The following issues were found
net/ipv6/ah6.c
15 issues
Line: 307
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iph_ext = ah_tmp_ext(iph_base);
icv = ah_tmp_icv(ahp->ahash, iph_ext, extlen);
memcpy(ah->auth_data, icv, ahp->icv_trunc_len);
memcpy(top_iph, iph_base, IPV6HDR_BASELEN);
if (extlen) {
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(&top_iph->saddr, iph_ext, extlen);
Reported by FlawFinder.
Line: 308
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
icv = ah_tmp_icv(ahp->ahash, iph_ext, extlen);
memcpy(ah->auth_data, icv, ahp->icv_trunc_len);
memcpy(top_iph, iph_base, IPV6HDR_BASELEN);
if (extlen) {
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(&top_iph->saddr, iph_ext, extlen);
#else
Reported by FlawFinder.
Line: 312
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (extlen) {
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(&top_iph->saddr, iph_ext, extlen);
#else
memcpy(&top_iph->daddr, iph_ext, extlen);
#endif
}
Reported by FlawFinder.
Line: 314
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(&top_iph->saddr, iph_ext, extlen);
#else
memcpy(&top_iph->daddr, iph_ext, extlen);
#endif
}
kfree(AH_SKB_CB(skb)->tmp);
xfrm_output_resume(skb->sk, skb, err);
Reported by FlawFinder.
Line: 385
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* When there are no extension headers, we only need to save the first
* 8 bytes of the base IP header.
*/
memcpy(iph_base, top_iph, IPV6HDR_BASELEN);
if (extlen) {
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(iph_ext, &top_iph->saddr, extlen);
#else
Reported by FlawFinder.
Line: 389
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (extlen) {
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(iph_ext, &top_iph->saddr, extlen);
#else
memcpy(iph_ext, &top_iph->daddr, extlen);
#endif
err = ipv6_clear_mutable_options(top_iph,
extlen - sizeof(*iph_ext) +
Reported by FlawFinder.
Line: 391
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(iph_ext, &top_iph->saddr, extlen);
#else
memcpy(iph_ext, &top_iph->daddr, extlen);
#endif
err = ipv6_clear_mutable_options(top_iph,
extlen - sizeof(*iph_ext) +
sizeof(*top_iph),
XFRM_POLICY_OUT);
Reported by FlawFinder.
Line: 440
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_free;
}
memcpy(ah->auth_data, icv, ahp->icv_trunc_len);
memcpy(top_iph, iph_base, IPV6HDR_BASELEN);
if (extlen) {
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(&top_iph->saddr, iph_ext, extlen);
Reported by FlawFinder.
Line: 441
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(ah->auth_data, icv, ahp->icv_trunc_len);
memcpy(top_iph, iph_base, IPV6HDR_BASELEN);
if (extlen) {
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(&top_iph->saddr, iph_ext, extlen);
#else
Reported by FlawFinder.
Line: 445
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (extlen) {
#if IS_ENABLED(CONFIG_IPV6_MIP6)
memcpy(&top_iph->saddr, iph_ext, extlen);
#else
memcpy(&top_iph->daddr, iph_ext, extlen);
#endif
}
Reported by FlawFinder.
drivers/scsi/scsi_transport_fc.c
15 issues
Line: 222
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
\
for (i = 0; i < ARRAY_SIZE(table); i++) { \
if (table[i].value & table_key) { \
len += sprintf(buf + len, "%s%s", \
prefix, table[i].name); \
prefix = ", "; \
} \
} \
len += sprintf(buf + len, "\n"); \
Reported by FlawFinder.
Line: 1001
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
(rport->port_state == FC_PORTSTATE_DELETED) || \
(rport->port_state == FC_PORTSTATE_NOTPRESENT))) \
i->f->get_rport_##field(rport); \
return snprintf(buf, sz, format_string, cast rport->field); \
}
#define fc_rport_store_function(field) \
static ssize_t \
store_fc_rport_##field(struct device *dev, \
Reported by FlawFinder.
Line: 1050
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct device_attribute *attr, char *buf) \
{ \
struct fc_rport *rport = transport_class_to_rport(dev); \
return snprintf(buf, sz, format_string, cast rport->field); \
}
#define fc_private_rport_rd_attr(field, format_string, sz) \
fc_private_rport_show_function(field, format_string, sz, ) \
static FC_DEVICE_ATTR(rport, field, S_IRUGO, \
Reported by FlawFinder.
Line: 1429
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
fc_starget_##field(starget) = rport->field; \
else if (i->f->get_starget_##field) \
i->f->get_starget_##field(starget); \
return snprintf(buf, sz, format_string, \
cast fc_starget_##field(starget)); \
}
#define fc_starget_rd_attr(field, format_string, sz) \
fc_starget_show_function(field, format_string, sz, ) \
Reported by FlawFinder.
Line: 1482
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
if ((i->f->get_vport_##field) && \
!(vport->flags & (FC_VPORT_DEL | FC_VPORT_CREATING))) \
i->f->get_vport_##field(vport); \
return snprintf(buf, sz, format_string, cast vport->field); \
}
#define fc_vport_store_function(field) \
static ssize_t \
store_fc_vport_##field(struct device *dev, \
Reported by FlawFinder.
Line: 1549
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct device_attribute *attr, char *buf) \
{ \
struct fc_vport *vport = transport_class_to_vport(dev); \
return snprintf(buf, sz, format_string, cast vport->field); \
}
#define fc_private_vport_store_u32_function(field) \
static ssize_t \
store_fc_vport_##field(struct device *dev, \
Reported by FlawFinder.
Line: 1749
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct fc_internal *i = to_fc_internal(shost->transportt); \
if (i->f->get_host_##field) \
i->f->get_host_##field(shost); \
return snprintf(buf, sz, format_string, cast fc_host_##field(shost)); \
}
#define fc_host_store_function(field) \
static ssize_t \
store_fc_host_##field(struct device *dev, \
Reported by FlawFinder.
Line: 1856
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct device_attribute *attr, char *buf) \
{ \
struct Scsi_Host *shost = transport_class_to_shost(dev); \
return snprintf(buf, sz, format_string, cast fc_host_##field(shost)); \
}
#define fc_private_host_rd_attr(field, format_string, sz) \
fc_private_host_show_function(field, format_string, sz, ) \
static FC_DEVICE_ATTR(host, field, S_IRUGO, \
Reported by FlawFinder.
Line: 277
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i, len=0;
for (i = 0; i < FC_FC4_LIST_SIZE; i++, fc4_list++)
len += sprintf(buf + len , "0x%02x ", *fc4_list);
len += sprintf(buf + len, "\n");
return len;
}
Reported by FlawFinder.
Line: 581
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
event->event_num = event_number;
event->event_code = event_code;
if (data_len)
memcpy(&event->event_data, data_buf, data_len);
nlmsg_multicast(scsi_nl_sock, skb, 0, SCSI_NL_GRP_FC_EVENTS,
GFP_KERNEL);
return;
Reported by FlawFinder.
drivers/s390/crypto/zcrypt_api.c
15 issues
Line: 397
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (name[0])
strncpy(nodename, name, sizeof(nodename));
else
snprintf(nodename, sizeof(nodename),
ZCRYPT_NAME "_%d", (int) MINOR(devt));
nodename[sizeof(nodename)-1] = '\0';
if (dev_set_name(&zcdndev->device, nodename)) {
rc = -EINVAL;
goto unlockout;
Reported by FlawFinder.
Line: 309
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *buf, size_t count)
{
int rc;
char name[ZCDN_MAX_NAME];
strncpy(name, skip_spaces(buf), sizeof(name));
name[sizeof(name) - 1] = '\0';
rc = zcdn_create(strim(name));
Reported by FlawFinder.
Line: 327
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *buf, size_t count)
{
int rc;
char name[ZCDN_MAX_NAME];
strncpy(name, skip_spaces(buf), sizeof(name));
name[sizeof(name) - 1] = '\0';
rc = zcdn_destroy(strim(name));
Reported by FlawFinder.
Line: 354
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
dev_t devt;
int i, rc = 0;
char nodename[ZCDN_MAX_NAME];
struct zcdn_device *zcdndev;
if (mutex_lock_interruptible(&ap_perms_mutex))
return -ERESTARTSYS;
Reported by FlawFinder.
Line: 1627
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return rc;
}
case ZCRYPT_STATUS_MASK: {
char status[AP_DEVICES];
zcrypt_status_mask(status, AP_DEVICES);
if (copy_to_user((char __user *) arg, status, sizeof(status)))
return -EFAULT;
return 0;
Reported by FlawFinder.
Line: 1635
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
}
case ZCRYPT_QDEPTH_MASK: {
char qdepth[AP_DEVICES];
zcrypt_qdepth_mask(qdepth, AP_DEVICES);
if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth)))
return -EFAULT;
return 0;
Reported by FlawFinder.
Line: 1685
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
case Z90STAT_STATUS_MASK: {
/* the old ioctl supports only 64 adapters */
char status[MAX_ZDEV_CARDIDS];
zcrypt_status_mask(status, MAX_ZDEV_CARDIDS);
if (copy_to_user((char __user *) arg, status, sizeof(status)))
return -EFAULT;
return 0;
Reported by FlawFinder.
Line: 1694
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
case Z90STAT_QDEPTH_MASK: {
/* the old ioctl supports only 64 adapters */
char qdepth[MAX_ZDEV_CARDIDS];
zcrypt_qdepth_mask(qdepth, MAX_ZDEV_CARDIDS);
if (copy_to_user((char __user *) arg, qdepth, sizeof(qdepth)))
return -EFAULT;
return 0;
Reported by FlawFinder.
Line: 1826
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int user_defined;
unsigned short request_ID;
unsigned int request_control_blk_length;
unsigned char padding1[16 - sizeof(compat_uptr_t)];
compat_uptr_t request_control_blk_addr;
unsigned int request_data_length;
char padding2[16 - sizeof(compat_uptr_t)];
compat_uptr_t request_data_address;
unsigned int reply_control_blk_length;
Reported by FlawFinder.
Line: 1829
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char padding1[16 - sizeof(compat_uptr_t)];
compat_uptr_t request_control_blk_addr;
unsigned int request_data_length;
char padding2[16 - sizeof(compat_uptr_t)];
compat_uptr_t request_data_address;
unsigned int reply_control_blk_length;
char padding3[16 - sizeof(compat_uptr_t)];
compat_uptr_t reply_control_blk_addr;
unsigned int reply_data_length;
Reported by FlawFinder.
tools/perf/util/cs-etm.c
15 issues
Line: 2557
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if ((magic != __perf_cs_etmv3_magic) &&
(magic != __perf_cs_etmv4_magic)) {
/* failure - note bad magic value */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
}
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
Reported by FlawFinder.
Line: 2562
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_CPU], val[i++]);
if (magic == __perf_cs_etmv3_magic) {
nr_params = CS_ETM_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETM_ETMCR;
Reported by FlawFinder.
Line: 2563
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* print common header block */
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_MAGIC], val[i++]);
fprintf(stdout, cs_etm_priv_fmts[CS_ETM_CPU], val[i++]);
if (magic == __perf_cs_etmv3_magic) {
nr_params = CS_ETM_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETM_ETMCR;
/* after common block, offset format index past NR_PARAMS */
Reported by FlawFinder.
Line: 2570
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt_offset = CS_ETM_ETMCR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
} else if (magic == __perf_cs_etmv4_magic) {
nr_params = CS_ETMV4_NR_TRC_PARAMS_V0;
fmt_offset = CS_ETMV4_TRCCONFIGR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
Reported by FlawFinder.
Line: 2576
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt_offset = CS_ETMV4_TRCCONFIGR;
/* after common block, offset format index past NR_PARAMS */
for (j = fmt_offset; j < nr_params + fmt_offset; j++, i++)
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
*offset = i;
return 0;
}
Reported by FlawFinder.
Line: 2595
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETM_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
}
} else if (magic == __perf_cs_etmv4_magic) {
for (j = 0; j < total_params; j++, i++) {
Reported by FlawFinder.
Line: 2597
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (j >= CS_ETM_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etm_priv_fmts[j], val[i]);
}
} else if (magic == __perf_cs_etmv4_magic) {
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETMV4_PRIV_MAX)
Reported by FlawFinder.
Line: 2603
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (j = 0; j < total_params; j++, i++) {
/* if newer record - could be excess params */
if (j >= CS_ETMV4_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
} else {
/* failure - note bad magic value and error out */
Reported by FlawFinder.
Line: 2605
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (j >= CS_ETMV4_PRIV_MAX)
fprintf(stdout, param_unk_fmt, j, val[i]);
else
fprintf(stdout, cs_etmv4_priv_fmts[j], val[i]);
}
} else {
/* failure - note bad magic value and error out */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
Reported by FlawFinder.
Line: 2609
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
} else {
/* failure - note bad magic value and error out */
fprintf(stdout, magic_unk_fmt, magic);
return -EINVAL;
}
*offset = i;
return 0;
}
Reported by FlawFinder.
drivers/net/ethernet/ibm/ibmvnic.c
15 issues
Line: 3025
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
case ETH_SS_PRIV_FLAGS:
for (i = 0; i < ARRAY_SIZE(ibmvnic_priv_flags); i++)
strcpy(data + i * ETH_GSTRING_LEN,
ibmvnic_priv_flags[i]);
break;
default:
return;
}
Reported by FlawFinder.
Line: 113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ibmvnic_sub_crq_queue *tx_scrq);
struct ibmvnic_stat {
char name[ETH_GSTRING_LEN];
int offset;
};
#define IBMVNIC_STAT_OFF(stat) (offsetof(struct ibmvnic_adapter, stats) + \
offsetof(struct ibmvnic_statistics, stat))
Reported by FlawFinder.
Line: 1509
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(hdr_data, 0, 120);
if ((hdr_field >> 6) & 1) {
hdr = skb_mac_header(skb);
memcpy(hdr_data, hdr, hdr_len[0]);
len += hdr_len[0];
}
if ((hdr_field >> 5) & 1) {
hdr = skb_network_header(skb);
Reported by FlawFinder.
Line: 1515
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((hdr_field >> 5) & 1) {
hdr = skb_network_header(skb);
memcpy(hdr_data + len, hdr, hdr_len[1]);
len += hdr_len[1];
}
if ((hdr_field >> 4) & 1) {
hdr = skb_transport_header(skb);
Reported by FlawFinder.
Line: 1521
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((hdr_field >> 4) & 1) {
hdr = skb_transport_header(skb);
memcpy(hdr_data + len, hdr, hdr_len[2]);
len += hdr_len[2];
}
return len;
}
Reported by FlawFinder.
Line: 1569
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr_desc.hdr.l4_len = (u8)hdr_len[2];
hdr_desc.hdr.flag = hdr_field << 1;
}
memcpy(data, cur, tmp);
tmp_len -= tmp;
*scrq_arr = hdr_desc;
scrq_arr++;
num_descs++;
}
Reported by FlawFinder.
Line: 1778
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
const skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
memcpy(dst + cur, skb_frag_address(frag),
skb_frag_size(frag));
cur += skb_frag_size(frag);
}
} else {
skb_copy_from_linear_data(skb, dst, skb->len);
Reported by FlawFinder.
Line: 1854
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
indir_arr[0] = tx_crq;
memcpy(&ind_bufp->indir_arr[ind_bufp->index], &indir_arr[0],
num_entries * sizeof(struct ibmvnic_generic_scrq));
ind_bufp->index += num_entries;
if (__netdev_tx_sent_queue(txq, skb->len,
netdev_xmit_more() &&
ind_bufp->index < IBMVNIC_MAX_IND_DESCS)) {
Reported by FlawFinder.
Line: 2997
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case ETH_SS_STATS:
for (i = 0; i < ARRAY_SIZE(ibmvnic_stats);
i++, data += ETH_GSTRING_LEN)
memcpy(data, ibmvnic_stats[i].name, ETH_GSTRING_LEN);
for (i = 0; i < adapter->req_tx_queues; i++) {
snprintf(data, ETH_GSTRING_LEN, "tx%d_packets", i);
data += ETH_GSTRING_LEN;
Reported by FlawFinder.
Line: 3965
Column: 9
CWE codes:
126
*/
len = 4 * sizeof(struct vnic_login_client_data);
len += 6; /* "Linux" plus NULL */
len += strlen(utsname()->nodename) + 1;
len += strlen(adapter->netdev->name) + 1;
return len;
}
Reported by FlawFinder.
arch/x86/events/intel/uncore_snbep.c
15 issues
Line: 3714
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct dev_ext_attribute *ea = to_dev_ext_attribute(attr);
long die = (long)ea->var;
return sprintf(buf, "%04x:%02x\n", pmu->type->topology[die].segment,
skx_iio_stack(pmu, die));
}
static int skx_msr_cpu_bus_read(int cpu, u64 *topology)
{
Reported by FlawFinder.
Line: 3792
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
pmu_iio_set_mapping(struct intel_uncore_type *type, struct attribute_group *ag)
{
char buf[64];
int ret;
long die = -1;
struct attribute **attrs = NULL;
struct dev_ext_attribute *eas = NULL;
Reported by FlawFinder.
Line: 3814
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto clear_attrs;
for (die = 0; die < uncore_max_dies(); die++) {
sprintf(buf, "die%ld", die);
sysfs_attr_init(&eas[die].attr.attr);
eas[die].attr.attr.name = kstrdup(buf, GFP_KERNEL);
if (!eas[die].attr.attr.name)
goto err;
eas[die].attr.attr.mode = 0444;
Reported by FlawFinder.
Line: 461
Column: 34
CWE codes:
732
DEFINE_UNCORE_FORMAT_ATTR(event2, event, "config:0-6");
DEFINE_UNCORE_FORMAT_ATTR(event_ext, event, "config:0-7,21");
DEFINE_UNCORE_FORMAT_ATTR(use_occ_ctr, use_occ_ctr, "config:7");
DEFINE_UNCORE_FORMAT_ATTR(umask, umask, "config:8-15");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55");
DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16");
Reported by FlawFinder.
Line: 461
Column: 27
CWE codes:
732
DEFINE_UNCORE_FORMAT_ATTR(event2, event, "config:0-6");
DEFINE_UNCORE_FORMAT_ATTR(event_ext, event, "config:0-7,21");
DEFINE_UNCORE_FORMAT_ATTR(use_occ_ctr, use_occ_ctr, "config:7");
DEFINE_UNCORE_FORMAT_ATTR(umask, umask, "config:8-15");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55");
DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16");
Reported by FlawFinder.
Line: 462
Column: 38
CWE codes:
732
DEFINE_UNCORE_FORMAT_ATTR(event_ext, event, "config:0-7,21");
DEFINE_UNCORE_FORMAT_ATTR(use_occ_ctr, use_occ_ctr, "config:7");
DEFINE_UNCORE_FORMAT_ATTR(umask, umask, "config:8-15");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55");
DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16");
DEFINE_UNCORE_FORMAT_ATTR(edge, edge, "config:18");
Reported by FlawFinder.
Line: 463
Column: 39
CWE codes:
732
DEFINE_UNCORE_FORMAT_ATTR(use_occ_ctr, use_occ_ctr, "config:7");
DEFINE_UNCORE_FORMAT_ATTR(umask, umask, "config:8-15");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55");
DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16");
DEFINE_UNCORE_FORMAT_ATTR(edge, edge, "config:18");
DEFINE_UNCORE_FORMAT_ATTR(tid_en, tid_en, "config:19");
Reported by FlawFinder.
Line: 464
Column: 39
CWE codes:
732
DEFINE_UNCORE_FORMAT_ATTR(umask, umask, "config:8-15");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55");
DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16");
DEFINE_UNCORE_FORMAT_ATTR(edge, edge, "config:18");
DEFINE_UNCORE_FORMAT_ATTR(tid_en, tid_en, "config:19");
DEFINE_UNCORE_FORMAT_ATTR(inv, inv, "config:23");
Reported by FlawFinder.
Line: 465
Column: 39
CWE codes:
732
DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39");
DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55");
DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16");
DEFINE_UNCORE_FORMAT_ATTR(edge, edge, "config:18");
DEFINE_UNCORE_FORMAT_ATTR(tid_en, tid_en, "config:19");
DEFINE_UNCORE_FORMAT_ATTR(inv, inv, "config:23");
DEFINE_UNCORE_FORMAT_ATTR(thresh9, thresh, "config:24-35");
Reported by FlawFinder.
Line: 4944
Column: 26
CWE codes:
120
20
static struct uncore_event_desc snr_uncore_imc_freerunning_events[] = {
INTEL_UNCORE_EVENT_DESC(dclk, "event=0xff,umask=0x10"),
INTEL_UNCORE_EVENT_DESC(read, "event=0xff,umask=0x20"),
INTEL_UNCORE_EVENT_DESC(read.scale, "6.103515625e-5"),
INTEL_UNCORE_EVENT_DESC(read.unit, "MiB"),
INTEL_UNCORE_EVENT_DESC(write, "event=0xff,umask=0x21"),
INTEL_UNCORE_EVENT_DESC(write.scale, "6.103515625e-5"),
INTEL_UNCORE_EVENT_DESC(write.unit, "MiB"),
Reported by FlawFinder.
net/core/sock.c
15 issues
Line: 231
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
x "AF_QIPCRTR", x "AF_SMC" , x "AF_XDP" , \
x "AF_MAX"
static const char *const af_family_key_strings[AF_MAX+1] = {
_sock_locks("sk_lock-")
};
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
Reported by FlawFinder.
Line: 234
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_key_strings[AF_MAX+1] = {
_sock_locks("sk_lock-")
};
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
static const char *const af_family_clock_key_strings[AF_MAX+1] = {
_sock_locks("clock-")
};
Reported by FlawFinder.
Line: 237
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_slock_key_strings[AF_MAX+1] = {
_sock_locks("slock-")
};
static const char *const af_family_clock_key_strings[AF_MAX+1] = {
_sock_locks("clock-")
};
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
Reported by FlawFinder.
Line: 241
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_sock_locks("clock-")
};
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
};
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
Reported by FlawFinder.
Line: 244
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_key_strings[AF_MAX+1] = {
_sock_locks("k-sk_lock-")
};
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
Reported by FlawFinder.
Line: 247
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
_sock_locks("k-slock-")
};
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
Reported by FlawFinder.
Line: 250
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
_sock_locks("k-clock-")
};
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
Reported by FlawFinder.
Line: 253
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
_sock_locks("rlock-")
};
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
static const char *const af_family_elock_key_strings[AF_MAX+1] = {
_sock_locks("elock-")
};
Reported by FlawFinder.
Line: 256
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
_sock_locks("wlock-")
};
static const char *const af_family_elock_key_strings[AF_MAX+1] = {
_sock_locks("elock-")
};
/*
* sk_callback_lock and sk queues locking rules are per-address-family,
Reported by FlawFinder.
Line: 632
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = -ENOPROTOOPT;
#ifdef CONFIG_NETDEVICES
struct net *net = sock_net(sk);
char devname[IFNAMSIZ];
int index;
ret = -EINVAL;
if (optlen < 0)
goto out;
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
15 issues
Line: 3983
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int gfx_v10_0_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[40];
char *wks = "";
int err;
struct amdgpu_firmware_info *info = NULL;
const struct common_firmware_header *header = NULL;
const struct gfx_firmware_header_v1_0 *cp_hdr;
Reported by FlawFinder.
Line: 4465
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return r;
}
memcpy(fw, fw_data, fw_size);
amdgpu_bo_kunmap(adev->gfx.mec.mec_fw_obj);
amdgpu_bo_unreserve(adev->gfx.mec.mec_fw_obj);
}
Reported by FlawFinder.
Line: 4655
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->doorbell_index = adev->doorbell_index.gfx_ring0 << 1;
else
ring->doorbell_index = adev->doorbell_index.gfx_ring1 << 1;
sprintf(ring->name, "gfx_%d.%d.%d", ring->me, ring->pipe, ring->queue);
irq_type = AMDGPU_CP_IRQ_GFX_ME0_PIPE0_EOP + ring->pipe;
r = amdgpu_ring_init(adev, ring, 1024, &adev->gfx.eop_irq, irq_type,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
Reported by FlawFinder.
Line: 4685
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->doorbell_index = (adev->doorbell_index.mec_ring0 + ring_id) << 1;
ring->eop_gpu_addr = adev->gfx.mec.hpd_eop_gpu_addr
+ (ring_id * GFX10_MEC_HPD_SIZE);
sprintf(ring->name, "comp_%d.%d.%d", ring->me, ring->pipe, ring->queue);
irq_type = AMDGPU_CP_IRQ_COMPUTE_MEC1_PIPE0_EOP
+ ((ring->me - 1) * adev->gfx.mec.num_pipe_per_mec)
+ ring->pipe;
hw_prio = amdgpu_gfx_is_high_priority_compute_queue(adev, ring) ?
Reported by FlawFinder.
Line: 5393
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy toc from psp sos fw to rlc toc buffer */
memcpy(adev->gfx.rlc.rlc_toc_buf, adev->psp.toc_start_addr, adev->psp.toc_bin_size);
rlc_toc = (RLC_TABLE_OF_CONTENT *)adev->gfx.rlc.rlc_toc_buf;
while (rlc_toc && (rlc_toc->id > FIRMWARE_ID_INVALID) &&
(rlc_toc->id < FIRMWARE_ID_MAX)) {
if ((rlc_toc->id >= FIRMWARE_ID_CP_CE) &&
Reported by FlawFinder.
Line: 5488
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fw_size > toc_fw_size)
fw_size = toc_fw_size;
memcpy(ptr + toc_offset, fw_data, fw_size);
if (fw_size < toc_fw_size)
memset(ptr + toc_offset + fw_size, 0, toc_fw_size - fw_size);
}
Reported by FlawFinder.
Line: 5882
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return r;
}
memcpy(adev->gfx.pfp.pfp_fw_ptr, fw_data, fw_size);
amdgpu_bo_kunmap(adev->gfx.pfp.pfp_fw_obj);
amdgpu_bo_unreserve(adev->gfx.pfp.pfp_fw_obj);
/* Trigger an invalidation of the L1 instruction caches */
Reported by FlawFinder.
Line: 5960
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return r;
}
memcpy(adev->gfx.ce.ce_fw_ptr, fw_data, fw_size);
amdgpu_bo_kunmap(adev->gfx.ce.ce_fw_obj);
amdgpu_bo_unreserve(adev->gfx.ce.ce_fw_obj);
/* Trigger an invalidation of the L1 instruction caches */
Reported by FlawFinder.
Line: 6037
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return r;
}
memcpy(adev->gfx.me.me_fw_ptr, fw_data, fw_size);
amdgpu_bo_kunmap(adev->gfx.me.me_fw_obj);
amdgpu_bo_unreserve(adev->gfx.me.me_fw_obj);
/* Trigger an invalidation of the L1 instruction caches */
Reported by FlawFinder.
Line: 6656
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nv_grbm_select(adev, 0, 0, 0, 0);
mutex_unlock(&adev->srbm_mutex);
if (adev->gfx.me.mqd_backup[mqd_idx])
memcpy(adev->gfx.me.mqd_backup[mqd_idx], mqd, sizeof(*mqd));
} else if (amdgpu_in_reset(adev)) {
/* reset mqd with the backup copy */
if (adev->gfx.me.mqd_backup[mqd_idx])
memcpy(mqd, adev->gfx.me.mqd_backup[mqd_idx], sizeof(*mqd));
/* reset the ring */
Reported by FlawFinder.
fs/nfsd/vfs.c
15 issues
Line: 607
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* Check server access rights to a file system object
*/
struct accessmap {
u32 access;
int how;
};
static struct accessmap nfs3_regaccess[] = {
{ NFS3_ACCESS_READ, NFSD_MAY_READ },
{ NFS3_ACCESS_EXECUTE, NFSD_MAY_EXEC },
Reported by FlawFinder.
Line: 658
Column: 62
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
};
__be32
nfsd_access(struct svc_rqst *rqstp, struct svc_fh *fhp, u32 *access, u32 *supported)
{
struct accessmap *map;
struct svc_export *export;
struct dentry *dentry;
u32 query, result = 0, sresult = 0;
Reported by FlawFinder.
Line: 681
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
map = nfs3_anyaccess;
query = *access;
for (; map->access; map++) {
if (map->access & query) {
__be32 err2;
sresult |= map->access;
Reported by FlawFinder.
Line: 682
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
query = *access;
for (; map->access; map++) {
if (map->access & query) {
__be32 err2;
sresult |= map->access;
Reported by FlawFinder.
Line: 683
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
query = *access;
for (; map->access; map++) {
if (map->access & query) {
__be32 err2;
sresult |= map->access;
err2 = nfsd_permission(rqstp, export, dentry, map->how);
Reported by FlawFinder.
Line: 686
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (map->access & query) {
__be32 err2;
sresult |= map->access;
err2 = nfsd_permission(rqstp, export, dentry, map->how);
switch (err2) {
case nfs_ok:
result |= map->access;
Reported by FlawFinder.
Line: 691
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
err2 = nfsd_permission(rqstp, export, dentry, map->how);
switch (err2) {
case nfs_ok:
result |= map->access;
break;
/* the following error codes just mean the access was not allowed,
* rather than an error occurred */
case nfserr_rofs:
Reported by FlawFinder.
Line: 716
Column: 52
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
#endif /* CONFIG_NFSD_V3 */
int nfsd_open_break_lease(struct inode *inode, int access)
{
unsigned int mode;
if (access & NFSD_MAY_NOT_BREAK_LEASE)
return 0;
Reported by FlawFinder.
Line: 720
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
unsigned int mode;
if (access & NFSD_MAY_NOT_BREAK_LEASE)
return 0;
mode = (access & NFSD_MAY_WRITE) ? O_WRONLY : O_RDONLY;
return break_lease(inode, mode | O_NONBLOCK);
}
Reported by FlawFinder.
Line: 722
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (access & NFSD_MAY_NOT_BREAK_LEASE)
return 0;
mode = (access & NFSD_MAY_WRITE) ? O_WRONLY : O_RDONLY;
return break_lease(inode, mode | O_NONBLOCK);
}
/*
* Open an existing file or directory.
Reported by FlawFinder.
drivers/usb/early/xhci-dbc.c
15 issues
Line: 496
CWE codes:
476
xdbc.flags |= XDBC_FLAGS_IN_PROCESS;
} else {
memset(xdbc.out_buf, 0, XDBC_MAX_PACKET);
memcpy(xdbc.out_buf, data, size);
addr = xdbc.out_dma;
xdbc.flags |= XDBC_FLAGS_OUT_PROCESS;
}
xdbc_queue_trb(ring, lower_32_bits(addr), upper_32_bits(addr), length, control);
Reported by Cppcheck.
Line: 496
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
xdbc.flags |= XDBC_FLAGS_IN_PROCESS;
} else {
memset(xdbc.out_buf, 0, XDBC_MAX_PACKET);
memcpy(xdbc.out_buf, data, size);
addr = xdbc.out_dma;
xdbc.flags |= XDBC_FLAGS_OUT_PROCESS;
}
xdbc_queue_trb(ring, lower_32_bits(addr), upper_32_bits(addr), length, control);
Reported by FlawFinder.
Line: 867
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void early_xdbc_write(struct console *con, const char *str, u32 n)
{
static char buf[XDBC_MAX_PACKET];
int chunk, ret;
int use_cr = 0;
if (!xdbc.xdbc_reg)
return;
Reported by FlawFinder.
Line: 271
Column: 22
CWE codes:
126
/* Serial string: */
s_desc = (struct usb_string_descriptor *)strings->serial;
s_desc->bLength = (strlen(XDBC_STRING_SERIAL) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
xdbc_put_utf16(s_desc->wData, XDBC_STRING_SERIAL, strlen(XDBC_STRING_SERIAL));
string_length = s_desc->bLength;
string_length <<= 8;
Reported by FlawFinder.
Line: 274
Column: 52
CWE codes:
126
s_desc->bLength = (strlen(XDBC_STRING_SERIAL) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
xdbc_put_utf16(s_desc->wData, XDBC_STRING_SERIAL, strlen(XDBC_STRING_SERIAL));
string_length = s_desc->bLength;
string_length <<= 8;
/* Product string: */
s_desc = (struct usb_string_descriptor *)strings->product;
Reported by FlawFinder.
Line: 280
Column: 22
CWE codes:
126
/* Product string: */
s_desc = (struct usb_string_descriptor *)strings->product;
s_desc->bLength = (strlen(XDBC_STRING_PRODUCT) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
xdbc_put_utf16(s_desc->wData, XDBC_STRING_PRODUCT, strlen(XDBC_STRING_PRODUCT));
string_length += s_desc->bLength;
string_length <<= 8;
Reported by FlawFinder.
Line: 283
Column: 53
CWE codes:
126
s_desc->bLength = (strlen(XDBC_STRING_PRODUCT) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
xdbc_put_utf16(s_desc->wData, XDBC_STRING_PRODUCT, strlen(XDBC_STRING_PRODUCT));
string_length += s_desc->bLength;
string_length <<= 8;
/* Manufacture string: */
s_desc = (struct usb_string_descriptor *)strings->manufacturer;
Reported by FlawFinder.
Line: 289
Column: 22
CWE codes:
126
/* Manufacture string: */
s_desc = (struct usb_string_descriptor *)strings->manufacturer;
s_desc->bLength = (strlen(XDBC_STRING_MANUFACTURER) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
xdbc_put_utf16(s_desc->wData, XDBC_STRING_MANUFACTURER, strlen(XDBC_STRING_MANUFACTURER));
string_length += s_desc->bLength;
string_length <<= 8;
Reported by FlawFinder.
Line: 292
Column: 58
CWE codes:
126
s_desc->bLength = (strlen(XDBC_STRING_MANUFACTURER) + 1) * 2;
s_desc->bDescriptorType = USB_DT_STRING;
xdbc_put_utf16(s_desc->wData, XDBC_STRING_MANUFACTURER, strlen(XDBC_STRING_MANUFACTURER));
string_length += s_desc->bLength;
string_length <<= 8;
/* String0: */
strings->string0[0] = 4;
Reported by FlawFinder.
Line: 457
Column: 58
CWE codes:
120
20
return 0;
}
static int xdbc_bulk_transfer(void *data, int size, bool read)
{
struct xdbc_ring *ring;
struct xdbc_trb *trb;
u32 length, control;
u32 cycle;
Reported by FlawFinder.