The following issues were found
drivers/firmware/efi/efivars.c
19 issues
Line: 97
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -EIO;
if (var->Attributes & EFI_VARIABLE_NON_VOLATILE)
str += sprintf(str, "EFI_VARIABLE_NON_VOLATILE\n");
if (var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)
str += sprintf(str, "EFI_VARIABLE_BOOTSERVICE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)
str += sprintf(str, "EFI_VARIABLE_RUNTIME_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
Reported by FlawFinder.
Line: 99
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (var->Attributes & EFI_VARIABLE_NON_VOLATILE)
str += sprintf(str, "EFI_VARIABLE_NON_VOLATILE\n");
if (var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)
str += sprintf(str, "EFI_VARIABLE_BOOTSERVICE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)
str += sprintf(str, "EFI_VARIABLE_RUNTIME_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
str += sprintf(str, "EFI_VARIABLE_HARDWARE_ERROR_RECORD\n");
if (var->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
Reported by FlawFinder.
Line: 101
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)
str += sprintf(str, "EFI_VARIABLE_BOOTSERVICE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)
str += sprintf(str, "EFI_VARIABLE_RUNTIME_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
str += sprintf(str, "EFI_VARIABLE_HARDWARE_ERROR_RECORD\n");
if (var->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\n");
Reported by FlawFinder.
Line: 103
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)
str += sprintf(str, "EFI_VARIABLE_RUNTIME_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
str += sprintf(str, "EFI_VARIABLE_HARDWARE_ERROR_RECORD\n");
if (var->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes &
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
Reported by FlawFinder.
Line: 105
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (var->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD)
str += sprintf(str, "EFI_VARIABLE_HARDWARE_ERROR_RECORD\n");
if (var->Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes &
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n");
Reported by FlawFinder.
Line: 109
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
"EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes &
EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
str += sprintf(str,
"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_APPEND_WRITE)
str += sprintf(str, "EFI_VARIABLE_APPEND_WRITE\n");
return str - buf;
}
Reported by FlawFinder.
Line: 112
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
str += sprintf(str,
"EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n");
if (var->Attributes & EFI_VARIABLE_APPEND_WRITE)
str += sprintf(str, "EFI_VARIABLE_APPEND_WRITE\n");
return str - buf;
}
static ssize_t
efivar_size_read(struct efivar_entry *entry, char *buf)
Reported by FlawFinder.
Line: 132
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return -EIO;
str += sprintf(str, "0x%lx\n", var->DataSize);
return str - buf;
}
static ssize_t
efivar_data_read(struct efivar_entry *entry, char *buf)
Reported by FlawFinder.
Line: 151
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return -EIO;
memcpy(buf, var->Data, var->DataSize);
return var->DataSize;
}
static inline int
sanity_check(struct efi_variable *var, efi_char16_t *name, efi_guid_t vendor,
Reported by FlawFinder.
Line: 186
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void
copy_out_compat(struct efi_variable *dst, struct compat_efi_variable *src)
{
memcpy(dst->VariableName, src->VariableName, EFI_VAR_NAME_LEN);
memcpy(dst->Data, src->Data, sizeof(src->Data));
dst->VendorGuid = src->VendorGuid;
dst->DataSize = src->DataSize;
dst->Attributes = src->Attributes;
Reported by FlawFinder.
drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c
19 issues
Line: 169
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fsp->h_u.usr_ip6_spec.l4_4_bytes = rule->ip.v6.l4_header;
fsp->h_u.usr_ip6_spec.tclass = rule->ip.v6.tc;
fsp->h_u.usr_ip6_spec.l4_proto = rule->ip.v6.proto;
memcpy(fsp->h_u.tcp_ip6_spec.ip6src, rule->ip.v6.src_ip,
sizeof(struct in6_addr));
memcpy(fsp->h_u.tcp_ip6_spec.ip6dst, rule->ip.v6.dst_ip,
sizeof(struct in6_addr));
memcpy(fsp->m_u.tcp_ip6_spec.ip6src, rule->mask.v6.src_ip,
sizeof(struct in6_addr));
Reported by FlawFinder.
Line: 171
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fsp->h_u.usr_ip6_spec.l4_proto = rule->ip.v6.proto;
memcpy(fsp->h_u.tcp_ip6_spec.ip6src, rule->ip.v6.src_ip,
sizeof(struct in6_addr));
memcpy(fsp->h_u.tcp_ip6_spec.ip6dst, rule->ip.v6.dst_ip,
sizeof(struct in6_addr));
memcpy(fsp->m_u.tcp_ip6_spec.ip6src, rule->mask.v6.src_ip,
sizeof(struct in6_addr));
memcpy(fsp->m_u.tcp_ip6_spec.ip6dst, rule->mask.v6.dst_ip,
sizeof(struct in6_addr));
Reported by FlawFinder.
Line: 173
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct in6_addr));
memcpy(fsp->h_u.tcp_ip6_spec.ip6dst, rule->ip.v6.dst_ip,
sizeof(struct in6_addr));
memcpy(fsp->m_u.tcp_ip6_spec.ip6src, rule->mask.v6.src_ip,
sizeof(struct in6_addr));
memcpy(fsp->m_u.tcp_ip6_spec.ip6dst, rule->mask.v6.dst_ip,
sizeof(struct in6_addr));
fsp->m_u.usr_ip6_spec.l4_4_bytes = rule->mask.v6.l4_header;
fsp->m_u.usr_ip6_spec.tclass = rule->mask.v6.tc;
Reported by FlawFinder.
Line: 175
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct in6_addr));
memcpy(fsp->m_u.tcp_ip6_spec.ip6src, rule->mask.v6.src_ip,
sizeof(struct in6_addr));
memcpy(fsp->m_u.tcp_ip6_spec.ip6dst, rule->mask.v6.dst_ip,
sizeof(struct in6_addr));
fsp->m_u.usr_ip6_spec.l4_4_bytes = rule->mask.v6.l4_header;
fsp->m_u.usr_ip6_spec.tclass = rule->mask.v6.tc;
fsp->m_u.usr_ip6_spec.l4_proto = rule->mask.v6.proto;
break;
Reported by FlawFinder.
Line: 184
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case TCP_V6_FLOW:
case UDP_V6_FLOW:
case SCTP_V6_FLOW:
memcpy(fsp->h_u.tcp_ip6_spec.ip6src, rule->ip.v6.src_ip,
sizeof(struct in6_addr));
memcpy(fsp->h_u.tcp_ip6_spec.ip6dst, rule->ip.v6.dst_ip,
sizeof(struct in6_addr));
fsp->h_u.tcp_ip6_spec.psrc = rule->ip.v6.src_port;
fsp->h_u.tcp_ip6_spec.pdst = rule->ip.v6.dst_port;
Reported by FlawFinder.
Line: 186
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case SCTP_V6_FLOW:
memcpy(fsp->h_u.tcp_ip6_spec.ip6src, rule->ip.v6.src_ip,
sizeof(struct in6_addr));
memcpy(fsp->h_u.tcp_ip6_spec.ip6dst, rule->ip.v6.dst_ip,
sizeof(struct in6_addr));
fsp->h_u.tcp_ip6_spec.psrc = rule->ip.v6.src_port;
fsp->h_u.tcp_ip6_spec.pdst = rule->ip.v6.dst_port;
memcpy(fsp->m_u.tcp_ip6_spec.ip6src,
rule->mask.v6.src_ip,
Reported by FlawFinder.
Line: 190
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct in6_addr));
fsp->h_u.tcp_ip6_spec.psrc = rule->ip.v6.src_port;
fsp->h_u.tcp_ip6_spec.pdst = rule->ip.v6.dst_port;
memcpy(fsp->m_u.tcp_ip6_spec.ip6src,
rule->mask.v6.src_ip,
sizeof(struct in6_addr));
memcpy(fsp->m_u.tcp_ip6_spec.ip6dst,
rule->mask.v6.dst_ip,
sizeof(struct in6_addr));
Reported by FlawFinder.
Line: 193
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(fsp->m_u.tcp_ip6_spec.ip6src,
rule->mask.v6.src_ip,
sizeof(struct in6_addr));
memcpy(fsp->m_u.tcp_ip6_spec.ip6dst,
rule->mask.v6.dst_ip,
sizeof(struct in6_addr));
fsp->m_u.tcp_ip6_spec.psrc = rule->mask.v6.src_port;
fsp->m_u.tcp_ip6_spec.pdst = rule->mask.v6.dst_port;
fsp->h_u.tcp_ip6_spec.tclass = rule->ip.v6.tc;
Reported by FlawFinder.
Line: 740
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_exit;
/* make tunneled filter HW entries if possible */
memcpy(&tun_seg[1], seg, sizeof(*seg));
ret = ice_fdir_set_hw_fltr_rule(pf, tun_seg, flow, ICE_FD_HW_SEG_TUN);
if (ret)
/* could not write tunnel filter, but outer header filter
* exists
*/
Reported by FlawFinder.
Line: 1124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_exit;
/* tunnel segments are shifted up one. */
memcpy(&tun_seg[1], seg, sizeof(*seg));
if (user && user->flex_fltr) {
perfect_filter = false;
ice_flow_add_fld_raw(seg, user->flex_offset,
ICE_FLTR_PRGM_FLEX_WORD_SIZE,
Reported by FlawFinder.
drivers/input/misc/ims-pcu.c
19 issues
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ims_pcu_buttons {
struct input_dev *input;
char name[32];
char phys[32];
unsigned short keymap[IMS_PCU_KEYMAP_LEN];
};
struct ims_pcu_gamepad {
Reported by FlawFinder.
Line: 27
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ims_pcu_buttons {
struct input_dev *input;
char name[32];
char phys[32];
unsigned short keymap[IMS_PCU_KEYMAP_LEN];
};
struct ims_pcu_gamepad {
struct input_dev *input;
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ims_pcu_gamepad {
struct input_dev *input;
char name[32];
char phys[32];
};
struct ims_pcu_backlight {
struct led_classdev cdev;
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ims_pcu_gamepad {
struct input_dev *input;
char name[32];
char phys[32];
};
struct ims_pcu_backlight {
struct led_classdev cdev;
char name[32];
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ims_pcu_backlight {
struct led_classdev cdev;
char name[32];
};
#define IMS_PCU_PART_NUMBER_LEN 15
#define IMS_PCU_SERIAL_NUMBER_LEN 8
#define IMS_PCU_DOM_LEN 8
Reported by FlawFinder.
Line: 61
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool bootloader_mode;
char part_number[IMS_PCU_PART_NUMBER_LEN];
char serial_number[IMS_PCU_SERIAL_NUMBER_LEN];
char date_of_manufacturing[IMS_PCU_DOM_LEN];
char fw_version[IMS_PCU_FW_VERSION_LEN];
char bl_version[IMS_PCU_BL_VERSION_LEN];
char reset_reason[IMS_PCU_BL_RESET_REASON_LEN];
Reported by FlawFinder.
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool bootloader_mode;
char part_number[IMS_PCU_PART_NUMBER_LEN];
char serial_number[IMS_PCU_SERIAL_NUMBER_LEN];
char date_of_manufacturing[IMS_PCU_DOM_LEN];
char fw_version[IMS_PCU_FW_VERSION_LEN];
char bl_version[IMS_PCU_BL_VERSION_LEN];
char reset_reason[IMS_PCU_BL_RESET_REASON_LEN];
int update_firmware_status;
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char part_number[IMS_PCU_PART_NUMBER_LEN];
char serial_number[IMS_PCU_SERIAL_NUMBER_LEN];
char date_of_manufacturing[IMS_PCU_DOM_LEN];
char fw_version[IMS_PCU_FW_VERSION_LEN];
char bl_version[IMS_PCU_BL_VERSION_LEN];
char reset_reason[IMS_PCU_BL_RESET_REASON_LEN];
int update_firmware_status;
u8 device_id;
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char part_number[IMS_PCU_PART_NUMBER_LEN];
char serial_number[IMS_PCU_SERIAL_NUMBER_LEN];
char date_of_manufacturing[IMS_PCU_DOM_LEN];
char fw_version[IMS_PCU_FW_VERSION_LEN];
char bl_version[IMS_PCU_BL_VERSION_LEN];
char reset_reason[IMS_PCU_BL_RESET_REASON_LEN];
int update_firmware_status;
u8 device_id;
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char serial_number[IMS_PCU_SERIAL_NUMBER_LEN];
char date_of_manufacturing[IMS_PCU_DOM_LEN];
char fw_version[IMS_PCU_FW_VERSION_LEN];
char bl_version[IMS_PCU_BL_VERSION_LEN];
char reset_reason[IMS_PCU_BL_RESET_REASON_LEN];
int update_firmware_status;
u8 device_id;
u8 ofn_reg_addr;
Reported by FlawFinder.
tools/perf/util/svghelper.c
19 issues
Line: 89
Column: 12
CWE codes:
362
{
int new_width;
svgfile = fopen(filename, "w");
if (!svgfile) {
fprintf(stderr, "Cannot open %s for output\n", filename);
return;
}
first_time = start;
Reported by FlawFinder.
Line: 272
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *time_to_string(u64 duration)
{
static char text[80];
text[0] = 0;
if (duration < NSEC_PER_USEC) /* less than 1 usec */
return text;
Reported by FlawFinder.
Line: 280
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return text;
if (duration < NSEC_PER_MSEC) { /* less than 1 msec */
sprintf(text, "%.1f us", duration / (double)NSEC_PER_USEC);
return text;
}
sprintf(text, "%.1f ms", duration / (double)NSEC_PER_MSEC);
return text;
Reported by FlawFinder.
Line: 283
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(text, "%.1f us", duration / (double)NSEC_PER_USEC);
return text;
}
sprintf(text, "%.1f ms", duration / (double)NSEC_PER_MSEC);
return text;
}
void svg_waiting(int Yslot, int cpu, u64 start, u64 end, const char *backtrace)
Reported by FlawFinder.
Line: 325
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *cpu_model(void)
{
static char cpu_m[255];
char buf[256];
FILE *file;
cpu_m[0] = 0;
/* CPU type */
Reported by FlawFinder.
Line: 326
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *cpu_model(void)
{
static char cpu_m[255];
char buf[256];
FILE *file;
cpu_m[0] = 0;
/* CPU type */
file = fopen("/proc/cpuinfo", "r");
Reported by FlawFinder.
Line: 331
Column: 9
CWE codes:
362
cpu_m[0] = 0;
/* CPU type */
file = fopen("/proc/cpuinfo", "r");
if (file) {
while (fgets(buf, 255, file)) {
if (strstr(buf, "model name")) {
strlcpy(cpu_m, &buf[13], 255);
break;
Reported by FlawFinder.
Line: 343
Column: 9
CWE codes:
362
}
/* CPU type */
file = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_frequencies", "r");
if (file) {
while (fgets(buf, 255, file)) {
unsigned int freq;
freq = strtoull(buf, NULL, 10);
if (freq > max_freq)
Reported by FlawFinder.
Line: 358
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void svg_cpu_box(int cpu, u64 __max_freq, u64 __turbo_freq)
{
char cpu_string[80];
if (!svgfile)
return;
max_freq = __max_freq;
turbo_frequency = __turbo_freq;
Reported by FlawFinder.
Line: 372
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
time2pixels(last_time)-time2pixels(first_time),
cpu2y(cpu), SLOT_MULT+SLOT_HEIGHT);
sprintf(cpu_string, "CPU %i", (int)cpu);
fprintf(svgfile, "<text x=\"%.8f\" y=\"%.8f\">%s</text>\n",
10+time2pixels(first_time), cpu2y(cpu) + SLOT_HEIGHT/2, cpu_string);
fprintf(svgfile, "<text transform=\"translate(%.8f,%.8f)\" font-size=\"1.25pt\">%s</text>\n",
10+time2pixels(first_time), cpu2y(cpu) + SLOT_MULT + SLOT_HEIGHT - 4, cpu_model());
Reported by FlawFinder.
drivers/target/target_core_spc.c
19 issues
Line: 157
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u16 len;
if (dev->dev_flags & DF_EMULATED_VPD_UNIT_SERIAL) {
len = sprintf(&buf[4], "%s", dev->t10_wwn.unit_serial);
len++; /* Extra Byte for NULL Terminator */
buf[3] = len;
}
return 0;
}
Reported by FlawFinder.
Line: 273
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
unit_serial_len = strlen(&dev->t10_wwn.unit_serial[0]);
unit_serial_len++; /* For NULL Terminator */
id_len += sprintf(&buf[off+12], "%s:%s", prod,
&dev->t10_wwn.unit_serial[0]);
}
buf[off] = 0x2; /* ASCII */
buf[off+1] = 0x1; /* T10 Vendor ID */
buf[off+2] = 0x0;
Reported by FlawFinder.
Line: 400
Column: 19
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* UTF-8 encoding.
*/
tpgt = tpg->se_tpg_tfo->tpg_get_tag(tpg);
scsi_name_len = sprintf(&buf[off], "%s,t,0x%04x",
tpg->se_tpg_tfo->tpg_get_wwn(tpg), tpgt);
scsi_name_len += 1 /* Include NULL terminator */;
/*
* The null-terminated, null-padded (see 4.4.2) SCSI
* NAME STRING field contains a UTF-8 format string.
Reported by FlawFinder.
Line: 439
Column: 21
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* Target Port, this means "<iSCSI name>" in
* UTF-8 encoding.
*/
scsi_target_len = sprintf(&buf[off], "%s",
tpg->se_tpg_tfo->tpg_get_wwn(tpg));
scsi_target_len += 1 /* Include NULL terminator */;
/*
* The null-terminated, null-padded (see 4.4.2) SCSI
* NAME STRING field contains a UTF-8 format string.
Reported by FlawFinder.
Line: 127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memset(&buf[8], 0x20,
INQUIRY_VENDOR_LEN + INQUIRY_MODEL_LEN + INQUIRY_REVISION_LEN);
memcpy(&buf[8], dev->t10_wwn.vendor,
strnlen(dev->t10_wwn.vendor, INQUIRY_VENDOR_LEN));
memcpy(&buf[16], dev->t10_wwn.model,
strnlen(dev->t10_wwn.model, INQUIRY_MODEL_LEN));
memcpy(&buf[32], dev->t10_wwn.revision,
strnlen(dev->t10_wwn.revision, INQUIRY_REVISION_LEN));
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
INQUIRY_VENDOR_LEN + INQUIRY_MODEL_LEN + INQUIRY_REVISION_LEN);
memcpy(&buf[8], dev->t10_wwn.vendor,
strnlen(dev->t10_wwn.vendor, INQUIRY_VENDOR_LEN));
memcpy(&buf[16], dev->t10_wwn.model,
strnlen(dev->t10_wwn.model, INQUIRY_MODEL_LEN));
memcpy(&buf[32], dev->t10_wwn.revision,
strnlen(dev->t10_wwn.revision, INQUIRY_REVISION_LEN));
/*
Reported by FlawFinder.
Line: 131
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
strnlen(dev->t10_wwn.vendor, INQUIRY_VENDOR_LEN));
memcpy(&buf[16], dev->t10_wwn.model,
strnlen(dev->t10_wwn.model, INQUIRY_MODEL_LEN));
memcpy(&buf[32], dev->t10_wwn.revision,
strnlen(dev->t10_wwn.revision, INQUIRY_REVISION_LEN));
/*
* Set the VERSION DESCRIPTOR fields
*/
Reported by FlawFinder.
Line: 281
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[off+2] = 0x0;
/* left align Vendor ID and pad with spaces */
memset(&buf[off+4], 0x20, INQUIRY_VENDOR_LEN);
memcpy(&buf[off+4], dev->t10_wwn.vendor,
strnlen(dev->t10_wwn.vendor, INQUIRY_VENDOR_LEN));
/* Extra Byte for NULL Terminator */
id_len++;
/* Identifier Length */
buf[off+3] = id_len;
Reported by FlawFinder.
Line: 778
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out:
rbuf = transport_kmap_data_sg(cmd);
if (rbuf) {
memcpy(rbuf, buf, min_t(u32, SE_INQUIRY_BUF, cmd->data_length));
transport_kunmap_data_sg(cmd);
}
kfree(buf);
if (!ret)
Reported by FlawFinder.
Line: 1021
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct se_device *dev = cmd->se_dev;
char *cdb = cmd->t_task_cdb;
unsigned char buf[SE_MODE_PAGE_BUF], *rbuf;
int type = dev->transport->get_device_type(dev);
int ten = (cmd->t_task_cdb[0] == MODE_SENSE_10);
bool dbd = !!(cdb[1] & 0x08);
bool llba = ten ? !!(cdb[1] & 0x10) : false;
u8 pc = cdb[2] >> 6;
Reported by FlawFinder.
tools/accounting/getdelays.c
19 issues
Line: 44
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define err(code, fmt, arg...) \
do { \
fprintf(stderr, fmt, ##arg); \
exit(code); \
} while (0)
int done;
int rcvbufsz;
Reported by FlawFinder.
Line: 58
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define PRINTF(fmt, arg...) { \
if (dbg) { \
printf(fmt, ##arg); \
} \
}
/* Maximum size of response requested or message sent */
#define MAX_MSG_SIZE 1024
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct nlattr *na;
int rep_len;
strcpy(name, TASKSTATS_GENL_NAME);
rc = send_cmd(sd, GENL_ID_CTRL, getpid(), CTRL_CMD_GETFAMILY,
CTRL_ATTR_FAMILY_NAME, (void *)name,
strlen(TASKSTATS_GENL_NAME)+1);
if (rc < 0)
return 0; /* sendto() failure? */
Reported by FlawFinder.
Line: 354
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (tid < 0)
err(1, "Fork failed\n");
if (tid == 0)
if (execvp(argv[optind - 1],
&argv[optind - 1]) < 0)
exit(-1);
/* Set the command type and avoid further processing */
cmd_type = TASKSTATS_CMD_ATTR_PID;
Reported by FlawFinder.
Line: 290
Column: 7
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
struct msgtemplate msg;
while (!forking) {
c = getopt(argc, argv, "qdiw:r:m:t:p:vlC:c:");
if (c < 0)
break;
switch (c) {
case 'd':
Reported by FlawFinder.
Line: 50
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int done;
int rcvbufsz;
char name[100];
int dbg;
int print_delays;
int print_io_accounting;
int print_task_context_switch_counts;
Reported by FlawFinder.
Line: 70
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct msgtemplate {
struct nlmsghdr n;
struct genlmsghdr g;
char buf[MAX_MSG_SIZE];
};
char cpumask[100+6*MAX_CPUS];
static void usage(void)
Reported by FlawFinder.
Line: 73
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char buf[MAX_MSG_SIZE];
};
char cpumask[100+6*MAX_CPUS];
static void usage(void)
{
fprintf(stderr, "getdelays [-dilv] [-w logfile] [-r bufsize] "
"[-m cpumask] [-t tgid] [-p pid]\n");
Reported by FlawFinder.
Line: 140
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
na = (struct nlattr *) GENLMSG_DATA(&msg);
na->nla_type = nla_type;
na->nla_len = nla_len + NLA_HDRLEN;
memcpy(NLA_DATA(na), nla_data, nla_len);
msg.n.nlmsg_len += NLMSG_ALIGN(na->nla_len);
buf = (char *) &msg;
buflen = msg.n.nlmsg_len ;
memset(&nladdr, 0, sizeof(nladdr));
Reported by FlawFinder.
Line: 168
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
struct nlmsghdr n;
struct genlmsghdr g;
char buf[256];
} ans;
int id = 0, rc;
struct nlattr *na;
int rep_len;
Reported by FlawFinder.
scripts/clang-tools/run-clang-tools.py
19 issues
Line: 15
Column: 1
import argparse
import json
import multiprocessing
import os
import subprocess
import sys
def parse_arguments():
Reported by Pylint.
Line: 41
Column: 5
def init(l, a):
global lock
global args
lock = l
args = a
Reported by Pylint.
Line: 42
Column: 5
def init(l, a):
global lock
global args
lock = l
args = a
def run_analysis(entry):
Reported by Pylint.
Line: 54
Column: 9
checks += "linuxkernel-*"
else:
checks += "clang-analyzer-*"
p = subprocess.run(["clang-tidy", "-p", args.path, checks, entry["file"]],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
cwd=entry["directory"])
with lock:
sys.stderr.buffer.write(p.stdout)
Reported by Pylint.
Line: 63
Column: 5
def main():
args = parse_arguments()
lock = multiprocessing.Lock()
pool = multiprocessing.Pool(initializer=init, initargs=(lock, args))
# Read JSON data into the datastore variable
with open(args.path, "r") as f:
Reported by Pylint.
Line: 65
Column: 5
def main():
args = parse_arguments()
lock = multiprocessing.Lock()
pool = multiprocessing.Pool(initializer=init, initargs=(lock, args))
# Read JSON data into the datastore variable
with open(args.path, "r") as f:
datastore = json.load(f)
pool.map(run_analysis, datastore)
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python3
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (C) Google LLC, 2020
#
# Author: Nathan Huckleberry <nhuck@google.com>
#
"""A helper routine run clang-tidy and the clang static-analyzer on
compile_commands.json.
Reported by Pylint.
Line: 16
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import json
import multiprocessing
import os
import subprocess
import sys
def parse_arguments():
"""Set up and parses command-line arguments.
Reported by Bandit.
Line: 40
Column: 1
return parser.parse_args()
def init(l, a):
global lock
global args
lock = l
args = a
Reported by Pylint.
Line: 40
Column: 1
return parser.parse_args()
def init(l, a):
global lock
global args
lock = l
args = a
Reported by Pylint.
drivers/scsi/megaraid/megaraid_sas.h
19 issues
Line: 979
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char name[8];
char version[32];
char build_date[16];
char built_time[16];
} __attribute__ ((packed)) image_component[8];
Reported by FlawFinder.
Line: 980
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char name[8];
char version[32];
char build_date[16];
char built_time[16];
} __attribute__ ((packed)) image_component[8];
Reported by FlawFinder.
Line: 981
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char name[8];
char version[32];
char build_date[16];
char built_time[16];
} __attribute__ ((packed)) image_component[8];
/*
Reported by FlawFinder.
Line: 982
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char name[8];
char version[32];
char build_date[16];
char built_time[16];
} __attribute__ ((packed)) image_component[8];
/*
* List of flash components that have been flashed on the card, but
Reported by FlawFinder.
Line: 996
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char name[8];
char version[32];
char build_date[16];
char build_time[16];
} __attribute__ ((packed)) pending_image_component[8];
Reported by FlawFinder.
Line: 997
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char name[8];
char version[32];
char build_date[16];
char build_time[16];
} __attribute__ ((packed)) pending_image_component[8];
Reported by FlawFinder.
Line: 998
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char name[8];
char version[32];
char build_date[16];
char build_time[16];
} __attribute__ ((packed)) pending_image_component[8];
u8 max_arms;
Reported by FlawFinder.
Line: 999
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char name[8];
char version[32];
char build_date[16];
char build_time[16];
} __attribute__ ((packed)) pending_image_component[8];
u8 max_arms;
u8 max_spans;
Reported by FlawFinder.
Line: 1008
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 max_arrays;
u8 max_lds;
char product_name[80];
char serial_no[32];
/*
* Other physical/controller/operation information. Indicates the
* presence of the hardware
Reported by FlawFinder.
Line: 1009
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 max_lds;
char product_name[80];
char serial_no[32];
/*
* Other physical/controller/operation information. Indicates the
* presence of the hardware
*/
Reported by FlawFinder.
fs/ext4/xattr.c
19 issues
Line: 368
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = -EFSCORRUPTED;
goto put_bhs;
}
memcpy((char *)buf + blocksize * i, bhs[i]->b_data,
i < bh_count - 1 ? blocksize : tail_size);
}
ret = 0;
put_bhs:
for (i = 0; i < bh_count; i++)
Reported by FlawFinder.
Line: 563
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(p + size > end))
goto cleanup;
memcpy(buffer, p, size);
}
}
error = size;
cleanup:
Reported by FlawFinder.
Line: 618
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(p + size > end))
goto cleanup;
memcpy(buffer, p, size);
}
}
error = size;
cleanup:
Reported by FlawFinder.
Line: 678
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buffer) {
if (size > rest)
return -ERANGE;
memcpy(buffer, prefix, prefix_len);
buffer += prefix_len;
memcpy(buffer, entry->e_name, entry->e_name_len);
buffer += entry->e_name_len;
*buffer++ = 0;
}
Reported by FlawFinder.
Line: 680
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ERANGE;
memcpy(buffer, prefix, prefix_len);
buffer += prefix_len;
memcpy(buffer, entry->e_name, entry->e_name_len);
buffer += entry->e_name_len;
*buffer++ = 0;
}
rest -= size;
}
Reported by FlawFinder.
Line: 1378
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
goto out;
memcpy(bh->b_data, buf, csize);
set_buffer_uptodate(bh);
ext4_handle_dirty_metadata(handle, ea_inode, bh);
buf += csize;
wsize += csize;
Reported by FlawFinder.
Line: 1580
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i->value == EXT4_ZERO_XATTR_VALUE) {
memset(val, 0, new_size);
} else {
memcpy(val, i->value, i->value_len);
/* Clear padding bytes. */
memset(val + i->value_len, 0, new_size - i->value_len);
}
goto update_hash;
}
Reported by FlawFinder.
Line: 1727
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(here, 0, size);
here->e_name_index = i->name_index;
here->e_name_len = name_len;
memcpy(here->e_name, i->name, name_len);
} else {
/* This is an update, reset value info. */
here->e_value_inum = 0;
here->e_value_offs = 0;
here->e_value_size = 0;
Reported by FlawFinder.
Line: 1746
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i->value == EXT4_ZERO_XATTR_VALUE) {
memset(val, 0, new_size);
} else {
memcpy(val, i->value, i->value_len);
/* Clear padding bytes. */
memset(val + i->value_len, 0,
new_size - i->value_len);
}
}
Reported by FlawFinder.
Line: 1897
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
error = -ENOMEM;
if (s->base == NULL)
goto cleanup;
memcpy(s->base, BHDR(bs->bh), bs->bh->b_size);
s->first = ENTRY(header(s->base)+1);
header(s->base)->h_refcount = cpu_to_le32(1);
s->here = ENTRY(s->base + offset);
s->end = s->base + bs->bh->b_size;
Reported by FlawFinder.
drivers/dax/bus.c
19 issues
Line: 285
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
device_lock(dev);
seed = dax_region->seed;
rc = sprintf(buf, "%s\n", seed ? dev_name(seed) : "");
device_unlock(dev);
return rc;
}
static DEVICE_ATTR_RO(seed);
Reported by FlawFinder.
Line: 304
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
device_lock(dev);
youngest = dax_region->youngest;
rc = sprintf(buf, "%s\n", youngest ? dev_name(youngest) : "");
device_unlock(dev);
return rc;
}
Reported by FlawFinder.
Line: 1203
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
* We only ever expect to handle device-dax instances, i.e. the
* @type argument to MODULE_ALIAS_DAX_DEVICE() is always zero
*/
return sprintf(buf, DAX_DEVICE_MODALIAS_FMT "\n", 0);
}
static DEVICE_ATTR_RO(modalias);
static ssize_t numa_node_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DAX_NAME_LEN 30
struct dax_id {
struct list_head list;
char dev_name[DAX_NAME_LEN];
};
static int dax_bus_uevent(struct device *dev, struct kobj_uevent_env *env)
{
/*
Reported by FlawFinder.
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dax_device_driver *dax_drv = to_dax_drv(drv);
unsigned int region_id, id;
char devname[DAX_NAME_LEN];
struct dax_id *dax_id;
ssize_t rc = count;
int fields;
fields = sscanf(buf, "dax%d.%d", ®ion_id, &id);
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
fields = sscanf(buf, "dax%d.%d", ®ion_id, &id);
if (fields != 2)
return -EINVAL;
sprintf(devname, "dax%d.%d", region_id, id);
if (!sysfs_streq(buf, devname))
return -EINVAL;
mutex_lock(&dax_bus_lock);
dax_id = __dax_match_id(dax_drv, buf);
Reported by FlawFinder.
Line: 219
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct dax_region *dax_region = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", dax_region->id);
}
static DEVICE_ATTR_RO(id);
static ssize_t region_size_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 228
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct dax_region *dax_region = dev_get_drvdata(dev);
return sprintf(buf, "%llu\n", (unsigned long long)
resource_size(&dax_region->res));
}
static struct device_attribute dev_attr_region_size = __ATTR(size, 0444,
region_size_show, NULL);
Reported by FlawFinder.
Line: 239
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct dax_region *dax_region = dev_get_drvdata(dev);
return sprintf(buf, "%u\n", dax_region->align);
}
static struct device_attribute dev_attr_region_align =
__ATTR(align, 0400, region_align_show, NULL);
#define for_each_dax_region_resource(dax_region, res) \
Reported by FlawFinder.
Line: 269
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
size = dax_region_avail_size(dax_region);
device_unlock(dev);
return sprintf(buf, "%llu\n", size);
}
static DEVICE_ATTR_RO(available_size);
static ssize_t seed_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.