The following issues were found
drivers/hwmon/gl520sm.c
19 issues
Line: 193
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct gl520_data *data = gl520_update_device(dev);
return sprintf(buf, "%u\n", vid_from_reg(data->vid, data->vrm));
}
static DEVICE_ATTR_RO(cpu0_vid);
#define VDD_FROM_REG(val) DIV_ROUND_CLOSEST((val) * 95, 4)
#define VDD_CLAMP(val) clamp_val(val, 0, 255 * 95 / 4)
Reported by FlawFinder.
Line: 213
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u8 r = data->in_input[n];
if (n == 0)
return sprintf(buf, "%d\n", VDD_FROM_REG(r));
else
return sprintf(buf, "%d\n", IN_FROM_REG(r));
}
static ssize_t in_min_show(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 215
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (n == 0)
return sprintf(buf, "%d\n", VDD_FROM_REG(r));
else
return sprintf(buf, "%d\n", IN_FROM_REG(r));
}
static ssize_t in_min_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 226
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u8 r = data->in_min[n];
if (n == 0)
return sprintf(buf, "%d\n", VDD_FROM_REG(r));
else
return sprintf(buf, "%d\n", IN_FROM_REG(r));
}
static ssize_t in_max_show(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 228
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (n == 0)
return sprintf(buf, "%d\n", VDD_FROM_REG(r));
else
return sprintf(buf, "%d\n", IN_FROM_REG(r));
}
static ssize_t in_max_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 239
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u8 r = data->in_max[n];
if (n == 0)
return sprintf(buf, "%d\n", VDD_FROM_REG(r));
else
return sprintf(buf, "%d\n", IN_FROM_REG(r));
}
static ssize_t in_min_store(struct device *dev, struct device_attribute *attr,
Reported by FlawFinder.
Line: 241
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (n == 0)
return sprintf(buf, "%d\n", VDD_FROM_REG(r));
else
return sprintf(buf, "%d\n", IN_FROM_REG(r));
}
static ssize_t in_min_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 344
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int n = to_sensor_dev_attr(attr)->index;
struct gl520_data *data = gl520_update_device(dev);
return sprintf(buf, "%d\n", FAN_FROM_REG(data->fan_input[n],
data->fan_div[n]));
}
static ssize_t fan_min_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 354
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int n = to_sensor_dev_attr(attr)->index;
struct gl520_data *data = gl520_update_device(dev);
return sprintf(buf, "%d\n", FAN_FROM_REG(data->fan_min[n],
data->fan_div[n]));
}
static ssize_t fan_div_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 364
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int n = to_sensor_dev_attr(attr)->index;
struct gl520_data *data = gl520_update_device(dev);
return sprintf(buf, "%d\n", DIV_FROM_REG(data->fan_div[n]));
}
static ssize_t fan1_off_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
arch/s390/kvm/kvm-s390.c
19 issues
Line: 1304
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
kvm->arch.model.ibc = proc->ibc;
}
memcpy(kvm->arch.model.fac_list, proc->fac_list,
S390_ARCH_FAC_LIST_SIZE_BYTE);
VM_EVENT(kvm, 3, "SET: guest ibc: 0x%4.4x, guest cpuid: 0x%16.16llx",
kvm->arch.model.ibc,
kvm->arch.model.cpuid);
VM_EVENT(kvm, 3, "SET: guest faclist: 0x%16.16llx.%16.16llx.%16.16llx",
Reported by FlawFinder.
Line: 1455
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
proc->cpuid = kvm->arch.model.cpuid;
proc->ibc = kvm->arch.model.ibc;
memcpy(&proc->fac_list, kvm->arch.model.fac_list,
S390_ARCH_FAC_LIST_SIZE_BYTE);
VM_EVENT(kvm, 3, "GET: guest ibc: 0x%4.4x, guest cpuid: 0x%16.16llx",
kvm->arch.model.ibc,
kvm->arch.model.cpuid);
VM_EVENT(kvm, 3, "GET: guest faclist: 0x%16.16llx.%16.16llx.%16.16llx",
Reported by FlawFinder.
Line: 1483
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
get_cpu_id((struct cpuid *) &mach->cpuid);
mach->ibc = sclp.ibc;
memcpy(&mach->fac_mask, kvm->arch.model.fac_mask,
S390_ARCH_FAC_LIST_SIZE_BYTE);
memcpy((unsigned long *)&mach->fac_list, stfle_fac_list,
sizeof(stfle_fac_list));
VM_EVENT(kvm, 3, "GET: host ibc: 0x%4.4x, host cpuid: 0x%16.16llx",
kvm->arch.model.ibc,
Reported by FlawFinder.
Line: 1485
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mach->ibc = sclp.ibc;
memcpy(&mach->fac_mask, kvm->arch.model.fac_mask,
S390_ARCH_FAC_LIST_SIZE_BYTE);
memcpy((unsigned long *)&mach->fac_list, stfle_fac_list,
sizeof(stfle_fac_list));
VM_EVENT(kvm, 3, "GET: host ibc: 0x%4.4x, host cpuid: 0x%16.16llx",
kvm->arch.model.ibc,
kvm->arch.model.cpuid);
VM_EVENT(kvm, 3, "GET: host facmask: 0x%16.16llx.%16.16llx.%16.16llx",
Reported by FlawFinder.
Line: 2572
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (kvm->arch.crypto.crycbd & CRYCB_FORMAT_MASK) {
case CRYCB_FORMAT2: /* APCB1 use 256 bits */
memcpy(crycb->apcb1.apm, apm, 32);
VM_EVENT(kvm, 3, "SET CRYCB: apm %016lx %016lx %016lx %016lx",
apm[0], apm[1], apm[2], apm[3]);
memcpy(crycb->apcb1.aqm, aqm, 32);
VM_EVENT(kvm, 3, "SET CRYCB: aqm %016lx %016lx %016lx %016lx",
aqm[0], aqm[1], aqm[2], aqm[3]);
Reported by FlawFinder.
Line: 2575
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(crycb->apcb1.apm, apm, 32);
VM_EVENT(kvm, 3, "SET CRYCB: apm %016lx %016lx %016lx %016lx",
apm[0], apm[1], apm[2], apm[3]);
memcpy(crycb->apcb1.aqm, aqm, 32);
VM_EVENT(kvm, 3, "SET CRYCB: aqm %016lx %016lx %016lx %016lx",
aqm[0], aqm[1], aqm[2], aqm[3]);
memcpy(crycb->apcb1.adm, adm, 32);
VM_EVENT(kvm, 3, "SET CRYCB: adm %016lx %016lx %016lx %016lx",
adm[0], adm[1], adm[2], adm[3]);
Reported by FlawFinder.
Line: 2578
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(crycb->apcb1.aqm, aqm, 32);
VM_EVENT(kvm, 3, "SET CRYCB: aqm %016lx %016lx %016lx %016lx",
aqm[0], aqm[1], aqm[2], aqm[3]);
memcpy(crycb->apcb1.adm, adm, 32);
VM_EVENT(kvm, 3, "SET CRYCB: adm %016lx %016lx %016lx %016lx",
adm[0], adm[1], adm[2], adm[3]);
break;
case CRYCB_FORMAT1:
case CRYCB_FORMAT0: /* Fall through both use APCB0 */
Reported by FlawFinder.
Line: 2584
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case CRYCB_FORMAT1:
case CRYCB_FORMAT0: /* Fall through both use APCB0 */
memcpy(crycb->apcb0.apm, apm, 8);
memcpy(crycb->apcb0.aqm, aqm, 2);
memcpy(crycb->apcb0.adm, adm, 2);
VM_EVENT(kvm, 3, "SET CRYCB: apm %016lx aqm %04x adm %04x",
apm[0], *((unsigned short *)aqm),
*((unsigned short *)adm));
Reported by FlawFinder.
Line: 2585
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CRYCB_FORMAT1:
case CRYCB_FORMAT0: /* Fall through both use APCB0 */
memcpy(crycb->apcb0.apm, apm, 8);
memcpy(crycb->apcb0.aqm, aqm, 2);
memcpy(crycb->apcb0.adm, adm, 2);
VM_EVENT(kvm, 3, "SET CRYCB: apm %016lx aqm %04x adm %04x",
apm[0], *((unsigned short *)aqm),
*((unsigned short *)adm));
break;
Reported by FlawFinder.
Line: 2586
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CRYCB_FORMAT0: /* Fall through both use APCB0 */
memcpy(crycb->apcb0.apm, apm, 8);
memcpy(crycb->apcb0.aqm, aqm, 2);
memcpy(crycb->apcb0.adm, adm, 2);
VM_EVENT(kvm, 3, "SET CRYCB: apm %016lx aqm %04x adm %04x",
apm[0], *((unsigned short *)aqm),
*((unsigned short *)adm));
break;
default: /* Can not happen */
Reported by FlawFinder.
scripts/kconfig/nconf.c
19 issues
Line: 546
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
k_menu_items[items_num].is_visible = 1;
va_start(ap, fmt);
vsnprintf(k_menu_items[items_num].str,
sizeof(k_menu_items[items_num].str),
fmt, ap);
va_end(ap);
if (!k_menu_items[items_num].is_visible)
Reported by FlawFinder.
Line: 580
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
va_start(ap, fmt);
vsnprintf(new_str, sizeof(new_str), fmt, ap);
va_end(ap);
snprintf(tmp_str, sizeof(tmp_str), "%s%s",
k_menu_items[index].str, new_str);
strncpy(k_menu_items[index].str,
tmp_str,
Reported by FlawFinder.
Line: 1481
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
conf_parse(av[1]);
conf_read(NULL);
mode = getenv("NCONFIG_MODE");
if (mode) {
if (!strcasecmp(mode, "single_menu"))
single_menu_mode = 1;
}
Reported by FlawFinder.
Line: 250
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"\n";
struct mitem {
char str[256];
char tag;
void *usrptr;
int is_visible;
};
Reported by FlawFinder.
Line: 552
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
va_end(ap);
if (!k_menu_items[items_num].is_visible)
memcpy(k_menu_items[items_num].str, "XXX", 3);
curses_menu_items[items_num] = new_item(
k_menu_items[items_num].str,
k_menu_items[items_num].str);
set_item_userptr(curses_menu_items[items_num],
Reported by FlawFinder.
Line: 573
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
va_list ap;
int index = items_num-1;
char new_str[256];
char tmp_str[256];
if (index < 0)
return;
Reported by FlawFinder.
Line: 574
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
va_list ap;
int index = items_num-1;
char new_str[256];
char tmp_str[256];
if (index < 0)
return;
va_start(ap, fmt);
Reported by FlawFinder.
Line: 632
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return item_tag() == tag;
}
static char filename[PATH_MAX+1];
static char menu_backtitle[PATH_MAX+128];
static void set_config_filename(const char *config_filename)
{
snprintf(menu_backtitle, sizeof(menu_backtitle), "%s - %s",
config_filename, rootmenu.prompt->text);
Reported by FlawFinder.
Line: 633
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static char filename[PATH_MAX+1];
static char menu_backtitle[PATH_MAX+128];
static void set_config_filename(const char *config_filename)
{
snprintf(menu_backtitle, sizeof(menu_backtitle), "%s - %s",
config_filename, rootmenu.prompt->text);
Reported by FlawFinder.
Line: 1010
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int in_search;
match_f match_direction;
char pattern[256];
};
/* Return 0 means I have handled the key. In such a case, ans should hold the
* item to center, or -1 otherwise.
* Else return -1 .
Reported by FlawFinder.
drivers/mtd/ubi/build.c
19 issues
Line: 442
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
int i, err;
dev_t dev;
sprintf(ubi->ubi_name, UBI_NAME_STR "%d", ubi->ubi_num);
/*
* Major numbers for the UBI character devices are allocated
* dynamically. Major numbers of volume character devices are
* equivalent to ones of the corresponding UBI character device. Minor
Reported by FlawFinder.
Line: 1401
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return 0;
}
strcpy(buf, val);
/* Get rid of the final newline */
if (buf[len - 1] == '\n')
buf[len - 1] = '\0';
Reported by FlawFinder.
Line: 1416
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
p = &mtd_dev_param[mtd_devs];
strcpy(&p->name[0], tokens[0]);
token = tokens[1];
if (token) {
p->vid_hdr_offs = bytes_str_to_int(token);
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @max_beb_per1024: maximum expected number of bad PEBs per 1024 PEBs
*/
struct mtd_dev_param {
char name[MTD_PARAM_LEN_MAX];
int ubi_num;
int vid_hdr_offs;
int max_beb_per1024;
};
Reported by FlawFinder.
Line: 99
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t version_show(struct class *class, struct class_attribute *attr,
char *buf)
{
return sprintf(buf, "%d\n", UBI_VERSION);
}
static CLASS_ATTR_RO(version);
static struct attribute *ubi_class_attrs[] = {
&class_attr_version.attr,
Reported by FlawFinder.
Line: 359
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENODEV;
if (attr == &dev_eraseblock_size)
ret = sprintf(buf, "%d\n", ubi->leb_size);
else if (attr == &dev_avail_eraseblocks)
ret = sprintf(buf, "%d\n", ubi->avail_pebs);
else if (attr == &dev_total_eraseblocks)
ret = sprintf(buf, "%d\n", ubi->good_peb_count);
else if (attr == &dev_volumes_count)
Reported by FlawFinder.
Line: 361
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (attr == &dev_eraseblock_size)
ret = sprintf(buf, "%d\n", ubi->leb_size);
else if (attr == &dev_avail_eraseblocks)
ret = sprintf(buf, "%d\n", ubi->avail_pebs);
else if (attr == &dev_total_eraseblocks)
ret = sprintf(buf, "%d\n", ubi->good_peb_count);
else if (attr == &dev_volumes_count)
ret = sprintf(buf, "%d\n", ubi->vol_count - UBI_INT_VOL_COUNT);
else if (attr == &dev_max_ec)
Reported by FlawFinder.
Line: 363
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else if (attr == &dev_avail_eraseblocks)
ret = sprintf(buf, "%d\n", ubi->avail_pebs);
else if (attr == &dev_total_eraseblocks)
ret = sprintf(buf, "%d\n", ubi->good_peb_count);
else if (attr == &dev_volumes_count)
ret = sprintf(buf, "%d\n", ubi->vol_count - UBI_INT_VOL_COUNT);
else if (attr == &dev_max_ec)
ret = sprintf(buf, "%d\n", ubi->max_ec);
else if (attr == &dev_reserved_for_bad)
Reported by FlawFinder.
Line: 365
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else if (attr == &dev_total_eraseblocks)
ret = sprintf(buf, "%d\n", ubi->good_peb_count);
else if (attr == &dev_volumes_count)
ret = sprintf(buf, "%d\n", ubi->vol_count - UBI_INT_VOL_COUNT);
else if (attr == &dev_max_ec)
ret = sprintf(buf, "%d\n", ubi->max_ec);
else if (attr == &dev_reserved_for_bad)
ret = sprintf(buf, "%d\n", ubi->beb_rsvd_pebs);
else if (attr == &dev_bad_peb_count)
Reported by FlawFinder.
Line: 367
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else if (attr == &dev_volumes_count)
ret = sprintf(buf, "%d\n", ubi->vol_count - UBI_INT_VOL_COUNT);
else if (attr == &dev_max_ec)
ret = sprintf(buf, "%d\n", ubi->max_ec);
else if (attr == &dev_reserved_for_bad)
ret = sprintf(buf, "%d\n", ubi->beb_rsvd_pebs);
else if (attr == &dev_bad_peb_count)
ret = sprintf(buf, "%d\n", ubi->bad_peb_count);
else if (attr == &dev_max_vol_count)
Reported by FlawFinder.
tools/testing/selftests/bpf/map_tests/sk_storage_map.c
19 issues
Line: 598
Column: 14
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *test_name, *env_opt;
bool test_ran = false;
test_name = getenv(BPF_SK_STORAGE_MAP_TEST_NAME);
env_opt = getenv(BPF_SK_STORAGE_MAP_TEST_NR_THREADS);
if (env_opt)
nr_sk_threads = atoi(env_opt);
Reported by FlawFinder.
Line: 600
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
test_name = getenv(BPF_SK_STORAGE_MAP_TEST_NAME);
env_opt = getenv(BPF_SK_STORAGE_MAP_TEST_NR_THREADS);
if (env_opt)
nr_sk_threads = atoi(env_opt);
env_opt = getenv(BPF_SK_STORAGE_MAP_TEST_SK_PER_THREAD);
if (env_opt)
Reported by FlawFinder.
Line: 604
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (env_opt)
nr_sk_threads = atoi(env_opt);
env_opt = getenv(BPF_SK_STORAGE_MAP_TEST_SK_PER_THREAD);
if (env_opt)
nr_sk_per_thread = atoi(env_opt);
env_opt = getenv(BPF_SK_STORAGE_MAP_TEST_RUNTIME_S);
if (env_opt)
Reported by FlawFinder.
Line: 608
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (env_opt)
nr_sk_per_thread = atoi(env_opt);
env_opt = getenv(BPF_SK_STORAGE_MAP_TEST_RUNTIME_S);
if (env_opt)
runtime_s = atoi(env_opt);
if (!test_name || !strcmp(test_name, "basic")) {
test_sk_storage_map_basic();
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__u8 raw_btf[sizeof(struct btf_header) + sizeof(btf_raw_types) +
sizeof(btf_str_sec)];
memcpy(raw_btf, &btf_hdr, sizeof(btf_hdr));
memcpy(raw_btf + sizeof(btf_hdr), btf_raw_types, sizeof(btf_raw_types));
memcpy(raw_btf + sizeof(btf_hdr) + sizeof(btf_raw_types),
btf_str_sec, sizeof(btf_str_sec));
return bpf_load_btf(raw_btf, sizeof(raw_btf), 0, 0, 0);
Reported by FlawFinder.
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(btf_str_sec)];
memcpy(raw_btf, &btf_hdr, sizeof(btf_hdr));
memcpy(raw_btf + sizeof(btf_hdr), btf_raw_types, sizeof(btf_raw_types));
memcpy(raw_btf + sizeof(btf_hdr) + sizeof(btf_raw_types),
btf_str_sec, sizeof(btf_str_sec));
return bpf_load_btf(raw_btf, sizeof(raw_btf), 0, 0, 0);
}
Reported by FlawFinder.
Line: 140
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(raw_btf, &btf_hdr, sizeof(btf_hdr));
memcpy(raw_btf + sizeof(btf_hdr), btf_raw_types, sizeof(btf_raw_types));
memcpy(raw_btf + sizeof(btf_hdr) + sizeof(btf_raw_types),
btf_str_sec, sizeof(btf_str_sec));
return bpf_load_btf(raw_btf, sizeof(raw_btf), 0, 0, 0);
}
Reported by FlawFinder.
Line: 483
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"map_fd:%d errno:%d\n", map_fd, errno);
/* Add new elem */
memcpy(&lookup_value, &value, sizeof(value));
err = bpf_map_update_elem(map_fd, &sk_fd, &value,
BPF_NOEXIST | BPF_F_LOCK);
CHECK(err, "bpf_map_update_elem(BPF_NOEXIST|BPF_F_LOCK)",
"err:%d errno:%d\n", err, errno);
err = bpf_map_lookup_elem_flags(map_fd, &sk_fd, &lookup_value,
Reported by FlawFinder.
Line: 563
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CHECK(!err || errno != ENOENT, "bpf_map_delete_elem()",
"err:%d errno:%d\n", err, errno);
memcpy(&bad_xattr, &xattr, sizeof(xattr));
bad_xattr.btf_key_type_id = 0;
err = bpf_create_map_xattr(&bad_xattr);
CHECK(!err || errno != EINVAL, "bap_create_map_xattr(bad_xattr)",
"err:%d errno:%d\n", err, errno);
Reported by FlawFinder.
Line: 569
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CHECK(!err || errno != EINVAL, "bap_create_map_xattr(bad_xattr)",
"err:%d errno:%d\n", err, errno);
memcpy(&bad_xattr, &xattr, sizeof(xattr));
bad_xattr.btf_key_type_id = 3;
err = bpf_create_map_xattr(&bad_xattr);
CHECK(!err || errno != EINVAL, "bap_create_map_xattr(bad_xattr)",
"err:%d errno:%d\n", err, errno);
Reported by FlawFinder.
tools/perf/bench/numa.c
19 issues
Line: 47
Column: 61
CWE codes:
134
Suggestion:
Use a constant for the format specification
/*
* Regular printout to the terminal, suppressed if -q is specified:
*/
#define tprintf(x...) do { if (g && g->p.show_details >= 0) printf(x); } while (0)
/*
* Debug printf:
*/
#undef dprintf
Reported by FlawFinder.
Line: 53
Column: 61
CWE codes:
134
Suggestion:
Use a constant for the format specification
* Debug printf:
*/
#undef dprintf
#define dprintf(x...) do { if (g && g->p.show_details >= 1) printf(x); } while (0)
struct thread_data {
int curr_cpu;
cpu_set_t bind_cpumask;
int bind_node;
Reported by FlawFinder.
Line: 372
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
do { \
char name[20]; \
\
snprintf(name, 20, fmt); \
prctl(PR_SET_NAME, name); \
} while (0)
static u8 *alloc_data(ssize_t bytes0, int map_flags,
int init_zero, int init_cpu0, int thp, int init_random)
Reported by FlawFinder.
Line: 1855
Column: 8
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int ret;
int i;
ret = system("echo ' #'; echo ' # Running test on: '$(uname -a); echo ' #'");
BUG_ON(ret < 0);
for (i = 0; i < nr; i++) {
run_bench_numa(tests[i][0], tests[i] + 1);
}
Reported by FlawFinder.
Line: 370
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define set_taskname(fmt...) \
do { \
char name[20]; \
\
snprintf(name, 20, fmt); \
prctl(PR_SET_NAME, name); \
} while (0)
Reported by FlawFinder.
Line: 547
Column: 30
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
dprintf("\ntoken: {%s}, end: {%s}\n", tok, tok_end);
if (!tok_end) {
/* Single CPU specified: */
bind_cpu_0 = bind_cpu_1 = atol(tok);
} else {
/* CPU range specified (for example: "5-11"): */
bind_cpu_0 = atol(tok);
bind_cpu_1 = atol(tok_end + 1);
}
Reported by FlawFinder.
Line: 550
Column: 17
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
bind_cpu_0 = bind_cpu_1 = atol(tok);
} else {
/* CPU range specified (for example: "5-11"): */
bind_cpu_0 = atol(tok);
bind_cpu_1 = atol(tok_end + 1);
}
step = 1;
tok_step = strstr(tok, "#");
Reported by FlawFinder.
Line: 551
Column: 17
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
} else {
/* CPU range specified (for example: "5-11"): */
bind_cpu_0 = atol(tok);
bind_cpu_1 = atol(tok_end + 1);
}
step = 1;
tok_step = strstr(tok, "#");
if (tok_step) {
Reported by FlawFinder.
Line: 557
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
step = 1;
tok_step = strstr(tok, "#");
if (tok_step) {
step = atol(tok_step + 1);
BUG_ON(step <= 0 || step >= g->p.nr_cpus);
}
/*
* Mask length.
Reported by FlawFinder.
Line: 569
Column: 15
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
bind_len = 1;
tok_len = strstr(tok, "_");
if (tok_len) {
bind_len = atol(tok_len + 1);
BUG_ON(bind_len <= 0 || bind_len > g->p.nr_cpus);
}
/* Multiplicator shortcut, "0x8" is a shortcut for: "0,0,0,0,0,0,0,0" */
mul = 1;
Reported by FlawFinder.
drivers/mmc/host/vub300.c
19 issues
Line: 302
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kref kref;
struct mutex cmd_mutex;
struct mutex irq_mutex;
char vub_name[3 + (9 * 8) + 4 + 1]; /* max of 7 sdio fn's */
u8 cmnd_out_ep; /* EndPoint for commands */
u8 cmnd_res_ep; /* EndPoint for responses */
u8 data_out_ep; /* EndPoint for out data */
u8 data_inp_ep; /* EndPoint for inp data */
bool card_powered;
Reported by FlawFinder.
Line: 534
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*register_access, u8 func)
{
u8 r = vub300->fn[func].offload_point + vub300->fn[func].offload_count;
memcpy(&vub300->fn[func].reg[MAXREGMASK & r], register_access,
sizeof(struct offload_registers_access));
vub300->fn[func].offload_count += 1;
vub300->total_offload_count += 1;
}
Reported by FlawFinder.
Line: 1233
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *xfer_buffer = kmalloc(xfer_length, GFP_KERNEL);
if (xfer_buffer) {
int retval;
memcpy(xfer_buffer, data, interrupt_size);
memset(xfer_buffer + interrupt_size, 0,
xfer_length - interrupt_size);
size -= interrupt_size;
data += interrupt_size;
retval =
Reported by FlawFinder.
Line: 1276
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *xfer_buffer = kmalloc(xfer_length, GFP_KERNEL);
if (xfer_buffer) {
int retval;
memcpy(xfer_buffer, data, ts);
memset(xfer_buffer + ts, 0,
xfer_length - ts);
size -= ts;
data += ts;
retval =
Reported by FlawFinder.
Line: 1558
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
} else { /* no data padding required */
int result;
unsigned char buf[64 * 4];
sg_copy_to_buffer(data->sg, data->sg_len, buf, sizeof(buf));
result = usb_sg_init(&vub300->sg_request, vub300->udev,
pipe, 0, data->sg,
data->sg_len, 0, GFP_KERNEL);
if (result < 0) {
Reported by FlawFinder.
Line: 2091
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct urb *command_out_urb;
struct urb *command_res_urb;
struct mmc_host *mmc;
char manufacturer[48];
char product[32];
char serial_number[32];
usb_string(udev, udev->descriptor.iManufacturer, manufacturer,
sizeof(manufacturer));
usb_string(udev, udev->descriptor.iProduct, product, sizeof(product));
Reported by FlawFinder.
Line: 2092
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct urb *command_res_urb;
struct mmc_host *mmc;
char manufacturer[48];
char product[32];
char serial_number[32];
usb_string(udev, udev->descriptor.iManufacturer, manufacturer,
sizeof(manufacturer));
usb_string(udev, udev->descriptor.iProduct, product, sizeof(product));
usb_string(udev, udev->descriptor.iSerialNumber, serial_number,
Reported by FlawFinder.
Line: 2093
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mmc_host *mmc;
char manufacturer[48];
char product[32];
char serial_number[32];
usb_string(udev, udev->descriptor.iManufacturer, manufacturer,
sizeof(manufacturer));
usb_string(udev, udev->descriptor.iProduct, product, sizeof(product));
usb_string(udev, udev->descriptor.iSerialNumber, serial_number,
sizeof(serial_number));
Reported by FlawFinder.
Line: 515
Column: 4
CWE codes:
120
vub300->card_present = 1;
vub300->bus_width = 0;
if (disable_offload_processing)
strncpy(vub300->vub_name, "EMPTY Processing Disabled",
sizeof(vub300->vub_name));
else
vub300->vub_name[0] = 0;
mmc_detect_change(vub300->mmc, 1);
} else if (!new_card_present && old_card_present) {
Reported by FlawFinder.
Line: 1219
Column: 3
CWE codes:
120
dev_err(&vub300->udev->dev,
"corrupt offload pseudocode in firmware %s\n",
vub300->vub_name);
strncpy(vub300->vub_name, "corrupt offload pseudocode",
sizeof(vub300->vub_name));
return;
}
interrupt_size += *data++;
size -= 1;
Reported by FlawFinder.
drivers/firmware/efi/efivars.c
19 issues
Line: 97
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -EIO;
if (var->Attributes & EFI_VARIABLE_NON_VOLATILE)
str += sprintf(str, "EFI_VARIABLE_NON_VOLATILE\n");
if (var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)
str += sprintf(str, "EFI_VARIABLE_BOOTSERVICE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)
str += sprintf(str, "EFI_VARIABLE_RUNTIME_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
Reported by FlawFinder.
Line: 99
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (var->Attributes & EFI_VARIABLE_NON_VOLATILE)
str += sprintf(str, "EFI_VARIABLE_NON_VOLATILE\n");
if (var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)
str += sprintf(str, "EFI_VARIABLE_BOOTSERVICE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)
str += sprintf(str, "EFI_VARIABLE_RUNTIME_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
str += sprintf(str, "EFI_VARIABLE_HARDWARE_ERROR_RECORD\n");
if (var->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
Reported by FlawFinder.
Line: 101
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)
str += sprintf(str, "EFI_VARIABLE_BOOTSERVICE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)
str += sprintf(str, "EFI_VARIABLE_RUNTIME_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
str += sprintf(str, "EFI_VARIABLE_HARDWARE_ERROR_RECORD\n");
if (var->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\n");
Reported by FlawFinder.
Line: 103
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)
str += sprintf(str, "EFI_VARIABLE_RUNTIME_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
str += sprintf(str, "EFI_VARIABLE_HARDWARE_ERROR_RECORD\n");
if (var->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes &
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
Reported by FlawFinder.
Line: 105
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
str += sprintf(str, "EFI_VARIABLE_HARDWARE_ERROR_RECORD\n");
if (var->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes &
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n");
Reported by FlawFinder.
Line: 109
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes &
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_APPEND_WRITE)
str += sprintf(str, "EFI_VARIABLE_APPEND_WRITE\n");
return str - buf;
}
Reported by FlawFinder.
Line: 112
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
str += sprintf(str,
"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_APPEND_WRITE)
str += sprintf(str, "EFI_VARIABLE_APPEND_WRITE\n");
return str - buf;
}
static ssize_t
efivar_size_read(struct efivar_entry *entry, char *buf)
Reported by FlawFinder.
Line: 132
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return -EIO;
str += sprintf(str, "0x%lx\n", var->DataSize);
return str - buf;
}
static ssize_t
efivar_data_read(struct efivar_entry *entry, char *buf)
Reported by FlawFinder.
Line: 151
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return -EIO;
memcpy(buf, var->Data, var->DataSize);
return var->DataSize;
}
static inline int
sanity_check(struct efi_variable *var, efi_char16_t *name, efi_guid_t vendor,
Reported by FlawFinder.
Line: 186
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void
copy_out_compat(struct efi_variable *dst, struct compat_efi_variable *src)
{
memcpy(dst->VariableName, src->VariableName, EFI_VAR_NAME_LEN);
memcpy(dst->Data, src->Data, sizeof(src->Data));
dst->VendorGuid = src->VendorGuid;
dst->DataSize = src->DataSize;
dst->Attributes = src->Attributes;
Reported by FlawFinder.
scripts/clang-tools/run-clang-tools.py
19 issues
Line: 15
Column: 1
import argparse
import json
import multiprocessing
import os
import subprocess
import sys
def parse_arguments():
Reported by Pylint.
Line: 41
Column: 5
def init(l, a):
global lock
global args
lock = l
args = a
Reported by Pylint.
Line: 42
Column: 5
def init(l, a):
global lock
global args
lock = l
args = a
def run_analysis(entry):
Reported by Pylint.
Line: 54
Column: 9
checks += "linuxkernel-*"
else:
checks += "clang-analyzer-*"
p = subprocess.run(["clang-tidy", "-p", args.path, checks, entry["file"]],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
cwd=entry["directory"])
with lock:
sys.stderr.buffer.write(p.stdout)
Reported by Pylint.
Line: 63
Column: 5
def main():
args = parse_arguments()
lock = multiprocessing.Lock()
pool = multiprocessing.Pool(initializer=init, initargs=(lock, args))
# Read JSON data into the datastore variable
with open(args.path, "r") as f:
Reported by Pylint.
Line: 65
Column: 5
def main():
args = parse_arguments()
lock = multiprocessing.Lock()
pool = multiprocessing.Pool(initializer=init, initargs=(lock, args))
# Read JSON data into the datastore variable
with open(args.path, "r") as f:
datastore = json.load(f)
pool.map(run_analysis, datastore)
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python3
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (C) Google LLC, 2020
#
# Author: Nathan Huckleberry <nhuck@google.com>
#
"""A helper routine run clang-tidy and the clang static-analyzer on
compile_commands.json.
Reported by Pylint.
Line: 16
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import json
import multiprocessing
import os
import subprocess
import sys
def parse_arguments():
"""Set up and parses command-line arguments.
Reported by Bandit.
Line: 40
Column: 1
return parser.parse_args()
def init(l, a):
global lock
global args
lock = l
args = a
Reported by Pylint.
Line: 40
Column: 1
return parser.parse_args()
def init(l, a):
global lock
global args
lock = l
args = a
Reported by Pylint.
drivers/tty/hvc/hvc_iucv.c
19 issues
Line: 1007
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
spin_unlock_bh(&priv->lock);
EBCASC(ipuser, 8);
return sprintf(buf, "%s:%s\n", vmid, ipuser);
}
/* HVC operations */
static const struct hv_ops hvc_iucv_ops = {
Reported by FlawFinder.
Line: 271
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (rb->mbuf->type) {
case MSG_TYPE_DATA:
written = min_t(int, rb->mbuf->datalen - rb->offset, count);
memcpy(buf, rb->mbuf->data + rb->offset, written);
if (written < (rb->mbuf->datalen - rb->offset)) {
rb->offset += written;
*has_more_data = 1;
goto out_written;
}
Reported by FlawFinder.
Line: 371
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!len)
return 0;
memcpy(priv->sndbuf + priv->sndbuf_len, buf, len);
priv->sndbuf_len += len;
if (priv->iucv_state == IUCV_CONNECTED)
schedule_delayed_work(&priv->sndbuf_work, QUEUE_SNDBUF_DELAY);
Reported by FlawFinder.
Line: 409
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!sb)
return -ENOMEM;
memcpy(sb->mbuf->data, priv->sndbuf, priv->sndbuf_len);
sb->mbuf->datalen = (u16) priv->sndbuf_len;
sb->msg.length = MSG_SIZE(sb->mbuf->datalen);
list_add_tail(&sb->list, &priv->tty_outqueue);
Reported by FlawFinder.
Line: 828
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc) {
iucv_path_sever(path, ipuser);
iucv_path_free(path);
memcpy(vm_user_id, ipvmid, 8);
vm_user_id[8] = 0;
pr_info("A connection request from z/VM user ID %s "
"was refused\n", vm_user_id);
return 0;
}
Reported by FlawFinder.
Line: 847
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* accept path */
memcpy(nuser_data, ipuser + 8, 8); /* remote service (for af_iucv) */
memcpy(nuser_data + 8, ipuser, 8); /* local service (for af_iucv) */
path->msglim = 0xffff; /* IUCV MSGLIMIT */
path->flags &= ~IUCV_IPRMDATA; /* TODO: use IUCV_IPRMDATA */
rc = iucv_path_accept(path, &hvc_iucv_handler, nuser_data, priv);
if (rc) {
Reported by FlawFinder.
Line: 848
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* accept path */
memcpy(nuser_data, ipuser + 8, 8); /* remote service (for af_iucv) */
memcpy(nuser_data + 8, ipuser, 8); /* local service (for af_iucv) */
path->msglim = 0xffff; /* IUCV MSGLIMIT */
path->flags &= ~IUCV_IPRMDATA; /* TODO: use IUCV_IPRMDATA */
rc = iucv_path_accept(path, &hvc_iucv_handler, nuser_data, priv);
if (rc) {
iucv_path_sever(path, ipuser);
Reported by FlawFinder.
Line: 861
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv->iucv_state = IUCV_CONNECTED;
/* store path information */
memcpy(priv->info_path, ipvmid, 8);
memcpy(priv->info_path + 8, ipuser + 8, 8);
/* flush buffered output data... */
schedule_delayed_work(&priv->sndbuf_work, 5);
Reported by FlawFinder.
Line: 862
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* store path information */
memcpy(priv->info_path, ipvmid, 8);
memcpy(priv->info_path + 8, ipuser + 8, 8);
/* flush buffered output data... */
schedule_delayed_work(&priv->sndbuf_work, 5);
out_path_handled:
Reported by FlawFinder.
Line: 975
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t len;
len = sizeof(priv->srv_name);
memcpy(buf, priv->srv_name, len);
EBCASC(buf, len);
buf[len++] = '\n';
return len;
}
Reported by FlawFinder.