The following issues were found
drivers/spi/spi-bcm2835aux.c
1 issues
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void bcm2835aux_debugfs_create(struct bcm2835aux_spi *bs,
const char *dname)
{
char name[64];
struct dentry *dir;
/* get full name */
snprintf(name, sizeof(name), "spi-bcm2835aux-%s", dname);
Reported by FlawFinder.
drivers/staging/vt6656/mac.c
1 issues
Line: 72
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* swap over swap[0] and swap[1] to get correct write order */
swap(set_key.u.swap[0], set_key.u.swap[1]);
memcpy(set_key.key, key, WLAN_KEY_LEN_CCMP);
dev_dbg(&priv->usb->dev, "offset %d key ctl %d set key %24ph\n",
offset, key_ctl, (u8 *)&set_key);
return vnt_control_out(priv, MESSAGE_TYPE_SETKEY, offset,
Reported by FlawFinder.
drivers/staging/vt6656/usbpipe.c
1 issues
Line: 121
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
index, usb_buffer, length, USB_CTL_WAIT);
if (ret == length)
memcpy(buffer, usb_buffer, length);
kfree(usb_buffer);
if (ret == (int)length)
ret = 0;
Reported by FlawFinder.
drivers/staging/wfx/fwio.c
1 issues
Line: 106
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct firmware **fw, int *file_offset)
{
int keyset_file;
char filename[256];
const char *data;
int ret;
snprintf(filename, sizeof(filename), "%s_%02X.sec",
wdev->pdata.file_fw, keyset_chip);
Reported by FlawFinder.
drivers/staging/wfx/hif_tx_mib.c
1 issues
Line: 116
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!arg)
return -ENOMEM;
arg->num_of_info_elmts = cpu_to_le32(tbl_len);
memcpy(arg->ie_table, tbl, flex_array_size(arg, ie_table, tbl_len));
ret = hif_write_mib(wvif->wdev, wvif->id,
HIF_MIB_ID_BEACON_FILTER_TABLE, arg, buf_len);
kfree(arg);
return ret;
}
Reported by FlawFinder.
drivers/staging/wfx/sta.c
1 issues
Line: 420
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ssidlen = ssidie[1];
if (ssidlen > IEEE80211_MAX_SSID_LEN)
ssidlen = IEEE80211_MAX_SSID_LEN;
memcpy(ssid, &ssidie[2], ssidlen);
}
rcu_read_unlock();
cfg80211_put_bss(wvif->wdev->hw->wiphy, bss);
Reported by FlawFinder.
drivers/soundwire/stream.c
1 issues
Line: 1566
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
restore_params:
memcpy(&bus->params, ¶ms, sizeof(params));
return ret;
}
/**
* sdw_prepare_stream() - Prepare SoundWire stream
Reported by FlawFinder.
drivers/staging/wlan-ng/p80211ioctl.h
1 issues
Line: 83
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* the p80211 module. */
struct p80211ioctl_req {
char name[WLAN_DEVNAMELEN_MAX];
char __user *data;
u32 magic;
u16 len;
u32 result;
} __packed;
Reported by FlawFinder.
drivers/soundwire/slave.c
1 issues
Line: 36
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
/* Initialize data structure */
memcpy(&slave->id, id, sizeof(*id));
slave->dev.parent = bus->dev;
slave->dev.fwnode = fwnode;
if (id->unique_id == SDW_IGNORED_UNIQUE_ID) {
/* name shall be sdw:link:mfg:part:class */
Reported by FlawFinder.
drivers/target/iscsi/cxgbit/cxgbit_ddp.c
1 issues
Line: 19
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int len = 0;
int i;
memcpy(ppod, &ttinfo->hdr, sizeof(struct cxgbi_pagepod_hdr));
if (sg) {
addr = sg_dma_address(sg);
len = sg_dma_len(sg);
}
Reported by FlawFinder.