The following issues were found
drivers/bcma/driver_mips.c
2 issues
Line: 168
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *ints = interrupts;
for (i = 0; i < ARRAY_SIZE(irq_name); i++)
ints += sprintf(ints, " %s%c",
irq_name[i], i == irq ? '*' : ' ');
bcma_debug(dev->bus, "core 0x%04x, irq:%s\n", dev->id.id, interrupts);
}
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i;
static const char *irq_name[] = {"2(S)", "3", "4", "5", "6", "D", "I"};
char interrupts[25];
char *ints = interrupts;
for (i = 0; i < ARRAY_SIZE(irq_name); i++)
ints += sprintf(ints, " %s%c",
irq_name[i], i == irq ? '*' : ' ');
Reported by FlawFinder.
drivers/dma/fsl_raid.c
2 issues
Line: 124
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
list_move_tail(&desc->node, &re_chan->active_q);
memcpy(&re_chan->inb_ring_virt_addr[re_chan->inb_count],
&desc->hwdesc, sizeof(struct fsl_re_hw_desc));
re_chan->inb_count = (re_chan->inb_count + 1) &
FSL_RE_RING_SIZE_MASK;
out_be32(&re_chan->jrregs->inbring_add_job, FSL_RE_ADD_JOB(1));
Reported by FlawFinder.
Line: 430
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (src_cnt == 1) {
struct dma_async_tx_descriptor *tx;
dma_addr_t dma_src[2];
unsigned char coef[2];
dma_src[0] = *src;
coef[0] = *scf;
dma_src[1] = *src;
coef[1] = 0;
Reported by FlawFinder.
drivers/bluetooth/hci_intel.c
2 issues
Line: 532
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct intel_boot_params params;
struct intel_device *idev;
const struct firmware *fw;
char fwname[64];
u32 boot_param;
ktime_t calltime, delta, rettime;
unsigned long long duration;
unsigned int init_speed, oper_speed;
int speed_change = 0;
Reported by FlawFinder.
Line: 1041
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Prepend skb with frame type */
memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
return skb;
}
static const struct hci_uart_proto intel_proto = {
Reported by FlawFinder.
drivers/base/regmap/regmap-spi-avmm.c
2 issues
Line: 163
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int trans_len;
unsigned int phy_len;
/* bridge buffer used in translation between protocol layers */
char trans_buf[TRANS_BUF_SIZE];
char phy_buf[PHY_BUF_SIZE];
void (*swap_words)(char *buf, unsigned int len);
};
static void br_swap_words_32(char *buf, unsigned int len)
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int phy_len;
/* bridge buffer used in translation between protocol layers */
char trans_buf[TRANS_BUF_SIZE];
char phy_buf[PHY_BUF_SIZE];
void (*swap_words)(char *buf, unsigned int len);
};
static void br_swap_words_32(char *buf, unsigned int len)
{
Reported by FlawFinder.
drivers/base/regmap/regmap-debugfs.c
2 issues
Line: 305
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char __user *user_buf,
size_t count, loff_t *ppos)
{
char buf[32];
size_t buf_size;
char *start = buf;
unsigned long reg, value;
struct regmap *map = file->private_data;
int ret;
Reported by FlawFinder.
Line: 407
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (p >= *ppos) {
if (buf_pos + entry_len > count)
break;
memcpy(buf + buf_pos, entry, entry_len);
buf_pos += entry_len;
}
p += entry_len;
}
mutex_unlock(&map->cache_lock);
Reported by FlawFinder.
drivers/block/ps3vram.c
2 issues
Line: 457
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avail > count)
avail = count;
memcpy(buf, priv->xdr_buf + cached, avail);
buf += avail;
count -= avail;
from += avail;
}
Reported by FlawFinder.
Line: 498
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avail > count)
avail = count;
memcpy(priv->xdr_buf + cached, buf, avail);
priv->cache.tags[entry].flags |= CACHE_PAGE_DIRTY;
buf += avail;
count -= avail;
Reported by FlawFinder.
drivers/cpufreq/freq_table.c
2 issues
Line: 257
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (show_boost ^ (pos->flags & CPUFREQ_BOOST_FREQ))
continue;
count += sprintf(&buf[count], "%d ", pos->frequency);
}
count += sprintf(&buf[count], "\n");
return count;
Reported by FlawFinder.
Line: 259
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
count += sprintf(&buf[count], "%d ", pos->frequency);
}
count += sprintf(&buf[count], "\n");
return count;
}
Reported by FlawFinder.
drivers/base/regmap/regcache.c
2 issues
Line: 159
Column: 23
CWE codes:
120
20
map->cache = NULL;
map->cache_ops = cache_types[i];
if (!map->cache_ops->read ||
!map->cache_ops->write ||
!map->cache_ops->name)
return -EINVAL;
/* We still need to ensure that the reg_defaults
Reported by FlawFinder.
Line: 244
Column: 25
CWE codes:
120
20
BUG_ON(!map->cache_ops);
if (!regmap_volatile(map, reg)) {
ret = map->cache_ops->read(map, reg, value);
if (ret == 0)
trace_regmap_reg_read_cache(map, reg, *value);
return ret;
Reported by FlawFinder.
drivers/dma/idxd/idxd.h
2 issues
Line: 76
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
DECLARE_BITMAP(used_mask, IDXD_PMU_EVENT_MAX);
struct pmu pmu;
char name[IDXD_NAME_SIZE];
int cpu;
int n_counters;
int counter_width;
int n_event_categories;
Reported by FlawFinder.
Line: 170
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct idxd_desc **descs;
struct sbitmap_queue sbq;
struct idxd_dma_chan *idxd_chan;
char name[WQ_NAME_SIZE + 1];
u64 max_xfer_bytes;
u32 max_batch_size;
bool ats_dis;
};
Reported by FlawFinder.
drivers/dma/idxd/perfmon.c
2 issues
Line: 571
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
idxd->idxd_pmu = idxd_pmu;
if (idxd->data->type == IDXD_TYPE_DSA) {
rc = sprintf(idxd_pmu->name, "dsa%d", idxd->id);
if (rc < 0)
goto free;
} else if (idxd->data->type == IDXD_TYPE_IAX) {
rc = sprintf(idxd_pmu->name, "iax%d", idxd->id);
if (rc < 0)
Reported by FlawFinder.
Line: 575
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (rc < 0)
goto free;
} else if (idxd->data->type == IDXD_TYPE_IAX) {
rc = sprintf(idxd_pmu->name, "iax%d", idxd->id);
if (rc < 0)
goto free;
} else {
goto free;
}
Reported by FlawFinder.