The following issues were found
fs/hpfs/ea.c
18 issues
Line: 260
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ea->namelen = strlen(key);
ea->valuelen_lo = size;
ea->valuelen_hi = size >> 8;
strcpy(ea->name, key);
memcpy(ea_data(ea), data, size);
fnode->ea_size_s = cpu_to_le16(le16_to_cpu(fnode->ea_size_s) + strlen(key) + size + 5);
goto ret;
}
/* Most the code here is 99.9993422% unused. I hope there are no bugs.
Reported by FlawFinder.
Line: 19
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned pos = 0;
while (pos < len) {
char ex[4 + 255 + 1 + 8];
struct extended_attribute *ea = (struct extended_attribute *)ex;
if (pos + 4 > len) {
hpfs_error(s, "EAs don't end correctly, %s %08x, len %08x",
ano ? "anode" : "sectors", a, len);
return;
Reported by FlawFinder.
Line: 80
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned pos;
int ano, len;
secno a;
char ex[4 + 255 + 1 + 8];
struct extended_attribute *ea;
struct extended_attribute *ea_end = fnode_end_ea(fnode);
for (ea = fnode_ea(fnode); ea < ea_end; ea = next_ea(ea))
if (!strcmp(ea->name, key)) {
if (ea_indirect(ea))
Reported by FlawFinder.
Line: 89
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto indirect;
if (ea_valuelen(ea) >= size)
return -EINVAL;
memcpy(buf, ea_data(ea), ea_valuelen(ea));
buf[ea_valuelen(ea)] = 0;
return 0;
}
a = le32_to_cpu(fnode->ea_secno);
len = le32_to_cpu(fnode->ea_size_l);
Reported by FlawFinder.
Line: 146
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_err("out of memory for EA\n");
return NULL;
}
memcpy(ret, ea_data(ea), ea_valuelen(ea));
ret[ea_valuelen(ea)] = 0;
return ret;
}
a = le32_to_cpu(fnode->ea_secno);
len = le32_to_cpu(fnode->ea_size_l);
Reported by FlawFinder.
Line: 155
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ano = fnode_in_anode(fnode);
pos = 0;
while (pos < len) {
char ex[4 + 255 + 1 + 8];
ea = (struct extended_attribute *)ex;
if (pos + 4 > len) {
hpfs_error(s, "EAs don't end correctly, %s %08x, len %08x",
ano ? "anode" : "sectors", a, len);
return NULL;
Reported by FlawFinder.
Line: 198
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned pos;
int ano, len;
secno a;
unsigned char h[4];
struct extended_attribute *ea;
struct extended_attribute *ea_end = fnode_end_ea(fnode);
for (ea = fnode_ea(fnode); ea < ea_end; ea = next_ea(ea))
if (!strcmp(ea->name, key)) {
if (ea_indirect(ea)) {
Reported by FlawFinder.
Line: 207
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ea_len(ea) == size)
set_indirect_ea(s, ea_in_anode(ea), ea_sec(ea), data, size);
} else if (ea_valuelen(ea) == size) {
memcpy(ea_data(ea), data, size);
}
return;
}
a = le32_to_cpu(fnode->ea_secno);
len = le32_to_cpu(fnode->ea_size_l);
Reported by FlawFinder.
Line: 216
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ano = fnode_in_anode(fnode);
pos = 0;
while (pos < len) {
char ex[4 + 255 + 1 + 8];
ea = (struct extended_attribute *)ex;
if (pos + 4 > len) {
hpfs_error(s, "EAs don't end correctly, %s %08x, len %08x",
ano ? "anode" : "sectors", a, len);
return;
Reported by FlawFinder.
Line: 261
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ea->valuelen_lo = size;
ea->valuelen_hi = size >> 8;
strcpy(ea->name, key);
memcpy(ea_data(ea), data, size);
fnode->ea_size_s = cpu_to_le16(le16_to_cpu(fnode->ea_size_s) + strlen(key) + size + 5);
goto ret;
}
/* Most the code here is 99.9993422% unused. I hope there are no bugs.
But what .. HPFS.IFS has also bugs in ea management. */
Reported by FlawFinder.
arch/m68k/atari/atakeyb.c
18 issues
Line: 110
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IS_SYNC_CODE(sc) ((sc) >= 0x04 && (sc) <= 0xfb)
typedef struct keyboard_state {
unsigned char buf[6];
int len;
KB_STATE_T state;
} KEYBOARD_STATE;
KEYBOARD_STATE kb_state;
Reported by FlawFinder.
Line: 337
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Reset (without touching the clock) */
void ikbd_reset(void)
{
static const char cmd[2] = { 0x80, 0x01 };
ikbd_write(cmd, 2);
/*
* if all's well code 0xF1 is returned, else the break codes of
Reported by FlawFinder.
Line: 350
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Set mouse button action */
void ikbd_mouse_button_action(int mode)
{
char cmd[2] = { 0x07, mode };
ikbd_write(cmd, 2);
}
/* Set relative mouse position reporting */
Reported by FlawFinder.
Line: 358
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Set relative mouse position reporting */
void ikbd_mouse_rel_pos(void)
{
static const char cmd[1] = { 0x08 };
ikbd_write(cmd, 1);
}
EXPORT_SYMBOL(ikbd_mouse_rel_pos);
Reported by FlawFinder.
Line: 367
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Set absolute mouse position reporting */
void ikbd_mouse_abs_pos(int xmax, int ymax)
{
char cmd[5] = { 0x09, xmax>>8, xmax&0xFF, ymax>>8, ymax&0xFF };
ikbd_write(cmd, 5);
}
/* Set mouse keycode mode */
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Set mouse keycode mode */
void ikbd_mouse_kbd_mode(int dx, int dy)
{
char cmd[3] = { 0x0A, dx, dy };
ikbd_write(cmd, 3);
}
/* Set mouse threshold */
Reported by FlawFinder.
Line: 383
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Set mouse threshold */
void ikbd_mouse_thresh(int x, int y)
{
char cmd[3] = { 0x0B, x, y };
ikbd_write(cmd, 3);
}
EXPORT_SYMBOL(ikbd_mouse_thresh);
Reported by FlawFinder.
Line: 392
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Set mouse scale */
void ikbd_mouse_scale(int x, int y)
{
char cmd[3] = { 0x0C, x, y };
ikbd_write(cmd, 3);
}
/* Interrogate mouse position */
Reported by FlawFinder.
Line: 400
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Interrogate mouse position */
void ikbd_mouse_pos_get(int *x, int *y)
{
static const char cmd[1] = { 0x0D };
ikbd_write(cmd, 1);
/* wait for returning bytes */
}
Reported by FlawFinder.
Line: 410
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Load mouse position */
void ikbd_mouse_pos_set(int x, int y)
{
char cmd[6] = { 0x0E, 0x00, x>>8, x&0xFF, y>>8, y&0xFF };
ikbd_write(cmd, 6);
}
/* Set Y=0 at bottom */
Reported by FlawFinder.
arch/s390/kernel/debug.c
18 issues
Line: 1421
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
except_str = "-";
caller = (unsigned long) entry->caller;
rc += sprintf(out_buf, "%02i %011ld:%06lu %1u %1s %04u %px ",
area, sec, usec, level, except_str,
entry->cpu, (void *)caller);
return rc;
}
EXPORT_SYMBOL(debug_dflt_header_fn);
Reported by FlawFinder.
Line: 1448
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto out; /* bufsize of entry too small */
if (num_longs == 1) {
/* no args, we use only the string */
strcpy(out_buf, curr_event->string);
rc = strlen(curr_event->string);
goto out;
}
/* number of arguments used for sprintf (without the format string) */
Reported by FlawFinder.
Line: 1461
Column: 7
CWE codes:
134
Suggestion:
Make format string constant
for (i = 0; i < num_used_args; i++)
index[i] = i;
rc = sprintf(out_buf, curr_event->string, curr_event->args[index[0]],
curr_event->args[index[1]], curr_event->args[index[2]],
curr_event->args[index[3]], curr_event->args[index[4]],
curr_event->args[index[5]], curr_event->args[index[6]],
curr_event->args[index[7]], curr_event->args[index[8]],
curr_event->args[index[9]]);
Reported by FlawFinder.
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t act_entry_offset; /* up to this offset we copied */
/* in last read the last formated */
/* entry to userland */
char temp_buf[2048]; /* buffer for output */
debug_info_t *debug_info_org; /* original debug information */
debug_info_t *debug_info_snap; /* snapshot of debug information */
struct debug_view *view; /* used view of debug info */
} file_private_info_t;
Reported by FlawFinder.
Line: 368
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < in->nr_areas; i++) {
for (j = 0; j < in->pages_per_area; j++)
memcpy(rc->areas[i][j], in->areas[i][j], PAGE_SIZE);
}
out:
spin_unlock_irqrestore(&in->lock, flags);
return rc;
}
Reported by FlawFinder.
Line: 949
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
do {
active = get_active_entry(id);
memcpy(DEBUG_DATA(active), buf, min(len, id->buf_size));
if (len < id->buf_size)
memset((DEBUG_DATA(active)) + len, 0, id->buf_size - len);
debug_finish_entry(id, active, level, 0);
len -= id->buf_size;
buf += id->buf_size;
Reported by FlawFinder.
Line: 982
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
do {
active = get_active_entry(id);
memcpy(DEBUG_DATA(active), buf, min(len, id->buf_size));
if (len < id->buf_size)
memset((DEBUG_DATA(active)) + len, 0, id->buf_size - len);
debug_finish_entry(id, active, level, len <= id->buf_size);
len -= id->buf_size;
buf += id->buf_size;
Reported by FlawFinder.
Line: 1210
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static int debug_prolog_pages_fn(debug_info_t *id, struct debug_view *view,
char *out_buf)
{
return sprintf(out_buf, "%i\n", id->pages_per_area);
}
/*
* reads new size (number of pages per debug area)
*/
Reported by FlawFinder.
Line: 1262
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int rc = 0;
if (id->level == DEBUG_OFF_LEVEL)
rc = sprintf(out_buf, "-\n");
else
rc = sprintf(out_buf, "%i\n", id->level);
return rc;
}
Reported by FlawFinder.
Line: 1264
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (id->level == DEBUG_OFF_LEVEL)
rc = sprintf(out_buf, "-\n");
else
rc = sprintf(out_buf, "%i\n", id->level);
return rc;
}
/*
* reads new debug level
Reported by FlawFinder.
drivers/hwmon/vt8231.c
18 issues
Line: 634
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*devattr, char *buf)
{
struct vt8231_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", data->name);
}
static DEVICE_ATTR_RO(name);
static struct attribute *vt8231_attributes_temps[6][5] = {
{
Reported by FlawFinder.
Line: 189
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = sensor_attr->index;
struct vt8231_data *data = vt8231_update_device(dev);
return sprintf(buf, "%d\n", ((data->in[nr] - 3) * 10000) / 958);
}
static ssize_t in_min_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 199
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = sensor_attr->index;
struct vt8231_data *data = vt8231_update_device(dev);
return sprintf(buf, "%d\n", ((data->in_min[nr] - 3) * 10000) / 958);
}
static ssize_t in_max_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 209
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = sensor_attr->index;
struct vt8231_data *data = vt8231_update_device(dev);
return sprintf(buf, "%d\n", (((data->in_max[nr] - 3) * 10000) / 958));
}
static ssize_t in_min_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 258
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct vt8231_data *data = vt8231_update_device(dev);
return sprintf(buf, "%d\n",
(((data->in[5] - 3) * 10000 * 54) / (958 * 34)));
}
static ssize_t in5_min_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 267
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct vt8231_data *data = vt8231_update_device(dev);
return sprintf(buf, "%d\n",
(((data->in_min[5] - 3) * 10000 * 54) / (958 * 34)));
}
static ssize_t in5_max_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 276
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct vt8231_data *data = vt8231_update_device(dev);
return sprintf(buf, "%d\n",
(((data->in_max[5] - 3) * 10000 * 54) / (958 * 34)));
}
static ssize_t in5_min_store(struct device *dev,
struct device_attribute *attr, const char *buf,
Reported by FlawFinder.
Line: 345
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct vt8231_data *data = vt8231_update_device(dev);
return sprintf(buf, "%d\n", data->temp[0] * 250);
}
static ssize_t temp1_max_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 352
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
struct vt8231_data *data = vt8231_update_device(dev);
return sprintf(buf, "%d\n", data->temp_max[0] * 1000);
}
static ssize_t temp1_max_hyst_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 359
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr, char *buf)
{
struct vt8231_data *data = vt8231_update_device(dev);
return sprintf(buf, "%d\n", data->temp_min[0] * 1000);
}
static ssize_t temp1_max_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
drivers/hwmon/w83795.c
18 issues
Line: 716
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else /* BEEP_ENABLE */
val = (data->beeps[index] >> bit) & 1;
return sprintf(buf, "%u\n", val);
}
static ssize_t
store_beep(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 789
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
val = data->fan_min[index] & 0x0fff;
return sprintf(buf, "%lu\n", fan_from_reg(val));
}
static ssize_t
store_fan_min(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 850
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%u\n", val);
}
static ssize_t
store_pwm(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 911
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
tmp = 1;
out:
return sprintf(buf, "%u\n", tmp);
}
static ssize_t
store_pwm_enable(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 973
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
mode = 1; /* PWM */
return sprintf(buf, "%u\n", mode);
}
/*
* Check whether a given temperature source can ever be useful.
* Returns the number of selectable temperature channels which are
Reported by FlawFinder.
Line: 1015
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (tmp >= 4 || tss_map[tmp][index] == TSS_MAP_RESERVED)
return -EINVAL; /* Shouldn't happen */
return sprintf(buf, "%u\n", (unsigned int)tss_map[tmp][index] + 1);
}
static ssize_t
store_temp_src(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1083
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%u\n", tmp);
}
static ssize_t
store_temp_pwm_enable(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1144
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%u\n", tmp);
}
static ssize_t
store_fanin(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1192
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int index = sensor_attr->index;
long tmp = temp_from_reg(data->pwm_temp[index][nr]);
return sprintf(buf, "%ld\n", tmp);
}
static ssize_t
store_temp_pwm(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1252
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int nr = sensor_attr->nr;
int index = sensor_attr->index;
return sprintf(buf, "%u\n", data->sf4_reg[index][SF4_PWM][nr]);
}
static ssize_t
store_sf4_pwm(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
scripts/gdb/linux/symbols.py
18 issues
Line: 14
Column: 1
# This work is licensed under the terms of the GNU GPL version 2.
#
import gdb
import os
import re
from linux import modules, utils
Reported by Pylint.
Line: 78
Column: 23
self.module_files = []
for path in self.module_paths:
gdb.write("scanning for modules in {0}\n".format(path))
for root, dirs, files in os.walk(path):
for name in files:
if name.endswith(".ko") or name.endswith(".ko.debug"):
self.module_files.append(root + "/" + name)
self.module_files_updated = True
Reported by Pylint.
Line: 85
Column: 7
self.module_files_updated = True
def _get_module_file(self, module_name):
module_pattern = ".*/{0}\.ko(?:.debug)?$".format(
module_name.replace("_", r"[_\-]"))
for name in self.module_files:
if re.match(module_pattern, name) and os.path.exists(name):
return name
return None
Reported by Pylint.
Line: 161
Column: 13
if not module_list:
gdb.write("no modules found\n")
else:
[self.load_module_symbols(module) for module in module_list]
for saved_state in saved_states:
saved_state['breakpoint'].enabled = saved_state['enabled']
def invoke(self, arg, from_tty):
Reported by Pylint.
Line: 166
Column: 27
for saved_state in saved_states:
saved_state['breakpoint'].enabled = saved_state['enabled']
def invoke(self, arg, from_tty):
self.module_paths = [os.path.abspath(os.path.expanduser(p))
for p in arg.split()]
self.module_paths.append(os.getcwd())
# enforce update
Reported by Pylint.
Line: 1
Column: 1
#
# gdb helper commands and functions for Linux kernel debugging
#
# load kernel and module symbols
#
# Copyright (c) Siemens AG, 2011-2013
#
# Authors:
# Jan Kiszka <jan.kiszka@siemens.com>
Reported by Pylint.
Line: 15
Column: 1
#
import gdb
import os
import re
from linux import modules, utils
Reported by Pylint.
Line: 16
Column: 1
import gdb
import os
import re
from linux import modules, utils
if hasattr(gdb, 'Breakpoint'):
Reported by Pylint.
Line: 22
Column: 5
if hasattr(gdb, 'Breakpoint'):
class LoadModuleBreakpoint(gdb.Breakpoint):
def __init__(self, spec, gdb_command):
super(LoadModuleBreakpoint, self).__init__(spec, internal=True)
self.silent = True
self.gdb_command = gdb_command
Reported by Pylint.
Line: 22
Column: 5
if hasattr(gdb, 'Breakpoint'):
class LoadModuleBreakpoint(gdb.Breakpoint):
def __init__(self, spec, gdb_command):
super(LoadModuleBreakpoint, self).__init__(spec, internal=True)
self.silent = True
self.gdb_command = gdb_command
Reported by Pylint.
tools/objtool/elf.c
18 issues
Line: 762
CWE codes:
401
sym->sym.st_name = elf_add_string(elf, NULL, sym->name);
if (sym->sym.st_name == -1)
return NULL;
sym->sym.st_info = GELF_ST_INFO(STB_GLOBAL, STT_NOTYPE);
// st_other 0
// st_shndx 0
// st_value 0
Reported by Cppcheck.
Line: 773
CWE codes:
401
symtab = find_section_by_name(elf, ".symtab");
if (!symtab) {
WARN("can't find .symtab");
return NULL;
}
s = elf_getscn(elf->elf, symtab->idx);
if (!s) {
WARN_ELF("elf_getscn");
Reported by Cppcheck.
Line: 779
CWE codes:
401
s = elf_getscn(elf->elf, symtab->idx);
if (!s) {
WARN_ELF("elf_getscn");
return NULL;
}
data = elf_newdata(s);
if (!data) {
WARN_ELF("elf_newdata");
Reported by Cppcheck.
Line: 785
CWE codes:
401
data = elf_newdata(s);
if (!data) {
WARN_ELF("elf_newdata");
return NULL;
}
data->d_buf = &sym->sym;
data->d_size = sizeof(sym->sym);
data->d_align = 1;
Reported by Cppcheck.
Line: 922
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return NULL;
}
strcpy(relocname, ".rel");
strcat(relocname, base->name);
sec = elf_create_section(elf, relocname, 0, sizeof(GElf_Rel), 0);
free(relocname);
if (!sec)
return NULL;
Reported by FlawFinder.
Line: 952
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return NULL;
}
strcpy(relocname, ".rela");
strcat(relocname, base->name);
sec = elf_create_section(elf, relocname, 0, sizeof(GElf_Rela), 0);
free(relocname);
if (!sec)
return NULL;
Reported by FlawFinder.
Line: 426
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Create parent/child links for any cold subfunctions */
list_for_each_entry(sec, &elf->sections, list) {
list_for_each_entry(sym, &sec->symbol_list, list) {
char pname[MAX_NAME_LEN + 1];
size_t pnamelen;
if (sym->type != STT_FUNC)
continue;
if (sym->pfunc == NULL)
Reported by FlawFinder.
Line: 667
Column: 12
CWE codes:
362
INIT_LIST_HEAD(&elf->sections);
elf->fd = open(name, flags);
if (elf->fd == -1) {
fprintf(stderr, "objtool: Can't open '%s': %s\n",
name, strerror(errno));
goto err;
}
Reported by FlawFinder.
Line: 921
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
perror("malloc");
return NULL;
}
strcpy(relocname, ".rel");
strcat(relocname, base->name);
sec = elf_create_section(elf, relocname, 0, sizeof(GElf_Rel), 0);
free(relocname);
if (!sec)
Reported by FlawFinder.
Line: 951
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
perror("malloc");
return NULL;
}
strcpy(relocname, ".rela");
strcat(relocname, base->name);
sec = elf_create_section(elf, relocname, 0, sizeof(GElf_Rela), 0);
free(relocname);
if (!sec)
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb/vsc7326.c
18 issues
Line: 597
CWE codes:
682
{ reg, (&((struct cmac_statistics *)NULL)->stat_name) - (u64 *)NULL }
/* Rx stats */
HW_STAT(RxUnicast, RxUnicastFramesOK),
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
Reported by Cppcheck.
Line: 598
CWE codes:
682
/* Rx stats */
HW_STAT(RxUnicast, RxUnicastFramesOK),
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
Reported by Cppcheck.
Line: 599
CWE codes:
682
/* Rx stats */
HW_STAT(RxUnicast, RxUnicastFramesOK),
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
Reported by Cppcheck.
Line: 600
CWE codes:
682
HW_STAT(RxUnicast, RxUnicastFramesOK),
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
Reported by Cppcheck.
Line: 601
CWE codes:
682
HW_STAT(RxMulticast, RxMulticastFramesOK),
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
Reported by Cppcheck.
Line: 602
CWE codes:
682
HW_STAT(RxBroadcast, RxBroadcastFramesOK),
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
Reported by Cppcheck.
Line: 603
CWE codes:
682
HW_STAT(Crc, RxFCSErrors),
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
HW_STAT(RxSize1519ToMax, RxJumboFramesOK),
Reported by Cppcheck.
Line: 604
CWE codes:
682
HW_STAT(RxAlignment, RxAlignErrors),
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
HW_STAT(RxSize1519ToMax, RxJumboFramesOK),
Reported by Cppcheck.
Line: 605
CWE codes:
682
HW_STAT(RxOversize, RxFrameTooLongErrors),
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
HW_STAT(RxSize1519ToMax, RxJumboFramesOK),
/* Tx stats (skip collision stats as we are full-duplex only) */
Reported by Cppcheck.
Line: 606
CWE codes:
682
HW_STAT(RxPause, RxPauseFrames),
HW_STAT(RxJabbers, RxJabberErrors),
HW_STAT(RxFragments, RxRuntErrors),
HW_STAT(RxUndersize, RxRuntErrors),
HW_STAT(RxSymbolCarrier, RxSymbolErrors),
HW_STAT(RxSize1519ToMax, RxJumboFramesOK),
/* Tx stats (skip collision stats as we are full-duplex only) */
HW_STAT(TxUnicast, TxUnicastFramesOK),
Reported by Cppcheck.
drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c
18 issues
Line: 745
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (type) {
case SMU_OD_SCLK:
size = sprintf(buf, "%s:\n", "GFXCLK");
fallthrough;
case SMU_SCLK:
ret = aldebaran_get_current_clk_freq_by_table(smu, SMU_GFXCLK, &now);
if (ret) {
dev_err(smu->adev->dev, "Attempt to get current gfx clk Failed!");
Reported by FlawFinder.
Line: 782
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
if (display_levels == clocks.num_levels) {
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(
buf + size, "%d: %uMhz %s\n", i,
freq_values[i],
(clocks.num_levels == 1) ?
"*" :
(aldebaran_freqs_in_same_level(
Reported by FlawFinder.
Line: 793
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
""));
} else {
for (i = 0; i < display_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n", i,
freq_values[i], i == 1 ? "*" : "");
}
break;
Reported by FlawFinder.
Line: 800
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
case SMU_OD_MCLK:
size = sprintf(buf, "%s:\n", "MCLK");
fallthrough;
case SMU_MCLK:
ret = aldebaran_get_current_clk_freq_by_table(smu, SMU_UCLK, &now);
if (ret) {
dev_err(smu->adev->dev, "Attempt to get current mclk Failed!");
Reported by FlawFinder.
Line: 817
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, clocks.data[i].clocks_in_khz / 1000,
(clocks.num_levels == 1) ? "*" :
(aldebaran_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 840
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < clocks.num_levels; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, clocks.data[i].clocks_in_khz / 1000,
(clocks.num_levels == 1) ? "*" :
(aldebaran_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 863
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < single_dpm_table->count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, single_dpm_table->dpm_levels[i].value,
(clocks.num_levels == 1) ? "*" :
(aldebaran_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 886
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < single_dpm_table->count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, single_dpm_table->dpm_levels[i].value,
(clocks.num_levels == 1) ? "*" :
(aldebaran_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 909
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < single_dpm_table->count; i++)
size += sprintf(buf + size, "%d: %uMhz %s\n",
i, single_dpm_table->dpm_levels[i].value,
(clocks.num_levels == 1) ? "*" :
(aldebaran_freqs_in_same_level(
clocks.data[i].clocks_in_khz / 1000,
now) ? "*" : ""));
Reported by FlawFinder.
Line: 385
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct smu_table_context *table_context = &smu->smu_table;
struct smu_13_0_powerplay_table *powerplay_table =
table_context->power_play_table;
memcpy(table_context->driver_pptable, &powerplay_table->smc_pptable,
sizeof(PPTable_t));
return 0;
}
Reported by FlawFinder.
drivers/staging/rtl8723bs/core/rtw_wlan_util.c
18 issues
Line: 25
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned char RALINK_OUI[] = {0x00, 0x0c, 0x43};
static unsigned char REALTEK_OUI[] = {0x00, 0xe0, 0x4c};
static unsigned char AIRGOCAP_OUI[] = {0x00, 0x0a, 0xf5};
static unsigned char RSN_TKIP_CIPHER[4] = {0x00, 0x0f, 0xac, 0x02};
static unsigned char WPA_TKIP_CIPHER[4] = {0x00, 0x50, 0xf2, 0x02};
#define R2T_PHY_DELAY (0)
/* define WAIT_FOR_BCN_TO_MIN (3000) */
Reported by FlawFinder.
Line: 26
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned char REALTEK_OUI[] = {0x00, 0xe0, 0x4c};
static unsigned char AIRGOCAP_OUI[] = {0x00, 0x0a, 0xf5};
static unsigned char RSN_TKIP_CIPHER[4] = {0x00, 0x0f, 0xac, 0x02};
static unsigned char WPA_TKIP_CIPHER[4] = {0x00, 0x50, 0xf2, 0x02};
#define R2T_PHY_DELAY (0)
/* define WAIT_FOR_BCN_TO_MIN (3000) */
#define WAIT_FOR_BCN_TO_MIN (6000)
Reported by FlawFinder.
Line: 186
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void get_rate_set(struct adapter *padapter, unsigned char *pbssrate, int *bssrate_len)
{
unsigned char supportedrates[NumRates];
memset(supportedrates, 0, NumRates);
*bssrate_len = ratetbl2rateset(padapter, supportedrates);
memcpy(pbssrate, supportedrates, *bssrate_len);
}
Reported by FlawFinder.
Line: 190
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(supportedrates, 0, NumRates);
*bssrate_len = ratetbl2rateset(padapter, supportedrates);
memcpy(pbssrate, supportedrates, *bssrate_len);
}
void set_mcs_rate_by_mask(u8 *mcs_set, u32 mask)
{
u8 mcs_rate_1r = (u8)(mask&0xff);
Reported by FlawFinder.
Line: 282
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
#ifdef DBG_CH_SWITCH
const int len = 128;
char msg[128] = {0};
int cnt = 0;
int i = 0;
#endif /* DBG_CH_SWITCH */
struct dvobj_priv *dvobj = adapter_to_dvobj(adapter);
Reported by FlawFinder.
Line: 400
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
__le16 val;
memcpy((unsigned char *)&val, rtw_get_beacon_interval_from_ie(bss->IEs), 2);
return le16_to_cpu(val);
}
int is_client_associated_to_ap(struct adapter *padapter)
Reported by FlawFinder.
Line: 494
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (j = 0; j < 6; j++) {
cmd = _ReadCAM(padapter, addr+j);
if (j > 1) /* get key from cam */
memcpy(get_key+(j-2)*4, &cmd, 4);
}
}
void _write_cam(struct adapter *padapter, u8 entry, u16 ctrl, u8 *mac, u8 *key)
{
Reported by FlawFinder.
Line: 555
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_bh(&cam_ctl->lock);
dvobj->cam_cache[id].ctrl = ctrl;
memcpy(dvobj->cam_cache[id].mac, mac, ETH_ALEN);
memcpy(dvobj->cam_cache[id].key, key, 16);
spin_unlock_bh(&cam_ctl->lock);
}
Reported by FlawFinder.
Line: 556
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dvobj->cam_cache[id].ctrl = ctrl;
memcpy(dvobj->cam_cache[id].mac, mac, ETH_ALEN);
memcpy(dvobj->cam_cache[id].key, key, 16);
spin_unlock_bh(&cam_ctl->lock);
}
void clear_cam_cache(struct adapter *adapter, u8 id)
Reported by FlawFinder.
Line: 758
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!memcmp(&(pmlmeinfo->WMM_param), (pIE->data + 6), sizeof(struct WMM_para_element)))
return false;
else
memcpy(&(pmlmeinfo->WMM_param), (pIE->data + 6), sizeof(struct WMM_para_element));
pmlmeinfo->WMM_enable = 1;
return true;
}
Reported by FlawFinder.