The following issues were found
drivers/atm/ambassador.c
16 issues
Line: 1161
Column: 16
CWE codes:
362
} else {
// no RXer on the channel, just open (with pool zero)
cmd.request = cpu_to_be32 (SRB_OPEN_VC);
cmd.args.open.vc = cpu_to_be32 (vci); // vpi 0
cmd.args.open.flags = cpu_to_be32 (tx_vc_bits << SRB_FLAGS_SHIFT);
cmd.args.open.rate = cpu_to_be32 (tx_rate_bits << SRB_RATE_SHIFT);
while (command_do (dev, &cmd))
schedule();
}
Reported by FlawFinder.
Line: 1162
Column: 16
CWE codes:
362
// no RXer on the channel, just open (with pool zero)
cmd.request = cpu_to_be32 (SRB_OPEN_VC);
cmd.args.open.vc = cpu_to_be32 (vci); // vpi 0
cmd.args.open.flags = cpu_to_be32 (tx_vc_bits << SRB_FLAGS_SHIFT);
cmd.args.open.rate = cpu_to_be32 (tx_rate_bits << SRB_RATE_SHIFT);
while (command_do (dev, &cmd))
schedule();
}
dev->txer[vci].tx_present = 1;
Reported by FlawFinder.
Line: 1163
Column: 16
CWE codes:
362
cmd.request = cpu_to_be32 (SRB_OPEN_VC);
cmd.args.open.vc = cpu_to_be32 (vci); // vpi 0
cmd.args.open.flags = cpu_to_be32 (tx_vc_bits << SRB_FLAGS_SHIFT);
cmd.args.open.rate = cpu_to_be32 (tx_rate_bits << SRB_RATE_SHIFT);
while (command_do (dev, &cmd))
schedule();
}
dev->txer[vci].tx_present = 1;
mutex_unlock(&dev->vcc_sf);
Reported by FlawFinder.
Line: 1194
Column: 16
CWE codes:
362
} else {
// no TXer on the channel, open the VC (with no rate info)
cmd.request = cpu_to_be32 (SRB_OPEN_VC);
cmd.args.open.vc = cpu_to_be32 (vci); // vpi 0
cmd.args.open.flags = cpu_to_be32 (pool << SRB_POOL_SHIFT);
cmd.args.open.rate = cpu_to_be32 (0);
}
while (command_do (dev, &cmd))
schedule();
Reported by FlawFinder.
Line: 1195
Column: 16
CWE codes:
362
// no TXer on the channel, open the VC (with no rate info)
cmd.request = cpu_to_be32 (SRB_OPEN_VC);
cmd.args.open.vc = cpu_to_be32 (vci); // vpi 0
cmd.args.open.flags = cpu_to_be32 (pool << SRB_POOL_SHIFT);
cmd.args.open.rate = cpu_to_be32 (0);
}
while (command_do (dev, &cmd))
schedule();
// this link allows RX frames through
Reported by FlawFinder.
Line: 1196
Column: 16
CWE codes:
362
cmd.request = cpu_to_be32 (SRB_OPEN_VC);
cmd.args.open.vc = cpu_to_be32 (vci); // vpi 0
cmd.args.open.flags = cpu_to_be32 (pool << SRB_POOL_SHIFT);
cmd.args.open.rate = cpu_to_be32 (0);
}
while (command_do (dev, &cmd))
schedule();
// this link allows RX frames through
dev->rxer[vci] = atm_vcc;
Reported by FlawFinder.
Line: 1420
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--) {
amb_stats * s = &dev->stats;
return sprintf (page,
"frames: TX OK %lu, RX OK %lu, RX bad %lu "
"(CRC %lu, long %lu, aborted %lu, unused %lu).\n",
s->tx_ok, s->rx.ok, s->rx.error,
s->rx.badcrc, s->rx.toolong,
s->rx.aborted, s->rx.unused);
Reported by FlawFinder.
Line: 1430
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--) {
amb_cq * c = &dev->cq;
return sprintf (page, "cmd queue [cur/hi/max]: %u/%u/%u. ",
c->pending, c->high, c->maximum);
}
if (!left--) {
amb_txq * t = &dev->txq;
Reported by FlawFinder.
Line: 1436
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--) {
amb_txq * t = &dev->txq;
return sprintf (page, "TX queue [cur/max high full]: %u/%u %u %u.\n",
t->pending, t->maximum, t->high, t->filled);
}
if (!left--) {
unsigned int count = sprintf (page, "RX queues [cur/max/req low empty]:");
Reported by FlawFinder.
Line: 1441
Column: 26
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (!left--) {
unsigned int count = sprintf (page, "RX queues [cur/max/req low empty]:");
for (pool = 0; pool < NUM_RX_POOLS; ++pool) {
amb_rxq * r = &dev->rxq[pool];
count += sprintf (page+count, " %u/%u/%u %u %u",
r->pending, r->maximum, r->buffers_wanted, r->low, r->emptied);
}
Reported by FlawFinder.
include/linux/fortify-string.h
16 issues
Line: 12
Column: 67
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy);
extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove);
extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
#else
Reported by FlawFinder.
Line: 13
Column: 67
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove);
extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
#else
#define __underlying_memchr __builtin_memchr
Reported by FlawFinder.
Line: 41
Column: 24
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return __underlying_strncpy(p, q, size);
}
__FORTIFY_INLINE char *strcat(char *p, const char *q)
{
size_t p_size = __builtin_object_size(p, 1);
if (p_size == (size_t)-1)
return __underlying_strcat(p, q);
Reported by FlawFinder.
Line: 274
Column: 24
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
/* defined after fortified strlen and memcpy to reuse them */
__FORTIFY_INLINE char *strcpy(char *p, const char *q)
{
size_t p_size = __builtin_object_size(p, 1);
size_t q_size = __builtin_object_size(q, 1);
size_t size;
Reported by FlawFinder.
Line: 9
Column: 89
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr);
extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp);
extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy);
extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove);
extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
Reported by FlawFinder.
Line: 178
Column: 24
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return __underlying_memset(p, c, size);
}
__FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
{
size_t p_size = __builtin_object_size(p, 0);
size_t q_size = __builtin_object_size(q, 0);
if (__builtin_constant_p(size)) {
Reported by FlawFinder.
Line: 286
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* test here to use the more stringent object size */
if (p_size < size)
fortify_panic(__func__);
memcpy(p, q, size);
return p;
}
/* Don't use these outside the FORITFY_SOURCE implementation */
#undef __underlying_memchr
Reported by FlawFinder.
Line: 14
Column: 68
CWE codes:
126
extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
#else
#define __underlying_memchr __builtin_memchr
#define __underlying_memcmp __builtin_memcmp
Reported by FlawFinder.
Line: 15
Column: 91
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
#else
#define __underlying_memchr __builtin_memchr
#define __underlying_memcmp __builtin_memcmp
#define __underlying_memcpy __builtin_memcpy
Reported by FlawFinder.
Line: 16
Column: 90
CWE codes:
120
extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
#else
#define __underlying_memchr __builtin_memchr
#define __underlying_memcmp __builtin_memcmp
#define __underlying_memcpy __builtin_memcpy
#define __underlying_memmove __builtin_memmove
Reported by FlawFinder.
drivers/hwmon/adm1031.c
16 issues
Line: 326
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct adm1031_data *data = adm1031_update_device(dev);
return sprintf(buf, "%d\n", GET_FAN_AUTO_BITFIELD(data, nr));
}
static ssize_t
fan_auto_channel_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 391
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct adm1031_data *data = adm1031_update_device(dev);
return sprintf(buf, "%d\n",
AUTO_TEMP_OFF_FROM_REG(data->auto_temp[nr]));
}
static ssize_t auto_temp_min_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 399
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct adm1031_data *data = adm1031_update_device(dev);
return sprintf(buf, "%d\n",
AUTO_TEMP_MIN_FROM_REG(data->auto_temp[nr]));
}
static ssize_t
auto_temp_min_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 429
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct adm1031_data *data = adm1031_update_device(dev);
return sprintf(buf, "%d\n",
AUTO_TEMP_MAX_FROM_REG(data->auto_temp[nr]));
}
static ssize_t
auto_temp_max_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 472
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct adm1031_data *data = adm1031_update_device(dev);
return sprintf(buf, "%d\n", PWM_FROM_REG(data->pwm[nr]));
}
static ssize_t pwm_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
struct adm1031_data *data = dev_get_drvdata(dev);
Reported by FlawFinder.
Line: 565
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
value = trust_fan_readings(data, nr) ? FAN_FROM_REG(data->fan[nr],
FAN_DIV_FROM_REG(data->fan_div[nr])) : 0;
return sprintf(buf, "%d\n", value);
}
static ssize_t fan_div_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 573
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct adm1031_data *data = adm1031_update_device(dev);
return sprintf(buf, "%d\n", FAN_DIV_FROM_REG(data->fan_div[nr]));
}
static ssize_t fan_min_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
int nr = to_sensor_dev_attr(attr)->index;
Reported by FlawFinder.
Line: 580
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct adm1031_data *data = adm1031_update_device(dev);
return sprintf(buf, "%d\n",
FAN_FROM_REG(data->fan_min[nr],
FAN_DIV_FROM_REG(data->fan_div[nr])));
}
static ssize_t fan_min_store(struct device *dev,
struct device_attribute *attr, const char *buf,
Reported by FlawFinder.
Line: 675
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ext = nr == 0 ?
((data->ext_temp[nr] >> 6) & 0x3) * 2 :
(((data->ext_temp[nr] >> ((nr - 1) * 3)) & 7));
return sprintf(buf, "%d\n", TEMP_FROM_REG_EXT(data->temp[nr], ext));
}
static ssize_t temp_offset_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
int nr = to_sensor_dev_attr(attr)->index;
Reported by FlawFinder.
Line: 682
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int nr = to_sensor_dev_attr(attr)->index;
struct adm1031_data *data = adm1031_update_device(dev);
return sprintf(buf, "%d\n",
TEMP_OFFSET_FROM_REG(data->temp_offset[nr]));
}
static ssize_t temp_min_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
fs/udf/inode.c
16 issues
Line: 662
CWE codes:
908
extent.extLocation.partitionReferenceNum = 0;
extent.extLength = EXT_NOT_RECORDED_NOT_ALLOCATED;
} else {
epos.offset -= adsize;
etype = udf_next_aext(inode, &epos, &extent.extLocation,
&extent.extLength, 0);
extent.extLength |= etype << 30;
}
Reported by Cppcheck.
Line: 1764
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
eid = (struct regid *)dsea->impUse;
memset(eid, 0, sizeof(*eid));
strcpy(eid->ident, UDF_ID_DEVELOPER);
eid->identSuffix[0] = UDF_OS_CLASS_UNIX;
eid->identSuffix[1] = UDF_OS_ID_LINUX;
dsea->majorDeviceIdent = cpu_to_le32(imajor(inode));
dsea->minorDeviceIdent = cpu_to_le32(iminor(inode));
}
Reported by FlawFinder.
Line: 1788
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
udf_time_to_disk_stamp(&fe->modificationTime, inode->i_mtime);
udf_time_to_disk_stamp(&fe->attrTime, inode->i_ctime);
memset(&(fe->impIdent), 0, sizeof(struct regid));
strcpy(fe->impIdent.ident, UDF_ID_DEVELOPER);
fe->impIdent.identSuffix[0] = UDF_OS_CLASS_UNIX;
fe->impIdent.identSuffix[1] = UDF_OS_ID_LINUX;
fe->uniqueID = cpu_to_le64(iinfo->i_unique);
fe->lengthExtendedAttr = cpu_to_le32(iinfo->i_lenEAttr);
fe->lengthAllocDescs = cpu_to_le32(iinfo->i_lenAlloc);
Reported by FlawFinder.
Line: 1825
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
udf_time_to_disk_stamp(&efe->attrTime, inode->i_ctime);
memset(&(efe->impIdent), 0, sizeof(efe->impIdent));
strcpy(efe->impIdent.ident, UDF_ID_DEVELOPER);
efe->impIdent.identSuffix[0] = UDF_OS_CLASS_UNIX;
efe->impIdent.identSuffix[1] = UDF_OS_ID_LINUX;
efe->uniqueID = cpu_to_le64(iinfo->i_unique);
efe->lengthExtendedAttr = cpu_to_le32(iinfo->i_lenEAttr);
efe->lengthAllocDescs = cpu_to_le32(iinfo->i_lenAlloc);
Reported by FlawFinder.
Line: 103
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(iinfo->cached_extent.lstart != -1)) {
/* Cache hit */
*lbcount = iinfo->cached_extent.lstart;
memcpy(pos, &iinfo->cached_extent.epos,
sizeof(struct extent_position));
if (pos->bh)
get_bh(pos->bh);
ret = 1;
}
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__udf_clear_extent_cache(inode);
if (pos->bh)
get_bh(pos->bh);
memcpy(&iinfo->cached_extent.epos, pos, sizeof(*pos));
iinfo->cached_extent.lstart = estart;
switch (iinfo->i_alloc_type) {
case ICBTAG_FLAG_AD_SHORT:
iinfo->cached_extent.epos.offset -= sizeof(struct short_ad);
break;
Reported by FlawFinder.
Line: 292
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kaddr = kmap_atomic(page);
memset(kaddr + iinfo->i_lenAlloc, 0x00,
PAGE_SIZE - iinfo->i_lenAlloc);
memcpy(kaddr, iinfo->i_data + iinfo->i_lenEAttr,
iinfo->i_lenAlloc);
flush_dcache_page(page);
SetPageUptodate(page);
kunmap_atomic(kaddr);
}
Reported by FlawFinder.
Line: 315
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lock_page(page);
down_write(&iinfo->i_data_sem);
kaddr = kmap_atomic(page);
memcpy(iinfo->i_data + iinfo->i_lenEAttr, kaddr, inode->i_size);
kunmap_atomic(kaddr);
unlock_page(page);
iinfo->i_alloc_type = ICBTAG_FLAG_AD_IN_ICB;
inode->i_data.a_ops = &udf_adinicb_aops;
up_write(&iinfo->i_data_sem);
Reported by FlawFinder.
Line: 1374
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ie->indirectICB.extLength) {
brelse(ibh);
memcpy(&iinfo->i_location, &loc,
sizeof(struct kernel_lb_addr));
if (++indirections > UDF_MAX_ICB_NESTING) {
udf_err(inode->i_sb,
"too many ICBs in ICB hierarchy"
" (max %d supported)\n",
Reported by FlawFinder.
Line: 1419
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct extendedFileEntry));
if (ret)
goto out;
memcpy(iinfo->i_data,
bh->b_data + sizeof(struct extendedFileEntry),
bs - sizeof(struct extendedFileEntry));
} else if (fe->descTag.tagIdent == cpu_to_le16(TAG_IDENT_FE)) {
iinfo->i_efe = 0;
iinfo->i_use = 0;
Reported by FlawFinder.
arch/sparc/kernel/prom_32.c
16 issues
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return;
regs = rprop->value;
sprintf(tmp_buf, "%s@%x,%x",
name,
regs->which_io, regs->phys_addr);
}
/* "name@slot,offset" */
Reported by FlawFinder.
Line: 85
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return;
regs = prop->value;
sprintf(tmp_buf, "%s@%x,%x",
name,
regs->which_io,
regs->phys_addr);
}
Reported by FlawFinder.
Line: 106
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
regs = prop->value;
devfn = (regs->phys_hi >> 8) & 0xff;
if (devfn & 0x07) {
sprintf(tmp_buf, "%s@%x,%x",
name,
devfn >> 3,
devfn & 0x07);
} else {
sprintf(tmp_buf, "%s@%x",
Reported by FlawFinder.
Line: 111
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
devfn >> 3,
devfn & 0x07);
} else {
sprintf(tmp_buf, "%s@%x",
name,
devfn >> 3);
}
}
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
regs = prop->value;
sprintf(tmp_buf, "%s@%x,%x",
name,
regs->which_io, regs->phys_addr);
}
/* "name@irq,addrlo" */
Reported by FlawFinder.
Line: 163
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
intr = prop->value;
sprintf(tmp_buf, "%s@%x,%x", name, *intr, reg0);
}
static void __init __build_path_component(struct device_node *dp, char *tmp_buf)
{
struct device_node *parent = dp->parent;
Reported by FlawFinder.
Line: 196
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
tmp_buf[0] = '\0';
__build_path_component(dp, tmp_buf);
if (tmp_buf[0] == '\0')
strcpy(tmp_buf, name);
n = prom_early_alloc(strlen(tmp_buf) + 1);
strcpy(n, tmp_buf);
return n;
Reported by FlawFinder.
Line: 199
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(tmp_buf, name);
n = prom_early_alloc(strlen(tmp_buf) + 1);
strcpy(n, tmp_buf);
return n;
}
extern void restore_current(void);
Reported by FlawFinder.
Line: 252
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
sprintf(of_console_path, "%pOF", dp);
if (!strcmp(type, "serial")) {
strcat(of_console_path,
(skip ? ":b" : ":a"));
}
break;
default:
Reported by FlawFinder.
Line: 302
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
prom_printf("No stdout-path in root node.\n");
prom_halt();
}
strcpy(of_console_path, path);
}
break;
}
of_console_options = strrchr(of_console_path, ':');
Reported by FlawFinder.
drivers/net/wireless/intersil/hostap/hostap_80211_tx.c
16 issues
Line: 316
Column: 36
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
/* Called only from software IRQ */
static struct sk_buff * hostap_tx_encrypt(struct sk_buff *skb,
struct lib80211_crypt_data *crypt)
{
struct hostap_interface *iface;
local_info_t *local;
struct ieee80211_hdr *hdr;
int prefix_len, postfix_len, hdr_len, res;
Reported by FlawFinder.
Line: 414
Column: 32
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (local->host_encrypt) {
/* Set crypt to default algorithm and key; will be replaced in
* AP code if STA has own alg/key */
tx.crypt = local->crypt_info.crypt[local->crypt_info.tx_keyidx];
tx.host_encrypt = 1;
} else {
tx.crypt = NULL;
tx.host_encrypt = 0;
}
Reported by FlawFinder.
Line: 486
Column: 63
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
tx.crypt = NULL;
}
if (local->ieee_802_1x && meta->ethertype == ETH_P_PAE && tx.crypt &&
!(fc & IEEE80211_FCTL_PROTECTED)) {
no_encrypt = 1;
PDEBUG(DEBUG_EXTRA2, "%s: TX: IEEE 802.1X - passing "
"unencrypted EAPOL frame\n", dev->name);
tx.crypt = NULL; /* no encryption for IEEE 802.1X frames */
Reported by FlawFinder.
Line: 494
Column: 9
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
tx.crypt = NULL; /* no encryption for IEEE 802.1X frames */
}
if (tx.crypt && (!tx.crypt->ops || !tx.crypt->ops->encrypt_mpdu))
tx.crypt = NULL;
else if ((tx.crypt ||
local->crypt_info.crypt[local->crypt_info.tx_keyidx]) &&
!no_encrypt) {
/* Add ISWEP flag both for firmware and host based encryption
Reported by FlawFinder.
Line: 496
Column: 15
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (tx.crypt && (!tx.crypt->ops || !tx.crypt->ops->encrypt_mpdu))
tx.crypt = NULL;
else if ((tx.crypt ||
local->crypt_info.crypt[local->crypt_info.tx_keyidx]) &&
!no_encrypt) {
/* Add ISWEP flag both for firmware and host based encryption
*/
fc |= IEEE80211_FCTL_PROTECTED;
Reported by FlawFinder.
Line: 497
Column: 22
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (tx.crypt && (!tx.crypt->ops || !tx.crypt->ops->encrypt_mpdu))
tx.crypt = NULL;
else if ((tx.crypt ||
local->crypt_info.crypt[local->crypt_info.tx_keyidx]) &&
!no_encrypt) {
/* Add ISWEP flag both for firmware and host based encryption
*/
fc |= IEEE80211_FCTL_PROTECTED;
hdr->frame_control = cpu_to_le16(fc);
Reported by FlawFinder.
Line: 515
Column: 9
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
goto fail;
}
if (tx.crypt) {
skb = hostap_tx_encrypt(skb, tx.crypt);
if (skb == NULL) {
printk(KERN_DEBUG "%s: TX - encryption failed\n",
dev->name);
ret = NETDEV_TX_OK;
Reported by FlawFinder.
Line: 516
Column: 35
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
}
if (tx.crypt) {
skb = hostap_tx_encrypt(skb, tx.crypt);
if (skb == NULL) {
printk(KERN_DEBUG "%s: TX - encryption failed\n",
dev->name);
ret = NETDEV_TX_OK;
goto fail;
Reported by FlawFinder.
Line: 181
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
is_multicast_ether_addr(skb->data))
eth_broadcast_addr(hdr.addr1);
else if (iface->type == HOSTAP_INTERFACE_WDS)
memcpy(&hdr.addr1, iface->u.wds.remote_addr,
ETH_ALEN);
else
memcpy(&hdr.addr1, local->bssid, ETH_ALEN);
memcpy(&hdr.addr2, dev->dev_addr, ETH_ALEN);
skb_copy_from_linear_data(skb, &hdr.addr3, ETH_ALEN);
Reported by FlawFinder.
Line: 184
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&hdr.addr1, iface->u.wds.remote_addr,
ETH_ALEN);
else
memcpy(&hdr.addr1, local->bssid, ETH_ALEN);
memcpy(&hdr.addr2, dev->dev_addr, ETH_ALEN);
skb_copy_from_linear_data(skb, &hdr.addr3, ETH_ALEN);
} else if (local->iw_mode == IW_MODE_MASTER && !to_assoc_ap) {
fc |= IEEE80211_FCTL_FROMDS;
/* From DS: Addr1 = DA, Addr2 = BSSID, Addr3 = SA */
Reported by FlawFinder.
drivers/scsi/aic7xxx/aic7xxx_osm.c
16 issues
Line: 2537
.show_width = 1,
.set_dt = ahc_linux_set_dt,
.show_dt = 1,
#if 0
.set_iu = ahc_linux_set_iu,
.show_iu = 1,
.set_qas = ahc_linux_set_qas,
.show_qas = 1,
#endif
Reported by Cppcheck.
Line: 508
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
memset(bp, 0, sizeof(buffer));
strcpy(bp, "Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev " AIC7XXX_DRIVER_VERSION "\n"
" <");
strcat(bp, ahc->description);
strcat(bp, ">\n"
" ");
ahc_controller_info(ahc, ahc_info);
strcat(bp, ahc_info);
strcat(bp, "\n");
Reported by FlawFinder.
Line: 512
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(bp, ">\n"
" ");
ahc_controller_info(ahc, ahc_info);
strcat(bp, ahc_info);
strcat(bp, "\n");
return (bp);
}
Reported by FlawFinder.
Line: 1101
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
sprintf(buf, "scsi%d", host->host_no);
new_name = kmalloc(strlen(buf) + 1, GFP_ATOMIC);
if (new_name != NULL) {
strcpy(new_name, buf);
ahc_set_name(ahc, new_name);
}
host->unique_id = ahc->unit;
ahc_linux_initialize_scsi_bus(ahc);
ahc_intr_enable(ahc, TRUE);
Reported by FlawFinder.
Line: 498
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *
ahc_linux_info(struct Scsi_Host *host)
{
static char buffer[512];
char ahc_info[256];
char *bp;
struct ahc_softc *ahc;
bp = &buffer[0];
Reported by FlawFinder.
Line: 499
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ahc_linux_info(struct Scsi_Host *host)
{
static char buffer[512];
char ahc_info[256];
char *bp;
struct ahc_softc *ahc;
bp = &buffer[0];
ahc = *(struct ahc_softc **)host->hostdata;
Reported by FlawFinder.
Line: 506
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
bp = &buffer[0];
ahc = *(struct ahc_softc **)host->hostdata;
memset(bp, 0, sizeof(buffer));
strcpy(bp, "Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev " AIC7XXX_DRIVER_VERSION "\n"
" <");
strcat(bp, ahc->description);
strcat(bp, ">\n"
" ");
ahc_controller_info(ahc, ahc_info);
Reported by FlawFinder.
Line: 509
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(bp, "Adaptec AIC7XXX EISA/VLB/PCI SCSI HBA DRIVER, Rev " AIC7XXX_DRIVER_VERSION "\n"
" <");
strcat(bp, ahc->description);
strcat(bp, ">\n"
" ");
ahc_controller_info(ahc, ahc_info);
strcat(bp, ahc_info);
strcat(bp, "\n");
Reported by FlawFinder.
Line: 1073
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int
ahc_linux_register_host(struct ahc_softc *ahc, struct scsi_host_template *template)
{
char buf[80];
struct Scsi_Host *host;
char *new_name;
u_long s;
int retval;
Reported by FlawFinder.
Line: 1098
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ahc_lock(ahc, &s);
ahc_set_unit(ahc, ahc_linux_unit++);
ahc_unlock(ahc, &s);
sprintf(buf, "scsi%d", host->host_no);
new_name = kmalloc(strlen(buf) + 1, GFP_ATOMIC);
if (new_name != NULL) {
strcpy(new_name, buf);
ahc_set_name(ahc, new_name);
}
Reported by FlawFinder.
drivers/hwmon/amc6821.c
16 issues
Line: 273
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct amc6821_data *data = amc6821_update_device(dev);
int ix = to_sensor_dev_attr(devattr)->index;
return sprintf(buf, "%d\n", data->temp[ix] * 1000);
}
static ssize_t temp_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 349
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
struct amc6821_data *data = amc6821_update_device(dev);
return sprintf(buf, "%d\n", data->pwm1);
}
static ssize_t pwm1_store(struct device *dev,
struct device_attribute *devattr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 374
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *devattr, char *buf)
{
struct amc6821_data *data = amc6821_update_device(dev);
return sprintf(buf, "%d\n", data->pwm1_enable);
}
static ssize_t pwm1_enable_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 429
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf)
{
struct amc6821_data *data = amc6821_update_device(dev);
return sprintf(buf, "%d\n", data->pwm1_auto_channels_temp);
}
static ssize_t temp_auto_point_temp_show(struct device *dev,
struct device_attribute *devattr,
char *buf)
Reported by FlawFinder.
Line: 441
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct amc6821_data *data = amc6821_update_device(dev);
switch (nr) {
case 1:
return sprintf(buf, "%d\n",
data->temp1_auto_point_temp[ix] * 1000);
case 2:
return sprintf(buf, "%d\n",
data->temp2_auto_point_temp[ix] * 1000);
default:
Reported by FlawFinder.
Line: 444
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "%d\n",
data->temp1_auto_point_temp[ix] * 1000);
case 2:
return sprintf(buf, "%d\n",
data->temp2_auto_point_temp[ix] * 1000);
default:
dev_dbg(dev, "Unknown attr->nr (%d).\n", nr);
return -EINVAL;
}
Reported by FlawFinder.
Line: 458
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int ix = to_sensor_dev_attr(devattr)->index;
struct amc6821_data *data = amc6821_update_device(dev);
return sprintf(buf, "%d\n", data->pwm1_auto_point_pwm[ix]);
}
static inline ssize_t set_slope_register(struct i2c_client *client,
u8 reg,
u8 dpwm,
Reported by FlawFinder.
Line: 599
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int ix = to_sensor_dev_attr(devattr)->index;
if (0 == data->fan[ix])
return sprintf(buf, "0");
return sprintf(buf, "%d\n", (int)(6000000 / data->fan[ix]));
}
static ssize_t fan1_fault_show(struct device *dev,
struct device_attribute *devattr, char *buf)
{
Reported by FlawFinder.
Line: 646
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct device_attribute *devattr, char *buf)
{
struct amc6821_data *data = amc6821_update_device(dev);
return sprintf(buf, "%d\n", data->fan1_div);
}
static ssize_t fan1_div_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 330
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -EINVAL;
}
if (flag)
return sprintf(buf, "1");
else
return sprintf(buf, "0");
}
static ssize_t temp2_fault_show(struct device *dev,
Reported by FlawFinder.
net/ipv4/arp.c
16 issues
Line: 202
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
default:
if (dir) {
memcpy(haddr, dev->broadcast, dev->addr_len);
return 0;
}
}
return -EINVAL;
}
Reported by FlawFinder.
Line: 231
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 inaddr_any = INADDR_ANY;
if (dev->flags & (IFF_LOOPBACK | IFF_POINTOPOINT))
memcpy(neigh->primary_key, &inaddr_any, arp_tbl.key_len);
addr = *(__be32 *)neigh->primary_key;
rcu_read_lock();
in_dev = __in_dev_get_rcu(dev);
if (!in_dev) {
Reported by FlawFinder.
Line: 273
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
arp_mc_map(addr, neigh->ha, dev, 1);
} else if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) {
neigh->nud_state = NUD_NOARP;
memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
} else if (neigh->type == RTN_BROADCAST ||
(dev->flags & IFF_POINTOPOINT)) {
neigh->nud_state = NUD_NOARP;
memcpy(neigh->ha, dev->broadcast, dev->addr_len);
}
Reported by FlawFinder.
Line: 277
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (neigh->type == RTN_BROADCAST ||
(dev->flags & IFF_POINTOPOINT)) {
neigh->nud_state = NUD_NOARP;
memcpy(neigh->ha, dev->broadcast, dev->addr_len);
}
if (dev->header_ops->cache)
neigh->ops = &arp_hh_ops;
else
Reported by FlawFinder.
Line: 603
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
arp_ptr = (unsigned char *)(arp + 1);
memcpy(arp_ptr, src_hw, dev->addr_len);
arp_ptr += dev->addr_len;
memcpy(arp_ptr, &src_ip, 4);
arp_ptr += 4;
switch (dev->type) {
Reported by FlawFinder.
Line: 605
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(arp_ptr, src_hw, dev->addr_len);
arp_ptr += dev->addr_len;
memcpy(arp_ptr, &src_ip, 4);
arp_ptr += 4;
switch (dev->type) {
#if IS_ENABLED(CONFIG_FIREWIRE_NET)
case ARPHRD_IEEE1394:
Reported by FlawFinder.
Line: 615
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif
default:
if (target_hw)
memcpy(arp_ptr, target_hw, dev->addr_len);
else
memset(arp_ptr, 0, dev->addr_len);
arp_ptr += dev->addr_len;
}
memcpy(arp_ptr, &dest_ip, 4);
Reported by FlawFinder.
Line: 620
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(arp_ptr, 0, dev->addr_len);
arp_ptr += dev->addr_len;
}
memcpy(arp_ptr, &dest_ip, 4);
return skb;
out:
kfree_skb(skb);
Reported by FlawFinder.
Line: 749
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
arp_ptr = (unsigned char *)(arp + 1);
sha = arp_ptr;
arp_ptr += dev->addr_len;
memcpy(&sip, arp_ptr, 4);
arp_ptr += 4;
switch (dev_type) {
#if IS_ENABLED(CONFIG_FIREWIRE_NET)
case ARPHRD_IEEE1394:
break;
Reported by FlawFinder.
Line: 760
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tha = arp_ptr;
arp_ptr += dev->addr_len;
}
memcpy(&tip, arp_ptr, 4);
/*
* Check for bad requests for 127.x.x.x and requests for multicast
* addresses. If this is one such, delete it.
*/
if (ipv4_is_multicast(tip) ||
Reported by FlawFinder.
tools/perf/util/llvm-utils.c
16 issues
Line: 80
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
output[0] = '\0';
if (def && def[0] != '\0') {
if (def[0] == '/') {
if (access(def, F_OK) == 0) {
strlcpy(output, def, PATH_MAX);
return 0;
}
} else if (def[0] != '\0')
name = def;
Reported by FlawFinder.
Line: 99
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
path = strtok_r(env, ":", &tmp);
while (path) {
scnprintf(buf, sizeof(buf), "%s/%s", path, name);
if (access(buf, F_OK) == 0) {
strlcpy(output, buf, PATH_MAX);
ret = 0;
break;
}
path = strtok_r(NULL, ":", &tmp);
Reported by FlawFinder.
Line: 121
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
size_t read_sz = 0, buf_sz = 0;
char serr[STRERR_BUFSIZE];
file = popen(cmd, "r");
if (!file) {
pr_err("ERROR: unable to popen cmd: %s\n",
str_error_r(errno, serr, sizeof(serr)));
return -EINVAL;
}
Reported by FlawFinder.
Line: 259
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (err < 0)
return -ENOMEM;
if (access(autoconf_path, R_OK) == 0) {
free(autoconf_path);
err = asprintf(kbuild_dir, "%s%s%s", prefix_dir, test_dir,
suffix_dir);
if (err < 0)
Reported by FlawFinder.
Line: 88
Column: 8
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
name = def;
}
env = getenv("PATH");
if (!env)
return -1;
env = strdup(env);
if (!env)
return -1;
Reported by FlawFinder.
Line: 451
Column: 24
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
char *command_echo = NULL, *command_out;
char *perf_include_dir = system_path(PERF_INCLUDE_DIR);
if (path[0] != '-' && realpath(path, abspath) == NULL) {
err = errno;
pr_err("ERROR: problems with path %s: %s\n",
path, str_error_r(err, serr, sizeof(serr)));
return -err;
}
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *output)
{
char *env, *path, *tmp = NULL;
char buf[PATH_MAX];
int ret;
output[0] = '\0';
if (def && def[0] != '\0') {
if (def[0] == '/') {
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *buf = NULL;
FILE *file = NULL;
size_t read_sz = 0, buf_sz = 0;
char serr[STRERR_BUFSIZE];
file = popen(cmd, "r");
if (!file) {
pr_err("ERROR: unable to popen cmd: %s\n",
str_error_r(errno, serr, sizeof(serr)));
Reported by FlawFinder.
Line: 175
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* easier. If buf is not string, that '\0' is out of space
* indicated by read_sz so caller won't even notice it.
*/
((char *)buf)[read_sz] = '\0';
if (!p_buf)
free(buf);
else
*p_buf = buf;
Reported by FlawFinder.
Line: 237
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *suffix_dir = "";
/* _UTSNAME_LENGTH is 65 */
char release[128];
char *autoconf_path;
int err;
Reported by FlawFinder.