The following issues were found
fs/cifs/winucase.c
17 issues
Line: 23
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wchar_t cifs_toupper(wchar_t in); /* quiet sparse */
static const wchar_t t2_00[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 58
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00d8, 0x00d9, 0x00da, 0x00db, 0x00dc, 0x00dd, 0x00de, 0x0178,
};
static const wchar_t t2_01[256] = {
0x0000, 0x0100, 0x0000, 0x0102, 0x0000, 0x0104, 0x0000, 0x0106,
0x0000, 0x0108, 0x0000, 0x010a, 0x0000, 0x010c, 0x0000, 0x010e,
0x0000, 0x0110, 0x0000, 0x0112, 0x0000, 0x0114, 0x0000, 0x0116,
0x0000, 0x0118, 0x0000, 0x011a, 0x0000, 0x011c, 0x0000, 0x011e,
0x0000, 0x0120, 0x0000, 0x0122, 0x0000, 0x0124, 0x0000, 0x0126,
Reported by FlawFinder.
Line: 93
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x01f8, 0x0000, 0x01fa, 0x0000, 0x01fc, 0x0000, 0x01fe,
};
static const wchar_t t2_02[256] = {
0x0000, 0x0200, 0x0000, 0x0202, 0x0000, 0x0204, 0x0000, 0x0206,
0x0000, 0x0208, 0x0000, 0x020a, 0x0000, 0x020c, 0x0000, 0x020e,
0x0000, 0x0210, 0x0000, 0x0212, 0x0000, 0x0214, 0x0000, 0x0216,
0x0000, 0x0218, 0x0000, 0x021a, 0x0000, 0x021c, 0x0000, 0x021e,
0x0000, 0x0000, 0x0000, 0x0222, 0x0000, 0x0224, 0x0000, 0x0226,
Reported by FlawFinder.
Line: 128
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_03[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 163
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x03f7, 0x0000, 0x0000, 0x03fa, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_04[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 198
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x04f8, 0x0000, 0x04fa, 0x0000, 0x04fc, 0x0000, 0x04fe,
};
static const wchar_t t2_05[256] = {
0x0000, 0x0500, 0x0000, 0x0502, 0x0000, 0x0504, 0x0000, 0x0506,
0x0000, 0x0508, 0x0000, 0x050a, 0x0000, 0x050c, 0x0000, 0x050e,
0x0000, 0x0510, 0x0000, 0x0512, 0x0000, 0x0514, 0x0000, 0x0516,
0x0000, 0x0518, 0x0000, 0x051a, 0x0000, 0x051c, 0x0000, 0x051e,
0x0000, 0x0520, 0x0000, 0x0522, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 233
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_1d[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
Line: 268
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_1e[256] = {
0x0000, 0x1e00, 0x0000, 0x1e02, 0x0000, 0x1e04, 0x0000, 0x1e06,
0x0000, 0x1e08, 0x0000, 0x1e0a, 0x0000, 0x1e0c, 0x0000, 0x1e0e,
0x0000, 0x1e10, 0x0000, 0x1e12, 0x0000, 0x1e14, 0x0000, 0x1e16,
0x0000, 0x1e18, 0x0000, 0x1e1a, 0x0000, 0x1e1c, 0x0000, 0x1e1e,
0x0000, 0x1e20, 0x0000, 0x1e22, 0x0000, 0x1e24, 0x0000, 0x1e26,
Reported by FlawFinder.
Line: 303
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x1ef8, 0x0000, 0x1efa, 0x0000, 0x1efc, 0x0000, 0x1efe,
};
static const wchar_t t2_1f[256] = {
0x1f08, 0x1f09, 0x1f0a, 0x1f0b, 0x1f0c, 0x1f0d, 0x1f0e, 0x1f0f,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x1f18, 0x1f19, 0x1f1a, 0x1f1b, 0x1f1c, 0x1f1d, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x1f28, 0x1f29, 0x1f2a, 0x1f2b, 0x1f2c, 0x1f2d, 0x1f2e, 0x1f2f,
Reported by FlawFinder.
Line: 338
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
};
static const wchar_t t2_21[256] = {
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
Reported by FlawFinder.
tools/power/acpi/tools/acpidbg/acpidbg.c
17 issues
Line: 59
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
do { \
_ret = acpi_aml_##_op(_fd, &acpi_aml_##_buf##_crc); \
if (_ret == 0) { \
fprintf(stderr, \
"%s %s pipe closed.\n", #_buf, #_op); \
return; \
} \
} while (0)
#define ACPI_AML_BATCH_DO(_fd, _op, _buf, _ret) \
Reported by FlawFinder.
Line: 386
Column: 15
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int len;
int ret = EXIT_SUCCESS;
while ((ch = getopt(argc, argv, "b:f:h")) != -1) {
switch (ch) {
case 'b':
if (acpi_aml_batch_cmd) {
fprintf(stderr, "Already specify %s\n",
acpi_aml_batch_cmd);
Reported by FlawFinder.
Line: 73
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} while (0)
static char acpi_aml_cmd_buf[ACPI_AML_BUF_SIZE];
static char acpi_aml_log_buf[ACPI_AML_BUF_SIZE];
static struct circ_buf acpi_aml_cmd_crc = {
.buf = acpi_aml_cmd_buf,
.head = 0,
.tail = 0,
Reported by FlawFinder.
Line: 74
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char acpi_aml_cmd_buf[ACPI_AML_BUF_SIZE];
static char acpi_aml_log_buf[ACPI_AML_BUF_SIZE];
static struct circ_buf acpi_aml_cmd_crc = {
.buf = acpi_aml_cmd_buf,
.head = 0,
.tail = 0,
};
Reported by FlawFinder.
Line: 147
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = &crc->buf[crc->head];
len = circ_space_to_end(crc);
if (len > remained) {
memcpy(p, acpi_aml_batch_pos, remained);
acpi_aml_batch_pos += remained;
len = remained;
} else {
memcpy(p, acpi_aml_batch_pos, len);
acpi_aml_batch_pos += len;
Reported by FlawFinder.
Line: 151
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
acpi_aml_batch_pos += remained;
len = remained;
} else {
memcpy(p, acpi_aml_batch_pos, len);
acpi_aml_batch_pos += len;
}
if (len > 0)
crc->head = (crc->head + len) & (ACPI_AML_BUF_SIZE - 1);
return len;
Reported by FlawFinder.
Line: 402
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = EXIT_FAILURE;
goto exit;
}
memcpy(acpi_aml_batch_cmd, optarg, len);
acpi_aml_batch_cmd[len] = '\n';
acpi_aml_mode = ACPI_AML_BATCH;
break;
case 'f':
acpi_aml_file_path = optarg;
Reported by FlawFinder.
Line: 422
Column: 7
CWE codes:
362
}
}
fd = open(acpi_aml_file_path, O_RDWR | O_NONBLOCK);
if (fd < 0) {
perror("open");
ret = EXIT_FAILURE;
goto exit;
}
Reported by FlawFinder.
Line: 130
Column: 8
CWE codes:
120
20
p = &crc->buf[crc->head];
len = circ_space_to_end(crc);
len = read(fd, p, len);
if (len < 0)
perror("read");
else if (len > 0)
crc->head = (crc->head + len) & (ACPI_AML_BUF_SIZE - 1);
return len;
Reported by FlawFinder.
Line: 142
Column: 17
CWE codes:
126
{
char *p;
int len;
int remained = strlen(acpi_aml_batch_pos);
p = &crc->buf[crc->head];
len = circ_space_to_end(crc);
if (len > remained) {
memcpy(p, acpi_aml_batch_pos, remained);
Reported by FlawFinder.
drivers/scsi/esas2r/atioctl.h
17 issues
Line: 102
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct __packed atto_param_rw_request {
u16 code;
char data_buffer[512];
};
#define MAX_CHANNEL 256
struct __packed atto_channel_list {
Reported by FlawFinder.
Line: 190
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* CSMI class independent structures */
struct atto_csmi_get_driver_info {
char name[81];
char description[81];
u16 major_rev;
u16 minor_rev;
u16 build_rev;
u16 release_rev;
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* CSMI class independent structures */
struct atto_csmi_get_driver_info {
char name[81];
char description[81];
u16 major_rev;
u16 minor_rev;
u16 build_rev;
u16 release_rev;
u16 csmi_major_rev;
Reported by FlawFinder.
Line: 236
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 reserved[32];
};
char serial_num[81];
u16 major_rev;
u16 minor_rev;
u16 build_rev;
u16 release_rev;
u16 bios_major_rev;
Reported by FlawFinder.
Line: 314
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct atto_csmi_raid_drives {
char model[40];
char firmware[8];
char serial_num[40];
u8 sas_addr[8];
u8 lun[8];
u8 drive_sts;
Reported by FlawFinder.
Line: 315
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct atto_csmi_raid_drives {
char model[40];
char firmware[8];
char serial_num[40];
u8 sas_addr[8];
u8 lun[8];
u8 drive_sts;
#define CSMI_DRV_STS_OK 0
Reported by FlawFinder.
Line: 316
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct atto_csmi_raid_drives {
char model[40];
char firmware[8];
char serial_num[40];
u8 sas_addr[8];
u8 lun[8];
u8 drive_sts;
#define CSMI_DRV_STS_OK 0
#define CSMI_DRV_STS_REBUILDING 1
Reported by FlawFinder.
Line: 588
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
signed char tx_amplitude;
signed char tx_preemphasis;
signed char tx_slew_rate;
signed char tx_reserved[13];
u8 tx_vendor_unique[64];
u32 rx_flags;
#define CSMI_PC_RXF_EQ_DIS 0x00000001
signed char rx_threshold;
Reported by FlawFinder.
Line: 595
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
signed char rx_threshold;
signed char rx_equalization_gain;
signed char rx_reserved[14];
u8 rx_vendor_unique[64];
u32 pattern_flags;
#define CSMI_PC_PATF_FIXED 0x00000001
#define CSMI_PC_PATF_DIS_SCR 0x00000002
#define CSMI_PC_PATF_DIS_ALIGN 0x00000004
Reported by FlawFinder.
Line: 741
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 drvr_rev_minor;
u8 drvr_revsub_minor;
u8 drvr_rev_build;
char drvr_rev_ascii[16];
char drvr_name[32];
char firmware_rev[16];
char flash_rev[16];
char model_name_short[16];
char model_name[32];
Reported by FlawFinder.
drivers/net/wireless/ath/ath5k/debug.c
17 issues
Line: 179
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[500];
unsigned int len = 0;
unsigned int v;
u64 tsf;
v = ath5k_hw_reg_read(ah, AR5K_BEACON);
Reported by FlawFinder.
Line: 228
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[20];
count = min_t(size_t, count, sizeof(buf) - 1);
if (copy_from_user(buf, userbuf, count))
return -EFAULT;
Reported by FlawFinder.
Line: 300
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[700];
unsigned int len = 0;
unsigned int i;
len += scnprintf(buf + len, sizeof(buf) - len,
"DEBUG LEVEL: 0x%08x\n\n", ah->debug.level);
Reported by FlawFinder.
Line: 330
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath5k_hw *ah = file->private_data;
unsigned int i;
char buf[20];
count = min_t(size_t, count, sizeof(buf) - 1);
if (copy_from_user(buf, userbuf, count))
return -EFAULT;
Reported by FlawFinder.
Line: 362
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[700];
unsigned int len = 0;
unsigned int i;
unsigned int v;
len += scnprintf(buf + len, sizeof(buf) - len, "antenna mode\t%d\n",
Reported by FlawFinder.
Line: 435
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath5k_hw *ah = file->private_data;
unsigned int i;
char buf[20];
count = min_t(size_t, count, sizeof(buf) - 1);
if (copy_from_user(buf, userbuf, count))
return -EFAULT;
Reported by FlawFinder.
Line: 475
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct ath5k_hw *ah = file->private_data;
char buf[700];
unsigned int len = 0;
u32 filt = ath5k_hw_get_rx_filter(ah);
len += scnprintf(buf + len, sizeof(buf) - len, "bssid-mask: %pM\n",
ah->bssidmask);
Reported by FlawFinder.
Line: 531
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath5k_hw *ah = file->private_data;
struct ath5k_statistics *st = &ah->stats;
char buf[700];
unsigned int len = 0;
int i;
len += scnprintf(buf + len, sizeof(buf) - len,
"RX\n---------------------\n");
Reported by FlawFinder.
Line: 608
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath5k_hw *ah = file->private_data;
struct ath5k_statistics *st = &ah->stats;
char buf[20];
count = min_t(size_t, count, sizeof(buf) - 1);
if (copy_from_user(buf, userbuf, count))
return -EFAULT;
Reported by FlawFinder.
Line: 651
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ath5k_statistics *st = &ah->stats;
struct ath5k_ani_state *as = &ah->ani_state;
char buf[700];
unsigned int len = 0;
len += scnprintf(buf + len, sizeof(buf) - len,
"HW has PHY error counters:\t%s\n",
ah->ah_capabilities.cap_has_phyerr_counters ?
Reported by FlawFinder.
tools/power/acpi/os_specific/service_layers/oslinuxtbl.c
17 issues
Line: 13
#include "acpidump.h"
#define _COMPONENT ACPI_OS_SERVICES
ACPI_MODULE_NAME("oslinuxtbl")
#ifndef PATH_MAX
#define PATH_MAX 256
#endif
/* List of information about obtained ACPI tables */
Reported by Cppcheck.
Line: 411
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
snprintf(format, 32, "%s=%s", keyword, "%llx");
fseek(file, 0, SEEK_SET);
while (fgets(buffer, 80, file)) {
if (sscanf(buffer, format, &address) == 1) {
break;
}
}
return ((acpi_physical_address)(address));
Reported by FlawFinder.
Line: 1352
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Create the table pathname */
if (instance != 0) {
sprintf(table_filename, "%s/%4.4s%d", pathname,
temp_name, instance);
} else {
sprintf(table_filename, "%s/%4.4s", pathname,
temp_name);
}
Reported by FlawFinder.
Line: 1355
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(table_filename, "%s/%4.4s%d", pathname,
temp_name, instance);
} else {
sprintf(table_filename, "%s/%4.4s", pathname,
temp_name);
}
break;
}
Reported by FlawFinder.
Line: 22
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct osl_table_info {
struct osl_table_info *next;
u32 instance;
char signature[ACPI_NAMESEG_SIZE];
} osl_table_info;
/* Local prototypes */
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto exit;
}
memcpy(local_table, mapped_table, table_length);
exit:
osl_unmap_table(mapped_table);
*table = local_table;
return (status);
Reported by FlawFinder.
Line: 404
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static acpi_physical_address
osl_find_rsdp_via_efi_by_keyword(FILE * file, const char *keyword)
{
char buffer[80];
unsigned long long address = 0;
char format[32];
snprintf(format, 32, "%s=%s", keyword, "%llx");
fseek(file, 0, SEEK_SET);
Reported by FlawFinder.
Line: 406
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char buffer[80];
unsigned long long address = 0;
char format[32];
snprintf(format, 32, "%s=%s", keyword, "%llx");
fseek(file, 0, SEEK_SET);
while (fgets(buffer, 80, file)) {
if (sscanf(buffer, format, &address) == 1) {
Reported by FlawFinder.
Line: 436
Column: 9
CWE codes:
362
FILE *file;
acpi_physical_address address = 0;
file = fopen(EFI_SYSTAB, "r");
if (file) {
address = osl_find_rsdp_via_efi_by_keyword(file, "ACPI20");
if (!address) {
address =
osl_find_rsdp_via_efi_by_keyword(file, "ACPI");
Reported by FlawFinder.
Line: 500
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gbl_rsdp_address =
rsdp_base + (ACPI_CAST8(mapped_table) - rsdp_address);
memcpy(&gbl_rsdp, mapped_table, sizeof(struct acpi_table_rsdp));
acpi_os_unmap_memory(rsdp_address, rsdp_size);
return (AE_OK);
}
Reported by FlawFinder.
drivers/pcmcia/i82365.c
17 issues
Line: 1119
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t show_info(struct class_device *class_dev, char *buf)
{
struct i82365_socket *s = container_of(class_dev, struct i82365_socket, socket.dev);
return sprintf(buf, "type: %s\npsock: %d\n",
pcic[s->type].name, s->psock);
}
static ssize_t show_exca(struct class_device *class_dev, char *buf)
{
Reported by FlawFinder.
Line: 1135
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ISA_LOCK(sock, flags);
for (i = 0; i < 0x40; i += 4) {
ret += sprintf(buf, "%02x %02x %02x %02x%s",
i365_get(sock,i), i365_get(sock,i+1),
i365_get(sock,i+2), i365_get(sock,i+3),
((i % 16) == 12) ? "\n" : " ");
buf += ret;
}
Reported by FlawFinder.
Line: 332
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
flip(p->misc2, PD67_MC2_DYNAMIC_MODE, dynamic_mode);
flip(p->misc2, PD67_MC2_FREQ_BYPASS, freq_bypass);
if (p->misc2 & PD67_MC2_IRQ15_RI)
strcat(buf, " [ring]");
if (p->misc2 & PD67_MC2_DYNAMIC_MODE)
strcat(buf, " [dyn mode]");
if (p->misc2 & PD67_MC2_FREQ_BYPASS)
strcat(buf, " [freq bypass]");
if (p->misc1 & PD67_MC1_INPACK_ENA)
Reported by FlawFinder.
Line: 334
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (p->misc2 & PD67_MC2_IRQ15_RI)
strcat(buf, " [ring]");
if (p->misc2 & PD67_MC2_DYNAMIC_MODE)
strcat(buf, " [dyn mode]");
if (p->misc2 & PD67_MC2_FREQ_BYPASS)
strcat(buf, " [freq bypass]");
if (p->misc1 & PD67_MC1_INPACK_ENA)
strcat(buf, " [inpack]");
if (p->misc2 & PD67_MC2_IRQ15_RI)
Reported by FlawFinder.
Line: 336
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (p->misc2 & PD67_MC2_DYNAMIC_MODE)
strcat(buf, " [dyn mode]");
if (p->misc2 & PD67_MC2_FREQ_BYPASS)
strcat(buf, " [freq bypass]");
if (p->misc1 & PD67_MC1_INPACK_ENA)
strcat(buf, " [inpack]");
if (p->misc2 & PD67_MC2_IRQ15_RI)
mask &= ~0x8000;
if (has_led > 0) {
Reported by FlawFinder.
Line: 338
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (p->misc2 & PD67_MC2_FREQ_BYPASS)
strcat(buf, " [freq bypass]");
if (p->misc1 & PD67_MC1_INPACK_ENA)
strcat(buf, " [inpack]");
if (p->misc2 & PD67_MC2_IRQ15_RI)
mask &= ~0x8000;
if (has_led > 0) {
strcat(buf, " [led]");
mask &= ~0x1000;
Reported by FlawFinder.
Line: 342
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (p->misc2 & PD67_MC2_IRQ15_RI)
mask &= ~0x8000;
if (has_led > 0) {
strcat(buf, " [led]");
mask &= ~0x1000;
}
if (has_dma > 0) {
strcat(buf, " [dma]");
mask &= ~0x0600;
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
mask &= ~0x1000;
}
if (has_dma > 0) {
strcat(buf, " [dma]");
mask &= ~0x0600;
}
if (!(t->flags & IS_VIA)) {
if (setup_time >= 0)
p->timer[0] = p->timer[3] = setup_time;
Reported by FlawFinder.
Line: 364
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (recov_time >= 0)
p->timer[2] = p->timer[5] = recov_time;
buf += strlen(buf);
sprintf(buf, " [%d/%d/%d] [%d/%d/%d]", p->timer[0], p->timer[1],
p->timer[2], p->timer[3], p->timer[4], p->timer[5]);
}
return mask;
}
Reported by FlawFinder.
Line: 401
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
flip(p->ctl, VG468_CTL_ASYNC, async_clock);
flip(p->ema, VG469_MODE_CABLE, cable_mode);
if (p->ctl & VG468_CTL_ASYNC)
strcat(buf, " [async]");
if (p->ctl & VG468_CTL_INPACK)
strcat(buf, " [inpack]");
if (socket[s].type == IS_VG469) {
u_char vsel = i365_get(s, VG469_VSELECT);
if (vsel & VG469_VSEL_EXT_STAT) {
Reported by FlawFinder.
drivers/scsi/dpt_i2o.c
17 issues
Line: 369
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scb[5] = 0;
// Don't care about the rest of scb
memcpy(mptr, scb, sizeof(scb));
mptr+=4;
lenptr=mptr++; /* Remember me - fill in when we know */
/* Now fill in the SGList and command */
*lenptr = len;
Reported by FlawFinder.
Line: 389
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
// Send it on it's way
rcode = adpt_i2o_post_wait(pHba, msg, reqlen<<2, 120);
if (rcode != 0) {
sprintf(pHba->detail, "Adaptec I2O RAID");
printk(KERN_INFO "%s: Inquiry Error (%d)\n",pHba->name,rcode);
if (rcode != -ETIME && rcode != -EINTR)
dma_free_coherent(&pHba->pDev->dev, 80, buf, addr);
} else {
memset(pHba->detail, 0, sizeof(pHba->detail));
Reported by FlawFinder.
Line: 395
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_free_coherent(&pHba->pDev->dev, 80, buf, addr);
} else {
memset(pHba->detail, 0, sizeof(pHba->detail));
memcpy(&(pHba->detail), "Vendor: Adaptec ", 16);
memcpy(&(pHba->detail[16]), " Model: ", 8);
memcpy(&(pHba->detail[24]), (u8*) &buf[16], 16);
memcpy(&(pHba->detail[40]), " FW: ", 4);
memcpy(&(pHba->detail[44]), (u8*) &buf[32], 4);
pHba->detail[48] = '\0'; /* precautionary */
Reported by FlawFinder.
Line: 396
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memset(pHba->detail, 0, sizeof(pHba->detail));
memcpy(&(pHba->detail), "Vendor: Adaptec ", 16);
memcpy(&(pHba->detail[16]), " Model: ", 8);
memcpy(&(pHba->detail[24]), (u8*) &buf[16], 16);
memcpy(&(pHba->detail[40]), " FW: ", 4);
memcpy(&(pHba->detail[44]), (u8*) &buf[32], 4);
pHba->detail[48] = '\0'; /* precautionary */
dma_free_coherent(&pHba->pDev->dev, 80, buf, addr);
Reported by FlawFinder.
Line: 397
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(pHba->detail, 0, sizeof(pHba->detail));
memcpy(&(pHba->detail), "Vendor: Adaptec ", 16);
memcpy(&(pHba->detail[16]), " Model: ", 8);
memcpy(&(pHba->detail[24]), (u8*) &buf[16], 16);
memcpy(&(pHba->detail[40]), " FW: ", 4);
memcpy(&(pHba->detail[44]), (u8*) &buf[32], 4);
pHba->detail[48] = '\0'; /* precautionary */
dma_free_coherent(&pHba->pDev->dev, 80, buf, addr);
}
Reported by FlawFinder.
Line: 398
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&(pHba->detail), "Vendor: Adaptec ", 16);
memcpy(&(pHba->detail[16]), " Model: ", 8);
memcpy(&(pHba->detail[24]), (u8*) &buf[16], 16);
memcpy(&(pHba->detail[40]), " FW: ", 4);
memcpy(&(pHba->detail[44]), (u8*) &buf[32], 4);
pHba->detail[48] = '\0'; /* precautionary */
dma_free_coherent(&pHba->pDev->dev, 80, buf, addr);
}
adpt_i2o_status_get(pHba);
Reported by FlawFinder.
Line: 399
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&(pHba->detail[16]), " Model: ", 8);
memcpy(&(pHba->detail[24]), (u8*) &buf[16], 16);
memcpy(&(pHba->detail[40]), " FW: ", 4);
memcpy(&(pHba->detail[44]), (u8*) &buf[32], 4);
pHba->detail[48] = '\0'; /* precautionary */
dma_free_coherent(&pHba->pDev->dev, 80, buf, addr);
}
adpt_i2o_status_get(pHba);
return ;
Reported by FlawFinder.
Line: 754
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
adpt_hba* pHba;
int rcode;
char name[32];
pHba = (adpt_hba*)cmd->device->host->hostdata[0];
strncpy(name, pHba->name, sizeof(name));
printk(KERN_WARNING"%s: Hba Reset: scsi id %d: tid: %d\n", name, cmd->device->channel, pHba->channel[cmd->device->channel].tid);
rcode = adpt_hba_reset(pHba);
Reported by FlawFinder.
Line: 977
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
pHba->next = NULL;
pHba->unit = hba_count;
sprintf(pHba->name, "dpti%d", hba_count);
hba_count++;
mutex_unlock(&adpt_configuration_lock);
pHba->pDev = pDev;
Reported by FlawFinder.
Line: 1474
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
d->controller = pHba;
d->next = NULL;
memcpy(&d->lct_data, &lct->lct_entry[i], sizeof(i2o_lct_entry));
d->flags = 0;
tid = d->lct_data.tid;
adpt_i2o_report_hba_unit(pHba, d);
adpt_i2o_install_device(pHba, d);
Reported by FlawFinder.
drivers/crypto/nx/nx-aes-ccm.c
17 issues
Line: 44
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
csbcpb->cpb.hdr.mode = NX_MODE_AES_CCM;
memcpy(csbcpb->cpb.aes_ccm.key, in_key, key_len);
csbcpb_aead->cpb.hdr.mode = NX_MODE_AES_CCA;
memcpy(csbcpb_aead->cpb.aes_cca.key, in_key, key_len);
return 0;
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(csbcpb->cpb.aes_ccm.key, in_key, key_len);
csbcpb_aead->cpb.hdr.mode = NX_MODE_AES_CCA;
memcpy(csbcpb_aead->cpb.aes_cca.key, in_key, key_len);
return 0;
}
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key_len -= 3;
memcpy(nx_ctx->priv.ccm.nonce, in_key + key_len, 3);
return ccm_aes_nx_set_key(tfm, in_key, key_len);
}
static int ccm_aes_nx_setauthsize(struct crypto_aead *tfm,
Reported by FlawFinder.
Line: 117
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EOVERFLOW;
data = cpu_to_be32(msglen);
memcpy(block - csize, (u8 *)&data + 4 - csize, csize);
return 0;
}
/* taken from crypto/ccm.c */
Reported by FlawFinder.
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int l, lp, m = authsize;
int rc;
memcpy(b0, iv, 16);
lp = b0[0];
l = lp + 1;
/* set m, bits 3-5 */
Reported by FlawFinder.
Line: 309
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
return rc;
memcpy(nx_ctx->csbcpb_aead->cpb.aes_cca.b0,
nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0,
AES_BLOCK_SIZE);
NX_CPB_FDM(nx_ctx->csbcpb_aead) |= NX_FDM_CONTINUATION;
Reported by FlawFinder.
Line: 324
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
result = nx_ctx->csbcpb_aead->cpb.aes_cca.out_pat_or_b0;
}
memcpy(out, result, AES_BLOCK_SIZE);
return rc;
}
static int ccm_nx_decrypt(struct aead_request *req,
Reported by FlawFinder.
Line: 384
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* for partial completion, copy following for next
* entry into loop...
*/
memcpy(iv, csbcpb->cpb.aes_ccm.out_ctr, AES_BLOCK_SIZE);
memcpy(csbcpb->cpb.aes_ccm.in_pat_or_b0,
csbcpb->cpb.aes_ccm.out_pat_or_mac, AES_BLOCK_SIZE);
memcpy(csbcpb->cpb.aes_ccm.in_s0,
csbcpb->cpb.aes_ccm.out_s0, AES_BLOCK_SIZE);
Reported by FlawFinder.
Line: 385
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* entry into loop...
*/
memcpy(iv, csbcpb->cpb.aes_ccm.out_ctr, AES_BLOCK_SIZE);
memcpy(csbcpb->cpb.aes_ccm.in_pat_or_b0,
csbcpb->cpb.aes_ccm.out_pat_or_mac, AES_BLOCK_SIZE);
memcpy(csbcpb->cpb.aes_ccm.in_s0,
csbcpb->cpb.aes_ccm.out_s0, AES_BLOCK_SIZE);
NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION;
Reported by FlawFinder.
Line: 387
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(iv, csbcpb->cpb.aes_ccm.out_ctr, AES_BLOCK_SIZE);
memcpy(csbcpb->cpb.aes_ccm.in_pat_or_b0,
csbcpb->cpb.aes_ccm.out_pat_or_mac, AES_BLOCK_SIZE);
memcpy(csbcpb->cpb.aes_ccm.in_s0,
csbcpb->cpb.aes_ccm.out_s0, AES_BLOCK_SIZE);
NX_CPB_FDM(csbcpb) |= NX_FDM_CONTINUATION;
/* update stats */
Reported by FlawFinder.
net/tipc/crypto.c
17 issues
Line: 84
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* TIPC crypto statistics' header */
static const char *hstats[MAX_STATS] = {"ok", "nok", "async", "async_ok",
"async_nok", "badmsgs", "nokeys",
"switches"};
/* Max TFMs number per key */
int sysctl_tipc_max_tfms __read_mostly = TIPC_MAX_TFMS_DEF;
Reported by FlawFinder.
Line: 159
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 salt;
u8 authsize;
u8 mode;
char hint[2 * TIPC_AEAD_HINT_LEN + 1];
struct rcu_head rcu;
struct tipc_aead_key *key;
u16 gen;
atomic64_t seqno ____cacheline_aligned;
Reported by FlawFinder.
Line: 220
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 rekeying_intv;
struct tipc_crypto_stats __percpu *stats;
char name[48];
atomic64_t sndnxt ____cacheline_aligned;
unsigned long timer1;
unsigned long timer2;
union {
Reported by FlawFinder.
Line: 600
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp->cloned = NULL;
tmp->authsize = TIPC_AES_GCM_TAG_SIZE;
tmp->key = kmemdup(ukey, tipc_aead_key_size(ukey), GFP_KERNEL);
memcpy(&tmp->salt, ukey->key + keylen, TIPC_AES_GCM_SALT_SIZE);
atomic_set(&tmp->users, 0);
atomic64_set(&tmp->seqno, 0);
refcount_set(&tmp->refcnt, 1);
*aead = tmp;
Reported by FlawFinder.
Line: 651
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*per_cpu_ptr(src->tfm_entry, cpu);
}
memcpy(aead->hint, src->hint, sizeof(src->hint));
aead->mode = src->mode;
aead->salt = src->salt;
aead->authsize = src->authsize;
atomic_set(&aead->users, 0);
atomic64_set(&aead->seqno, 0);
Reported by FlawFinder.
Line: 804
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
salt ^= __be32_to_cpu(ehdr->addr);
else if (__dnode)
salt ^= tipc_node_get_addr(__dnode);
memcpy(iv, &salt, 4);
memcpy(iv + 4, (u8 *)&ehdr->seqno, 8);
/* Prepare request */
ehsz = tipc_ehdr_size(ehdr);
aead_request_set_tfm(req, tfm);
Reported by FlawFinder.
Line: 805
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (__dnode)
salt ^= tipc_node_get_addr(__dnode);
memcpy(iv, &salt, 4);
memcpy(iv + 4, (u8 *)&ehdr->seqno, 8);
/* Prepare request */
ehsz = tipc_ehdr_size(ehdr);
aead_request_set_tfm(req, tfm);
aead_request_set_ad(req, ehsz);
Reported by FlawFinder.
Line: 819
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tx_ctx = (struct tipc_crypto_tx_ctx *)ctx;
tx_ctx->aead = aead;
tx_ctx->bearer = b;
memcpy(&tx_ctx->dst, dst, sizeof(*dst));
/* Hold bearer */
if (unlikely(!tipc_bearer_hold(b))) {
rc = -ENODEV;
goto exit;
Reported by FlawFinder.
Line: 929
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
salt ^= __be32_to_cpu(ehdr->addr);
else if (ehdr->destined)
salt ^= tipc_own_addr(net);
memcpy(iv, &salt, 4);
memcpy(iv + 4, (u8 *)&ehdr->seqno, 8);
/* Prepare request */
ehsz = tipc_ehdr_size(ehdr);
aead_request_set_tfm(req, tfm);
Reported by FlawFinder.
Line: 930
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (ehdr->destined)
salt ^= tipc_own_addr(net);
memcpy(iv, &salt, 4);
memcpy(iv + 4, (u8 *)&ehdr->seqno, 8);
/* Prepare request */
ehsz = tipc_ehdr_size(ehdr);
aead_request_set_tfm(req, tfm);
aead_request_set_ad(req, ehsz);
Reported by FlawFinder.
tools/power/cpupower/utils/idle_monitor/cpuidle_sysfs.c
17 issues
Line: 85
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!strncmp(tmp, "NHM-", 4)) {
switch (num) {
case 1:
strcpy(tmp, "C1");
break;
case 2:
strcpy(tmp, "C3");
break;
case 3:
Reported by FlawFinder.
Line: 88
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(tmp, "C1");
break;
case 2:
strcpy(tmp, "C3");
break;
case 3:
strcpy(tmp, "C6");
break;
}
Reported by FlawFinder.
Line: 91
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(tmp, "C3");
break;
case 3:
strcpy(tmp, "C6");
break;
}
} else if (!strncmp(tmp, "SNB-", 4)) {
switch (num) {
case 1:
Reported by FlawFinder.
Line: 97
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} else if (!strncmp(tmp, "SNB-", 4)) {
switch (num) {
case 1:
strcpy(tmp, "C1");
break;
case 2:
strcpy(tmp, "C3");
break;
case 3:
Reported by FlawFinder.
Line: 100
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(tmp, "C1");
break;
case 2:
strcpy(tmp, "C3");
break;
case 3:
strcpy(tmp, "C6");
break;
case 4:
Reported by FlawFinder.
Line: 103
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(tmp, "C3");
break;
case 3:
strcpy(tmp, "C6");
break;
case 4:
strcpy(tmp, "C7");
break;
}
Reported by FlawFinder.
Line: 106
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(tmp, "C6");
break;
case 4:
strcpy(tmp, "C7");
break;
}
} else if (!strncmp(tmp, "ATM-", 4)) {
switch (num) {
case 1:
Reported by FlawFinder.
Line: 112
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} else if (!strncmp(tmp, "ATM-", 4)) {
switch (num) {
case 1:
strcpy(tmp, "C1");
break;
case 2:
strcpy(tmp, "C2");
break;
case 3:
Reported by FlawFinder.
Line: 115
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(tmp, "C1");
break;
case 2:
strcpy(tmp, "C2");
break;
case 3:
strcpy(tmp, "C4");
break;
case 4:
Reported by FlawFinder.
Line: 118
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(tmp, "C2");
break;
case 3:
strcpy(tmp, "C4");
break;
case 4:
strcpy(tmp, "C6");
break;
}
Reported by FlawFinder.