The following issues were found
drivers/usb/core/devices.c
17 issues
Line: 183
Column: 11
CWE codes:
134
Suggestion:
Make format string constant
interval /= 1000;
}
start += sprintf(start, format_endpt, desc->bEndpointAddress, dir,
desc->bmAttributes, type,
usb_endpoint_maxp(desc) *
bandwidth,
interval, unit);
return start;
Reported by FlawFinder.
Line: 209
Column: 11
CWE codes:
134
Suggestion:
Make format string constant
: "(none)");
active = (desc == &iface->cur_altsetting->desc);
}
start += sprintf(start, format_iface,
active ? '*' : ' ', /* mark active altsetting */
desc->bInterfaceNumber,
desc->bAlternateSetting,
desc->bNumEndpoints,
desc->bInterfaceClass,
Reported by FlawFinder.
Line: 244
Column: 11
CWE codes:
134
Suggestion:
Make format string constant
{
if (start > end)
return start;
start += sprintf(start, format_iad,
iad->bFirstInterface,
iad->bInterfaceCount,
iad->bFunctionClass,
class_decode(iad->bFunctionClass),
iad->bFunctionSubClass,
Reported by FlawFinder.
Line: 271
Column: 11
CWE codes:
134
Suggestion:
Make format string constant
mul = 8;
else
mul = 2;
start += sprintf(start, format_config,
/* mark active/actual/current cfg. */
active ? '*' : ' ',
desc->bNumInterfaces,
desc->bConfigurationValue,
desc->bmAttributes,
Reported by FlawFinder.
Line: 325
Column: 11
CWE codes:
134
Suggestion:
Make format string constant
if (start > end)
return start;
start += sprintf(start, format_device1,
bcdUSB >> 8, bcdUSB & 0xff,
desc->bDeviceClass,
class_decode(desc->bDeviceClass),
desc->bDeviceSubClass,
desc->bDeviceProtocol,
Reported by FlawFinder.
Line: 335
Column: 11
CWE codes:
134
Suggestion:
Make format string constant
desc->bNumConfigurations);
if (start > end)
return start;
start += sprintf(start, format_device2,
le16_to_cpu(desc->idVendor),
le16_to_cpu(desc->idProduct),
bcdDevice >> 8, bcdDevice & 0xff);
return start;
}
Reported by FlawFinder.
Line: 351
Column: 12
CWE codes:
134
Suggestion:
Make format string constant
if (start > end)
return start;
if (dev->manufacturer)
start += sprintf(start, format_string_manufacturer,
dev->manufacturer);
if (start > end)
goto out;
if (dev->product)
start += sprintf(start, format_string_product, dev->product);
Reported by FlawFinder.
Line: 356
Column: 12
CWE codes:
134
Suggestion:
Make format string constant
if (start > end)
goto out;
if (dev->product)
start += sprintf(start, format_string_product, dev->product);
if (start > end)
goto out;
#ifdef ALLOW_SERIAL_NUMBER
if (dev->serial)
start += sprintf(start, format_string_serialnumber,
Reported by FlawFinder.
Line: 361
Column: 12
CWE codes:
134
Suggestion:
Make format string constant
goto out;
#ifdef ALLOW_SERIAL_NUMBER
if (dev->serial)
start += sprintf(start, format_string_serialnumber,
dev->serial);
#endif
out:
return start;
}
Reported by FlawFinder.
Line: 421
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
start += sprintf(start, "Interface:");
if (index <= dev->maxstring && dev->stringindex &&
dev->stringindex[index])
start += sprintf(start, "%s: %.100s ", id,
dev->stringindex[index]);
return start;
}
#endif /* PROC_EXTRA */
Reported by FlawFinder.
drivers/net/ethernet/freescale/fec_main.c
17 issues
Line: 2034
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
phy_id = 0;
}
snprintf(phy_name, sizeof(phy_name),
PHY_ID_FMT, mdio_bus_id, phy_id);
phy_dev = phy_connect(ndev, phy_name, &fec_enet_adjust_link,
fep->phy_interface);
}
Reported by FlawFinder.
Line: 192
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
MODULE_DEVICE_TABLE(of, fec_dt_ids);
static unsigned char macaddr[ETH_ALEN];
module_param_array(macaddr, byte, NULL, 0);
MODULE_PARM_DESC(macaddr, "FEC Ethernet MAC address");
#if defined(CONFIG_M5272)
/*
Reported by FlawFinder.
Line: 436
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
index = fec_enet_get_bd_index(bdp, &txq->bd);
if (((unsigned long) bufaddr) & fep->tx_align ||
fep->quirks & FEC_QUIRK_SWAP_FRAME) {
memcpy(txq->tx_bounce[index], bufaddr, frag_len);
bufaddr = txq->tx_bounce[index];
if (fep->quirks & FEC_QUIRK_SWAP_FRAME)
swap_buffer(bufaddr, frag_len);
}
Reported by FlawFinder.
Line: 512
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
index = fec_enet_get_bd_index(bdp, &txq->bd);
if (((unsigned long) bufaddr) & fep->tx_align ||
fep->quirks & FEC_QUIRK_SWAP_FRAME) {
memcpy(txq->tx_bounce[index], skb->data, buflen);
bufaddr = txq->tx_bounce[index];
if (fep->quirks & FEC_QUIRK_SWAP_FRAME)
swap_buffer(bufaddr, buflen);
}
Reported by FlawFinder.
Line: 617
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (((unsigned long) data) & fep->tx_align ||
fep->quirks & FEC_QUIRK_SWAP_FRAME) {
memcpy(txq->tx_bounce[index], data, size);
data = txq->tx_bounce[index];
if (fep->quirks & FEC_QUIRK_SWAP_FRAME)
swap_buffer(data, size);
}
Reported by FlawFinder.
Line: 679
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dmabuf = txq->tso_hdrs_dma + index * TSO_HEADER_SIZE;
if (((unsigned long)bufaddr) & fep->tx_align ||
fep->quirks & FEC_QUIRK_SWAP_FRAME) {
memcpy(txq->tx_bounce[index], skb->data, hdr_len);
bufaddr = txq->tx_bounce[index];
if (fep->quirks & FEC_QUIRK_SWAP_FRAME)
swap_buffer(bufaddr, hdr_len);
Reported by FlawFinder.
Line: 972
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* enet-mac reset will reset mac address registers too,
* so need to reconfigure it.
*/
memcpy(&temp_mac, ndev->dev_addr, ETH_ALEN);
writel((__force u32)cpu_to_be32(temp_mac[0]),
fep->hwp + FEC_ADDR_LOW);
writel((__force u32)cpu_to_be32(temp_mac[1]),
fep->hwp + FEC_ADDR_HIGH);
Reported by FlawFinder.
Line: 1398
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
FEC_ENET_RX_FRSIZE - fep->rx_align,
DMA_FROM_DEVICE);
if (!swap)
memcpy(new_skb->data, (*skb)->data, length);
else
swap_buffer2(new_skb->data, (*skb)->data, length);
*skb = new_skb;
return true;
Reported by FlawFinder.
Line: 1671
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int fec_get_mac(struct net_device *ndev)
{
struct fec_enet_private *fep = netdev_priv(ndev);
unsigned char *iap, tmpaddr[ETH_ALEN];
int ret;
/*
* try to get mac address in following order:
*
Reported by FlawFinder.
Line: 1734
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
}
memcpy(ndev->dev_addr, iap, ETH_ALEN);
/* Adjust MAC if using macaddr */
if (iap == macaddr)
ndev->dev_addr[ETH_ALEN-1] = macaddr[ETH_ALEN-1] + fep->dev_id;
Reported by FlawFinder.
drivers/s390/block/dcssblk.c
17 issues
Line: 329
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (*seg_info == NULL)
return -ENOMEM;
strcpy((*seg_info)->segment_name, name);
/* load the segment */
rc = segment_load(name, SEGMENT_SHARED,
&(*seg_info)->start, &(*seg_info)->end);
if (rc < 0) {
Reported by FlawFinder.
Line: 354
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
struct dcssblk_dev_info *dev_info;
dev_info = container_of(dev, struct dcssblk_dev_info, dev);
return sprintf(buf, dev_info->is_shared ? "1\n" : "0\n");
}
static ssize_t
dcssblk_shared_store(struct device *dev, struct device_attribute *attr, const char *inbuf, size_t count)
{
Reported by FlawFinder.
Line: 458
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
struct dcssblk_dev_info *dev_info;
dev_info = container_of(dev, struct dcssblk_dev_info, dev);
return sprintf(buf, dev_info->save_pending ? "1\n" : "0\n");
}
static ssize_t
dcssblk_save_store(struct device *dev, struct device_attribute *attr, const char *inbuf, size_t count)
{
Reported by FlawFinder.
Line: 530
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
i = 0;
buf[0] = '\0';
list_for_each_entry(entry, &dev_info->seg_list, lh) {
strcpy(&buf[i], entry->segment_name);
i += strlen(entry->segment_name);
buf[i] = '\n';
i++;
}
up_read(&dcssblk_devices_sem);
Reported by FlawFinder.
Line: 613
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
rc = -ENOMEM;
goto out;
}
strcpy(dev_info->segment_name, local_buf);
dev_info->segment_type = seg_info->segment_type;
INIT_LIST_HEAD(&dev_info->seg_list);
}
list_add_tail(&seg_info->lh, &dev_info->seg_list);
num_of_segments++;
Reported by FlawFinder.
Line: 37
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static long dcssblk_dax_direct_access(struct dax_device *dax_dev, pgoff_t pgoff,
long nr_pages, void **kaddr, pfn_t *pfn);
static char dcssblk_segments[DCSSBLK_PARM_LEN] = "\0";
static int dcssblk_major;
static const struct block_device_operations dcssblk_devops = {
.owner = THIS_MODULE,
.submit_bio = dcssblk_submit_bio,
Reported by FlawFinder.
Line: 84
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dcssblk_dev_info {
struct list_head lh;
struct device dev;
char segment_name[DCSS_BUS_ID_SIZE];
atomic_t use_count;
struct gendisk *gd;
unsigned long start;
unsigned long end;
int segment_type;
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct segment_info {
struct list_head lh;
char segment_name[DCSS_BUS_ID_SIZE];
unsigned long start;
unsigned long end;
int segment_type;
};
Reported by FlawFinder.
Line: 262
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
i = 0;
list_for_each_entry(entry, &dev_info->seg_list, lh) {
memcpy(&sort_list[i], entry, sizeof(struct segment_info));
i++;
}
/* sort segments */
for (i = 0; i < dev_info->num_of_segments; i++)
Reported by FlawFinder.
Line: 270
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < dev_info->num_of_segments; i++)
for (j = 0; j < dev_info->num_of_segments; j++)
if (sort_list[j].start > sort_list[i].start) {
memcpy(&temp, &sort_list[i],
sizeof(struct segment_info));
memcpy(&sort_list[i], &sort_list[j],
sizeof(struct segment_info));
memcpy(&sort_list[j], &temp,
sizeof(struct segment_info));
Reported by FlawFinder.
include/linux/ptr_ring.h
16 issues
Line: 81
CWE codes:
908
unsigned long flags;
bool ret;
spin_lock_irqsave(&r->producer_lock, flags);
ret = __ptr_ring_full(r);
spin_unlock_irqrestore(&r->producer_lock, flags);
return ret;
}
Reported by Cppcheck.
Line: 83
CWE codes:
908
spin_lock_irqsave(&r->producer_lock, flags);
ret = __ptr_ring_full(r);
spin_unlock_irqrestore(&r->producer_lock, flags);
return ret;
}
static inline bool ptr_ring_full_bh(struct ptr_ring *r)
Reported by Cppcheck.
Line: 151
CWE codes:
908
unsigned long flags;
int ret;
spin_lock_irqsave(&r->producer_lock, flags);
ret = __ptr_ring_produce(r, ptr);
spin_unlock_irqrestore(&r->producer_lock, flags);
return ret;
}
Reported by Cppcheck.
Line: 153
CWE codes:
908
spin_lock_irqsave(&r->producer_lock, flags);
ret = __ptr_ring_produce(r, ptr);
spin_unlock_irqrestore(&r->producer_lock, flags);
return ret;
}
static inline int ptr_ring_produce_bh(struct ptr_ring *r, void *ptr)
Reported by Cppcheck.
Line: 228
CWE codes:
908
unsigned long flags;
bool ret;
spin_lock_irqsave(&r->consumer_lock, flags);
ret = __ptr_ring_empty(r);
spin_unlock_irqrestore(&r->consumer_lock, flags);
return ret;
}
Reported by Cppcheck.
Line: 230
CWE codes:
908
spin_lock_irqsave(&r->consumer_lock, flags);
ret = __ptr_ring_empty(r);
spin_unlock_irqrestore(&r->consumer_lock, flags);
return ret;
}
static inline bool ptr_ring_empty_bh(struct ptr_ring *r)
Reported by Cppcheck.
Line: 354
CWE codes:
908
unsigned long flags;
void *ptr;
spin_lock_irqsave(&r->consumer_lock, flags);
ptr = __ptr_ring_consume(r);
spin_unlock_irqrestore(&r->consumer_lock, flags);
return ptr;
}
Reported by Cppcheck.
Line: 356
CWE codes:
908
spin_lock_irqsave(&r->consumer_lock, flags);
ptr = __ptr_ring_consume(r);
spin_unlock_irqrestore(&r->consumer_lock, flags);
return ptr;
}
static inline void *ptr_ring_consume_bh(struct ptr_ring *r)
Reported by Cppcheck.
Line: 402
CWE codes:
908
unsigned long flags;
int ret;
spin_lock_irqsave(&r->consumer_lock, flags);
ret = __ptr_ring_consume_batched(r, array, n);
spin_unlock_irqrestore(&r->consumer_lock, flags);
return ret;
}
Reported by Cppcheck.
Line: 404
CWE codes:
908
spin_lock_irqsave(&r->consumer_lock, flags);
ret = __ptr_ring_consume_batched(r, array, n);
spin_unlock_irqrestore(&r->consumer_lock, flags);
return ret;
}
static inline int ptr_ring_consume_batched_bh(struct ptr_ring *r,
Reported by Cppcheck.
drivers/staging/media/atomisp/pci/runtime/debug/src/ia_css_debug.c
16 issues
Line: 139
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* [IA_CSS_PIPE_ID_ACC] =*/ "accelerator"
};
static char dot_id_input_bin[SH_CSS_MAX_BINARY_NAME + 10];
static char ring_buffer[200];
void ia_css_debug_dtrace(unsigned int level, const char *fmt, ...)
{
va_list ap;
Reported by FlawFinder.
Line: 140
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static char dot_id_input_bin[SH_CSS_MAX_BINARY_NAME + 10];
static char ring_buffer[200];
void ia_css_debug_dtrace(unsigned int level, const char *fmt, ...)
{
va_list ap;
Reported by FlawFinder.
Line: 894
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fsm_pack_st = NULL;
const char *fsm_read_st = NULL;
const char *fsm_write_st = NULL;
char last_cmd_str[64];
dma_get_state(DMA0_ID, &state);
/* Print header for DMA dump status */
ia_css_debug_dtrace(2, "DMA dump status:\n");
Reported by FlawFinder.
Line: 1577
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*
* Adjust this to your trace case!
*/
static char const *const id2filename[8] = {
"param_buffer.sp.c | tagger.sp.c | pipe_data.sp.c",
"isp_init.sp.c",
"sp_raw_copy.hive.c",
"dma_configure.sp.c",
"sp.hive.c",
Reported by FlawFinder.
Line: 1590
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Example SH_CSS_SP_DBG_NR_OF_TRACES==1 */
/* Adjust this to your trace case */
static char const *trace_name[SH_CSS_SP_DBG_NR_OF_TRACES] = {
"default"
};
/* Remember host_index_last because we only want to print new entries */
static int host_index_last[SH_CSS_SP_DBG_NR_OF_TRACES] = { 0 };
Reported by FlawFinder.
Line: 2558
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char const *frame_name,
bool in_frame)
{
char bufinfo[100];
if (frame->dynamic_queue_id == SH_CSS_INVALID_QUEUE_ID) {
snprintf(bufinfo, sizeof(bufinfo), "Internal");
} else {
snprintf(bufinfo, sizeof(bufinfo), "Queue: %s %s",
Reported by FlawFinder.
Line: 2649
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ia_css_pipeline_stage *stage,
enum ia_css_pipe_id id)
{
char blob_name[SH_CSS_MAX_BINARY_NAME + 10] = "<unknown type>";
char const *bin_type = "<unknown type>";
int i;
assert(stage);
if (stage->sp_func != IA_CSS_PIPELINE_NO_FUNC)
Reported by FlawFinder.
Line: 2676
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Guard in case of binaries that don't have any binary_info */
if (stage->binary_info) {
char enable_info1[100];
char enable_info2[100];
char enable_info3[100];
char enable_info[200];
struct ia_css_binary_info *bi = stage->binary_info;
Reported by FlawFinder.
Line: 2677
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Guard in case of binaries that don't have any binary_info */
if (stage->binary_info) {
char enable_info1[100];
char enable_info2[100];
char enable_info3[100];
char enable_info[200];
struct ia_css_binary_info *bi = stage->binary_info;
/* Split it in 2 function-calls to keep the amount of
Reported by FlawFinder.
Line: 2678
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (stage->binary_info) {
char enable_info1[100];
char enable_info2[100];
char enable_info3[100];
char enable_info[200];
struct ia_css_binary_info *bi = stage->binary_info;
/* Split it in 2 function-calls to keep the amount of
* parameters per call "reasonable"
Reported by FlawFinder.
drivers/media/pci/bt8xx/dst.c
16 issues
Line: 890
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
}
memset(&state->mac_address, '\0', 8);
memcpy(&state->mac_address, &state->rxbuffer, 6);
pr_err("MAC Address=[%pM]\n", state->mac_address);
return 0;
}
Reported by FlawFinder.
Line: 904
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dprintk(2, "Unsupported Command\n");
return -1;
}
memcpy(&state->fw_version, &state->rxbuffer, 8);
pr_err("Firmware Ver = %x.%x Build = %02x, on %x:%x, %x-%x-20%02x\n",
state->fw_version[0] >> 4, state->fw_version[0] & 0x0f,
state->fw_version[1],
state->fw_version[5], state->fw_version[6],
state->fw_version[4], state->fw_version[3], state->fw_version[2]);
Reported by FlawFinder.
Line: 926
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
}
memset(&state->card_info, '\0', 8);
memcpy(&state->card_info, &state->rxbuffer, 7);
pr_err("Device Model=[%s]\n", &state->card_info[0]);
for (j = 0, p_tuner_list = tuner_list; j < ARRAY_SIZE(tuner_list); j++, p_tuner_list++) {
if (!strcmp(&state->card_info[0], p_tuner_list->board_name)) {
state->tuner_type = p_tuner_list->tuner_type;
Reported by FlawFinder.
Line: 949
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
}
memset(&state->vendor, '\0', 8);
memcpy(&state->vendor, &state->rxbuffer, 7);
pr_err("Vendor=[%s]\n", &state->vendor[0]);
return 0;
}
Reported by FlawFinder.
Line: 1019
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto force;
}
}
memcpy(&state->board_info, &state->rxbuffer, 8);
if (state->type_flags & DST_TYPE_HAS_MULTI_FE) {
pr_err("DST type has TS=188\n");
}
if (state->board_info[0] == 0xbc) {
if (state->dst_type != DST_TYPE_IS_ATSC)
Reported by FlawFinder.
Line: 1426
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (state->dst_type != DST_TYPE_IS_SAT)
return -EOPNOTSUPP;
if (cmd->msg_len > 0 && cmd->msg_len < 5)
memcpy(&packet[3], cmd->msg, cmd->msg_len);
else if (cmd->msg_len == 5 && state->dst_hw_cap & DST_TYPE_HAS_DISEQC5)
memcpy(&packet[2], cmd->msg, cmd->msg_len);
else
return -EINVAL;
packet[7] = dst_check_sum(&packet[0], 7);
Reported by FlawFinder.
Line: 1428
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cmd->msg_len > 0 && cmd->msg_len < 5)
memcpy(&packet[3], cmd->msg, cmd->msg_len);
else if (cmd->msg_len == 5 && state->dst_hw_cap & DST_TYPE_HAS_DISEQC5)
memcpy(&packet[2], cmd->msg, cmd->msg_len);
else
return -EINVAL;
packet[7] = dst_check_sum(&packet[0], 7);
return dst_command(state, packet, 8);
}
Reported by FlawFinder.
Line: 1533
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
state->bandwidth = 7000000;
state->cur_jiff = jiffies;
if (state->dst_type == DST_TYPE_IS_SAT)
memcpy(state->tx_tuna, ((state->type_flags & DST_TYPE_HAS_VLF) ? sat_tuna_188 : sat_tuna_204), sizeof (sat_tuna_204));
else if (state->dst_type == DST_TYPE_IS_TERR)
memcpy(state->tx_tuna, ((state->type_flags & DST_TYPE_HAS_VLF) ? ter_tuna_188 : ter_tuna_204), sizeof (ter_tuna_204));
else if (state->dst_type == DST_TYPE_IS_CABLE)
memcpy(state->tx_tuna, ((state->type_flags & DST_TYPE_HAS_VLF) ? cab_tuna_188 : cab_tuna_204), sizeof (cab_tuna_204));
else if (state->dst_type == DST_TYPE_IS_ATSC)
Reported by FlawFinder.
Line: 1535
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (state->dst_type == DST_TYPE_IS_SAT)
memcpy(state->tx_tuna, ((state->type_flags & DST_TYPE_HAS_VLF) ? sat_tuna_188 : sat_tuna_204), sizeof (sat_tuna_204));
else if (state->dst_type == DST_TYPE_IS_TERR)
memcpy(state->tx_tuna, ((state->type_flags & DST_TYPE_HAS_VLF) ? ter_tuna_188 : ter_tuna_204), sizeof (ter_tuna_204));
else if (state->dst_type == DST_TYPE_IS_CABLE)
memcpy(state->tx_tuna, ((state->type_flags & DST_TYPE_HAS_VLF) ? cab_tuna_188 : cab_tuna_204), sizeof (cab_tuna_204));
else if (state->dst_type == DST_TYPE_IS_ATSC)
memcpy(state->tx_tuna, atsc_tuner, sizeof (atsc_tuner));
Reported by FlawFinder.
Line: 1537
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (state->dst_type == DST_TYPE_IS_TERR)
memcpy(state->tx_tuna, ((state->type_flags & DST_TYPE_HAS_VLF) ? ter_tuna_188 : ter_tuna_204), sizeof (ter_tuna_204));
else if (state->dst_type == DST_TYPE_IS_CABLE)
memcpy(state->tx_tuna, ((state->type_flags & DST_TYPE_HAS_VLF) ? cab_tuna_188 : cab_tuna_204), sizeof (cab_tuna_204));
else if (state->dst_type == DST_TYPE_IS_ATSC)
memcpy(state->tx_tuna, atsc_tuner, sizeof (atsc_tuner));
return 0;
}
Reported by FlawFinder.
tools/perf/util/stat-display.c
16 issues
Line: 199
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (color)
n += color_fprintf(out, color, fmt, val);
else
n += fprintf(out, fmt, val);
fprintf(out, " %-*s", METRIC_LEN - n - 1, unit);
}
static void new_line_csv(struct perf_stat_config *config, void *ctx)
{
Reported by FlawFinder.
Line: 229
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(out, "%s%s", config->csv_sep, config->csv_sep);
return;
}
snprintf(buf, sizeof(buf), fmt, val);
ends = vals = skip_spaces(buf);
while (isdigit(*ends) || *ends == '.')
ends++;
*ends = 0;
fprintf(out, "%s%s%s%s", config->csv_sep, vals, config->csv_sep, skip_spaces(unit));
Reported by FlawFinder.
Line: 295
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!valid_only_metric(unit))
return;
unit = fixunit(tbuf, os->evsel, unit);
snprintf(buf, sizeof buf, fmt, val);
ends = vals = skip_spaces(buf);
while (isdigit(*ends) || *ends == '.')
ends++;
*ends = 0;
fprintf(out, "%s%s", vals, config->csv_sep);
Reported by FlawFinder.
Line: 372
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
aggr_printout(config, evsel, id, nr);
fprintf(output, fmt, avg, config->csv_sep);
if (evsel->unit)
fprintf(output, "%-*s%s",
config->csv_output ? 0 : config->unit_width,
evsel->unit, config->csv_sep);
Reported by FlawFinder.
Line: 1029
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
puts(CONSOLE_CLEAR);
if (!config->iostat_run)
sprintf(prefix, "%6lu.%09lu%s", (unsigned long) ts->tv_sec, ts->tv_nsec, config->csv_sep);
if ((num_print_interval == 0 && !config->csv_output) || config->interval_clear) {
switch (config->aggr_mode) {
case AGGR_NODE:
fprintf(output, "# time node cpus");
Reported by FlawFinder.
Line: 223
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct outstate *os = ctx;
FILE *out = os->fh;
char buf[64], *vals, *ends;
if (unit == NULL || fmt == NULL) {
fprintf(out, "%s%s", config->csv_sep, config->csv_sep);
return;
}
Reported by FlawFinder.
Line: 266
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct outstate *os = ctx;
FILE *out = os->fh;
char buf[1024], str[1024];
unsigned mlen = config->metric_only_len;
if (!valid_only_metric(unit))
return;
unit = fixunit(buf, os->evsel, unit);
Reported by FlawFinder.
Line: 289
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct outstate *os = ctx;
FILE *out = os->fh;
char buf[64], *vals, *ends;
char tbuf[1024];
if (!valid_only_metric(unit))
return;
unit = fixunit(tbuf, os->evsel, unit);
Reported by FlawFinder.
Line: 290
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct outstate *os = ctx;
FILE *out = os->fh;
char buf[64], *vals, *ends;
char tbuf[1024];
if (!valid_only_metric(unit))
return;
unit = fixunit(tbuf, os->evsel, unit);
snprintf(buf, sizeof buf, fmt, val);
Reported by FlawFinder.
Line: 314
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *unit, double val __maybe_unused)
{
struct outstate *os = ctx;
char tbuf[1024];
/* In case of iostat, print metric header for first root port only */
if (config->iostat_run &&
os->evsel->priv != os->evsel->evlist->selected->priv)
return;
Reported by FlawFinder.
include/linux/nfs_xdr.h
16 issues
Line: 1751
Column: 8
CWE codes:
362
20
Suggestion:
Reconsider approach
int (*lookupp) (struct inode *, struct nfs_fh *,
struct nfs_fattr *, struct nfs4_label *);
int (*access) (struct inode *, struct nfs_access_entry *);
int (*readlink)(struct inode *, struct page *, unsigned int,
unsigned int);
int (*create) (struct inode *, struct dentry *,
struct iattr *, int);
int (*remove) (struct inode *, struct dentry *);
void (*unlink_setup) (struct rpc_message *, struct dentry *, struct inode *);
Reported by FlawFinder.
Line: 462
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int open_flags;
fmode_t fmode;
u32 share_access;
u32 access;
__u64 clientid;
struct stateowner_id id;
union {
struct {
struct iattr * attrs; /* UNCHECKED, GUARDED, EXCLUSIVE4_1 */
Reported by FlawFinder.
Line: 907
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct nfs3_accessargs {
struct nfs_fh * fh;
__u32 access;
};
struct nfs3_createargs {
struct nfs_fh * fh;
const char * name;
Reported by FlawFinder.
Line: 968
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct nfs3_accessres {
struct nfs_fattr * fattr;
__u32 access;
};
struct nfs3_readlinkargs {
struct nfs_fh * fh;
unsigned int pgbase;
Reported by FlawFinder.
Line: 1006
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct nfs4_sequence_args seq_args;
const struct nfs_fh * fh;
const u32 * bitmask;
u32 access;
};
struct nfs4_accessres {
struct nfs4_sequence_res seq_res;
const struct nfs_server * server;
Reported by FlawFinder.
Line: 1014
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
const struct nfs_server * server;
struct nfs_fattr * fattr;
u32 supported;
u32 access;
};
struct nfs4_create_arg {
struct nfs4_sequence_args seq_args;
u32 ftype;
Reported by FlawFinder.
Line: 1750
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct nfs4_label *);
int (*lookupp) (struct inode *, struct nfs_fh *,
struct nfs_fattr *, struct nfs4_label *);
int (*access) (struct inode *, struct nfs_access_entry *);
int (*readlink)(struct inode *, struct page *, unsigned int,
unsigned int);
int (*create) (struct inode *, struct dentry *,
struct iattr *, int);
int (*remove) (struct inode *, struct dentry *);
Reported by FlawFinder.
Line: 634
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Arguments to the write call.
*/
struct nfs_write_verifier {
char data[8];
};
struct nfs_writeverf {
struct nfs_write_verifier verifier;
enum nfs3_stable_how committed;
Reported by FlawFinder.
Line: 1168
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const nfs4_verifier * sc_verifier;
u32 sc_prog;
unsigned int sc_netid_len;
char sc_netid[RPCBIND_MAXNETIDLEN + 1];
unsigned int sc_uaddr_len;
char sc_uaddr[RPCBIND_MAXUADDRLEN + 1];
struct nfs_client *sc_clnt;
struct rpc_cred *sc_cred;
};
Reported by FlawFinder.
Line: 1170
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int sc_netid_len;
char sc_netid[RPCBIND_MAXNETIDLEN + 1];
unsigned int sc_uaddr_len;
char sc_uaddr[RPCBIND_MAXUADDRLEN + 1];
struct nfs_client *sc_clnt;
struct rpc_cred *sc_cred;
};
struct nfs4_setclientid_res {
Reported by FlawFinder.
include/scsi/scsi_transport_fc.h
16 issues
Line: 187
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 roles;
bool disable;
enum fc_port_type vport_type; /* only FC_PORTTYPE_NPIV allowed */
char symbolic_name[FC_VPORT_SYMBOLIC_NAMELEN];
};
/*
* FC Virtual Port Attributes
*
Reported by FlawFinder.
Line: 232
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 roles;
u32 vport_id; /* Admin Identifier for the vport */
enum fc_port_type vport_type;
char symbolic_name[FC_VPORT_SYMBOLIC_NAMELEN];
/* exported data */
void *dd_data; /* Used for driver-specific storage */
/* internal data */
Reported by FlawFinder.
Line: 540
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 num_ports;
u32 num_discovered_ports;
u32 bootbios_state;
char serial_number[FC_SERIAL_NUMBER_SIZE];
char manufacturer[FC_SERIAL_NUMBER_SIZE];
char model[FC_SYMBOLIC_NAME_SIZE];
char model_description[FC_SYMBOLIC_NAME_SIZE];
char hardware_version[FC_VERSION_STRING_SIZE];
char driver_version[FC_VERSION_STRING_SIZE];
Reported by FlawFinder.
Line: 541
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 num_discovered_ports;
u32 bootbios_state;
char serial_number[FC_SERIAL_NUMBER_SIZE];
char manufacturer[FC_SERIAL_NUMBER_SIZE];
char model[FC_SYMBOLIC_NAME_SIZE];
char model_description[FC_SYMBOLIC_NAME_SIZE];
char hardware_version[FC_VERSION_STRING_SIZE];
char driver_version[FC_VERSION_STRING_SIZE];
char firmware_version[FC_VERSION_STRING_SIZE];
Reported by FlawFinder.
Line: 542
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 bootbios_state;
char serial_number[FC_SERIAL_NUMBER_SIZE];
char manufacturer[FC_SERIAL_NUMBER_SIZE];
char model[FC_SYMBOLIC_NAME_SIZE];
char model_description[FC_SYMBOLIC_NAME_SIZE];
char hardware_version[FC_VERSION_STRING_SIZE];
char driver_version[FC_VERSION_STRING_SIZE];
char firmware_version[FC_VERSION_STRING_SIZE];
char optionrom_version[FC_VERSION_STRING_SIZE];
Reported by FlawFinder.
Line: 543
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char serial_number[FC_SERIAL_NUMBER_SIZE];
char manufacturer[FC_SERIAL_NUMBER_SIZE];
char model[FC_SYMBOLIC_NAME_SIZE];
char model_description[FC_SYMBOLIC_NAME_SIZE];
char hardware_version[FC_VERSION_STRING_SIZE];
char driver_version[FC_VERSION_STRING_SIZE];
char firmware_version[FC_VERSION_STRING_SIZE];
char optionrom_version[FC_VERSION_STRING_SIZE];
char vendor_identifier[FC_VENDOR_IDENTIFIER];
Reported by FlawFinder.
Line: 544
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char manufacturer[FC_SERIAL_NUMBER_SIZE];
char model[FC_SYMBOLIC_NAME_SIZE];
char model_description[FC_SYMBOLIC_NAME_SIZE];
char hardware_version[FC_VERSION_STRING_SIZE];
char driver_version[FC_VERSION_STRING_SIZE];
char firmware_version[FC_VERSION_STRING_SIZE];
char optionrom_version[FC_VERSION_STRING_SIZE];
char vendor_identifier[FC_VENDOR_IDENTIFIER];
char bootbios_version[FC_SYMBOLIC_NAME_SIZE];
Reported by FlawFinder.
Line: 545
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[FC_SYMBOLIC_NAME_SIZE];
char model_description[FC_SYMBOLIC_NAME_SIZE];
char hardware_version[FC_VERSION_STRING_SIZE];
char driver_version[FC_VERSION_STRING_SIZE];
char firmware_version[FC_VERSION_STRING_SIZE];
char optionrom_version[FC_VERSION_STRING_SIZE];
char vendor_identifier[FC_VENDOR_IDENTIFIER];
char bootbios_version[FC_SYMBOLIC_NAME_SIZE];
Reported by FlawFinder.
Line: 546
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model_description[FC_SYMBOLIC_NAME_SIZE];
char hardware_version[FC_VERSION_STRING_SIZE];
char driver_version[FC_VERSION_STRING_SIZE];
char firmware_version[FC_VERSION_STRING_SIZE];
char optionrom_version[FC_VERSION_STRING_SIZE];
char vendor_identifier[FC_VENDOR_IDENTIFIER];
char bootbios_version[FC_SYMBOLIC_NAME_SIZE];
Reported by FlawFinder.
Line: 547
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hardware_version[FC_VERSION_STRING_SIZE];
char driver_version[FC_VERSION_STRING_SIZE];
char firmware_version[FC_VERSION_STRING_SIZE];
char optionrom_version[FC_VERSION_STRING_SIZE];
char vendor_identifier[FC_VENDOR_IDENTIFIER];
char bootbios_version[FC_SYMBOLIC_NAME_SIZE];
/* Dynamic Attributes */
Reported by FlawFinder.
drivers/net/hippi/rrunner.h
16 issues
Line: 629
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 Firmware;
u32 BoardRevision;
u32 RoadrunnerRev;
char OpticsPart[8];
u32 OpticsRev;
u32 pad1;
char SramPart[8];
u32 SramRev;
u32 pad2;
Reported by FlawFinder.
Line: 632
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char OpticsPart[8];
u32 OpticsRev;
u32 pad1;
char SramPart[8];
u32 SramRev;
u32 pad2;
char EepromPart[8];
u32 EepromRev;
u32 EepromSize;
Reported by FlawFinder.
Line: 635
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char SramPart[8];
u32 SramRev;
u32 pad2;
char EepromPart[8];
u32 EepromRev;
u32 EepromSize;
char PalPart[8];
u32 PalRev;
u32 pad3;
Reported by FlawFinder.
Line: 638
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char EepromPart[8];
u32 EepromRev;
u32 EepromSize;
char PalPart[8];
u32 PalRev;
u32 pad3;
char PalCodeFile[12];
u32 PalCodeRev;
char BoardULA[8];
Reported by FlawFinder.
Line: 641
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char PalPart[8];
u32 PalRev;
u32 pad3;
char PalCodeFile[12];
u32 PalCodeRev;
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
Reported by FlawFinder.
Line: 643
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 pad3;
char PalCodeFile[12];
u32 PalCodeRev;
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
Reported by FlawFinder.
Line: 644
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char PalCodeFile[12];
u32 PalCodeRev;
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
u32 pad4[13];
Reported by FlawFinder.
Line: 645
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 PalCodeRev;
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
u32 pad4[13];
};
Reported by FlawFinder.
Line: 646
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char BoardULA[8];
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
u32 pad4[13];
};
Reported by FlawFinder.
Line: 647
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char SerialNo[8];
char MfgDate[8];
char MfgTime[8];
char ModifyDate[8];
u32 ModCount;
u32 pad4[13];
};
Reported by FlawFinder.