The following issues were found
arch/powerpc/platforms/powermac/udbg_adb.c
2 issues
Line: 59
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int udbg_adb_use_btext;
static int xmon_adb_shiftstate;
static unsigned char xmon_keytab[128] =
"asdfhgzxcv\000bqwer" /* 0x00 - 0x0f */
"yt123465=97-80]o" /* 0x10 - 0x1f */
"u[ip\rlj'k;\\,/nm." /* 0x20 - 0x2f */
"\t `\177\0\033\0\0\0\0\0\0\0\0\0\0" /* 0x30 - 0x3f */
"\0.\0*\0+\0\0\0\0\0/\r\0-\0" /* 0x40 - 0x4f */
Reported by FlawFinder.
Line: 67
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"\0.\0*\0+\0\0\0\0\0/\r\0-\0" /* 0x40 - 0x4f */
"\0\0000123456789\0\0\0"; /* 0x50 - 0x5f */
static unsigned char xmon_shift_keytab[128] =
"ASDFHGZXCV\000BQWER" /* 0x00 - 0x0f */
"YT!@#$^%+(&_*)}O" /* 0x10 - 0x1f */
"U{IP\rLJ\"K:|<?NM>" /* 0x20 - 0x2f */
"\t ~\177\0\033\0\0\0\0\0\0\0\0\0\0" /* 0x30 - 0x3f */
"\0.\0*\0+\0\0\0\0\0/\r\0-\0" /* 0x40 - 0x4f */
Reported by FlawFinder.
arch/powerpc/platforms/powernv/opal-powercap.c
2 issues
Line: 60
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
ret = opal_error_code(opal_get_async_rc(msg));
if (!ret) {
ret = sprintf(buf, "%u\n", be32_to_cpu(pcap));
if (ret < 0)
ret = -EIO;
}
break;
case OPAL_SUCCESS:
Reported by FlawFinder.
Line: 66
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
break;
case OPAL_SUCCESS:
ret = sprintf(buf, "%u\n", be32_to_cpu(pcap));
if (ret < 0)
ret = -EIO;
break;
default:
ret = opal_error_code(ret);
Reported by FlawFinder.
arch/powerpc/platforms/powernv/opal-psr.c
2 issues
Line: 54
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
ret = opal_error_code(opal_get_async_rc(msg));
if (!ret) {
ret = sprintf(buf, "%u\n", be32_to_cpu(psr));
if (ret < 0)
ret = -EIO;
}
break;
case OPAL_SUCCESS:
Reported by FlawFinder.
Line: 60
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
break;
case OPAL_SUCCESS:
ret = sprintf(buf, "%u\n", be32_to_cpu(psr));
if (ret < 0)
ret = -EIO;
break;
default:
ret = opal_error_code(ret);
Reported by FlawFinder.
arch/powerpc/platforms/powernv/opal-sysparam.c
2 issues
Line: 114
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
goto out;
memcpy(buf, param_data_buf, attr->param_size);
ret = attr->param_size;
out:
mutex_unlock(&opal_sysparam_mutex);
return ret;
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count = MAX_PARAM_DATA_LEN;
mutex_lock(&opal_sysparam_mutex);
memcpy(param_data_buf, buf, count);
ret = opal_set_sys_param(attr->param_id, attr->param_size,
param_data_buf);
mutex_unlock(&opal_sysparam_mutex);
if (!ret)
ret = count;
Reported by FlawFinder.
arch/powerpc/platforms/powernv/opal-xscom.c
2 issues
Line: 84
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct scom_debug_entry {
u32 chip;
struct debugfs_blob_wrapper path;
char name[16];
};
static ssize_t scom_debug_read(struct file *filp, char __user *ubuf,
size_t count, loff_t *ppos)
{
Reported by FlawFinder.
Line: 168
Column: 19
CWE codes:
126
ent->chip = chip;
snprintf(ent->name, 16, "%08x", chip);
ent->path.data = (void *)kasprintf(GFP_KERNEL, "%pOF", dn);
ent->path.size = strlen((char *)ent->path.data);
dir = debugfs_create_dir(ent->name, root);
if (!dir) {
kfree(ent->path.data);
kfree(ent);
Reported by FlawFinder.
arch/powerpc/platforms/ps3/setup.c
2 issues
Line: 189
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t ps3_fw_version_show(struct kobject *kobj,
struct kobj_attribute *attr, char *buf)
{
return sprintf(buf, "%s", ps3_firmware_version_str);
}
static int __init ps3_setup_sysfs(void)
{
static struct kobj_attribute attr = __ATTR(fw-version, S_IRUGO,
Reported by FlawFinder.
Line: 39
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EXPORT_SYMBOL_GPL(ps3_gpu_mutex);
static union ps3_firmware_version ps3_firmware_version;
static char ps3_firmware_version_str[16];
void ps3_get_firmware_version(union ps3_firmware_version *v)
{
*v = ps3_firmware_version;
}
Reported by FlawFinder.
arch/powerpc/platforms/pseries/cmm.c
2 issues
Line: 341
Column: 10
CWE codes:
134
Suggestion:
Make format string constant
struct device_attribute *attr, \
char *buf) \
{ \
return sprintf(buf, format, ##args); \
} \
static DEVICE_ATTR(name, 0444, show_##name, NULL)
CMM_SHOW(loaned_kb, "%lu\n", PAGES2KB(atomic_long_read(&loaned_pages)));
CMM_SHOW(loaned_target_kb, "%lu\n", PAGES2KB(loaned_pages_target));
Reported by FlawFinder.
Line: 351
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_oom_pages(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%lu\n", PAGES2KB(oom_freed_pages));
}
static ssize_t store_oom_pages(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
arch/powerpc/platforms/pseries/dtl.c
2 issues
Line: 325
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void dtl_setup_file(struct dtl *dtl)
{
char name[10];
sprintf(name, "cpu-%d", dtl->cpu);
debugfs_create_file(name, 0400, dtl_dir, dtl, &dtl_fops);
}
Reported by FlawFinder.
Line: 327
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
char name[10];
sprintf(name, "cpu-%d", dtl->cpu);
debugfs_create_file(name, 0400, dtl_dir, dtl, &dtl_fops);
}
static int dtl_init(void)
Reported by FlawFinder.
arch/powerpc/platforms/pseries/eeh_pseries.c
2 issues
Line: 242
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* in BSS, and not dynamically alloced, so that it ends up in
* RMO where RTAS can access it.
*/
static unsigned char slot_errbuf[RTAS_ERROR_LOG_MAX];
static DEFINE_SPINLOCK(slot_errbuf_lock);
static int eeh_error_buf_size;
static int pseries_eeh_cap_start(struct pci_dn *pdn)
{
Reported by FlawFinder.
Line: 706
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr = rtas_config_addr(pdn->busno, pdn->devfn, 0);
buid = pdn->phb->buid;
spin_lock(&rtas_data_buf_lock);
memcpy(rtas_data_buf, vf_pe_array, RTAS_DATA_BUF_SIZE);
rc = rtas_call(ibm_allow_unfreeze, 5, 1, NULL,
addr,
BUID_HI(buid),
BUID_LO(buid),
rtas_data_buf, cur_vfs * sizeof(u16));
Reported by FlawFinder.
arch/powerpc/platforms/pseries/firmware.c
2 issues
Line: 83
Column: 46
CWE codes:
126
pr_debug(" -> fw_hypertas_feature_init()\n");
for (s = hypertas; s < hypertas + len; s += strlen(s) + 1) {
for (i = 0; i < ARRAY_SIZE(hypertas_fw_features_table); i++) {
const char *name = hypertas_fw_features_table[i].name;
size_t size;
/*
Reported by FlawFinder.
Line: 92
Column: 11
CWE codes:
126
* If there is a '*' at the end of name, only check
* upto there
*/
size = strlen(name);
if (size && name[size - 1] == '*') {
if (strncmp(name, s, size - 1))
continue;
} else if (strcmp(name, s))
continue;
Reported by FlawFinder.