The following issues were found
drivers/staging/media/omap4iss/iss_resizer.c
1 issues
Line: 468
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
format = __resizer_get_format(resizer, sd_state,
RESIZER_PAD_SINK,
which);
memcpy(fmt, format, sizeof(*fmt));
if ((pixelcode == MEDIA_BUS_FMT_YUYV8_1_5X8) &&
(fmt->code == MEDIA_BUS_FMT_UYVY8_1X16))
fmt->code = pixelcode;
Reported by FlawFinder.
drivers/staging/greybus/raw.c
1 issues
Line: 81
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
raw->list_data += len;
raw_data->len = len;
memcpy(&raw_data->data[0], data, len);
list_add_tail(&raw_data->entry, &raw->list);
exit:
mutex_unlock(&raw->list_lock);
return retval;
Reported by FlawFinder.
drivers/staging/media/tegra-video/vi.h
1 issues
Line: 201
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* protects the capture done queue list */
spinlock_t done_lock;
unsigned char portnos[GANG_PORTS_MAX];
u8 totalports;
u8 numgangports;
struct device_node *of_node;
struct v4l2_ctrl_handler ctrl_handler;
Reported by FlawFinder.
drivers/staging/media/zoran/videocodec.c
1 issues
Line: 90
Column: 10
CWE codes:
126
if (!codec)
goto out_module_put;
res = strlen(codec->name);
snprintf(codec->name + res, sizeof(codec->name) - res, "[%d]", h->attached);
codec->master_data = master;
res = codec->setup(codec);
if (res == 0) {
dprintk(3, "%s: '%s'\n", __func__, codec->name);
Reported by FlawFinder.
drivers/staging/media/zoran/zr36016.h
1 issues
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* data stored for each zoran jpeg codec chip */
struct zr36016 {
char name[32];
int num;
/* io datastructure */
struct videocodec *codec;
// coder status
__u8 version;
Reported by FlawFinder.
drivers/staging/media/zoran/zr36050.h
1 issues
Line: 15
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* data stored for each zoran jpeg codec chip */
struct zr36050 {
char name[32];
int num;
/* io datastructure */
struct videocodec *codec;
// last coder status
__u8 status1;
Reported by FlawFinder.
drivers/staging/media/zoran/zr36060.h
1 issues
Line: 15
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* data stored for each zoran jpeg codec chip */
struct zr36060 {
char name[32];
int num;
/* io datastructure */
struct videocodec *codec;
// last coder status
__u8 status;
Reported by FlawFinder.
drivers/staging/most/dim2/sysfs.c
1 issues
Line: 21
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
bool state = dim2_sysfs_get_state_cb();
return sprintf(buf, "%s\n", state ? "locked" : "");
}
static DEVICE_ATTR_RO(state);
static struct attribute *dev_attrs[] = {
Reported by FlawFinder.
drivers/staging/mt7621-pci/pci-mt7621.c
1 issues
Line: 248
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mt7621_pcie_port *port;
struct device *dev = pcie->dev;
struct platform_device *pdev = to_platform_device(dev);
char name[10];
int err;
port = devm_kzalloc(dev, sizeof(*port), GFP_KERNEL);
if (!port)
return -ENOMEM;
Reported by FlawFinder.
drivers/staging/netlogic/xlr_net.c
1 issues
Line: 91
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
skb_data = skb->data;
skb_reserve(skb, MAC_SKB_BACK_PTR_SIZE);
memcpy(skb_data, &skb, buf_len);
return skb->data;
}
static void xlr_net_fmn_handler(int bkt, int src_stnid, int size, int code,
Reported by FlawFinder.