The following issues were found
drivers/watchdog/dw_wdt.c
2 issues
Line: 158
CWE codes:
788
break;
}
return dw_wdt->timeouts[idx].sec;
}
static unsigned int dw_wdt_get_max_timeout_ms(struct dw_wdt *dw_wdt)
{
struct dw_wdt_timeout *timeout = &dw_wdt->timeouts[DW_WDT_NUM_TOPS - 1];
Reported by Cppcheck.
Line: 185
CWE codes:
788
* In IRQ mode due to the two stages counter, the actual timeout is
* twice greater than the TOP setting.
*/
return dw_wdt->timeouts[idx].sec * dw_wdt->rmod;
}
static int dw_wdt_ping(struct watchdog_device *wdd)
{
struct dw_wdt *dw_wdt = to_dw_wdt(wdd);
Reported by Cppcheck.
drivers/watchdog/mei_wdt.c
2 issues
Line: 499
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mei_wdt *wdt = file->private_data;
const size_t bufsz = 32;
char buf[32];
ssize_t pos;
mutex_lock(&wdt->reg_lock);
pos = scnprintf(buf, bufsz, "%s\n",
__mei_wdt_is_registered(wdt) ? "activated" : "deactivated");
Reported by FlawFinder.
Line: 520
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t cnt, loff_t *ppos)
{
struct mei_wdt *wdt = file->private_data;
char buf[32];
ssize_t pos;
pos = scnprintf(buf, sizeof(buf), "state: %s\n",
mei_wdt_state_str(wdt->state));
Reported by FlawFinder.
drivers/xen/cpu_hotplug.c
2 issues
Line: 37
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int vcpu_online(unsigned int cpu)
{
int err;
char dir[16], state[16];
sprintf(dir, "cpu/%u", cpu);
err = xenbus_scanf(XBT_NIL, dir, "availability", "%15s", state);
if (err != 1) {
if (!xen_initial_domain())
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int err;
char dir[16], state[16];
sprintf(dir, "cpu/%u", cpu);
err = xenbus_scanf(XBT_NIL, dir, "availability", "%15s", state);
if (err != 1) {
if (!xen_initial_domain())
pr_err("Unable to read cpu state\n");
return err;
Reported by FlawFinder.
drivers/xen/evtchn.c
2 issues
Line: 354
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* |34567 12| -> |34567 1234567 12|
* +-----p-c-+ +-------c------p---+
*/
memcpy(new_ring, old_ring, u->ring_size * sizeof(*u->ring));
memcpy(new_ring + u->ring_size, old_ring,
u->ring_size * sizeof(*u->ring));
u->ring = new_ring;
u->ring_size = new_size;
Reported by FlawFinder.
Line: 355
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* +-----p-c-+ +-------c------p---+
*/
memcpy(new_ring, old_ring, u->ring_size * sizeof(*u->ring));
memcpy(new_ring + u->ring_size, old_ring,
u->ring_size * sizeof(*u->ring));
u->ring = new_ring;
u->ring_size = new_size;
Reported by FlawFinder.
drivers/xen/manage.c
2 issues
Line: 170
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct shutdown_handler {
#define SHUTDOWN_CMD_SIZE 11
const char command[SHUTDOWN_CMD_SIZE];
bool flag;
void (*cb)(void);
};
static int poweroff_nb(struct notifier_block *cb, unsigned long code, void *unused)
Reported by FlawFinder.
Line: 334
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int err;
int idx;
#define FEATURE_PATH_SIZE (SHUTDOWN_CMD_SIZE + sizeof("feature-"))
char node[FEATURE_PATH_SIZE];
err = register_xenbus_watch(&shutdown_watch);
if (err) {
pr_err("Failed to set shutdown watcher\n");
return err;
Reported by FlawFinder.
drivers/xen/xen-acpi-pad.c
2 issues
Line: 114
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
acpi_status status;
strcpy(acpi_device_name(device), ACPI_PROCESSOR_AGGREGATOR_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_PROCESSOR_AGGREGATOR_CLASS);
status = acpi_install_notify_handler(device->handle,
ACPI_DEVICE_NOTIFY, acpi_pad_notify, device);
if (ACPI_FAILURE(status))
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
acpi_status status;
strcpy(acpi_device_name(device), ACPI_PROCESSOR_AGGREGATOR_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_PROCESSOR_AGGREGATOR_CLASS);
status = acpi_install_notify_handler(device->handle,
ACPI_DEVICE_NOTIFY, acpi_pad_notify, device);
if (ACPI_FAILURE(status))
return -ENODEV;
Reported by FlawFinder.
drivers/xen/xenbus/xenbus_client.c
2 issues
Line: 295
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
len = sprintf(printf_buffer, "%i ", -err);
vsnprintf(printf_buffer + len, PRINTF_BUFFER_SIZE - len, fmt, ap);
dev_err(&dev->dev, "%s\n", printf_buffer);
path_buffer = kasprintf(GFP_KERNEL, "error/%s", dev->nodename);
if (path_buffer)
Reported by FlawFinder.
Line: 294
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!printf_buffer)
return;
len = sprintf(printf_buffer, "%i ", -err);
vsnprintf(printf_buffer + len, PRINTF_BUFFER_SIZE - len, fmt, ap);
dev_err(&dev->dev, "%s\n", printf_buffer);
path_buffer = kasprintf(GFP_KERNEL, "error/%s", dev->nodename);
Reported by FlawFinder.
drivers/xen/xenbus/xenbus_probe_backend.c
2 issues
Line: 59
Column: 27
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "xenbus.h"
/* backend/<type>/<fe-uuid>/<id> => <type>-<fe-domid>-<id> */
static int backend_bus_id(char bus_id[XEN_BUS_ID_SIZE], const char *nodename)
{
int domid, err;
const char *devid, *type, *frontend;
unsigned int typelen;
Reported by FlawFinder.
Line: 80
Column: 6
CWE codes:
126
NULL);
if (err)
return err;
if (strlen(frontend) == 0)
err = -ERANGE;
if (!err && !xenbus_exists(XBT_NIL, frontend, ""))
err = -ENOENT;
kfree(frontend);
Reported by FlawFinder.
drivers/xen/xenbus/xenbus_probe_frontend.c
2 issues
Line: 35
Column: 28
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* device/<type>/<id> => <type>-<id> */
static int frontend_bus_id(char bus_id[XEN_BUS_ID_SIZE], const char *nodename)
{
nodename = strchr(nodename, '/');
if (!nodename || strlen(nodename + 1) >= XEN_BUS_ID_SIZE) {
pr_warn("bad frontend %s\n", nodename);
return -EINVAL;
Reported by FlawFinder.
Line: 38
Column: 19
CWE codes:
126
static int frontend_bus_id(char bus_id[XEN_BUS_ID_SIZE], const char *nodename)
{
nodename = strchr(nodename, '/');
if (!nodename || strlen(nodename + 1) >= XEN_BUS_ID_SIZE) {
pr_warn("bad frontend %s\n", nodename);
return -EINVAL;
}
strlcpy(bus_id, nodename + 1, XEN_BUS_ID_SIZE);
Reported by FlawFinder.
drivers/zorro/proc.c
2 issues
Line: 103
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init zorro_proc_attach_device(unsigned int slot)
{
struct proc_dir_entry *entry;
char name[4];
sprintf(name, "%02x", slot);
entry = proc_create_data(name, 0, proc_bus_zorro_dir,
&bus_zorro_proc_ops,
&zorro_autocon[slot]);
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct proc_dir_entry *entry;
char name[4];
sprintf(name, "%02x", slot);
entry = proc_create_data(name, 0, proc_bus_zorro_dir,
&bus_zorro_proc_ops,
&zorro_autocon[slot]);
if (!entry)
return -ENOMEM;
Reported by FlawFinder.