The following issues were found
drivers/irqchip/irq-renesas-intc-irqpin.c
3 issues
Line: 248
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define INTC_IRQ_SENSE_VALID 0x10
#define INTC_IRQ_SENSE(x) (x + INTC_IRQ_SENSE_VALID)
static unsigned char intc_irqpin_sense[IRQ_TYPE_SENSE_MASK + 1] = {
[IRQ_TYPE_EDGE_FALLING] = INTC_IRQ_SENSE(0x00),
[IRQ_TYPE_EDGE_RISING] = INTC_IRQ_SENSE(0x01),
[IRQ_TYPE_LEVEL_LOW] = INTC_IRQ_SENSE(0x02),
[IRQ_TYPE_LEVEL_HIGH] = INTC_IRQ_SENSE(0x03),
[IRQ_TYPE_EDGE_BOTH] = INTC_IRQ_SENSE(0x04),
Reported by FlawFinder.
Line: 49
Column: 18
CWE codes:
120
20
struct intc_irqpin_iomem {
void __iomem *iomem;
unsigned long (*read)(void __iomem *iomem);
void (*write)(void __iomem *iomem, unsigned long data);
int width;
};
struct intc_irqpin_irq {
Reported by FlawFinder.
Line: 102
Column: 12
CWE codes:
120
20
{
struct intc_irqpin_iomem *i = &p->iomem[reg];
return i->read(i->iomem);
}
static inline void intc_irqpin_write(struct intc_irqpin_priv *p,
int reg, unsigned long data)
{
Reported by FlawFinder.
drivers/leds/trigger/ledtrig-oneshot.c
3 issues
Line: 43
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct oneshot_trig_data *oneshot_data = led_trigger_get_drvdata(dev);
return sprintf(buf, "%u\n", oneshot_data->invert);
}
static ssize_t led_invert_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
Line: 73
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct led_classdev *led_cdev = led_trigger_get_led(dev);
return sprintf(buf, "%lu\n", led_cdev->blink_delay_on);
}
static ssize_t led_delay_on_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
Line: 97
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct led_classdev *led_cdev = led_trigger_get_led(dev);
return sprintf(buf, "%lu\n", led_cdev->blink_delay_off);
}
static ssize_t led_delay_off_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
drivers/infiniband/hw/qedr/main.c
3 issues
Line: 388
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
cons_pi = dev->sb_array[i].sb_virt->pi_array;
cnq->hw_cons_ptr = &cons_pi[QED_ROCE_PROTOCOL_INDEX];
cnq->index = i;
sprintf(cnq->name, "qedr%d@pci:%s", i, pci_name(dev->pdev));
DP_DEBUG(dev, QEDR_MSG_INIT, "cnq[%d].cons=%d\n",
i, qed_chain_get_cons_idx(&cnq->pbl));
}
Reported by FlawFinder.
Line: 246
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int rc;
dev->ibdev.node_guid = dev->attr.node_guid;
memcpy(dev->ibdev.node_desc, QEDR_NODE_DESC, sizeof(QEDR_NODE_DESC));
if (IS_IWARP(dev)) {
rc = qedr_iw_register_device(dev);
if (rc)
return rc;
Reported by FlawFinder.
Line: 986
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
guid[6] = mac_addr[4];
guid[7] = mac_addr[5];
sgid->global.subnet_prefix = cpu_to_be64(0xfe80000000000000LL);
memcpy(&sgid->raw[8], guid, sizeof(guid));
/* Update LL2 */
rc = dev->ops->ll2_set_mac_filter(dev->cdev,
dev->gsi_ll2_mac_address,
dev->ndev->dev_addr);
Reported by FlawFinder.
drivers/hwmon/pmbus/max15301.c
3 issues
Line: 34
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct max15301_data {
int id;
ktime_t access; /* Chip access time */
int delay; /* Delay between chip accesses in us */
struct pmbus_driver_info info;
};
#define to_max15301_data(x) container_of(x, struct max15301_data, info)
Reported by FlawFinder.
Line: 62
Column: 49
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static inline void max15301_wait(const struct max15301_data *data)
{
if (data->delay) {
s64 delta = ktime_us_delta(ktime_get(), data->access);
if (delta < data->delay)
udelay(data->delay - delta);
}
}
Reported by FlawFinder.
Line: 159
Column: 42
CWE codes:
126
return status;
}
for (mid = max15301_id; mid->name[0]; mid++) {
if (!strncasecmp(mid->name, device_id, strlen(mid->name)))
break;
}
if (!mid->name[0]) {
dev_err(&client->dev, "Unsupported device\n");
return -ENODEV;
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/subdev/mxm/mxms.c
3 issues
Line: 154
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"GSD", "VSS", "BCS", "FCS",
};
u8 *dump = desc;
char data[32], *ptr;
int i, j;
for (j = headerlen - 1, ptr = data; j >= 0; j--)
ptr += sprintf(ptr, "%02x", dump[j]);
dump += headerlen;
Reported by FlawFinder.
Line: 158
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i, j;
for (j = headerlen - 1, ptr = data; j >= 0; j--)
ptr += sprintf(ptr, "%02x", dump[j]);
dump += headerlen;
nvkm_debug(subdev, "%4s: %s\n", mxms_desc[type], data);
for (i = 0; i < entries; i++, dump += recordlen) {
for (j = recordlen - 1, ptr = data; j >= 0; j--)
Reported by FlawFinder.
Line: 164
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
nvkm_debug(subdev, "%4s: %s\n", mxms_desc[type], data);
for (i = 0; i < entries; i++, dump += recordlen) {
for (j = recordlen - 1, ptr = data; j >= 0; j--)
ptr += sprintf(ptr, "%02x", dump[j]);
nvkm_debug(subdev, " %s\n", data);
}
}
if (types & (1 << type)) {
Reported by FlawFinder.
drivers/leds/trigger/ledtrig-transient.c
3 issues
Line: 48
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct transient_trig_data *transient_data =
led_trigger_get_drvdata(dev);
return sprintf(buf, "%d\n", transient_data->activate);
}
static ssize_t transient_activate_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
Line: 100
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct transient_trig_data *transient_data = led_trigger_get_drvdata(dev);
return sprintf(buf, "%lu\n", transient_data->duration);
}
static ssize_t transient_duration_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
Line: 127
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int state;
state = (transient_data->state == LED_FULL) ? 1 : 0;
return sprintf(buf, "%d\n", state);
}
static ssize_t transient_state_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t size)
{
Reported by FlawFinder.
drivers/infiniband/hw/ocrdma/ocrdma_main.c
3 issues
Line: 69
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u8 mac_addr[6];
memcpy(&mac_addr[0], &dev->nic_info.mac_addr[0], ETH_ALEN);
guid[0] = mac_addr[0] ^ 2;
guid[1] = mac_addr[1];
guid[2] = mac_addr[2];
guid[3] = 0xff;
guid[4] = 0xfe;
Reported by FlawFinder.
Line: 207
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ocrdma_get_guid(dev, (u8 *)&dev->ibdev.node_guid);
BUILD_BUG_ON(sizeof(OCRDMA_NODE_DESC) > IB_DEVICE_NODE_DESC_MAX);
memcpy(dev->ibdev.node_desc, OCRDMA_NODE_DESC,
sizeof(OCRDMA_NODE_DESC));
dev->ibdev.node_type = RDMA_NODE_IB_CA;
dev->ibdev.phys_port_cnt = 1;
dev->ibdev.num_comp_vectors = dev->eq_cnt;
Reported by FlawFinder.
Line: 290
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dev->mbx_cmd)
goto init_err;
memcpy(&dev->nic_info, dev_info, sizeof(*dev_info));
dev->id = PCI_FUNC(dev->nic_info.pdev->devfn);
status = ocrdma_init_hw(dev);
if (status)
goto init_err;
Reported by FlawFinder.
drivers/infiniband/ulp/ipoib/ipoib_multicast.c
3 issues
Line: 603
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(broadcast->mcmember.mgid.raw, priv->dev->broadcast + 4,
sizeof (union ib_gid));
priv->broadcast = broadcast;
__ipoib_mcast_add(dev, priv->broadcast);
}
Reported by FlawFinder.
Line: 781
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
set_bit(IPOIB_MCAST_FLAG_SENDONLY, &mcast->flags);
memcpy(mcast->mcmember.mgid.raw, mgid,
sizeof (union ib_gid));
__ipoib_mcast_add(dev, mcast);
list_add_tail(&mcast->list, &priv->multicast_list);
}
if (skb_queue_len(&mcast->pkt_queue) < IPOIB_MAX_MCAST_QUEUE) {
Reported by FlawFinder.
Line: 907
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ipoib_mcast_addr_is_valid(ha->addr, dev->broadcast))
continue;
memcpy(mgid.raw, ha->addr + 4, sizeof(mgid));
mcast = __ipoib_mcast_find(dev, &mgid);
if (!mcast || test_bit(IPOIB_MCAST_FLAG_SENDONLY, &mcast->flags)) {
struct ipoib_mcast *nmcast;
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/engine/gr/gm200.c
3 issues
Line: 169
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Let's just hardcode them for now.
*/
if (gr->gpc_nr == 2 && gr->tpc_total == 8) {
memcpy(gr->tile, gm200_gr_tile_map_2_8, gr->tpc_total);
gr->screen_tile_row_offset = 1;
} else
if (gr->gpc_nr == 4 && gr->tpc_total == 16) {
memcpy(gr->tile, gm200_gr_tile_map_4_16, gr->tpc_total);
gr->screen_tile_row_offset = 4;
Reported by FlawFinder.
Line: 173
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gr->screen_tile_row_offset = 1;
} else
if (gr->gpc_nr == 4 && gr->tpc_total == 16) {
memcpy(gr->tile, gm200_gr_tile_map_4_16, gr->tpc_total);
gr->screen_tile_row_offset = 4;
} else
if (gr->gpc_nr == 6 && gr->tpc_total == 24) {
memcpy(gr->tile, gm200_gr_tile_map_6_24, gr->tpc_total);
gr->screen_tile_row_offset = 5;
Reported by FlawFinder.
Line: 177
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gr->screen_tile_row_offset = 4;
} else
if (gr->gpc_nr == 6 && gr->tpc_total == 24) {
memcpy(gr->tile, gm200_gr_tile_map_6_24, gr->tpc_total);
gr->screen_tile_row_offset = 5;
} else {
gf100_gr_oneinit_tiles(gr);
}
}
Reported by FlawFinder.
drivers/infiniband/hw/ocrdma/ocrdma.h
3 issues
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 vector;
int cq_cnt;
struct ocrdma_dev *dev;
char irq_name[32];
struct ocrdma_aic_obj aic_obj;
};
struct ocrdma_mq {
struct ocrdma_queue_info sq;
Reported by FlawFinder.
Line: 282
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct be_dev_info nic_info;
struct phy_info phy;
char model_number[32];
u32 hba_port_num;
struct list_head entry;
int id;
u64 *stag_arr;
Reported by FlawFinder.
Line: 538
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (rdma_link_local_addr(&in6))
rdma_get_ll_mac(&in6, mac_addr);
else
memcpy(mac_addr, ah_attr->roce.dmac, ETH_ALEN);
return 0;
}
static inline char *hca_name(struct ocrdma_dev *dev)
{
Reported by FlawFinder.