The following issues were found
drivers/net/wireless/ti/wlcore/wlcore_i.h
3 issues
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct wl1271_chip {
u32 id;
char fw_ver_str[ETHTOOL_FWVERS_LEN];
unsigned int fw_ver[NUM_FW_VER];
char phy_fw_ver_str[ETHTOOL_FWVERS_LEN];
};
#define NUM_TX_QUEUES 4
Reported by FlawFinder.
Line: 109
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 id;
char fw_ver_str[ETHTOOL_FWVERS_LEN];
unsigned int fw_ver[NUM_FW_VER];
char phy_fw_ver_str[ETHTOOL_FWVERS_LEN];
};
#define NUM_TX_QUEUES 4
struct wl_fw_status {
Reported by FlawFinder.
Line: 184
Column: 21
CWE codes:
120
20
};
struct wl1271_if_operations {
int __must_check (*read)(struct device *child, int addr, void *buf,
size_t len, bool fixed);
int __must_check (*write)(struct device *child, int addr, void *buf,
size_t len, bool fixed);
void (*reset)(struct device *child);
void (*init)(struct device *child);
Reported by FlawFinder.
drivers/scsi/cxgbi/cxgb3i/cxgb3i.c
3 issues
Line: 1236
Column: 28
CWE codes:
676
Suggestion:
Use getrlimit(2), setrlimit(2), and sysconf(3) instead
ndev->name, err);
return err;
}
if (uinfo.llimit >= uinfo.ulimit) {
pr_warn("T3 %s, iscsi NOT enabled %u ~ %u!\n",
ndev->name, uinfo.llimit, uinfo.ulimit);
return -EACCES;
}
Reported by FlawFinder.
Line: 1238
Column: 36
CWE codes:
676
Suggestion:
Use getrlimit(2), setrlimit(2), and sysconf(3) instead
}
if (uinfo.llimit >= uinfo.ulimit) {
pr_warn("T3 %s, iscsi NOT enabled %u ~ %u!\n",
ndev->name, uinfo.llimit, uinfo.ulimit);
return -EACCES;
}
ppmax = (uinfo.ulimit - uinfo.llimit + 1) >> PPOD_SIZE_SHIFT;
tagmask = cxgbi_tagmask_set(ppmax);
Reported by FlawFinder.
Line: 1246
Column: 35
CWE codes:
676
Suggestion:
Use getrlimit(2), setrlimit(2), and sysconf(3) instead
tagmask = cxgbi_tagmask_set(ppmax);
pr_info("T3 %s: 0x%x~0x%x, 0x%x, tagmask 0x%x -> 0x%x.\n",
ndev->name, uinfo.llimit, uinfo.ulimit, ppmax, uinfo.tagmask,
tagmask);
memset(&tformat, 0, sizeof(struct cxgbi_tag_format));
for (i = 0; i < 4; i++)
tformat.pgsz_order[i] = uinfo.pgsz_factor[i];
Reported by FlawFinder.
drivers/rtc/rtc-rx4581.c
3 issues
Line: 70
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char data)
{
struct spi_device *spi = to_spi_device(dev);
unsigned char buf[2];
/* high nibble must be '0' to write */
buf[0] = address & 0x0f;
buf[1] = data;
Reported by FlawFinder.
Line: 97
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int rx4581_get_datetime(struct device *dev, struct rtc_time *tm)
{
struct spi_device *spi = to_spi_device(dev);
unsigned char date[7];
unsigned char data;
int err;
/* First we ensure that the "update flag" is not set, we read the
* time and date then re-read the "update flag". If the update flag
Reported by FlawFinder.
Line: 174
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct spi_device *spi = to_spi_device(dev);
int err;
unsigned char buf[8], data;
dev_dbg(dev, "%s: secs=%d, mins=%d, hours=%d, "
"mday=%d, mon=%d, year=%d, wday=%d\n",
__func__,
tm->tm_sec, tm->tm_min, tm->tm_hour,
Reported by FlawFinder.
drivers/scsi/arm/powertec.c
3 issues
Line: 188
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct powertec_info *info = (struct powertec_info *)host->hostdata;
static char string[150];
sprintf(string, "%s (%s) in slot %d v%s terminators o%s",
host->hostt->name, info->info.scsi.type, info->ec->slot_no,
VERSION, info->term_ctl ? "n" : "ff");
return string;
}
Reported by FlawFinder.
Line: 186
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *powertecscsi_info(struct Scsi_Host *host)
{
struct powertec_info *info = (struct powertec_info *)host->hostdata;
static char string[150];
sprintf(string, "%s (%s) in slot %d v%s terminators o%s",
host->hostt->name, info->info.scsi.type, info->ec->slot_no,
VERSION, info->term_ctl ? "n" : "ff");
Reported by FlawFinder.
Line: 260
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct Scsi_Host *host = ecard_get_drvdata(ec);
struct powertec_info *info = (struct powertec_info *)host->hostdata;
return sprintf(buf, "%d\n", info->term_ctl ? 1 : 0);
}
static ssize_t
powertecscsi_store_term(struct device *dev, struct device_attribute *attr, const char *buf, size_t len)
{
Reported by FlawFinder.
drivers/regulator/userspace-consumer.c
3 issues
Line: 37
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct userspace_consumer_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", data->name);
}
static ssize_t state_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 46
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct userspace_consumer_data *data = dev_get_drvdata(dev);
if (data->enabled)
return sprintf(buf, "enabled\n");
return sprintf(buf, "disabled\n");
}
static ssize_t state_store(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 48
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (data->enabled)
return sprintf(buf, "enabled\n");
return sprintf(buf, "disabled\n");
}
static ssize_t state_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/scsi/arm/fas216.c
3 issues
Line: 294
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
static char buf[1024];
vsnprintf(buf, sizeof(buf), fmt, ap);
printk("scsi%d.%c: %s", info->host->host_no, target, buf);
}
static void fas216_log_command(FAS216_Info *info, int level,
struct scsi_cmnd *SCpnt, char *fmt, ...)
Reported by FlawFinder.
Line: 292
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void
fas216_do_log(FAS216_Info *info, char target, char *fmt, va_list ap)
{
static char buf[1024];
vsnprintf(buf, sizeof(buf), fmt, ap);
printk("scsi%d.%c: %s", info->host->host_no, target, buf);
}
Reported by FlawFinder.
Line: 941
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fas216_reselected_intr(FAS216_Info *info)
{
unsigned int cfis, i;
unsigned char msg[4];
unsigned char target, lun, tag;
fas216_checkmagic(info);
WARN_ON(info->scsi.phase == PHASE_SELECTION ||
Reported by FlawFinder.
drivers/scsi/arm/eesox.c
3 issues
Line: 385
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct eesoxscsi_info *info = (struct eesoxscsi_info *)host->hostdata;
static char string[150];
sprintf(string, "%s (%s) in slot %d v%s terminators o%s",
host->hostt->name, info->info.scsi.type, info->ec->slot_no,
VERSION, info->control & EESOX_TERM_ENABLE ? "n" : "ff");
return string;
}
Reported by FlawFinder.
Line: 383
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *eesoxscsi_info(struct Scsi_Host *host)
{
struct eesoxscsi_info *info = (struct eesoxscsi_info *)host->hostdata;
static char string[150];
sprintf(string, "%s (%s) in slot %d v%s terminators o%s",
host->hostt->name, info->info.scsi.type, info->ec->slot_no,
VERSION, info->control & EESOX_TERM_ENABLE ? "n" : "ff");
Reported by FlawFinder.
Line: 445
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct Scsi_Host *host = ecard_get_drvdata(ec);
struct eesoxscsi_info *info = (struct eesoxscsi_info *)host->hostdata;
return sprintf(buf, "%d\n", info->control & EESOX_TERM_ENABLE ? 1 : 0);
}
static ssize_t eesoxscsi_store_term(struct device *dev, struct device_attribute *attr, const char *buf, size_t len)
{
struct expansion_card *ec = ECARD_DEV(dev);
Reported by FlawFinder.
drivers/net/wireless/ti/wlcore/scan.c
3 issues
Line: 351
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ssid_len && ssid) {
wl->scan.ssid_len = ssid_len;
memcpy(wl->scan.ssid, ssid, ssid_len);
} else {
wl->scan.ssid_len = 0;
}
wl->scan_wlvif = wlvif;
Reported by FlawFinder.
Line: 410
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->ssids[cmd->n_ssids].type = (ssids[i].ssid_len) ?
SCAN_SSID_TYPE_HIDDEN : SCAN_SSID_TYPE_PUBLIC;
cmd->ssids[cmd->n_ssids].len = ssids[i].ssid_len;
memcpy(cmd->ssids[cmd->n_ssids].ssid, ssids[i].ssid,
ssids[i].ssid_len);
cmd->n_ssids++;
}
} else {
type = SCAN_SSID_FILTER_LIST;
Reported by FlawFinder.
Line: 425
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->ssids[cmd->n_ssids].type = SCAN_SSID_TYPE_PUBLIC;
cmd->ssids[cmd->n_ssids].len = sets[i].ssid.ssid_len;
memcpy(cmd->ssids[cmd->n_ssids].ssid,
sets[i].ssid.ssid, sets[i].ssid.ssid_len);
cmd->n_ssids++;
}
if ((req->n_ssids > 1) ||
(req->n_ssids == 1 && req->ssids[0].ssid_len > 0)) {
Reported by FlawFinder.
drivers/net/wireless/marvell/libertas/tx.c
3 issues
Line: 127
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt_len -= sizeof(*rtap_hdr);
/* copy destination address from 802.11 header */
memcpy(txpd->tx_dest_addr_high, p802x_hdr + 4, ETH_ALEN);
} else {
/* copy destination address from 802.3 header */
memcpy(txpd->tx_dest_addr_high, p802x_hdr, ETH_ALEN);
}
Reported by FlawFinder.
Line: 130
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(txpd->tx_dest_addr_high, p802x_hdr + 4, ETH_ALEN);
} else {
/* copy destination address from 802.3 header */
memcpy(txpd->tx_dest_addr_high, p802x_hdr, ETH_ALEN);
}
txpd->tx_packet_length = cpu_to_le16(pkt_len);
txpd->tx_packet_location = cpu_to_le32(sizeof(struct txpd));
Reported by FlawFinder.
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lbs_deb_hex(LBS_DEB_TX, "Tx Data", (u8 *) p802x_hdr, le16_to_cpu(txpd->tx_packet_length));
memcpy(&txpd[1], p802x_hdr, le16_to_cpu(txpd->tx_packet_length));
spin_lock_irqsave(&priv->driver_lock, flags);
priv->tx_pending_len = pkt_len + sizeof(struct txpd);
lbs_deb_tx("%s lined up packet\n", __func__);
Reported by FlawFinder.
drivers/scsi/cxlflash/vlun.c
3 issues
Line: 553
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy over all old entries */
memcpy(lxt, lxt_old, (sizeof(*lxt) * rhte->lxt_cnt));
} else
lxt = lxt_old;
/* nothing can fail from now on */
my_new_size = rhte->lxt_cnt + delta;
Reported by FlawFinder.
Line: 655
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy over old entries that will remain */
memcpy(lxt, lxt_old,
(sizeof(*lxt) * (rhte->lxt_cnt - delta)));
} else
lxt = NULL;
} else
lxt = lxt_old;
Reported by FlawFinder.
Line: 1120
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy over */
memcpy(lxt, rhte_src->lxt_start,
(sizeof(*lxt) * rhte_src->lxt_cnt));
/* clone the LBAs in block allocator via ref_cnt, note that the
* block allocator mutex must be held until it is established
* that this routine will complete without the need for a
Reported by FlawFinder.