The following issues were found
drivers/pnp/pnpbios/pnpbios.h
1 issues
Line: 146
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 rmdseg; /* real mode data segment */
u32 pm16dseg; /* 16 bit pm data segment base */
} fields;
char chars[0x21]; /* To calculate the checksum */
};
#pragma pack()
extern int pnp_bios_present(void);
extern int pnpbios_dont_use_current_config;
Reported by FlawFinder.
drivers/s390/cio/fcx.c
1 issues
Line: 316
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dcw->count = count;
dcw->cd_count = cd_count;
if (cd)
memcpy(&dcw->cd[0], cd, cd_count);
tccb->tcah.tcal += size;
return dcw;
}
EXPORT_SYMBOL(tccb_add_dcw);
Reported by FlawFinder.
drivers/s390/cio/ioasm.c
1 issues
Line: 174
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int chsc(void *chsc_area)
{
typedef struct { char _[4096]; } addr_type;
int cc = -EIO;
asm volatile(
" .insn rre,0xb25f0000,%[chsc_area],0\n"
"0: ipm %[cc]\n"
Reported by FlawFinder.
drivers/pnp/driver.c
1 issues
Line: 31
Column: 22
CWE codes:
126
int compare_pnp_id(struct pnp_id *pos, const char *id)
{
if (!pos || !id || (strlen(id) != 7))
return 0;
if (memcmp(id, "ANYDEVS", 7) == 0)
return 1;
while (pos) {
if (memcmp(pos->id, id, 3) == 0)
Reported by FlawFinder.
drivers/pnp/core.c
1 issues
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int pnp_add_device(struct pnp_dev *dev)
{
int ret;
char buf[128];
int len = 0;
struct pnp_id *id;
if (dev->card)
return -EINVAL;
Reported by FlawFinder.
drivers/platform/x86/wmi-bmof.c
1 issues
Line: 45
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (count > priv->bmofdata->buffer.length - off)
count = priv->bmofdata->buffer.length - off;
memcpy(buf, priv->bmofdata->buffer.pointer + off, count);
return count;
}
static int wmi_bmof_probe(struct wmi_device *wdev, const void *context)
{
Reported by FlawFinder.
drivers/s390/cio/scm.c
1 issues
Line: 93
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int ret; \
\
device_lock(dev); \
ret = sprintf(buf, "%u\n", scmdev->attrs.name); \
device_unlock(dev); \
\
return ret; \
} \
static DEVICE_ATTR(name, S_IRUGO, show_##name, NULL);
Reported by FlawFinder.
drivers/platform/x86/toshiba_haps.c
1 issues
Line: 63
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct toshiba_haps_dev *haps = dev_get_drvdata(dev);
return sprintf(buf, "%i\n", haps->protection_level);
}
static ssize_t protection_level_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/s390/cio/vfio_ccw_chp.c
1 issues
Line: 35
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(region, &private->sch->schib, sizeof(*region));
if (copy_to_user(buf, (void *)region + pos, count)) {
ret = -EFAULT;
goto out;
}
Reported by FlawFinder.
drivers/platform/x86/system76_acpi.c
1 issues
Line: 144
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
led = (struct led_classdev *)dev->driver_data;
data = container_of(led, struct system76_data, kb_led);
return sprintf(buf, "%06X\n", data->kb_color);
}
// Set the keyboard LED color
static ssize_t kb_led_color_store(
struct device *dev,
Reported by FlawFinder.