The following issues were found
net/sunrpc/auth_gss/gss_krb5_crypto.c
8 issues
Line: 77
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (iv)
memcpy(local_iv, iv, crypto_sync_skcipher_ivsize(tfm));
memcpy(out, in, length);
sg_init_one(sg, out, length);
skcipher_request_set_sync_tfm(req, tfm);
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (iv)
memcpy(local_iv, iv, crypto_sync_skcipher_ivsize(tfm));
memcpy(out, in, length);
sg_init_one(sg, out, length);
skcipher_request_set_sync_tfm(req, tfm);
skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, sg, sg, length, local_iv);
Reported by FlawFinder.
Line: 115
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
if (iv)
memcpy(local_iv, iv, crypto_sync_skcipher_ivsize(tfm));
memcpy(out, in, length);
sg_init_one(sg, out, length);
skcipher_request_set_sync_tfm(req, tfm);
Reported by FlawFinder.
Line: 117
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (iv)
memcpy(local_iv, iv, crypto_sync_skcipher_ivsize(tfm));
memcpy(out, in, length);
sg_init_one(sg, out, length);
skcipher_request_set_sync_tfm(req, tfm);
skcipher_request_set_callback(req, 0, NULL, NULL);
skcipher_request_set_crypt(req, sg, sg, length, local_iv);
Reported by FlawFinder.
Line: 210
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
checksumdata, checksumlen);
if (err)
goto out;
memcpy(cksumout->data,
checksumdata + checksumlen - kctx->gk5e->cksumlength,
kctx->gk5e->cksumlength);
break;
case CKSUMTYPE_HMAC_SHA1_DES3:
memcpy(cksumout->data, checksumdata, kctx->gk5e->cksumlength);
Reported by FlawFinder.
Line: 215
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kctx->gk5e->cksumlength);
break;
case CKSUMTYPE_HMAC_SHA1_DES3:
memcpy(cksumout->data, checksumdata, kctx->gk5e->cksumlength);
break;
default:
BUG();
break;
}
Reported by FlawFinder.
Line: 303
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CKSUMTYPE_HMAC_SHA1_96_AES128:
case CKSUMTYPE_HMAC_SHA1_96_AES256:
/* note that this truncates the hash */
memcpy(cksumout->data, checksumdata, kctx->gk5e->cksumlength);
break;
default:
BUG();
break;
}
Reported by FlawFinder.
Line: 644
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy plaintext gss token header after filler (if any) */
memcpy(ecptr, buf->head[0].iov_base + offset, GSS_KRB5_TOK_HDR_LEN);
buf->tail[0].iov_len += GSS_KRB5_TOK_HDR_LEN;
buf->len += GSS_KRB5_TOK_HDR_LEN;
/* Do the HMAC */
hmac.len = GSS_KRB5_MAX_CKSUM_LEN;
Reported by FlawFinder.
sound/pci/pcxhr/pcxhr.c
8 issues
Line: 1153
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->info_flags = 0;
pcm->nonatomic = true;
strcpy(pcm->name, name);
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV,
&chip->mgr->pci->dev,
32*1024, 32*1024);
chip->pcm = pcm;
Reported by FlawFinder.
Line: 1609
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
}
strcpy(card->driver, DRIVER_NAME);
snprintf(card->shortname, sizeof(card->shortname),
"Digigram [PCM #%d]", i);
snprintf(card->longname, sizeof(card->longname),
"%s [PCM #%d]", mgr->name, i);
Reported by FlawFinder.
Line: 40
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;/* Enable this card */
static bool mono[SNDRV_CARDS]; /* capture mono only */
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for Digigram " DRIVER_NAME " soundcard");
Reported by FlawFinder.
Line: 1134
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int err;
struct snd_pcm *pcm;
char name[32];
snprintf(name, sizeof(name), "pcxhr %d", chip->chip_idx);
err = snd_pcm_new(chip->card, name, 0,
chip->nb_streams_play,
chip->nb_streams_capt, &pcm);
Reported by FlawFinder.
Line: 1294
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct snd_pcxhr *chip = entry->private_data;
struct pcxhr_mgr *mgr = chip->mgr;
static const char *textsHR22[3] = {
"Internal", "AES Sync", "AES 1"
};
static const char *textsPCXHR[7] = {
"Internal", "Word", "AES Sync",
"AES 1", "AES 2", "AES 3", "AES 4"
Reported by FlawFinder.
Line: 1297
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *textsHR22[3] = {
"Internal", "AES Sync", "AES 1"
};
static const char *textsPCXHR[7] = {
"Internal", "Word", "AES Sync",
"AES 1", "AES 2", "AES 3", "AES 4"
};
const char **texts;
int max_clock;
Reported by FlawFinder.
Line: 1353
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct snd_pcxhr *chip = entry->private_data;
struct pcxhr_mgr *mgr = chip->mgr;
char line[64];
int value;
/* commands available when embedded DSP is running */
if (!(mgr->dsp_loaded & (1 << PCXHR_FIRMWARE_DSP_MAIN_INDEX)))
return;
while (!snd_info_get_line(buffer, line, sizeof(line))) {
Reported by FlawFinder.
Line: 1586
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i=0; i < PCXHR_MAX_CARDS; i++) {
struct snd_card *card;
char tmpid[16];
int idx;
if (i >= max(mgr->playback_chips, mgr->capture_chips))
break;
mgr->num_cards++;
Reported by FlawFinder.
net/sunrpc/svc_xprt.c
8 issues
Line: 135
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (slen >= sizeof(tmpstr) || len + slen >= maxlen)
break;
len += slen;
strcat(buf, tmpstr);
}
spin_unlock(&svc_xprt_class_lock);
return len;
}
Reported by FlawFinder.
Line: 122
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int svc_print_xprts(char *buf, int maxlen)
{
struct svc_xprt_class *xcl;
char tmpstr[80];
int len = 0;
buf[0] = '\0';
spin_lock(&svc_xprt_class_lock);
list_for_each_entry(xcl, &svc_xprt_class_list, xcl_list) {
Reported by FlawFinder.
Line: 201
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
spin_lock_init(&xprt->xpt_lock);
set_bit(XPT_BUSY, &xprt->xpt_flags);
xprt->xpt_net = get_net(net);
strcpy(xprt->xpt_remotebuf, "uninitialized");
}
EXPORT_SYMBOL_GPL(svc_xprt_init);
static struct svc_xprt *__svc_xpo_create(struct svc_xprt_class *xcl,
struct svc_serv *serv,
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
void svc_xprt_copy_addrs(struct svc_rqst *rqstp, struct svc_xprt *xprt)
{
memcpy(&rqstp->rq_addr, &xprt->xpt_remote, xprt->xpt_remotelen);
rqstp->rq_addrlen = xprt->xpt_remotelen;
/*
* Destination address in request is needed for binding the
* source address in RPC replies/callbacks later.
Reported by FlawFinder.
Line: 353
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Destination address in request is needed for binding the
* source address in RPC replies/callbacks later.
*/
memcpy(&rqstp->rq_daddr, &xprt->xpt_local, xprt->xpt_locallen);
rqstp->rq_daddrlen = xprt->xpt_locallen;
}
EXPORT_SYMBOL_GPL(svc_xprt_copy_addrs);
/**
Reported by FlawFinder.
Line: 1206
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dr->handle.owner = rqstp->rq_server;
dr->prot = rqstp->rq_prot;
memcpy(&dr->addr, &rqstp->rq_addr, rqstp->rq_addrlen);
dr->addrlen = rqstp->rq_addrlen;
dr->daddr = rqstp->rq_daddr;
dr->argslen = rqstp->rq_arg.len >> 2;
dr->xprt_hlen = rqstp->rq_xprt_hlen;
Reported by FlawFinder.
Line: 1214
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* back up head to the start of the buffer and copy */
skip = rqstp->rq_arg.len - rqstp->rq_arg.head[0].iov_len;
memcpy(dr->args, rqstp->rq_arg.head[0].iov_base - skip,
dr->argslen << 2);
}
trace_svc_defer(rqstp);
svc_xprt_get(rqstp->rq_xprt);
dr->xprt = rqstp->rq_xprt;
Reported by FlawFinder.
Line: 1243
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* The rq_arg.len includes the transport header bytes */
rqstp->rq_arg.len = dr->argslen<<2;
rqstp->rq_prot = dr->prot;
memcpy(&rqstp->rq_addr, &dr->addr, dr->addrlen);
rqstp->rq_addrlen = dr->addrlen;
/* Save off transport header len in case we get deferred again */
rqstp->rq_xprt_hlen = dr->xprt_hlen;
rqstp->rq_daddr = dr->daddr;
rqstp->rq_respages = rqstp->rq_pages;
Reported by FlawFinder.
sound/pci/hda/hda_sysfs.c
8 issues
Line: 67
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf) \
{ \
struct hda_codec *codec = dev_get_drvdata(dev); \
return sprintf(buf, "%s\n", \
codec->field ? codec->field : ""); \
}
CODEC_INFO_SHOW(vendor_id, core.vendor_id);
CODEC_INFO_SHOW(subsystem_id, core.subsystem_id);
Reported by FlawFinder.
Line: 36
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct hda_codec *codec = dev_get_drvdata(dev);
snd_hda_update_power_acct(codec);
return sprintf(buf, "%u\n", jiffies_to_msecs(codec->power_on_acct));
}
static ssize_t power_off_acct_show(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 45
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct hda_codec *codec = dev_get_drvdata(dev);
snd_hda_update_power_acct(codec);
return sprintf(buf, "%u\n", jiffies_to_msecs(codec->power_off_acct));
}
static DEVICE_ATTR_RO(power_on_acct);
static DEVICE_ATTR_RO(power_off_acct);
#endif /* CONFIG_PM */
Reported by FlawFinder.
Line: 58
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf) \
{ \
struct hda_codec *codec = dev_get_drvdata(dev); \
return sprintf(buf, "0x%x\n", codec->field); \
}
#define CODEC_INFO_STR_SHOW(type, field) \
static ssize_t type##_show(struct device *dev, \
struct device_attribute *attr, \
Reported by FlawFinder.
Line: 88
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i, len = 0;
mutex_lock(&codec->user_mutex);
snd_array_for_each(list, i, pin) {
len += sprintf(buf + len, "0x%02x 0x%08x\n",
pin->nid, pin->cfg);
}
mutex_unlock(&codec->user_mutex);
return len;
}
Reported by FlawFinder.
Line: 717
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
int snd_hda_load_patch(struct hda_bus *bus, size_t fw_size, const void *fw_buf)
{
char buf[128];
struct hda_codec *codec;
int line_mode;
line_mode = LINE_MODE_NONE;
codec = NULL;
Reported by FlawFinder.
Line: 299
Column: 12
CWE codes:
126
char *p;
if (!*str)
return;
p = str + strlen(str) - 1;
for (; isspace(*p); p--) {
*p = 0;
if (p == str)
return;
}
Reported by FlawFinder.
Line: 534
Column: 27
CWE codes:
126
static inline int strmatch(const char *a, const char *b)
{
return strncasecmp(a, b, strlen(b)) == 0;
}
/* parse the contents after the line "[codec]"
* accept only the line with three numbers, and assign the current codec
*/
Reported by FlawFinder.
sound/pci/fm801.c
8 issues
Line: 1282
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
chip->tea.radio_nr = radio_nr;
chip->tea.private_data = chip;
chip->tea.ops = &snd_fm801_tea_ops;
sprintf(chip->tea.bus_info, "PCI:%s", pci_name(pci));
if ((chip->tea575x_tuner & TUNER_TYPE_MASK) > 0 &&
(chip->tea575x_tuner & TUNER_TYPE_MASK) < 4) {
if (snd_tea575x_init(&chip->tea, THIS_MODULE)) {
dev_err(card->dev, "TEA575x radio not found\n");
snd_fm801_free(chip);
Reported by FlawFinder.
Line: 1349
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcpy(card->driver, "FM801");
strcpy(card->shortname, "ForteMedia FM801-");
strcat(card->shortname, chip->multichannel ? "AU" : "AS");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, chip->port, chip->irq);
if (chip->tea575x_tuner & TUNER_ONLY)
goto __fm801_tuner_only;
Reported by FlawFinder.
Line: 1350
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "FM801");
strcpy(card->shortname, "ForteMedia FM801-");
strcat(card->shortname, chip->multichannel ? "AU" : "AS");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, chip->port, chip->irq);
if (chip->tea575x_tuner & TUNER_ONLY)
goto __fm801_tuner_only;
Reported by FlawFinder.
Line: 31
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
/*
* Enable TEA575x tuner
* 1 = MediaForte 256-PCS
* 2 = MediaForte 256-PCP
Reported by FlawFinder.
Line: 731
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->private_data = chip;
pcm->info_flags = 0;
strcpy(pcm->name, "FM801");
chip->pcm = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV, &pdev->dev,
chip->multichannel ? 128*1024 : 64*1024, 128*1024);
Reported by FlawFinder.
Line: 965
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_fm801_info_mux(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[5] = {
"AC97 Primary", "FM", "I2S", "PCM", "AC97 Secondary"
};
return snd_ctl_enum_info(uinfo, 1, 5, texts);
}
Reported by FlawFinder.
Line: 1347
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
card->private_data = chip;
strcpy(card->driver, "FM801");
strcpy(card->shortname, "ForteMedia FM801-");
strcat(card->shortname, chip->multichannel ? "AU" : "AS");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, chip->port, chip->irq);
Reported by FlawFinder.
Line: 1348
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
card->private_data = chip;
strcpy(card->driver, "FM801");
strcpy(card->shortname, "ForteMedia FM801-");
strcat(card->shortname, chip->multichannel ? "AU" : "AS");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, chip->port, chip->irq);
if (chip->tea575x_tuner & TUNER_ONLY)
Reported by FlawFinder.
net/tipc/node.c
8 issues
Line: 460
Column: 48
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
continue;
if (memcmp(n->peer_id, tn_peer->node_id, NODE_ID_LEN))
continue;
hash_chk = tipc_net_hash_mixes(tmp, tn_peer->random);
if (hash_mixes ^ hash_chk)
continue;
n->peer_net = tmp;
n->peer_hash_mix = hash_mixes;
break;
Reported by FlawFinder.
Line: 1104
Column: 25
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
{
struct tipc_node *n;
addr ^= tipc_net(net)->random;
while ((n = tipc_node_find(net, addr))) {
tipc_node_put(n);
addr++;
}
return addr;
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 signature;
u32 link_id;
u8 peer_id[16];
char peer_id_string[NODE_ID_STR_LEN];
struct list_head publ_list;
struct list_head conn_sks;
unsigned long keepalive_intv;
struct timer_list timer;
struct rcu_head rcu;
Reported by FlawFinder.
Line: 241
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return true;
if (addr == tipc_own_addr(net)) {
memcpy(id, own_id, TIPC_NODEID_LEN);
return true;
}
n = tipc_node_find(net, addr);
if (!n)
return false;
Reported by FlawFinder.
Line: 248
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!n)
return false;
memcpy(id, &n->peer_id, TIPC_NODEID_LEN);
tipc_node_put(n);
return true;
}
u16 tipc_node_get_capabilities(struct net *net, u32 addr)
Reported by FlawFinder.
Line: 545
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif
n->addr = addr;
n->preliminary = preliminary;
memcpy(&n->peer_id, peer_id, 16);
n->net = net;
n->peer_net = NULL;
n->peer_hash_mix = 0;
/* Assign kernel local namespace if exists */
tipc_node_assign_peer_net(n, hash_mixes);
Reported by FlawFinder.
Line: 1299
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tipc_node_get(n);
}
}
memcpy(&le->maddr, maddr, sizeof(*maddr));
exit:
tipc_node_write_unlock(n);
if (reset && l && !tipc_link_is_reset(l))
tipc_node_link_down(n, b->identity, false);
tipc_node_put(n);
Reported by FlawFinder.
Line: 1578
Column: 3
CWE codes:
120
tipc_node_read_lock(node);
link = node->links[bearer_id].link;
if (link) {
strncpy(linkname, tipc_link_name(link), len);
err = 0;
}
tipc_node_read_unlock(node);
exit:
tipc_node_put(node);
Reported by FlawFinder.
sound/pci/ca0106/ca0106_mixer.c
8 issues
Line: 704
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
struct snd_ctl_elem_id id;
memset(&id, 0, sizeof(id));
strcpy(id.name, name);
id.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
return snd_ctl_remove_id(card, &id);
}
static struct snd_kcontrol *ctl_find(struct snd_card *card, const char *name)
Reported by FlawFinder.
Line: 714
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct snd_ctl_elem_id sid;
memset(&sid, 0, sizeof(sid));
/* FIXME: strcpy is bad. */
strcpy(sid.name, name);
sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
return snd_ctl_find_id(card, &sid);
}
static int rename_ctl(struct snd_card *card, const char *src, const char *dst)
Reported by FlawFinder.
Line: 723
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
struct snd_kcontrol *kctl = ctl_find(card, src);
if (kctl) {
strcpy(kctl->id.name, dst);
return 0;
}
return -ENOENT;
}
Reported by FlawFinder.
Line: 174
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_ca0106_capture_source_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[6] = {
"IEC958 out", "i2s mixer out", "IEC958 in", "i2s in", "AC97 in", "SRC out"
};
return snd_ctl_enum_info(uinfo, 1, 6, texts);
}
Reported by FlawFinder.
Line: 211
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_ca0106_i2c_capture_source_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[4] = {
"Phone", "Mic", "Line in", "Aux"
};
return snd_ctl_enum_info(uinfo, 1, 4, texts);
}
Reported by FlawFinder.
Line: 250
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_ca0106_capture_line_in_side_out_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[2] = { "Side out", "Line in" };
return snd_ctl_enum_info(uinfo, 1, 2, texts);
}
static int snd_ca0106_capture_mic_line_in_info(struct snd_kcontrol *kcontrol,
Reported by FlawFinder.
Line: 258
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_ca0106_capture_mic_line_in_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[2] = { "Line in", "Mic in" };
return snd_ctl_enum_info(uinfo, 1, 2, texts);
}
static int snd_ca0106_capture_mic_line_in_get(struct snd_kcontrol *kcontrol,
Reported by FlawFinder.
Line: 868
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
add_followers(card, vmaster, follower_sws);
}
strcpy(card->mixername, "CA0106");
return 0;
}
#ifdef CONFIG_PM_SLEEP
struct ca0106_vol_tbl {
Reported by FlawFinder.
sound/pci/azt3328.c
8 issues
Line: 2109
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->private_data = chip;
pcm->info_flags = 0;
strcpy(pcm->name, chip->card->shortname);
/* same pcm object for playback/capture (see snd_pcm_new() above) */
chip->pcm[AZF_CODEC_PLAYBACK] = pcm;
chip->pcm[AZF_CODEC_CAPTURE] = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV, &chip->pci->dev,
Reported by FlawFinder.
Line: 2126
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->private_data = chip;
pcm->info_flags = 0;
strcpy(pcm->name, chip->card->shortname);
chip->pcm[AZF_CODEC_I2S_OUT] = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV, &chip->pci->dev,
64*1024, 64*1024);
Reported by FlawFinder.
Line: 2545
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
opl3->private_data = chip;
}
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, chip->ctrl_io, chip->irq);
err = snd_card_register(card);
if (err < 0)
goto out_err;
Reported by FlawFinder.
Line: 230
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for AZF3328 soundcard.");
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
module_param_array(id, charp, NULL, 0444);
MODULE_PARM_DESC(id, "ID string for AZF3328 soundcard.");
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
module_param_array(enable, bool, NULL, 0444);
Reported by FlawFinder.
Line: 1202
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
}
snd_component_add(card, "AZF3328 mixer");
strcpy(card->mixername, "AZF3328 mixer");
return 0;
}
#endif /* AZF_USE_AC97_LAYER */
Reported by FlawFinder.
Line: 2231
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
goto out;
strcpy(timer->name, "AZF3328 timer");
timer->private_data = chip;
timer->hw = snd_azf3328_timer_hw;
chip->timer = timer;
Reported by FlawFinder.
Line: 2497
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
goto out;
strcpy(card->driver, "AZF3328");
strcpy(card->shortname, "Aztech AZF3328 (PCI168)");
err = snd_azf3328_create(card, pci, pci_id->driver_data, &chip);
if (err < 0)
goto out_err;
Reported by FlawFinder.
Line: 2498
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto out;
strcpy(card->driver, "AZF3328");
strcpy(card->shortname, "Aztech AZF3328 (PCI168)");
err = snd_azf3328_create(card, pci, pci_id->driver_data, &chip);
if (err < 0)
goto out_err;
Reported by FlawFinder.
sound/pci/aw2/aw2-alsa.c
8 issues
Line: 346
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "aw2");
strcpy(card->shortname, "Audiowerk2");
sprintf(card->longname, "%s with SAA7146 irq %i",
card->shortname, chip->irq);
/* (5) Create other components */
snd_aw2_new_pcm(chip);
Reported by FlawFinder.
Line: 137
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* VARIABLES
********************************/
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for Audiowerk2 soundcard.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 343
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* init spinlock */
spin_lock_init(&chip->reg_lock);
/* (4) Define driver ID and name string */
strcpy(card->driver, "aw2");
strcpy(card->shortname, "Audiowerk2");
sprintf(card->longname, "%s with SAA7146 irq %i",
card->shortname, chip->irq);
Reported by FlawFinder.
Line: 344
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
spin_lock_init(&chip->reg_lock);
/* (4) Define driver ID and name string */
strcpy(card->driver, "aw2");
strcpy(card->shortname, "Audiowerk2");
sprintf(card->longname, "%s with SAA7146 irq %i",
card->shortname, chip->irq);
/* (5) Create other components */
Reported by FlawFinder.
Line: 575
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm_device = &chip->device_playback[NUM_STREAM_PLAYBACK_ANA];
/* Set PCM device name */
strcpy(pcm_playback_ana->name, "Analog playback");
/* Associate private data to PCM device */
pcm_playback_ana->private_data = pcm_device;
/* set operators of PCM device */
snd_pcm_set_ops(pcm_playback_ana, SNDRV_PCM_STREAM_PLAYBACK,
&snd_aw2_playback_ops);
Reported by FlawFinder.
Line: 607
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm_device = &chip->device_playback[NUM_STREAM_PLAYBACK_DIG];
/* Set PCM device name */
strcpy(pcm_playback_num->name, "Digital playback");
/* Associate private data to PCM device */
pcm_playback_num->private_data = pcm_device;
/* set operators of PCM device */
snd_pcm_set_ops(pcm_playback_num, SNDRV_PCM_STREAM_PLAYBACK,
&snd_aw2_playback_ops);
Reported by FlawFinder.
Line: 640
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm_device = &chip->device_capture[NUM_STREAM_CAPTURE_ANA];
/* Set PCM device name */
strcpy(pcm_capture->name, "Capture");
/* Associate private data to PCM device */
pcm_capture->private_data = pcm_device;
/* set operators of PCM device */
snd_pcm_set_ops(pcm_capture, SNDRV_PCM_STREAM_CAPTURE,
&snd_aw2_capture_ops);
Reported by FlawFinder.
Line: 674
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_aw2_control_switch_capture_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[2] = {
"Analog", "Digital"
};
return snd_ctl_enum_info(uinfo, 1, 2, texts);
}
Reported by FlawFinder.
net/wireless/lib80211_crypt_ccmp.c
8 issues
Line: 126
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Nonce: QC | A2 | PN */
iv[1] = qc;
memcpy(iv + 2, hdr->addr2, ETH_ALEN);
memcpy(iv + 8, pn, CCMP_PN_LEN);
/* AAD:
* FC with bits 4..6 and 11..13 masked to zero; 14 is always one
* A1 | A2 | A3
Reported by FlawFinder.
Line: 127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Nonce: QC | A2 | PN */
iv[1] = qc;
memcpy(iv + 2, hdr->addr2, ETH_ALEN);
memcpy(iv + 8, pn, CCMP_PN_LEN);
/* AAD:
* FC with bits 4..6 and 11..13 masked to zero; 14 is always one
* A1 | A2 | A3
* SC with bits 4..15 (seq#) masked to zero
Reported by FlawFinder.
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos = (u8 *) hdr;
aad[0] = pos[0] & 0x8f;
aad[1] = pos[1] & 0xc7;
memcpy(aad + 2, hdr->addr1, 3 * ETH_ALEN);
pos = (u8 *) & hdr->seq_ctrl;
aad[20] = pos[0] & 0x0f;
aad[21] = 0; /* all bits masked */
memset(aad + 22, 0, 8);
if (a4_included)
Reported by FlawFinder.
Line: 145
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aad[21] = 0; /* all bits masked */
memset(aad + 22, 0, 8);
if (a4_included)
memcpy(aad + 22, hdr->addr4, ETH_ALEN);
if (qc_included) {
aad[a4_included ? 28 : 22] = qc;
/* rest of QC masked */
}
return aad_len;
Reported by FlawFinder.
Line: 164
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
if (aeskey != NULL && keylen >= CCMP_TK_LEN)
memcpy(aeskey, key->key, CCMP_TK_LEN);
pos = skb_push(skb, CCMP_HDR_LEN);
memmove(pos, pos + CCMP_HDR_LEN, hdr_len);
pos += hdr_len;
Reported by FlawFinder.
Line: 337
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -5;
}
memcpy(key->rx_pn, pn, CCMP_PN_LEN);
/* Remove hdr and MIC */
memmove(skb->data + CCMP_HDR_LEN, skb->data, hdr_len);
skb_pull(skb, CCMP_HDR_LEN);
skb_trim(skb, skb->len - CCMP_MIC_LEN);
Reported by FlawFinder.
Line: 358
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data->key_idx = keyidx;
data->tfm = tfm;
if (len == CCMP_TK_LEN) {
memcpy(data->key, key, CCMP_TK_LEN);
data->key_set = 1;
if (seq) {
data->rx_pn[0] = seq[5];
data->rx_pn[1] = seq[4];
data->rx_pn[2] = seq[3];
Reported by FlawFinder.
Line: 388
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!data->key_set)
return 0;
memcpy(key, data->key, CCMP_TK_LEN);
if (seq) {
seq[0] = data->tx_pn[5];
seq[1] = data->tx_pn[4];
seq[2] = data->tx_pn[3];
Reported by FlawFinder.