The following issues were found
drivers/media/usb/dvb-usb/ttusb2.c
13 issues
Line: 95
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
s[1] = ++st->id;
s[2] = cmd;
s[3] = wlen;
memcpy(&s[4],wbuf,wlen);
ret = dvb_usb_generic_rw(d, s, wlen+4, r, 64, 0);
if (ret != 0 ||
r[0] != 0x55 ||
Reported by FlawFinder.
Line: 111
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (rlen > 0)
memcpy(rbuf, &r[4], rlen);
kfree(s);
kfree(r);
return 0;
Reported by FlawFinder.
Line: 126
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 rx[60];/* (64 -4) */
ret = ttusb2_msg(d, cmd, data, write_len, rx, read_len);
if (!ret)
memcpy(data, rx, read_len);
return ret;
}
static int tt3650_ci_msg_locked(struct dvb_ca_en50221 *ca, u8 cmd, u8 *data, unsigned int write_len, unsigned int read_len)
{
Reported by FlawFinder.
Line: 292
Column: 80
CWE codes:
362
return ret;
}
static int tt3650_ci_poll_slot_status(struct dvb_ca_en50221 *ca, int slot, int open)
{
u8 buf[1];
int ret;
if (slot)
Reported by FlawFinder.
Line: 414
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
obuf[2] = 0;
memcpy(&obuf[3], msg[i].buf, msg[i].len);
if (ttusb2_msg(d, CMD_I2C_XFER, obuf, obuf[1]+3, ibuf, obuf[2] + 3) < 0) {
err("i2c transfer failed.");
break;
}
Reported by FlawFinder.
Line: 422
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (write_read) {
memcpy(msg[i+1].buf, &ibuf[3], msg[i+1].len);
i++;
} else if (read)
memcpy(msg[i].buf, &ibuf[3], msg[i].len);
}
Reported by FlawFinder.
Line: 425
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(msg[i+1].buf, &ibuf[3], msg[i+1].len);
i++;
} else if (read)
memcpy(msg[i].buf, &ibuf[3], msg[i].len);
}
mutex_unlock(&d->i2c_mutex);
return i;
}
Reported by FlawFinder.
Line: 372
Column: 21
CWE codes:
120
20
{
struct dvb_usb_device *d = i2c_get_adapdata(adap);
static u8 obuf[60], ibuf[60];
int i, write_read, read;
if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
return -EAGAIN;
if (num > 2)
Reported by FlawFinder.
Line: 393
Column: 14
CWE codes:
120
20
err("i2c rd len=%d too high", msg[i+1].len);
break;
}
} else if (read) {
if (3 + msg[i].len > sizeof(ibuf)) {
err("i2c rd len=%d too high", msg[i].len);
break;
}
}
Reported by FlawFinder.
tools/perf/ui/browsers/scripts.c
13 issues
Line: 143
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret = -1;
goto out;
}
sprintf(script_name, "%s script %s", perf, script_args);
} else if (choice < num + max_std) {
strcpy(script_name, paths[choice]);
}
*custom = choice >= max_std;
Reported by FlawFinder.
Line: 145
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
sprintf(script_name, "%s script %s", perf, script_args);
} else if (choice < num + max_std) {
strcpy(script_name, paths[choice]);
}
*custom = choice >= max_std;
out:
free(buf);
Reported by FlawFinder.
Line: 160
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
pr_debug("Running %s\n", cmd);
SLang_reset_tty();
if (system(cmd) < 0)
pr_warning("Cannot run %s\n", cmd);
/*
* SLang doesn't seem to reset the whole terminal, so be more
* forceful to get back to the original state.
*/
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char **paths;
int index;
const char *perf;
char extra_format[256];
};
void attr_to_script(char *extra_format, struct perf_event_attr *attr)
{
extra_format[0] = 0;
Reported by FlawFinder.
Line: 38
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
{
extra_format[0] = 0;
if (attr->read_format & PERF_FORMAT_GROUP)
strcat(extra_format, " -F +metric");
if (attr->sample_type & PERF_SAMPLE_BRANCH_STACK)
strcat(extra_format, " -F +brstackinsn --xed");
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
strcat(extra_format, " -F +iregs");
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
Reported by FlawFinder.
Line: 40
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (attr->read_format & PERF_FORMAT_GROUP)
strcat(extra_format, " -F +metric");
if (attr->sample_type & PERF_SAMPLE_BRANCH_STACK)
strcat(extra_format, " -F +brstackinsn --xed");
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
strcat(extra_format, " -F +iregs");
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
strcat(extra_format, " -F +uregs");
if (attr->sample_type & PERF_SAMPLE_PHYS_ADDR)
Reported by FlawFinder.
Line: 42
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (attr->sample_type & PERF_SAMPLE_BRANCH_STACK)
strcat(extra_format, " -F +brstackinsn --xed");
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
strcat(extra_format, " -F +iregs");
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
strcat(extra_format, " -F +uregs");
if (attr->sample_type & PERF_SAMPLE_PHYS_ADDR)
strcat(extra_format, " -F +phys_addr");
}
Reported by FlawFinder.
Line: 44
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (attr->sample_type & PERF_SAMPLE_REGS_INTR)
strcat(extra_format, " -F +iregs");
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
strcat(extra_format, " -F +uregs");
if (attr->sample_type & PERF_SAMPLE_PHYS_ADDR)
strcat(extra_format, " -F +phys_addr");
}
static int add_script_option(const char *name, const char *opt,
Reported by FlawFinder.
Line: 46
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (attr->sample_type & PERF_SAMPLE_REGS_USER)
strcat(extra_format, " -F +uregs");
if (attr->sample_type & PERF_SAMPLE_PHYS_ADDR)
strcat(extra_format, " -F +phys_addr");
}
static int add_script_option(const char *name, const char *opt,
struct script_config *c)
{
Reported by FlawFinder.
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int list_scripts(char *script_name, bool *custom,
struct evsel *evsel)
{
char *buf, *paths[SCRIPT_MAX_NO], *names[SCRIPT_MAX_NO];
int i, num, choice;
int ret = 0;
int max_std, custom_perf;
char pbuf[256];
const char *perf = perf_exe(pbuf, sizeof pbuf);
Reported by FlawFinder.
drivers/media/usb/cpia2/cpia2_v4l.c
13 issues
Line: 218
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strscpy(vc->card, "CPiA2 Camera", sizeof(vc->card));
switch (cam->params.pnp_id.device_type) {
case DEVICE_STV_672:
strcat(vc->card, " (672/");
break;
case DEVICE_STV_676:
strcat(vc->card, " (676/");
break;
default:
Reported by FlawFinder.
Line: 221
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(vc->card, " (672/");
break;
case DEVICE_STV_676:
strcat(vc->card, " (676/");
break;
default:
strcat(vc->card, " (XXX/");
break;
}
Reported by FlawFinder.
Line: 224
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(vc->card, " (676/");
break;
default:
strcat(vc->card, " (XXX/");
break;
}
switch (cam->params.version.sensor_flags) {
case CPIA2_VP_SENSOR_FLAGS_404:
strcat(vc->card, "404)");
Reported by FlawFinder.
Line: 229
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
}
switch (cam->params.version.sensor_flags) {
case CPIA2_VP_SENSOR_FLAGS_404:
strcat(vc->card, "404)");
break;
case CPIA2_VP_SENSOR_FLAGS_407:
strcat(vc->card, "407)");
break;
case CPIA2_VP_SENSOR_FLAGS_409:
Reported by FlawFinder.
Line: 232
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(vc->card, "404)");
break;
case CPIA2_VP_SENSOR_FLAGS_407:
strcat(vc->card, "407)");
break;
case CPIA2_VP_SENSOR_FLAGS_409:
strcat(vc->card, "409)");
break;
case CPIA2_VP_SENSOR_FLAGS_410:
Reported by FlawFinder.
Line: 235
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(vc->card, "407)");
break;
case CPIA2_VP_SENSOR_FLAGS_409:
strcat(vc->card, "409)");
break;
case CPIA2_VP_SENSOR_FLAGS_410:
strcat(vc->card, "410)");
break;
case CPIA2_VP_SENSOR_FLAGS_500:
Reported by FlawFinder.
Line: 238
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(vc->card, "409)");
break;
case CPIA2_VP_SENSOR_FLAGS_410:
strcat(vc->card, "410)");
break;
case CPIA2_VP_SENSOR_FLAGS_500:
strcat(vc->card, "500)");
break;
default:
Reported by FlawFinder.
Line: 241
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(vc->card, "410)");
break;
case CPIA2_VP_SENSOR_FLAGS_500:
strcat(vc->card, "500)");
break;
default:
strcat(vc->card, "XXX)");
break;
}
Reported by FlawFinder.
Line: 244
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(vc->card, "500)");
break;
default:
strcat(vc->card, "XXX)");
break;
}
if (usb_make_path(cam->dev, vc->bus_info, sizeof(vc->bus_info)) < 0)
memset(vc->bus_info, 0, sizeof(vc->bus_info));
Reported by FlawFinder.
Line: 672
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
parms->APPn = cam->APPn;
parms->APP_len = cam->APP_len;
if (cam->APP_len > 0) {
memcpy(parms->APP_data, cam->APP_data, cam->APP_len);
parms->jpeg_markers |= V4L2_JPEG_MARKER_APP;
}
parms->COM_len = cam->COM_len;
if (cam->COM_len > 0) {
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/scan.c
13 issues
Line: 490
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
ssids[i].id = WLAN_EID_SSID;
ssids[i].len = params->match_sets[j].ssid.ssid_len;
memcpy(ssids[i].ssid, params->match_sets[j].ssid.ssid,
ssids[i].len);
}
/* add SSIDs from scan SSID list */
for (j = params->n_ssids - 1;
Reported by FlawFinder.
Line: 504
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (index < 0) {
ssids[i].id = WLAN_EID_SSID;
ssids[i].len = params->ssids[j].ssid_len;
memcpy(ssids[i].ssid, params->ssids[j].ssid,
ssids[i].len);
tmp_bitmap |= BIT(i);
} else {
tmp_bitmap |= BIT(index);
}
Reported by FlawFinder.
Line: 708
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *newpos = pos;
if (!iwl_mvm_rrm_scan_needed(mvm)) {
memcpy(newpos, ies, len);
return newpos + len;
}
offs = ieee80211_ie_split(ies, len,
before_ds_params,
Reported by FlawFinder.
Line: 717
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ARRAY_SIZE(before_ds_params),
0);
memcpy(newpos, ies, offs);
newpos += offs;
/* Add a placeholder for DS Parameter Set element */
*newpos++ = WLAN_EID_DS_PARAMS;
*newpos++ = 1;
Reported by FlawFinder.
Line: 725
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*newpos++ = 1;
*newpos++ = 0;
memcpy(newpos, ies + offs, len - offs);
newpos += len - offs;
return newpos;
}
Reported by FlawFinder.
Line: 767
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
get_random_mask_addr(frame->sa, mac_addr,
params->mac_addr_mask);
else
memcpy(frame->sa, vif->addr, ETH_ALEN);
frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ);
eth_broadcast_addr(frame->da);
eth_broadcast_addr(frame->bssid);
frame->seq_ctrl = 0;
Reported by FlawFinder.
Line: 790
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
params->preq.band_data[0].len = cpu_to_le16(newpos - pos);
pos = newpos;
memcpy(pos, ies->ies[NL80211_BAND_5GHZ],
ies->len[NL80211_BAND_5GHZ]);
params->preq.band_data[1].offset = cpu_to_le16(pos - params->preq.buf);
params->preq.band_data[1].len =
cpu_to_le16(ies->len[NL80211_BAND_5GHZ]);
pos += ies->len[NL80211_BAND_5GHZ];
Reported by FlawFinder.
Line: 797
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cpu_to_le16(ies->len[NL80211_BAND_5GHZ]);
pos += ies->len[NL80211_BAND_5GHZ];
memcpy(pos, ies->ies[NL80211_BAND_6GHZ],
ies->len[NL80211_BAND_6GHZ]);
params->preq.band_data[2].offset = cpu_to_le16(pos - params->preq.buf);
params->preq.band_data[2].len =
cpu_to_le16(ies->len[NL80211_BAND_6GHZ]);
pos += ies->len[NL80211_BAND_6GHZ];
Reported by FlawFinder.
Line: 803
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
params->preq.band_data[2].len =
cpu_to_le16(ies->len[NL80211_BAND_6GHZ]);
pos += ies->len[NL80211_BAND_6GHZ];
memcpy(pos, ies->common_ies, ies->common_ie_len);
params->preq.common_data.offset = cpu_to_le16(pos - params->preq.buf);
if (iwl_mvm_rrm_scan_needed(mvm) &&
!fw_has_capa(&mvm->fw->ucode_capa,
IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT)) {
Reported by FlawFinder.
Line: 1088
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iwl_mvm_fill_scan_dwell(mvm, &cfg->dwell);
memcpy(&cfg->mac_addr, &mvm->addresses[0].addr, ETH_ALEN);
/* This function should not be called when using ADD_STA ver >=12 */
WARN_ON_ONCE(iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP,
ADD_STA, 0) >= 12);
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c
13 issues
Line: 149
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
for (i = 0; i < mvm->ftm_initiator.req->n_peers; i++) {
memcpy(result.addr, mvm->ftm_initiator.req->peers[i].addr,
ETH_ALEN);
result.ftm.burst_index = mvm->ftm_initiator.responses[i];
cfg80211_pmsr_report(mvm->ftm_initiator.req_wdev,
mvm->ftm_initiator.req,
Reported by FlawFinder.
Line: 221
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* have filled our local address there instead.
*/
cmd->macaddr_random = 1;
memcpy(cmd->macaddr_template, req->mac_addr, ETH_ALEN);
for (i = 0; i < ETH_ALEN; i++)
cmd->macaddr_mask[i] = ~req->mac_addr_mask[i];
if (vif->bss_conf.assoc)
memcpy(cmd->range_req_bssid, vif->bss_conf.bssid, ETH_ALEN);
Reported by FlawFinder.
Line: 226
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->macaddr_mask[i] = ~req->mac_addr_mask[i];
if (vif->bss_conf.assoc)
memcpy(cmd->range_req_bssid, vif->bss_conf.bssid, ETH_ALEN);
else
eth_broadcast_addr(cmd->range_req_bssid);
}
static void iwl_mvm_ftm_cmd_common(struct iwl_mvm *mvm,
Reported by FlawFinder.
Line: 253
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
cmd->req_timeout_ms = cpu_to_le32(0xfffff);
memcpy(cmd->macaddr_template, req->mac_addr, ETH_ALEN);
for (i = 0; i < ETH_ALEN; i++)
cmd->macaddr_mask[i] = ~req->mac_addr_mask[i];
if (vif->bss_conf.assoc) {
memcpy(cmd->range_req_bssid, vif->bss_conf.bssid, ETH_ALEN);
Reported by FlawFinder.
Line: 258
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->macaddr_mask[i] = ~req->mac_addr_mask[i];
if (vif->bss_conf.assoc) {
memcpy(cmd->range_req_bssid, vif->bss_conf.bssid, ETH_ALEN);
/* AP's TSF is only relevant if associated */
for (i = 0; i < req->n_peers; i++) {
if (req->peers[i].report_ap_tsf) {
struct iwl_mvm_vif *mvmvif =
Reported by FlawFinder.
Line: 376
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(target->bssid, peer->addr, ETH_ALEN);
target->burst_period =
cpu_to_le16(peer->ftm.burst_period);
target->samples_per_burst = peer->ftm.ftms_per_burst;
target->num_of_bursts = peer->ftm.num_bursts_exp;
target->measure_type = 0; /* regular two-sided FTM */
Reported by FlawFinder.
Line: 404
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct cfg80211_pmsr_request_peer *peer,
struct iwl_tof_range_req_ap_entry_v6 *target)
{
memcpy(target->bssid, peer->addr, ETH_ALEN);
target->burst_period =
cpu_to_le16(peer->ftm.burst_period);
target->samples_per_burst = peer->ftm.ftms_per_burst;
target->num_of_bursts = peer->ftm.num_bursts_exp;
target->ftmr_max_retries = peer->ftm.ftmr_retries;
Reported by FlawFinder.
Line: 659
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (WARN_ON(key->keylen > sizeof(target->tk)))
return;
memcpy(target->tk, key->key, key->keylen);
target->cipher = iwl_mvm_cipher_to_location_cipher(key->cipher);
WARN_ON(target->cipher == IWL_LOCATION_CIPHER_INVALID);
}
static void
Reported by FlawFinder.
Line: 974
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!resp)
return;
memcpy(resp->addr, res->addr, ETH_ALEN);
list_add_tail(&resp->list, &mvm->ftm_initiator.smooth.resp);
resp->rtt_avg = rtt;
IWL_DEBUG_INFO(mvm, "new: %pM: rtt_avg=%lld\n",
Reported by FlawFinder.
Line: 1205
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
NL80211_PMSR_FTM_FAILURE_UNSPECIFIED;
break;
}
memcpy(result.addr, fw_ap->bssid, ETH_ALEN);
result.host_time = iwl_mvm_ftm_get_host_time(mvm,
fw_ap->timestamp);
result.type = NL80211_PMSR_TYPE_FTM;
result.ftm.burst_index = mvm->ftm_initiator.responses[peer_idx];
mvm->ftm_initiator.responses[peer_idx]++;
Reported by FlawFinder.
fs/nfs/nfs3xdr.c
13 issues
Line: 2533
Column: 18
CWE codes:
362
20
Suggestion:
Reconsider approach
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
PROC(SYMLINK, symlink, create, 0),
Reported by FlawFinder.
Line: 2533
Column: 28
CWE codes:
362
20
Suggestion:
Reconsider approach
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
PROC(SYMLINK, symlink, create, 0),
Reported by FlawFinder.
Line: 889
Column: 27
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
const struct nfs3_accessargs *args)
{
encode_nfs_fh3(xdr, args->fh);
encode_uint32(xdr, args->access);
}
static void nfs3_xdr_enc_access3args(struct rpc_rqst *req,
struct xdr_stream *xdr,
const void *data)
Reported by FlawFinder.
Line: 1535
Column: 38
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
goto out;
if (status != NFS3_OK)
goto out_default;
error = decode_uint32(xdr, &result->access);
out:
return error;
out_default:
return nfs3_stat_to_errno(status);
}
Reported by FlawFinder.
Line: 2532
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
PROC(GETATTR, getattr, getattr, 1),
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
Reported by FlawFinder.
Line: 2532
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
PROC(GETATTR, getattr, getattr, 1),
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
Reported by FlawFinder.
Line: 277
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
static __be32 *xdr_encode_cookieverf3(__be32 *p, const __be32 *verifier)
{
memcpy(p, verifier, NFS3_COOKIEVERFSIZE);
return p + XDR_QUADLEN(NFS3_COOKIEVERFSIZE);
}
static int decode_cookieverf3(struct xdr_stream *xdr, __be32 *verifier)
{
Reported by FlawFinder.
Line: 288
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_inline_decode(xdr, NFS3_COOKIEVERFSIZE);
if (unlikely(!p))
return -EIO;
memcpy(verifier, p, NFS3_COOKIEVERFSIZE);
return 0;
}
/*
* createverf3
Reported by FlawFinder.
Line: 302
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__be32 *p;
p = xdr_reserve_space(xdr, NFS3_CREATEVERFSIZE);
memcpy(p, verifier, NFS3_CREATEVERFSIZE);
}
static int decode_writeverf3(struct xdr_stream *xdr, struct nfs_write_verifier *verifier)
{
__be32 *p;
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_inline_decode(xdr, NFS3_WRITEVERFSIZE);
if (unlikely(!p))
return -EIO;
memcpy(verifier->data, p, NFS3_WRITEVERFSIZE);
return 0;
}
/*
* size3
Reported by FlawFinder.
fs/nls/mac-iceland.c
13 issues
Line: 52
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00 */
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 135
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00b8, 0x02dd, 0x02db, 0x02c7,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 170
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xbf, 0x9d, 0x9c, 0x9e, 0x9f, 0xe0, 0xdf, 0xd8, /* 0xf8-0xff */
};
static const unsigned char page01[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 205
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page02[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 240
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page03[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 275
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page20[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0xd0, 0xd1, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0xd4, 0xd5, 0xe2, 0x00, 0xd2, 0xd3, 0xe3, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0xa5, 0x00, 0x00, 0x00, 0xc9, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 310
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page21[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 345
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page22[256] = {
0x00, 0x00, 0xb6, 0x00, 0x00, 0x00, 0xc6, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb8, /* 0x08-0x0f */
0x00, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0xc3, 0x00, 0x00, 0x00, 0xb0, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 380
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page25[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 415
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char pagef8[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
13 issues
Line: 5177
CWE codes:
562
};
struct iwl_host_cmd hcmd = {
.id = WIDE_ID(DATA_PATH_GROUP, TRIGGER_RX_QUEUES_NOTIF_CMD),
.data[0] = &cmd,
.len[0] = sizeof(cmd),
.data[1] = data,
.len[1] = size,
.flags = sync ? 0 : CMD_ASYNC,
};
Reported by Cppcheck.
Line: 414
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hw->max_tx_fragments = mvm->trans->max_skb_frags;
BUILD_BUG_ON(ARRAY_SIZE(mvm->ciphers) < ARRAY_SIZE(mvm_ciphers) + 6);
memcpy(mvm->ciphers, mvm_ciphers, sizeof(mvm_ciphers));
hw->wiphy->n_cipher_suites = ARRAY_SIZE(mvm_ciphers);
hw->wiphy->cipher_suites = mvm->ciphers;
if (iwl_mvm_has_new_rx_api(mvm)) {
mvm->ciphers[hw->wiphy->n_cipher_suites] =
Reported by FlawFinder.
Line: 529
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hw->max_listen_interval = IWL_CONN_MAX_LISTEN_INTERVAL;
/* Extract MAC address */
memcpy(mvm->addresses[0].addr, mvm->nvm_data->hw_addr, ETH_ALEN);
hw->wiphy->addresses = mvm->addresses;
hw->wiphy->n_addresses = 1;
/* Extract additional MAC addresses if available */
num_mac = (mvm->nvm_data->n_hw_addrs > 1) ?
Reported by FlawFinder.
Line: 538
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
min(IWL_MVM_MAX_ADDRESSES, mvm->nvm_data->n_hw_addrs) : 1;
for (i = 1; i < num_mac; i++) {
memcpy(mvm->addresses[i].addr, mvm->addresses[i-1].addr,
ETH_ALEN);
mvm->addresses[i].addr[5]++;
hw->wiphy->n_addresses++;
}
Reported by FlawFinder.
Line: 1652
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
cmd->port_id = data->port_id++;
memcpy(cmd->bssid, vif->bss_conf.bssid, ETH_ALEN);
len = roundup(sizeof(*cmd) + cmd->count * ETH_ALEN, 4);
hcmd.len[0] = len;
hcmd.data[0] = cmd;
Reported by FlawFinder.
Line: 1708
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netdev_hw_addr_list_for_each(addr, mc_list) {
IWL_DEBUG_MAC80211(mvm, "mcast addr (%d): %pM\n",
cmd->count, addr->addr);
memcpy(&cmd->addr_list[cmd->count * ETH_ALEN],
addr->addr, ETH_ALEN);
cmd->count++;
}
return (u64)(unsigned long)cmd;
Reported by FlawFinder.
Line: 1781
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct iwl_fw_bcast_filter_attr *attr;
int i;
memcpy(out_filter, in_filter, sizeof(*out_filter));
for (i = 0; i < ARRAY_SIZE(out_filter->attrs); i++) {
attr = &out_filter->attrs[i];
if (!attr->mask)
Reported by FlawFinder.
Line: 1927
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct iwl_mu_group_mgmt_cmd cmd = {};
memcpy(cmd.membership_status, vif->bss_conf.mu_group.membership,
WLAN_MEMBERSHIP_LEN);
memcpy(cmd.user_position, vif->bss_conf.mu_group.position,
WLAN_USER_POSITION_LEN);
return iwl_mvm_send_cmd_pdu(mvm,
Reported by FlawFinder.
Line: 1929
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(cmd.membership_status, vif->bss_conf.mu_group.membership,
WLAN_MEMBERSHIP_LEN);
memcpy(cmd.user_position, vif->bss_conf.mu_group.position,
WLAN_USER_POSITION_LEN);
return iwl_mvm_send_cmd_pdu(mvm,
WIDE_ID(DATA_PATH_GROUP,
UPDATE_MU_GROUPS_CMD),
Reported by FlawFinder.
Line: 2271
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* branch for disassociation below.
*/
if (changes & BSS_CHANGED_BSSID && !mvmvif->associated)
memcpy(mvmvif->bssid, bss_conf->bssid, ETH_ALEN);
ret = iwl_mvm_mac_ctxt_changed(mvm, vif, false, mvmvif->bssid);
if (ret)
IWL_ERR(mvm, "failed to update MAC %pM\n", vif->addr);
Reported by FlawFinder.
fs/jfs/jfs_dtree.c
13 issues
Line: 984
CWE codes:
562
pxd = &pxdlist.pxd[0];
PXDaddress(pxd, xaddr);
PXDlength(pxd, xlen);
split->pxdlist = &pxdlist;
rc = dtSplitRoot(tid, ip, split, &rmp);
if (rc)
dbFree(ip, xaddr, xlen);
else
Reported by Cppcheck.
Line: 1033
CWE codes:
562
pxd = &pxdlist.pxd[0];
PXDaddress(pxd, nxaddr);
PXDlength(pxd, xlen + n);
split->pxdlist = &pxdlist;
if ((rc = dtExtendPage(tid, ip, split, btstack))) {
nxaddr = addressPXD(pxd);
if (xaddr != nxaddr) {
/* free relocated extent */
xlen = lengthPXD(pxd);
Reported by Cppcheck.
Line: 1083
CWE codes:
562
goto splitOut;
}
split->pxdlist = &pxdlist;
if ((rc = dtSplitPage(tid, ip, split, &rmp, &rp, &rpxd))) {
DT_PUTPAGE(smp);
/* undo allocation */
goto splitOut;
Reported by Cppcheck.
Line: 1225
CWE codes:
562
split->mp = smp;
split->index = skip; /* index at insert */
split->nslot = n;
split->key = &key;
/* split->data = data; */
/* unpin right child page */
DT_PUTPAGE(rmp);
Reported by Cppcheck.
Line: 396
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (xtInsert(tid, ip, 0, 0, sbi->nbperpage, &xaddr, 0)) {
/* This really shouldn't fail */
jfs_warn("add_index: xtInsert failed!");
memcpy(&jfs_ip->i_dirtable, temp_table,
sizeof (temp_table));
dbFree(ip, xaddr, sbi->nbperpage);
dquot_free_block(ip, sbi->nbperpage);
goto clean_up;
}
Reported by FlawFinder.
Line: 408
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!mp) {
jfs_err("add_index: get_metapage failed!");
xtTruncate(tid, ip, 0, COMMIT_PWMAP);
memcpy(&jfs_ip->i_dirtable, temp_table,
sizeof (temp_table));
goto clean_up;
}
tlck = txLock(tid, ip, mp, tlckDATA);
llck = (struct linelock *) & tlck->lock;
Reported by FlawFinder.
Line: 421
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lv->length = 6; /* tlckDATA slot size is 16 bytes */
llck->index++;
memcpy(mp->data, temp_table, sizeof(temp_table));
mark_metapage_dirty(mp);
release_metapage(mp);
/*
Reported by FlawFinder.
Line: 548
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
}
memcpy(dirtab_slot, slot, sizeof(struct dir_table_slot));
if (mp)
release_metapage(mp);
return 0;
Reported by FlawFinder.
Line: 1737
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newstblindex = sp->header.maxslot;
n = xsize >> L2DTSLOTSIZE;
newstblsize = (n + 31) >> L2DTSLOTSIZE;
memcpy(&sp->slot[newstblindex], &sp->slot[oldstblindex],
sp->header.nextindex);
/*
* in-line extension: linelock old area of extended page
*/
Reported by FlawFinder.
Line: 1947
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy old stbl to new stbl at start of extended area */
rp->header.stblindex = DTROOTMAXSLOT;
stbl = (s8 *) & rp->slot[DTROOTMAXSLOT];
memcpy(stbl, sp->header.stbl, sp->header.nextindex);
rp->header.nextindex = sp->header.nextindex;
/* copy old data area to start of new data area */
memcpy(&rp->slot[1], &sp->slot[1], IDATASIZE);
Reported by FlawFinder.
drivers/scsi/aic7xxx/aic79xx_osm.c
13 issues
Line: 563
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
memset(bp, 0, sizeof(buffer));
strcpy(bp, "Adaptec AIC79XX PCI-X SCSI HBA DRIVER, Rev " AIC79XX_DRIVER_VERSION "\n"
" <");
strcat(bp, ahd->description);
strcat(bp, ">\n"
" ");
ahd_controller_info(ahd, ahd_info);
strcat(bp, ahd_info);
Reported by FlawFinder.
Line: 567
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(bp, ">\n"
" ");
ahd_controller_info(ahd, ahd_info);
strcat(bp, ahd_info);
return (bp);
}
/*
Reported by FlawFinder.
Line: 1239
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
sprintf(buf, "scsi%d", host->host_no);
new_name = kmalloc(strlen(buf) + 1, GFP_ATOMIC);
if (new_name != NULL) {
strcpy(new_name, buf);
ahd_set_name(ahd, new_name);
}
host->unique_id = ahd->unit;
ahd_linux_initialize_scsi_bus(ahd);
ahd_intr_enable(ahd, TRUE);
Reported by FlawFinder.
Line: 553
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *
ahd_linux_info(struct Scsi_Host *host)
{
static char buffer[512];
char ahd_info[256];
char *bp;
struct ahd_softc *ahd;
bp = &buffer[0];
Reported by FlawFinder.
Line: 554
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ahd_linux_info(struct Scsi_Host *host)
{
static char buffer[512];
char ahd_info[256];
char *bp;
struct ahd_softc *ahd;
bp = &buffer[0];
ahd = *(struct ahd_softc **)host->hostdata;
Reported by FlawFinder.
Line: 561
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
bp = &buffer[0];
ahd = *(struct ahd_softc **)host->hostdata;
memset(bp, 0, sizeof(buffer));
strcpy(bp, "Adaptec AIC79XX PCI-X SCSI HBA DRIVER, Rev " AIC79XX_DRIVER_VERSION "\n"
" <");
strcat(bp, ahd->description);
strcat(bp, ">\n"
" ");
ahd_controller_info(ahd, ahd_info);
Reported by FlawFinder.
Line: 564
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(bp, "Adaptec AIC79XX PCI-X SCSI HBA DRIVER, Rev " AIC79XX_DRIVER_VERSION "\n"
" <");
strcat(bp, ahd->description);
strcat(bp, ">\n"
" ");
ahd_controller_info(ahd, ahd_info);
strcat(bp, ahd_info);
return (bp);
Reported by FlawFinder.
Line: 1211
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int
ahd_linux_register_host(struct ahd_softc *ahd, struct scsi_host_template *template)
{
char buf[80];
struct Scsi_Host *host;
char *new_name;
u_long s;
int retval;
Reported by FlawFinder.
Line: 1236
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ahd_lock(ahd, &s);
ahd_set_unit(ahd, ahd_linux_unit++);
ahd_unlock(ahd, &s);
sprintf(buf, "scsi%d", host->host_no);
new_name = kmalloc(strlen(buf) + 1, GFP_ATOMIC);
if (new_name != NULL) {
strcpy(new_name, buf);
ahd_set_name(ahd, new_name);
}
Reported by FlawFinder.
Line: 1613
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
hscb->cdb_len = cmd->cmd_len;
memcpy(hscb->shared_data.idata.cdb, cmd->cmnd, hscb->cdb_len);
scb->platform_data->xfer_len = 0;
ahd_set_residual(scb, 0);
ahd_set_sense_residual(scb, 0);
scb->sg_count = 0;
Reported by FlawFinder.