The following issues were found
drivers/hsi/hsi_core.c
2 issues
Line: 23
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t modalias_show(struct device *dev,
struct device_attribute *a __maybe_unused, char *buf)
{
return sprintf(buf, "hsi:%s\n", dev_name(dev));
}
static DEVICE_ATTR_RO(modalias);
static struct attribute *hsi_bus_dev_attrs[] = {
&dev_attr_modalias.attr,
Reported by FlawFinder.
Line: 202
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hsi_client *cl;
struct hsi_channel channel;
struct property *prop;
char name[32];
int length, cells, err, i, max_chan, mode;
cl = kzalloc(sizeof(*cl), GFP_KERNEL);
if (!cl)
return;
Reported by FlawFinder.
drivers/hv/channel.c
2 issues
Line: 715
CWE codes:
476
open_msg->target_vp = hv_cpu_number_to_vp_number(newchannel->target_cpu);
if (userdatalen)
memcpy(open_msg->userdata, userdata, userdatalen);
spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
list_add_tail(&open_info->msglistentry,
&vmbus_connection.chn_msg_list);
spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
Reported by Cppcheck.
Line: 715
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
open_msg->target_vp = hv_cpu_number_to_vp_number(newchannel->target_cpu);
if (userdatalen)
memcpy(open_msg->userdata, userdata, userdatalen);
spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
list_add_tail(&open_info->msglistentry,
&vmbus_connection.chn_msg_list);
spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
Reported by FlawFinder.
drivers/hv/hv_utils_transport.c
2 issues
Line: 233
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cn_msg->id.idx = hvt->cn_id.idx;
cn_msg->id.val = hvt->cn_id.val;
cn_msg->len = len;
memcpy(cn_msg->data, msg, len);
ret = cn_netlink_send(cn_msg, 0, 0, GFP_ATOMIC);
kfree(cn_msg);
/*
* We don't know when netlink messages are delivered but unlike
* in CHARDEV mode we're not blocked and we can send next
Reported by FlawFinder.
Line: 259
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
hvt->outmsg = kzalloc(len, GFP_KERNEL);
if (hvt->outmsg) {
memcpy(hvt->outmsg, msg, len);
hvt->outmsg_len = len;
hvt->on_read = on_read_cb;
wake_up_interruptible(&hvt->outmsg_q);
} else
ret = -ENOMEM;
Reported by FlawFinder.
drivers/hwmon/ad7314.c
2 issues
Line: 71
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
data = (ret & AD7314_TEMP_MASK) >> AD7314_TEMP_SHIFT;
data = sign_extend32(data, 9);
return sprintf(buf, "%d\n", 250 * data);
case adt7301:
case adt7302:
/*
* Documented as a 13 bit twos complement register
* with a sign bit - which is a 14 bit 2's complement
Reported by FlawFinder.
Line: 82
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
data = ret & ADT7301_TEMP_MASK;
data = sign_extend32(data, 13);
return sprintf(buf, "%d\n",
DIV_ROUND_CLOSEST(data * 3125, 100));
default:
return -EINVAL;
}
}
Reported by FlawFinder.
drivers/hwmon/ad7418.c
2 issues
Line: 137
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n",
LM75_TEMP_FROM_REG(data->temp[attr->index]));
}
static ssize_t adc_show(struct device *dev, struct device_attribute *devattr,
char *buf)
Reported by FlawFinder.
Line: 152
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n",
((data->in[attr->index] >> 6) * 2500 + 512) / 1024);
}
static ssize_t temp_store(struct device *dev,
struct device_attribute *devattr, const char *buf,
Reported by FlawFinder.
drivers/hwmon/adm9240.c
2 issues
Line: 230
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (err < 0)
return err;
vid |= (regval & 1) << 4;
return sprintf(buf, "%d\n", vid_from_reg(vid, data->vrm));
}
static DEVICE_ATTR_RO(cpu0_vid);
static ssize_t aout_output_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 245
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (err)
return err;
return sprintf(buf, "%d\n", AOUT_FROM_REG(regval));
}
static ssize_t aout_output_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/hwmon/corsair-cpro.c
2 issues
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int target[6];
DECLARE_BITMAP(temp_cnct, NUM_TEMP_SENSORS);
DECLARE_BITMAP(fan_cnct, NUM_FANS);
char fan_label[6][LABEL_LENGTH];
};
/* converts response error in buffer to errno */
static int ccp_get_errno(struct ccp_device *ccp)
{
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (completion_done(&ccp->wait_input_report))
return 0;
memcpy(ccp->buffer, data, min(IN_BUFFER_SIZE, size));
complete(&ccp->wait_input_report);
return 0;
}
Reported by FlawFinder.
drivers/hwmon/ds620.c
2 issues
Line: 138
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (IS_ERR(data))
return PTR_ERR(data);
return sprintf(buf, "%d\n", ((data->temp[attr->index] / 8) * 625) / 10);
}
static ssize_t temp_store(struct device *dev, struct device_attribute *da,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 194
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return res;
}
return sprintf(buf, "%d\n", !!(conf & attr->index));
}
static SENSOR_DEVICE_ATTR_RO(temp1_input, temp, 0);
static SENSOR_DEVICE_ATTR_RW(temp1_min, temp, 1);
static SENSOR_DEVICE_ATTR_RW(temp1_max, temp, 2);
Reported by FlawFinder.
drivers/hwmon/gsc-hwmon.c
2 issues
Line: 68
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ret;
ret = regs[0] | regs[1] << 8;
return sprintf(buf, "%d\n", ret * 10);
}
static ssize_t pwm_auto_point_temp_store(struct device *dev,
struct device_attribute *devattr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 103
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
return sprintf(buf, "%d\n", 255 * (50 + (attr->index * 10)) / 100);
}
static SENSOR_DEVICE_ATTR_RO(pwm1_auto_point1_pwm, pwm_auto_point_pwm, 0);
static SENSOR_DEVICE_ATTR_RW(pwm1_auto_point1_temp, pwm_auto_point_temp, 0);
Reported by FlawFinder.
drivers/hwmon/ltc2947-core.c
2 issues
Line: 292
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
u8 offset = reg - LTC2947_REG_STATUS;
/* +1 to include status reg */
char alarms[LTC2947_ALERTS_SIZE + 1];
int ret = 0;
memset(alarms, 0, sizeof(alarms));
mutex_lock(&st->lock);
Reported by FlawFinder.
Line: 336
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* value in microJoule. st->lsb_energy was multiplied by 10E9 */
val = div_s64(val * st->lsb_energy, 1000);
return sprintf(buf, "%lld\n", val);
}
static int ltc2947_read_temp(struct device *dev, const u32 attr, long *val,
const int channel)
{
Reported by FlawFinder.