The following issues were found
drivers/power/supply/bq27xxx_battery_i2c.c
1 issues
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENODEV;
buf[0] = reg;
memcpy(&buf[1], data, len);
msg.buf = buf;
msg.addr = client->addr;
msg.flags = 0;
msg.len = len + 1;
Reported by FlawFinder.
drivers/power/supply/bq27xxx_battery.c
1 issues
Line: 1117
Column: 16
CWE codes:
120
20
if (!di || di->regs[reg_index] == INVALID_REG_ADDR)
return -EINVAL;
ret = di->bus.read(di, di->regs[reg_index], single);
if (ret < 0)
dev_dbg(di->dev, "failed to read register 0x%02x (index %d)\n",
di->regs[reg_index], reg_index);
return ret;
Reported by FlawFinder.
drivers/power/supply/bd99954-charger.c
1 issues
Line: 471
CWE codes:
908
*state_fields[i].data = tmp;
}
if (state->vbus_vcc_status & STATUS_VCC_DET ||
state->vbus_vcc_status & STATUS_VBUS_DET)
state->online = 1;
else
state->online = 0;
Reported by Cppcheck.
drivers/s390/cio/cio_inject.c
1 issues
Line: 74
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_irqsave(&crw_inject_lock, flags);
if (crw_inject_data) {
memcpy(crw, crw_inject_data, sizeof(*crw));
kfree(crw_inject_data);
crw_inject_data = NULL;
rc = 0;
}
spin_unlock_irqrestore(&crw_inject_lock, flags);
Reported by FlawFinder.
drivers/power/supply/88pm860x_charger.c
1 issues
Line: 118
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int measure_vchg(struct pm860x_charger_info *info, int *data)
{
unsigned char buf[2];
int ret = 0;
ret = pm860x_bulk_read(info->i2c, PM8607_VCHG_MEAS1, 2, buf);
if (ret < 0)
return ret;
Reported by FlawFinder.
drivers/power/reset/vexpress-poweroff.c
1 issues
Line: 56
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t vexpress_reset_active_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", vexpress_restart_device == dev);
}
static ssize_t vexpress_reset_active_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/power/reset/reboot-mode.c
1 issues
Line: 67
Column: 15
CWE codes:
126
struct mode_info *info;
struct property *prop;
struct device_node *np = reboot->dev->of_node;
size_t len = strlen(PREFIX);
int ret;
INIT_LIST_HEAD(&reboot->head);
for_each_property_of_node(np, prop) {
Reported by FlawFinder.
drivers/s390/cio/device_fsm.c
1 issues
Line: 764
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Unit check but no sense data. Need basic sense. */
if (ccw_device_do_sense(cdev, irb) != 0)
goto call_handler_unsol;
memcpy(&cdev->private->dma_area->irb, irb,
sizeof(struct irb));
cdev->private->state = DEV_STATE_W4SENSE;
cdev->private->intparm = 0;
return;
}
Reported by FlawFinder.
drivers/s390/cio/device_ops.c
1 issues
Line: 510
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
mutex_lock(&chp->lock);
memcpy(util_str, chp->desc_fmt3.util_str, sizeof(chp->desc_fmt3.util_str));
mutex_unlock(&chp->lock);
return util_str;
}
Reported by FlawFinder.
drivers/pnp/support.c
1 issues
Line: 106
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void dbg_pnp_show_option(struct pnp_dev *dev, struct pnp_option *option)
{
char buf[128];
int len = 0, i;
struct pnp_port *port;
struct pnp_mem *mem;
struct pnp_irq *irq;
struct pnp_dma *dma;
Reported by FlawFinder.