigned char model[20];
unsigned char fw_version[12];
int i, model_len;
/* Get data into dma-able area, then copy into permanent location */
mutex_lock(&cs->cinfo_mutex);
status = myrs_get_ctlr_info(cs);
Reported by FlawFinder.
Line: 605
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
model_len = sizeof(info->ctlr_name);
if (model_len > sizeof(model)-1)
model_len = sizeof(model)-1;
memcpy(model, info->ctlr_name, model_len);
model_len--;
while (model[model_len] == ' ' || model[model_len] == '\0')
model_len--;
model[++model_len] = '\0';
strcpy(cs->model_name, "DAC960 ");
Reported by FlawFinder.
Line: 610
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
while (model[model_len] == ' ' || model[model_len] == '\0')
model_len--;
model[++model_len] = '\0';
strcpy(cs->model_name, "DAC960 ");
strcat(cs->model_name, model);
/* Initialize the Controller Firmware Version field. */
sprintf(fw_version, "%d.%02d-%02d",
info->fw_major_version, info->fw_minor_version,
info->fw_turn_number);
Reported by FlawFinder.
Line: 613
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(cs->model_name, "DAC960 ");
strcat(cs->model_name, model);
/* Initialize the Controller Firmware Version field. */
sprintf(fw_version, "%d.%02d-%02d",
info->fw_major_version, info->fw_minor_version,
info->fw_turn_number);
if (info->fw_major_version == 6 &&
info->fw_minor_version == 0 &&
info->fw_turn_number < 1) {
Reported by FlawFinder.
Line: 815
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void myrs_log_event(struct myrs_hba *cs, struct myrs_event *ev)
{
unsigned char msg_buf[MYRS_LINE_BUFFER_SIZE];
int ev_idx = 0, ev_code;
unsigned char ev_type, *ev_msg;
struct Scsi_Host *shost = cs->host;
struct scsi_device *sdev;
struct scsi_sense_hdr sshdr = {0};
Reported by FlawFinder.
Line: 821
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct Scsi_Host *shost = cs->host;
struct scsi_device *sdev;
struct scsi_sense_hdr sshdr = {0};
unsigned char sense_info[4];
unsigned char cmd_specific[4];
if (ev->ev_code == 0x1C) {
if (!scsi_normalize_sense(ev->sense_data, 40, &sshdr)) {
memset(&sshdr, 0x0, sizeof(sshdr));
Reported by FlawFinder.
net/smc/smc_clc.c
22 issues
Line: 36
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SMC_CLC_RECV_BUF_LEN 100
/* eye catcher "SMCR" EBCDIC for CLC messages */
static const char SMC_EYECATCHER[4] = {'\xe2', '\xd4', '\xc3', '\xd9'};
/* eye catcher "SMCD" EBCDIC for CLC messages */
static const char SMCD_EYECATCHER[4] = {'\xe2', '\xd4', '\xc3', '\xc4'};
static u8 smc_hostname[SMC_MAX_HOSTNAME_LEN];
Reported by FlawFinder.
Line: 38
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* eye catcher "SMCR" EBCDIC for CLC messages */
static const char SMC_EYECATCHER[4] = {'\xe2', '\xd4', '\xc3', '\xd9'};
/* eye catcher "SMCD" EBCDIC for CLC messages */
static const char SMCD_EYECATCHER[4] = {'\xe2', '\xd4', '\xc3', '\xc4'};
static u8 smc_hostname[SMC_MAX_HOSTNAME_LEN];
/* check arriving CLC proposal */
static bool smc_clc_msg_prop_valid(struct smc_clc_msg_proposal *pclc)
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(fce, 0, sizeof(*fce));
fce->os_type = SMC_CLC_OS_LINUX;
fce->release = SMC_RELEASE;
memcpy(fce->hostname, smc_hostname, sizeof(smc_hostname));
(*len) += sizeof(*fce);
}
/* check if received message has a correct header length and contains valid
* heading and trailing eyecatchers
Reported by FlawFinder.
Line: 454
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int len;
memset(&dclc, 0, sizeof(dclc));
memcpy(dclc.hdr.eyecatcher, SMC_EYECATCHER, sizeof(SMC_EYECATCHER));
dclc.hdr.type = SMC_CLC_DECLINE;
dclc.hdr.length = htons(sizeof(struct smc_clc_msg_decline));
dclc.hdr.version = version;
dclc.os_type = version == SMC_V1 ? 0 : SMC_CLC_OS_LINUX;
dclc.hdr.typev2 = (peer_diag_info == SMC_CLC_DECL_SYNCERR) ?
Reported by FlawFinder.
Line: 463
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SMC_FIRST_CONTACT_MASK : 0;
if ((!smc->conn.lgr || !smc->conn.lgr->is_smcd) &&
smc_ib_is_valid_local_systemid())
memcpy(dclc.id_for_peer, local_systemid,
sizeof(local_systemid));
dclc.peer_diagnosis = htonl(peer_diag_info);
memcpy(dclc.trl.eyecatcher, SMC_EYECATCHER, sizeof(SMC_EYECATCHER));
memset(&msg, 0, sizeof(msg));
Reported by FlawFinder.
Line: 466
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dclc.id_for_peer, local_systemid,
sizeof(local_systemid));
dclc.peer_diagnosis = htonl(peer_diag_info);
memcpy(dclc.trl.eyecatcher, SMC_EYECATCHER, sizeof(SMC_EYECATCHER));
memset(&msg, 0, sizeof(msg));
vec.iov_base = &dclc;
vec.iov_len = sizeof(struct smc_clc_msg_decline);
len = kernel_sendmsg(smc->clcsock, &msg, &vec, 1,
Reported by FlawFinder.
Line: 531
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* build SMC Proposal CLC message */
memcpy(pclc_base->hdr.eyecatcher, SMC_EYECATCHER,
sizeof(SMC_EYECATCHER));
pclc_base->hdr.type = SMC_CLC_PROPOSAL;
if (smcr_indicated(ini->smc_type_v1)) {
/* add SMC-R specifics */
memcpy(pclc_base->lcl.id_for_peer, local_systemid,
Reported by FlawFinder.
Line: 536
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pclc_base->hdr.type = SMC_CLC_PROPOSAL;
if (smcr_indicated(ini->smc_type_v1)) {
/* add SMC-R specifics */
memcpy(pclc_base->lcl.id_for_peer, local_systemid,
sizeof(local_systemid));
memcpy(pclc_base->lcl.gid, ini->ib_gid, SMC_GID_SIZE);
memcpy(pclc_base->lcl.mac, &ini->ib_dev->mac[ini->ib_port - 1],
ETH_ALEN);
}
Reported by FlawFinder.
Line: 538
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* add SMC-R specifics */
memcpy(pclc_base->lcl.id_for_peer, local_systemid,
sizeof(local_systemid));
memcpy(pclc_base->lcl.gid, ini->ib_gid, SMC_GID_SIZE);
memcpy(pclc_base->lcl.mac, &ini->ib_dev->mac[ini->ib_port - 1],
ETH_ALEN);
}
if (smcd_indicated(ini->smc_type_v1)) {
/* add SMC-D specifics */
Reported by FlawFinder.
Line: 539
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pclc_base->lcl.id_for_peer, local_systemid,
sizeof(local_systemid));
memcpy(pclc_base->lcl.gid, ini->ib_gid, SMC_GID_SIZE);
memcpy(pclc_base->lcl.mac, &ini->ib_dev->mac[ini->ib_port - 1],
ETH_ALEN);
}
if (smcd_indicated(ini->smc_type_v1)) {
/* add SMC-D specifics */
if (ini->ism_dev[0]) {
Reported by FlawFinder.
drivers/net/wireless/ath/ath6kl/cfg80211.c
22 issues
Line: 952
CWE codes:
476
ssid_found = false;
for (j = 0; j < n_ssids; j++) {
if ((match_set[i].ssid.ssid_len ==
ssid_list[j].ssid.ssid_len) &&
(!memcmp(ssid_list[j].ssid.ssid,
match_set[i].ssid.ssid,
match_set[i].ssid.ssid_len))) {
ssid_list[j].flag |= MATCH_SSID_FLAG;
Reported by Cppcheck.
Line: 350
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pos + 2 + pos[1] > ies + ies_len)
break;
if (!(ath6kl_is_wpa_ie(pos) || ath6kl_is_rsn_ie(pos))) {
memcpy(buf + len, pos, 2 + pos[1]);
len += 2 + pos[1];
}
if (ath6kl_is_wps_ie(pos))
ar->connect_ctrl_flags |= CONNECT_WPS_FLAG;
Reported by FlawFinder.
Line: 537
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(vif->ssid, 0, sizeof(vif->ssid));
vif->ssid_len = sme->ssid_len;
memcpy(vif->ssid, sme->ssid, sme->ssid_len);
if (sme->channel)
vif->ch_hint = sme->channel->center_freq;
memset(vif->req_bssid, 0, sizeof(vif->req_bssid));
Reported by FlawFinder.
Line: 578
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key = &vif->keys[sme->key_idx];
key->key_len = sme->key_len;
memcpy(key->key, sme->key, key->key_len);
key->cipher = vif->prwise_crypto;
vif->def_txkey_index = sme->key_idx;
ath6kl_wmi_addkey_cmd(ar->wmi, vif->fw_vif_idx, sme->key_idx,
vif->prwise_crypto,
Reported by FlawFinder.
Line: 717
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
ie[0] = WLAN_EID_SSID;
ie[1] = vif->ssid_len;
memcpy(ie + 2, vif->ssid, vif->ssid_len);
memcpy(ie + 2 + vif->ssid_len, beacon_ie, beacon_ie_len);
bss = cfg80211_inform_bss(ar->wiphy, chan,
CFG80211_BSS_FTYPE_UNKNOWN,
bssid, 0, cap_val, 100,
ie, 2 + vif->ssid_len + beacon_ie_len,
Reported by FlawFinder.
Line: 718
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ie[0] = WLAN_EID_SSID;
ie[1] = vif->ssid_len;
memcpy(ie + 2, vif->ssid, vif->ssid_len);
memcpy(ie + 2 + vif->ssid_len, beacon_ie, beacon_ie_len);
bss = cfg80211_inform_bss(ar->wiphy, chan,
CFG80211_BSS_FTYPE_UNKNOWN,
bssid, 0, cap_val, 100,
ie, 2 + vif->ssid_len + beacon_ie_len,
0, GFP_KERNEL);
Reported by FlawFinder.
Line: 932
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
for (i = 0; i < n_ssids; i++) {
memcpy(ssid_list[i].ssid.ssid,
ssids[i].ssid,
ssids[i].ssid_len);
ssid_list[i].ssid.ssid_len = ssids[i].ssid_len;
if (ssids[i].ssid_len)
Reported by FlawFinder.
Line: 971
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ssid_list[index_to_add].ssid.ssid_len =
match_set[i].ssid.ssid_len;
memcpy(ssid_list[index_to_add].ssid.ssid,
match_set[i].ssid.ssid,
match_set[i].ssid.ssid_len);
ssid_list[index_to_add].flag |= MATCH_SSID_FLAG;
index_to_add++;
}
Reported by FlawFinder.
Line: 1174
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
key->key_len = params->key_len;
memcpy(key->key, params->key, key->key_len);
key->seq_len = seq_len;
memcpy(key->seq, params->seq, key->seq_len);
key->cipher = params->cipher;
switch (key->cipher) {
Reported by FlawFinder.
Line: 1176
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key->key_len = params->key_len;
memcpy(key->key, params->key, key->key_len);
key->seq_len = seq_len;
memcpy(key->seq, params->seq, key->seq_len);
key->cipher = params->cipher;
switch (key->cipher) {
case WLAN_CIPHER_SUITE_WEP40:
case WLAN_CIPHER_SUITE_WEP104:
Reported by FlawFinder.
drivers/scsi/pm8001/pm80xx_hwi.c
22 issues
Line: 104
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pm8001_ha->forensic_info.data_buf.direct_data = buf;
if (pm8001_ha->chip_id == chip_8001) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"Not supported for SPC controller");
return (char *)pm8001_ha->forensic_info.data_buf.direct_data -
(char *)buf;
}
/* initialize variables for very first call from host application */
Reported by FlawFinder.
Line: 174
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* If accumulated length is zero fail the attempt */
if (accum_len == 0) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 0xFFFFFFFF);
return (char *)pm8001_ha->forensic_info.data_buf.direct_data -
(char *)buf;
}
/* Accumulated length is good so start capturing the first data */
Reported by FlawFinder.
Line: 213
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (pm8001_ha->forensic_last_offset >= length_to_read) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 3);
for (index = 0; index <
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
Reported by FlawFinder.
Line: 219
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(
pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", *(temp + index));
}
pm8001_ha->fatal_bar_loc = 0;
Reported by FlawFinder.
Line: 240
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (pm8001_ha->fatal_bar_loc < (64 * 1024)) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->
forensic_info.data_buf.direct_data,
"%08x ", 2);
for (index = 0; index <
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
Reported by FlawFinder.
Line: 247
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4); index++) {
pm8001_ha->forensic_info.data_buf.direct_data
+= sprintf(pm8001_ha->
forensic_info.data_buf.direct_data,
"%08x ", *(temp + index));
}
status = 0;
offset = (int)
Reported by FlawFinder.
Line: 264
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Increment the MEMBASE II Shifting Register value by 0x100.*/
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 2);
for (index = 0; index <
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4) ; index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
Reported by FlawFinder.
Line: 270
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(pm8001_ha->forensic_info.data_buf.direct_len
/ 4) ; index++) {
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(pm8001_ha->
forensic_info.data_buf.direct_data,
"%08x ", *(temp + index));
}
pm8001_ha->fatal_forensic_shift_offset += 0x100;
pm8001_cw32(pm8001_ha, 0, MEMBASE_II_SHIFT_REGISTER,
Reported by FlawFinder.
Line: 325
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg_val);
/* Fail the dump if a timeout occurs */
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(
pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 0xFFFFFFFF);
return((char *)
pm8001_ha->forensic_info.data_buf.direct_data
- (char *)buf);
Reported by FlawFinder.
Line: 349
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reg_val);
/* Fail the dump if a timeout occurs */
pm8001_ha->forensic_info.data_buf.direct_data +=
sprintf(
pm8001_ha->forensic_info.data_buf.direct_data,
"%08x ", 0xFFFFFFFF);
return((char *)pm8001_ha->forensic_info.data_buf.direct_data -
(char *)buf);
}
Reported by FlawFinder.
drivers/s390/block/dasd_fba.c
22 issues
Line: 673
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
"No memory to dump sense data");
return;
}
len = sprintf(page, PRINTK_HEADER
" I/O status report for device %s:\n",
dev_name(&device->cdev->dev));
len += sprintf(page + len, PRINTK_HEADER
" in req: %p CS: 0x%02X DS: 0x%02X\n", req,
irb->scsw.cmd.cstat, irb->scsw.cmd.dstat);
Reported by FlawFinder.
Line: 676
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
len = sprintf(page, PRINTK_HEADER
" I/O status report for device %s:\n",
dev_name(&device->cdev->dev));
len += sprintf(page + len, PRINTK_HEADER
" in req: %p CS: 0x%02X DS: 0x%02X\n", req,
irb->scsw.cmd.cstat, irb->scsw.cmd.dstat);
len += sprintf(page + len, PRINTK_HEADER
" device %s: Failing CCW: %p\n",
dev_name(&device->cdev->dev),
Reported by FlawFinder.
Line: 679
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
len += sprintf(page + len, PRINTK_HEADER
" in req: %p CS: 0x%02X DS: 0x%02X\n", req,
irb->scsw.cmd.cstat, irb->scsw.cmd.dstat);
len += sprintf(page + len, PRINTK_HEADER
" device %s: Failing CCW: %p\n",
dev_name(&device->cdev->dev),
(void *) (addr_t) irb->scsw.cmd.cpa);
if (irb->esw.esw0.erw.cons) {
for (sl = 0; sl < 4; sl++) {
Reported by FlawFinder.
Line: 685
Column: 11
CWE codes:
134
Suggestion:
Make format string constant
(void *) (addr_t) irb->scsw.cmd.cpa);
if (irb->esw.esw0.erw.cons) {
for (sl = 0; sl < 4; sl++) {
len += sprintf(page + len, PRINTK_HEADER
" Sense(hex) %2d-%2d:",
(8 * sl), ((8 * sl) + 7));
for (sct = 0; sct < 8; sct++) {
len += sprintf(page + len, " %02x",
Reported by FlawFinder.
Line: 696
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
len += sprintf(page + len, "\n");
}
} else {
len += sprintf(page + len, PRINTK_HEADER
" SORRY - NO VALID SENSE AVAILABLE\n");
}
printk(KERN_ERR "%s", page);
/* dump the Channel Program */
Reported by FlawFinder.
Line: 706
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
act = req->cpaddr;
for (last = act; last->flags & (CCW_FLAG_CC | CCW_FLAG_DC); last++);
end = min(act + 8, last);
len = sprintf(page, PRINTK_HEADER " Related CP in req: %p\n", req);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
for (count = 0; count < 32 && count < act->count;
Reported by FlawFinder.
Line: 708
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
end = min(act + 8, last);
len = sprintf(page, PRINTK_HEADER " Related CP in req: %p\n", req);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
for (count = 0; count < 32 && count < act->count;
count += sizeof(int))
len += sprintf(page + len, " %08X",
Reported by FlawFinder.
Line: 726
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
len = 0;
if (act < ((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa) - 2) {
act = ((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa) - 2;
len += sprintf(page + len, PRINTK_HEADER "......\n");
}
end = min((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa + 2, last);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
Reported by FlawFinder.
Line: 730
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
}
end = min((struct ccw1 *)(addr_t) irb->scsw.cmd.cpa + 2, last);
while (act <= end) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
for (count = 0; count < 32 && count < act->count;
count += sizeof(int))
len += sprintf(page + len, " %08X",
Reported by FlawFinder.
Line: 745
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
/* print last CCWs */
if (act < last - 2) {
act = last - 2;
len += sprintf(page + len, PRINTK_HEADER "......\n");
}
while (act <= last) {
len += sprintf(page + len, PRINTK_HEADER
" CCW %p: %08X %08X DAT:",
act, ((int *) act)[0], ((int *) act)[1]);
Reported by FlawFinder.