The following issues were found
drivers/video/fbdev/sm712fb.c
2 issues
Line: 89
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct vesa_mode {
char index[6];
u16 lfb_width;
u16 lfb_height;
u16 lfb_depth;
};
Reported by FlawFinder.
Line: 1539
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto failed_regions;
}
sprintf(smtcfb_fix.id, "sm%Xfb", ent->device);
info = framebuffer_alloc(sizeof(*sfb), &pdev->dev);
if (!info) {
err = -ENOMEM;
goto failed_free;
Reported by FlawFinder.
drivers/video/fbdev/wm8505fb.c
2 issues
Line: 280
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!fbi)
return -ENOMEM;
strcpy(fbi->fb.fix.id, DRIVER_NAME);
fbi->fb.fix.type = FB_TYPE_PACKED_PIXELS;
fbi->fb.fix.xpanstep = 1;
fbi->fb.fix.ypanstep = 1;
fbi->fb.fix.ywrapstep = 0;
Reported by FlawFinder.
Line: 157
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct fb_info *info = dev_get_drvdata(dev);
struct wm8505fb_info *fbi = to_wm8505fb_info(info);
return sprintf(buf, "%u\n", fbi->contrast);
}
static ssize_t contrast_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/virt/vboxguest/vboxguest_linux.c
2 issues
Line: 259
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct vbg_dev *gdev = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", gdev->host_version);
}
static ssize_t host_features_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 267
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct vbg_dev *gdev = dev_get_drvdata(dev);
return sprintf(buf, "%#x\n", gdev->host_features);
}
static DEVICE_ATTR_RO(host_version);
static DEVICE_ATTR_RO(host_features);
Reported by FlawFinder.
drivers/virt/vboxguest/vboxguest_utils.c
2 issues
Line: 36
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* This protects vbg_log_buf and serializes VBG_DEBUG_PORT accesses */
static DEFINE_SPINLOCK(vbg_log_lock);
static char vbg_log_buf[128];
#define VBG_LOG(name, pr_func) \
void name(const char *fmt, ...) \
{ \
unsigned long flags; \
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
hgcm_connect->header.flags = 0;
memcpy(&hgcm_connect->loc, loc, sizeof(*loc));
hgcm_connect->client_id = 0;
rc = vbg_req_perform(gdev, hgcm_connect);
if (rc == VINF_HGCM_ASYNC_EXECUTE)
Reported by FlawFinder.
drivers/vme/bridges/vme_ca91cx42.c
2 issues
Line: 539
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
sprintf((char *)image->bus_resource.name, "%s.%d",
ca91cx42_bridge->name, image->number);
image->bus_resource.start = 0;
image->bus_resource.end = (unsigned long)size;
image->bus_resource.flags = IORESOURCE_MEM;
Reported by FlawFinder.
Line: 1665
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
mutex_init(&ca91cx42_device->vme_rmw);
ca91cx42_bridge->parent = &pdev->dev;
strcpy(ca91cx42_bridge->name, driver_name);
/* Setup IRQ */
retval = ca91cx42_irq_init(ca91cx42_bridge);
if (retval != 0) {
dev_err(&pdev->dev, "Chip Initialization failed.\n");
Reported by FlawFinder.
drivers/vme/bridges/vme_tsi148.c
2 issues
Line: 754
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
}
sprintf((char *)image->bus_resource.name, "%s.%d", tsi148_bridge->name,
image->number);
image->bus_resource.start = 0;
image->bus_resource.end = (unsigned long)size;
image->bus_resource.flags = IORESOURCE_MEM;
Reported by FlawFinder.
Line: 2338
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
mutex_init(&tsi148_device->vme_rmw);
tsi148_bridge->parent = &pdev->dev;
strcpy(tsi148_bridge->name, driver_name);
/* Setup IRQ */
retval = tsi148_irq_init(tsi148_bridge);
if (retval != 0) {
dev_err(&pdev->dev, "Chip Initialization failed.\n");
Reported by FlawFinder.
drivers/w1/slaves/w1_ds2430.c
2 issues
Line: 225
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* if len too short or addr not aligned */
if (len < W1_F14_SCRATCH_SIZE || addr & W1_F14_SCRATCH_MASK) {
char tmp[W1_F14_SCRATCH_SIZE];
/* read the block and update the parts to be written */
if (w1_f14_readblock(sl, addr & ~W1_F14_SCRATCH_MASK,
W1_F14_SCRATCH_SIZE, tmp)) {
count = -EIO;
Reported by FlawFinder.
Line: 241
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (copy > len)
copy = len;
memcpy(&tmp[addr & W1_F14_SCRATCH_MASK], buf, copy);
if (w1_f14_write(sl, addr & ~W1_F14_SCRATCH_MASK,
W1_F14_SCRATCH_SIZE, tmp) < 0) {
count = -EIO;
goto out_up;
}
Reported by FlawFinder.
drivers/w1/slaves/w1_ds2431.c
2 issues
Line: 224
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* if len too short or addr not aligned */
if (len < W1_F2D_SCRATCH_SIZE || addr & W1_F2D_SCRATCH_MASK) {
char tmp[W1_F2D_SCRATCH_SIZE];
/* read the block and update the parts to be written */
if (w1_f2d_readblock(sl, addr & ~W1_F2D_SCRATCH_MASK,
W1_F2D_SCRATCH_SIZE, tmp)) {
count = -EIO;
Reported by FlawFinder.
Line: 240
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (copy > len)
copy = len;
memcpy(&tmp[addr & W1_F2D_SCRATCH_MASK], buf, copy);
if (w1_f2d_write(sl, addr & ~W1_F2D_SCRATCH_MASK,
W1_F2D_SCRATCH_SIZE, tmp) < 0) {
count = -EIO;
goto out_up;
}
Reported by FlawFinder.
drivers/w1/slaves/w1_ds2805.c
2 issues
Line: 223
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* if len too short or addr not aligned */
if (len < W1_F0D_SCRATCH_SIZE || addr & W1_F0D_SCRATCH_MASK) {
char tmp[W1_F0D_SCRATCH_SIZE];
/* read the block and update the parts to be written */
if (w1_f0d_readblock(sl, addr & ~W1_F0D_SCRATCH_MASK,
W1_F0D_SCRATCH_SIZE, tmp)) {
count = -EIO;
Reported by FlawFinder.
Line: 239
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (copy > len)
copy = len;
memcpy(&tmp[addr & W1_F0D_SCRATCH_MASK], buf, copy);
if (w1_f0d_write(sl, addr & ~W1_F0D_SCRATCH_MASK,
W1_F0D_SCRATCH_SIZE, tmp) < 0) {
count = -EIO;
goto out_up;
}
Reported by FlawFinder.
drivers/w1/w1_int.c
2 issues
Line: 65
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_init(&dev->bus_mutex);
mutex_init(&dev->list_mutex);
memcpy(&dev->dev, device, sizeof(struct device));
dev_set_name(&dev->dev, "w1_bus_master%u", dev->id);
snprintf(dev->name, sizeof(dev->name), "w1_bus_master%u", dev->id);
dev->dev.init_name = dev->name;
dev->driver = driver;
Reported by FlawFinder.
Line: 136
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_out_free_dev;
}
memcpy(dev->bus_master, master, sizeof(struct w1_bus_master));
dev->initialized = 1;
dev->thread = kthread_run(&w1_process, dev, "%s", dev->name);
if (IS_ERR(dev->thread)) {
Reported by FlawFinder.