The following issues were found
drivers/media/usb/gspca/gspca.h
1 issues
Line: 162
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if IS_ENABLED(CONFIG_INPUT)
struct input_dev *input_dev;
char phys[64]; /* physical device path */
#endif
struct cam cam; /* device information */
const struct sd_desc *sd_desc; /* subdriver description */
struct v4l2_ctrl_handler ctrl_handler;
Reported by FlawFinder.
drivers/media/dvb-core/dvb_vb2.c
1 issues
Line: 302
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Fill buffer */
ll = min(todo, ctx->remain);
vbuf = vb2_plane_vaddr(&ctx->buf->vb, 0);
memcpy(vbuf + ctx->offset, psrc, ll);
todo -= ll;
psrc += ll;
ctx->remain -= ll;
ctx->offset += ll;
Reported by FlawFinder.
drivers/media/usb/gspca/jpeg.h
1 issues
Line: 127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int width,
int samplesY)
{
memcpy(jpeg_hdr, jpeg_head, sizeof jpeg_head);
#ifndef CONEX_CAM
jpeg_hdr[JPEG_HEIGHT_OFFSET + 0] = height >> 8;
jpeg_hdr[JPEG_HEIGHT_OFFSET + 1] = height;
jpeg_hdr[JPEG_HEIGHT_OFFSET + 2] = width >> 8;
jpeg_hdr[JPEG_HEIGHT_OFFSET + 3] = width;
Reported by FlawFinder.
drivers/media/dvb-core/dvb_frontend.c
1 issues
Line: 1070
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define _DTV_CMD(n) \
[n] = #n
static char *dtv_cmds[DTV_MAX_COMMAND + 1] = {
_DTV_CMD(DTV_TUNE),
_DTV_CMD(DTV_CLEAR),
/* Set */
_DTV_CMD(DTV_FREQUENCY),
Reported by FlawFinder.
drivers/media/usb/gspca/m5602/m5602_sensor.h
1 issues
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct m5602_sensor {
/* Defines the name of a sensor */
char name[32];
/* What i2c address the sensor is connected to */
u8 i2c_slave_id;
/* Width of each i2c register (in bytes) */
Reported by FlawFinder.
drivers/media/common/videobuf2/videobuf2-vmalloc.c
1 issues
Line: 195
Column: 15
CWE codes:
362
vma->vm_private_data = &buf->handler;
vma->vm_ops = &vb2_common_vm_ops;
vma->vm_ops->open(vma);
return 0;
}
#ifdef CONFIG_HAS_DMA
Reported by FlawFinder.
drivers/media/usb/gspca/nw80x.c
1 issues
Line: 1542
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
gspca_dbg(gspca_dev, D_USBO, "SET 00 0000 %04x %02x %02x ...\n",
index, *data, data[1]);
memcpy(gspca_dev->usb_buf, data, len);
ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
0x00,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
0x00, /* value */
index,
Reported by FlawFinder.
drivers/media/usb/gspca/ov534_9.c
1 issues
Line: 1467
Column: 7
CWE codes:
126
* output (0x1f) if first webcam
* input (0x17) if 2nd or 3rd webcam */
p = video_device_node_name(&gspca_dev->vdev);
l = strlen(p) - 1;
if (p[l] == '0')
reg_w(gspca_dev, 0x56, 0x1f);
else
reg_w(gspca_dev, 0x56, 0x17);
} else if ((sensor_id & 0xfff0) == 0x5620) {
Reported by FlawFinder.
drivers/media/usb/gspca/pac207.c
1 issues
Line: 95
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (gspca_dev->usb_err < 0)
return;
memcpy(gspca_dev->usb_buf, buffer, length);
err = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 0x01,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_INTERFACE,
0x00, index,
gspca_dev->usb_buf, length, PAC207_CTRL_TIMEOUT);
Reported by FlawFinder.
drivers/media/usb/gspca/pac7302.c
1 issues
Line: 240
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (gspca_dev->usb_err < 0)
return;
memcpy(gspca_dev->usb_buf, buffer, len);
ret = usb_control_msg(gspca_dev->dev,
usb_sndctrlpipe(gspca_dev->dev, 0),
0, /* request */
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
0, /* value */
Reported by FlawFinder.