The following issues were found
drivers/macintosh/windfarm_mpu.h
2 issues
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline const struct mpu_data *wf_get_mpu(int cpu)
{
struct device_node *np;
char nodename[64];
const void *data;
int len;
/*
* prom.c routine for finding a node by path is a bit brain dead
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* and requires exact @xxx unit numbers. This is a bit ugly but
* will work for these machines
*/
sprintf(nodename, "/u3@0,f8000000/i2c@f8001000/cpuid@a%d", cpu ? 2 : 0);
np = of_find_node_by_path(nodename);
if (!np)
return NULL;
data = of_get_property(np, "cpuid", &len);
of_node_put(np);
Reported by FlawFinder.
drivers/mailbox/ti-msgmgr.c
2 issues
Line: 105
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @rx_buff: Receive buffer pointer allocated at probe, max_message_size
*/
struct ti_queue_inst {
char name[30];
u8 queue_id;
u8 proxy_id;
int irq;
bool is_tx;
void __iomem *queue_buff_start;
Reported by FlawFinder.
Line: 413
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mbox_chan *chan)
{
int ret = 0;
char of_rx_irq_name[7];
struct device_node *np;
snprintf(of_rx_irq_name, sizeof(of_rx_irq_name),
"rx_%03d", d->is_sproxy ? qinst->proxy_id : qinst->queue_id);
Reported by FlawFinder.
drivers/md/bcache/features.c
2 issues
Line: 35
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
continue; \
if (BCH_HAS_ ## type ## _FEATURE(&c->cache->sb, f->mask)) { \
if (first) { \
out += snprintf(out, buf + size - out, \
"["); \
} else { \
out += snprintf(out, buf + size - out, \
" ["); \
} \
Reported by FlawFinder.
Line: 38
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
out += snprintf(out, buf + size - out, \
"["); \
} else { \
out += snprintf(out, buf + size - out, \
" ["); \
} \
} else if (!first) { \
out += snprintf(out, buf + size - out, " "); \
} \
Reported by FlawFinder.
drivers/md/bcache/journal.c
2 issues
Line: 154
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bytes, GFP_KERNEL);
if (!i)
return -ENOMEM;
memcpy(&i->j, j, bytes);
/* Add to the location after 'where' points to */
list_add(&i->list, where);
ret = 1;
if (j->seq > ja->seq[bucket_index])
Reported by FlawFinder.
Line: 924
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
w = journal_wait_for_write(c, bch_keylist_nkeys(keys));
memcpy(bset_bkey_last(w->data), keys->keys, bch_keylist_bytes(keys));
w->data->keys += bch_keylist_nkeys(keys);
ret = &fifo_back(&c->journal.pin);
atomic_inc(ret);
Reported by FlawFinder.
drivers/md/bcache/sysfs.h
2 issues
Line: 54
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define sysfs_printf(file, fmt, ...) \
do { \
if (attr == &sysfs_ ## file) \
return snprintf(buf, PAGE_SIZE, fmt "\n", __VA_ARGS__); \
} while (0)
#define sysfs_print(file, var) \
do { \
if (attr == &sysfs_ ## file) \
Reported by FlawFinder.
Line: 67
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
do { \
if (attr == &sysfs_ ## file) { \
ssize_t ret = bch_hprint(buf, val); \
strcat(buf, "\n"); \
return ret + 1; \
} \
} while (0)
#define var_printf(_var, fmt) sysfs_printf(_var, fmt, var(_var))
Reported by FlawFinder.
drivers/md/bcache/util.c
2 issues
Line: 119
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* '-', up to 3 digits, '.', 1 digit, 1 character, null;
* yields 8 bytes.
*/
return sprintf(buf, "-%llu.%i%c", q, t * 10 / 1024, units[u]);
else
return sprintf(buf, "%llu.%i%c", q, t * 10 / 1024, units[u]);
}
bool bch_is_zero(const char *p, size_t n)
Reported by FlawFinder.
Line: 121
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
return sprintf(buf, "-%llu.%i%c", q, t * 10 / 1024, units[u]);
else
return sprintf(buf, "%llu.%i%c", q, t * 10 / 1024, units[u]);
}
bool bch_is_zero(const char *p, size_t n)
{
size_t i;
Reported by FlawFinder.
drivers/md/dm-core.h
2 issues
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dm_target *immutable_target;
struct target_type *immutable_target_type;
char name[16];
struct gendisk *disk;
struct dax_device *dax_dev;
/*
* A list of ios that arrived while we were suspended.
Reported by FlawFinder.
Line: 250
Column: 20
CWE codes:
126
static inline bool dm_message_test_buffer_overflow(char *result, unsigned maxlen)
{
return !maxlen || strlen(result) + 1 >= maxlen;
}
extern atomic_t dm_global_event_nr;
extern wait_queue_head_t dm_global_eventq;
void dm_issue_global_event(void);
Reported by FlawFinder.
drivers/md/dm-era-target.c
2 issues
Line: 484
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void copy_sm_root(struct era_metadata *md, struct superblock_disk *disk)
{
memcpy(&disk->metadata_space_map_root,
&md->metadata_space_map_root,
sizeof(md->metadata_space_map_root));
}
/*
Reported by FlawFinder.
Line: 1621
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct era *era = ti->private;
ssize_t sz = 0;
struct metadata_stats stats;
char buf[BDEVNAME_SIZE];
switch (type) {
case STATUSTYPE_INFO:
r = in_worker1(era, metadata_get_stats, &stats);
if (r)
Reported by FlawFinder.
drivers/usb/storage/option_ms.c
2 issues
Line: 46
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buffer == NULL)
return USB_STOR_TRANSPORT_ERROR;
memcpy(buffer, rezero_msg, sizeof(rezero_msg));
result = usb_stor_bulk_transfer_buf(us,
us->send_bulk_pipe,
buffer, sizeof(rezero_msg), NULL);
if (result != USB_STOR_XFER_GOOD) {
result = USB_STOR_XFER_ERROR;
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buffer == NULL)
return USB_STOR_TRANSPORT_ERROR;
memcpy(buffer, inquiry_msg, sizeof(inquiry_msg));
result = usb_stor_bulk_transfer_buf(us,
us->send_bulk_pipe,
buffer, sizeof(inquiry_msg), NULL);
if (result != USB_STOR_XFER_GOOD) {
result = USB_STOR_XFER_ERROR;
Reported by FlawFinder.
drivers/usb/storage/protocol.c
2 issues
Line: 146
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buflen - cnt);
if (dir == FROM_XFER_BUF)
memcpy(buffer + cnt, miter.addr, len);
else
memcpy(miter.addr, buffer + cnt, len);
if (*offset + len < miter.piter.sg->length) {
*offset += len;
Reported by FlawFinder.
Line: 148
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dir == FROM_XFER_BUF)
memcpy(buffer + cnt, miter.addr, len);
else
memcpy(miter.addr, buffer + cnt, len);
if (*offset + len < miter.piter.sg->length) {
*offset += len;
*sgptr = miter.piter.sg;
} else {
Reported by FlawFinder.