The following issues were found
sound/core/seq/oss/seq_oss_event.c
1 issues
Line: 413
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ev->type = SNDRV_SEQ_EVENT_ECHO;
/* echo back to itself */
snd_seq_oss_fill_addr(dp, ev, dp->addr.client, dp->addr.port);
memcpy(&ev->data, rec, LONG_EVENT_SIZE);
return 0;
}
/*
* event input callback from ALSA sequencer:
Reported by FlawFinder.
sound/core/pcm_timer.c
1 issues
Line: 110
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
tid.subdevice = (substream->number << 1) | (substream->stream & 1);
if (snd_timer_new(substream->pcm->card, "PCM", &tid, &timer) < 0)
return;
sprintf(timer->name, "PCM %s %i-%i-%i",
substream->stream == SNDRV_PCM_STREAM_CAPTURE ?
"capture" : "playback",
tid.card, tid.device, tid.subdevice);
timer->hw = snd_pcm_timer;
if (snd_device_register(timer->card, timer) < 0) {
Reported by FlawFinder.
sound/soc/sunxi/sun4i-spdif.c
1 issues
Line: 517
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
host->pdev = pdev;
/* Initialize this copy of the CPU DAI driver structure */
memcpy(&host->cpu_dai_drv, &sun4i_spdif_dai, sizeof(sun4i_spdif_dai));
host->cpu_dai_drv.name = dev_name(&pdev->dev);
/* Get the addresses */
base = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
if (IS_ERR(base))
Reported by FlawFinder.
sound/soc/fsl/imx-audio-rpmsg.c
1 issues
Line: 63
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case MSG_TYPE_B:
/* TYPE B is response msg */
memcpy(&info->r_msg, r_msg, sizeof(struct rpmsg_r_msg));
complete(&info->cmd_complete);
break;
default:
dev_warn(&rpdev->dev, "unknown msg type\n");
break;
Reported by FlawFinder.
sound/soc/fsl/imx-audmux.c
1 issues
Line: 143
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void audmux_debugfs_init(void)
{
uintptr_t i;
char buf[20];
audmux_debugfs_root = debugfs_create_dir("audmux", NULL);
for (i = 0; i < MX31_AUDMUX_PORT7_SSI_PINS_7 + 1; i++) {
snprintf(buf, sizeof(buf), "ssi%lu", i);
Reported by FlawFinder.
sound/soc/sunxi/sun50i-codec-analog.c
1 issues
Line: 174
-450, 150, 0);
static const DECLARE_TLV_DB_RANGE(sun50i_codec_mic_gain_scale,
0, 0, TLV_DB_SCALE_ITEM(0, 0, 0),
1, 7, TLV_DB_SCALE_ITEM(2400, 300, 0),
);
static const DECLARE_TLV_DB_SCALE(sun50i_codec_hp_vol_scale, -6300, 100, 1);
static const DECLARE_TLV_DB_RANGE(sun50i_codec_lineout_vol_scale,
Reported by Cppcheck.
net/sched/act_ct.c
1 issues
Line: 191
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
act_ct_labels = entry->ct_metadata.labels;
ct_labels = nf_ct_labels_find(ct);
if (ct_labels)
memcpy(act_ct_labels, ct_labels->bits, NF_CT_LABELS_MAX_SIZE);
else
memset(act_ct_labels, 0, NF_CT_LABELS_MAX_SIZE);
}
static int tcf_ct_flow_table_add_action_nat(struct net *net,
Reported by FlawFinder.
sound/soc/sunxi/sun8i-codec-analog.c
1 issues
Line: 201
-450, 150, 0);
static const DECLARE_TLV_DB_RANGE(sun8i_codec_mic_gain_scale,
0, 0, TLV_DB_SCALE_ITEM(0, 0, 0),
1, 7, TLV_DB_SCALE_ITEM(2400, 300, 0),
);
static const struct snd_kcontrol_new sun8i_codec_common_controls[] = {
/* Mixer pre-gain */
SOC_SINGLE_TLV("Mic1 Playback Volume", SUN8I_ADDA_MICIN_GCTRL,
Reported by Cppcheck.
scripts/bin2c.c
1 issues
sound/soc/fsl/mpc5200_dma.h
1 issues
Line: 52
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @capture: Capture stream context data
*/
struct psc_dma {
char name[32];
struct mpc52xx_psc __iomem *psc_regs;
struct mpc52xx_psc_fifo __iomem *fifo_regs;
unsigned int irq;
struct device *dev;
spinlock_t lock;
Reported by FlawFinder.