The following issues were found
drivers/block/rnbd/rnbd-clt.c
3 issues
Line: 1755
CWE codes:
908
*/
list_for_each_entry_safe(sess, sn, &sess_list, list) {
if (!rnbd_clt_get_sess(sess))
continue;
close_rtrs(sess);
list_for_each_entry_safe(dev, tn, &sess->devs_list, list) {
/*
* Here unmap happens in parallel for only one reason:
Reported by Cppcheck.
Line: 1508
Column: 8
CWE codes:
126
continue;
mutex_lock(&sess->lock);
list_for_each_entry(dev, &sess->devs_list, list) {
if (strlen(dev->pathname) == strlen(pathname) &&
!strcmp(dev->pathname, pathname)) {
found = true;
break;
}
}
Reported by FlawFinder.
Line: 1508
Column: 33
CWE codes:
126
continue;
mutex_lock(&sess->lock);
list_for_each_entry(dev, &sess->devs_list, list) {
if (strlen(dev->pathname) == strlen(pathname) &&
!strcmp(dev->pathname, pathname)) {
found = true;
break;
}
}
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/mmsch_v2_0.h
3 issues
Line: 288
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
direct_wt->cmd_header.reg_offset = reg_offset;
direct_wt->reg_value = value;
memcpy((void *)init_table, direct_wt, sizeof(struct mmsch_v2_0_cmd_direct_write));
}
static inline void mmsch_v2_0_insert_direct_rd_mod_wt(struct mmsch_v2_0_cmd_direct_read_modify_write *direct_rd_mod_wt,
uint32_t *init_table,
uint32_t reg_offset,
Reported by FlawFinder.
Line: 299
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
direct_rd_mod_wt->cmd_header.reg_offset = reg_offset;
direct_rd_mod_wt->mask_value = mask;
direct_rd_mod_wt->write_data = data;
memcpy((void *)init_table, direct_rd_mod_wt,
sizeof(struct mmsch_v2_0_cmd_direct_read_modify_write));
}
static inline void mmsch_v2_0_insert_direct_poll(struct mmsch_v2_0_cmd_direct_polling *direct_poll,
uint32_t *init_table,
Reported by FlawFinder.
Line: 311
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
direct_poll->cmd_header.reg_offset = reg_offset;
direct_poll->mask_value = mask;
direct_poll->wait_value = wait;
memcpy((void *)init_table, direct_poll, sizeof(struct mmsch_v2_0_cmd_direct_polling));
}
#define MMSCH_V2_0_INSERT_DIRECT_RD_MOD_WT(reg, mask, data) { \
mmsch_v2_0_insert_direct_rd_mod_wt(&direct_rd_mod_wt, \
init_table, (reg), \
Reported by FlawFinder.
drivers/gnss/core.c
3 issues
Line: 358
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct gnss_device *gdev = to_gnss_device(dev);
return sprintf(buf, "%s\n", gnss_type_name(gdev));
}
static DEVICE_ATTR_RO(type);
static struct attribute *gnss_attrs[] = {
&dev_attr_type.attr,
Reported by FlawFinder.
Line: 55
Column: 20
CWE codes:
362
}
if (gdev->count++ == 0) {
ret = gdev->ops->open(gdev);
if (ret)
gdev->count--;
}
unlock:
up_write(&gdev->rwsem);
Reported by FlawFinder.
Line: 333
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
EXPORT_SYMBOL_GPL(gnss_insert_raw);
static const char * const gnss_type_names[GNSS_TYPE_COUNT] = {
[GNSS_TYPE_NMEA] = "NMEA",
[GNSS_TYPE_SIRF] = "SiRF",
[GNSS_TYPE_UBX] = "UBX",
[GNSS_TYPE_MTK] = "MTK",
};
Reported by FlawFinder.
drivers/edac/mpc85xx_edac.c
3 issues
Line: 344
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*edac_dev, char *data)
{
struct mpc85xx_l2_pdata *pdata = edac_dev->pvt_info;
return sprintf(data, "0x%08x",
in_be32(pdata->l2_vbase + MPC85XX_L2_ERRINJHI));
}
static ssize_t mpc85xx_l2_inject_data_lo_show(struct edac_device_ctl_info
*edac_dev, char *data)
Reported by FlawFinder.
Line: 352
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*edac_dev, char *data)
{
struct mpc85xx_l2_pdata *pdata = edac_dev->pvt_info;
return sprintf(data, "0x%08x",
in_be32(pdata->l2_vbase + MPC85XX_L2_ERRINJLO));
}
static ssize_t mpc85xx_l2_inject_ctrl_show(struct edac_device_ctl_info
*edac_dev, char *data)
Reported by FlawFinder.
Line: 360
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*edac_dev, char *data)
{
struct mpc85xx_l2_pdata *pdata = edac_dev->pvt_info;
return sprintf(data, "0x%08x",
in_be32(pdata->l2_vbase + MPC85XX_L2_ERRINJCTL));
}
static ssize_t mpc85xx_l2_inject_data_hi_store(struct edac_device_ctl_info
*edac_dev, const char *data,
Reported by FlawFinder.
drivers/block/rnbd/rnbd-srv.h
3 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Entry inside global sess_list */
struct list_head list;
struct rtrs_srv *rtrs;
char sessname[NAME_MAX];
int queue_depth;
struct bio_set sess_bio_set;
struct xarray index_idr;
/* List of struct rnbd_srv_sess_dev */
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kobject dev_kobj;
struct kobject *dev_sessions_kobj;
struct kref kref;
char id[NAME_MAX];
/* List of rnbd_srv_sess_dev structs */
struct list_head sess_dev_list;
struct mutex lock;
int open_write_cnt;
};
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fmode_t open_flags;
struct kref kref;
struct completion *destroy_comp;
char pathname[NAME_MAX];
enum rnbd_access_mode access_mode;
};
void rnbd_srv_sess_dev_force_close(struct rnbd_srv_sess_dev *sess_dev,
struct kobj_attribute *attr);
Reported by FlawFinder.
drivers/bus/fsl-mc/dprc-driver.c
3 issues
Line: 55
Column: 7
CWE codes:
126
for (i = 0; i < objs->child_count; i++) {
struct fsl_mc_obj_desc *obj_desc = &objs->child_array[i];
if (strlen(obj_desc->type) != 0 &&
fsl_mc_device_match(mc_dev, obj_desc))
break;
}
if (i == objs->child_count)
Reported by FlawFinder.
Line: 207
Column: 7
CWE codes:
126
for (i = 0; i < num_child_objects_in_mc; i++) {
struct fsl_mc_obj_desc *obj_desc = &obj_desc_array[i];
if (strlen(obj_desc->type) > 0 &&
fsl_mc_obj_desc_is_allocatable(obj_desc))
fsl_mc_obj_device_add(mc_bus_dev, obj_desc);
}
for (i = 0; i < num_child_objects_in_mc; i++) {
Reported by FlawFinder.
Line: 215
Column: 7
CWE codes:
126
for (i = 0; i < num_child_objects_in_mc; i++) {
struct fsl_mc_obj_desc *obj_desc = &obj_desc_array[i];
if (strlen(obj_desc->type) > 0 &&
!fsl_mc_obj_desc_is_allocatable(obj_desc))
fsl_mc_obj_device_add(mc_bus_dev, obj_desc);
}
}
Reported by FlawFinder.
drivers/block/rsxx/rsxx_priv.h
3 issues
Line: 140
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} creg_ctrl;
struct {
char tmp[MAX_CREG_DATA8];
char buf[LOG_BUF_SIZE8]; /* terminated */
int buf_len;
} log;
struct workqueue_struct *event_wq;
Reported by FlawFinder.
Line: 141
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char tmp[MAX_CREG_DATA8];
char buf[LOG_BUF_SIZE8]; /* terminated */
int buf_len;
} log;
struct workqueue_struct *event_wq;
struct work_struct event_work;
Reported by FlawFinder.
Line: 412
Column: 8
CWE codes:
120
20
void rsxx_creg_cleanup(void);
int rsxx_reg_access(struct rsxx_cardinfo *card,
struct rsxx_reg_access __user *ucmd,
int read);
void rsxx_eeh_save_issued_creg(struct rsxx_cardinfo *card);
void rsxx_kick_creg_queue(struct rsxx_cardinfo *card);
Reported by FlawFinder.
drivers/crypto/hisilicon/zip/zip_main.c
3 issues
Line: 453
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *pos)
{
struct ctrl_debug_file *file = filp->private_data;
char tbuf[HZIP_BUF_SIZE];
u32 val;
int ret;
spin_lock_irq(&file->lock);
switch (file->index) {
Reported by FlawFinder.
Line: 476
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *pos)
{
struct ctrl_debug_file *file = filp->private_data;
char tbuf[HZIP_BUF_SIZE];
unsigned long val;
int len, ret;
if (*pos != 0)
return 0;
Reported by FlawFinder.
Line: 546
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device *dev = &qm->pdev->dev;
struct debugfs_regset32 *regset;
struct dentry *tmp_d;
char buf[HZIP_BUF_SIZE];
int i;
for (i = 0; i < HZIP_CORE_NUM; i++) {
if (i < HZIP_COMP_CORE_NUM)
scnprintf(buf, sizeof(buf), "comp_core%d", i);
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/psp_v13_0.c
3 issues
Line: 133
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(psp->fw_pri_buf, 0, PSP_1_MEG);
/* Copy PSP KDB binary to memory */
memcpy(psp->fw_pri_buf, psp->kdb_start_addr, psp->kdb_bin_size);
/* Provide the PSP KDB to bootloader */
WREG32_SOC15(MP0, 0, regMP0_SMN_C2PMSG_36,
(uint32_t)(psp->fw_pri_mc_addr >> 20));
psp_gfxdrv_command_reg = PSP_BL__LOAD_KEY_DATABASE;
Reported by FlawFinder.
Line: 166
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(psp->fw_pri_buf, 0, PSP_1_MEG);
/* Copy PSP System Driver binary to memory */
memcpy(psp->fw_pri_buf, psp->sys_start_addr, psp->sys_bin_size);
/* Provide the sys driver to bootloader */
WREG32_SOC15(MP0, 0, regMP0_SMN_C2PMSG_36,
(uint32_t)(psp->fw_pri_mc_addr >> 20));
psp_gfxdrv_command_reg = PSP_BL__LOAD_SYSDRV;
Reported by FlawFinder.
Line: 202
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(psp->fw_pri_buf, 0, PSP_1_MEG);
/* Copy Secure OS binary to PSP memory */
memcpy(psp->fw_pri_buf, psp->sos_start_addr, psp->sos_bin_size);
/* Provide the PSP secure OS to bootloader */
WREG32_SOC15(MP0, 0, regMP0_SMN_C2PMSG_36,
(uint32_t)(psp->fw_pri_mc_addr >> 20));
psp_gfxdrv_command_reg = PSP_BL__LOAD_SOSDRV;
Reported by FlawFinder.
drivers/block/swim3.c
3 issues
Line: 1271
#ifdef CONFIG_PMAC_MEDIABAY
.mediabay_event = swim3_mb_event,
#endif
#if 0
.suspend = swim3_suspend,
.resume = swim3_resume,
#endif
};
Reported by Cppcheck.
Line: 202
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wait_queue_head_t wait;
int wanted;
struct macio_dev *mdev;
char dbdma_cmd_space[5 * sizeof(struct dbdma_cmd)];
int index;
struct request *cur_req;
struct blk_mq_tag_set tag_set;
};
Reported by FlawFinder.
Line: 1230
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
disk->private_data = fs;
disk->events = DISK_EVENT_MEDIA_CHANGE;
disk->flags |= GENHD_FL_REMOVABLE;
sprintf(disk->disk_name, "fd%d", floppy_count);
set_capacity(disk, 2880);
add_disk(disk);
disks[floppy_count++] = disk;
return 0;
Reported by FlawFinder.