The following issues were found
drivers/platform/x86/classmate-laptop.c
3 issues
Line: 213
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
inputdev = dev_get_drvdata(&acpi->dev);
accel = dev_get_drvdata(&inputdev->dev);
return sprintf(buf, "%d\n", accel->sensitivity);
}
static ssize_t cmpc_accel_sensitivity_store_v4(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 262
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
inputdev = dev_get_drvdata(&acpi->dev);
accel = dev_get_drvdata(&inputdev->dev);
return sprintf(buf, "%d\n", accel->g_select);
}
static ssize_t cmpc_accel_g_select_store_v4(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 556
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
inputdev = dev_get_drvdata(&acpi->dev);
accel = dev_get_drvdata(&inputdev->dev);
return sprintf(buf, "%d\n", accel->sensitivity);
}
static ssize_t cmpc_accel_sensitivity_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/net/wireless/realtek/rtlwifi/rtl8192se/fw.c
3 issues
Line: 354
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
puc_mappedfile += fwhdr_size;
memcpy(firmware->fw_imem, puc_mappedfile,
pfwheader->img_imem_size);
firmware->fw_imem_len = pfwheader->img_imem_size;
}
/* 3. Retriecve EMEM image. */
Reported by FlawFinder.
Line: 366
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
puc_mappedfile += firmware->fw_imem_len;
memcpy(firmware->fw_emem, puc_mappedfile,
pfwheader->img_sram_size);
firmware->fw_emem_len = pfwheader->img_sram_size;
}
/* 4. download fw now */
Reported by FlawFinder.
Line: 462
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
++*cmd_start_seq;
/* Copy memory */
memcpy((ph2c_buffer + totallen + tx_desclen +
H2C_TX_CMD_HDR_LEN), pcmb_buffer[i], pcmd_len[i]);
/* CMD continue */
/* set the continue in prevoius cmd. */
if (i < cmd_num - 1)
Reported by FlawFinder.
drivers/s390/crypto/zcrypt_api.h
3 issues
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct list_head list; /* zcrypt ops list. */
struct module *owner;
int variant;
char name[128];
};
struct zcrypt_card {
struct list_head list; /* Device list. */
struct list_head zqueues; /* List of zcrypt queues */
Reported by FlawFinder.
Line: 173
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (likely(userspace))
return copy_from_user(to, from, n);
memcpy(to, (void __force *) from, n);
return 0;
}
static inline unsigned long z_copy_to_user(bool userspace,
void __user *to,
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (likely(userspace))
return copy_to_user(to, from, n);
memcpy((void __force *) to, from, n);
return 0;
}
#endif /* _ZCRYPT_API_H_ */
Reported by FlawFinder.
drivers/power/supply/pcf50633-charger.c
3 issues
Line: 156
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u8 mbcs2 = pcf50633_reg_read(mbc->pcf, PCF50633_REG_MBCS2);
u8 chgmod = (mbcs2 & PCF50633_MBCS2_MBC_MASK);
return sprintf(buf, "%d\n", chgmod);
}
static DEVICE_ATTR(chgmode, S_IRUGO, show_chgmode, NULL);
static ssize_t
show_usblim(struct device *dev, struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 177
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
ma = 0;
return sprintf(buf, "%u\n", ma);
}
static ssize_t set_usblim(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 210
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ma = (mbc->pcf->pdata->charger_reference_current_ma * mbcc5) >> 8;
return sprintf(buf, "%u\n", ma);
}
static ssize_t set_chglim(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/power/supply/olpc_battery.c
3 issues
Line: 55
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct olpc_battery_data {
struct power_supply *olpc_ac;
struct power_supply *olpc_bat;
char bat_serial[17];
bool new_proto;
bool little_endian;
};
/*********************************************************************
Reported by FlawFinder.
Line: 463
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
sprintf(data->bat_serial, "%016llx", (long long)be64_to_cpu(ser_buf));
val->strval = data->bat_serial;
break;
case POWER_SUPPLY_PROP_VOLTAGE_MAX_DESIGN:
ret = olpc_bat_get_voltage_max_design(val);
if (ret)
Reported by FlawFinder.
Line: 571
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", ec_byte);
}
static struct device_attribute olpc_bat_error = {
.attr = {
.name = "error",
Reported by FlawFinder.
drivers/net/wireless/realtek/rtlwifi/debug.c
3 issues
Line: 271
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct rtl_debugfs_priv *debugfs_priv = filp->private_data;
struct rtl_priv *rtlpriv = debugfs_priv->rtlpriv;
char tmp[32 + 1];
int tmp_len;
u32 addr, val, len;
int num;
if (count < 3)
Reported by FlawFinder.
Line: 321
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rtl_debugfs_priv *debugfs_priv = filp->private_data;
struct rtl_priv *rtlpriv = debugfs_priv->rtlpriv;
struct ieee80211_hw *hw = rtlpriv->hw;
char tmp[32 + 1];
int tmp_len;
u8 h2c_len, h2c_data_packed[8];
int h2c_data[8]; /* idx 0: cmd */
int i;
Reported by FlawFinder.
Line: 367
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rtl_debugfs_priv *debugfs_priv = filp->private_data;
struct rtl_priv *rtlpriv = debugfs_priv->rtlpriv;
struct ieee80211_hw *hw = rtlpriv->hw;
char tmp[32 + 1];
int tmp_len;
int num;
int path;
u32 addr, bitmask, data;
Reported by FlawFinder.
drivers/scsi/fnic/fnic_trace.c
3 issues
Line: 113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int wr_idx;
int len = 0;
unsigned long flags;
char str[KSYM_SYMBOL_LEN];
struct timespec64 val;
fnic_trace_data_t *tbp;
spin_lock_irqsave(&fnic_trace_lock, flags);
rd_idx = fnic_trace_entries.rd_idx;
Reported by FlawFinder.
Line: 697
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct fcoe_hdr);
memset((char *)fc_trace, 0xff, eth_fcoe_hdr_len);
/* Copy the rest of data frame */
memcpy((char *)(fc_trace + eth_fcoe_hdr_len), (void *)frame,
min_t(u8, fc_trc_frame_len,
(u8)(FC_TRC_SIZE_BYTES - FC_TRC_HEADER_SIZE
- eth_fcoe_hdr_len)));
} else {
memcpy((char *)fc_trace, (void *)frame,
Reported by FlawFinder.
Line: 702
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(u8)(FC_TRC_SIZE_BYTES - FC_TRC_HEADER_SIZE
- eth_fcoe_hdr_len)));
} else {
memcpy((char *)fc_trace, (void *)frame,
min_t(u8, fc_trc_frame_len,
(u8)(FC_TRC_SIZE_BYTES - FC_TRC_HEADER_SIZE)));
}
/* Store the actual received length */
Reported by FlawFinder.
drivers/platform/x86/fujitsu-tablet.c
3 issues
Line: 458
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ACPI_FAILURE(status) || !fujitsu.irq || !fujitsu.io_base)
return -ENODEV;
sprintf(acpi_device_name(adev), "Fujitsu %s", acpi_device_hid(adev));
sprintf(acpi_device_class(adev), "%s", ACPI_FUJITSU_CLASS);
snprintf(fujitsu.phys, sizeof(fujitsu.phys),
"%s/input0", acpi_device_hid(adev));
Reported by FlawFinder.
Line: 459
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENODEV;
sprintf(acpi_device_name(adev), "Fujitsu %s", acpi_device_hid(adev));
sprintf(acpi_device_class(adev), "%s", ACPI_FUJITSU_CLASS);
snprintf(fujitsu.phys, sizeof(fujitsu.phys),
"%s/input0", acpi_device_hid(adev));
error = input_fujitsu_setup(&adev->dev,
Reported by FlawFinder.
Line: 162
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fujitsu_config config;
unsigned long prev_keymask;
char phys[21];
int irq;
int io_base;
int io_length;
} fujitsu;
Reported by FlawFinder.
drivers/scsi/libsas/sas_ata.c
3 issues
Line: 123
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stat->stat == SAS_SAM_STAT_GOOD ||
(stat->stat == SAS_SAM_STAT_CHECK_CONDITION &&
dev->sata_dev.class == ATA_DEV_ATAPI)) {
memcpy(dev->sata_dev.fis, resp->ending_fis, ATA_RESP_FIS_SIZE);
if (!link->sactive) {
qc->err_mask |= ac_err_mask(dev->sata_dev.fis[2]);
} else {
link->eh_info.err_mask |= ac_err_mask(dev->sata_dev.fis[2]);
Reported by FlawFinder.
Line: 196
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ata_tf_to_fis(&qc->tf, qc->dev->link->pmp, 1, (u8 *)&task->ata_task.fis);
task->uldd_task = qc;
if (ata_is_atapi(qc->tf.protocol)) {
memcpy(task->ata_task.atapi_packet, qc->cdb, qc->dev->cdb_len);
task->total_xfer_len = qc->nbytes;
task->num_scatter = qc->n_elem;
task->data_dir = qc->dma_dir;
} else if (qc->tf.protocol == ATA_PROT_NODATA) {
task->data_dir = DMA_NONE;
Reported by FlawFinder.
Line: 273
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
phy->phy_id, res);
return res;
}
memcpy(dev->frame_rcvd, &dev->sata_dev.rps_resp.rps.fis,
sizeof(struct dev_to_host_fis));
dev->sata_dev.class = sas_get_ata_command_set(dev);
}
return 0;
}
Reported by FlawFinder.
drivers/platform/x86/ibm_rtl.c
3 issues
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The RTL table as presented by the EBDA: */
struct ibm_rtl_table {
char signature[5]; /* signature should be "_RTL_" */
u8 version;
u8 rt_status;
u8 command;
u8 command_status;
u8 cmd_address_type;
Reported by FlawFinder.
Line: 146
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%d\n", (int)ioread8(&rtl_table->version));
}
static ssize_t rtl_show_state(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 153
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "%d\n", ioread8(&rtl_table->rt_status));
}
static ssize_t rtl_set_state(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.