The following issues were found
drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
13 issues
Line: 152
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nvp->nvram_len + cplen + 1 >= BRCMF_FW_MAX_NVRAM_SIZE)
return END;
/* copy to output buffer */
memcpy(&nvp->nvram[nvp->nvram_len], skv, cplen);
nvp->nvram_len += cplen;
nvp->nvram[nvp->nvram_len] = '\0';
nvp->nvram_len++;
return IDLE;
}
Reported by FlawFinder.
Line: 316
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void brcmf_fw_strip_multi_v2(struct nvram_parser *nvp, u16 domain_nr,
u16 bus_nr)
{
char prefix[BRCMF_FW_NVRAM_PCIEDEV_LEN];
size_t len;
u32 i, j;
u8 *nvram;
nvram = kzalloc(nvp->nvram_len + 1 + 3 + sizeof(u32), GFP_KERNEL);
Reported by FlawFinder.
Line: 362
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nvp->boardrev_found)
return;
memcpy(&nvp->nvram[nvp->nvram_len], &BRCMF_FW_DEFAULT_BOARDREV,
strlen(BRCMF_FW_DEFAULT_BOARDREV));
nvp->nvram_len += strlen(BRCMF_FW_DEFAULT_BOARDREV);
nvp->nvram[nvp->nvram_len] = '\0';
nvp->nvram_len++;
}
Reported by FlawFinder.
Line: 416
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
token = (~token << 16) | (token & 0x0000FFFF);
token_le = cpu_to_le32(token);
memcpy(&nvp.nvram[*new_length], &token_le, sizeof(token_le));
*new_length += sizeof(token_le);
return nvp.nvram;
}
Reported by FlawFinder.
Line: 472
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!nvram_efivar)
return NULL;
memcpy(&nvram_efivar->var.VariableName, name, sizeof(name));
nvram_efivar->var.VendorGuid = EFI_GUID(0x74b00bd9, 0x805a, 0x4d61,
0xb5, 0x1f, 0x43, 0x26,
0x81, 0x23, 0xd1, 0x13);
err = efivar_entry_size(nvram_efivar, &data_len);
Reported by FlawFinder.
Line: 605
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* nvram files are board-specific, first try a board-specific path */
if (cur->type == BRCMF_FW_TYPE_NVRAM && fwctx->req->board_type) {
char alt_path[BRCMF_FW_NAME_LEN];
strlcpy(alt_path, cur->path, BRCMF_FW_NAME_LEN);
/* strip .txt at the end */
alt_path[strlen(alt_path) - 4] = 0;
strlcat(alt_path, ".", BRCMF_FW_NAME_LEN);
Reported by FlawFinder.
Line: 696
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 n_fwnames)
{
struct brcmf_fw_request *fwreq;
char chipname[12];
const char *mp_path;
size_t mp_path_len;
u32 i, j;
char end = '\0';
Reported by FlawFinder.
Line: 253
Column: 12
CWE codes:
126
*/
snprintf(pci_path, sizeof(pci_path), "=pci/%d/%d", domain_nr,
bus_nr);
pci_len = strlen(pci_path);
snprintf(pcie_path, sizeof(pcie_path), "=pcie/%d/%d", domain_nr,
bus_nr);
pcie_len = strlen(pcie_path);
found = false;
i = 0;
Reported by FlawFinder.
Line: 256
Column: 13
CWE codes:
126
pci_len = strlen(pci_path);
snprintf(pcie_path, sizeof(pcie_path), "=pcie/%d/%d", domain_nr,
bus_nr);
pcie_len = strlen(pcie_path);
found = false;
i = 0;
while (i < nvp->nvram_len - BRCMF_FW_NVRAM_DEVPATH_LEN) {
/* Format: devpathX=pcie/Y/Z/
* Y = domain_nr, Z = bus_nr, X = virtual ID
Reported by FlawFinder.
Line: 332
Column: 8
CWE codes:
126
* Y = bus_nr.
*/
snprintf(prefix, sizeof(prefix), "pcie/%d/%d/", domain_nr, bus_nr);
len = strlen(prefix);
i = 0;
j = 0;
while (i < nvp->nvram_len - len) {
if (strncmp(&nvp->nvram[i], prefix, len) == 0) {
i += len;
Reported by FlawFinder.
fs/nfs/nfs3xdr.c
13 issues
Line: 2533
Column: 18
CWE codes:
362
20
Suggestion:
Reconsider approach
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
PROC(SYMLINK, symlink, create, 0),
Reported by FlawFinder.
Line: 2533
Column: 28
CWE codes:
362
20
Suggestion:
Reconsider approach
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
PROC(SYMLINK, symlink, create, 0),
Reported by FlawFinder.
Line: 889
Column: 27
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
const struct nfs3_accessargs *args)
{
encode_nfs_fh3(xdr, args->fh);
encode_uint32(xdr, args->access);
}
static void nfs3_xdr_enc_access3args(struct rpc_rqst *req,
struct xdr_stream *xdr,
const void *data)
Reported by FlawFinder.
Line: 1535
Column: 38
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
goto out;
if (status != NFS3_OK)
goto out_default;
error = decode_uint32(xdr, &result->access);
out:
return error;
out_default:
return nfs3_stat_to_errno(status);
}
Reported by FlawFinder.
Line: 2532
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
PROC(GETATTR, getattr, getattr, 1),
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
Reported by FlawFinder.
Line: 2532
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
PROC(GETATTR, getattr, getattr, 1),
PROC(SETATTR, setattr, setattr, 0),
PROC(LOOKUP, lookup, lookup, 2),
PROC(ACCESS, access, access, 1),
PROC(READLINK, readlink, readlink, 3),
PROC(READ, read, read, 3),
PROC(WRITE, write, write, 4),
PROC(CREATE, create, create, 0),
PROC(MKDIR, mkdir, create, 0),
Reported by FlawFinder.
Line: 277
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
static __be32 *xdr_encode_cookieverf3(__be32 *p, const __be32 *verifier)
{
memcpy(p, verifier, NFS3_COOKIEVERFSIZE);
return p + XDR_QUADLEN(NFS3_COOKIEVERFSIZE);
}
static int decode_cookieverf3(struct xdr_stream *xdr, __be32 *verifier)
{
Reported by FlawFinder.
Line: 288
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_inline_decode(xdr, NFS3_COOKIEVERFSIZE);
if (unlikely(!p))
return -EIO;
memcpy(verifier, p, NFS3_COOKIEVERFSIZE);
return 0;
}
/*
* createverf3
Reported by FlawFinder.
Line: 302
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__be32 *p;
p = xdr_reserve_space(xdr, NFS3_CREATEVERFSIZE);
memcpy(p, verifier, NFS3_CREATEVERFSIZE);
}
static int decode_writeverf3(struct xdr_stream *xdr, struct nfs_write_verifier *verifier)
{
__be32 *p;
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = xdr_inline_decode(xdr, NFS3_WRITEVERFSIZE);
if (unlikely(!p))
return -EIO;
memcpy(verifier->data, p, NFS3_WRITEVERFSIZE);
return 0;
}
/*
* size3
Reported by FlawFinder.
fs/nls/mac-croatian.c
13 issues
Line: 52
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/nls.h>
#include <linux/errno.h>
static const wchar_t charset2uni[256] = {
/* 0x00 */
0x0000, 0x0001, 0x0002, 0x0003,
0x0004, 0x0005, 0x0006, 0x0007,
0x0008, 0x0009, 0x000a, 0x000b,
0x000c, 0x000d, 0x000e, 0x000f,
Reported by FlawFinder.
Line: 135
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00b8, 0x00ca, 0x00e6, 0x02c7,
};
static const unsigned char page00[256] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 0x00-0x07 */
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* 0x08-0x0f */
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* 0x10-0x17 */
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, /* 0x18-0x1f */
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 170
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0xbf, 0x9d, 0x9c, 0x9e, 0x9f, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page01[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc6, 0xe6, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0xc8, 0xe8, 0x00, 0x00, /* 0x08-0x0f */
0xd0, 0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 205
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page02[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 240
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page03[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 275
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page20[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0xe0, 0xd1, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0xd4, 0xd5, 0xe2, 0x00, 0xd2, 0xd3, 0xe3, 0x00, /* 0x18-0x1f */
0xa0, 0x00, 0xa5, 0x00, 0x00, 0x00, 0xc9, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 310
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page21[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 345
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page22[256] = {
0x00, 0x00, 0xb6, 0x00, 0x00, 0x00, 0xb4, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb8, /* 0x08-0x0f */
0x00, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0xc3, 0x00, 0x00, 0x00, 0xb0, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 380
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char page25[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
Line: 415
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0xf8-0xff */
};
static const unsigned char pagef8[256] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x00-0x07 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x08-0x0f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x10-0x17 */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x18-0x1f */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 0x20-0x27 */
Reported by FlawFinder.
drivers/target/iscsi/iscsi_target_login.c
13 issues
Line: 238
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
memset(buf, 0, sizeof buf);
va_start(args, fmt);
vsnprintf(buf, sizeof buf, fmt, args);
va_end(args);
if (iscsi_change_param_value(buf, conn->param_list, 0) < 0) {
iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
ISCSI_LOGIN_STATUS_NO_RESOURCES);
Reported by FlawFinder.
Line: 233
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fmt, ...)
{
va_list args;
unsigned char buf[64];
memset(buf, 0, sizeof buf);
va_start(args, fmt);
vsnprintf(buf, sizeof buf, fmt, args);
Reported by FlawFinder.
Line: 275
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto free_sess;
sess->init_task_tag = pdu->itt;
memcpy(&sess->isid, pdu->isid, 6);
sess->exp_cmd_sn = be32_to_cpu(pdu->cmdsn);
INIT_LIST_HEAD(&sess->sess_conn_list);
INIT_LIST_HEAD(&sess->sess_ooo_cmdsn_list);
INIT_LIST_HEAD(&sess->cr_active_list);
INIT_LIST_HEAD(&sess->cr_inactive_list);
Reported by FlawFinder.
Line: 891
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Setup the np->np_sockaddr from the passed sockaddr setup
* in iscsi_target_configfs.c code..
*/
memcpy(&np->np_sockaddr, sockaddr,
sizeof(struct sockaddr_storage));
if (sockaddr->ss_family == AF_INET6)
len = sizeof(struct sockaddr_in6);
else
Reported by FlawFinder.
Line: 968
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(struct sockaddr *)&sock_in6, 1);
if (rc >= 0) {
if (!ipv6_addr_v4mapped(&sock_in6.sin6_addr)) {
memcpy(&conn->login_sockaddr, &sock_in6, sizeof(sock_in6));
} else {
/* Pretend to be an ipv4 socket */
sock_in.sin_family = AF_INET;
sock_in.sin_port = sock_in6.sin6_port;
memcpy(&sock_in.sin_addr, &sock_in6.sin6_addr.s6_addr32[3], 4);
Reported by FlawFinder.
Line: 973
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Pretend to be an ipv4 socket */
sock_in.sin_family = AF_INET;
sock_in.sin_port = sock_in6.sin6_port;
memcpy(&sock_in.sin_addr, &sock_in6.sin6_addr.s6_addr32[3], 4);
memcpy(&conn->login_sockaddr, &sock_in, sizeof(sock_in));
}
}
rc = conn->sock->ops->getname(conn->sock,
Reported by FlawFinder.
Line: 974
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sock_in.sin_family = AF_INET;
sock_in.sin_port = sock_in6.sin6_port;
memcpy(&sock_in.sin_addr, &sock_in6.sin6_addr.s6_addr32[3], 4);
memcpy(&conn->login_sockaddr, &sock_in, sizeof(sock_in));
}
}
rc = conn->sock->ops->getname(conn->sock,
(struct sockaddr *)&sock_in6, 0);
Reported by FlawFinder.
Line: 982
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(struct sockaddr *)&sock_in6, 0);
if (rc >= 0) {
if (!ipv6_addr_v4mapped(&sock_in6.sin6_addr)) {
memcpy(&conn->local_sockaddr, &sock_in6, sizeof(sock_in6));
} else {
/* Pretend to be an ipv4 socket */
sock_in.sin_family = AF_INET;
sock_in.sin_port = sock_in6.sin6_port;
memcpy(&sock_in.sin_addr, &sock_in6.sin6_addr.s6_addr32[3], 4);
Reported by FlawFinder.
Line: 987
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Pretend to be an ipv4 socket */
sock_in.sin_family = AF_INET;
sock_in.sin_port = sock_in6.sin6_port;
memcpy(&sock_in.sin_addr, &sock_in6.sin6_addr.s6_addr32[3], 4);
memcpy(&conn->local_sockaddr, &sock_in, sizeof(sock_in));
}
}
} else {
memset(&sock_in, 0, sizeof(struct sockaddr_in));
Reported by FlawFinder.
Line: 988
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sock_in.sin_family = AF_INET;
sock_in.sin_port = sock_in6.sin6_port;
memcpy(&sock_in.sin_addr, &sock_in6.sin6_addr.s6_addr32[3], 4);
memcpy(&conn->local_sockaddr, &sock_in, sizeof(sock_in));
}
}
} else {
memset(&sock_in, 0, sizeof(struct sockaddr_in));
Reported by FlawFinder.
kernel/time/clocksource.c
13 issues
Line: 126
CWE codes:
908
static inline void clocksource_watchdog_lock(unsigned long *flags)
{
spin_lock_irqsave(&watchdog_lock, *flags);
}
static inline void clocksource_watchdog_unlock(unsigned long *flags)
{
spin_unlock_irqrestore(&watchdog_lock, *flags);
Reported by Cppcheck.
Line: 94
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct clocksource *suspend_clocksource;
static LIST_HEAD(clocksource_list);
static DEFINE_MUTEX(clocksource_mutex);
static char override_name[CS_NAME_LEN];
static int finished_booting;
static u64 suspend_start;
/*
* Threshold: 0.0312s, when doubled: 0.0625s.
Reported by FlawFinder.
Line: 1268
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buf[cnt-1] == '\n')
cnt--;
if (cnt > 0)
memcpy(dst, buf, cnt);
dst[cnt] = 0;
return ret;
}
/**
Reported by FlawFinder.
Line: 1315
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *buf, size_t count)
{
struct clocksource *cs;
char name[CS_NAME_LEN];
ssize_t ret;
ret = sysfs_get_uname(buf, name, count);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 216
Column: 22
CWE codes:
120
20
for (nretries = 0; nretries <= max_cswd_read_retries; nretries++) {
local_irq_disable();
*wdnow = watchdog->read(watchdog);
*csnow = cs->read(cs);
wd_end = watchdog->read(watchdog);
local_irq_enable();
wd_delta = clocksource_delta(wd_end, *wdnow, watchdog->mask);
Reported by FlawFinder.
Line: 217
Column: 16
CWE codes:
120
20
for (nretries = 0; nretries <= max_cswd_read_retries; nretries++) {
local_irq_disable();
*wdnow = watchdog->read(watchdog);
*csnow = cs->read(cs);
wd_end = watchdog->read(watchdog);
local_irq_enable();
wd_delta = clocksource_delta(wd_end, *wdnow, watchdog->mask);
wd_delay = clocksource_cyc2ns(wd_delta, watchdog->mult,
Reported by FlawFinder.
Line: 218
Column: 22
CWE codes:
120
20
local_irq_disable();
*wdnow = watchdog->read(watchdog);
*csnow = cs->read(cs);
wd_end = watchdog->read(watchdog);
local_irq_enable();
wd_delta = clocksource_delta(wd_end, *wdnow, watchdog->mask);
wd_delay = clocksource_cyc2ns(wd_delta, watchdog->mult,
watchdog->shift);
Reported by FlawFinder.
Line: 295
Column: 18
CWE codes:
120
20
{
struct clocksource *cs = (struct clocksource *)csin;
csnow_mid = cs->read(cs);
}
void clocksource_verify_percpu(struct clocksource *cs)
{
int64_t cs_nsec, cs_nsec_max = 0, cs_nsec_min = LLONG_MAX;
Reported by FlawFinder.
Line: 323
Column: 21
CWE codes:
120
20
for_each_cpu(cpu, &cpus_chosen) {
if (cpu == testcpu)
continue;
csnow_begin = cs->read(cs);
smp_call_function_single(cpu, clocksource_verify_one_cpu, cs, 1);
csnow_end = cs->read(cs);
delta = (s64)((csnow_mid - csnow_begin) & cs->mask);
if (delta < 0)
cpumask_set_cpu(cpu, &cpus_behind);
Reported by FlawFinder.
Line: 325
Column: 19
CWE codes:
120
20
continue;
csnow_begin = cs->read(cs);
smp_call_function_single(cpu, clocksource_verify_one_cpu, cs, 1);
csnow_end = cs->read(cs);
delta = (s64)((csnow_mid - csnow_begin) & cs->mask);
if (delta < 0)
cpumask_set_cpu(cpu, &cpus_behind);
delta = (csnow_end - csnow_mid) & cs->mask;
if (delta < 0)
Reported by FlawFinder.
drivers/scsi/3w-sas.h
13 issues
Line: 246
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
u32 lba;
TW_SG_Entry_ISO sgl[TW_LIBERATOR_MAX_SGL_LENGTH_OLD];
unsigned char padding[TW_PADDING_LENGTH_LIBERATOR_OLD];
} io;
struct {
TW_SG_Entry_ISO sgl[TW_LIBERATOR_MAX_SGL_LENGTH_OLD];
u32 padding;
unsigned char padding2[TW_PADDING_LENGTH_LIBERATOR_OLD];
Reported by FlawFinder.
Line: 251
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
TW_SG_Entry_ISO sgl[TW_LIBERATOR_MAX_SGL_LENGTH_OLD];
u32 padding;
unsigned char padding2[TW_PADDING_LENGTH_LIBERATOR_OLD];
} param;
} byte8_offset;
} TW_Command;
/* New Command Packet with ISO SGL */
Reported by FlawFinder.
Line: 264
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char status;
unsigned char sgl_offset;
unsigned short sgl_entries__lunh;
unsigned char cdb[16];
TW_SG_Entry_ISO sg_list[TW_LIBERATOR_MAX_SGL_LENGTH];
unsigned char padding[TW_PADDING_LENGTH_LIBERATOR];
} TW_Command_Apache;
/* New command packet header */
Reported by FlawFinder.
Line: 266
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short sgl_entries__lunh;
unsigned char cdb[16];
TW_SG_Entry_ISO sg_list[TW_LIBERATOR_MAX_SGL_LENGTH];
unsigned char padding[TW_PADDING_LENGTH_LIBERATOR];
} TW_Command_Apache;
/* New command packet header */
typedef struct TAG_TW_Command_Apache_Header {
unsigned char sense_data[TW_SENSE_DATA_LENGTH];
Reported by FlawFinder.
Line: 271
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* New command packet header */
typedef struct TAG_TW_Command_Apache_Header {
unsigned char sense_data[TW_SENSE_DATA_LENGTH];
struct {
char reserved[4];
unsigned short error;
unsigned char padding;
unsigned char severity__reserved;
Reported by FlawFinder.
Line: 273
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct TAG_TW_Command_Apache_Header {
unsigned char sense_data[TW_SENSE_DATA_LENGTH];
struct {
char reserved[4];
unsigned short error;
unsigned char padding;
unsigned char severity__reserved;
} status_block;
unsigned char err_specific_desc[98];
Reported by FlawFinder.
Line: 278
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char padding;
unsigned char severity__reserved;
} status_block;
unsigned char err_specific_desc[98];
struct {
unsigned char size_header;
unsigned short request_id;
unsigned char size_sense;
} header_desc;
Reported by FlawFinder.
Line: 322
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char retrieved;
unsigned char repeat_count;
unsigned char parameter_len;
unsigned char parameter_data[98];
} TW_Event;
typedef struct TAG_TW_Ioctl_Driver_Command {
unsigned int control_code;
unsigned int status;
Reported by FlawFinder.
Line: 336
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct TAG_TW_Ioctl_Apache {
TW_Ioctl_Driver_Command driver_command;
char padding[488];
TW_Command_Full firmware_command;
char data_buffer[1];
} TW_Ioctl_Buf_Apache;
/* GetParam descriptor */
Reported by FlawFinder.
Line: 338
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TW_Ioctl_Driver_Command driver_command;
char padding[488];
TW_Command_Full firmware_command;
char data_buffer[1];
} TW_Ioctl_Buf_Apache;
/* GetParam descriptor */
typedef struct {
unsigned short table_id;
Reported by FlawFinder.
fs/jfs/jfs_dtree.c
13 issues
Line: 984
CWE codes:
562
pxd = &pxdlist.pxd[0];
PXDaddress(pxd, xaddr);
PXDlength(pxd, xlen);
split->pxdlist = &pxdlist;
rc = dtSplitRoot(tid, ip, split, &rmp);
if (rc)
dbFree(ip, xaddr, xlen);
else
Reported by Cppcheck.
Line: 1033
CWE codes:
562
pxd = &pxdlist.pxd[0];
PXDaddress(pxd, nxaddr);
PXDlength(pxd, xlen + n);
split->pxdlist = &pxdlist;
if ((rc = dtExtendPage(tid, ip, split, btstack))) {
nxaddr = addressPXD(pxd);
if (xaddr != nxaddr) {
/* free relocated extent */
xlen = lengthPXD(pxd);
Reported by Cppcheck.
Line: 1083
CWE codes:
562
goto splitOut;
}
split->pxdlist = &pxdlist;
if ((rc = dtSplitPage(tid, ip, split, &rmp, &rp, &rpxd))) {
DT_PUTPAGE(smp);
/* undo allocation */
goto splitOut;
Reported by Cppcheck.
Line: 1225
CWE codes:
562
split->mp = smp;
split->index = skip; /* index at insert */
split->nslot = n;
split->key = &key;
/* split->data = data; */
/* unpin right child page */
DT_PUTPAGE(rmp);
Reported by Cppcheck.
Line: 396
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (xtInsert(tid, ip, 0, 0, sbi->nbperpage, &xaddr, 0)) {
/* This really shouldn't fail */
jfs_warn("add_index: xtInsert failed!");
memcpy(&jfs_ip->i_dirtable, temp_table,
sizeof (temp_table));
dbFree(ip, xaddr, sbi->nbperpage);
dquot_free_block(ip, sbi->nbperpage);
goto clean_up;
}
Reported by FlawFinder.
Line: 408
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!mp) {
jfs_err("add_index: get_metapage failed!");
xtTruncate(tid, ip, 0, COMMIT_PWMAP);
memcpy(&jfs_ip->i_dirtable, temp_table,
sizeof (temp_table));
goto clean_up;
}
tlck = txLock(tid, ip, mp, tlckDATA);
llck = (struct linelock *) & tlck->lock;
Reported by FlawFinder.
Line: 421
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lv->length = 6; /* tlckDATA slot size is 16 bytes */
llck->index++;
memcpy(mp->data, temp_table, sizeof(temp_table));
mark_metapage_dirty(mp);
release_metapage(mp);
/*
Reported by FlawFinder.
Line: 548
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
}
memcpy(dirtab_slot, slot, sizeof(struct dir_table_slot));
if (mp)
release_metapage(mp);
return 0;
Reported by FlawFinder.
Line: 1737
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newstblindex = sp->header.maxslot;
n = xsize >> L2DTSLOTSIZE;
newstblsize = (n + 31) >> L2DTSLOTSIZE;
memcpy(&sp->slot[newstblindex], &sp->slot[oldstblindex],
sp->header.nextindex);
/*
* in-line extension: linelock old area of extended page
*/
Reported by FlawFinder.
Line: 1947
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy old stbl to new stbl at start of extended area */
rp->header.stblindex = DTROOTMAXSLOT;
stbl = (s8 *) & rp->slot[DTROOTMAXSLOT];
memcpy(stbl, sp->header.stbl, sp->header.nextindex);
rp->header.nextindex = sp->header.nextindex;
/* copy old data area to start of new data area */
memcpy(&rp->slot[1], &sp->slot[1], IDATASIZE);
Reported by FlawFinder.
drivers/hwmon/nct7802.c
13 issues
Line: 77
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%u\n", (mode >> (2 * sattr->index) & 3) + 2);
}
static ssize_t temp_type_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 110
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int ret;
if (sattr->index > 1)
return sprintf(buf, "1\n");
ret = regmap_read(data->regmap, 0x5E, ®val);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 116
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%u\n", !(regval & (1 << sattr->index)));
}
static ssize_t pwm_show(struct device *dev, struct device_attribute *devattr,
char *buf)
{
Reported by FlawFinder.
Line: 128
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int ret;
if (!attr->index)
return sprintf(buf, "255\n");
ret = regmap_read(data->regmap, attr->index, &val);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 134
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n", val);
}
static ssize_t pwm_store(struct device *dev, struct device_attribute *devattr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 165
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
enabled = reg >> SMARTFAN_EN_SHIFT(sattr->index) & 1;
return sprintf(buf, "%u\n", enabled + 1);
}
static ssize_t pwm_enable_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 352
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (voltage < 0)
return voltage;
return sprintf(buf, "%d\n", voltage);
}
static ssize_t in_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 427
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
data->in_status |= 0x10 << sattr->index;
}
ret = sprintf(buf, "%u\n", !!(data->in_status & (1 << sattr->index)));
abort:
mutex_unlock(&data->in_alarm_lock);
return ret;
}
Reported by FlawFinder.
Line: 444
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (err < 0)
return err;
return sprintf(buf, "%d\n", temp);
}
static ssize_t temp_store(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 477
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (speed < 0)
return speed;
return sprintf(buf, "%d\n", speed);
}
static ssize_t fan_min_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
arch/m68k/atari/config.c
13 issues
Line: 159
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return 0;
/* copy string to local array, strsep works destructively... */
strcpy(switches, str);
atari_switches = 0;
/* parse the options */
while ((p = strsep(&args, ",")) != NULL) {
if (!*p)
Reported by FlawFinder.
Line: 150
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Parse the Atari-specific switches= option. */
static int __init atari_switches_setup(char *str)
{
char switches[COMMAND_LINE_SIZE];
char *p;
int ovsc_shift;
char *args = switches;
if (!MACH_IS_ATARI)
Reported by FlawFinder.
Line: 576
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static void atari_get_model(char *model)
{
strcpy(model, "Atari ");
switch (atari_mch_cookie >> 16) {
case ATARI_MCH_ST:
if (ATARIHW_PRESENT(MSTE_CLK))
strcat(model, "Mega ST");
else
Reported by FlawFinder.
Line: 580
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
switch (atari_mch_cookie >> 16) {
case ATARI_MCH_ST:
if (ATARIHW_PRESENT(MSTE_CLK))
strcat(model, "Mega ST");
else
strcat(model, "ST");
break;
case ATARI_MCH_STE:
if (MACH_IS_MSTE)
Reported by FlawFinder.
Line: 582
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (ATARIHW_PRESENT(MSTE_CLK))
strcat(model, "Mega ST");
else
strcat(model, "ST");
break;
case ATARI_MCH_STE:
if (MACH_IS_MSTE)
strcat(model, "Mega STE");
else
Reported by FlawFinder.
Line: 586
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
break;
case ATARI_MCH_STE:
if (MACH_IS_MSTE)
strcat(model, "Mega STE");
else
strcat(model, "STE");
break;
case ATARI_MCH_TT:
if (MACH_IS_MEDUSA)
Reported by FlawFinder.
Line: 588
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (MACH_IS_MSTE)
strcat(model, "Mega STE");
else
strcat(model, "STE");
break;
case ATARI_MCH_TT:
if (MACH_IS_MEDUSA)
/* Medusa has TT _MCH cookie */
strcat(model, "Medusa");
Reported by FlawFinder.
Line: 593
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
case ATARI_MCH_TT:
if (MACH_IS_MEDUSA)
/* Medusa has TT _MCH cookie */
strcat(model, "Medusa");
else
strcat(model, "TT");
break;
case ATARI_MCH_FALCON:
strcat(model, "Falcon");
Reported by FlawFinder.
Line: 595
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
/* Medusa has TT _MCH cookie */
strcat(model, "Medusa");
else
strcat(model, "TT");
break;
case ATARI_MCH_FALCON:
strcat(model, "Falcon");
if (MACH_IS_AB40)
strcat(model, " (with Afterburner040)");
Reported by FlawFinder.
Line: 598
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(model, "TT");
break;
case ATARI_MCH_FALCON:
strcat(model, "Falcon");
if (MACH_IS_AB40)
strcat(model, " (with Afterburner040)");
break;
default:
sprintf(model + strlen(model), "(unknown mach cookie 0x%lx)",
Reported by FlawFinder.
drivers/net/ethernet/emulex/benet/be_ethtool.c
13 issues
Line: 439
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < adapter->num_rx_qs; i++) {
for (j = 0; j < ETHTOOL_RXSTATS_NUM; j++) {
sprintf(data, "rxq%d: %s", i,
et_rx_stats[j].desc);
data += ETH_GSTRING_LEN;
}
}
for (i = 0; i < adapter->num_tx_qs; i++) {
Reported by FlawFinder.
Line: 446
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < adapter->num_tx_qs; i++) {
for (j = 0; j < ETHTOOL_TXSTATS_NUM; j++) {
sprintf(data, "txq%d: %s", i,
et_tx_stats[j].desc);
data += ETH_GSTRING_LEN;
}
}
break;
Reported by FlawFinder.
Line: 460
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
break;
case ETH_SS_PRIV_FLAGS:
for (i = 0; i < ARRAY_SIZE(be_priv_flags); i++)
strcpy(data + i * ETH_GSTRING_LEN, be_priv_flags[i]);
break;
}
}
static int be_get_sset_count(struct net_device *netdev, int stringset)
Reported by FlawFinder.
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/ethtool.h>
struct be_ethtool_stat {
char desc[ETH_GSTRING_LEN];
int type;
int size;
int offset;
};
Reported by FlawFinder.
Line: 289
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
total_read_len, file_name,
&read_len, &eof, &addn_status);
if (!status) {
memcpy(buf + total_read_len, read_cmd.va, read_len);
total_read_len += read_len;
eof &= LANCER_READ_FILE_EOF_MASK;
} else {
status = -EIO;
break;
Reported by FlawFinder.
Line: 434
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < ETHTOOL_STATS_NUM; i++) {
memcpy(data, et_stats[i].desc, ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
for (i = 0; i < adapter->num_rx_qs; i++) {
for (j = 0; j < ETHTOOL_RXSTATS_NUM; j++) {
sprintf(data, "rxq%d: %s", i,
Reported by FlawFinder.
Line: 454
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case ETH_SS_TEST:
for (i = 0; i < ETHTOOL_TESTS_NUM; i++) {
memcpy(data, et_self_tests[i], ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
break;
case ETH_SS_PRIV_FLAGS:
for (i = 0; i < ARRAY_SIZE(be_priv_flags); i++)
Reported by FlawFinder.
Line: 1040
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!status) {
resp = eeprom_cmd.va;
memcpy(data, resp->seeprom_data + eeprom->offset, eeprom->len);
}
dma_free_coherent(&adapter->pdev->dev, eeprom_cmd.size, eeprom_cmd.va,
eeprom_cmd.dma);
return be_cmd_status(status);
Reported by FlawFinder.
Line: 1281
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (hkey)
memcpy(hkey, rss->rss_hkey, RSS_HASH_KEY_LEN);
if (hfunc)
*hfunc = ETH_RSS_HASH_TOP;
return 0;
Reported by FlawFinder.
Line: 1310
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
adapter->rss_info.rss_queue[i] = j;
}
} else {
memcpy(rsstable, adapter->rss_info.rsstable,
RSS_INDIR_TABLE_LEN);
}
if (!hkey)
hkey = adapter->rss_info.rss_hkey;
Reported by FlawFinder.