The following issues were found
drivers/platform/mips/cpu_hwmon.c
2 issues
Line: 112
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
int id = (to_sensor_dev_attr(attr))->index - 1;
return sprintf(buf, "CPU %d Temperature\n", id);
}
static ssize_t get_cpu_temp(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 121
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int id = (to_sensor_dev_attr(attr))->index - 1;
int value = loongson3_cpu_temp(id);
return sprintf(buf, "%d\n", value);
}
static int create_sysfs_cputemp_files(struct kobject *kobj)
{
int i, ret = 0;
Reported by FlawFinder.
drivers/platform/surface/aggregator/controller.c
2 issues
Line: 1000
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
item->event.target_id = cmd->tid_in;
item->event.command_id = cmd->cid;
item->event.instance_id = cmd->iid;
memcpy(&item->event.data[0], data->ptr, data->len);
if (WARN_ON(ssam_cplt_submit_event(&ctrl->cplt, item)))
ssam_event_item_free(item);
}
Reported by FlawFinder.
Line: 1527
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
r->resp->length = data->len;
memcpy(r->resp->pointer, data->ptr, data->len);
}
static void ssam_request_sync_release(struct ssh_request *rqst)
{
complete_all(&container_of(rqst, struct ssam_request_sync, base)->comp);
Reported by FlawFinder.
drivers/platform/surface/aggregator/trace.h
2 issues
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static inline void ssam_trace_ptr_uid(const void *ptr, char *uid_str)
{
char buf[2 * sizeof(void *) + 1];
BUILD_BUG_ON(ARRAY_SIZE(buf) < SSAM_PTR_UID_LEN);
snprintf(buf, ARRAY_SIZE(buf), "%p", ptr);
memcpy(uid_str, &buf[ARRAY_SIZE(buf) - SSAM_PTR_UID_LEN],
Reported by FlawFinder.
Line: 113
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUILD_BUG_ON(ARRAY_SIZE(buf) < SSAM_PTR_UID_LEN);
snprintf(buf, ARRAY_SIZE(buf), "%p", ptr);
memcpy(uid_str, &buf[ARRAY_SIZE(buf) - SSAM_PTR_UID_LEN],
SSAM_PTR_UID_LEN);
}
/**
* ssam_trace_get_packet_seq() - Read the packet's sequence ID.
Reported by FlawFinder.
drivers/platform/surface/surface3-wmi.c
2 issues
Line: 127
Column: 6
CWE codes:
126
ts_adev = data;
if (strncmp(acpi_device_bid(adev), SPI_TS_OBJ_NAME,
strlen(SPI_TS_OBJ_NAME)))
return AE_OK;
if (*ts_adev) {
pr_err("duplicate entry %s\n", SPI_TS_OBJ_NAME);
return AE_OK;
Reported by FlawFinder.
Line: 159
Column: 6
CWE codes:
126
/* ignore non SPI controllers */
if (strncmp(acpi_device_bid(adev), SPI_CTL_OBJ_NAME,
strlen(SPI_CTL_OBJ_NAME)))
return 0;
status = acpi_walk_namespace(ACPI_TYPE_DEVICE, handle, 1,
s3_wmi_attach_spi_device, NULL,
&ts_adev, NULL);
Reported by FlawFinder.
drivers/platform/x86/dell/dell-smbios-smm.c
2 issues
Line: 95
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
command.ecx = 0x42534931;
mutex_lock(&smm_mutex);
memcpy(buffer, input, size);
dcdbas_smi_request(&command);
memcpy(input, buffer, size);
mutex_unlock(&smm_mutex);
return 0;
}
Reported by FlawFinder.
Line: 97
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock(&smm_mutex);
memcpy(buffer, input, size);
dcdbas_smi_request(&command);
memcpy(input, buffer, size);
mutex_unlock(&smm_mutex);
return 0;
}
/* When enabled this indicates that SMM won't work */
Reported by FlawFinder.
drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c
2 issues
Line: 98
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
char *buf)
{
return sprintf(buf, "integer\n");
}
static struct kobj_attribute integer_type =
__ATTR_RO(type);
static struct attribute *integer_attrs[] = {
Reported by FlawFinder.
Line: 58
Column: 27
CWE codes:
126
* validate input to avoid setting 0 when integer input passed with + sign
*/
if (*buf == '+')
memmove(buf, (buf + 1), strlen(buf + 1) + 1);
return ret;
}
attribute_s_property_show(display_name_language_code, integer);
Reported by FlawFinder.
drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c
2 issues
Line: 84
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr,
char *buf)
{
return sprintf(buf, "string\n");
}
static struct kobj_attribute str_type =
__ATTR_RO(type);
static struct attribute *str_attrs[] = {
Reported by FlawFinder.
Line: 44
Column: 15
CWE codes:
126
*/
static int validate_str_input(int instance_id, const char *buf)
{
int in_len = strlen(buf);
if ((in_len < wmi_priv.str_data[instance_id].min_length) ||
(in_len > wmi_priv.str_data[instance_id].max_length))
return -EINVAL;
Reported by FlawFinder.
drivers/platform/x86/hp_accel.c
2 issues
Line: 345
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
lis3_dev.init = lis3lv02d_acpi_init;
lis3_dev.read = lis3lv02d_acpi_read;
lis3_dev.write = lis3lv02d_acpi_write;
strcpy(acpi_device_name(device), DRIVER_NAME);
strcpy(acpi_device_class(device), ACPI_MDPS_CLASS);
device->driver_data = &lis3_dev;
/* obtain IRQ number of our device from ACPI */
lis3lv02d_enum_resources(device);
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
lis3_dev.read = lis3lv02d_acpi_read;
lis3_dev.write = lis3lv02d_acpi_write;
strcpy(acpi_device_name(device), DRIVER_NAME);
strcpy(acpi_device_class(device), ACPI_MDPS_CLASS);
device->driver_data = &lis3_dev;
/* obtain IRQ number of our device from ACPI */
lis3lv02d_enum_resources(device);
Reported by FlawFinder.
drivers/platform/x86/intel-rst.c
2 issues
Line: 26
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ACPI_FAILURE(status))
return -EINVAL;
return sprintf(buf, "%lld\n", value);
}
static ssize_t irst_store_wakeup_events(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 70
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ACPI_FAILURE(status))
return -EINVAL;
return sprintf(buf, "%lld\n", value);
}
static ssize_t irst_store_wakeup_time(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/platform/x86/intel/int3472/intel_skl_int3472_common.h
2 issues
Line: 87
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct int3472_sensor_config *sensor_config;
struct int3472_gpio_regulator {
char regulator_name[GPIO_REGULATOR_NAME_LENGTH];
char supply_name[GPIO_REGULATOR_SUPPLY_NAME_LENGTH];
struct gpio_desc *gpio;
struct regulator_dev *rdev;
struct regulator_desc rdesc;
} regulator;
Reported by FlawFinder.
Line: 88
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct int3472_gpio_regulator {
char regulator_name[GPIO_REGULATOR_NAME_LENGTH];
char supply_name[GPIO_REGULATOR_SUPPLY_NAME_LENGTH];
struct gpio_desc *gpio;
struct regulator_dev *rdev;
struct regulator_desc rdesc;
} regulator;
Reported by FlawFinder.