The following issues were found
drivers/soc/qcom/smp2p.c
3 issues
Line: 183
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t size;
int irq_pin;
u32 status;
char buf[SMP2P_MAX_ENTRY_NAME];
u32 val;
int i;
in = smp2p->in;
Reported by FlawFinder.
Line: 348
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_node *node)
{
struct smp2p_smem_item *out = smp2p->out;
char buf[SMP2P_MAX_ENTRY_NAME] = {};
/* Allocate an entry from the smem item */
strlcpy(buf, entry->name, SMP2P_MAX_ENTRY_NAME);
memcpy(out->entries[out->valid_entries].name, buf, SMP2P_MAX_ENTRY_NAME);
Reported by FlawFinder.
Line: 352
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Allocate an entry from the smem item */
strlcpy(buf, entry->name, SMP2P_MAX_ENTRY_NAME);
memcpy(out->entries[out->valid_entries].name, buf, SMP2P_MAX_ENTRY_NAME);
/* Make the logical entry reference the physical value */
entry->value = &out->entries[out->valid_entries].value;
out->valid_entries++;
Reported by FlawFinder.
drivers/soc/qcom/rmtfs_mem.c
3 issues
Line: 53
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dev);
if (attr == &dev_attr_phys_addr)
return sprintf(buf, "%pa\n", &rmtfs_mem->addr);
if (attr == &dev_attr_size)
return sprintf(buf, "%pa\n", &rmtfs_mem->size);
if (attr == &dev_attr_client_id)
return sprintf(buf, "%d\n", rmtfs_mem->client_id);
Reported by FlawFinder.
Line: 55
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (attr == &dev_attr_phys_addr)
return sprintf(buf, "%pa\n", &rmtfs_mem->addr);
if (attr == &dev_attr_size)
return sprintf(buf, "%pa\n", &rmtfs_mem->size);
if (attr == &dev_attr_client_id)
return sprintf(buf, "%d\n", rmtfs_mem->client_id);
return -EINVAL;
}
Reported by FlawFinder.
Line: 57
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (attr == &dev_attr_size)
return sprintf(buf, "%pa\n", &rmtfs_mem->size);
if (attr == &dev_attr_client_id)
return sprintf(buf, "%d\n", rmtfs_mem->client_id);
return -EINVAL;
}
static struct attribute *qcom_rmtfs_mem_attrs[] = {
Reported by FlawFinder.
drivers/video/backlight/adp8860_bl.c
3 issues
Line: 434
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (error < 0)
return error;
return sprintf(buf, "%u\n", reg_val);
}
static ssize_t adp8860_store(struct device *dev, const char *buf,
size_t count, int reg)
{
Reported by FlawFinder.
Line: 572
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Return 13-bit conversion value for the first light sensor */
ret_val += (reg_val & 0x1F) << 8;
return sprintf(buf, "%u\n", ret_val);
}
static DEVICE_ATTR(ambient_light_level, 0444,
adp8860_bl_ambient_light_level_show, NULL);
static ssize_t adp8860_bl_ambient_light_zone_show(struct device *dev,
Reported by FlawFinder.
Line: 591
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (error < 0)
return error;
return sprintf(buf, "%u\n",
((reg_val >> CFGR_BLV_SHIFT) & CFGR_BLV_MASK) + 1);
}
static ssize_t adp8860_bl_ambient_light_zone_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
drivers/video/backlight/adp8870_bl.c
3 issues
Line: 555
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (error < 0)
return error;
return sprintf(buf, "%u\n", reg_val);
}
static ssize_t adp8870_store(struct device *dev, const char *buf,
size_t count, int reg)
{
Reported by FlawFinder.
Line: 756
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Return 13-bit conversion value for the first light sensor */
ret_val += (reg_val & 0x1F) << 8;
return sprintf(buf, "%u\n", ret_val);
}
static DEVICE_ATTR(ambient_light_level, 0444,
adp8870_bl_ambient_light_level_show, NULL);
static ssize_t adp8870_bl_ambient_light_zone_show(struct device *dev,
Reported by FlawFinder.
Line: 775
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (error < 0)
return error;
return sprintf(buf, "%u\n",
((reg_val >> CFGR_BLV_SHIFT) & CFGR_BLV_MASK) + 1);
}
static ssize_t adp8870_bl_ambient_light_zone_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
drivers/tty/hvc/hvc_vio.c
3 issues
Line: 61
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
hv_protocol_t proto; /* Raw data or HVSI packets */
struct hvsi_priv hvsi; /* HVSI specific data */
spinlock_t buf_lock;
char buf[SIZE_VIO_GET_CHARS];
int left;
int offset;
};
static struct hvterm_priv *hvterm_privs[MAX_NR_HVC_CONSOLES];
/* For early boot console */
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
got = min(count, pv->left);
memcpy(buf, &pv->buf[pv->offset], got);
pv->offset += got;
pv->left -= got;
spin_unlock_irqrestore(&pv->buf_lock, flags);
Reported by FlawFinder.
Line: 230
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void udbg_hvc_putc(char c)
{
int count = -1;
unsigned char bounce_buffer[16];
if (!hvterm_privs[0])
return;
if (c == '\n')
Reported by FlawFinder.
drivers/video/backlight/ili9320.c
3 issues
Line: 30
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
unsigned int reg,
unsigned int value)
{
struct ili9320_spi *spi = &ili->access.spi;
unsigned char *addr = spi->buffer_addr;
unsigned char *data = spi->buffer_data;
/* spi message consits of:
* first byte: ID and operation
Reported by FlawFinder.
Line: 172
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static void ili9320_setup_spi(struct ili9320 *ili,
struct spi_device *dev)
{
struct ili9320_spi *spi = &ili->access.spi;
ili->write = ili9320_write_spi;
spi->dev = dev;
/* fill the two messages we are going to use to send the data
Reported by FlawFinder.
Line: 222
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (ili == NULL)
return -ENOMEM;
ili->access.spi.id = ILI9320_SPI_IDCODE | ILI9320_SPI_ID(1);
ili->dev = dev;
ili->client = client;
ili->power = FB_BLANK_POWERDOWN;
ili->platdata = cfg;
Reported by FlawFinder.
drivers/video/backlight/ili9320.h
3 issues
Line: 40
Column: 4
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct ili9320 {
union {
struct ili9320_spi spi; /* SPI attachged device. */
} access; /* Register access method. */
struct device *dev;
struct lcd_device *lcd; /* LCD device we created. */
struct ili9320_client *client;
struct ili9320_platdata *platdata;
Reported by FlawFinder.
Line: 32
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct spi_transfer xfer[2];
unsigned char id;
unsigned char buffer_addr[4];
unsigned char buffer_data[4];
};
/* ILI9320 device state. */
struct ili9320 {
Reported by FlawFinder.
Line: 33
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char id;
unsigned char buffer_addr[4];
unsigned char buffer_data[4];
};
/* ILI9320 device state. */
struct ili9320 {
union {
Reported by FlawFinder.
drivers/video/backlight/lcd.c
3 issues
Line: 81
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&ld->ops_lock);
if (ld->ops && ld->ops->get_power)
rc = sprintf(buf, "%d\n", ld->ops->get_power(ld));
else
rc = -ENXIO;
mutex_unlock(&ld->ops_lock);
return rc;
Reported by FlawFinder.
Line: 122
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&ld->ops_lock);
if (ld->ops && ld->ops->get_contrast)
rc = sprintf(buf, "%d\n", ld->ops->get_contrast(ld));
mutex_unlock(&ld->ops_lock);
return rc;
}
Reported by FlawFinder.
Line: 158
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct lcd_device *ld = to_lcd_device(dev);
return sprintf(buf, "%d\n", ld->props.max_contrast);
}
static DEVICE_ATTR_RO(max_contrast);
static struct class *lcd_class;
Reported by FlawFinder.
drivers/scsi/pm8001/pm8001_sas.c
3 issues
Line: 1216
CWE codes:
562
task->task_state_flags |= SAS_TASK_STATE_ABORTED;
if (task->slow_task == NULL) {
init_completion(&slow_task.completion);
task->slow_task = &slow_task;
}
spin_unlock_irqrestore(&task->task_state_lock, flags);
if (task->task_proto & SAS_PROTOCOL_SSP) {
struct scsi_cmnd *cmnd = task->uldd_task;
int_to_scsilun(cmnd->device->lun, &lun);
Reported by Cppcheck.
Line: 733
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
task->dev = dev;
task->task_proto = dev->tproto;
memcpy(&task->ssp_task, parameter, para_len);
task->task_done = pm8001_task_done;
task->slow_task->timer.function = pm8001_tmf_timedout;
task->slow_task->timer.expires = jiffies + PM8001_TASK_TIMEOUT*HZ;
add_timer(&task->slow_task->timer);
Reported by FlawFinder.
Line: 910
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!(dev->tproto & SAS_PROTOCOL_SSP))
return TMF_RESP_FUNC_ESUPP;
memcpy((u8 *)&ssp_task.LUN, lun, 8);
return pm8001_exec_internal_tmf_task(dev, &ssp_task, sizeof(ssp_task),
tmf);
}
/* retry commands by ha, by task and/or by device */
Reported by FlawFinder.
drivers/video/fbdev/amba-clcd.c
3 issues
Line: 588
CWE codes:
476
static int clcdfb_snprintf_mode(char *buf, int size, struct fb_videomode *mode)
{
return snprintf(buf, size, "%ux%u@%u", mode->xres, mode->yres,
mode->refresh);
}
static int clcdfb_of_get_backlight(struct device *dev,
struct clcd_panel *clcd_panel)
Reported by Cppcheck.
Line: 588
CWE codes:
476
static int clcdfb_snprintf_mode(char *buf, int size, struct fb_videomode *mode)
{
return snprintf(buf, size, "%ux%u@%u", mode->xres, mode->yres,
mode->refresh);
}
static int clcdfb_of_get_backlight(struct device *dev,
struct clcd_panel *clcd_panel)
Reported by Cppcheck.
Line: 467
Column: 2
CWE codes:
120
fb->fb.flags = FBINFO_FLAG_DEFAULT;
fb->fb.pseudo_palette = fb->cmap;
strncpy(fb->fb.fix.id, clcd_name, sizeof(fb->fb.fix.id));
fb->fb.fix.type = FB_TYPE_PACKED_PIXELS;
fb->fb.fix.type_aux = 0;
fb->fb.fix.xpanstep = 0;
fb->fb.fix.ypanstep = 0;
fb->fb.fix.ywrapstep = 0;
Reported by FlawFinder.