The following issues were found
drivers/staging/fwserial/dma_fifo.h
1 issues
Line: 52
Column: 8
CWE codes:
362
unsigned int align; /* must be power of 2 */
int tx_limit; /* max # of bytes per dma transaction */
int open_limit; /* max # of outstanding allowed */
int open; /* # of outstanding dma transactions */
struct list_head pending; /* fifo markers for outstanding dma */
void *data;
};
struct dma_pending {
Reported by FlawFinder.
drivers/staging/rtl8188eu/os_dep/xmit_linux.c
1 issues
Line: 130
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newskb = skb_copy(skb, GFP_ATOMIC);
if (newskb) {
memcpy(newskb->data, psta->hwaddr, 6);
res = rtw_xmit(padapter, &newskb);
if (res < 0) {
pxmitpriv->tx_drop++;
dev_kfree_skb_any(newskb);
} else {
Reported by FlawFinder.
drivers/staging/rtl8192e/dot11d.c
1 issues
Line: 150
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
UPDATE_CIE_SRC(dev, address);
dot11d_info->country_len = country_len;
memcpy(dot11d_info->country_buffer, country, country_len);
dot11d_info->state = DOT11D_STATE_LEARNED;
}
void dot11d_scan_complete(struct rtllib_device *dev)
{
Reported by FlawFinder.
drivers/staging/rtl8192e/dot11d.h
1 issues
Line: 51
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void copy_mac_addr(unsigned char *des, unsigned char *src)
{
memcpy(des, src, 6);
}
#define GET_DOT11D_INFO(__ieee_dev) \
((struct rt_dot11d_info *)((__ieee_dev)->dot11d_info))
Reported by FlawFinder.
drivers/staging/rtl8192e/rtl8192e/r8192E_dev.c
1 issues
Line: 2170
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
struct r8192_priv *priv = rtllib_priv(dev);
strcpy(priv->nick, "rtl8192E");
priv->rtllib->softmac_features = IEEE_SOFTMAC_SCAN |
IEEE_SOFTMAC_ASSOCIATE | IEEE_SOFTMAC_PROBERQ |
IEEE_SOFTMAC_PROBERS | IEEE_SOFTMAC_TX_QUEUE;
Reported by FlawFinder.
drivers/staging/rtl8192e/rtl8192e/rtl_core.h
1 issues
Line: 425
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 rf_type;
u8 IC_Cut;
char nick[IW_ESSID_MAX_SIZE + 1];
u8 check_roaming_cnt;
u32 SilentResetRxSlotIndex;
u32 SilentResetRxStuckEvent[MAX_SILENT_RESET_RX_SLOT_NUM];
Reported by FlawFinder.
drivers/staging/rtl8192e/rtl8192e/rtl_dm.c
1 issues
Line: 1803
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 tmp1byte;
enum rt_rf_power_state eRfPowerStateToSet;
bool bActuallySet = false;
char *argv[3];
static const char RadioPowerPath[] = "/etc/acpi/events/RadioPower.sh";
static char *envp[] = {"HOME=/", "TERM=linux", "PATH=/usr/bin:/bin",
NULL};
bActuallySet = false;
Reported by FlawFinder.
drivers/staging/rtl8192e/rtl819x_BAProc.c
1 issues
Line: 117
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tag += 2;
if (type == ACT_ADDBAREQ) {
memcpy(tag, (u8 *)&(pBA->ba_start_seq_ctrl), 2);
tag += 2;
}
#ifdef VERBOSE_DEBUG
print_hex_dump_bytes("%s: ", DUMP_PREFIX_NONE, skb->data,
Reported by FlawFinder.
drivers/staging/fbtft/fbtft-sysfs.c
1 issues
Line: 132
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
mutex_lock(&par->gamma.lock);
memcpy(par->gamma.curves, tmp_curves,
par->gamma.num_curves * par->gamma.num_values *
sizeof(tmp_curves[0]));
mutex_unlock(&par->gamma.lock);
return count;
Reported by FlawFinder.
drivers/staging/fbtft/fb_watterott.c
1 issues
Line: 137
Column: 16
CWE codes:
120
20
u8 rxbuf[4] = {0, };
write_reg(par, CMD_VERSION);
par->fbtftops.read(par, rxbuf, 4);
if (rxbuf[1] != '.')
return 0;
return (rxbuf[0] - '0') << 8 | (rxbuf[2] - '0') << 4 | (rxbuf[3] - '0');
}
Reported by FlawFinder.