The following issues were found
drivers/scsi/advansys.c
72 issues
Line: 2638
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
shost_printk(KERN_ERR, shost, "unknown bus "
"type %d\n", asc_dvc_varp->bus_type);
}
sprintf(info,
"AdvanSys SCSI %s: %s: IO 0x%lX-0x%lX, IRQ 0x%X",
ASC_VERSION, busname, (ulong)shost->io_port,
(ulong)shost->io_port + ASC_IOADR_GAP - 1,
boardp->irq);
} else {
Reported by FlawFinder.
Line: 2659
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else {
widename = "Ultra3-Wide";
}
sprintf(info,
"AdvanSys SCSI %s: PCI %s: PCIMEM 0x%lX-0x%lX, IRQ 0x%X",
ASC_VERSION, widename, (ulong)adv_dvc_varp->iop_base,
(ulong)adv_dvc_varp->iop_base + boardp->asc_n_io_port - 1, boardp->irq);
}
BUG_ON(strlen(info) >= ASC_INFO_SIZE);
Reported by FlawFinder.
Line: 10731
CWE codes:
476
adv_dvc_varp = &boardp->dvc_var.adv_dvc_var;
adv_dvc_varp->drv_ptr = boardp;
adv_dvc_varp->cfg = &boardp->dvc_cfg.adv_dvc_cfg;
if (pdev->device == PCI_DEVICE_ID_ASP_ABP940UW) {
ASC_DBG(1, "wide board ASC-3550\n");
adv_dvc_varp->chip_type = ADV_CHIP_ASC3550;
} else if (pdev->device == PCI_DEVICE_ID_38C0800_REV1) {
ASC_DBG(1, "wide board ASC-38C0800\n");
adv_dvc_varp->chip_type = ADV_CHIP_ASC38C0800;
Reported by Cppcheck.
Line: 10734
CWE codes:
476
if (pdev->device == PCI_DEVICE_ID_ASP_ABP940UW) {
ASC_DBG(1, "wide board ASC-3550\n");
adv_dvc_varp->chip_type = ADV_CHIP_ASC3550;
} else if (pdev->device == PCI_DEVICE_ID_38C0800_REV1) {
ASC_DBG(1, "wide board ASC-38C0800\n");
adv_dvc_varp->chip_type = ADV_CHIP_ASC38C0800;
} else {
ASC_DBG(1, "wide board ASC-38C1600\n");
adv_dvc_varp->chip_type = ADV_CHIP_ASC38C1600;
Reported by Cppcheck.
Line: 10872
CWE codes:
476
/*
* Save Wide EEP Configuration Information.
*/
if (adv_dvc_varp->chip_type == ADV_CHIP_ASC3550) {
ep_3550 = &boardp->eep_config.adv_3550_eep;
ep_3550->adapter_scsi_id = adv_dvc_varp->chip_scsi_id;
ep_3550->max_host_qng = adv_dvc_varp->max_host_qng;
ep_3550->max_dvc_qng = adv_dvc_varp->max_dvc_qng;
Reported by Cppcheck.
Line: 10875
CWE codes:
476
if (adv_dvc_varp->chip_type == ADV_CHIP_ASC3550) {
ep_3550 = &boardp->eep_config.adv_3550_eep;
ep_3550->adapter_scsi_id = adv_dvc_varp->chip_scsi_id;
ep_3550->max_host_qng = adv_dvc_varp->max_host_qng;
ep_3550->max_dvc_qng = adv_dvc_varp->max_dvc_qng;
ep_3550->termination = adv_dvc_varp->cfg->termination;
ep_3550->disc_enable = adv_dvc_varp->cfg->disc_enable;
ep_3550->bios_ctrl = adv_dvc_varp->bios_ctrl;
Reported by Cppcheck.
Line: 10876
CWE codes:
476
ep_3550 = &boardp->eep_config.adv_3550_eep;
ep_3550->adapter_scsi_id = adv_dvc_varp->chip_scsi_id;
ep_3550->max_host_qng = adv_dvc_varp->max_host_qng;
ep_3550->max_dvc_qng = adv_dvc_varp->max_dvc_qng;
ep_3550->termination = adv_dvc_varp->cfg->termination;
ep_3550->disc_enable = adv_dvc_varp->cfg->disc_enable;
ep_3550->bios_ctrl = adv_dvc_varp->bios_ctrl;
ep_3550->wdtr_able = adv_dvc_varp->wdtr_able;
Reported by Cppcheck.
Line: 10877
CWE codes:
476
ep_3550->adapter_scsi_id = adv_dvc_varp->chip_scsi_id;
ep_3550->max_host_qng = adv_dvc_varp->max_host_qng;
ep_3550->max_dvc_qng = adv_dvc_varp->max_dvc_qng;
ep_3550->termination = adv_dvc_varp->cfg->termination;
ep_3550->disc_enable = adv_dvc_varp->cfg->disc_enable;
ep_3550->bios_ctrl = adv_dvc_varp->bios_ctrl;
ep_3550->wdtr_able = adv_dvc_varp->wdtr_able;
ep_3550->sdtr_able = adv_dvc_varp->sdtr_able;
Reported by Cppcheck.
Line: 10878
CWE codes:
476
ep_3550->adapter_scsi_id = adv_dvc_varp->chip_scsi_id;
ep_3550->max_host_qng = adv_dvc_varp->max_host_qng;
ep_3550->max_dvc_qng = adv_dvc_varp->max_dvc_qng;
ep_3550->termination = adv_dvc_varp->cfg->termination;
ep_3550->disc_enable = adv_dvc_varp->cfg->disc_enable;
ep_3550->bios_ctrl = adv_dvc_varp->bios_ctrl;
ep_3550->wdtr_able = adv_dvc_varp->wdtr_able;
ep_3550->sdtr_able = adv_dvc_varp->sdtr_able;
ep_3550->ultra_able = adv_dvc_varp->ultra_able;
Reported by Cppcheck.
Line: 10879
CWE codes:
476
ep_3550->max_host_qng = adv_dvc_varp->max_host_qng;
ep_3550->max_dvc_qng = adv_dvc_varp->max_dvc_qng;
ep_3550->termination = adv_dvc_varp->cfg->termination;
ep_3550->disc_enable = adv_dvc_varp->cfg->disc_enable;
ep_3550->bios_ctrl = adv_dvc_varp->bios_ctrl;
ep_3550->wdtr_able = adv_dvc_varp->wdtr_able;
ep_3550->sdtr_able = adv_dvc_varp->sdtr_able;
ep_3550->ultra_able = adv_dvc_varp->ultra_able;
ep_3550->tagqng_able = adv_dvc_varp->tagqng_able;
Reported by Cppcheck.
drivers/usb/host/xhci.h
69 issues
Line: 2246
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (type) {
case TRB_LINK:
sprintf(str,
"LINK %08x%08x intr %d type '%s' flags %c:%c:%c:%c",
field1, field0, GET_INTR_TARGET(field2),
xhci_trb_type_string(type),
field3 & TRB_IOC ? 'I' : 'i',
field3 & TRB_CHAIN ? 'C' : 'c',
Reported by FlawFinder.
Line: 2263
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case TRB_HC_EVENT:
case TRB_DEV_NOTE:
case TRB_MFINDEX_WRAP:
sprintf(str,
"TRB %08x%08x status '%s' len %d slot %d ep %d type '%s' flags %c:%c",
field1, field0,
xhci_trb_comp_code_string(GET_COMP_CODE(field2)),
EVENT_TRB_LEN(field2), TRB_TO_SLOT_ID(field3),
/* Macro decrements 1, maybe it shouldn't?!? */
Reported by FlawFinder.
Line: 2276
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
case TRB_SETUP:
sprintf(str, "bRequestType %02x bRequest %02x wValue %02x%02x wIndex %02x%02x wLength %d length %d TD size %d intr %d type '%s' flags %c:%c:%c",
field0 & 0xff,
(field0 & 0xff00) >> 8,
(field0 & 0xff000000) >> 24,
(field0 & 0xff0000) >> 16,
(field1 & 0xff00) >> 8,
Reported by FlawFinder.
Line: 2293
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
field3 & TRB_CYCLE ? 'C' : 'c');
break;
case TRB_DATA:
sprintf(str, "Buffer %08x%08x length %d TD size %d intr %d type '%s' flags %c:%c:%c:%c:%c:%c:%c",
field1, field0, TRB_LEN(field2), GET_TD_SIZE(field2),
GET_INTR_TARGET(field2),
xhci_trb_type_string(type),
field3 & TRB_IDT ? 'I' : 'i',
field3 & TRB_IOC ? 'I' : 'i',
Reported by FlawFinder.
Line: 2306
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
field3 & TRB_CYCLE ? 'C' : 'c');
break;
case TRB_STATUS:
sprintf(str, "Buffer %08x%08x length %d TD size %d intr %d type '%s' flags %c:%c:%c:%c",
field1, field0, TRB_LEN(field2), GET_TD_SIZE(field2),
GET_INTR_TARGET(field2),
xhci_trb_type_string(type),
field3 & TRB_IOC ? 'I' : 'i',
field3 & TRB_CHAIN ? 'C' : 'c',
Reported by FlawFinder.
Line: 2319
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case TRB_ISOC:
case TRB_EVENT_DATA:
case TRB_TR_NOOP:
sprintf(str,
"Buffer %08x%08x length %d TD size %d intr %d type '%s' flags %c:%c:%c:%c:%c:%c:%c:%c",
field1, field0, TRB_LEN(field2), GET_TD_SIZE(field2),
GET_INTR_TARGET(field2),
xhci_trb_type_string(type),
field3 & TRB_BEI ? 'B' : 'b',
Reported by FlawFinder.
Line: 2336
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case TRB_CMD_NOOP:
case TRB_ENABLE_SLOT:
sprintf(str,
"%s: flags %c",
xhci_trb_type_string(type),
field3 & TRB_CYCLE ? 'C' : 'c');
break;
case TRB_DISABLE_SLOT:
Reported by FlawFinder.
Line: 2343
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
case TRB_DISABLE_SLOT:
case TRB_NEG_BANDWIDTH:
sprintf(str,
"%s: slot %d flags %c",
xhci_trb_type_string(type),
TRB_TO_SLOT_ID(field3),
field3 & TRB_CYCLE ? 'C' : 'c');
break;
Reported by FlawFinder.
Line: 2350
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
field3 & TRB_CYCLE ? 'C' : 'c');
break;
case TRB_ADDR_DEV:
sprintf(str,
"%s: ctx %08x%08x slot %d flags %c:%c",
xhci_trb_type_string(type),
field1, field0,
TRB_TO_SLOT_ID(field3),
field3 & TRB_BSR ? 'B' : 'b',
Reported by FlawFinder.
Line: 2359
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
field3 & TRB_CYCLE ? 'C' : 'c');
break;
case TRB_CONFIG_EP:
sprintf(str,
"%s: ctx %08x%08x slot %d flags %c:%c",
xhci_trb_type_string(type),
field1, field0,
TRB_TO_SLOT_ID(field3),
field3 & TRB_DC ? 'D' : 'd',
Reported by FlawFinder.
scripts/spdxcheck.py
68 issues
Line: 6
Column: 1
# Copyright Thomas Gleixner <tglx@linutronix.de>
from argparse import ArgumentParser
from ply import lex, yacc
import locale
import traceback
import sys
import git
import re
Reported by Pylint.
Line: 203
Column: 34
tok = pe.tok.value
sys.stdout.write('%s: %d:%d %s: %s\n' %(fname, self.curline, col, pe.txt, tok))
else:
sys.stdout.write('%s: %d:0 %s\n' %(fname, self.curline, col, pe.txt))
self.spdx_errors += 1
def scan_git_tree(tree):
for el in tree.traverse():
# Exclude stuff which would make pointless noise
Reported by Pylint.
Line: 15
Column: 5
import os
class ParserException(Exception):
def __init__(self, tok, txt):
self.tok = tok
self.txt = txt
class SPDXException(Exception):
def __init__(self, el, txt):
Reported by Pylint.
Line: 20
Column: 5
self.txt = txt
class SPDXException(Exception):
def __init__(self, el, txt):
self.el = el
self.txt = txt
class SPDXdata(object):
def __init__(self):
Reported by Pylint.
Line: 32
Column: 19
self.exceptions = { }
# Read the spdx data from the LICENSES directory
def read_spdxdata(repo):
# The subdirectories of LICENSES in the kernel source
# Note: exceptions needs to be parsed as last directory.
license_dirs = [ "preferred", "dual", "deprecated", "exceptions" ]
lictree = repo.head.commit.tree['LICENSES']
Reported by Pylint.
Line: 39
Column: 5
license_dirs = [ "preferred", "dual", "deprecated", "exceptions" ]
lictree = repo.head.commit.tree['LICENSES']
spdx = SPDXdata()
for d in license_dirs:
for el in lictree[d].traverse():
if not os.path.isfile(el.path):
continue
Reported by Pylint.
Line: 84
Column: 24
t_ignore = ' \t'
def __init__(self, spdx):
self.spdx = spdx
self.lasttok = None
self.lastid = None
self.lexer = lex.lex(module = self, reflags = re.UNICODE)
# Initialize the parser. No debug file and no parser rules stored on disk
Reported by Pylint.
Line: 101
Column: 9
# Validate License and Exception IDs
def validate(self, tok):
id = tok.value.upper()
if tok.type == 'ID':
if not id in self.spdx.licenses:
raise ParserException(tok, 'Invalid License ID')
self.lastid = id
elif tok.type == 'EXC':
Reported by Pylint.
Line: 148
Column: 22
def t_error(self, tok):
raise ParserException(tok, 'Invalid token')
def p_expr(self, p):
'''expr : ID
| ID WITH EXC
| expr AND expr
| expr OR expr
| LPAR expr RPAR'''
Reported by Pylint.
Line: 154
Column: 9
| expr AND expr
| expr OR expr
| LPAR expr RPAR'''
pass
def p_error(self, p):
if not p:
raise ParserException(None, 'Unfinished license expression')
else:
Reported by Pylint.
tools/perf/scripts/python/mem-phys-addr.py
68 issues
Line: 11
Column: 1
import os
import sys
import struct
import re
import bisect
import collections
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
Reported by Pylint.
Line: 31
Column: 2
event_name = None
def parse_iomem():
global f
f = open('/proc/iomem', 'r')
for i, j in enumerate(f):
m = re.split('-|:',j,2)
if m[2].strip() == 'System RAM':
system_ram.append(int(m[0], 16))
Reported by Pylint.
Line: 33
Column: 6
def parse_iomem():
global f
f = open('/proc/iomem', 'r')
for i, j in enumerate(f):
m = re.split('-|:',j,2)
if m[2].strip() == 'System RAM':
system_ram.append(int(m[0], 16))
system_ram.append(int(m[1], 16))
if m[2].strip() == 'Persistent Memory':
Reported by Pylint.
Line: 47
Column: 1
print("%-40s %10s %10s\n" % ("Memory type", "count", "percentage"), end='')
print("%-40s %10s %10s\n" % ("----------------------------------------",
"-----------", "-----------"),
end='');
total = sum(load_mem_type_cnt.values())
for mem_type, count in sorted(load_mem_type_cnt.most_common(), \
key = lambda kv: (kv[1], kv[0]), reverse = True):
print("%-40s %10d %10.1f%%\n" %
(mem_type, count, 100 * count / total),
Reported by Pylint.
Line: 97
Column: 2
sample = param_dict["sample"]
phys_addr = sample["phys_addr"]
global event_name
if event_name == None:
event_name = name
load_mem_type_cnt[find_memory_type(phys_addr)] += 1
Reported by Pylint.
Line: 1
Column: 1
# mem-phys-addr.py: Resolve physical address samples
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (c) 2018, Intel Corporation.
from __future__ import division
from __future__ import print_function
import os
Reported by Pylint.
Line: 1
Column: 1
# mem-phys-addr.py: Resolve physical address samples
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (c) 2018, Intel Corporation.
from __future__ import division
from __future__ import print_function
import os
Reported by Pylint.
Line: 24
Column: 1
#physical address ranges for Persistent Memory
pmem = []
#file object for proc iomem
f = None
#Count for each type of memory
load_mem_type_cnt = collections.Counter()
#perf event name
event_name = None
Reported by Pylint.
Line: 28
Column: 1
#Count for each type of memory
load_mem_type_cnt = collections.Counter()
#perf event name
event_name = None
def parse_iomem():
global f
f = open('/proc/iomem', 'r')
for i, j in enumerate(f):
Reported by Pylint.
Line: 30
Column: 1
#perf event name
event_name = None
def parse_iomem():
global f
f = open('/proc/iomem', 'r')
for i, j in enumerate(f):
m = re.split('-|:',j,2)
if m[2].strip() == 'System RAM':
Reported by Pylint.
scripts/mod/modpost.c
68 issues
Line: 61
Column: 28
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define MODULE_NAME_LEN (64 - sizeof(Elf_Addr))
void __attribute__((format(printf, 2, 3)))
modpost_log(enum loglevel loglevel, const char *fmt, ...)
{
va_list arglist;
switch (loglevel) {
Reported by FlawFinder.
Line: 83
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(stderr, "modpost: ");
va_start(arglist, fmt);
vfprintf(stderr, fmt, arglist);
va_end(arglist);
if (loglevel == LOG_FATAL)
exit(1);
if (loglevel == LOG_ERROR)
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
memset(mod, 0, sizeof(*mod));
/* add to list */
strcpy(mod->name, modname);
mod->is_vmlinux = (strcmp(modname, "vmlinux") == 0);
mod->gpl_compatible = -1;
mod->next = modules;
modules = mod;
Reported by FlawFinder.
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct symbol *s = NOFAIL(malloc(sizeof(*s) + strlen(name) + 1));
memset(s, 0, sizeof(*s));
strcpy(s->name, name);
s->weak = weak;
s->next = next;
s->is_static = 1;
return s;
}
Reported by FlawFinder.
Line: 281
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!contains_namespace(*list, namespace)) {
ns_entry = NOFAIL(malloc(sizeof(struct namespace_list) +
strlen(namespace) + 1));
strcpy(ns_entry->namespace, namespace);
ns_entry->next = *list;
*list = ns_entry;
}
}
Reported by FlawFinder.
Line: 2104
Column: 28
CWE codes:
134
Suggestion:
Use a constant for the format specification
* following helper, then compare to the file on disk and
* only update the later if anything changed */
void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
const char *fmt, ...)
{
char tmp[SZ];
int len;
va_list ap;
Reported by FlawFinder.
Line: 2112
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
va_start(ap, fmt);
len = vsnprintf(tmp, SZ, fmt, ap);
buf_write(buf, tmp, len);
va_end(ap);
}
void buf_write(struct buffer *buf, const char *s, int len)
Reported by FlawFinder.
Line: 2575
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
add_moddevtable(&buf, mod);
add_srcversion(&buf, mod);
sprintf(fname, "%s.mod.c", mod->name);
write_if_changed(&buf, fname);
}
if (missing_namespace_deps)
write_namespace_deps_files(missing_namespace_deps);
Reported by FlawFinder.
Line: 2497
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
struct dump_list *dump_read_start = NULL;
struct dump_list **dump_read_iter = &dump_read_start;
while ((opt = getopt(argc, argv, "ei:mnT:o:awENd:")) != -1) {
switch (opt) {
case 'e':
external_module = 1;
break;
case 'i':
Reported by FlawFinder.
Line: 107
Column: 7
CWE codes:
362
int fd;
char *buf;
fd = open(filename, O_RDONLY);
if (fd < 0) {
perror(filename);
exit(1);
}
Reported by FlawFinder.
drivers/net/ethernet/broadcom/tg3.c
68 issues
Line: 359
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_DEVICE_TABLE(pci, tg3_pci_tbl);
static const struct {
const char string[ETH_GSTRING_LEN];
} ethtool_stats_keys[] = {
{ "rx_octets" },
{ "rx_fragments" },
{ "rx_ucast_packets" },
{ "rx_mcast_packets" },
Reported by FlawFinder.
Line: 453
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const struct {
const char string[ETH_GSTRING_LEN];
} ethtool_test_keys[] = {
[TG3_NVRAM_TEST] = { "nvram test (online) " },
[TG3_LINK_TEST] = { "link test (online) " },
[TG3_REGISTER_TEST] = { "register test (offline)" },
[TG3_MEMORY_TEST] = { "memory test (offline)" },
Reported by FlawFinder.
Line: 899
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; length; i += 4, length -= 4) {
u32 val = tg3_ape_read32(tp, msgoff + i);
memcpy(data, &val, sizeof(u32));
data++;
}
}
return 0;
Reported by FlawFinder.
Line: 3333
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr = offset + i;
memcpy(&data, buf + i, 4);
/*
* The SEEPROM interface expects the data to always be opposite
* the native endian format. We accomplish this by reversing
* all the operations that would have been performed on the
Reported by FlawFinder.
Line: 3406
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len -= size;
memcpy(tmp + page_off, buf, size);
offset = offset + (pagesize - page_off);
tg3_enable_nvram_access(tp);
Reported by FlawFinder.
Line: 3479
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 page_off, phy_addr, nvram_cmd;
__be32 data;
memcpy(&data, buf + i, 4);
tw32(NVRAM_WRDATA, be32_to_cpu(data));
page_off = offset % tp->nvram_pagesize;
phy_addr = tg3_nvram_phys_addr(tp, offset);
Reported by FlawFinder.
Line: 6912
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_reserve(skb, TG3_RAW_IP_ALIGN);
pci_dma_sync_single_for_cpu(tp->pdev, dma_addr, len, PCI_DMA_FROMDEVICE);
memcpy(skb->data,
data + TG3_RX_OFFSET(tp),
len);
pci_dma_sync_single_for_device(tp->pdev, dma_addr, len, PCI_DMA_FROMDEVICE);
}
Reported by FlawFinder.
Line: 7082
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
smp_rmb();
memcpy(&dpr->rx_std_buffers[di],
&spr->rx_std_buffers[si],
cpycnt * sizeof(struct ring_info));
for (i = 0; i < cpycnt; i++, di++, si++) {
struct tg3_rx_buffer_desc *sbd, *dbd;
Reported by FlawFinder.
Line: 7140
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
smp_rmb();
memcpy(&dpr->rx_jmb_buffers[di],
&spr->rx_jmb_buffers[si],
cpycnt * sizeof(struct ring_info));
for (i = 0; i < cpycnt; i++, di++, si++) {
struct tg3_rx_buffer_desc *sbd, *dbd;
Reported by FlawFinder.
Line: 9372
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
if (!netif_running(dev))
return 0;
if (tg3_flag(tp, ENABLE_ASF)) {
Reported by FlawFinder.
tools/testing/selftests/tpm2/tpm2_tests.py
68 issues
Line: 3
Column: 1
# SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
from argparse import ArgumentParser
from argparse import FileType
import os
import sys
import tpm2
from tpm2 import ProtocolError
import unittest
Reported by Pylint.
Line: 4
Column: 1
# SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
from argparse import ArgumentParser
from argparse import FileType
import os
import sys
import tpm2
from tpm2 import ProtocolError
import unittest
Reported by Pylint.
Line: 5
Column: 1
from argparse import ArgumentParser
from argparse import FileType
import os
import sys
import tpm2
from tpm2 import ProtocolError
import unittest
import logging
Reported by Pylint.
Line: 67
Column: 13
blob = self.client.seal(self.root_key, data, auth, None)
try:
result = self.client.unseal(self.root_key, blob,
auth[:-1] + 'B'.encode(), None)
except ProtocolError as e:
rc = e.rc
self.assertEqual(rc, tpm2.TPM2_RC_AUTH_FAIL)
Reported by Pylint.
Line: 139
Column: 13
rc = 0
try:
blob = self.client.seal(self.root_key, data, auth, None)
except ProtocolError as e:
rc = e.rc
self.assertEqual(rc, tpm2.TPM2_RC_SIZE)
Reported by Pylint.
Line: 156
Column: 9
0xDEADBEEF)
self.client.send_cmd(cmd)
except IOError as e:
rejected = True
except:
pass
self.assertEqual(rejected, True)
Reported by Pylint.
Line: 158
Column: 9
self.client.send_cmd(cmd)
except IOError as e:
rejected = True
except:
pass
self.assertEqual(rejected, True)
def test_read_partial_resp(self):
try:
Reported by Pylint.
Line: 174
Column: 9
hdr = self.client.tpm.read(10)
sz = struct.unpack('>I', hdr[2:6])[0]
rsp = self.client.tpm.read()
except:
pass
self.assertEqual(sz, 10 + 2 + 32)
self.assertEqual(len(rsp), 2 + 32)
def test_read_partial_overwrite(self):
Reported by Pylint.
Line: 196
Column: 9
# Read the whole respone
rsp2 = self.client.tpm.read()
except:
pass
self.assertEqual(len(rsp1), 15)
self.assertEqual(len(rsp2), 10 + 2 + 32)
def test_send_two_cmds(self):
Reported by Pylint.
Line: 214
Column: 13
# expect the second one to raise -EBUSY error
self.client.tpm.write(cmd)
rsp = self.client.tpm.read()
except IOError as e:
# read the response
rsp = self.client.tpm.read()
rejected = True
Reported by Pylint.
drivers/staging/iio/addac/adt7316.c
67 issues
Line: 228
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct iio_dev *dev_info = dev_to_iio_dev(dev);
struct adt7316_chip_info *chip = iio_priv(dev_info);
return sprintf(buf, "%d\n", !!(chip->config1 & ADT7316_EN));
}
static ssize_t _adt7316_store_enabled(struct adt7316_chip_info *chip,
int enable)
{
Reported by FlawFinder.
Line: 286
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if ((chip->id & ID_FAMILY_MASK) != ID_ADT75XX)
return -EPERM;
return sprintf(buf, "%d\n", !!(chip->config1 & ADT7516_SEL_EX_TEMP));
}
static ssize_t adt7316_store_select_ex_temp(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
Line: 328
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct adt7316_chip_info *chip = iio_priv(dev_info);
if (chip->config2 & ADT7316_AD_SINGLE_CH_MODE)
return sprintf(buf, "single_channel\n");
return sprintf(buf, "round_robin\n");
}
static ssize_t adt7316_store_mode(struct device *dev,
Reported by FlawFinder.
Line: 330
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (chip->config2 & ADT7316_AD_SINGLE_CH_MODE)
return sprintf(buf, "single_channel\n");
return sprintf(buf, "round_robin\n");
}
static ssize_t adt7316_store_mode(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
Line: 365
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *attr,
char *buf)
{
return sprintf(buf, "single_channel\nround_robin\n");
}
static IIO_DEVICE_ATTR(all_modes, 0444, adt7316_show_all_modes, NULL, 0);
static ssize_t adt7316_show_ad_channel(struct device *dev,
Reported by FlawFinder.
Line: 382
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (chip->config2 & ADT7516_AD_SINGLE_CH_MASK) {
case ADT7316_AD_SINGLE_CH_VDD:
return sprintf(buf, "0 - VDD\n");
case ADT7316_AD_SINGLE_CH_IN:
return sprintf(buf, "1 - Internal Temperature\n");
case ADT7316_AD_SINGLE_CH_EX:
if (((chip->id & ID_FAMILY_MASK) == ID_ADT75XX) &&
(chip->config1 & ADT7516_SEL_AIN1_2_EX_TEMP_MASK) == 0)
Reported by FlawFinder.
Line: 384
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case ADT7316_AD_SINGLE_CH_VDD:
return sprintf(buf, "0 - VDD\n");
case ADT7316_AD_SINGLE_CH_IN:
return sprintf(buf, "1 - Internal Temperature\n");
case ADT7316_AD_SINGLE_CH_EX:
if (((chip->id & ID_FAMILY_MASK) == ID_ADT75XX) &&
(chip->config1 & ADT7516_SEL_AIN1_2_EX_TEMP_MASK) == 0)
return sprintf(buf, "2 - AIN1\n");
Reported by FlawFinder.
Line: 388
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case ADT7316_AD_SINGLE_CH_EX:
if (((chip->id & ID_FAMILY_MASK) == ID_ADT75XX) &&
(chip->config1 & ADT7516_SEL_AIN1_2_EX_TEMP_MASK) == 0)
return sprintf(buf, "2 - AIN1\n");
return sprintf(buf, "2 - External Temperature\n");
case ADT7516_AD_SINGLE_CH_AIN2:
if ((chip->config1 & ADT7516_SEL_AIN1_2_EX_TEMP_MASK) == 0)
return sprintf(buf, "3 - AIN2\n");
Reported by FlawFinder.
Line: 390
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(chip->config1 & ADT7516_SEL_AIN1_2_EX_TEMP_MASK) == 0)
return sprintf(buf, "2 - AIN1\n");
return sprintf(buf, "2 - External Temperature\n");
case ADT7516_AD_SINGLE_CH_AIN2:
if ((chip->config1 & ADT7516_SEL_AIN1_2_EX_TEMP_MASK) == 0)
return sprintf(buf, "3 - AIN2\n");
return sprintf(buf, "N/A\n");
Reported by FlawFinder.
Line: 393
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "2 - External Temperature\n");
case ADT7516_AD_SINGLE_CH_AIN2:
if ((chip->config1 & ADT7516_SEL_AIN1_2_EX_TEMP_MASK) == 0)
return sprintf(buf, "3 - AIN2\n");
return sprintf(buf, "N/A\n");
case ADT7516_AD_SINGLE_CH_AIN3:
if (chip->config1 & ADT7516_SEL_AIN3)
return sprintf(buf, "4 - AIN3\n");
Reported by FlawFinder.
tools/perf/scripts/python/powerpc-hcalls.py
67 issues
Line: 15
Column: 1
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from Core import *
from Util import *
# output: {
# opcode: {
Reported by Pylint.
Line: 16
Column: 1
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from Core import *
from Util import *
# output: {
# opcode: {
# 'min': minimum time nsec
Reported by Pylint.
Line: 17
Column: 1
from perf_trace_context import *
from Core import *
from Util import *
# output: {
# opcode: {
# 'min': minimum time nsec
# 'max': maximum time nsec
Reported by Pylint.
Line: 176
Column: 10
def powerpc__hcall_exit(name, context, cpu, sec, nsec, pid, comm, callchain,
opcode, retval):
if (cpu in d_enter and opcode in d_enter[cpu]):
diff = nsecs(sec, nsec) - d_enter[cpu][opcode]
if (opcode in output):
output[opcode]['time'] += diff
output[opcode]['cnt'] += 1
if (output[opcode]['min'] > diff):
Reported by Pylint.
Line: 200
Column: 27
def powerpc__hcall_entry(event_name, context, cpu, sec, nsec, pid, comm,
callchain, opcode):
if (cpu in d_enter):
d_enter[cpu][opcode] = nsecs(sec, nsec)
else:
d_enter[cpu] = {opcode: nsecs(sec, nsec)}
Reported by Pylint.
Line: 202
Column: 28
if (cpu in d_enter):
d_enter[cpu][opcode] = nsecs(sec, nsec)
else:
d_enter[cpu] = {opcode: nsecs(sec, nsec)}
Reported by Pylint.
Line: 15
Column: 1
sys.path.append(os.environ['PERF_EXEC_PATH'] + \
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from Core import *
from Util import *
# output: {
# opcode: {
Reported by Pylint.
Line: 16
Column: 1
'/scripts/python/Perf-Trace-Util/lib/Perf/Trace')
from perf_trace_context import *
from Core import *
from Util import *
# output: {
# opcode: {
# 'min': minimum time nsec
Reported by Pylint.
Line: 17
Column: 1
from perf_trace_context import *
from Core import *
from Util import *
# output: {
# opcode: {
# 'min': minimum time nsec
# 'max': maximum time nsec
Reported by Pylint.
Line: 173
Column: 56
print(print_ptrn % (h_name, cnt, min_t, max_t, time//cnt))
def powerpc__hcall_exit(name, context, cpu, sec, nsec, pid, comm, callchain,
opcode, retval):
if (cpu in d_enter and opcode in d_enter[cpu]):
diff = nsecs(sec, nsec) - d_enter[cpu][opcode]
if (opcode in output):
Reported by Pylint.
drivers/s390/net/qeth_core_main.c
67 issues
Line: 6247
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!debug_level_enabled(id, level))
return;
va_start(args, fmt);
vsnprintf(dbf_txt_buf, sizeof(dbf_txt_buf), fmt, args);
va_end(args);
debug_text_event(id, level, dbf_txt_buf);
}
EXPORT_SYMBOL_GPL(qeth_dbf_longtext);
Reported by FlawFinder.
Line: 1003
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qeth_notify_cmd(request, rc);
qeth_put_cmd(request);
out:
memcpy(&card->seqno.pdu_hdr_ack,
QETH_PDU_HEADER_SEQ_NO(iob->data),
QETH_SEQ_NO_LENGTH);
__qeth_issue_next_read(card);
err_idx:
qeth_put_cmd(iob);
Reported by FlawFinder.
Line: 1783
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct diag26c_vnic_resp *response = NULL;
struct diag26c_vnic_req *request = NULL;
struct ccw_dev_id id;
char userid[80];
int rc = 0;
QETH_CARD_TEXT(card, 2, "vmlayer");
cpcmd("QUERY USERID", userid, sizeof(userid), &rc);
Reported by FlawFinder.
Line: 1804
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
request->resp_version = DIAG26C_VERSION6_VM65918;
request->req_format = DIAG26C_VNIC_INFO;
ASCEBC(userid, 8);
memcpy(&request->sys_name, userid, 8);
request->devno = id.devno;
QETH_DBF_HEX(CTRL, 2, request, sizeof(*request));
rc = diag26c(request, response, DIAG26C_PORT_VNIC);
QETH_DBF_HEX(CTRL, 2, request, sizeof(*request));
Reported by FlawFinder.
Line: 1899
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void qeth_idx_finalize_cmd(struct qeth_card *card,
struct qeth_cmd_buffer *iob)
{
memcpy(QETH_TRANSPORT_HEADER_SEQ_NO(iob->data), &card->seqno.trans_hdr,
QETH_SEQ_NO_LENGTH);
if (iob->channel == &card->write)
card->seqno.trans_hdr++;
}
Reported by FlawFinder.
Line: 1919
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
qeth_idx_finalize_cmd(card, iob);
memcpy(QETH_PDU_HEADER_SEQ_NO(iob->data),
&card->seqno.pdu_hdr, QETH_SEQ_NO_LENGTH);
card->seqno.pdu_hdr++;
memcpy(QETH_PDU_HEADER_ACK_SEQ_NO(iob->data),
&card->seqno.pdu_hdr_ack, QETH_SEQ_NO_LENGTH);
Reported by FlawFinder.
Line: 1922
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(QETH_PDU_HEADER_SEQ_NO(iob->data),
&card->seqno.pdu_hdr, QETH_SEQ_NO_LENGTH);
card->seqno.pdu_hdr++;
memcpy(QETH_PDU_HEADER_ACK_SEQ_NO(iob->data),
&card->seqno.pdu_hdr_ack, QETH_SEQ_NO_LENGTH);
iob->callback = qeth_release_buffer_cb;
}
Reported by FlawFinder.
Line: 1945
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!iob)
return NULL;
memcpy(iob->data, data, data_length);
qeth_setup_ccw(__ccw_from_cmd(iob), CCW_CMD_WRITE, 0, data_length,
iob->data);
iob->finalize = qeth_mpc_finalize_cmd;
iob->match = qeth_mpc_match_reply;
return iob;
Reported by FlawFinder.
Line: 2160
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
goto out;
memcpy(&peer_level, QETH_IDX_ACT_FUNC_LEVEL(iob->data), 2);
if (peer_level != qeth_peer_func_level(card->info.func_level)) {
QETH_DBF_MESSAGE(2, "IDX_ACTIVATE on channel %x: function level mismatch (sent: %#x, received: %#x)\n",
CCW_DEVID(channel->ccwdev),
card->info.func_level, peer_level);
rc = -EINVAL;
Reported by FlawFinder.
Line: 2169
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(&card->token.issuer_rm_r,
QETH_IDX_ACT_ISSUER_RM_TOKEN(iob->data),
QETH_MPC_TOKEN_LENGTH);
memcpy(&card->info.mcl_level[0],
QETH_IDX_REPLY_LEVEL(iob->data), QETH_MCL_LENGTH);
Reported by FlawFinder.