The following issues were found
drivers/usb/usbip/stub.h
1 issues
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define BUSID_SIZE 32
struct bus_id_priv {
char name[BUSID_SIZE];
char status;
int interf_count;
struct stub_device *sdev;
struct usb_device *udev;
char shutdown_busid;
Reported by FlawFinder.
drivers/usb/usbip/usbip_common.c
1 issues
Line: 39
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t usbip_debug_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%lx\n", usbip_debug_flag);
}
static ssize_t usbip_debug_store(struct device *dev,
struct device_attribute *attr, const char *buf,
size_t count)
Reported by FlawFinder.
drivers/usb/usbip/usbip_common.h
1 issues
Line: 168
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__s32 number_of_packets;
__s32 interval;
unsigned char setup[8];
} __packed;
/**
* struct usbip_header_ret_submit - USBIP_RET_SUBMIT packet header
* @status: return status of a non-iso request
Reported by FlawFinder.
drivers/usb/usbip/vhci_hcd.c
1 issues
Line: 425
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((wValue >> 8) != USB_DT_BOS)
goto error;
memcpy(buf, &usb3_bos_desc, sizeof(usb3_bos_desc));
retval = sizeof(usb3_bos_desc);
break;
case GetHubStatus:
usbip_dbg_vhci_rh(" GetHubStatus\n");
*(__le32 *) buf = cpu_to_le32(0);
Reported by FlawFinder.
drivers/usb/usbip/vhci_tx.c
1 issues
Line: 31
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
usbip_pack_pdu(pdup, urb, USBIP_CMD_SUBMIT, 1);
if (urb->setup_packet)
memcpy(pdup->u.cmd_submit.setup, urb->setup_packet, 8);
}
static struct vhci_priv *dequeue_from_priv_tx(struct vhci_device *vdev)
{
struct vhci_priv *priv, *tmp;
Reported by FlawFinder.
drivers/usb/usbip/vudc.h
1 issues
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vep {
struct usb_ep ep;
unsigned type:2; /* type, as USB_ENDPOINT_XFER_* */
char name[8]; /* space for ep name */
const struct usb_endpoint_descriptor *desc;
struct usb_gadget *gadget;
struct list_head req_queue; /* Request queue */
unsigned halted:1;
Reported by FlawFinder.
drivers/usb/usbip/vudc_dev.c
1 issues
Line: 535
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ep = &udc->ep[i];
sprintf(ep->name, "ep%d%s", num,
i ? (is_out ? "out" : "in") : "");
ep->ep.name = ep->name;
ep->ep.ops = &vep_ops;
Reported by FlawFinder.
drivers/vdpa/vdpa_sim/vdpa_sim_blk.c
1 issues
Line: 39
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define VDPASIM_BLK_SEG_MAX 32
#define VDPASIM_BLK_VQ_NUM 1
static char vdpasim_blk_id[VIRTIO_BLK_ID_BYTES] = "vdpa_blk_sim";
static bool vdpasim_blk_check_range(u64 start_sector, size_t range_size)
{
u64 range_sectors = range_size >> SECTOR_SHIFT;
Reported by FlawFinder.
drivers/scsi/qedi/qedi.h
1 issues
Line: 171
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qed_sb_info *sb_info;
u16 sb_id;
#define QEDI_NAME_SIZE 16
char name[QEDI_NAME_SIZE];
struct qedi_ctx *qedi;
};
/* Used to pass fastpath information needed to process CQEs */
struct qedi_io_work {
Reported by FlawFinder.
drivers/scsi/qedf/qedf_attr.c
1 issues
Line: 125
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qedf_ctx *qedf = NULL;
long reading;
int ret = 0;
char msg[40];
if (off != 0)
return ret;
Reported by FlawFinder.