The following issues were found
drivers/media/usb/gspca/pac_common.h
1 issues
Line: 18
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
the new settings to come into effect before doing any other adjustments. */
#define PAC_AUTOGAIN_IGNORE_FRAMES 2
static const unsigned char pac_sof_marker[5] =
{ 0xff, 0xff, 0x00, 0xff, 0x96 };
/*
The following state machine finds the SOF marker sequence
0xff, 0xff, 0x00, 0xff, 0x96 in a byte stream.
Reported by FlawFinder.
drivers/net/ethernet/cavium/liquidio/octeon_droq.c
1 issues
Line: 889
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
droq = oct->droq[q_no];
memcpy(&droq->ops, ops, sizeof(struct octeon_droq_ops));
return 0;
}
int octeon_unregister_droq_ops(struct octeon_device *oct, u32 q_no)
Reported by FlawFinder.
drivers/media/usb/gspca/sn9c20x.c
1 issues
Line: 935
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (gspca_dev->usb_err < 0)
return;
memcpy(gspca_dev->usb_buf, buffer, length);
result = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
0x08,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_INTERFACE,
reg,
0x00,
Reported by FlawFinder.
drivers/media/platform/sti/hva/hva-v4l2.c
1 issues
Line: 214
Column: 13
CWE codes:
362
hva->instance_id, (char *)&streamformat);
/* open encoder instance */
ret = enc->open(ctx);
if (ret) {
dev_err(dev, "%s failed to open encoder instance (%d)\n",
ctx->name, ret);
return ret;
}
Reported by FlawFinder.
drivers/media/usb/gspca/spca561.c
1 issues
Line: 582
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* 0x8f 0x85 0x27 clock */
reg_w_val(gspca_dev, 0x8112, 0x1e | 0x20);
reg_w_val(gspca_dev, 0x850b, 0x03);
memcpy(gspca_dev->usb_buf, Reg8391, 8);
reg_w_buf(gspca_dev, 0x8391, 8);
reg_w_buf(gspca_dev, 0x8390, 8);
/* Led ON (bit 3 -> 0 */
reg_w_val(gspca_dev, 0x8114, 0x00);
Reported by FlawFinder.
drivers/media/usb/gspca/sq930x.c
1 issues
Line: 465
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
gspca_dbg(gspca_dev, D_USBO, "reg_wb v: %04x i: %04x %02x...%02x\n",
value, index, *data, data[len - 1]);
memcpy(gspca_dev->usb_buf, data, len);
ret = usb_control_msg(gspca_dev->dev,
usb_sndctrlpipe(gspca_dev->dev, 0),
0x0c, /* request */
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
value, index, gspca_dev->usb_buf, len,
Reported by FlawFinder.
drivers/media/usb/gspca/stv06xx/stv06xx_sensor.h
1 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct stv06xx_sensor {
/* Defines the name of a sensor */
char name[32];
/* Sensor i2c address */
u8 i2c_addr;
/* Flush value*/
Reported by FlawFinder.
drivers/media/usb/gspca/t613.c
1 issues
Line: 321
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const u8 *buffer, u16 len)
{
if (len <= USB_BUF_SZ) {
memcpy(gspca_dev->usb_buf, buffer, len);
usb_control_msg(gspca_dev->dev,
usb_sndctrlpipe(gspca_dev->dev, 0),
0,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
0x01, 0,
Reported by FlawFinder.
drivers/media/common/videobuf2/videobuf2-dma-sg.c
1 issues
Line: 345
Column: 15
CWE codes:
362
vma->vm_private_data = &buf->handler;
vma->vm_ops = &vb2_common_vm_ops;
vma->vm_ops->open(vma);
return 0;
}
/*********************************************/
Reported by FlawFinder.
drivers/media/usb/gspca/vicam.c
1 issues
Line: 244
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto exit;
}
for (rec = (void *)fw->data; rec; rec = ihex_next_binrec(rec)) {
memcpy(firmware_buf, rec->data, be16_to_cpu(rec->len));
ret = vicam_control_msg(gspca_dev, 0xff, 0, 0, firmware_buf,
be16_to_cpu(rec->len));
if (ret < 0)
break;
}
Reported by FlawFinder.