The following issues were found
drivers/staging/media/atomisp/pci/sh_css_internal.h
1 issues
Line: 600
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct ia_css_blob_info blob_info;
struct ia_css_binary_info binary_info;
char binary_name[SH_CSS_MAX_BINARY_NAME];
struct ia_css_isp_param_css_segments mem_initializers;
};
/* Information for a single pipeline stage */
struct sh_css_sp_stage {
Reported by FlawFinder.
drivers/staging/greybus/usb.c
1 issues
Line: 132
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (wLength) {
/* Greybus core has verified response size */
response = operation->response->payload;
memcpy(buf, response->buf, wLength);
}
out:
gb_operation_put(operation);
return ret;
Reported by FlawFinder.
drivers/staging/media/atomisp/pci/sh_css_params.c
1 issues
Line: 1128
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < shading_table->height; i++) {
for (j = 0; j < IA_CSS_SC_NUM_COLORS; j++) {
memcpy(ptr,
&shading_table->data[j]
[i * shading_table->width],
shading_table->width * sizeof(short));
ptr += aligned_width;
}
Reported by FlawFinder.
drivers/staging/media/atomisp/pci/sh_css_sp.c
1 issues
Line: 986
Column: 9
CWE codes:
126
sh_css_stage_write_binary_info((struct ia_css_binary_info *)info);
/* Make sure binary name is smaller than allowed string size */
assert(strlen(binary_name) < SH_CSS_MAX_BINARY_NAME - 1);
strscpy(sh_css_isp_stage.binary_name, binary_name, SH_CSS_MAX_BINARY_NAME);
sh_css_isp_stage.mem_initializers = *isp_mem_if;
/*
* Even when a stage does not need uds and does not params,
Reported by FlawFinder.
drivers/scsi/mvsas/mv_sas.h
1 issues
Line: 147
Column: 16
CWE codes:
120
20
int (*spi_buildcmd)(struct mvs_info *mvi,
u32 *dwCmd,
u8 cmd,
u8 read,
u8 length,
u32 addr
);
int (*spi_issuecmd)(struct mvs_info *mvi, u32 cmd);
int (*spi_waitdataready)(struct mvs_info *mvi, u32 timeout);
Reported by FlawFinder.
drivers/staging/media/av7110/av7110.h
1 issues
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* infrared remote control */
struct infrared {
struct rc_dev *rcdev;
char input_phys[32];
u32 ir_config;
};
/* place to store all the necessary device information */
struct av7110 {
Reported by FlawFinder.
drivers/staging/greybus/uart.c
1 issues
Line: 520
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newline.flow_control = 0;
if (memcmp(&gb_tty->line_coding, &newline, sizeof(newline))) {
memcpy(&gb_tty->line_coding, &newline, sizeof(newline));
send_line_coding(gb_tty);
}
}
static int gb_tty_tiocmget(struct tty_struct *tty)
Reported by FlawFinder.
drivers/staging/media/av7110/dvb_filter.h
1 issues
Line: 27
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef int (dvb_filter_pes2ts_cb_t) (void *, unsigned char *);
struct dvb_filter_pes2ts {
unsigned char buf[188];
unsigned char cc;
dvb_filter_pes2ts_cb_t *cb;
void *priv;
};
Reported by FlawFinder.
drivers/net/ethernet/toshiba/ps3_gelic_net.c
1 issues
Line: 1480
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__func__, status);
return -EINVAL;
}
memcpy(netdev->dev_addr, &v1, ETH_ALEN);
if (card->vlan_required) {
netdev->hard_header_len += VLAN_HLEN;
/*
* As vlan is internally used,
Reported by FlawFinder.
drivers/net/wan/farsync.c
1 issues
Line: 1345
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netif_trans_update(dev);
} else {
/* Or do it through dma */
memcpy(card->tx_dma_handle_host,
skb->data, skb->len);
card->dma_port_tx = port;
card->dma_len_tx = skb->len;
card->dma_txpos = port->txpos;
fst_tx_dma(card,
Reported by FlawFinder.