The following issues were found
tools/perf/builtin-c2c.c
18 issues
Line: 1255
}
static struct c2c_dimension dim_dcacheline = {
.header = HEADER_SPAN("--- Cacheline ----", "Address", 2),
.name = "dcacheline",
.cmp = dcacheline_cmp,
.entry = dcacheline_entry,
.width = 18,
};
Reported by Cppcheck.
Line: 2498
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf[i++] = ' ';
strcpy(buf + i, orig);
i += olen;
buf[i++] = ' ';
Reported by FlawFinder.
Line: 121
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
DISPLAY_MAX,
};
static const char *display_str[DISPLAY_MAX] = {
[DISPLAY_LCL] = "Local",
[DISPLAY_RMT] = "Remote",
[DISPLAY_TOT] = "Total",
};
Reported by FlawFinder.
Line: 507
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
uint64_t addr = 0;
int width = c2c_width(fmt, hpp, he->hists);
char buf[20];
if (he->mem_info)
addr = cl_address(he->mem_info->daddr.addr);
return scnprintf(hpp->buf, hpp->size, "%*s", width, HEX_STR(buf, addr));
Reported by FlawFinder.
Line: 545
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
uint64_t addr = 0;
int width = c2c_width(fmt, hpp, he->hists);
char buf[20];
if (he->mem_info)
addr = cl_offset(he->mem_info->daddr.al_addr);
return scnprintf(hpp->buf, hpp->size, "%*s", width, HEX_STR(buf, addr));
Reported by FlawFinder.
Line: 573
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
uint64_t addr = 0;
int width = c2c_width(fmt, hpp, he->hists);
char buf[20];
if (he->mem_info)
addr = he->mem_info->iaddr.addr;
return scnprintf(hpp->buf, hpp->size, "%*s", width, HEX_STR(buf, addr));
Reported by FlawFinder.
Line: 832
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct c2c_hist_entry *c2c_he;
int width = c2c_width(fmt, hpp, he->hists);
char buf[10];
double per;
c2c_he = container_of(he, struct c2c_hist_entry, he);
per = percent_hitm(c2c_he);
return scnprintf(hpp->buf, hpp->size, "%*s", width, PERC_STR(buf, per));
Reported by FlawFinder.
Line: 908
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int width = c2c_width(fmt, hpp, he->hists);
double per = PERCENT(he, rmt_hitm);
char buf[10];
return scnprintf(hpp->buf, hpp->size, "%*s", width, PERC_STR(buf, per));
}
static int
Reported by FlawFinder.
Line: 939
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int width = c2c_width(fmt, hpp, he->hists);
double per = PERCENT(he, lcl_hitm);
char buf[10];
return scnprintf(hpp->buf, hpp->size, "%*s", width, PERC_STR(buf, per));
}
static int
Reported by FlawFinder.
Line: 970
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int width = c2c_width(fmt, hpp, he->hists);
double per = PERCENT(he, st_l1hit);
char buf[10];
return scnprintf(hpp->buf, hpp->size, "%*s", width, PERC_STR(buf, per));
}
static int
Reported by FlawFinder.
tools/testing/selftests/capabilities/test_execve.c
18 issues
Line: 136
CWE codes:
908
ksft_exit_fail_msg("remount everything private - %s\n",
strerror(errno));
return have_outer_privilege;
}
static void chdir_to_tmpfs(void)
{
char cwd[PATH_MAX];
Reported by Cppcheck.
Line: 238
Column: 7
CWE codes:
362
Suggestion:
Use fchown( ) instead
copy_fromat_to(ourpath_fd, "validate_cap",
"validate_cap_suidroot");
if (chown("validate_cap_suidroot", 0, -1) != 0)
ksft_exit_fail_msg("chown - %s\n", strerror(errno));
if (chmod("validate_cap_suidroot", S_ISUID | 0700) != 0)
ksft_exit_fail_msg("chmod - %s\n", strerror(errno));
copy_fromat_to(ourpath_fd, "validate_cap",
Reported by FlawFinder.
Line: 240
Column: 7
CWE codes:
362
Suggestion:
Use fchmod( ) instead
"validate_cap_suidroot");
if (chown("validate_cap_suidroot", 0, -1) != 0)
ksft_exit_fail_msg("chown - %s\n", strerror(errno));
if (chmod("validate_cap_suidroot", S_ISUID | 0700) != 0)
ksft_exit_fail_msg("chmod - %s\n", strerror(errno));
copy_fromat_to(ourpath_fd, "validate_cap",
"validate_cap_suidnonroot");
if (chown("validate_cap_suidnonroot", uid + 1, -1) != 0)
Reported by FlawFinder.
Line: 245
Column: 7
CWE codes:
362
Suggestion:
Use fchown( ) instead
copy_fromat_to(ourpath_fd, "validate_cap",
"validate_cap_suidnonroot");
if (chown("validate_cap_suidnonroot", uid + 1, -1) != 0)
ksft_exit_fail_msg("chown - %s\n", strerror(errno));
if (chmod("validate_cap_suidnonroot", S_ISUID | 0700) != 0)
ksft_exit_fail_msg("chmod - %s\n", strerror(errno));
copy_fromat_to(ourpath_fd, "validate_cap",
Reported by FlawFinder.
Line: 247
Column: 7
CWE codes:
362
Suggestion:
Use fchmod( ) instead
"validate_cap_suidnonroot");
if (chown("validate_cap_suidnonroot", uid + 1, -1) != 0)
ksft_exit_fail_msg("chown - %s\n", strerror(errno));
if (chmod("validate_cap_suidnonroot", S_ISUID | 0700) != 0)
ksft_exit_fail_msg("chmod - %s\n", strerror(errno));
copy_fromat_to(ourpath_fd, "validate_cap",
"validate_cap_sgidroot");
if (chown("validate_cap_sgidroot", -1, 0) != 0)
Reported by FlawFinder.
Line: 252
Column: 7
CWE codes:
362
Suggestion:
Use fchown( ) instead
copy_fromat_to(ourpath_fd, "validate_cap",
"validate_cap_sgidroot");
if (chown("validate_cap_sgidroot", -1, 0) != 0)
ksft_exit_fail_msg("chown - %s\n", strerror(errno));
if (chmod("validate_cap_sgidroot", S_ISGID | 0710) != 0)
ksft_exit_fail_msg("chmod - %s\n", strerror(errno));
copy_fromat_to(ourpath_fd, "validate_cap",
Reported by FlawFinder.
Line: 254
Column: 7
CWE codes:
362
Suggestion:
Use fchmod( ) instead
"validate_cap_sgidroot");
if (chown("validate_cap_sgidroot", -1, 0) != 0)
ksft_exit_fail_msg("chown - %s\n", strerror(errno));
if (chmod("validate_cap_sgidroot", S_ISGID | 0710) != 0)
ksft_exit_fail_msg("chmod - %s\n", strerror(errno));
copy_fromat_to(ourpath_fd, "validate_cap",
"validate_cap_sgidnonroot");
if (chown("validate_cap_sgidnonroot", -1, gid + 1) != 0)
Reported by FlawFinder.
Line: 259
Column: 7
CWE codes:
362
Suggestion:
Use fchown( ) instead
copy_fromat_to(ourpath_fd, "validate_cap",
"validate_cap_sgidnonroot");
if (chown("validate_cap_sgidnonroot", -1, gid + 1) != 0)
ksft_exit_fail_msg("chown - %s\n", strerror(errno));
if (chmod("validate_cap_sgidnonroot", S_ISGID | 0710) != 0)
ksft_exit_fail_msg("chmod - %s\n", strerror(errno));
}
Reported by FlawFinder.
Line: 261
Column: 7
CWE codes:
362
Suggestion:
Use fchmod( ) instead
"validate_cap_sgidnonroot");
if (chown("validate_cap_sgidnonroot", -1, gid + 1) != 0)
ksft_exit_fail_msg("chown - %s\n", strerror(errno));
if (chmod("validate_cap_sgidnonroot", S_ISGID | 0710) != 0)
ksft_exit_fail_msg("chmod - %s\n", strerror(errno));
}
capng_get_caps_process();
Reported by FlawFinder.
Line: 41
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
ssize_t written;
int buf_len;
buf_len = vsnprintf(buf, sizeof(buf), fmt, ap);
if (buf_len < 0)
ksft_exit_fail_msg("vsnprintf failed - %s\n", strerror(errno));
if (buf_len >= sizeof(buf))
ksft_exit_fail_msg("vsnprintf output truncated\n");
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
18 issues
Line: 23
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_mvm *mvm = file->private_data;
char buf[16];
int pos, budget;
if (!iwl_mvm_is_ctdp_supported(mvm))
return -EOPNOTSUPP;
Reported by FlawFinder.
Line: 212
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_mvm *mvm = file->private_data;
char buf[16];
int pos;
if (!mvm->temperature_test)
pos = scnprintf(buf , sizeof(buf), "disabled\n");
else
Reported by FlawFinder.
Line: 279
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_mvm *mvm = file->private_data;
char buf[16];
int pos, ret;
s32 temp;
if (!iwl_mvm_firmware_running(mvm))
return -EIO;
Reported by FlawFinder.
Line: 304
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_mvm *mvm = file->private_data;
char buf[256];
int pos = 0;
int bufsz = sizeof(buf);
int tbl_idx;
u8 *value;
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct iwl_mvm *mvm = file->private_data;
struct ieee80211_sta *sta;
char buf[400];
int i, pos = 0, bufsz = sizeof(buf);
mutex_lock(&mvm->mutex);
for (i = 0; i < mvm->fw->ucode_capa.num_stations; i++) {
Reported by FlawFinder.
Line: 451
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ieee80211_sta *sta = file->private_data;
struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
char buf[32];
int pos;
pos = scnprintf(buf, sizeof(buf), "current %d ", sta->max_amsdu_len);
pos += scnprintf(buf + pos, sizeof(buf) - pos, "stored %d\n",
mvmsta->orig_amsdu_len);
Reported by FlawFinder.
Line: 466
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_mvm *mvm = file->private_data;
char buf[64];
int bufsz = sizeof(buf);
int pos = 0;
pos += scnprintf(buf+pos, bufsz-pos, "disable_power_off_d0=%d\n",
mvm->disable_power_off);
Reported by FlawFinder.
Line: 614
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct iwl_mvm *mvm = file->private_data;
struct iwl_bt_coex_ci_cmd *cmd = &mvm->last_bt_ci_cmd;
char buf[256];
int bufsz = sizeof(buf);
int pos = 0;
mutex_lock(&mvm->mutex);
Reported by FlawFinder.
Line: 653
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
iwl_dbgfs_bt_force_ant_write(struct iwl_mvm *mvm, char *buf,
size_t count, loff_t *ppos)
{
static const char * const modes_str[BT_FORCE_ANT_MAX] = {
[BT_FORCE_ANT_DIS] = "dis",
[BT_FORCE_ANT_AUTO] = "auto",
[BT_FORCE_ANT_BT] = "bt",
[BT_FORCE_ANT_WIFI] = "wifi",
};
Reported by FlawFinder.
Line: 1053
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct iwl_mvm *mvm = file->private_data;
int pos = 0;
char buf[32];
const size_t bufsz = sizeof(buf);
/* print which antennas were set for the scan command by the user */
pos += scnprintf(buf + pos, bufsz - pos, "Antennas for scan: ");
if (mvm->scan_rx_ant & ANT_A)
Reported by FlawFinder.
drivers/scsi/megaraid/megaraid_sas_base.c
18 issues
Line: 380
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *
format_timestamp(uint32_t timestamp)
{
static char buffer[32];
if ((timestamp & 0xff000000) == 0xff000000)
snprintf(buffer, sizeof(buffer), "boot + %us", timestamp &
0x00ffffff);
else
Reported by FlawFinder.
Line: 393
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *
format_class(int8_t class)
{
static char buffer[6];
switch (class) {
case MFI_EVT_CLASS_DEBUG:
return "debug";
case MFI_EVT_CLASS_PROGRESS:
Reported by FlawFinder.
Line: 1447
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pthru->flags = cpu_to_le16(flags);
pthru->data_xfer_len = cpu_to_le32(scsi_bufflen(scp));
memcpy(pthru->cdb, scp->cmnd, scp->cmd_len);
/*
* If the command is for the tape device, set the
* pthru timeout to the os layer timeout value.
*/
Reported by FlawFinder.
Line: 2440
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_warn(&instance->pdev->dev, "SR-IOV: "
"Got new LD/VF affiliation for scsi%d\n",
instance->host->host_no);
memcpy(instance->vf_affiliation_111,
new_affiliation_111,
sizeof(struct MR_LD_VF_AFFILIATION_111));
retval = 1;
goto out;
}
Reported by FlawFinder.
Line: 2610
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (doscan) {
dev_warn(&instance->pdev->dev, "SR-IOV: Got new LD/VF "
"affiliation for scsi%d\n", instance->host->host_no);
memcpy(instance->vf_affiliation, new_affiliation,
new_affiliation->size);
retval = 1;
}
if (new_affiliation)
Reported by FlawFinder.
Line: 3318
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src_addr = (unsigned long)instance->crash_buf[buff_offset / dmachunk] +
(buff_offset % dmachunk);
memcpy(buf, (void *)src_addr, size);
spin_unlock_irqrestore(&instance->crashdump_lock, flags);
return size;
}
Reported by FlawFinder.
Line: 3668
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hdr->scsi_status == SAM_STAT_CHECK_CONDITION) {
memset(cmd->scmd->sense_buffer, 0,
SCSI_SENSE_BUFFERSIZE);
memcpy(cmd->scmd->sense_buffer, cmd->sense,
hdr->sense_len);
}
break;
Reported by FlawFinder.
Line: 8277
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* overwritten when we copy from user's frames. So set that value
* alone separately
*/
memcpy(cmd->frame, ioc->frame.raw, 2 * MEGAMFI_FRAME_SIZE);
cmd->frame->hdr.context = cpu_to_le32(cmd->index);
cmd->frame->hdr.pad_0 = 0;
cmd->frame->hdr.flags &= (~MFI_FRAME_IEEE);
Reported by FlawFinder.
Line: 8693
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t support_poll_for_event_show(struct device_driver *dd, char *buf)
{
return sprintf(buf, "%u\n", support_poll_for_event);
}
static DRIVER_ATTR_RO(support_poll_for_event);
static ssize_t support_device_change_show(struct device_driver *dd, char *buf)
{
Reported by FlawFinder.
Line: 8699
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t support_device_change_show(struct device_driver *dd, char *buf)
{
return sprintf(buf, "%u\n", support_device_change);
}
static DRIVER_ATTR_RO(support_device_change);
static ssize_t dbg_lvl_show(struct device_driver *dd, char *buf)
{
Reported by FlawFinder.
drivers/crypto/caam/caamalg_qi2.c
18 issues
Line: 310
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->adata.keylen_pad + keys.enckeylen > CAAM_MAX_KEY_SIZE)
goto badkey;
memcpy(ctx->key, keys.authkey, keys.authkeylen);
memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey, keys.enckeylen);
dma_sync_single_for_device(dev, ctx->key_dma, ctx->adata.keylen_pad +
keys.enckeylen, ctx->dir);
print_hex_dump_debug("ctx.key@" __stringify(__LINE__)": ",
DUMP_PREFIX_ADDRESS, 16, 4, ctx->key,
Reported by FlawFinder.
Line: 311
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto badkey;
memcpy(ctx->key, keys.authkey, keys.authkeylen);
memcpy(ctx->key + ctx->adata.keylen_pad, keys.enckey, keys.enckeylen);
dma_sync_single_for_device(dev, ctx->key_dma, ctx->adata.keylen_pad +
keys.enckeylen, ctx->dir);
print_hex_dump_debug("ctx.key@" __stringify(__LINE__)": ",
DUMP_PREFIX_ADDRESS, 16, 4, ctx->key,
ctx->adata.keylen_pad + keys.enckeylen, 1);
Reported by FlawFinder.
Line: 486
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *iv = (u8 *)(sg_table + qm_sg_nents);
/* Make sure IV is located in a DMAable area */
memcpy(iv, req->iv, ivsize);
iv_dma = dma_map_single(dev, iv, ivsize, DMA_TO_DEVICE);
if (dma_mapping_error(dev, iv_dma)) {
dev_err(dev, "unable to map IV\n");
caam_unmap(dev, req->src, req->dst, src_nents,
Reported by FlawFinder.
Line: 733
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
memcpy(ctx->key, key, keylen);
dma_sync_single_for_device(dev, ctx->key_dma, keylen, ctx->dir);
ctx->cdata.keylen = keylen;
return gcm_set_sh_desc(aead);
}
Reported by FlawFinder.
Line: 829
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
memcpy(ctx->key, key, keylen);
/*
* The last four bytes of the key material are used as the salt value
* in the nonce. Update the AES key length.
*/
ctx->cdata.keylen = keylen - 4;
Reported by FlawFinder.
Line: 928
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
print_hex_dump_debug("key in @" __stringify(__LINE__)": ",
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
memcpy(ctx->key, key, keylen);
/*
* The last four bytes of the key material are used as the salt value
* in the nonce. Update the AES key length.
*/
ctx->cdata.keylen = keylen - 4;
Reported by FlawFinder.
Line: 1203
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Make sure IV is located in a DMAable area */
sg_table = &edesc->sgt[0];
iv = (u8 *)(sg_table + qm_sg_ents);
memcpy(iv, req->iv, ivsize);
iv_dma = dma_map_single(dev, iv, ivsize, DMA_BIDIRECTIONAL);
if (dma_mapping_error(dev, iv_dma)) {
dev_err(dev, "unable to map IV\n");
caam_unmap(dev, req->src, req->dst, src_nents, dst_nents, 0,
Reported by FlawFinder.
Line: 1420
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* This is used e.g. by the CTS mode.
*/
if (!ecode)
memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes,
ivsize);
qi_cache_free(edesc);
skcipher_request_complete(req, ecode);
}
Reported by FlawFinder.
Line: 1458
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* This is used e.g. by the CTS mode.
*/
if (!ecode)
memcpy(req->iv, (u8 *)&edesc->sgt[0] + edesc->qm_sg_bytes,
ivsize);
qi_cache_free(edesc);
skcipher_request_complete(req, ecode);
}
Reported by FlawFinder.
Line: 3342
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* addresses are needed.
*/
if (keylen > ctx->adata.keylen_pad) {
memcpy(ctx->key, key, keylen);
dma_sync_single_for_device(ctx->dev, ctx->adata.key_dma,
ctx->adata.keylen_pad,
DMA_TO_DEVICE);
}
Reported by FlawFinder.
drivers/media/pci/cx23885/cx23885-dvb.c
18 issues
Line: 134
Column: 69
CWE codes:
362
cx23885_buf_queue(port, buf);
}
static void cx23885_dvb_gate_ctrl(struct cx23885_tsport *port, int open)
{
struct vb2_dvb_frontends *f;
struct vb2_dvb_frontend *fe;
f = &port->frontends;
Reported by FlawFinder.
Line: 147
Column: 57
CWE codes:
362
fe = vb2_dvb_get_frontend(f, f->gate);
if (fe && fe->dvb.frontend && fe->dvb.frontend->ops.i2c_gate_ctrl)
fe->dvb.frontend->ops.i2c_gate_ctrl(fe->dvb.frontend, open);
}
static int cx23885_start_streaming(struct vb2_queue *q, unsigned int count)
{
struct cx23885_tsport *port = q->drv_priv;
Reported by FlawFinder.
Line: 1092
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static struct netup_card_info cinfo;
netup_get_card_info(&dev->i2c_bus[0].i2c_adap, &cinfo);
memcpy(port->frontends.adapter.proposed_mac,
cinfo.port[port->nr - 1].mac, 6);
pr_info("NetUP Dual DVB-S2 CI card port%d MAC=%pM\n",
port->nr, port->frontends.adapter.proposed_mac);
netup_ci_init(port);
Reported by FlawFinder.
Line: 1121
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->i2c_bus[0].i2c_client.addr = 0xa0 >> 1;
tveeprom_read(&dev->i2c_bus[0].i2c_client, eeprom, sizeof(eeprom));
pr_info("TeVii S470 MAC= %pM\n", eeprom + 0xa0);
memcpy(port->frontends.adapter.proposed_mac, eeprom + 0xa0, 6);
return 0;
}
case CX23885_BOARD_DVBSKY_T9580:
case CX23885_BOARD_DVBSKY_S950:
case CX23885_BOARD_DVBSKY_S952:
Reported by FlawFinder.
Line: 1140
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_info("%s port %d MAC address: %pM\n",
cx23885_boards[dev->board].name, port->nr,
eeprom + 0xc0 + (port->nr-1) * 8);
memcpy(port->frontends.adapter.proposed_mac, eeprom + 0xc0 +
(port->nr-1) * 8, 6);
return 0;
}
case CX23885_BOARD_DVBSKY_S950C:
case CX23885_BOARD_DVBSKY_T980C:
Reported by FlawFinder.
Line: 1180
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(eeprom));
pr_info("%s MAC address: %pM\n",
cx23885_boards[dev->board].name, eeprom + 0xc0);
memcpy(port->frontends.adapter.proposed_mac, eeprom + 0xc0, 6);
return 0;
}
}
return 0;
}
Reported by FlawFinder.
Line: 2319
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
port->i2c_client_tuner = client_tuner;
dev->ts1.analog_fe.tuner_priv = client_tuner;
memcpy(&dev->ts1.analog_fe.ops.tuner_ops,
&fe0->dvb.frontend->ops.tuner_ops,
sizeof(struct dvb_tuner_ops));
break;
}
Reported by FlawFinder.
Line: 2382
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_info("%s(): QUADHD_DVB analog setup\n",
__func__);
dev->ts1.analog_fe.tuner_priv = client_tuner;
memcpy(&dev->ts1.analog_fe.ops.tuner_ops,
&fe0->dvb.frontend->ops.tuner_ops,
sizeof(struct dvb_tuner_ops));
}
break;
Reported by FlawFinder.
Line: 2481
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_info("%s(): QUADHD_ATSC analog setup\n",
__func__);
dev->ts1.analog_fe.tuner_priv = client_tuner;
memcpy(&dev->ts1.analog_fe.ops.tuner_ops,
&fe0->dvb.frontend->ops.tuner_ops,
sizeof(struct dvb_tuner_ops));
}
break;
Reported by FlawFinder.
Line: 2558
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
port->i2c_client_tuner = client_tuner;
dev->ts1.analog_fe.tuner_priv = client_tuner;
memcpy(&dev->ts1.analog_fe.ops.tuner_ops,
&fe0->dvb.frontend->ops.tuner_ops,
sizeof(struct dvb_tuner_ops));
break;
}
break;
Reported by FlawFinder.
drivers/hwmon/w83795.c
18 issues
Line: 716
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else /* BEEP_ENABLE */
val = (data->beeps[index] >> bit) & 1;
return sprintf(buf, "%u\n", val);
}
static ssize_t
store_beep(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 789
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
val = data->fan_min[index] & 0x0fff;
return sprintf(buf, "%lu\n", fan_from_reg(val));
}
static ssize_t
store_fan_min(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 850
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%u\n", val);
}
static ssize_t
store_pwm(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 911
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
tmp = 1;
out:
return sprintf(buf, "%u\n", tmp);
}
static ssize_t
store_pwm_enable(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 973
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
mode = 1; /* PWM */
return sprintf(buf, "%u\n", mode);
}
/*
* Check whether a given temperature source can ever be useful.
* Returns the number of selectable temperature channels which are
Reported by FlawFinder.
Line: 1015
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (tmp >= 4 || tss_map[tmp][index] == TSS_MAP_RESERVED)
return -EINVAL; /* Shouldn't happen */
return sprintf(buf, "%u\n", (unsigned int)tss_map[tmp][index] + 1);
}
static ssize_t
store_temp_src(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1083
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%u\n", tmp);
}
static ssize_t
store_temp_pwm_enable(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1144
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%u\n", tmp);
}
static ssize_t
store_fanin(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1192
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int index = sensor_attr->index;
long tmp = temp_from_reg(data->pwm_temp[index][nr]);
return sprintf(buf, "%ld\n", tmp);
}
static ssize_t
store_temp_pwm(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1252
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = sensor_attr->nr;
int index = sensor_attr->index;
return sprintf(buf, "%u\n", data->sf4_reg[index][SF4_PWM][nr]);
}
static ssize_t
store_sf4_pwm(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb/vsc7326.c
18 issues
Line: 597
CWE codes:
682
{ reg, (&((struct cmac_statistics *)NULL)->stat_name) - (u64 *)NULL }
/* Rx stats */
HW_STAT(RxUnicast, RxUnicastFramesOK),
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
Reported by Cppcheck.
Line: 598
CWE codes:
682
/* Rx stats */
HW_STAT(RxUnicast, RxUnicastFramesOK),
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
Reported by Cppcheck.
Line: 599
CWE codes:
682
/* Rx stats */
HW_STAT(RxUnicast, RxUnicastFramesOK),
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
Reported by Cppcheck.
Line: 600
CWE codes:
682
HW_STAT(RxUnicast, RxUnicastFramesOK),
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
Reported by Cppcheck.
Line: 601
CWE codes:
682
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
Reported by Cppcheck.
Line: 602
CWE codes:
682
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
Reported by Cppcheck.
Line: 603
CWE codes:
682
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
HW_STAT(RxSize1519ToMax, RxJumboFramesOK),
Reported by Cppcheck.
Line: 604
CWE codes:
682
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
HW_STAT(RxSize1519ToMax, RxJumboFramesOK),
Reported by Cppcheck.
Line: 605
CWE codes:
682
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
HW_STAT(RxSize1519ToMax, RxJumboFramesOK),
/* Tx stats (skip collision stats as we are full-duplex only) */
Reported by Cppcheck.
Line: 606
CWE codes:
682
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
HW_STAT(RxSize1519ToMax, RxJumboFramesOK),
/* Tx stats (skip collision stats as we are full-duplex only) */
HW_STAT(TxUnicast, TxUnicastFramesOK),
Reported by Cppcheck.
tools/perf/util/setup.py
18 issues
Line: 13
Column: 5
if cc_is_clang:
from distutils.sysconfig import get_config_vars
vars = get_config_vars()
for var in ('CFLAGS', 'OPT'):
vars[var] = sub("-specs=[^ ]+", "", vars[var])
if not clang_has_option("-mcet"):
vars[var] = sub("-mcet", "", vars[var])
if not clang_has_option("-fcf-protection"):
Reported by Pylint.
Line: 35
Column: 9
class build_ext(_build_ext):
def finalize_options(self):
_build_ext.finalize_options(self)
self.build_lib = build_lib
self.build_temp = build_tmp
class install_lib(_install_lib):
def finalize_options(self):
_install_lib.finalize_options(self)
Reported by Pylint.
Line: 36
Column: 9
def finalize_options(self):
_build_ext.finalize_options(self)
self.build_lib = build_lib
self.build_temp = build_tmp
class install_lib(_install_lib):
def finalize_options(self):
_install_lib.finalize_options(self)
self.build_dir = build_lib
Reported by Pylint.
Line: 41
Column: 9
class install_lib(_install_lib):
def finalize_options(self):
_install_lib.finalize_options(self)
self.build_dir = build_lib
cflags = getenv('CFLAGS', '').split()
# switch off several checks (need to be at the end of cflags list)
cflags += ['-fno-strict-aliasing', '-Wno-write-strings', '-Wno-unused-parameter', '-Wno-redundant-decls', '-DPYTHON_PERF' ]
Reported by Pylint.
Line: 1
Column: 1
from os import getenv
from subprocess import Popen, PIPE
from re import sub
cc = getenv("CC")
cc_is_clang = b"clang version" in Popen([cc.split()[0], "-v"], stderr=PIPE).stderr.readline()
def clang_has_option(option):
return [o for o in Popen([cc, option], stderr=PIPE).stderr.readlines() if b"unknown argument" in o] == [ ]
Reported by Pylint.
Line: 2
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
from os import getenv
from subprocess import Popen, PIPE
from re import sub
cc = getenv("CC")
cc_is_clang = b"clang version" in Popen([cc.split()[0], "-v"], stderr=PIPE).stderr.readline()
def clang_has_option(option):
return [o for o in Popen([cc, option], stderr=PIPE).stderr.readlines() if b"unknown argument" in o] == [ ]
Reported by Bandit.
Line: 6
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
from re import sub
cc = getenv("CC")
cc_is_clang = b"clang version" in Popen([cc.split()[0], "-v"], stderr=PIPE).stderr.readline()
def clang_has_option(option):
return [o for o in Popen([cc, option], stderr=PIPE).stderr.readlines() if b"unknown argument" in o] == [ ]
if cc_is_clang:
Reported by Bandit.
Line: 8
Column: 1
cc = getenv("CC")
cc_is_clang = b"clang version" in Popen([cc.split()[0], "-v"], stderr=PIPE).stderr.readline()
def clang_has_option(option):
return [o for o in Popen([cc, option], stderr=PIPE).stderr.readlines() if b"unknown argument" in o] == [ ]
if cc_is_clang:
from distutils.sysconfig import get_config_vars
vars = get_config_vars()
Reported by Pylint.
Line: 9
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
cc_is_clang = b"clang version" in Popen([cc.split()[0], "-v"], stderr=PIPE).stderr.readline()
def clang_has_option(option):
return [o for o in Popen([cc, option], stderr=PIPE).stderr.readlines() if b"unknown argument" in o] == [ ]
if cc_is_clang:
from distutils.sysconfig import get_config_vars
vars = get_config_vars()
for var in ('CFLAGS', 'OPT'):
Reported by Bandit.
Line: 9
Column: 1
cc_is_clang = b"clang version" in Popen([cc.split()[0], "-v"], stderr=PIPE).stderr.readline()
def clang_has_option(option):
return [o for o in Popen([cc, option], stderr=PIPE).stderr.readlines() if b"unknown argument" in o] == [ ]
if cc_is_clang:
from distutils.sysconfig import get_config_vars
vars = get_config_vars()
for var in ('CFLAGS', 'OPT'):
Reported by Pylint.
drivers/net/ethernet/qlogic/qede/qede_ethtool.c
18 issues
Line: 296
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < QEDE_NUM_TQSTATS; i++) {
if (txq->is_xdp)
sprintf(*buf, "%d [XDP]: %s",
QEDE_TXQ_XDP_TO_IDX(edev, txq),
qede_tqstats_arr[i].string);
else
sprintf(*buf, "%d_%d: %s", txq->index, txq->cos,
qede_tqstats_arr[i].string);
Reported by FlawFinder.
Line: 300
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
QEDE_TXQ_XDP_TO_IDX(edev, txq),
qede_tqstats_arr[i].string);
else
sprintf(*buf, "%d_%d: %s", txq->index, txq->cos,
qede_tqstats_arr[i].string);
*buf += ETH_GSTRING_LEN;
}
}
Reported by FlawFinder.
Line: 312
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i;
for (i = 0; i < QEDE_NUM_RQSTATS; i++) {
sprintf(*buf, "%d: %s", rxq->rxq_id,
qede_rqstats_arr[i].string);
*buf += ETH_GSTRING_LEN;
}
}
Reported by FlawFinder.
Line: 353
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
for (i = 0; i < QEDE_NUM_STATS; i++) {
if (qede_is_irrelevant_stat(edev, i))
continue;
strcpy(buf, qede_stats_arr[i].string);
buf += ETH_GSTRING_LEN;
}
}
static void qede_get_strings(struct net_device *dev, u32 stringset, u8 *buf)
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const struct {
u64 offset;
char string[ETH_GSTRING_LEN];
} qede_rqstats_arr[] = {
QEDE_RQSTAT(rcv_pkts),
QEDE_RQSTAT(rx_hw_errors),
QEDE_RQSTAT(rx_alloc_errors),
QEDE_RQSTAT(rx_ip_frags),
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define QEDE_NUM_TQSTATS ARRAY_SIZE(qede_tqstats_arr)
static const struct {
u64 offset;
char string[ETH_GSTRING_LEN];
} qede_tqstats_arr[] = {
QEDE_TQSTAT(xmit_pkts),
QEDE_TQSTAT(stopped_cnt),
QEDE_TQSTAT(tx_mem_alloc_err),
};
Reported by FlawFinder.
Line: 80
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BIT(QEDE_STAT_PF_ONLY) | BIT(QEDE_STAT_AH_ONLY))
static const struct {
u64 offset;
char string[ETH_GSTRING_LEN];
unsigned long attr;
#define QEDE_STAT_PF_ONLY 0
#define QEDE_STAT_BB_ONLY 1
#define QEDE_STAT_AH_ONLY 2
} qede_stats_arr[] = {
Reported by FlawFinder.
Line: 174
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
QEDE_PRI_FLAG_LEN,
};
static const char qede_private_arr[QEDE_PRI_FLAG_LEN][ETH_GSTRING_LEN] = {
"Coupled-Function",
"SmartAN capable",
"Recover on error",
};
Reported by FlawFinder.
Line: 190
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
QEDE_ETHTOOL_TEST_MAX
};
static const char qede_tests_str_arr[QEDE_ETHTOOL_TEST_MAX][ETH_GSTRING_LEN] = {
"Internal loopback (offline)",
"Interrupt (online)\t",
"Memory (online)\t\t",
"Register (online)\t",
"Clock (online)\t\t",
Reported by FlawFinder.
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qede_get_strings_stats(edev, buf);
break;
case ETH_SS_PRIV_FLAGS:
memcpy(buf, qede_private_arr,
ETH_GSTRING_LEN * QEDE_PRI_FLAG_LEN);
break;
case ETH_SS_TEST:
memcpy(buf, qede_tests_str_arr,
ETH_GSTRING_LEN * QEDE_ETHTOOL_TEST_MAX);
Reported by FlawFinder.