The following issues were found
drivers/infiniband/hw/mlx5/mr.c
3 issues
Line: 371
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
loff_t *pos)
{
struct mlx5_cache_ent *ent = filp->private_data;
char lbuf[20];
int err;
err = snprintf(lbuf, sizeof(lbuf), "%d\n", ent->total_mrs);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 416
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
loff_t *pos)
{
struct mlx5_cache_ent *ent = filp->private_data;
char lbuf[20];
int err;
err = snprintf(lbuf, sizeof(lbuf), "%d\n", ent->limit);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 693
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < MAX_MR_CACHE_ENTRIES; i++) {
ent = &cache->ent[i];
sprintf(ent->name, "%d", ent->order);
dir = debugfs_create_dir(ent->name, cache->root);
debugfs_create_file("size", 0600, dir, ent, &size_fops);
debugfs_create_file("limit", 0600, dir, ent, &limit_fops);
debugfs_create_u32("cur", 0400, dir, &ent->available_mrs);
debugfs_create_u32("miss", 0600, dir, &ent->miss);
Reported by FlawFinder.
drivers/leds/leds-bd2802.c
3 issues
Line: 437
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
down_read(&led->rwsem);
if (led->adf_on)
ret = sprintf(buf, "on\n");
else
ret = sprintf(buf, "off\n");
up_read(&led->rwsem);
return ret;
Reported by FlawFinder.
Line: 439
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (led->adf_on)
ret = sprintf(buf, "on\n");
else
ret = sprintf(buf, "off\n");
up_read(&led->rwsem);
return ret;
}
Reported by FlawFinder.
Line: 479
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct bd2802_led *led = i2c_get_clientdata(to_i2c_client(dev));\
ssize_t ret; \
down_read(&led->rwsem); \
ret = sprintf(buf, "0x%02x\n", led->attr_name); \
up_read(&led->rwsem); \
return ret; \
} \
static ssize_t bd2802_store_##attr_name(struct device *dev, \
struct device_attribute *attr, const char *buf, size_t count) \
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/engine/fifo/gf100.c
3 issues
Line: 299
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
nvkm_error(subdev,
"%s fault at %010llx engine %02x [%s] client %02x [%s%s] "
"reason %02x [%s] on channel %d [%010llx %s]\n",
info->access ? "write" : "read", info->addr,
info->engine, eu ? eu->name : "",
info->client, gpcid, ec ? ec->name : "",
info->reason, er ? er->name : "", chan ? chan->chid : -1,
info->inst, chan ? chan->object.client->name : "unknown");
Reported by FlawFinder.
Line: 266
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nvkm_engine *engine = NULL;
struct nvkm_fifo_chan *chan;
unsigned long flags;
char gpcid[8] = "";
er = nvkm_enum_find(gf100_fifo_fault_reason, info->reason);
eu = nvkm_enum_find(gf100_fifo_fault_engine, info->engine);
if (info->hub) {
ec = nvkm_enum_find(gf100_fifo_fault_hubclient, info->client);
Reported by FlawFinder.
Line: 418
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nvkm_fifo_chan *chan;
unsigned long flags;
u32 show= stat;
char msg[128];
if (stat & 0x00800000) {
if (device->sw) {
if (nvkm_sw_mthd(device->sw, chid, subc, mthd, data))
show &= ~0x00800000;
Reported by FlawFinder.
drivers/leds/led-triggers.c
3 issues
Line: 86
Column: 7
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_start(args, fmt);
if (size <= 0)
i = vsnprintf(NULL, 0, fmt, args);
else
i = vscnprintf(buf, size, fmt, args);
va_end(args);
return i;
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
down_write(&triggers_list_lock);
/* this assumes that trig->name was originaly allocated to
* non constant storage */
strcpy((char *)trig->name, name);
up_write(&triggers_list_lock);
}
EXPORT_SYMBOL_GPL(led_trigger_rename_static);
/* LED Trigger Interface */
Reported by FlawFinder.
Line: 162
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned long flags;
char *event = NULL;
char *envp[2];
const char *name;
int ret;
if (!led_cdev->trigger && !trig)
return 0;
Reported by FlawFinder.
drivers/gpu/drm/qxl/qxl_ttm.c
3 issues
Line: 244
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
#if defined(CONFIG_DEBUG_FS)
static struct drm_info_list qxl_mem_types_list[QXL_DEBUGFS_MEM_TYPES];
static char qxl_mem_types_names[QXL_DEBUGFS_MEM_TYPES][32];
unsigned int i;
for (i = 0; i < QXL_DEBUGFS_MEM_TYPES; i++) {
if (i == 0)
sprintf(qxl_mem_types_names[i], "qxl_mem_mm");
Reported by FlawFinder.
Line: 249
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < QXL_DEBUGFS_MEM_TYPES; i++) {
if (i == 0)
sprintf(qxl_mem_types_names[i], "qxl_mem_mm");
else
sprintf(qxl_mem_types_names[i], "qxl_surf_mm");
qxl_mem_types_list[i].name = qxl_mem_types_names[i];
qxl_mem_types_list[i].show = &qxl_mm_dump_table;
qxl_mem_types_list[i].driver_features = 0;
Reported by FlawFinder.
Line: 251
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (i == 0)
sprintf(qxl_mem_types_names[i], "qxl_mem_mm");
else
sprintf(qxl_mem_types_names[i], "qxl_surf_mm");
qxl_mem_types_list[i].name = qxl_mem_types_names[i];
qxl_mem_types_list[i].show = &qxl_mm_dump_table;
qxl_mem_types_list[i].driver_features = 0;
if (i == 0)
qxl_mem_types_list[i].data = ttm_manager_type(&qdev->mman.bdev, TTM_PL_VRAM);
Reported by FlawFinder.
drivers/infiniband/hw/mlx5/main.c
3 issues
Line: 1480
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* If possible, pass node desc to FW, so it can generate
* a 144 trap. If cmd fails, just ignore.
*/
memcpy(&in, props->node_desc, IB_DEVICE_NODE_DESC_MAX);
err = mlx5_core_access_reg(dev->mdev, &in, sizeof(in), &out,
sizeof(out), MLX5_REG_NODE_DESC, 0, 1);
if (err)
return err;
Reported by FlawFinder.
Line: 1486
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
return err;
memcpy(ibdev->node_desc, props->node_desc, IB_DEVICE_NODE_DESC_MAX);
return err;
}
static int set_port_caps_atomic(struct mlx5_ib_dev *dev, u32 port_num, u32 mask,
Reported by FlawFinder.
Line: 3113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *pos)
{
struct mlx5_ib_delay_drop *delay_drop = filp->private_data;
char lbuf[20];
int len;
len = snprintf(lbuf, sizeof(lbuf), "%u\n", delay_drop->timeout);
return simple_read_from_buffer(buf, count, pos, lbuf, len);
}
Reported by FlawFinder.
drivers/gpu/drm/radeon/atom-names.h
3 issues
Line: 33
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef ATOM_DEBUG
#define ATOM_OP_NAMES_CNT 123
static char *atom_op_names[ATOM_OP_NAMES_CNT] = {
"RESERVED", "MOVE_REG", "MOVE_PS", "MOVE_WS", "MOVE_FB", "MOVE_PLL",
"MOVE_MC", "AND_REG", "AND_PS", "AND_WS", "AND_FB", "AND_PLL", "AND_MC",
"OR_REG", "OR_PS", "OR_WS", "OR_FB", "OR_PLL", "OR_MC", "SHIFT_LEFT_REG",
"SHIFT_LEFT_PS", "SHIFT_LEFT_WS", "SHIFT_LEFT_FB", "SHIFT_LEFT_PLL",
"SHIFT_LEFT_MC", "SHIFT_RIGHT_REG", "SHIFT_RIGHT_PS", "SHIFT_RIGHT_WS",
Reported by FlawFinder.
Line: 59
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
#define ATOM_TABLE_NAMES_CNT 74
static char *atom_table_names[ATOM_TABLE_NAMES_CNT] = {
"ASIC_Init", "GetDisplaySurfaceSize", "ASIC_RegistersInit",
"VRAM_BlockVenderDetection", "SetClocksRatio", "MemoryControllerInit",
"GPIO_PinInit", "MemoryParamAdjust", "DVOEncoderControl",
"GPIOPinControl", "SetEngineClock", "SetMemoryClock", "SetPixelClock",
"DynamicClockGating", "ResetMemoryDLL", "ResetMemoryDevice",
Reported by FlawFinder.
Line: 88
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
#define ATOM_IO_NAMES_CNT 5
static char *atom_io_names[ATOM_IO_NAMES_CNT] = {
"MM", "PLL", "MC", "PCIE", "PCIE PORT",
};
#else
Reported by FlawFinder.
drivers/gpu/drm/radeon/atom.c
3 issues
Line: 1270
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct atom_context *ctx =
kzalloc(sizeof(struct atom_context), GFP_KERNEL);
char *str;
char name[512];
int i;
if (!ctx)
return NULL;
Reported by FlawFinder.
Line: 1286
Column: 7
CWE codes:
126
}
if (strncmp
(CSTR(ATOM_ATI_MAGIC_PTR), ATOM_ATI_MAGIC,
strlen(ATOM_ATI_MAGIC))) {
pr_info("Invalid ATI magic\n");
kfree(ctx);
return NULL;
}
Reported by FlawFinder.
Line: 1295
Column: 7
CWE codes:
126
base = CU16(ATOM_ROM_TABLE_PTR);
if (strncmp
(CSTR(base + ATOM_ROM_MAGIC_PTR), ATOM_ROM_MAGIC,
strlen(ATOM_ROM_MAGIC))) {
pr_info("Invalid ATOM magic\n");
kfree(ctx);
return NULL;
}
Reported by FlawFinder.
drivers/infiniband/ulp/rtrs/rtrs-srv.c
3 issues
Line: 1726
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct rtrs_srv_sess *sess;
int err = -ENOMEM;
char str[NAME_MAX];
struct rtrs_addr path;
if (srv->paths_num >= MAX_PATHS_NUM) {
err = -ECONNRESET;
goto err;
Reported by FlawFinder.
Line: 774
Column: 36
CWE codes:
126
}
list_for_each_entry(sess, &srv->paths_list, s.entry) {
if (strlen(sess->s.sessname) == strlen(sessname) &&
!strcmp(sess->s.sessname, sessname)) {
found = true;
break;
}
}
Reported by FlawFinder.
Line: 774
Column: 8
CWE codes:
126
}
list_for_each_entry(sess, &srv->paths_list, s.entry) {
if (strlen(sess->s.sessname) == strlen(sessname) &&
!strcmp(sess->s.sessname, sessname)) {
found = true;
break;
}
}
Reported by FlawFinder.
drivers/gpu/drm/nouveau/nvkm/engine/falcon.c
3 issues
Line: 173
/* wait for 'uc halted' to be signalled before continuing */
if (falcon->secret && falcon->version < 4) {
if (!falcon->version) {
nvkm_msec(device, 2000,
if (nvkm_rd32(device, base + 0x008) & 0x00000010)
break;
);
} else {
nvkm_msec(device, 2000,
Reported by Cppcheck.
Line: 124
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *p = vmalloc(len);
if (p)
memcpy(p, src, len);
return p;
}
static int
nvkm_falcon_oneinit(struct nvkm_engine *engine)
Reported by FlawFinder.
Line: 166
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct nvkm_subdev *subdev = &falcon->engine.subdev;
struct nvkm_device *device = subdev->device;
const struct firmware *fw;
char name[32] = "internal";
const u32 base = falcon->addr;
int ret, i;
/* wait for 'uc halted' to be signalled before continuing */
if (falcon->secret && falcon->version < 4) {
Reported by FlawFinder.