The following issues were found
drivers/rtc/rtc-ds1672.c
2 issues
Line: 31
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2c_client *client = to_i2c_client(dev);
unsigned long time;
unsigned char addr = DS1672_REG_CONTROL;
unsigned char buf[4];
struct i2c_msg msgs[] = {
{/* setup read ptr */
.addr = client->addr,
.len = 1,
Reported by FlawFinder.
Line: 85
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i2c_client *client = to_i2c_client(dev);
int xfer;
unsigned char buf[6];
unsigned long secs = rtc_tm_to_time64(tm);
buf[0] = DS1672_REG_CNT_BASE;
buf[1] = secs & 0x000000FF;
buf[2] = (secs & 0x0000FF00) >> 8;
Reported by FlawFinder.
drivers/rtc/rtc-em3027.c
2 issues
Line: 47
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2c_client *client = to_i2c_client(dev);
unsigned char addr = EM3027_REG_WATCH_SEC;
unsigned char buf[7];
struct i2c_msg msgs[] = {
{/* setup read addr */
.addr = client->addr,
.len = 1,
Reported by FlawFinder.
Line: 83
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int em3027_set_time(struct device *dev, struct rtc_time *tm)
{
struct i2c_client *client = to_i2c_client(dev);
unsigned char buf[8];
struct i2c_msg msg = {
.addr = client->addr,
.len = 8,
.buf = buf, /* write time/date */
Reported by FlawFinder.
drivers/rtc/rtc-ep93xx.c
2 issues
Line: 97
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ep93xx_rtc_get_swcomp(dev->parent, &preload, NULL);
return sprintf(buf, "%d\n", preload);
}
static DEVICE_ATTR_RO(comp_preload);
static ssize_t comp_delete_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 108
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ep93xx_rtc_get_swcomp(dev->parent, NULL, &delete);
return sprintf(buf, "%d\n", delete);
}
static DEVICE_ATTR_RO(comp_delete);
static struct attribute *ep93xx_rtc_attrs[] = {
&dev_attr_comp_preload.attr,
Reported by FlawFinder.
drivers/rtc/rtc-max6902.c
2 issues
Line: 32
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char data)
{
struct spi_device *spi = to_spi_device(dev);
unsigned char buf[2];
/* MSB must be '0' to write */
buf[0] = address & 0x7f;
buf[1] = data;
Reported by FlawFinder.
Line: 56
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int err, century;
struct spi_device *spi = to_spi_device(dev);
unsigned char buf[8];
buf[0] = 0xbf; /* Burst read */
err = spi_write_then_read(spi, buf, 1, buf, 8);
if (err != 0)
Reported by FlawFinder.
drivers/rtc/rtc-rv3028.c
2 issues
Line: 144
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%llu\n",
(unsigned long long)rtc_tm_to_time64(&tm));
};
static DEVICE_ATTR_RW(timestamp0);
Reported by FlawFinder.
Line: 160
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
return sprintf(buf, "%u\n", count);
};
static DEVICE_ATTR_RO(timestamp0_count);
static struct attribute *rv3028_attrs[] = {
Reported by FlawFinder.
drivers/rtc/rtc-rv3029c2.c
2 issues
Line: 606
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", temp_mC);
}
static ssize_t rv3029_hwmon_set_update_interval(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
Line: 659
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
interval_ms = 0;
}
return sprintf(buf, "%d\n", interval_ms);
}
static SENSOR_DEVICE_ATTR(temp1_input, S_IRUGO, rv3029_hwmon_show_temp,
NULL, 0);
static SENSOR_DEVICE_ATTR(update_interval, S_IWUSR | S_IRUGO,
Reported by FlawFinder.
drivers/rtc/rtc-rx8581.c
2 issues
Line: 73
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int rx8581_rtc_read_time(struct device *dev, struct rtc_time *tm)
{
struct i2c_client *client = to_i2c_client(dev);
unsigned char date[7];
unsigned int data;
int err;
struct rx8581 *rx8581 = i2c_get_clientdata(client);
/* First we ensure that the "update flag" is not set, we read the
Reported by FlawFinder.
Line: 140
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i2c_client *client = to_i2c_client(dev);
int err;
unsigned char buf[7];
struct rx8581 *rx8581 = i2c_get_clientdata(client);
dev_dbg(dev, "%s: secs=%d, mins=%d, hours=%d, "
"mday=%d, mon=%d, year=%d, wday=%d\n",
__func__,
Reported by FlawFinder.
drivers/rtc/rtc-sd3078.c
2 issues
Line: 86
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sd3078_rtc_read_time(struct device *dev, struct rtc_time *tm)
{
unsigned char hour;
unsigned char rtc_data[NUM_TIME_REGS] = {0};
struct i2c_client *client = to_i2c_client(dev);
struct sd3078 *sd3078 = i2c_get_clientdata(client);
int ret;
ret = regmap_bulk_read(sd3078->regmap, SD3078_REG_SC, rtc_data,
Reported by FlawFinder.
Line: 124
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sd3078_rtc_set_time(struct device *dev, struct rtc_time *tm)
{
unsigned char rtc_data[NUM_TIME_REGS];
struct i2c_client *client = to_i2c_client(dev);
struct sd3078 *sd3078 = i2c_get_clientdata(client);
int ret;
rtc_data[SD3078_REG_SC] = bin2bcd(tm->tm_sec);
Reported by FlawFinder.
drivers/rtc/rtc-st-lpc.c
2 issues
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_irqsave(&rtc->lock, flags);
memcpy(wkalrm, &rtc->alarm, sizeof(struct rtc_wkalrm));
spin_unlock_irqrestore(&rtc->lock, flags);
return 0;
}
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
now_secs = rtc_tm_to_time64(&now);
alarm_secs = rtc_tm_to_time64(&t->time);
memcpy(&rtc->alarm, t, sizeof(struct rtc_wkalrm));
/* Now many secs to fire */
alarm_secs -= now_secs;
lpa = (unsigned long long)alarm_secs * rtc->clkrate;
Reported by FlawFinder.
drivers/rtc/rtc-starfire.c
2 issues
Line: 18
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static u32 starfire_get_time(void)
{
static char obp_gettod[32];
static u32 unix_tod;
sprintf(obp_gettod, "h# %08x unix-gettod",
(unsigned int) (long) &unix_tod);
prom_feval(obp_gettod);
Reported by FlawFinder.
Line: 21
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static char obp_gettod[32];
static u32 unix_tod;
sprintf(obp_gettod, "h# %08x unix-gettod",
(unsigned int) (long) &unix_tod);
prom_feval(obp_gettod);
return unix_tod;
}
Reported by FlawFinder.