The following issues were found
drivers/infiniband/hw/usnic/usnic_fwd.h
3 issues
Line: 57
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* which cannot be changed.
*/
bool link_up;
char mac[ETH_ALEN];
unsigned int mtu;
__be32 inaddr;
char name[IFNAMSIZ];
};
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char mac[ETH_ALEN];
unsigned int mtu;
__be32 inaddr;
char name[IFNAMSIZ];
};
struct usnic_fwd_flow {
uint32_t flow_id;
struct usnic_fwd_dev *ufdev;
Reported by FlawFinder.
Line: 77
Column: 53
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usnic_fwd_dev *usnic_fwd_dev_alloc(struct pci_dev *pdev);
void usnic_fwd_dev_free(struct usnic_fwd_dev *ufdev);
void usnic_fwd_set_mac(struct usnic_fwd_dev *ufdev, char mac[ETH_ALEN]);
void usnic_fwd_add_ipaddr(struct usnic_fwd_dev *ufdev, __be32 inaddr);
void usnic_fwd_del_ipaddr(struct usnic_fwd_dev *ufdev);
void usnic_fwd_carrier_up(struct usnic_fwd_dev *ufdev);
void usnic_fwd_carrier_down(struct usnic_fwd_dev *ufdev);
void usnic_fwd_set_mtu(struct usnic_fwd_dev *ufdev, unsigned int mtu);
Reported by FlawFinder.
drivers/infiniband/hw/qib/qib_user_sdma.c
3 issues
Line: 114
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t sent_lock ____cacheline_aligned_in_smp;
/* headers with expected length are allocated from here... */
char header_cache_name[64];
struct dma_pool *header_cache;
/* packets are allocated from the slab cache... */
char pkt_slab_name[64];
struct kmem_cache *pkt_slab;
Reported by FlawFinder.
Line: 118
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dma_pool *header_cache;
/* packets are allocated from the slab cache... */
char pkt_slab_name[64];
struct kmem_cache *pkt_slab;
/* as packets go on the queued queue, they are counted... */
u32 counter;
u32 sent_counter;
Reported by FlawFinder.
Line: 440
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy the previous sdma header to new sdma header */
pbc16 = (__le16 *)pkt->addr[pkt->index].kvaddr;
memcpy(pbcvaddr, pbc16, pbclen);
/* Modify the previous sdma header */
hdr = (struct qib_message_header *)&pbc16[4];
/* New pbc length */
Reported by FlawFinder.
drivers/infiniband/hw/qib/qib_sysfs.c
3 issues
Line: 239
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return count;
spin_lock(&ppd->cc_shadow_lock);
memcpy(buf, ppd->ccti_entries_shadow, count);
spin_unlock(&ppd->cc_shadow_lock);
return count;
}
static BIN_ATTR_RO(cc_table_bin, PAGE_SIZE);
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return count;
spin_lock(&ppd->cc_shadow_lock);
memcpy(buf, ppd->congestion_entries_shadow, count);
spin_unlock(&ppd->cc_shadow_lock);
return count;
}
static BIN_ATTR_RO(cc_setting_bin, PAGE_SIZE);
Reported by FlawFinder.
Line: 186
Column: 8
CWE codes:
126
if (any)
strlcat(buf, "\n", PAGE_SIZE);
ret = strlen(buf);
bail:
return ret;
}
static IB_PORT_ATTR_RO(status_str);
Reported by FlawFinder.
drivers/leds/trigger/ledtrig-gpio.c
3 issues
Line: 53
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct gpio_trig_data *gpio_data = led_trigger_get_drvdata(dev);
return sprintf(buf, "%u\n", gpio_data->desired_brightness);
}
static ssize_t gpio_trig_brightness_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t n)
{
Reported by FlawFinder.
Line: 81
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct gpio_trig_data *gpio_data = led_trigger_get_drvdata(dev);
return sprintf(buf, "%u\n", gpio_data->inverted);
}
static ssize_t gpio_trig_inverted_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t n)
{
Reported by FlawFinder.
Line: 115
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct gpio_trig_data *gpio_data = led_trigger_get_drvdata(dev);
return sprintf(buf, "%u\n", gpio_data->gpio);
}
static ssize_t gpio_trig_gpio_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t n)
{
Reported by FlawFinder.
drivers/infiniband/hw/qib/qib_qsfp.c
3 issues
Line: 432
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
const char * const qib_qsfp_devtech[16] = {
"850nm VCSEL", "1310nm VCSEL", "1550nm VCSEL", "1310nm FP",
"1310nm DFB", "1550nm DFB", "1310nm EML", "1550nm EML",
"Cu Misc", "1490nm DFB", "Cu NoEq", "Cu Eq",
"Undef", "Cu Active BothEq", "Cu FarEq", "Cu NearEq"
};
Reported by FlawFinder.
Line: 492
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct qib_qsfp_cache cd;
u8 bin_buff[QSFP_DUMP_CHUNK];
char lenstr[6];
int sofar, ret;
int bidx = 0;
sofar = 0;
ret = qib_refresh_qsfp_cache(ppd, &cd);
Reported by FlawFinder.
Line: 504
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
lenstr[0] = ' ';
lenstr[1] = '\0';
if (QSFP_IS_CU(cd.tech))
sprintf(lenstr, "%dM ", cd.len);
sofar += scnprintf(buf + sofar, len - sofar, "PWR:%.3sW\n", pwr_codes +
(QSFP_PWR(cd.pwr) * 4));
sofar += scnprintf(buf + sofar, len - sofar, "TECH:%s%s\n", lenstr,
Reported by FlawFinder.
drivers/hwmon/g760a.c
3 issues
Line: 117
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rpm = rpm_from_cnt(data->act_cnt, data->clk, data->fan_div);
mutex_unlock(&data->update_lock);
return sprintf(buf, "%d\n", rpm);
}
static ssize_t fan1_alarm_show(struct device *dev,
struct device_attribute *da, char *buf)
{
Reported by FlawFinder.
Line: 127
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int fan_alarm = (data->fan_sta & G760A_REG_FAN_STA_RPM_OFF) ? 1 : 0;
return sprintf(buf, "%d\n", fan_alarm);
}
static ssize_t pwm1_show(struct device *dev, struct device_attribute *da,
char *buf)
{
Reported by FlawFinder.
Line: 135
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct g760a_data *data = g760a_update_client(dev);
return sprintf(buf, "%d\n", PWM_FROM_CNT(data->set_cnt));
}
static ssize_t pwm1_store(struct device *dev, struct device_attribute *da,
const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/leds/leds-wm831x-status.c
3 issues
Line: 170
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < ARRAY_SIZE(led_src_texts); i++)
if (i == led->src)
ret += sprintf(&buf[ret], "[%s] ", led_src_texts[i]);
else
ret += sprintf(&buf[ret], "%s ", led_src_texts[i]);
mutex_unlock(&led->mutex);
Reported by FlawFinder.
Line: 172
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (i == led->src)
ret += sprintf(&buf[ret], "[%s] ", led_src_texts[i]);
else
ret += sprintf(&buf[ret], "%s ", led_src_texts[i]);
mutex_unlock(&led->mutex);
ret += sprintf(&buf[ret], "\n");
Reported by FlawFinder.
Line: 176
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_unlock(&led->mutex);
ret += sprintf(&buf[ret], "\n");
return ret;
}
static ssize_t src_store(struct device *dev,
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/subdev/acr/lsfw.c
3 issues
Line: 235
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto done;
}
memcpy(lsfw->img.data, bldata, lsfw->bootloader_size);
memcpy(lsfw->img.data + lsfw->app_start_offset +
lsfw->app_resident_code_offset, inst->data, inst->size);
memcpy(lsfw->img.data + lsfw->app_start_offset +
lsfw->app_resident_data_offset, data->data, data->size);
Reported by FlawFinder.
Line: 236
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(lsfw->img.data, bldata, lsfw->bootloader_size);
memcpy(lsfw->img.data + lsfw->app_start_offset +
lsfw->app_resident_code_offset, inst->data, inst->size);
memcpy(lsfw->img.data + lsfw->app_start_offset +
lsfw->app_resident_data_offset, data->data, data->size);
lsfw->ucode_size = ALIGN(lsfw->app_resident_data_offset, 256) +
Reported by FlawFinder.
Line: 238
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(lsfw->img.data, bldata, lsfw->bootloader_size);
memcpy(lsfw->img.data + lsfw->app_start_offset +
lsfw->app_resident_code_offset, inst->data, inst->size);
memcpy(lsfw->img.data + lsfw->app_start_offset +
lsfw->app_resident_data_offset, data->data, data->size);
lsfw->ucode_size = ALIGN(lsfw->app_resident_data_offset, 256) +
lsfw->bootloader_size;
lsfw->data_size = lsfw->app_size + lsfw->bootloader_size -
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/subdev/acr/gm200.c
3 issues
Line: 119
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (WARN_ON(lsfw->sig->size != sizeof(hdr.signature)))
return -EINVAL;
memcpy(&hdr.signature, lsfw->sig->data, lsfw->sig->size);
gm200_acr_wpr_build_lsb_tail(lsfw, &hdr.tail);
nvkm_wobj(acr->wpr, lsfw->offset.lsb, &hdr, sizeof(hdr));
return 0;
}
Reported by FlawFinder.
Line: 304
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hsfw->sig.patch_loc) {
if (!falcon->debug) {
nvkm_debug(subdev, "patching production signature\n");
memcpy(hsfw->image + hsfw->sig.patch_loc,
hsfw->sig.prod.data,
hsfw->sig.prod.size);
} else {
nvkm_debug(subdev, "patching debug signature\n");
memcpy(hsfw->image + hsfw->sig.patch_loc,
Reported by FlawFinder.
Line: 309
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hsfw->sig.prod.size);
} else {
nvkm_debug(subdev, "patching debug signature\n");
memcpy(hsfw->image + hsfw->sig.patch_loc,
hsfw->sig.dbg.data,
hsfw->sig.dbg.size);
}
}
Reported by FlawFinder.
drivers/infiniband/hw/qib/qib_debugfs.c
3 issues
Line: 73
CWE codes:
908
{
struct qib_opcode_stats_perctx *opstats;
if (*pos >= ARRAY_SIZE(opstats->stats))
return NULL;
return pos;
}
static void *_opcode_stats_seq_next(struct seq_file *s, void *v, loff_t *pos)
Reported by Cppcheck.
Line: 83
CWE codes:
908
struct qib_opcode_stats_perctx *opstats;
++*pos;
if (*pos >= ARRAY_SIZE(opstats->stats))
return NULL;
return pos;
}
Reported by Cppcheck.
Line: 244
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void qib_dbg_ibdev_init(struct qib_ibdev *ibd)
{
struct dentry *root;
char name[10];
snprintf(name, sizeof(name), "qib%d", dd_from_dev(ibd)->unit);
root = debugfs_create_dir(name, qib_dbg_root);
ibd->qib_ibdev_dbg = root;
Reported by FlawFinder.