The following issues were found
sound/isa/sb/sb16_csp.c
8 issues
Line: 136
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p->ops.csp_qsound_transfer = snd_sb_csp_qsound_transfer;
mutex_init(&p->access_mutex);
sprintf(hw->name, "CSP v%d.%d", (version >> 4), (version & 0x0f));
hw->iface = SNDRV_HWDEP_IFACE_SB16CSP;
hw->private_data = p;
hw->private_free = snd_sb_csp_free;
/* operators - only write/ioctl */
Reported by FlawFinder.
Line: 491
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int set_codec_parameter(struct snd_sb *chip, unsigned char par, unsigned char val)
{
unsigned char dsp_cmd[3];
dsp_cmd[0] = 0x05; /* CSP set codec parameter */
dsp_cmd[1] = val; /* Parameter value */
dsp_cmd[2] = par; /* Parameter */
command_seq(chip, dsp_cmd, 3);
Reported by FlawFinder.
Line: 508
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int set_register(struct snd_sb *chip, unsigned char reg, unsigned char val)
{
unsigned char dsp_cmd[3];
dsp_cmd[0] = 0x0e; /* CSP set register */
dsp_cmd[1] = reg; /* CSP Register */
dsp_cmd[2] = val; /* value */
return command_seq(chip, dsp_cmd, 3);
Reported by FlawFinder.
Line: 522
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int read_register(struct snd_sb *chip, unsigned char reg)
{
unsigned char dsp_cmd[2];
dsp_cmd[0] = 0x0f; /* CSP read register */
dsp_cmd[1] = reg; /* CSP Register */
command_seq(chip, dsp_cmd, 2);
return snd_sbdsp_get_byte(chip); /* Read DSP value */
Reported by FlawFinder.
Line: 535
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int set_mode_register(struct snd_sb *chip, unsigned char mode)
{
unsigned char dsp_cmd[2];
dsp_cmd[0] = 0x04; /* CSP set mode register */
dsp_cmd[1] = mode; /* mode */
return command_seq(chip, dsp_cmd, 2);
}
Reported by FlawFinder.
Line: 585
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int get_version(struct snd_sb *chip)
{
unsigned char dsp_cmd[2];
dsp_cmd[0] = 0x08; /* SB_DSP_!something! */
dsp_cmd[1] = 0x03; /* get chip version id? */
command_seq(chip, dsp_cmd, 2);
Reported by FlawFinder.
Line: 1131
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int init_proc_entry(struct snd_sb_csp * p, int device)
{
char name[16];
sprintf(name, "cspD%d", device);
snd_card_ro_proc_new(p->chip->card, name, p, info_read);
return 0;
}
Reported by FlawFinder.
Line: 1133
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
char name[16];
sprintf(name, "cspD%d", device);
snd_card_ro_proc_new(p->chip->card, name, p, info_read);
return 0;
}
static void info_read(struct snd_info_entry *entry, struct snd_info_buffer *buffer)
Reported by FlawFinder.
sound/isa/sb/sb16.c
8 issues
Line: 356
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(card->driver,
#ifdef SNDRV_SBAWE_EMU8000
awe_port[dev] > 0 ? "SB AWE" :
#endif
"SB16");
strcpy(card->shortname, chip->name);
Reported by FlawFinder.
Line: 361
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
awe_port[dev] > 0 ? "SB AWE" :
#endif
"SB16");
strcpy(card->shortname, chip->name);
sprintf(card->longname, "%s at 0x%lx, irq %i, dma ",
chip->name,
chip->port,
xirq);
if (xdma8 >= 0)
Reported by FlawFinder.
Line: 362
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#endif
"SB16");
strcpy(card->shortname, chip->name);
sprintf(card->longname, "%s at 0x%lx, irq %i, dma ",
chip->name,
chip->port,
xirq);
if (xdma8 >= 0)
sprintf(card->longname + strlen(card->longname), "%d", xdma8);
Reported by FlawFinder.
Line: 369
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (xdma8 >= 0)
sprintf(card->longname + strlen(card->longname), "%d", xdma8);
if (xdma16 >= 0)
sprintf(card->longname + strlen(card->longname), "%s%d",
xdma8 >= 0 ? "&" : "", xdma16);
if (chip->mpu_port > 0 && chip->mpu_port != SNDRV_AUTO_PORT) {
err = snd_mpu401_uart_new(card, 0, MPU401_HW_SB,
chip->mpu_port,
Reported by FlawFinder.
Line: 47
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_ISAPNP; /* Enable this card */
#ifdef CONFIG_PNP
static bool isapnp[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = 1};
#endif
static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* 0x220,0x240,0x260,0x280 */
Reported by FlawFinder.
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
chip->port,
xirq);
if (xdma8 >= 0)
sprintf(card->longname + strlen(card->longname), "%d", xdma8);
if (xdma16 >= 0)
sprintf(card->longname + strlen(card->longname), "%s%d",
xdma8 >= 0 ? "&" : "", xdma16);
if (chip->mpu_port > 0 && chip->mpu_port != SNDRV_AUTO_PORT) {
Reported by FlawFinder.
Line: 367
Column: 28
CWE codes:
126
chip->port,
xirq);
if (xdma8 >= 0)
sprintf(card->longname + strlen(card->longname), "%d", xdma8);
if (xdma16 >= 0)
sprintf(card->longname + strlen(card->longname), "%s%d",
xdma8 >= 0 ? "&" : "", xdma16);
if (chip->mpu_port > 0 && chip->mpu_port != SNDRV_AUTO_PORT) {
Reported by FlawFinder.
Line: 369
Column: 28
CWE codes:
126
if (xdma8 >= 0)
sprintf(card->longname + strlen(card->longname), "%d", xdma8);
if (xdma16 >= 0)
sprintf(card->longname + strlen(card->longname), "%s%d",
xdma8 >= 0 ? "&" : "", xdma16);
if (chip->mpu_port > 0 && chip->mpu_port != SNDRV_AUTO_PORT) {
err = snd_mpu401_uart_new(card, 0, MPU401_HW_SB,
chip->mpu_port,
Reported by FlawFinder.
sound/firewire/bebob/bebob.c
8 issues
Line: 109
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto end;
strcpy(bebob->card->driver, "BeBoB");
strcpy(bebob->card->shortname, model);
strcpy(bebob->card->mixername, model);
snprintf(bebob->card->longname, sizeof(bebob->card->longname),
"%s %s (id:%d, rev:%d), GUID %08x%08x at %s, S%d",
vendor, model, hw_id, revision,
data[0], data[1], dev_name(&bebob->unit->device),
Reported by FlawFinder.
Line: 110
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(bebob->card->driver, "BeBoB");
strcpy(bebob->card->shortname, model);
strcpy(bebob->card->mixername, model);
snprintf(bebob->card->longname, sizeof(bebob->card->longname),
"%s %s (id:%d, rev:%d), GUID %08x%08x at %s, S%d",
vendor, model, hw_id, revision,
data[0], data[1], dev_name(&bebob->unit->device),
100 << fw_dev->max_speed);
Reported by FlawFinder.
Line: 21
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL v2");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "card index");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
name_device(struct snd_bebob *bebob)
{
struct fw_device *fw_dev = fw_parent_device(bebob->unit);
char vendor[24] = {0};
char model[32] = {0};
u32 hw_id;
u32 data[2] = {0};
u32 revision;
int err;
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct fw_device *fw_dev = fw_parent_device(bebob->unit);
char vendor[24] = {0};
char model[32] = {0};
u32 hw_id;
u32 data[2] = {0};
u32 revision;
int err;
Reported by FlawFinder.
Line: 108
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
goto end;
strcpy(bebob->card->driver, "BeBoB");
strcpy(bebob->card->shortname, model);
strcpy(bebob->card->mixername, model);
snprintf(bebob->card->longname, sizeof(bebob->card->longname),
"%s %s (id:%d, rev:%d), GUID %08x%08x at %s, S%d",
vendor, model, hw_id, revision,
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const struct snd_bebob_spec *
get_saffire_spec(struct fw_unit *unit)
{
char name[24] = {0};
if (fw_csr_string(unit->directory, CSR_MODEL, name, sizeof(name)) < 0)
return NULL;
if (strcmp(name, "SaffireLE") == 0)
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool
check_audiophile_booted(struct fw_unit *unit)
{
char name[28] = {0};
if (fw_csr_string(unit->directory, CSR_MODEL, name, sizeof(name)) < 0)
return false;
return strncmp(name, "FW Audiophile Bootloader", 24) != 0;
Reported by FlawFinder.
sound/drivers/vx/vx_mixer.c
8 issues
Line: 906
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct snd_card *card = chip->card;
char name[32];
strcpy(card->mixername, card->driver);
/* output level controls */
for (i = 0; i < chip->hw->num_outs; i++) {
temp = vx_control_output_level;
temp.index = i;
Reported by FlawFinder.
Line: 985
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (err < 0)
return err;
}
sprintf(name, "%s VU Meter", dir[c]);
temp = vx_control_vu_meter;
temp.index = i;
temp.name = name;
temp.private_value = val;
err = snd_ctl_add(card, snd_ctl_new1(&temp, chip));
Reported by FlawFinder.
Line: 993
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
err = snd_ctl_add(card, snd_ctl_new1(&temp, chip));
if (err < 0)
return err;
sprintf(name, "%s Peak Meter", dir[c]);
temp = vx_control_peak_meter;
temp.index = i;
temp.name = name;
temp.private_value = val;
err = snd_ctl_add(card, snd_ctl_new1(&temp, chip));
Reported by FlawFinder.
Line: 461
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int vx_audio_src_info(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_info *uinfo)
{
static const char * const texts_mic[3] = {
"Digital", "Line", "Mic"
};
static const char * const texts_vx2[2] = {
"Digital", "Analog"
};
Reported by FlawFinder.
Line: 464
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char * const texts_mic[3] = {
"Digital", "Line", "Mic"
};
static const char * const texts_vx2[2] = {
"Digital", "Analog"
};
struct vx_core *chip = snd_kcontrol_chip(kcontrol);
if (chip->type >= VX_TYPE_VXPOCKET)
Reported by FlawFinder.
Line: 517
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int vx_clock_mode_info(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[3] = {
"Auto", "Internal", "External"
};
return snd_ctl_enum_info(uinfo, 1, 3, texts);
}
Reported by FlawFinder.
Line: 904
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int err;
struct snd_kcontrol_new temp;
struct snd_card *card = chip->card;
char name[32];
strcpy(card->mixername, card->driver);
/* output level controls */
for (i = 0; i < chip->hw->num_outs; i++) {
Reported by FlawFinder.
Line: 974
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return err;
/* VU, peak, saturation meters */
for (c = 0; c < 2; c++) {
static const char * const dir[2] = { "Output", "Input" };
for (i = 0; i < chip->hw->num_ins; i++) {
int val = (i * 2) | (c << 8);
if (c == 1) {
temp = vx_control_saturation;
temp.index = i;
Reported by FlawFinder.
sound/drivers/serial-u16550.c
8 issues
Line: 948
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (err < 0)
goto _err;
sprintf(card->longname, "%s [%s] at %#lx, irq %d",
card->shortname,
adaptor_names[uart->adaptor],
uart->base,
uart->irq);
Reported by FlawFinder.
Line: 56
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define SNDRV_SERIAL_DROPBUFF 1 /* Non-blocking discard operation */
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE; /* Enable this card */
static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* 0x3f8,0x2f8,0x3e8,0x2e8 */
static int irq[SNDRV_CARDS] = SNDRV_DEFAULT_IRQ; /* 3,4,5,7,9,10,11,14,15 */
static int speed[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = 38400}; /* 9600,19200,38400,57600,115200 */
static int base[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = 115200}; /* baud base */
Reported by FlawFinder.
Line: 141
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* outputs */
int prev_out;
unsigned char prev_status[SNDRV_SERIAL_MAX_OUTS];
/* write buffer and its writing/reading position */
unsigned char tx_buff[TX_BUFF_SIZE];
int buff_in_count;
int buff_in;
Reported by FlawFinder.
Line: 144
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char prev_status[SNDRV_SERIAL_MAX_OUTS];
/* write buffer and its writing/reading position */
unsigned char tx_buff[TX_BUFF_SIZE];
int buff_in_count;
int buff_in;
int buff_out;
int drop_on_full;
Reported by FlawFinder.
Line: 856
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct snd_rawmidi_substream *substream;
list_for_each_entry(substream, &stream->substreams, list) {
sprintf(substream->name, "Serial MIDI %d", substream->number + 1);
}
}
static int snd_uart16550_rmidi(struct snd_uart16550 *uart, int device,
int outs, int ins,
Reported by FlawFinder.
Line: 875
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
&snd_uart16550_input);
snd_rawmidi_set_ops(rrawmidi, SNDRV_RAWMIDI_STREAM_OUTPUT,
&snd_uart16550_output);
strcpy(rrawmidi->name, "Serial MIDI");
snd_uart16550_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_OUTPUT]);
snd_uart16550_substreams(&rrawmidi->streams[SNDRV_RAWMIDI_STREAM_INPUT]);
rrawmidi->info_flags = SNDRV_RAWMIDI_INFO_OUTPUT |
SNDRV_RAWMIDI_INFO_INPUT |
SNDRV_RAWMIDI_INFO_DUPLEX;
Reported by FlawFinder.
Line: 935
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(card->driver, "Serial");
strcpy(card->shortname, "Serial MIDI (UART16550A)");
err = snd_uart16550_create(card, port[dev], irq[dev], speed[dev],
base[dev], adaptor[dev], droponfull[dev],
&uart);
Reported by FlawFinder.
Line: 936
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
strcpy(card->driver, "Serial");
strcpy(card->shortname, "Serial MIDI (UART16550A)");
err = snd_uart16550_create(card, port[dev], irq[dev], speed[dev],
base[dev], adaptor[dev], droponfull[dev],
&uart);
if (err < 0)
Reported by FlawFinder.
sound/drivers/mtpav.c
8 issues
Line: 608
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct snd_rawmidi_substream *substream)
{
if (substream->number >= 0 && substream->number < chip->num_ports)
sprintf(substream->name, "MTP direct %d", (substream->number % chip->num_ports) + 1);
else if (substream->number >= 8 && substream->number < chip->num_ports * 2)
sprintf(substream->name, "MTP remote %d", (substream->number % chip->num_ports) + 1);
else if (substream->number == chip->num_ports * 2)
strcpy(substream->name, "MTP computer");
else if (substream->number == chip->num_ports * 2 + 1)
Reported by FlawFinder.
Line: 610
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (substream->number >= 0 && substream->number < chip->num_ports)
sprintf(substream->name, "MTP direct %d", (substream->number % chip->num_ports) + 1);
else if (substream->number >= 8 && substream->number < chip->num_ports * 2)
sprintf(substream->name, "MTP remote %d", (substream->number % chip->num_ports) + 1);
else if (substream->number == chip->num_ports * 2)
strcpy(substream->name, "MTP computer");
else if (substream->number == chip->num_ports * 2 + 1)
strcpy(substream->name, "MTP ADAT");
else
Reported by FlawFinder.
Line: 612
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else if (substream->number >= 8 && substream->number < chip->num_ports * 2)
sprintf(substream->name, "MTP remote %d", (substream->number % chip->num_ports) + 1);
else if (substream->number == chip->num_ports * 2)
strcpy(substream->name, "MTP computer");
else if (substream->number == chip->num_ports * 2 + 1)
strcpy(substream->name, "MTP ADAT");
else
strcpy(substream->name, "MTP broadcast");
}
Reported by FlawFinder.
Line: 614
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else if (substream->number == chip->num_ports * 2)
strcpy(substream->name, "MTP computer");
else if (substream->number == chip->num_ports * 2 + 1)
strcpy(substream->name, "MTP ADAT");
else
strcpy(substream->name, "MTP broadcast");
}
static int snd_mtpav_get_RAWMIDI(struct mtpav *mcard)
Reported by FlawFinder.
Line: 616
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else if (substream->number == chip->num_ports * 2 + 1)
strcpy(substream->name, "MTP ADAT");
else
strcpy(substream->name, "MTP broadcast");
}
static int snd_mtpav_get_RAWMIDI(struct mtpav *mcard)
{
int rval;
Reported by FlawFinder.
Line: 654
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
rawmidi->info_flags |= SNDRV_RAWMIDI_INFO_OUTPUT | SNDRV_RAWMIDI_INFO_INPUT |
SNDRV_RAWMIDI_INFO_DUPLEX;
sprintf(rawmidi->name, "MTP AV MIDI");
return 0;
}
/*
*/
Reported by FlawFinder.
Line: 709
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
goto __error;
strcpy(card->driver, "MTPAV");
strcpy(card->shortname, "MTPAV on parallel port");
snprintf(card->longname, sizeof(card->longname),
"MTPAV on parallel port at 0x%lx", port);
snd_mtpav_portscan(mtp_card);
Reported by FlawFinder.
Line: 710
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto __error;
strcpy(card->driver, "MTPAV");
strcpy(card->shortname, "MTPAV on parallel port");
snprintf(card->longname, sizeof(card->longname),
"MTPAV on parallel port at 0x%lx", port);
snd_mtpav_portscan(mtp_card);
Reported by FlawFinder.
sound/usb/bcd2000/bcd2000.c
8 issues
Line: 51
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_rawmidi_substream *midi_receive_substream;
struct snd_rawmidi_substream *midi_out_substream;
unsigned char midi_in_buf[BUFSIZE];
unsigned char midi_out_buf[BUFSIZE];
struct urb *midi_out_urb;
struct urb *midi_in_urb;
Reported by FlawFinder.
Line: 52
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_rawmidi_substream *midi_out_substream;
unsigned char midi_in_buf[BUFSIZE];
unsigned char midi_out_buf[BUFSIZE];
struct urb *midi_out_urb;
struct urb *midi_in_urb;
struct usb_anchor anchor;
Reported by FlawFinder.
Line: 61
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static DEFINE_MUTEX(devices_mutex);
static DECLARE_BITMAP(devices_used, SNDRV_CARDS);
static struct usb_driver bcd2000_driver;
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
/* copy command prefix bytes */
memcpy(bcd2k->midi_out_buf, device_cmd_prefix,
sizeof(device_cmd_prefix));
/*
* get MIDI packet and leave space for command prefix
* and payload length
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
usb_anchor_urb(bcd2k->midi_in_urb, &bcd2k->anchor);
/* copy init sequence into buffer */
memcpy(bcd2k->midi_out_buf, bcd2000_init_sequence, 52);
bcd2k->midi_out_urb->transfer_buffer_length = 52;
/* submit sequence */
ret = usb_submit_urb(bcd2k->midi_out_urb, GFP_KERNEL);
if (ret < 0)
Reported by FlawFinder.
Line: 368
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_card *card;
struct bcd2000 *bcd2k;
unsigned int card_index;
char usb_path[32];
int err;
mutex_lock(&devices_mutex);
for (card_index = 0; card_index < SNDRV_CARDS; ++card_index)
Reported by FlawFinder.
Line: 397
Column: 2
CWE codes:
120
snd_card_set_dev(card, &interface->dev);
strncpy(card->driver, "snd-bcd2000", sizeof(card->driver));
strncpy(card->shortname, "BCD2000", sizeof(card->shortname));
usb_make_path(bcd2k->dev, usb_path, sizeof(usb_path));
snprintf(bcd2k->card->longname, sizeof(bcd2k->card->longname),
"Behringer BCD2000 at %s",
usb_path);
Reported by FlawFinder.
Line: 398
Column: 2
CWE codes:
120
snd_card_set_dev(card, &interface->dev);
strncpy(card->driver, "snd-bcd2000", sizeof(card->driver));
strncpy(card->shortname, "BCD2000", sizeof(card->shortname));
usb_make_path(bcd2k->dev, usb_path, sizeof(usb_path));
snprintf(bcd2k->card->longname, sizeof(bcd2k->card->longname),
"Behringer BCD2000 at %s",
usb_path);
Reported by FlawFinder.
sound/core/timer.c
8 issues
Line: 97
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int lost; /* counter of master tick lost */
unsigned int overrun; /* count of read queue overruns */
unsigned int queue; /* used queue size */
unsigned char reserved[64]; /* reserved */
};
#define SNDRV_TIMER_IOCTL_STATUS32 _IOR('T', 0x14, struct snd_timer_status32)
struct snd_timer_status64 {
Reported by FlawFinder.
Line: 109
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int lost; /* counter of master tick lost */
unsigned int overrun; /* count of read queue overruns */
unsigned int queue; /* used queue size */
unsigned char reserved[64]; /* reserved */
};
#define SNDRV_TIMER_IOCTL_STATUS64 _IOR('T', 0x14, struct snd_timer_status64)
/* list of timers */
Reported by FlawFinder.
Line: 357
Column: 54
CWE codes:
362
card_dev_to_put = &timer->card->card_dev;
}
if (list_empty(&timer->open_list_head) && timer->hw.open) {
err = timer->hw.open(timer);
if (err) {
module_put(timer->module);
goto unlock;
}
Reported by FlawFinder.
Line: 358
Column: 19
CWE codes:
362
}
if (list_empty(&timer->open_list_head) && timer->hw.open) {
err = timer->hw.open(timer);
if (err) {
module_put(timer->module);
goto unlock;
}
}
Reported by FlawFinder.
Line: 1226
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
err = snd_timer_global_new("system", SNDRV_TIMER_GLOBAL_SYSTEM, &timer);
if (err < 0)
return err;
strcpy(timer->name, "system timer");
timer->hw = snd_timer_system;
priv = kzalloc(sizeof(*priv), GFP_KERNEL);
if (priv == NULL) {
snd_timer_free(timer);
return -ENOMEM;
Reported by FlawFinder.
Line: 1359
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (tu->qused >= tu->queue_size) {
tu->overrun++;
} else {
memcpy(&tu->tqueue[tu->qtail++], tread, sizeof(*tread));
tu->qtail %= tu->queue_size;
tu->qused++;
}
}
Reported by FlawFinder.
Line: 1758
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct snd_timer_user *tu;
struct snd_timer_select tselect;
char str[32];
int err = 0;
tu = file->private_data;
if (tu->timeri) {
snd_timer_close(tu->timeri);
Reported by FlawFinder.
Line: 1771
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
err = -EFAULT;
goto __err;
}
sprintf(str, "application %i", current->pid);
if (tselect.id.dev_class != SNDRV_TIMER_CLASS_SLAVE)
tselect.id.dev_sclass = SNDRV_TIMER_SCLASS_APPLICATION;
tu->timeri = snd_timer_instance_new(str);
if (!tu->timeri) {
err = -ENOMEM;
Reported by FlawFinder.
sound/core/seq/seq_clientmgr.c
8 issues
Line: 1232
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* fill the info fields */
info->type = cptr->type;
strcpy(info->name, cptr->name);
info->filter = cptr->filter;
info->event_lost = cptr->event_lost;
memcpy(info->event_filter, cptr->event_filter, 32);
info->num_ports = cptr->num_ports;
Reported by FlawFinder.
Line: 2233
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
client->data.kernel.card = card;
va_start(args, name_fmt);
vsnprintf(client->name, sizeof(client->name), name_fmt, args);
va_end(args);
client->type = KERNEL_CLIENT;
mutex_unlock(®ister_mutex);
Reported by FlawFinder.
Line: 59
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* client table
*/
static char clienttablock[SNDRV_SEQ_MAX_CLIENTS];
static struct snd_seq_client *clienttab[SNDRV_SEQ_MAX_CLIENTS];
static struct snd_seq_usage client_usage;
/*
* prototypes
Reported by FlawFinder.
Line: 124
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spin_unlock_irqrestore(&clients_lock, flags);
#ifdef CONFIG_MODULES
if (!in_interrupt()) {
static char client_requested[SNDRV_SEQ_GLOBAL_CLIENTS];
static char card_requested[SNDRV_CARDS];
if (clientid < SNDRV_SEQ_GLOBAL_CLIENTS) {
int idx;
if (!client_requested[clientid]) {
Reported by FlawFinder.
Line: 125
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_MODULES
if (!in_interrupt()) {
static char client_requested[SNDRV_SEQ_GLOBAL_CLIENTS];
static char card_requested[SNDRV_CARDS];
if (clientid < SNDRV_SEQ_GLOBAL_CLIENTS) {
int idx;
if (!client_requested[clientid]) {
client_requested[clientid] = 1;
Reported by FlawFinder.
Line: 367
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* fill client data */
user->file = file;
sprintf(client->name, "Client-%d", c);
client->data.user.owner = get_pid(task_pid(current));
/* make others aware this new client */
snd_seq_system_client_ev_client_start(c);
Reported by FlawFinder.
Line: 1235
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
strcpy(info->name, cptr->name);
info->filter = cptr->filter;
info->event_lost = cptr->event_lost;
memcpy(info->event_filter, cptr->event_filter, 32);
info->num_ports = cptr->num_ports;
if (cptr->type == USER_CLIENT)
info->pid = pid_vnr(cptr->data.user.owner);
else
Reported by FlawFinder.
Line: 1288
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
client->filter = client_info->filter;
client->event_lost = client_info->event_lost;
memcpy(client->event_filter, client_info->event_filter, 32);
return 0;
}
Reported by FlawFinder.
sound/core/pcm_lib.c
8 issues
Line: 2041
CWE codes:
682
hwoff = frames_to_bytes(runtime, hwoff);
off = frames_to_bytes(runtime, off);
frames = frames_to_bytes(runtime, frames);
return transfer(substream, 0, hwoff, data + off, frames);
}
/* call transfer function with the converted pointers and sizes for each
* non-interleaved channel; when buffer is NULL, silencing instead of copying
*/
Reported by Cppcheck.
Line: 1714
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (width < 0)
return width;
info->offset = 0;
switch (runtime->access) {
case SNDRV_PCM_ACCESS_MMAP_INTERLEAVED:
case SNDRV_PCM_ACCESS_RW_INTERLEAVED:
info->first = info->channel * width;
info->step = runtime->channels * width;
break;
Reported by FlawFinder.
Line: 2170
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
is_playback = substream->stream == SNDRV_PCM_STREAM_PLAYBACK;
if (interleaved) {
if (runtime->access != SNDRV_PCM_ACCESS_RW_INTERLEAVED &&
runtime->channels > 1)
return -EINVAL;
writer = interleaved_copy;
} else {
if (runtime->access != SNDRV_PCM_ACCESS_RW_NONINTERLEAVED)
Reported by FlawFinder.
Line: 2175
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return -EINVAL;
writer = interleaved_copy;
} else {
if (runtime->access != SNDRV_PCM_ACCESS_RW_NONINTERLEAVED)
return -EINVAL;
writer = noninterleaved_copy;
}
if (!data) {
Reported by FlawFinder.
Line: 156
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
snd_pcm_stop(substream, SNDRV_PCM_STATE_XRUN);
if (xrun_debug(substream, XRUN_DEBUG_BASIC)) {
char name[16];
snd_pcm_debug_name(substream, name, sizeof(name));
pcm_warn(substream->pcm, "XRUN: %s\n", name);
dump_stack_on_xrun(substream);
}
}
Reported by FlawFinder.
Line: 301
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (pos >= runtime->buffer_size) {
if (printk_ratelimit()) {
char name[16];
snd_pcm_debug_name(substream, name, sizeof(name));
pcm_err(substream->pcm,
"invalid position: %s, pos = %ld, buffer size = %ld, period size = %ld\n",
name, pos, runtime->buffer_size,
runtime->period_size);
Reported by FlawFinder.
Line: 1980
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int channel, unsigned long hwoff,
void *buf, unsigned long bytes)
{
memcpy(get_dma_ptr(substream->runtime, channel, hwoff), buf, bytes);
return 0;
}
/* fill silence instead of copy data; called as a transfer helper
* from __snd_pcm_lib_write() or directly from noninterleaved_copy() when
Reported by FlawFinder.
Line: 2022
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int channel, unsigned long hwoff,
void *buf, unsigned long bytes)
{
memcpy(buf, get_dma_ptr(substream->runtime, channel, hwoff), bytes);
return 0;
}
/* call transfer function with the converted pointers and sizes;
* for interleaved mode, it's one shot for all samples
Reported by FlawFinder.