The following issues were found
drivers/platform/x86/xo15-ebook.c
3 issues
Line: 111
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto err_free_input;
}
strcpy(name, XO15_EBOOK_DEVICE_NAME);
sprintf(class, "%s/%s", XO15_EBOOK_CLASS, XO15_EBOOK_SUBCLASS);
snprintf(button->phys, sizeof(button->phys), "%s/button/input0", hid);
input->name = name;
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
strcpy(name, XO15_EBOOK_DEVICE_NAME);
sprintf(class, "%s/%s", XO15_EBOOK_CLASS, XO15_EBOOK_SUBCLASS);
snprintf(button->phys, sizeof(button->phys), "%s/button/input0", hid);
input->name = name;
input->phys = button->phys;
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ebook_switch {
struct input_dev *input;
char phys[32]; /* for input device */
};
static int ebook_send_state(struct acpi_device *device)
{
struct ebook_switch *button = acpi_driver_data(device);
Reported by FlawFinder.
drivers/scsi/lpfc/lpfc_nvme.c
3 issues
Line: 1182
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nCmd->sg_cnt) {
if (nCmd->io_dir == NVMEFC_FCP_WRITE) {
/* From the iwrite template, initialize words 7 - 11 */
memcpy(&wqe->words[7],
&lpfc_iwrite_cmd_template.words[7],
sizeof(uint32_t) * 5);
/* Word 4 */
wqe->fcp_iwrite.total_xfer_len = nCmd->payload_length;
Reported by FlawFinder.
Line: 1205
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cstat->output_requests++;
} else {
/* From the iread template, initialize words 7 - 11 */
memcpy(&wqe->words[7],
&lpfc_iread_cmd_template.words[7],
sizeof(uint32_t) * 5);
/* Word 4 */
wqe->fcp_iread.total_xfer_len = nCmd->payload_length;
Reported by FlawFinder.
Line: 1219
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else {
/* From the icmnd template, initialize words 4 - 11 */
memcpy(&wqe->words[4], &lpfc_icmnd_cmd_template.words[4],
sizeof(uint32_t) * 8);
cstat->control_requests++;
}
if (pnode->nlp_nvme_info & NLP_NVME_NSLER)
Reported by FlawFinder.
drivers/nfc/st21nfca/se.c
3 issues
Line: 79
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
if (skb->len <= ST21NFCA_ESE_MAX_LENGTH) {
memcpy(info->se_info.atr, skb->data, skb->len);
info->se_info.wt_timeout =
ST21NFCA_BWI_TO_TIMEOUT(st21nfca_se_get_bwi(hdev));
}
kfree_skb(skb);
}
Reported by FlawFinder.
Line: 323
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
transaction->aid_len = skb->data[1];
memcpy(transaction->aid, &skb->data[2],
transaction->aid_len);
/* Check next byte is PARAMETERS tag (82) */
if (skb->data[transaction->aid_len + 2] !=
NFC_EVT_TRANSACTION_PARAMS_TAG)
Reported by FlawFinder.
Line: 332
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EPROTO;
transaction->params_len = skb->data[transaction->aid_len + 3];
memcpy(transaction->params, skb->data +
transaction->aid_len + 4, transaction->params_len);
r = nfc_se_transaction(hdev->ndev, host, transaction);
break;
default:
Reported by FlawFinder.
drivers/ntb/hw/idt/ntb_hw_idt.c
3 issues
Line: 1113
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ERR_PTR(-ENOMEM);
/* Copy the info of detected memory windows */
memcpy(ret_mws, mws, (*mw_cnt)*sizeof(*ret_mws));
return ret_mws;
}
/*
Reported by FlawFinder.
Line: 1983
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
long mdeg;
idt_read_temp(ndev, type, &mdeg);
return sprintf(buf, "%ld\n", mdeg);
}
/*
* idt_sysfs_set_temp() - set corresponding temperature value
* @dev: Pointer to the NTB device structure
Reported by FlawFinder.
Line: 2509
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int idt_init_dbgfs(struct idt_ntb_dev *ndev)
{
char devname[64];
/* If the top directory is not created then do nothing */
if (IS_ERR_OR_NULL(dbgfs_topdir)) {
dev_info(&ndev->ntb.pdev->dev, "Top DebugFS directory absent");
return PTR_ERR_OR_ZERO(dbgfs_topdir);
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/testmode.c
3 issues
Line: 127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr = __skb_put_zero(head, head_len);
hdr->frame_control = cpu_to_le16(fc);
memcpy(hdr->addr1, phy->macaddr, sizeof(phy->macaddr));
memcpy(hdr->addr2, phy->macaddr, sizeof(phy->macaddr));
memcpy(hdr->addr3, phy->macaddr, sizeof(phy->macaddr));
skb_set_queue_mapping(head, IEEE80211_AC_BE);
info = IEEE80211_SKB_CB(head);
Reported by FlawFinder.
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr = __skb_put_zero(head, head_len);
hdr->frame_control = cpu_to_le16(fc);
memcpy(hdr->addr1, phy->macaddr, sizeof(phy->macaddr));
memcpy(hdr->addr2, phy->macaddr, sizeof(phy->macaddr));
memcpy(hdr->addr3, phy->macaddr, sizeof(phy->macaddr));
skb_set_queue_mapping(head, IEEE80211_AC_BE);
info = IEEE80211_SKB_CB(head);
info->flags = IEEE80211_TX_CTL_INJECTED |
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->frame_control = cpu_to_le16(fc);
memcpy(hdr->addr1, phy->macaddr, sizeof(phy->macaddr));
memcpy(hdr->addr2, phy->macaddr, sizeof(phy->macaddr));
memcpy(hdr->addr3, phy->macaddr, sizeof(phy->macaddr));
skb_set_queue_mapping(head, IEEE80211_AC_BE);
info = IEEE80211_SKB_CB(head);
info->flags = IEEE80211_TX_CTL_INJECTED |
IEEE80211_TX_CTL_NO_ACK |
Reported by FlawFinder.
drivers/net/wireless/ralink/rt2x00/rt2x00config.c
3 issues
Line: 53
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memset(conf.mac, 0, sizeof(conf.mac));
if (mac)
memcpy(conf.mac, mac, ETH_ALEN);
memset(conf.bssid, 0, sizeof(conf.bssid));
if (bssid)
memcpy(conf.bssid, bssid, ETH_ALEN);
Reported by FlawFinder.
Line: 57
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(conf.bssid, 0, sizeof(conf.bssid));
if (bssid)
memcpy(conf.bssid, bssid, ETH_ALEN);
flags |= CONFIG_UPDATE_TYPE;
if (mac || (!rt2x00dev->intf_ap_count && !rt2x00dev->intf_sta_count))
flags |= CONFIG_UPDATE_MAC;
if (bssid || (!rt2x00dev->intf_ap_count && !rt2x00dev->intf_sta_count))
Reported by FlawFinder.
Line: 157
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rt2x00link_reset_tuner(rt2x00dev, true);
memcpy(active, &config, sizeof(config));
if (test_bit(DEVICE_STATE_ENABLED_RADIO, &rt2x00dev->flags))
rt2x00queue_start_queue(rt2x00dev->rx);
}
Reported by FlawFinder.
drivers/nfc/st21nfca/dep.c
3 issues
Line: 163
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
atr_res->cmd0 = ST21NFCA_NFCIP1_RES;
atr_res->cmd1 = ST21NFCA_NFCIP1_ATR_RES;
memcpy(atr_res->nfcid3, atr_req->nfcid3, 6);
atr_res->bsi = 0x00;
atr_res->bri = 0x00;
atr_res->to = ST21NFCA_DEFAULT_TIMEOUT;
atr_res->ppi = ST21NFCA_LR_BITS_PAYLOAD_SIZE_254B;
Reported by FlawFinder.
Line: 173
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_put(skb, gb_len);
atr_res->ppi |= ST21NFCA_GB_BIT;
memcpy(atr_res->gbi, atr_req->gbi, gb_len);
r = nfc_set_remote_general_bytes(hdev->ndev, atr_res->gbi,
gb_len);
if (r < 0) {
kfree_skb(skb);
return r;
Reported by FlawFinder.
Line: 524
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
target = hdev->ndev->targets;
if (target->sensf_res_len > 0)
memcpy(atr_req->nfcid3, target->sensf_res,
target->sensf_res_len);
else
get_random_bytes(atr_req->nfcid3, NFC_NFCID3_MAXSIZE);
atr_req->did = 0x0;
Reported by FlawFinder.
drivers/nfc/st-nci/spi.c
3 issues
Line: 102
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
skb_put(skb_rx, skb->len);
memcpy(skb_rx->data, buf, skb->len);
ndlc_recv(phy->ndlc, skb_rx);
}
return r;
}
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_reserve(*skb, ST_NCI_SPI_MIN_SIZE);
skb_put(*skb, ST_NCI_SPI_MIN_SIZE);
memcpy((*skb)->data, buf, ST_NCI_SPI_MIN_SIZE);
if (!len)
return 0;
spi_xfer.len = len;
Reported by FlawFinder.
Line: 159
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
skb_put(*skb, len);
memcpy((*skb)->data + ST_NCI_SPI_MIN_SIZE, buf, len);
return 0;
}
/*
Reported by FlawFinder.
drivers/s390/cio/qdio_debug.c
3 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define QDIO_DBF_NAME_LEN 20
struct qdio_dbf_entry {
char dbf_name[QDIO_DBF_NAME_LEN];
debug_info_t *dbf_info;
struct list_head dbf_list;
};
static LIST_HEAD(qdio_dbf_list);
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int qdio_allocate_dbf(struct qdio_irq *irq_ptr)
{
char text[QDIO_DBF_NAME_LEN];
struct qdio_dbf_entry *new_entry;
DBF_EVENT("irq:%8lx", (unsigned long)irq_ptr);
/* allocate trace view for the interface */
Reported by FlawFinder.
Line: 289
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void setup_debugfs_entry(struct dentry *parent, struct qdio_q *q)
{
char name[QDIO_DEBUGFS_NAME_LEN];
snprintf(name, QDIO_DEBUGFS_NAME_LEN, "%s_%d",
q->is_input_q ? "input" : "output",
q->nr);
debugfs_create_file(name, 0444, parent, q, &qstat_fops);
Reported by FlawFinder.
drivers/scsi/bfa/bfi.h
3 issues
Line: 274
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 rsvd_b;
mac_t fcoe_mac;
u16 rsvd_c;
char brcd_serialnum[STRSZ(BFA_MFG_SERIALNUM_SIZE)];
u8 pcie_gen;
u8 pcie_lanes_orig;
u8 pcie_lanes;
u8 rx_bbcredit; /* receive buffer credits */
u32 adapter_prop; /* adapter properties */
Reported by FlawFinder.
Line: 283
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 maxfrsize; /* max receive frame size */
char asic_rev;
u8 rsvd_d;
char fw_version[BFA_VERSION_LEN];
char optrom_version[BFA_VERSION_LEN];
struct bfa_mfg_vpd_s vpd;
u32 card_type; /* card type */
u8 mfg_day; /* manufacturing day */
u8 mfg_month; /* manufacturing month */
Reported by FlawFinder.
Line: 284
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char asic_rev;
u8 rsvd_d;
char fw_version[BFA_VERSION_LEN];
char optrom_version[BFA_VERSION_LEN];
struct bfa_mfg_vpd_s vpd;
u32 card_type; /* card type */
u8 mfg_day; /* manufacturing day */
u8 mfg_month; /* manufacturing month */
u16 mfg_year; /* manufacturing year */
Reported by FlawFinder.