The following issues were found
drivers/media/test-drivers/vidtv/vidtv_demod.c
1 issues
Line: 427
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
/* create dvb_frontend */
memcpy(&state->frontend.ops,
&vidtv_demod_ops,
sizeof(struct dvb_frontend_ops));
memcpy(&state->config, config, sizeof(state->config));
Reported by FlawFinder.
drivers/media/tuners/xc5000.c
1 issues
Line: 1453
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_unlock(&xc5000_list_mutex);
memcpy(&fe->ops.tuner_ops, &xc5000_tuner_ops,
sizeof(struct dvb_tuner_ops));
return fe;
fail:
mutex_unlock(&xc5000_list_mutex);
Reported by FlawFinder.
drivers/media/dvb-frontends/cx24110.c
1 issues
Line: 606
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret != 0x5a) && (ret != 0x69)) goto error;
/* create dvb_frontend */
memcpy(&state->frontend.ops, &cx24110_ops, sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
return &state->frontend;
error:
kfree(state);
Reported by FlawFinder.
drivers/media/test-drivers/vidtv/vidtv_common.c
1 issues
Line: 51
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
}
memcpy(to + to_offset, from, len);
return len;
}
/**
* vidtv_memset() - wrapper routine to be used by MPEG-TS
Reported by FlawFinder.
drivers/media/usb/au0828/au0828-core.c
1 issues
Line: 114
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* the host controller requires heap allocated memory, which
is why we didn't just pass "cp" into usb_control_msg */
memcpy(cp, dev->ctrlmsg, size);
}
mutex_unlock(&dev->mutex);
return status;
}
Reported by FlawFinder.
drivers/media/usb/au0828/au0828-i2c.c
1 issues
Line: 339
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.name = "au0828 internal",
};
static char *i2c_devs[128] = {
[0x8e >> 1] = "au8522",
[0xa0 >> 1] = "eeprom",
[0xc2 >> 1] = "tuner/xc5000",
};
Reported by FlawFinder.
drivers/media/dvb-frontends/cx22702.c
1 issues
Line: 598
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto error;
/* create dvb_frontend */
memcpy(&state->frontend.ops, &cx22702_ops,
sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
return &state->frontend;
error:
Reported by FlawFinder.
drivers/net/ethernet/brocade/bna/bnad_debugfs.c
1 issues
Line: 496
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bnad_debugfs_init(struct bnad *bnad)
{
const struct bnad_debugfs_entry *file;
char name[64];
int i;
/* Setup the BNA debugfs root directory*/
if (!bna_debugfs_root) {
bna_debugfs_root = debugfs_create_dir("bna", NULL);
Reported by FlawFinder.
drivers/media/usb/cpia2/cpia2_core.c
1 issues
Line: 932
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 2; i < fw->size; i += 64) {
cmd.start = 0x0C; /* Data */
cmd.reg_count = min_t(uint, 64, fw->size - i);
memcpy(cmd.buffer.block_data, &fw->data[i], cmd.reg_count);
cpia2_send_command(cam, &cmd);
}
/* Next send the start address... */
cpia2_send_onebyte_command(cam, &cmd, 0x0A, fw->data[0]); /* hi */
Reported by FlawFinder.
drivers/media/spi/cxd2880-spi.c
1 issues
Line: 108
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
send_data[1] = sub_address;
send_data[2] = (u8)size;
memcpy(&send_data[3], write_data_top, send_data[2]);
ret = cxd2880_write_spi(spi, send_data, send_data[2] + 3);
if (ret)
pr_err("write spi failed %d\n", ret);
Reported by FlawFinder.