The following issues were found
drivers/usb/mtu3/mtu3.h
1 issues
Line: 268
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct mtu3_ep {
struct usb_ep ep;
char name[12];
struct mtu3 *mtu;
u8 epnum;
u8 type;
u8 is_in;
u16 maxp;
Reported by FlawFinder.
drivers/usb/mtu3/mtu3_debug.h
1 issues
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MTU3_DEBUGFS_NAME_LEN 32
struct mtu3_regset {
char name[MTU3_DEBUGFS_NAME_LEN];
struct debugfs_regset32 regset;
};
struct mtu3_file_map {
const char *name;
Reported by FlawFinder.
drivers/usb/mtu3/mtu3_gadget.c
1 issues
Line: 614
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
INIT_LIST_HEAD(&mep->req_list);
sprintf(mep->name, "ep%d%s", epnum,
!epnum ? "" : (is_in ? "in" : "out"));
mep->ep.name = mep->name;
INIT_LIST_HEAD(&mep->ep.ep_list);
Reported by FlawFinder.
drivers/usb/mtu3/mtu3_trace.h
1 issues
Line: 32
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
),
TP_fast_assign(
__assign_str(name, dev_name(dev));
vsnprintf(__get_str(msg), MTU3_MSG_MAX, vaf->fmt, *vaf->va);
),
TP_printk("%s: %s", __get_str(name), __get_str(msg))
);
TRACE_EVENT(mtu3_u3_ltssm_isr,
Reported by FlawFinder.
drivers/usb/musb/am35x.c
1 issues
Line: 414
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (len > 0) {
val = musb_readl(fifo, 0);
memcpy(dst, &val, len);
}
}
static const struct musb_platform_ops am35x_ops = {
.quirks = MUSB_DMA_INVENTRA | MUSB_INDEXED_EP,
Reported by FlawFinder.
drivers/usb/musb/musb_gadget.c
1 issues
Line: 1703
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
INIT_LIST_HEAD(&ep->req_list);
sprintf(ep->name, "ep%d%s", epnum,
(!epnum || hw_ep->is_shared_fifo) ? "" : (
is_in ? "in" : "out"));
ep->end_point.name = ep->name;
INIT_LIST_HEAD(&ep->end_point.ep_list);
if (!epnum) {
Reported by FlawFinder.
drivers/usb/musb/musb_gadget.h
1 issues
Line: 76
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct musb_ep {
/* stuff towards the head is basically write-once. */
struct usb_ep end_point;
char name[12];
struct musb_hw_ep *hw_ep;
struct musb *musb;
u8 current_epnum;
/* ... when enabled/disabled ... */
Reported by FlawFinder.
drivers/usb/musb/musb_trace.h
1 issues
Line: 35
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
),
TP_fast_assign(
__assign_str(name, dev_name(musb->controller));
vsnprintf(__get_str(msg), MUSB_MSG_MAX, vaf->fmt, *vaf->va);
),
TP_printk("%s: %s", __get_str(name), __get_str(msg))
);
TRACE_EVENT(musb_state,
Reported by FlawFinder.
drivers/video/fbdev/omap2/omapfb/dss/dsi.c
1 issues
Line: 842
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* make a copy and unlock, so that isrs can unregister
* themselves */
memcpy(&dsi->isr_tables_copy, &dsi->isr_tables,
sizeof(dsi->isr_tables));
spin_unlock(&dsi->irq_lock);
dsi_handle_isrs(&dsi->isr_tables_copy, irqstatus, vcstatus, ciostatus);
Reported by FlawFinder.
drivers/usb/renesas_usbhs/fifo.c
1 issues
Line: 1277
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void usbhsf_dma_init_dt(struct device *dev, struct usbhs_fifo *fifo,
int channel)
{
char name[16];
/*
* To avoid complex handing for DnFIFOs, the driver uses each
* DnFIFO as TX or RX direction (not bi-direction).
* So, the driver uses odd channels for TX, even channels for RX.
Reported by FlawFinder.