The following issues were found
drivers/power/supply/sc27xx_fuel_gauge.c
1 issues
Line: 982
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (IS_ERR(buf))
return PTR_ERR(buf);
memcpy(&calib_data, buf, min(len, sizeof(u32)));
/*
* Get the ADC value corresponding to 4200 mV from eFuse controller
* according to below formula. Then convert to ADC values corresponding
* to 1000 mV and 1000 mA.
Reported by FlawFinder.
drivers/power/supply/mp2629_charger.c
1 issues
Line: 522
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ret;
rval = (rval >> 4) * 10;
return sprintf(buf, "%d mohm\n", rval);
}
static ssize_t batt_impedance_compensation_store(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
drivers/power/supply/max8925_power.c
1 issues
Line: 161
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int start_measure(struct max8925_power_info *info, int type)
{
unsigned char buf[2] = {0, 0};
int meas_cmd;
int meas_reg = 0, ret;
switch (type) {
case MEASURE_VCHG:
Reported by FlawFinder.
net/ceph/crush/mapper.c
1 issues
Line: 1073
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (recurse_to_leaf)
/* copy final _leaf_ values to output set */
memcpy(o, c, osize*sizeof(*o));
/* swap o and w arrays */
tmp = o;
o = w;
w = tmp;
Reported by FlawFinder.
include/target/iscsi/iscsi_transport.h
1 issues
Line: 8
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iscsit_transport {
#define ISCSIT_TRANSPORT_NAME 16
char name[ISCSIT_TRANSPORT_NAME];
int transport_type;
bool rdma_shutdown;
int priv_size;
struct module *owner;
struct list_head t_node;
Reported by FlawFinder.
net/ceph/decode.c
1 issues
Line: 130
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(addr, &tmp_addr, sizeof(*addr));
found = true;
}
}
if (found)
Reported by FlawFinder.
include/linux/trace_seq.h
1 issues
Line: 15
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct trace_seq {
char buffer[PAGE_SIZE];
struct seq_buf seq;
int full;
};
static inline void
Reported by FlawFinder.
include/sound/soundfont.h
1 issues
Line: 49
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*struct snd_soundfont *prev;*/ /* Link to previous */
short id; /* file id */
short type; /* font type */
unsigned char name[SNDRV_SFNT_PATCH_NAME_LEN]; /* identifier */
struct snd_sf_zone *zones; /* Font information */
struct snd_sf_sample *samples; /* The sample headers */
};
/*
Reported by FlawFinder.
include/sound/soc-acpi.h
1 issues
Line: 181
Column: 57
CWE codes:
126
static inline bool snd_soc_acpi_sof_parent(struct device *dev)
{
return dev->parent && dev->parent->driver && dev->parent->driver->name &&
!strncmp(dev->parent->driver->name, "sof-audio-acpi", strlen("sof-audio-acpi"));
}
#endif
Reported by FlawFinder.
net/ceph/string_table.c
1 issues
Line: 46
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kref_init(&cs->kref);
cs->len = len;
memcpy(cs->str, str, len);
cs->str[len] = 0;
retry:
exist = NULL;
parent = NULL;
Reported by FlawFinder.