The following issues were found
drivers/net/ethernet/intel/ice/ice_devlink.c
1 issues
Line: 11
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* context for devlink info version reporting */
struct ice_info_ctx {
char buf[128];
struct ice_orom_info pending_orom;
struct ice_nvm_info pending_nvm;
struct ice_netlist_info pending_netlist;
struct ice_hw_dev_caps dev_caps;
};
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_stats.h
1 issues
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MLX5E_DECLARE_QOS_TX_STAT(type, fld) "qos_tx%d_"#fld, offsetof(type, fld)
struct counter_desc {
char format[ETH_GSTRING_LEN];
size_t offset; /* Byte offset */
};
enum {
MLX5E_NDO_UPDATE_STATS = BIT(0x1),
Reported by FlawFinder.
drivers/net/ethernet/freescale/enetc/enetc_vf.c
1 issues
Line: 67
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd = (struct enetc_msg_cmd_set_primary_mac *)msg.vaddr;
cmd->header.type = ENETC_MSG_CMD_MNG_MAC;
cmd->header.id = ENETC_MSG_CMD_MNG_ADD;
memcpy(&cmd->mac, saddr, sizeof(struct sockaddr));
/* send the command and wait */
err = enetc_msg_vsi_send(priv->si, &msg);
dma_free_coherent(priv->dev, msg.size, msg.vaddr, msg.dma);
Reported by FlawFinder.
drivers/net/ethernet/sfc/ef100_netdev.c
1 issues
Line: 28
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static void ef100_update_name(struct efx_nic *efx)
{
strcpy(efx->name, efx->net_dev->name);
}
static int ef100_alloc_vis(struct efx_nic *efx, unsigned int *allocated_vis)
{
/* EF100 uses a single TXQ per channel, as all checksum offloading
Reported by FlawFinder.
drivers/net/ethernet/seeq/ether3.h
1 issues
Line: 170
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct ether3_data {
const char name[8];
unsigned long base_offset;
};
#endif
Reported by FlawFinder.
drivers/net/ethernet/rocker/rocker_tlv.c
1 issues
Line: 46
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc_info->tlv_size += total_size;
tlv->type = attrtype;
tlv->len = rocker_tlv_attr_size(attrlen);
memcpy(rocker_tlv_data(tlv), data, attrlen);
memset((char *) tlv + tlv->len, 0, rocker_tlv_padlen(attrlen));
return 0;
}
Reported by FlawFinder.
drivers/net/ethernet/realtek/r8169_main.c
1 issues
Line: 1672
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
switch(stringset) {
case ETH_SS_STATS:
memcpy(data, rtl8169_gstrings, sizeof(rtl8169_gstrings));
break;
}
}
/*
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/swap.c
1 issues
Line: 55
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memcpy(virt_addr, swap_item->tlv.data, payload_len);
virt_addr += payload_len;
length = payload_len + sizeof(struct ath10k_swap_code_seg_tlv);
size_left -= length;
fw_data += length;
total_payload_len += payload_len;
Reported by FlawFinder.
drivers/net/ethernet/realtek/r8169_firmware.h
1 issues
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fw_name;
struct device *dev;
char version[RTL_VER_SIZE];
struct rtl_fw_phy_action {
__le32 *code;
size_t size;
} phy_action;
Reported by FlawFinder.
drivers/net/ethernet/realtek/r8169_firmware.c
1 issues
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fw_info {
u32 magic;
char version[RTL_VER_SIZE];
__le32 fw_start;
__le32 fw_len;
u8 chksum;
} __packed;
Reported by FlawFinder.