The following issues were found
drivers/target/sbp/sbp_target.h
2 issues
Line: 168
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Target Unit Identifier (EUI-64) */
u64 guid;
/* Target port name */
char tport_name[SBP_NAMELEN];
/* Returned by sbp_make_tport() */
struct se_wwn tport_wwn;
struct sbp_tpg *tpg;
Reported by FlawFinder.
Line: 221
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sbp_page_table_entry *pg_tbl;
void *cmd_buf;
unsigned char sense_buf[TRANSPORT_SENSE_BUFFER];
};
struct sbp_management_agent {
spinlock_t lock;
struct sbp_tport *tport;
Reported by FlawFinder.
drivers/scsi/snic/snic.h
2 issues
Line: 224
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SNIC_INTRHDLR_NAMSZ (2 * IFNAMSIZ)
struct snic_msix_entry {
int requested;
char devname[SNIC_INTRHDLR_NAMSZ];
irqreturn_t (*isr)(int, void *);
void *devid;
};
enum snic_state {
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snic {
/* snic specific members */
struct list_head list;
char name[IFNAMSIZ];
atomic_t state;
spinlock_t snic_lock;
struct completion *remove_wait;
bool in_remove;
bool stop_link_events; /* stop processing link events */
Reported by FlawFinder.
drivers/usb/misc/cypress_cy7c63.c
2 issues
Line: 65
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* structure to hold all of our device specific stuff */
struct cypress {
struct usb_device * udev;
unsigned char port[2];
};
/* used to send usb control messages to device */
static int vendor_command(struct cypress *dev, unsigned char request,
unsigned char address, unsigned char data)
Reported by FlawFinder.
Line: 177
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dev_dbg(&cyp->udev->dev, "Result of vendor_command: %d\n\n", result);
return sprintf(buf, "%d", cyp->port[port_num]);
}
/* attribute callback handler (read) */
static ssize_t port0_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
drivers/staging/greybus/spilib.c
2 issues
Line: 273
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy tx data */
if (xfer->tx_buf) {
gb_xfer->xfer_flags |= GB_SPI_XFER_WRITE;
memcpy(tx_data, xfer->tx_buf + spi->tx_xfer_offset,
xfer_len);
tx_data += xfer_len;
}
if (xfer->rx_buf)
Reported by FlawFinder.
Line: 315
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
xfer_len = xfer->len;
memcpy(xfer->rx_buf + spi->rx_xfer_offset, rx_data,
xfer_len);
rx_data += xfer_len;
}
if (xfer == spi->last_xfer)
Reported by FlawFinder.
drivers/scsi/megaraid/megaraid_sas_fusion.h
2 issues
Line: 443
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct MR_TM_REQUEST {
char request[128];
};
struct MR_TM_REPLY {
char reply[128];
};
Reported by FlawFinder.
Line: 447
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct MR_TM_REPLY {
char reply[128];
};
/* SCSI Task Management Request Message */
struct MR_TASK_MANAGE_REQUEST {
/*To be type casted to struct MPI2_SCSI_TASK_MANAGE_REQUEST */
Reported by FlawFinder.
drivers/scsi/snic/snic_ctl.c
2 issues
Line: 67
Column: 7
CWE codes:
126
const char *p = s;
/* validate version string */
if ((strlen(s) > 15) || (strlen(s) < 7))
goto end;
while ((c = *p++)) {
if (c == '.') {
i++;
Reported by FlawFinder.
Line: 67
Column: 27
CWE codes:
126
const char *p = s;
/* validate version string */
if ((strlen(s) > 15) || (strlen(s) < 7))
goto end;
while ((c = *p++)) {
if (c == '.') {
i++;
Reported by FlawFinder.
drivers/staging/greybus/audio_codec.c
2 issues
Line: 314
Column: 8
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
}
/* parse dai_id from AIF widget's stream_name */
ret = sscanf(w->sname, "%s %d %s", intf_name, &dai_id, dir);
if (ret < 3) {
dev_err(codec->dev, "Error while parsing dai_id for %s\n", w->name);
return -EINVAL;
}
Reported by FlawFinder.
Line: 303
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gbaudio_module_info *module, int enable)
{
int dai_id, ret;
char intf_name[NAME_SIZE], dir[NAME_SIZE];
dev_dbg(module->dev, "%s:Module update %s sequence\n", w->name,
enable ? "Enable" : "Disable");
if ((w->id != snd_soc_dapm_aif_in) && (w->id != snd_soc_dapm_aif_out)) {
Reported by FlawFinder.
drivers/usb/misc/sisusbvga/sisusb.h
2 issues
Line: 112
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int present; /* !=0 if device is present on the bus */
int ready; /* !=0 if device is ready for userland */
int numobufs; /* number of obufs = number of out urbs */
char *obuf[NUMOBUFS], *ibuf; /* transfer buffers */
int obufsize, ibufsize;
struct urb *sisurbout[NUMOBUFS];
struct urb *sisurbin;
unsigned char urbstatus[NUMOBUFS];
unsigned char completein;
Reported by FlawFinder.
Line: 116
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int obufsize, ibufsize;
struct urb *sisurbout[NUMOBUFS];
struct urb *sisurbin;
unsigned char urbstatus[NUMOBUFS];
unsigned char completein;
struct sisusb_urb_context urbout_context[NUMOBUFS];
unsigned long flagb0;
unsigned long vrambase; /* framebuffer base */
unsigned int vramsize; /* framebuffer size (bytes) */
Reported by FlawFinder.
drivers/staging/fwserial/fwserial.c
2 issues
Line: 142
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int k = 4;
unsigned int sum;
int j;
char t[10];
snprintf(t, 10, "< %d", 1 << k);
seq_printf(m, "\n%14s %6s", " ", t);
for (j = k + 1; j < DISTRIBUTION_MAX_INDEX; ++j)
seq_printf(m, "%6d", 1 << j);
Reported by FlawFinder.
Line: 501
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void fwtty_emit_breaks(struct work_struct *work)
{
struct fwtty_port *port = to_port(to_delayed_work(work), emit_breaks);
static const char buf[16];
unsigned long now = jiffies;
unsigned long elapsed = now - port->break_last;
int n, t, c, brk = 0;
/* generate breaks at the line rate (but at least 1) */
Reported by FlawFinder.
drivers/spmi/spmi-pmic-arb.c
2 issues
Line: 224
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u32 data = __raw_readl(pmic_arb->rd_base + reg);
memcpy(buf, &data, (bc & 3) + 1);
}
/**
* pmic_arb_write_data: write 1..4 bytes from buf to pmic-arb's register
* @bc: byte-count -1. range: 0..3.
Reported by FlawFinder.
Line: 238
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u32 data = 0;
memcpy(&data, buf, (bc & 3) + 1);
__raw_writel(data, pmic_arb->wr_base + reg);
}
static int pmic_arb_wait_for_done(struct spmi_controller *ctrl,
void __iomem *base, u8 sid, u16 addr,
Reported by FlawFinder.