The following issues were found
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
17 issues
Line: 3168
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ath_dbg(common, EEPROM,
"Restore at %d: spot=%d offset=%d length=%d\n",
it, spot, offset, length);
memcpy(&mptr[spot], &block[it+2], length);
spot += length;
} else if (length > 0) {
ath_dbg(common, EEPROM,
"Bad restore at %d: spot=%d offset=%d length=%d\n",
it, spot, offset, length);
Reported by FlawFinder.
Line: 3198
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mdata_size, length);
return -1;
}
memcpy(mptr, word + COMP_HDR_LEN, length);
ath_dbg(common, EEPROM,
"restored eeprom %d: uncompressed, length %d\n",
it, length);
break;
case _CompressBlock:
Reported by FlawFinder.
Line: 3212
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reference);
return -1;
}
memcpy(mptr, eep, mdata_size);
}
ath_dbg(common, EEPROM,
"restore eeprom %d: block, reference %d, length %d\n",
it, reference, length);
ar9300_uncompress_block(ah, mptr, mdata_size,
Reported by FlawFinder.
Line: 3299
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!word)
return -ENOMEM;
memcpy(mptr, &ar9300_default, mdata_size);
read = ar9300_read_eeprom;
if (AR_SREV_9485(ah))
cptr = AR9300_BASE_ADDR_4K;
else if (AR_SREV_9330(ah))
Reported by FlawFinder.
Line: 5485
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ALL_TARGET_HT20_0_8_16;
if (!ah->paprd_table_write_done) {
memcpy(target_power_val_t2_eep, targetPowerValT2,
sizeof(targetPowerValT2));
for (i = 0; i < 24; i++) {
pwr_idx = mcsidx_to_tgtpwridx(i, min_pwridx);
if (ah->paprd_ratemask & (1 << i)) {
if (targetPowerValT2[pwr_idx] &&
Reported by FlawFinder.
Line: 5498
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
}
memcpy(target_power_val_t2_eep, targetPowerValT2,
sizeof(targetPowerValT2));
}
ar9003_hw_set_power_per_rate_table(ah, chan,
targetPowerValT2, cfgCtl,
Reported by FlawFinder.
Line: 5507
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
twiceAntennaReduction,
powerLimit);
memcpy(targetPowerValT2_tpc, targetPowerValT2,
sizeof(targetPowerValT2));
if (ar9003_is_paprd_enabled(ah)) {
for (i = 0; i < ar9300RateSize; i++) {
if ((ah->paprd_ratemask & (1 << i)) &&
Reported by FlawFinder.
Line: 3236
Column: 74
CWE codes:
120
20
return !(*word == 0 || *word == ~0);
}
static bool ar9300_check_eeprom_header(struct ath_hw *ah, eeprom_read_op read,
int base_addr)
{
u8 header[4];
if (!read(ah, base_addr, header, 4))
Reported by FlawFinder.
Line: 3280
Column: 17
CWE codes:
120
20
u16 checksum, mchecksum;
struct ath_common *common = ath9k_hw_common(ah);
struct ar9300_eeprom *eep;
eeprom_read_op read;
if (ath9k_hw_use_flash(ah)) {
u8 txrx;
if (ar9300_eeprom_restore_flash(ah, mptr, mdata_size))
Reported by FlawFinder.
fs/cifs/winucase.c
17 issues
Line: 23
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wchar_t cifs_toupper(wchar_t in); /* quiet sparse */
static const wchar_t t2_00[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 58
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00d8, 0x00d9, 0x00da, 0x00db, 0x00dc, 0x00dd, 0x00de, 0x0178,
};
static const wchar_t t2_01[256] = {
0x0000, 0x0100, 0x0000, 0x0102, 0x0000, 0x0104, 0x0000, 0x0106,
0x0000, 0x0108, 0x0000, 0x010a, 0x0000, 0x010c, 0x0000, 0x010e,
0x0000, 0x0110, 0x0000, 0x0112, 0x0000, 0x0114, 0x0000, 0x0116,
0x0000, 0x0118, 0x0000, 0x011a, 0x0000, 0x011c, 0x0000, 0x011e,
0x0000, 0x0120, 0x0000, 0x0122, 0x0000, 0x0124, 0x0000, 0x0126,
Reported by FlawFinder.
Line: 93
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x01f8, 0x0000, 0x01fa, 0x0000, 0x01fc, 0x0000, 0x01fe,
};
static const wchar_t t2_02[256] = {
0x0000, 0x0200, 0x0000, 0x0202, 0x0000, 0x0204, 0x0000, 0x0206,
0x0000, 0x0208, 0x0000, 0x020a, 0x0000, 0x020c, 0x0000, 0x020e,
0x0000, 0x0210, 0x0000, 0x0212, 0x0000, 0x0214, 0x0000, 0x0216,
0x0000, 0x0218, 0x0000, 0x021a, 0x0000, 0x021c, 0x0000, 0x021e,
0x0000, 0x0000, 0x0000, 0x0222, 0x0000, 0x0224, 0x0000, 0x0226,
Reported by FlawFinder.
Line: 128
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_03[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 163
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x03f7, 0x0000, 0x0000, 0x03fa, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_04[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 198
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x04f8, 0x0000, 0x04fa, 0x0000, 0x04fc, 0x0000, 0x04fe,
};
static const wchar_t t2_05[256] = {
0x0000, 0x0500, 0x0000, 0x0502, 0x0000, 0x0504, 0x0000, 0x0506,
0x0000, 0x0508, 0x0000, 0x050a, 0x0000, 0x050c, 0x0000, 0x050e,
0x0000, 0x0510, 0x0000, 0x0512, 0x0000, 0x0514, 0x0000, 0x0516,
0x0000, 0x0518, 0x0000, 0x051a, 0x0000, 0x051c, 0x0000, 0x051e,
0x0000, 0x0520, 0x0000, 0x0522, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 233
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_1d[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 268
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_1e[256] = {
0x0000, 0x1e00, 0x0000, 0x1e02, 0x0000, 0x1e04, 0x0000, 0x1e06,
0x0000, 0x1e08, 0x0000, 0x1e0a, 0x0000, 0x1e0c, 0x0000, 0x1e0e,
0x0000, 0x1e10, 0x0000, 0x1e12, 0x0000, 0x1e14, 0x0000, 0x1e16,
0x0000, 0x1e18, 0x0000, 0x1e1a, 0x0000, 0x1e1c, 0x0000, 0x1e1e,
0x0000, 0x1e20, 0x0000, 0x1e22, 0x0000, 0x1e24, 0x0000, 0x1e26,
Reported by FlawFinder.
Line: 303
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x1ef8, 0x0000, 0x1efa, 0x0000, 0x1efc, 0x0000, 0x1efe,
};
static const wchar_t t2_1f[256] = {
0x1f08, 0x1f09, 0x1f0a, 0x1f0b, 0x1f0c, 0x1f0d, 0x1f0e, 0x1f0f,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x1f18, 0x1f19, 0x1f1a, 0x1f1b, 0x1f1c, 0x1f1d, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x1f28, 0x1f29, 0x1f2a, 0x1f2b, 0x1f2c, 0x1f2d, 0x1f2e, 0x1f2f,
Reported by FlawFinder.
Line: 338
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_21[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
drivers/input/misc/ad714x.c
17 issues
Line: 134
Column: 10
CWE codes:
120
20
mask = ((1 << (end_stage + 1)) - 1) - ((1 << start_stage) - 1);
ad714x->read(ad714x, STG_COM_INT_EN_REG, &data, 1);
data |= 1 << end_stage;
ad714x->write(ad714x, STG_COM_INT_EN_REG, data);
ad714x->read(ad714x, STG_HIGH_INT_EN_REG, &data, 1);
data &= ~mask;
Reported by FlawFinder.
Line: 138
Column: 10
CWE codes:
120
20
data |= 1 << end_stage;
ad714x->write(ad714x, STG_COM_INT_EN_REG, data);
ad714x->read(ad714x, STG_HIGH_INT_EN_REG, &data, 1);
data &= ~mask;
ad714x->write(ad714x, STG_HIGH_INT_EN_REG, data);
}
static void ad714x_use_thr_int(struct ad714x_chip *ad714x,
Reported by FlawFinder.
Line: 151
Column: 10
CWE codes:
120
20
mask = ((1 << (end_stage + 1)) - 1) - ((1 << start_stage) - 1);
ad714x->read(ad714x, STG_COM_INT_EN_REG, &data, 1);
data &= ~(1 << end_stage);
ad714x->write(ad714x, STG_COM_INT_EN_REG, data);
ad714x->read(ad714x, STG_HIGH_INT_EN_REG, &data, 1);
data |= mask;
Reported by FlawFinder.
Line: 155
Column: 10
CWE codes:
120
20
data &= ~(1 << end_stage);
ad714x->write(ad714x, STG_COM_INT_EN_REG, data);
ad714x->read(ad714x, STG_HIGH_INT_EN_REG, &data, 1);
data |= mask;
ad714x->write(ad714x, STG_HIGH_INT_EN_REG, data);
}
static int ad714x_cal_highest_stage(struct ad714x_chip *ad714x,
Reported by FlawFinder.
Line: 253
Column: 10
CWE codes:
120
20
struct ad714x_slider_plat *hw = &ad714x->hw->slider[idx];
int i;
ad714x->read(ad714x, CDC_RESULT_S0 + hw->start_stage,
&ad714x->adc_reg[hw->start_stage],
hw->end_stage - hw->start_stage + 1);
for (i = hw->start_stage; i <= hw->end_stage; i++) {
ad714x->read(ad714x, STAGE0_AMBIENT + i * PER_STAGE_REG_NUM,
Reported by FlawFinder.
Line: 258
Column: 11
CWE codes:
120
20
hw->end_stage - hw->start_stage + 1);
for (i = hw->start_stage; i <= hw->end_stage; i++) {
ad714x->read(ad714x, STAGE0_AMBIENT + i * PER_STAGE_REG_NUM,
&ad714x->amb_reg[i], 1);
ad714x->sensor_val[i] =
abs(ad714x->adc_reg[i] - ad714x->amb_reg[i]);
}
Reported by FlawFinder.
Line: 425
Column: 10
CWE codes:
120
20
struct ad714x_wheel_plat *hw = &ad714x->hw->wheel[idx];
int i;
ad714x->read(ad714x, CDC_RESULT_S0 + hw->start_stage,
&ad714x->adc_reg[hw->start_stage],
hw->end_stage - hw->start_stage + 1);
for (i = hw->start_stage; i <= hw->end_stage; i++) {
ad714x->read(ad714x, STAGE0_AMBIENT + i * PER_STAGE_REG_NUM,
Reported by FlawFinder.
Line: 430
Column: 11
CWE codes:
120
20
hw->end_stage - hw->start_stage + 1);
for (i = hw->start_stage; i <= hw->end_stage; i++) {
ad714x->read(ad714x, STAGE0_AMBIENT + i * PER_STAGE_REG_NUM,
&ad714x->amb_reg[i], 1);
if (ad714x->adc_reg[i] > ad714x->amb_reg[i])
ad714x->sensor_val[i] =
ad714x->adc_reg[i] - ad714x->amb_reg[i];
else
Reported by FlawFinder.
Line: 579
Column: 10
CWE codes:
120
20
struct ad714x_touchpad_plat *hw = &ad714x->hw->touchpad[idx];
int i;
ad714x->read(ad714x, CDC_RESULT_S0 + hw->x_start_stage,
&ad714x->adc_reg[hw->x_start_stage],
hw->x_end_stage - hw->x_start_stage + 1);
for (i = hw->x_start_stage; i <= hw->x_end_stage; i++) {
ad714x->read(ad714x, STAGE0_AMBIENT + i * PER_STAGE_REG_NUM,
Reported by FlawFinder.
Line: 584
Column: 11
CWE codes:
120
20
hw->x_end_stage - hw->x_start_stage + 1);
for (i = hw->x_start_stage; i <= hw->x_end_stage; i++) {
ad714x->read(ad714x, STAGE0_AMBIENT + i * PER_STAGE_REG_NUM,
&ad714x->amb_reg[i], 1);
if (ad714x->adc_reg[i] > ad714x->amb_reg[i])
ad714x->sensor_val[i] =
ad714x->adc_reg[i] - ad714x->amb_reg[i];
else
Reported by FlawFinder.
drivers/scsi/esas2r/atioctl.h
17 issues
Line: 102
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct __packed atto_param_rw_request {
u16 code;
char data_buffer[512];
};
#define MAX_CHANNEL 256
struct __packed atto_channel_list {
Reported by FlawFinder.
Line: 190
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* CSMI class independent structures */
struct atto_csmi_get_driver_info {
char name[81];
char description[81];
u16 major_rev;
u16 minor_rev;
u16 build_rev;
u16 release_rev;
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* CSMI class independent structures */
struct atto_csmi_get_driver_info {
char name[81];
char description[81];
u16 major_rev;
u16 minor_rev;
u16 build_rev;
u16 release_rev;
u16 csmi_major_rev;
Reported by FlawFinder.
Line: 236
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 reserved[32];
};
char serial_num[81];
u16 major_rev;
u16 minor_rev;
u16 build_rev;
u16 release_rev;
u16 bios_major_rev;
Reported by FlawFinder.
Line: 314
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct atto_csmi_raid_drives {
char model[40];
char firmware[8];
char serial_num[40];
u8 sas_addr[8];
u8 lun[8];
u8 drive_sts;
Reported by FlawFinder.
Line: 315
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct atto_csmi_raid_drives {
char model[40];
char firmware[8];
char serial_num[40];
u8 sas_addr[8];
u8 lun[8];
u8 drive_sts;
#define CSMI_DRV_STS_OK 0
Reported by FlawFinder.
Line: 316
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct atto_csmi_raid_drives {
char model[40];
char firmware[8];
char serial_num[40];
u8 sas_addr[8];
u8 lun[8];
u8 drive_sts;
#define CSMI_DRV_STS_OK 0
#define CSMI_DRV_STS_REBUILDING 1
Reported by FlawFinder.
Line: 588
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
signed char tx_amplitude;
signed char tx_preemphasis;
signed char tx_slew_rate;
signed char tx_reserved[13];
u8 tx_vendor_unique[64];
u32 rx_flags;
#define CSMI_PC_RXF_EQ_DIS 0x00000001
signed char rx_threshold;
Reported by FlawFinder.
Line: 595
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
signed char rx_threshold;
signed char rx_equalization_gain;
signed char rx_reserved[14];
u8 rx_vendor_unique[64];
u32 pattern_flags;
#define CSMI_PC_PATF_FIXED 0x00000001
#define CSMI_PC_PATF_DIS_SCR 0x00000002
#define CSMI_PC_PATF_DIS_ALIGN 0x00000004
Reported by FlawFinder.
Line: 741
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 drvr_rev_minor;
u8 drvr_revsub_minor;
u8 drvr_rev_build;
char drvr_rev_ascii[16];
char drvr_name[32];
char firmware_rev[16];
char flash_rev[16];
char model_name_short[16];
char model_name[32];
Reported by FlawFinder.
tools/bpf/bpftool/gen.c
17 issues
Line: 130
DECLARE_LIBBPF_OPTS(btf_dump_emit_type_decl_opts, opts,
.field_name = var_ident,
.indent_level = 2,
.strip_mods = strip_mods,
);
int need_off = sec_var->offset, align_off, align;
__u32 var_type_id = var->type;
/* static variables are not exposed through BPF skeleton */
Reported by Cppcheck.
Line: 178
Column: 3
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
* which we'll turn into a '<function name>_<variable name>'
*/
var_ident[0] = '\0';
strncat(var_ident, var_name, sizeof(var_ident) - 1);
sanitize_identifier(var_ident);
printf("\t\t");
err = btf_dump__emit_type_decl(d, var_type_id, &opts);
if (err)
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int i;
sprintf(guard, "__%s_SKEL_H__", obj_name);
for (i = 0; guard[i]; i++)
guard[i] = toupper(guard[i]);
}
static const char *get_map_ident(const struct bpf_map *map)
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
static void codegen_btf_dump_printf(void *ctx, const char *fmt, va_list args)
{
vprintf(fmt, args);
}
static int codegen_datasec_def(struct bpf_object *obj,
struct btf *btf,
struct btf_dump *d,
Reported by FlawFinder.
Line: 272
Column: 6
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* print out using adjusted template */
va_start(args, template);
n = vprintf(s, args);
va_end(args);
free(s);
}
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct btf_var_secinfo *sec_var = btf_var_secinfos(sec);
int i, err, off = 0, pad_cnt = 0, vlen = btf_vlen(sec);
const char *sec_ident;
char var_ident[256];
bool strip_mods = false;
if (strcmp(sec_name, ".data") == 0) {
sec_ident = "data";
strip_mods = true;
Reported by FlawFinder.
Line: 262
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
end = strchrnul(src, '\n');
for (n = end - src; n > 0 && isspace(src[n - 1]); n--)
;
memcpy(dst, src, n);
dst += n;
if (*end)
*dst++ = '\n';
src = *end ? end + 1 : end;
}
Reported by FlawFinder.
Line: 601
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int do_skeleton(int argc, char **argv)
{
char header_guard[MAX_OBJ_NAME_LEN + sizeof("__SKEL_H__")];
size_t i, map_cnt = 0, prog_cnt = 0, file_sz, mmap_sz;
DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts);
char obj_name[MAX_OBJ_NAME_LEN] = "", *obj_data;
struct bpf_object *obj = NULL;
const char *file, *ident;
Reported by FlawFinder.
Line: 604
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char header_guard[MAX_OBJ_NAME_LEN + sizeof("__SKEL_H__")];
size_t i, map_cnt = 0, prog_cnt = 0, file_sz, mmap_sz;
DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts);
char obj_name[MAX_OBJ_NAME_LEN] = "", *obj_data;
struct bpf_object *obj = NULL;
const char *file, *ident;
struct bpf_program *prog;
int fd, err = -1;
struct bpf_map *map;
Reported by FlawFinder.
Line: 652
Column: 7
CWE codes:
362
}
file_sz = st.st_size;
mmap_sz = roundup(file_sz, sysconf(_SC_PAGE_SIZE));
fd = open(file, O_RDONLY);
if (fd < 0) {
p_err("failed to open() %s: %s", file, strerror(errno));
return -1;
}
obj_data = mmap(NULL, mmap_sz, PROT_READ, MAP_PRIVATE, fd, 0);
Reported by FlawFinder.
arch/sparc/kernel/ds.c
17 issues
Line: 800
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pkt.header.data.handle = cp->handle;
pkt.header.msg.hdr.type = DS_VAR_SET_REQ;
base = p = &pkt.header.msg.name_and_value[0];
strcpy(p, var);
p += strlen(var) + 1;
strcpy(p, value);
p += strlen(value) + 1;
msg_len = (sizeof(struct ds_data) +
Reported by FlawFinder.
Line: 802
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
base = p = &pkt.header.msg.name_and_value[0];
strcpy(p, var);
p += strlen(var) + 1;
strcpy(p, value);
p += strlen(value) + 1;
msg_len = (sizeof(struct ds_data) +
sizeof(struct ds_var_set_msg) +
(p - base));
Reported by FlawFinder.
Line: 913
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pbuf.req.handle = cp->handle;
pbuf.req.major = 1;
pbuf.req.minor = 0;
strcpy(pbuf.id_buf, cp->service_id);
err = __ds_send(lp, &pbuf, msg_len);
if (err > 0)
cp->state = CAP_STATE_REG_SENT;
}
Reported by FlawFinder.
Line: 316
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ds_shutdown_res {
__u64 req_num;
__u32 result;
char reason[1];
};
static void domain_shutdown_data(struct ds_info *dp,
struct ds_cap_state *cp,
void *buf, int len)
Reported by FlawFinder.
Line: 356
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ds_panic_res {
__u64 req_num;
__u32 result;
char reason[1];
};
static void domain_panic_data(struct ds_info *dp,
struct ds_cap_state *cp,
void *buf, int len)
Reported by FlawFinder.
Line: 780
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ds_data data;
struct ds_var_set_msg msg;
} header;
char all[512];
} pkt;
char *base, *p;
int msg_len, loops;
if (strlen(var) + strlen(value) + 2 >
Reported by FlawFinder.
Line: 843
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static char full_boot_str[256] __attribute__((aligned(32)));
static int reboot_data_supported;
void ldom_reboot(const char *boot_command)
{
/* Don't bother with any of this if the boot_command
Reported by FlawFinder.
Line: 1057
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__send_ds_nack(dp, dpkt->handle);
} else {
qp->dp = dp;
memcpy(&qp->req, pkt, len);
list_add_tail(&qp->list, &ds_work_list);
wake_up(&ds_wait);
}
return 0;
}
Reported by FlawFinder.
Line: 785
Column: 21
CWE codes:
126
char *base, *p;
int msg_len, loops;
if (strlen(var) + strlen(value) + 2 >
sizeof(pkt) - sizeof(pkt.header)) {
printk(KERN_ERR PFX
"contents length: %zu, which more than max: %lu,"
"so could not set (%s) variable to (%s).\n",
strlen(var) + strlen(value) + 2,
Reported by FlawFinder.
Line: 785
Column: 7
CWE codes:
126
char *base, *p;
int msg_len, loops;
if (strlen(var) + strlen(value) + 2 >
sizeof(pkt) - sizeof(pkt.header)) {
printk(KERN_ERR PFX
"contents length: %zu, which more than max: %lu,"
"so could not set (%s) variable to (%s).\n",
strlen(var) + strlen(value) + 2,
Reported by FlawFinder.
arch/m68k/include/asm/amigahw.h
17 issues
Line: 165
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short auddat;
unsigned short audspare[2];
} aud[4];
unsigned char *bplpt[8];
unsigned short bplcon0;
unsigned short bplcon1;
unsigned short bplcon2;
unsigned short bplcon3;
unsigned short bpl1mod;
Reported by FlawFinder.
Line: 175
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short bplcon4;
unsigned short clxcon2;
unsigned short bpldat[8];
unsigned char *sprpt[8];
struct {
unsigned short pos;
unsigned short ctl;
unsigned short dataa;
unsigned short datab;
Reported by FlawFinder.
Line: 226
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DMAF_ALL (0x01FF)
struct CIA {
unsigned char pra; char pad0[0xff];
unsigned char prb; char pad1[0xff];
unsigned char ddra; char pad2[0xff];
unsigned char ddrb; char pad3[0xff];
unsigned char talo; char pad4[0xff];
unsigned char tahi; char pad5[0xff];
Reported by FlawFinder.
Line: 227
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct CIA {
unsigned char pra; char pad0[0xff];
unsigned char prb; char pad1[0xff];
unsigned char ddra; char pad2[0xff];
unsigned char ddrb; char pad3[0xff];
unsigned char talo; char pad4[0xff];
unsigned char tahi; char pad5[0xff];
unsigned char tblo; char pad6[0xff];
Reported by FlawFinder.
Line: 228
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct CIA {
unsigned char pra; char pad0[0xff];
unsigned char prb; char pad1[0xff];
unsigned char ddra; char pad2[0xff];
unsigned char ddrb; char pad3[0xff];
unsigned char talo; char pad4[0xff];
unsigned char tahi; char pad5[0xff];
unsigned char tblo; char pad6[0xff];
unsigned char tbhi; char pad7[0xff];
Reported by FlawFinder.
Line: 229
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char pra; char pad0[0xff];
unsigned char prb; char pad1[0xff];
unsigned char ddra; char pad2[0xff];
unsigned char ddrb; char pad3[0xff];
unsigned char talo; char pad4[0xff];
unsigned char tahi; char pad5[0xff];
unsigned char tblo; char pad6[0xff];
unsigned char tbhi; char pad7[0xff];
unsigned char todlo; char pad8[0xff];
Reported by FlawFinder.
Line: 230
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char prb; char pad1[0xff];
unsigned char ddra; char pad2[0xff];
unsigned char ddrb; char pad3[0xff];
unsigned char talo; char pad4[0xff];
unsigned char tahi; char pad5[0xff];
unsigned char tblo; char pad6[0xff];
unsigned char tbhi; char pad7[0xff];
unsigned char todlo; char pad8[0xff];
unsigned char todmid; char pad9[0xff];
Reported by FlawFinder.
Line: 231
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char ddra; char pad2[0xff];
unsigned char ddrb; char pad3[0xff];
unsigned char talo; char pad4[0xff];
unsigned char tahi; char pad5[0xff];
unsigned char tblo; char pad6[0xff];
unsigned char tbhi; char pad7[0xff];
unsigned char todlo; char pad8[0xff];
unsigned char todmid; char pad9[0xff];
unsigned char todhi; char pada[0x1ff];
Reported by FlawFinder.
Line: 232
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char ddrb; char pad3[0xff];
unsigned char talo; char pad4[0xff];
unsigned char tahi; char pad5[0xff];
unsigned char tblo; char pad6[0xff];
unsigned char tbhi; char pad7[0xff];
unsigned char todlo; char pad8[0xff];
unsigned char todmid; char pad9[0xff];
unsigned char todhi; char pada[0x1ff];
unsigned char sdr; char padb[0xff];
Reported by FlawFinder.
Line: 233
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char talo; char pad4[0xff];
unsigned char tahi; char pad5[0xff];
unsigned char tblo; char pad6[0xff];
unsigned char tbhi; char pad7[0xff];
unsigned char todlo; char pad8[0xff];
unsigned char todmid; char pad9[0xff];
unsigned char todhi; char pada[0x1ff];
unsigned char sdr; char padb[0xff];
unsigned char icr; char padc[0xff];
Reported by FlawFinder.
drivers/pcmcia/i82365.c
17 issues
Line: 1119
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_info(struct class_device *class_dev, char *buf)
{
struct i82365_socket *s = container_of(class_dev, struct i82365_socket, socket.dev);
return sprintf(buf, "type: %s\npsock: %d\n",
pcic[s->type].name, s->psock);
}
static ssize_t show_exca(struct class_device *class_dev, char *buf)
{
Reported by FlawFinder.
Line: 1135
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ISA_LOCK(sock, flags);
for (i = 0; i < 0x40; i += 4) {
ret += sprintf(buf, "%02x %02x %02x %02x%s",
i365_get(sock,i), i365_get(sock,i+1),
i365_get(sock,i+2), i365_get(sock,i+3),
((i % 16) == 12) ? "\n" : " ");
buf += ret;
}
Reported by FlawFinder.
Line: 332
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
flip(p->misc2, PD67_MC2_DYNAMIC_MODE, dynamic_mode);
flip(p->misc2, PD67_MC2_FREQ_BYPASS, freq_bypass);
if (p->misc2 & PD67_MC2_IRQ15_RI)
strcat(buf, " [ring]");
if (p->misc2 & PD67_MC2_DYNAMIC_MODE)
strcat(buf, " [dyn mode]");
if (p->misc2 & PD67_MC2_FREQ_BYPASS)
strcat(buf, " [freq bypass]");
if (p->misc1 & PD67_MC1_INPACK_ENA)
Reported by FlawFinder.
Line: 334
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (p->misc2 & PD67_MC2_IRQ15_RI)
strcat(buf, " [ring]");
if (p->misc2 & PD67_MC2_DYNAMIC_MODE)
strcat(buf, " [dyn mode]");
if (p->misc2 & PD67_MC2_FREQ_BYPASS)
strcat(buf, " [freq bypass]");
if (p->misc1 & PD67_MC1_INPACK_ENA)
strcat(buf, " [inpack]");
if (p->misc2 & PD67_MC2_IRQ15_RI)
Reported by FlawFinder.
Line: 336
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (p->misc2 & PD67_MC2_DYNAMIC_MODE)
strcat(buf, " [dyn mode]");
if (p->misc2 & PD67_MC2_FREQ_BYPASS)
strcat(buf, " [freq bypass]");
if (p->misc1 & PD67_MC1_INPACK_ENA)
strcat(buf, " [inpack]");
if (p->misc2 & PD67_MC2_IRQ15_RI)
mask &= ~0x8000;
if (has_led > 0) {
Reported by FlawFinder.
Line: 338
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (p->misc2 & PD67_MC2_FREQ_BYPASS)
strcat(buf, " [freq bypass]");
if (p->misc1 & PD67_MC1_INPACK_ENA)
strcat(buf, " [inpack]");
if (p->misc2 & PD67_MC2_IRQ15_RI)
mask &= ~0x8000;
if (has_led > 0) {
strcat(buf, " [led]");
mask &= ~0x1000;
Reported by FlawFinder.
Line: 342
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (p->misc2 & PD67_MC2_IRQ15_RI)
mask &= ~0x8000;
if (has_led > 0) {
strcat(buf, " [led]");
mask &= ~0x1000;
}
if (has_dma > 0) {
strcat(buf, " [dma]");
mask &= ~0x0600;
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
mask &= ~0x1000;
}
if (has_dma > 0) {
strcat(buf, " [dma]");
mask &= ~0x0600;
}
if (!(t->flags & IS_VIA)) {
if (setup_time >= 0)
p->timer[0] = p->timer[3] = setup_time;
Reported by FlawFinder.
Line: 364
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (recov_time >= 0)
p->timer[2] = p->timer[5] = recov_time;
buf += strlen(buf);
sprintf(buf, " [%d/%d/%d] [%d/%d/%d]", p->timer[0], p->timer[1],
p->timer[2], p->timer[3], p->timer[4], p->timer[5]);
}
return mask;
}
Reported by FlawFinder.
Line: 401
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
flip(p->ctl, VG468_CTL_ASYNC, async_clock);
flip(p->ema, VG469_MODE_CABLE, cable_mode);
if (p->ctl & VG468_CTL_ASYNC)
strcat(buf, " [async]");
if (p->ctl & VG468_CTL_INPACK)
strcat(buf, " [inpack]");
if (socket[s].type == IS_VG469) {
u_char vsel = i365_get(s, VG469_VSELECT);
if (vsel & VG469_VSEL_EXT_STAT) {
Reported by FlawFinder.
tools/power/acpi/tools/acpidbg/acpidbg.c
17 issues
Line: 59
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
do { \
_ret = acpi_aml_##_op(_fd, &acpi_aml_##_buf##_crc); \
if (_ret == 0) { \
fprintf(stderr, \
"%s %s pipe closed.\n", #_buf, #_op); \
return; \
} \
} while (0)
#define ACPI_AML_BATCH_DO(_fd, _op, _buf, _ret) \
Reported by FlawFinder.
Line: 386
Column: 15
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int len;
int ret = EXIT_SUCCESS;
while ((ch = getopt(argc, argv, "b:f:h")) != -1) {
switch (ch) {
case 'b':
if (acpi_aml_batch_cmd) {
fprintf(stderr, "Already specify %s\n",
acpi_aml_batch_cmd);
Reported by FlawFinder.
Line: 73
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} while (0)
static char acpi_aml_cmd_buf[ACPI_AML_BUF_SIZE];
static char acpi_aml_log_buf[ACPI_AML_BUF_SIZE];
static struct circ_buf acpi_aml_cmd_crc = {
.buf = acpi_aml_cmd_buf,
.head = 0,
.tail = 0,
Reported by FlawFinder.
Line: 74
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char acpi_aml_cmd_buf[ACPI_AML_BUF_SIZE];
static char acpi_aml_log_buf[ACPI_AML_BUF_SIZE];
static struct circ_buf acpi_aml_cmd_crc = {
.buf = acpi_aml_cmd_buf,
.head = 0,
.tail = 0,
};
Reported by FlawFinder.
Line: 147
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = &crc->buf[crc->head];
len = circ_space_to_end(crc);
if (len > remained) {
memcpy(p, acpi_aml_batch_pos, remained);
acpi_aml_batch_pos += remained;
len = remained;
} else {
memcpy(p, acpi_aml_batch_pos, len);
acpi_aml_batch_pos += len;
Reported by FlawFinder.
Line: 151
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
acpi_aml_batch_pos += remained;
len = remained;
} else {
memcpy(p, acpi_aml_batch_pos, len);
acpi_aml_batch_pos += len;
}
if (len > 0)
crc->head = (crc->head + len) & (ACPI_AML_BUF_SIZE - 1);
return len;
Reported by FlawFinder.
Line: 402
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = EXIT_FAILURE;
goto exit;
}
memcpy(acpi_aml_batch_cmd, optarg, len);
acpi_aml_batch_cmd[len] = '\n';
acpi_aml_mode = ACPI_AML_BATCH;
break;
case 'f':
acpi_aml_file_path = optarg;
Reported by FlawFinder.
Line: 422
Column: 7
CWE codes:
362
}
}
fd = open(acpi_aml_file_path, O_RDWR | O_NONBLOCK);
if (fd < 0) {
perror("open");
ret = EXIT_FAILURE;
goto exit;
}
Reported by FlawFinder.
Line: 130
Column: 8
CWE codes:
120
20
p = &crc->buf[crc->head];
len = circ_space_to_end(crc);
len = read(fd, p, len);
if (len < 0)
perror("read");
else if (len > 0)
crc->head = (crc->head + len) & (ACPI_AML_BUF_SIZE - 1);
return len;
Reported by FlawFinder.
Line: 142
Column: 17
CWE codes:
126
{
char *p;
int len;
int remained = strlen(acpi_aml_batch_pos);
p = &crc->buf[crc->head];
len = circ_space_to_end(crc);
if (len > remained) {
memcpy(p, acpi_aml_batch_pos, remained);
Reported by FlawFinder.
drivers/net/wireless/ath/ath5k/debug.c
17 issues
Line: 179
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[500];
unsigned int len = 0;
unsigned int v;
u64 tsf;
v = ath5k_hw_reg_read(ah, AR5K_BEACON);
Reported by FlawFinder.
Line: 228
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[20];
count = min_t(size_t, count, sizeof(buf) - 1);
if (copy_from_user(buf, userbuf, count))
return -EFAULT;
Reported by FlawFinder.
Line: 300
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[700];
unsigned int len = 0;
unsigned int i;
len += scnprintf(buf + len, sizeof(buf) - len,
"DEBUG LEVEL: 0x%08x\n\n", ah->debug.level);
Reported by FlawFinder.
Line: 330
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath5k_hw *ah = file->private_data;
unsigned int i;
char buf[20];
count = min_t(size_t, count, sizeof(buf) - 1);
if (copy_from_user(buf, userbuf, count))
return -EFAULT;
Reported by FlawFinder.
Line: 362
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[700];
unsigned int len = 0;
unsigned int i;
unsigned int v;
len += scnprintf(buf + len, sizeof(buf) - len, "antenna mode\t%d\n",
Reported by FlawFinder.
Line: 435
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath5k_hw *ah = file->private_data;
unsigned int i;
char buf[20];
count = min_t(size_t, count, sizeof(buf) - 1);
if (copy_from_user(buf, userbuf, count))
return -EFAULT;
Reported by FlawFinder.
Line: 475
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[700];
unsigned int len = 0;
u32 filt = ath5k_hw_get_rx_filter(ah);
len += scnprintf(buf + len, sizeof(buf) - len, "bssid-mask: %pM\n",
ah->bssidmask);
Reported by FlawFinder.
Line: 531
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath5k_hw *ah = file->private_data;
struct ath5k_statistics *st = &ah->stats;
char buf[700];
unsigned int len = 0;
int i;
len += scnprintf(buf + len, sizeof(buf) - len,
"RX\n---------------------\n");
Reported by FlawFinder.
Line: 608
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath5k_hw *ah = file->private_data;
struct ath5k_statistics *st = &ah->stats;
char buf[20];
count = min_t(size_t, count, sizeof(buf) - 1);
if (copy_from_user(buf, userbuf, count))
return -EFAULT;
Reported by FlawFinder.
Line: 651
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ath5k_statistics *st = &ah->stats;
struct ath5k_ani_state *as = &ah->ani_state;
char buf[700];
unsigned int len = 0;
len += scnprintf(buf + len, sizeof(buf) - len,
"HW has PHY error counters:\t%s\n",
ah->ah_capabilities.cap_has_phyerr_counters ?
Reported by FlawFinder.