The following issues were found
drivers/spi/spi-stm32-qspi.c
1 issues
Line: 550
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* spi_mem_op template with offs, len and *buf in order to get
* all needed transfer information into struct spi_mem_op
*/
memcpy(&op, &desc->info.op_tmpl, sizeof(struct spi_mem_op));
dev_dbg(qspi->dev, "%s len = 0x%zx offs = 0x%llx buf = 0x%p\n", __func__, len, offs, buf);
op.data.nbytes = len;
op.addr.val = desc->info.offset + offs;
op.data.buf.in = buf;
Reported by FlawFinder.
drivers/spi/spi-sh-msiof.c
1 issues
Line: 904
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void copy_plain32(u32 *dst, const u32 *src, unsigned int words)
{
memcpy(dst, src, words * 4);
}
static int sh_msiof_transfer_one(struct spi_controller *ctlr,
struct spi_device *spi,
struct spi_transfer *t)
Reported by FlawFinder.
drivers/spi/spi-s3c24xx.c
1 issues
Line: 294
CWE codes:
476
BUG_ON(!code);
ack_ptr = (u32 *)&code->data[code->ack_offset];
set_fiq_handler(&code->data, code->length);
}
s3c24xx_set_fiq(hw->irq, ack_ptr, true);
hw->fiq_mode = mode;
Reported by Cppcheck.
drivers/spi/spi-pxa2xx-pci.c
1 issues
Line: 218
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pxa2xx_spi_controller spi_pdata;
struct ssp_device *ssp;
struct pxa_spi_info *c;
char buf[40];
ret = pcim_enable_device(dev);
if (ret)
return ret;
Reported by FlawFinder.
drivers/staging/rtl8723bs/hal/HalBtcOutSrc.h
1 issues
Line: 89
Column: 20
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define WIFI_P2P_GC_CONNECTED BIT4
/* following is for command line utility */
#define CL_SPRINTF snprintf
#define CL_PRINTF DCMD_Printf
struct btc_board_info {
/* The following is some board information */
u8 btChipType;
Reported by FlawFinder.
drivers/spi/spi-pic32.c
1 issues
Line: 195
Column: 7
CWE codes:
120
20
__type v; \
u32 mx = pic32_rx_max(pic32s, sizeof(__type)); \
for (; mx; mx--) { \
v = read##__bwl(&pic32s->regs->buf); \
if (pic32s->rx_end - pic32s->len) \
*(__type *)(pic32s->rx) = v; \
pic32s->rx += sizeof(__type); \
} \
} \
Reported by FlawFinder.
drivers/staging/rtl8723bs/hal/sdio_halinit.c
1 issues
Line: 1040
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pEEPROM->mac_addr[i] = sMacAddr[i];
} else {
/* Read Permanent MAC address */
memcpy(pEEPROM->mac_addr, &hwinfo[EEPROM_MAC_ADDR_8723BS], ETH_ALEN);
}
}
static void Hal_EfuseParseBoardType_8723BS(
struct adapter *padapter, u8 *hwinfo, bool AutoLoadFail
Reported by FlawFinder.
drivers/staging/rtl8723bs/include/ieee80211.h
1 issues
Line: 197
Column: 5
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
u8 seq[8]; /* sequence counter (set: RX, get: TX) */
u16 key_len;
u8 key[0];
} crypt;
struct {
u16 aid;
u16 capability;
int flags;
u8 tx_supp_rates[16];
Reported by FlawFinder.
drivers/staging/rtl8723bs/include/ioctl_cfg80211.h
1 issues
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t scan_req_lock;
struct net_device *pmon_ndev;/* for monitor interface */
char ifname_mon[IFNAMSIZ + 1]; /* interface name for monitor interface */
u8 p2p_enabled;
u8 provdisc_req_issued;
Reported by FlawFinder.
drivers/video/fbdev/intelfb/intelfb.h
1 issues
Line: 336
Column: 6
CWE codes:
362
int ring_active;
int flag;
unsigned long irq_flags;
int open;
/* vsync */
struct intelfb_vsync vsync;
spinlock_t int_lock;
Reported by FlawFinder.