The following issues were found
crypto/curve25519-generic.c
1 issues
Line: 18
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
curve25519_generate_secret(secret);
else if (len == CURVE25519_KEY_SIZE &&
crypto_memneq(buf, curve25519_null_point, CURVE25519_KEY_SIZE))
memcpy(secret, buf, CURVE25519_KEY_SIZE);
else
return -EINVAL;
return 0;
}
Reported by FlawFinder.
drivers/atm/idt77252.h
1 issues
Line: 411
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int index; /* SAR's ID */
int revision; /* chip revision */
char name[16]; /* Device name */
struct idt77252_dev *next;
};
Reported by FlawFinder.
drivers/atm/idt77105.c
1 issues
Line: 148
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct idt77105_stats stats;
spin_lock_irqsave(&idt77105_priv_lock, flags);
memcpy(&stats, &PRIV(dev)->stats, sizeof(struct idt77105_stats));
if (zero)
memset(&PRIV(dev)->stats, 0, sizeof(struct idt77105_stats));
spin_unlock_irqrestore(&idt77105_priv_lock, flags);
if (arg == NULL)
return 0;
Reported by FlawFinder.
drivers/char/ipmi/ipmi_si_hotmod.c
1 issues
Line: 228
Column: 7
CWE codes:
126
put_device(dev);
}
}
rv = strlen(val);
out:
kfree(str);
return rv;
}
Reported by FlawFinder.
drivers/char/mwave/mwavedd.c
1 issues
Line: 508
Column: 16
CWE codes:
134
Suggestion:
Make format string constant
{ \
DSP_3780I_CONFIG_SETTINGS *pSettings = \
&mwave_s_mdd.rBDData.rDspSettings; \
return sprintf(buf, format_string, pSettings->field); \
}
/* All of our attributes are read attributes. */
#define mwave_dev_rd_attr(attr_name, format_string, field) \
mwave_show_function(attr_name, format_string, field) \
Reported by FlawFinder.
drivers/char/nvram.c
1 issues
Line: 476
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int nvram_proc_read(struct seq_file *seq, void *offset)
{
unsigned char contents[NVRAM_BYTES];
int i = 0;
spin_lock_irq(&rtc_lock);
for (i = 0; i < NVRAM_BYTES; ++i)
contents[i] = __nvram_read_byte(i);
Reported by FlawFinder.
drivers/char/pcmcia/scr24x_cs.c
1 issues
Line: 37
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct scr24x_dev {
struct device *dev;
struct cdev c_dev;
unsigned char buf[CCID_MAX_LEN];
int devno;
struct mutex lock;
struct kref refcnt;
u8 __iomem *regs;
};
Reported by FlawFinder.
drivers/ata/sata_sil24.c
1 issues
Line: 865
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prb = &cb->atapi.prb;
sge = cb->atapi.sge;
memset(cb->atapi.cdb, 0, sizeof(cb->atapi.cdb));
memcpy(cb->atapi.cdb, qc->cdb, qc->dev->cdb_len);
if (ata_is_data(qc->tf.protocol)) {
if (qc->tf.flags & ATA_TFLAG_WRITE)
ctrl = PRB_CTRL_PACKET_WRITE;
else
Reported by FlawFinder.
drivers/char/ppdev.c
1 issues
Line: 820
Column: 12
CWE codes:
126
static int pp_probe(struct pardevice *par_dev)
{
struct device_driver *drv = par_dev->dev.driver;
int len = strlen(drv->name);
if (strncmp(par_dev->name, drv->name, len))
return -ENODEV;
return 0;
Reported by FlawFinder.
drivers/ata/sata_sil.c
1 issues
Line: 617
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ata_port *ap = dev->link->ap;
int print_info = ap->link.eh_context.i.flags & ATA_EHI_PRINTINFO;
unsigned int n, quirks = 0;
unsigned char model_num[ATA_ID_PROD_LEN + 1];
/* This controller doesn't support trim */
dev->horkage |= ATA_HORKAGE_NOTRIM;
ata_id_c_string(dev->id, model_num, ATA_ID_PROD, sizeof(model_num));
Reported by FlawFinder.