The following issues were found
drivers/media/pci/dt3155/dt3155.c
1 issues
Line: 299
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strscpy(cap->driver, DT3155_NAME, sizeof(cap->driver));
strscpy(cap->card, DT3155_NAME " frame grabber", sizeof(cap->card));
sprintf(cap->bus_info, "PCI:%s", pci_name(pd->pdev));
return 0;
}
static int dt3155_enum_fmt_vid_cap(struct file *filp,
void *p, struct v4l2_fmtdesc *f)
Reported by FlawFinder.
drivers/media/pci/ddbridge/ddbridge-mci.c
1 issues
Line: 166
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cfg->base_init)
cfg->base_init(base);
}
memcpy(&state->fe.ops, cfg->fe_ops, sizeof(struct dvb_frontend_ops));
state->fe.demodulator_priv = state;
state->nr = nr;
*fn_set_input = cfg->set_input;
state->tuner = nr;
state->demod = nr;
Reported by FlawFinder.
drivers/mmc/host/renesas_sdhi_sys_dmac.c
1 issues
Line: 261
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *sg_vaddr = tmio_mmc_kmap_atomic(sg, &flags);
sg_init_one(&host->bounce_sg, host->bounce_buf, sg->length);
memcpy(host->bounce_buf, sg_vaddr, host->bounce_sg.length);
tmio_mmc_kunmap_atomic(sg, &flags, sg_vaddr);
host->sg_ptr = &host->bounce_sg;
sg = host->sg_ptr;
}
Reported by FlawFinder.
drivers/media/pci/ddbridge/ddbridge-dummy-fe.c
1 issues
Line: 108
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
/* create dvb_frontend */
memcpy(&state->frontend.ops,
&ddbridge_dummy_fe_qam_ops,
sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
return &state->frontend;
Reported by FlawFinder.
drivers/mmc/host/sdhci-acpi.c
1 issues
Line: 134
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t len = min_t(size_t, obj->buffer.length, 4);
*result = 0;
memcpy(result, obj->buffer.pointer, len);
} else {
dev_err(dev, "%s DSM fn %u obj->type %d obj->buffer.length %d\n",
__func__, fn, obj->type, obj->buffer.length);
err = -EINVAL;
}
Reported by FlawFinder.
drivers/mmc/host/sdhci-esdhc-imx.c
1 issues
Line: 346
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void esdhc_dump_debug_regs(struct sdhci_host *host)
{
int i;
char *debug_status[7] = {
"cmd debug status",
"data debug status",
"trans debug status",
"dma debug status",
"adma debug status",
Reported by FlawFinder.
drivers/mmc/host/sdhci-msm.c
1 issues
Line: 1995
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(key.bytes, cfg->crypto_key, AES_256_XTS_KEY_SIZE);
/*
* The SCM call byte-swaps the 32-bit words of the key. So we have to
* do the same, in order for the final key be correct.
*/
Reported by FlawFinder.
drivers/mmc/host/sdhci-omap.c
1 issues
Line: 958
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device *dev = omap_host->dev;
char *version = omap_host->version;
struct pinctrl_state *pinctrl_state = ERR_PTR(-ENODEV);
char str[20];
if (!(*caps & capmask))
goto ret;
if (version) {
Reported by FlawFinder.
drivers/mmc/host/sdhci-pci-core.c
1 issues
Line: 549
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = min_t(size_t, obj->buffer.length, 4);
*result = 0;
memcpy(result, obj->buffer.pointer, len);
out:
ACPI_FREE(obj);
return err;
}
Reported by FlawFinder.
drivers/mmc/host/sdhci.h
1 issues
Line: 496
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if IS_ENABLED(CONFIG_LEDS_CLASS)
struct led_classdev led; /* LED control */
char led_name[32];
#endif
spinlock_t lock; /* Mutex */
int flags; /* Host attributes */
Reported by FlawFinder.