The following issues were found
drivers/hwmon/ltc2992.c
2 issues
Line: 114
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2c_client *client;
struct gpio_chip gc;
struct mutex gpio_mutex; /* lock for gpio access */
const char *gpio_names[LTC2992_GPIO_NR];
struct regmap *regmap;
u32 r_sense_uohm[2];
};
struct ltc2992_gpio_regs {
Reported by FlawFinder.
Line: 183
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
},
};
static const char *ltc2992_gpio_names[LTC2992_GPIO_NR] = {
"GPIO1", "GPIO2", "GPIO3", "GPIO4",
};
static int ltc2992_read_reg(struct ltc2992_state *st, u8 addr, const u8 reg_len)
{
Reported by FlawFinder.
drivers/hwmon/max1111.c
2 issues
Line: 101
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t name_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%s\n", to_spi_device(dev)->modalias);
}
static ssize_t show_adc(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 119
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* Assume the reference voltage to be 2.048V or 4.096V, with an 8-bit
* sample. The LSB weight is 8mV or 16mV depending on the chip type.
*/
return sprintf(buf, "%d\n", ret * data->lsb);
}
#define MAX1111_ADC_ATTR(_id) \
SENSOR_DEVICE_ATTR(in##_id##_input, S_IRUGO, show_adc, NULL, _id)
Reported by FlawFinder.
drivers/hwmon/pmbus/isl68137.c
2 issues
Line: 83
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int val = pmbus_read_byte_data(client, page, PMBUS_OPERATION);
return sprintf(buf, "%d\n",
(val & ISL68137_VOUT_AVS) == ISL68137_VOUT_AVS ? 1 : 0);
}
static ssize_t isl68137_avs_enable_store_page(struct i2c_client *client,
int page,
Reported by FlawFinder.
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info = devm_kzalloc(&client->dev, sizeof(*info), GFP_KERNEL);
if (!info)
return -ENOMEM;
memcpy(info, &raa_dmpvr_info, sizeof(*info));
switch (i2c_match_id(raa_dmpvr_id, client)->driver_data) {
case raa_dmpvr1_2rail:
info->pages = 2;
info->R[PSC_VOLTAGE_IN] = 3;
Reported by FlawFinder.
drivers/hwmon/pmbus/ltc2978.c
2 issues
Line: 589
Column: 29
CWE codes:
126
ret = i2c_smbus_read_block_data(client, PMBUS_MFR_MODEL, buf);
if (ret < 0)
return ret;
for (id = <c2978_id[0]; strlen(id->name); id++) {
if (!strncasecmp(id->name, buf, strlen(id->name)))
return (int)id->driver_data;
}
return -ENODEV;
}
Reported by FlawFinder.
Line: 590
Column: 36
CWE codes:
126
if (ret < 0)
return ret;
for (id = <c2978_id[0]; strlen(id->name); id++) {
if (!strncasecmp(id->name, buf, strlen(id->name)))
return (int)id->driver_data;
}
return -ENODEV;
}
Reported by FlawFinder.
drivers/hwmon/pmbus/max31785.c
2 issues
Line: 55
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int max31785_read_long_data(struct i2c_client *client, int page,
int reg, u32 *data)
{
unsigned char cmdbuf[1];
unsigned char rspbuf[4];
int rc;
struct i2c_msg msg[2] = {
{
Reported by FlawFinder.
Line: 56
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int reg, u32 *data)
{
unsigned char cmdbuf[1];
unsigned char rspbuf[4];
int rc;
struct i2c_msg msg[2] = {
{
.addr = client->addr,
Reported by FlawFinder.
drivers/hwmon/pmbus/q54sj108a2.c
2 issues
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *idxp = file->private_data;
int idx = *idxp;
struct q54sj108a2_data *psu = to_psu(idxp, idx);
char data[I2C_SMBUS_BLOCK_MAX + 2] = { 0 };
char data_char[I2C_SMBUS_BLOCK_MAX + 2] = { 0 };
char *res;
switch (idx) {
case Q54SJ108A2_DEBUGFS_OPERATION:
Reported by FlawFinder.
Line: 80
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int idx = *idxp;
struct q54sj108a2_data *psu = to_psu(idxp, idx);
char data[I2C_SMBUS_BLOCK_MAX + 2] = { 0 };
char data_char[I2C_SMBUS_BLOCK_MAX + 2] = { 0 };
char *res;
switch (idx) {
case Q54SJ108A2_DEBUGFS_OPERATION:
rc = i2c_smbus_read_byte_data(psu->client, PMBUS_OPERATION);
Reported by FlawFinder.
drivers/hwmon/s3c-hwmon.c
2 issues
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct s3c_hwmon_attr {
struct sensor_device_attribute in;
struct sensor_device_attribute label;
char in_name[12];
char label_name[12];
};
/**
* struct s3c_hwmon - ADC hwmon client information
Reported by FlawFinder.
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sensor_device_attribute in;
struct sensor_device_attribute label;
char in_name[12];
char label_name[12];
};
/**
* struct s3c_hwmon - ADC hwmon client information
* @lock: Access lock to serialise the conversions.
Reported by FlawFinder.
drivers/hwmon/sch5636.c
2 issues
Line: 34
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x22, 0x23, 0x24, 0x25, 0x189 };
static const u16 SCH5636_REG_IN_FACTORS[SCH5636_NO_INS] = {
4400, 1500, 4000, 4400, 16000 };
static const char * const SCH5636_IN_LABELS[SCH5636_NO_INS] = {
"3.3V", "VREF", "VBAT", "3.3AUX", "12V" };
static const u16 SCH5636_REG_TEMP_VAL[SCH5636_NO_TEMPS] = {
0x2B, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x180, 0x181,
0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C };
Reported by FlawFinder.
Line: 395
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct sch5636_data *data;
int i, err, val, revision[2];
char id[4];
data = devm_kzalloc(&pdev->dev, sizeof(struct sch5636_data),
GFP_KERNEL);
if (!data)
return -ENOMEM;
Reported by FlawFinder.
drivers/hwmon/smsc47b397.c
2 issues
Line: 164
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct smsc47b397_data *data = smsc47b397_update_device(dev);
return sprintf(buf, "%d\n", temp_from_reg(data->temp[attr->index]));
}
static SENSOR_DEVICE_ATTR_RO(temp1_input, temp, 0);
static SENSOR_DEVICE_ATTR_RO(temp2_input, temp, 1);
static SENSOR_DEVICE_ATTR_RO(temp3_input, temp, 2);
Reported by FlawFinder.
Line: 188
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
struct smsc47b397_data *data = smsc47b397_update_device(dev);
return sprintf(buf, "%d\n", fan_from_reg(data->fan[attr->index]));
}
static SENSOR_DEVICE_ATTR_RO(fan1_input, fan, 0);
static SENSOR_DEVICE_ATTR_RO(fan2_input, fan, 1);
static SENSOR_DEVICE_ATTR_RO(fan3_input, fan, 2);
static SENSOR_DEVICE_ATTR_RO(fan4_input, fan, 3);
Reported by FlawFinder.
drivers/hwmon/wm8350-hwmon.c
2 issues
Line: 43
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int channel = to_sensor_dev_attr(attr)->index;
return sprintf(buf, "%s\n", input_names[channel]);
}
#define WM8350_NAMED_VOLTAGE(id, name) \
static SENSOR_DEVICE_ATTR(in##id##_input, S_IRUGO, show_voltage,\
NULL, name); \
Reported by FlawFinder.
Line: 35
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = wm8350_read_auxadc(wm8350, channel, 0, 0) * WM8350_AUX_COEFF;
val = DIV_ROUND_CLOSEST(val, 1000);
return sprintf(buf, "%d\n", val);
}
static ssize_t show_label(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.