The following issues were found
drivers/hwmon/i5500_temp.c
3 issues
Line: 49
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pci_read_config_byte(pdev, REG_TSFSC, &tsfsc);
temp = ((long)tsthrhi - tsfsc) * 500;
return sprintf(buf, "%ld\n", temp);
}
static ssize_t thresh_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 63
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pci_read_config_word(pdev, reg, &tsthr);
temp = tsthr * 500;
return sprintf(buf, "%ld\n", temp);
}
static ssize_t alarm_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 74
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u8 ctsts;
pci_read_config_byte(pdev, REG_CTSTS, &ctsts);
return sprintf(buf, "%u\n", (unsigned int)ctsts & (1 << nr));
}
static DEVICE_ATTR_RO(temp1_input);
static SENSOR_DEVICE_ATTR_RO(temp1_crit, thresh, 0xE2);
static SENSOR_DEVICE_ATTR_RO(temp1_max_hyst, thresh, 0xEC);
Reported by FlawFinder.
drivers/input/mouse/psmouse.h
3 issues
Line: 97
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *vendor;
const char *name;
const struct psmouse_protocol *protocol;
unsigned char packet[8];
unsigned char badbyte;
unsigned char pktcnt;
unsigned char pktsize;
unsigned char oob_data_type;
unsigned char extra_buttons;
Reported by FlawFinder.
Line: 109
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long out_of_sync_cnt;
unsigned long num_resyncs;
enum psmouse_state state;
char devname[64];
char phys[32];
unsigned int rate;
unsigned int resolution;
unsigned int resetafter;
Reported by FlawFinder.
Line: 110
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long num_resyncs;
enum psmouse_state state;
char devname[64];
char phys[32];
unsigned int rate;
unsigned int resolution;
unsigned int resetafter;
unsigned int resync_time;
Reported by FlawFinder.
drivers/input/mouse/synaptics_usb.c
3 issues
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* input device related data structures */
struct input_dev *input;
char name[128];
char phys[64];
/* characteristics of the device */
unsigned long flags;
};
Reported by FlawFinder.
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* input device related data structures */
struct input_dev *input;
char name[128];
char phys[64];
/* characteristics of the device */
unsigned long flags;
};
Reported by FlawFinder.
Line: 366
Column: 7
CWE codes:
126
strlcat(synusb->name, udev->product, sizeof(synusb->name));
}
if (!strlen(synusb->name))
snprintf(synusb->name, sizeof(synusb->name),
"USB Synaptics Device %04x:%04x",
le16_to_cpu(udev->descriptor.idVendor),
le16_to_cpu(udev->descriptor.idProduct));
Reported by FlawFinder.
drivers/input/mouse/vsxxxaa.c
3 issues
Line: 105
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct input_dev *dev;
struct serio *serio;
#define BUFLEN 15 /* At least 5 is needed for a full tablet packet */
unsigned char buf[BUFLEN];
unsigned char count;
unsigned char version;
unsigned char country;
unsigned char type;
char name[64];
Reported by FlawFinder.
Line: 110
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char version;
unsigned char country;
unsigned char type;
char name[64];
char phys[32];
};
static void vsxxxaa_drop_bytes(struct vsxxxaa *mouse, int num)
{
Reported by FlawFinder.
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char country;
unsigned char type;
char name[64];
char phys[32];
};
static void vsxxxaa_drop_bytes(struct vsxxxaa *mouse, int num)
{
if (num >= mouse->count) {
Reported by FlawFinder.
drivers/gpu/drm/msm/edp/edp_aux.c
3 issues
Line: 55
Column: 6
CWE codes:
120
20
/* Pack cmd and write to HW */
data[0] = (msg->address >> 16) & 0xf; /* addr[19:16] */
if (read)
data[0] |= BIT(4); /* R/W */
data[1] = (msg->address >> 8) & 0xff; /* addr[15:8] */
data[2] = msg->address & 0xff; /* addr[7:0] */
data[3] = (msg->size - 1) & 0xff; /* len[7:0] */
Reported by FlawFinder.
drivers/isdn/hardware/mISDN/netjet.c
3 issues
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tiger_hw {
struct list_head list;
struct pci_dev *pdev;
char name[MISDN_MAX_IDLEN];
enum nj_types typ;
int irq;
u32 irqcnt;
u32 base;
size_t base_s;
Reported by FlawFinder.
Line: 84
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 auxd;
u8 last_is0;
u8 irqmask0;
char log[LOG_SIZE];
};
static LIST_HEAD(Cards);
static DEFINE_RWLOCK(card_lock); /* protect Cards */
static u32 debug;
Reported by FlawFinder.
Line: 883
Column: 21
CWE codes:
362
case OPEN_CHANNEL:
rq = arg;
if (rq->protocol == ISDN_P_TE_S0)
err = card->isac.open(&card->isac, rq);
else
err = open_bchannel(card, rq);
if (err)
break;
if (!try_module_get(THIS_MODULE))
Reported by FlawFinder.
drivers/infiniband/core/verbs.c
3 issues
Line: 729
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
if (net_type == RDMA_NETWORK_IPV4) {
memcpy(&src_in.sin_addr.s_addr,
&hdr->roce4grh.saddr, 4);
memcpy(&dst_in.sin_addr.s_addr,
&hdr->roce4grh.daddr, 4);
src_saddr = src_in.sin_addr.s_addr;
dst_saddr = dst_in.sin_addr.s_addr;
Reported by FlawFinder.
Line: 731
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (net_type == RDMA_NETWORK_IPV4) {
memcpy(&src_in.sin_addr.s_addr,
&hdr->roce4grh.saddr, 4);
memcpy(&dst_in.sin_addr.s_addr,
&hdr->roce4grh.daddr, 4);
src_saddr = src_in.sin_addr.s_addr;
dst_saddr = dst_in.sin_addr.s_addr;
ipv6_addr_set_v4mapped(src_saddr,
(struct in6_addr *)sgid);
Reported by FlawFinder.
Line: 1659
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ipv6_addr_v4mapped((struct in6_addr *)ah_attr->grh.dgid.raw)) {
__be32 addr = 0;
memcpy(&addr, ah_attr->grh.dgid.raw + 12, 4);
ip_eth_mc_map(addr, (char *)ah_attr->roce.dmac);
} else {
ipv6_eth_mc_map((struct in6_addr *)ah_attr->grh.dgid.raw,
(char *)ah_attr->roce.dmac);
}
Reported by FlawFinder.
drivers/iio/industrialio-sw-trigger.c
3 issues
Line: 49
Column: 45
CWE codes:
126
int ret = 0;
mutex_lock(&iio_trigger_types_lock);
iter = __iio_find_sw_trigger_type(t->name, strlen(t->name));
if (iter)
ret = -EBUSY;
else
list_add_tail(&t->list, &iio_trigger_types_list);
mutex_unlock(&iio_trigger_types_lock);
Reported by FlawFinder.
Line: 73
Column: 45
CWE codes:
126
struct iio_sw_trigger_type *iter;
mutex_lock(&iio_trigger_types_lock);
iter = __iio_find_sw_trigger_type(t->name, strlen(t->name));
if (iter)
list_del(&t->list);
mutex_unlock(&iio_trigger_types_lock);
configfs_unregister_default_group(t->group);
Reported by FlawFinder.
Line: 88
Column: 39
CWE codes:
126
struct iio_sw_trigger_type *t;
mutex_lock(&iio_trigger_types_lock);
t = __iio_find_sw_trigger_type(name, strlen(name));
if (t && !try_module_get(t->owner))
t = NULL;
mutex_unlock(&iio_trigger_types_lock);
return t;
Reported by FlawFinder.
drivers/hwmon/pcf8591.c
3 issues
Line: 83
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, \
char *buf) \
{ \
return sprintf(buf, "%d\n", pcf8591_read_channel(dev, channel));\
} \
static DEVICE_ATTR(in##channel##_input, S_IRUGO, \
show_in##channel##_input, NULL);
show_in_channel(0);
Reported by FlawFinder.
Line: 97
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct pcf8591_data *data = i2c_get_clientdata(to_i2c_client(dev));
return sprintf(buf, "%d\n", data->aout * 10);
}
static ssize_t out0_output_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 128
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct pcf8591_data *data = i2c_get_clientdata(to_i2c_client(dev));
return sprintf(buf, "%u\n", !(!(data->control & PCF8591_CONTROL_AOEF)));
}
static ssize_t out0_enable_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/macintosh/windfarm_core.c
3 issues
Line: 185
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
default:
typestr = "";
}
return sprintf(buf, "%d%s\n", val, typestr);
}
/* This is really only for debugging... */
static ssize_t wf_store_control(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 172
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
err = ctrl->ops->get_value(ctrl, &val);
if (err < 0) {
if (err == -EFAULT)
return sprintf(buf, "<HW FAULT>\n");
return err;
}
switch(ctrl->type) {
case WF_CONTROL_RPM_FAN:
typestr = " RPM";
Reported by FlawFinder.
Line: 301
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
err = sens->ops->get_value(sens, &val);
if (err < 0)
return err;
return sprintf(buf, "%d.%03d\n", FIX32TOPRINT(val));
}
int wf_register_sensor(struct wf_sensor *new_sr)
{
struct wf_sensor *sr;
Reported by FlawFinder.