The following issues were found
drivers/media/i2c/ov9640.c
1 issues
Line: 204
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret;
u8 _val;
unsigned char data[2] = { reg, val };
struct i2c_msg msg = {
.addr = client->addr,
.flags = 0,
.len = 2,
.buf = data,
Reported by FlawFinder.
drivers/media/i2c/ov7251.c
1 issues
Line: 656
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
regbuf[0] = reg >> 8;
regbuf[1] = reg & 0xff;
memcpy(regbuf + 2, val, num);
ret = i2c_master_send(ov7251->i2c_client, regbuf, nregbuf);
if (ret < 0) {
dev_err(ov7251->dev,
"%s: write seq regs error %d: first reg=%x\n",
Reported by FlawFinder.
drivers/media/i2c/ov6650.c
1 issues
Line: 281
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ov6650_reg_write(struct i2c_client *client, u8 reg, u8 val)
{
int ret;
unsigned char data[2] = { reg, val };
struct i2c_msg msg = {
.addr = client->addr,
.flags = 0,
.len = 2,
.buf = data,
Reported by FlawFinder.
drivers/media/i2c/mt9v011.c
1 issues
Line: 99
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 value)
{
struct i2c_client *c = v4l2_get_subdevdata(sd);
unsigned char buffer[3];
int rc;
buffer[0] = addr;
buffer[1] = value >> 8;
buffer[2] = value & 0xff;
Reported by FlawFinder.
drivers/media/i2c/et8ek8/et8ek8_reg.h
1 issues
Line: 80
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ET8EK8_MAX_LEN 32
struct et8ek8_meta_reglist {
char version[ET8EK8_MAX_LEN];
union {
struct et8ek8_reglist *ptr;
} reglist[];
};
Reported by FlawFinder.
drivers/mtd/ubi/wl.c
1 issues
Line: 1765
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
ubi->max_ec = ai->max_ec;
INIT_LIST_HEAD(&ubi->works);
sprintf(ubi->bgt_name, UBI_BGT_NAME_PATTERN, ubi->ubi_num);
err = -ENOMEM;
ubi->lookuptbl = kcalloc(ubi->peb_count, sizeof(void *), GFP_KERNEL);
if (!ubi->lookuptbl)
return err;
Reported by FlawFinder.
drivers/net/appletalk/ipddp.c
1 issues
Line: 77
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return ERR_PTR(-ENOMEM);
netif_keep_dst(dev);
strcpy(dev->name, "ipddp%d");
if (version_printed++ == 0)
printk(version);
/* Initialize the device structure. */
Reported by FlawFinder.
drivers/media/i2c/cx25840/cx25840-firmware.c
1 issues
Line: 131
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (size > 0) {
int len = min(max_buf_size - 2, size);
memcpy(buffer + 2, ptr, len);
retval = fw_write(client, buffer, len + 2);
if (retval < 0) {
release_firmware(fw);
Reported by FlawFinder.
drivers/net/arcnet/arc-rawmode.c
1 issues
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_pull(skb, ARC_HDR_SIZE);
/* up to sizeof(pkt->soft) has already been copied from the card */
memcpy(pkt, pkthdr, sizeof(struct archdr));
if (length > sizeof(pkt->soft))
lp->hw.copy_from_card(dev, bufnum, ofs + sizeof(pkt->soft),
pkt->soft.raw + sizeof(pkt->soft),
length - sizeof(pkt->soft));
Reported by FlawFinder.
drivers/net/arcnet/arc-rimi.c
1 issues
Line: 308
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int node;
static int io; /* use the insmod io= irq= node= options */
static int irq;
static char device[9]; /* use eg. device=arc1 to change name */
module_param(node, int, 0);
module_param(io, int, 0);
module_param(irq, int, 0);
module_param_string(device, device, sizeof(device), 0);
Reported by FlawFinder.