The following issues were found
drivers/md/bcache/bset.c
3 issues
Line: 150
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
if (!old_keys)
memcpy(new_keys, l->inline_keys, sizeof(uint64_t) * oldsize);
l->keys_p = new_keys;
l->top_p = new_keys + oldsize;
return 0;
Reported by FlawFinder.
Line: 190
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUG_ON(i > KEY_PTRS(src));
/* Only copy the header, key, and one pointer. */
memcpy(dest, src, 2 * sizeof(uint64_t));
dest->ptr[0] = src->ptr[i];
SET_KEY_PTRS(dest, 1);
/* We didn't copy the checksum so clear that bit. */
SET_KEY_CSUM(dest, 0);
}
Reported by FlawFinder.
Line: 1277
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
swap(out, b->set->data);
} else {
b->set[start].data->keys = out->keys;
memcpy(b->set[start].data->start, out->start,
(void *) bset_bkey_last(out) - (void *) out->start);
}
if (used_mempool)
mempool_free(virt_to_page(out), &state->pool);
Reported by FlawFinder.
drivers/infiniband/core/cma_configfs.c
3 issues
Line: 146
return !ret ? strnlen(buf, count) : ret;
}
CONFIGFS_ATTR(, default_roce_mode);
static ssize_t default_roce_tos_show(struct config_item *item, char *buf)
{
struct cma_device *cma_dev;
struct cma_dev_port_group *group;
Reported by Cppcheck.
Line: 52
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct cma_dev_group {
char name[IB_DEVICE_NAME_MAX];
struct config_group device_group;
struct config_group ports_group;
struct cma_dev_port_group *ports;
};
Reported by FlawFinder.
Line: 221
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return -ENOMEM;
for (i = 0; i < ports_num; i++) {
char port_str[10];
ports[i].port_num = i + 1;
snprintf(port_str, sizeof(port_str), "%u", i + 1);
ports[i].cma_dev_group = cma_dev_group;
config_group_init_type_name(&ports[i].group,
Reported by FlawFinder.
drivers/hwmon/wm831x-hwmon.c
3 issues
Line: 67
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int channel = to_sensor_dev_attr(attr)->index;
return sprintf(buf, "%s\n", input_names[channel]);
}
#define WM831X_VOLTAGE(id, name) \
static SENSOR_DEVICE_ATTR(in##id##_input, S_IRUGO, show_voltage, \
NULL, name)
Reported by FlawFinder.
Line: 41
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", DIV_ROUND_CLOSEST(ret, 1000));
}
static ssize_t show_chip_temp(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 59
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = 512180 - (ret * 1000);
ret = DIV_ROUND_CLOSEST(ret * 10000, 10983);
return sprintf(buf, "%d\n", ret);
}
static ssize_t show_label(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
drivers/hwmon/max1619.c
3 issues
Line: 145
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct max1619_data *data = max1619_update_device(dev);
return sprintf(buf, "%d\n", temp_from_reg(data->temp[attr->index]));
}
static ssize_t temp_store(struct device *dev,
struct device_attribute *devattr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 172
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
struct max1619_data *data = max1619_update_device(dev);
return sprintf(buf, "%d\n", data->alarms);
}
static ssize_t alarm_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 180
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int bitnr = to_sensor_dev_attr(attr)->index;
struct max1619_data *data = max1619_update_device(dev);
return sprintf(buf, "%d\n", (data->alarms >> bitnr) & 1);
}
static SENSOR_DEVICE_ATTR_RO(temp1_input, temp, t_input1);
static SENSOR_DEVICE_ATTR_RO(temp2_input, temp, t_input2);
static SENSOR_DEVICE_ATTR_RW(temp2_min, temp, t_low2);
Reported by FlawFinder.
drivers/iio/chemical/scd30_core.c
3 issues
Line: 383
Column: 16
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = scd30_command_read(state, CMD_ASC, &val);
mutex_unlock(&state->lock);
return ret ?: sprintf(buf, "%d\n", val);
}
static ssize_t calibration_auto_enable_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t len)
{
Reported by FlawFinder.
Line: 417
Column: 16
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = scd30_command_read(state, CMD_FRC, &val);
mutex_unlock(&state->lock);
return ret ?: sprintf(buf, "%d\n", val);
}
static ssize_t calibration_forced_value_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t len)
{
Reported by FlawFinder.
Line: 607
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
ret = scd30_read_meas(state);
memset(&scan, 0, sizeof(scan));
memcpy(scan.data, state->meas, sizeof(state->meas));
mutex_unlock(&state->lock);
if (ret)
goto out;
iio_push_to_buffers_with_timestamp(indio_dev, &scan, iio_get_time_ns(indio_dev));
Reported by FlawFinder.
drivers/iio/chemical/scd30_serial.c
3 issues
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* | addr | code | bytes | | | | lsb | msb |
* +------+------+--------+-------+-----+-------+-----+-----+
*/
char txbuf[SCD30_SERDEV_MAX_BUF_SIZE] = { SCD30_SERDEV_ADDR },
rxbuf[SCD30_SERDEV_MAX_BUF_SIZE];
int ret, rxsize, txsize = 2;
char *rsp = response;
u16 crc;
Reported by FlawFinder.
Line: 167
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
rxsize -= SCD30_SERDEV_RX_HEADER_SIZE;
memcpy(rsp, rxbuf + SCD30_SERDEV_RX_HEADER_SIZE, rxsize);
break;
default:
dev_err(state->dev, "received unknown op code\n");
return -EIO;
}
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
num = size;
memcpy(priv->buf + priv->num, buf, num);
priv->num += num;
if (priv->num == priv->num_expected) {
priv->buf = NULL;
complete(&priv->meas_ready);
Reported by FlawFinder.
drivers/iio/chemical/sps30_i2c.c
3 issues
Line: 79
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* What follows next are number concentration measurements and
* typical particle size measurement which we omit.
*/
unsigned char buf[SPS30_I2C_MAX_BUF_SIZE];
unsigned char *tmp;
unsigned char crc;
size_t i;
int ret;
Reported by FlawFinder.
Line: 155
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool sps30_i2c_meas_ready(struct sps30_state *state)
{
unsigned char buf[2];
int ret;
ret = sps30_i2c_command(state, SPS30_I2C_MEAS_READY, NULL, 0, buf, sizeof(buf));
if (ret)
return false;
Reported by FlawFinder.
Line: 195
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sps30_i2c_show_info(struct sps30_state *state)
{
/* extra nul just in case */
unsigned char buf[32 + 1] = { 0x00 };
int ret;
ret = sps30_i2c_command(state, SPS30_I2C_READ_SERIAL, NULL, 0, buf, sizeof(buf) - 1);
if (ret)
return ret;
Reported by FlawFinder.
drivers/hwmon/aspeed-pwm-tacho.c
3 issues
Line: 171
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_CDEV_NAME_LEN 16
struct aspeed_cooling_device {
char name[16];
struct aspeed_pwm_tacho_data *priv;
struct thermal_cooling_device *tcdev;
int pwm_port;
u8 *cooling_levels;
u8 max_state;
Reported by FlawFinder.
Line: 602
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int index = sensor_attr->index;
struct aspeed_pwm_tacho_data *priv = dev_get_drvdata(dev);
return sprintf(buf, "%u\n", priv->pwm_port_fan_ctrl[index]);
}
static ssize_t rpm_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 617
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (rpm < 0)
return rpm;
return sprintf(buf, "%d\n", rpm);
}
static umode_t pwm_is_visible(struct kobject *kobj,
struct attribute *a, int index)
{
Reported by FlawFinder.
drivers/hwmon/atxp1.c
3 issues
Line: 83
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
data = atxp1_update_device(dev);
size = sprintf(buf, "%d\n", vid_from_reg(data->reg.vid & ATXP1_VIDMASK,
data->vrm));
return size;
}
Reported by FlawFinder.
Line: 159
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
data = atxp1_update_device(dev);
size = sprintf(buf, "0x%02x\n", data->reg.gpio1 & ATXP1_GPIO1MASK);
return size;
}
static ssize_t gpio1_store(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 204
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
data = atxp1_update_device(dev);
size = sprintf(buf, "0x%02x\n", data->reg.gpio2);
return size;
}
static ssize_t gpio2_store(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
drivers/hwmon/da9055-hwmon.c
3 issues
Line: 201
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t label_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
return sprintf(buf, "%s\n",
input_names[to_sensor_dev_attr(devattr)->index]);
}
static SENSOR_DEVICE_ATTR_RO(in0_input, da9055_auto_ch, DA9055_ADC_VSYS);
static SENSOR_DEVICE_ATTR_RO(in0_label, label, DA9055_ADC_VSYS);
Reported by FlawFinder.
Line: 166
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_unlock(&hwmon->hwmon_lock);
return sprintf(buf, "%d\n", volt_reg_to_mv(adc, channel));
hwmon_err_release:
da9055_disable_auto_mode(hwmon->da9055, channel);
hwmon_err:
mutex_unlock(&hwmon->hwmon_lock);
Reported by FlawFinder.
Line: 194
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* Degrees celsius = -0.4084 * (ADC_RES - T_OFFSET) + 307.6332
* T_OFFSET is a trim value used to improve accuracy of the result
*/
return sprintf(buf, "%d\n", DIV_ROUND_CLOSEST(-4084 * (tjunc - toffset)
+ 3076332, 10000));
}
static ssize_t label_show(struct device *dev,
struct device_attribute *devattr, char *buf)
Reported by FlawFinder.