The following issues were found
drivers/gpu/drm/i915/i915_perf_types.h
3 issues
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i915_oa_config {
struct i915_perf *perf;
char uuid[UUID_STRING_LEN + 1];
int id;
const struct i915_oa_reg *mux_regs;
u32 mux_regs_len;
const struct i915_oa_reg *b_counter_regs;
Reported by FlawFinder.
Line: 117
Column: 8
CWE codes:
120
20
* -%ENOSPC or -%EFAULT, even though these may be squashed before
* returning to userspace.
*/
int (*read)(struct i915_perf_stream *stream,
char __user *buf,
size_t count,
size_t *offset);
/**
Reported by FlawFinder.
Line: 368
Column: 8
CWE codes:
120
20
* @read: Copy data from the circular OA buffer into a given userspace
* buffer.
*/
int (*read)(struct i915_perf_stream *stream,
char __user *buf,
size_t count,
size_t *offset);
/**
Reported by FlawFinder.
drivers/hwmon/powr1220.c
3 issues
Line: 201
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(dev_attr);
return sprintf(buf, "%s\n", input_names[attr->index]);
}
static SENSOR_DEVICE_ATTR_RO(in0_input, powr1220_voltage, VMON1);
static SENSOR_DEVICE_ATTR_RO(in1_input, powr1220_voltage, VMON2);
static SENSOR_DEVICE_ATTR_RO(in2_input, powr1220_voltage, VMON3);
Reported by FlawFinder.
Line: 181
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (adc_val < 0)
return adc_val;
return sprintf(buf, "%d\n", adc_val);
}
/* Shows the maximum setting associated with the specified ADC channel */
static ssize_t powr1220_max_show(struct device *dev,
struct device_attribute *dev_attr, char *buf)
Reported by FlawFinder.
Line: 191
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(dev_attr);
struct powr1220_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", data->adc_maxes[attr->index]);
}
/* Shows the label associated with the specified ADC channel */
static ssize_t powr1220_label_show(struct device *dev,
struct device_attribute *dev_attr,
Reported by FlawFinder.
drivers/hwmon/pmbus/zl6100.c
3 issues
Line: 25
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct zl6100_data {
int id;
ktime_t access; /* chip access time */
int delay; /* Delay between chip accesses in uS */
struct pmbus_driver_info info;
};
#define to_zl6100_data(x) container_of(x, struct zl6100_data, info)
Reported by FlawFinder.
Line: 129
Column: 49
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static inline void zl6100_wait(const struct zl6100_data *data)
{
if (data->delay) {
s64 delta = ktime_us_delta(ktime_get(), data->access);
if (delta < data->delay)
udelay(data->delay - delta);
}
}
Reported by FlawFinder.
Line: 342
Column: 42
CWE codes:
126
mid = NULL;
for (mid = zl6100_id; mid->name[0]; mid++) {
if (!strncasecmp(mid->name, device_id, strlen(mid->name)))
break;
}
if (!mid->name[0]) {
dev_err(&client->dev, "Unsupported device\n");
return -ENODEV;
Reported by FlawFinder.
drivers/hwmon/ds1621.c
3 issues
Line: 229
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(da);
struct ds1621_data *data = ds1621_update_client(dev);
return sprintf(buf, "%d\n",
DS1621_TEMP_FROM_REG(data->temp[attr->index]));
}
static ssize_t temp_store(struct device *dev, struct device_attribute *da,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 257
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
struct ds1621_data *data = ds1621_update_client(dev);
return sprintf(buf, "%d\n", ALARMS_FROM_REG(data->conf));
}
static ssize_t alarm_show(struct device *dev, struct device_attribute *da,
char *buf)
{
Reported by FlawFinder.
Line: 265
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(da);
struct ds1621_data *data = ds1621_update_client(dev);
return sprintf(buf, "%d\n", !!(data->conf & attr->index));
}
static ssize_t update_interval_show(struct device *dev,
struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
drivers/infiniband/hw/qib/qib_7220.h
3 issues
Line: 72
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 updthresh_dflt; /* default AvailUpdThld */
u8 presets_needed;
u8 relock_timer_active;
char emsgbuf[128];
char sdmamsgbuf[192];
char bitsmsgbuf[64];
struct timer_list relock_timer;
unsigned int relock_interval; /* in jiffies */
struct qib_devdata *dd;
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 presets_needed;
u8 relock_timer_active;
char emsgbuf[128];
char sdmamsgbuf[192];
char bitsmsgbuf[64];
struct timer_list relock_timer;
unsigned int relock_interval; /* in jiffies */
struct qib_devdata *dd;
};
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 relock_timer_active;
char emsgbuf[128];
char sdmamsgbuf[192];
char bitsmsgbuf[64];
struct timer_list relock_timer;
unsigned int relock_interval; /* in jiffies */
struct qib_devdata *dd;
};
Reported by FlawFinder.
drivers/hwmon/emc1403.c
3 issues
Line: 46
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
retval = regmap_read(data->regmap, sda->index, &val);
if (retval < 0)
return retval;
return sprintf(buf, "%d000\n", val);
}
static ssize_t bit_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 60
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
retval = regmap_read(data->regmap, sda->nr, &val);
if (retval < 0)
return retval;
return sprintf(buf, "%d\n", !!(val & sda->index));
}
static ssize_t temp_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 117
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (retval < 0)
return retval;
return sprintf(buf, "%d000\n", is_min ? limit + hyst : limit - hyst);
}
static ssize_t hyst_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
drivers/iio/common/ssp_sensors/ssp_iio.c
3 issues
Line: 83
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*
* it always sends full set of samples, remember about available masks
*/
memcpy(spd->buffer, buf, len);
if (indio_dev->scan_timestamp) {
memcpy(&time, &((char *)buf)[len], SSP_TIME_SIZE);
calculated_time =
timestamp + (int64_t)le32_to_cpu(time) * 1000000;
Reported by FlawFinder.
Line: 86
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
memcpy(spd->buffer, buf, len);
if (indio_dev->scan_timestamp) {
memcpy(&time, &((char *)buf)[len], SSP_TIME_SIZE);
calculated_time =
timestamp + (int64_t)le32_to_cpu(time) * 1000000;
}
return iio_push_to_buffers_with_timestamp(indio_dev, spd->buffer,
Reported by FlawFinder.
Line: 86
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(spd->buffer, buf, len);
if (indio_dev->scan_timestamp) {
memcpy(&time, &((char *)buf)[len], SSP_TIME_SIZE);
calculated_time =
timestamp + (int64_t)le32_to_cpu(time) * 1000000;
}
return iio_push_to_buffers_with_timestamp(indio_dev, spd->buffer,
Reported by FlawFinder.
drivers/hwmon/emc6w201.c
3 issues
Line: 186
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int sf = to_sensor_dev_attr_2(devattr)->index;
int nr = to_sensor_dev_attr_2(devattr)->nr;
return sprintf(buf, "%u\n",
(unsigned)data->in[sf][nr] * nominal_mv[nr] / 0xC0);
}
static ssize_t in_store(struct device *dev, struct device_attribute *devattr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 225
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int sf = to_sensor_dev_attr_2(devattr)->index;
int nr = to_sensor_dev_attr_2(devattr)->nr;
return sprintf(buf, "%d\n", (int)data->temp[sf][nr] * 1000);
}
static ssize_t temp_store(struct device *dev,
struct device_attribute *devattr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 270
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
rpm = 5400000U / data->fan[sf][nr];
return sprintf(buf, "%u\n", rpm);
}
static ssize_t fan_store(struct device *dev, struct device_attribute *devattr,
const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/hwmon/pmbus/ucd9000.c
3 issues
Line: 410
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i2c_client *client = file->private_data;
u8 buffer[I2C_SMBUS_BLOCK_MAX];
char str[(I2C_SMBUS_BLOCK_MAX * 2) + 2];
char *res;
int rc;
rc = ucd9000_get_mfr_status(client, buffer);
if (rc < 0)
Reported by FlawFinder.
Line: 438
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dentry *debugfs;
struct ucd9000_debugfs_entry *entries;
int i, gpi_count;
char name[UCD9000_DEBUGFS_NAME_LEN];
debugfs = pmbus_get_debugfs_dir(client);
if (!debugfs)
return -ENOENT;
Reported by FlawFinder.
Line: 514
Column: 45
CWE codes:
126
dev_info(&client->dev, "Device ID %s\n", block_buffer);
for (mid = ucd9000_id; mid->name[0]; mid++) {
if (!strncasecmp(mid->name, block_buffer, strlen(mid->name)))
break;
}
if (!mid->name[0]) {
dev_err(&client->dev, "Unsupported device\n");
return -ENODEV;
Reported by FlawFinder.
drivers/iio/common/ssp_sensors/ssp_spi.c
3 issues
Line: 99
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->length = len;
msg->options = opt;
memcpy(msg->buffer, &h, SSP_HEADER_SIZE);
return msg;
}
/*
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void ssp_fill_buffer(struct ssp_msg *m, unsigned int offset,
const void *src, unsigned int len)
{
memcpy(&m->buffer[SSP_HEADER_SIZE_ALIGNED + offset], src, len);
}
static inline void ssp_get_buffer(struct ssp_msg *m, unsigned int offset,
void *dest, unsigned int len)
{
Reported by FlawFinder.
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void ssp_get_buffer(struct ssp_msg *m, unsigned int offset,
void *dest, unsigned int len)
{
memcpy(dest, &m->buffer[SSP_HEADER_SIZE_ALIGNED + offset], len);
}
#define SSP_GET_BUFFER_AT_INDEX(m, index) \
(m->buffer[SSP_HEADER_SIZE_ALIGNED + index])
#define SSP_SET_BUFFER_AT_INDEX(m, index, val) \
Reported by FlawFinder.