The following issues were found
sound/soc/sof/ipc.c
8 issues
Line: 242
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ipc_log_header(sdev->dev, "ipc tx succeeded", hdr->cmd);
if (msg->reply_size)
/* copy the data returned from DSP */
memcpy(reply_data, msg->reply_data,
msg->reply_size);
}
}
return ret;
Reported by FlawFinder.
Line: 278
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* attach any data */
if (msg_bytes)
memcpy(msg->msg_data, msg_data, msg_bytes);
sdev->msg = msg;
ret = snd_sof_dsp_send_msg(sdev, msg);
/* Next reply that we receive will be related to this message */
Reported by FlawFinder.
Line: 472
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_vdbg(sdev->dev, "posn : host 0x%llx dai 0x%llx wall 0x%llx\n",
posn.host_posn, posn.dai_posn, posn.wallclock);
memcpy(&stream->posn, &posn, sizeof(posn));
/* only inform ALSA for period_wakeup mode */
if (!stream->substream->runtime->no_period_wakeup)
snd_sof_pcm_period_elapsed(stream->substream);
}
Reported by FlawFinder.
Line: 503
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if defined(CONFIG_SND_SOC_SOF_DEBUG_XRUN_STOP)
/* stop PCM on XRUN - used for pipeline debug */
memcpy(&stream->posn, &posn, sizeof(posn));
snd_pcm_stop_xrun(stream->substream);
#endif
}
/* stream notifications from DSP FW */
Reported by FlawFinder.
Line: 622
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pl_size = sparams->pl_size;
/* copy the header data */
memcpy(partdata, cdata, sparams->hdr_bytes);
/* Serialise IPC TX */
mutex_lock(&sdev->ipc->tx_mutex);
/* copy the payload data in a loop */
Reported by FlawFinder.
Line: 637
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
partdata->elems_remaining = msg_bytes;
if (send)
memcpy(sparams->dst, sparams->src + offset, send_bytes);
err = sof_ipc_tx_message_unlocked(sdev->ipc,
partdata->rhdr.hdr.cmd,
partdata,
partdata->rhdr.hdr.size,
Reported by FlawFinder.
Line: 649
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
if (!send)
memcpy(sparams->dst + offset, sparams->src, send_bytes);
offset += pl_size;
}
mutex_unlock(&sdev->ipc->tx_mutex);
Reported by FlawFinder.
Line: 826
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* copy the fw_version into debugfs at first boot */
memcpy(&sdev->fw_version, v, sizeof(*v));
return 0;
}
EXPORT_SYMBOL(snd_sof_ipc_valid);
Reported by FlawFinder.
tools/usb/usbip/src/usbipd.c
8 issues
Line: 672
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
remove_pid_file();
break;
case cmd_version:
printf(PROGNAME " (%s)\n", usbip_version_string);
rc = 0;
break;
case cmd_help:
usbipd_help();
rc = 0;
Reported by FlawFinder.
Line: 623
Column: 9
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
cmd = cmd_standalone_mode;
driver = &host_driver;
for (;;) {
opt = getopt_long(argc, argv, "46DdeP::t:hv", longopts, NULL);
if (opt == -1)
break;
switch (opt) {
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int connfd;
struct sockaddr_storage ss;
socklen_t len = sizeof(ss);
char host[NI_MAXHOST], port[NI_MAXSERV];
int rc;
memset(&ss, 0, sizeof(ss));
connfd = accept(listenfd, (struct sockaddr *)&ss, &len);
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void addrinfo_to_text(struct addrinfo *ai, char buf[],
const size_t buf_size)
{
char hbuf[NI_MAXHOST];
char sbuf[NI_MAXSERV];
int rc;
buf[0] = '\0';
Reported by FlawFinder.
Line: 364
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const size_t buf_size)
{
char hbuf[NI_MAXHOST];
char sbuf[NI_MAXSERV];
int rc;
buf[0] = '\0';
rc = getnameinfo(ai->ai_addr, ai->ai_addrlen, hbuf, sizeof(hbuf),
Reported by FlawFinder.
Line: 383
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct addrinfo *ai;
int ret, nsockfd = 0;
const size_t ai_buf_size = NI_MAXHOST + NI_MAXSERV + 2;
char ai_buf[ai_buf_size];
for (ai = ai_head; ai && nsockfd < maxsockfd; ai = ai->ai_next) {
int sock;
addrinfo_to_text(ai, ai_buf, ai_buf_size);
Reported by FlawFinder.
Line: 472
Column: 8
CWE codes:
362
dbg("creating pid file %s", pid_file);
FILE *fp;
fp = fopen(pid_file, "w");
if (!fp) {
err("pid_file: %s: %d (%s)",
pid_file, errno, strerror(errno));
return;
}
Reported by FlawFinder.
Line: 510
Column: 3
CWE codes:
732
usbip_driver_close(driver);
return -1;
}
umask(0);
usbip_use_syslog = 1;
}
set_signal();
write_pid_file();
Reported by FlawFinder.
tools/usb/testusb.c
8 issues
Line: 344
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
static char udev_usb_path[] = "/dev/bus/usb";
if (access(udev_usb_path, F_OK) == 0)
return udev_usb_path;
return NULL;
}
Reported by FlawFinder.
Line: 391
Column: 11
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
param.sglen = 32;
/* for easy use when hotplugging */
device = getenv ("DEVICE");
while ((c = getopt (argc, argv, "D:aA:c:g:hlns:t:v:")) != EOF)
switch (c) {
case 'D': /* device, if only one */
device = optarg;
Reported by FlawFinder.
Line: 393
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
/* for easy use when hotplugging */
device = getenv ("DEVICE");
while ((c = getopt (argc, argv, "D:aA:c:g:hlns:t:v:")) != EOF)
switch (c) {
case 'D': /* device, if only one */
device = optarg;
continue;
case 'A': /* use all devices with specified USB dir */
Reported by FlawFinder.
Line: 131
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int testdev_ffs_ifnum(FILE *fd)
{
union {
char buf[255];
struct usb_interface_descriptor intf;
} u;
for (;;) {
if (fread(u.buf, 1, 1, fd) != 1)
Reported by FlawFinder.
Line: 244
Column: 7
CWE codes:
362
if (flag != FTW_F)
return 0;
fd = fopen(name, "rb");
if (!fd) {
perror(name);
return 0;
}
Reported by FlawFinder.
Line: 297
Column: 12
CWE codes:
362
int fd, i;
int status;
if ((fd = open (dev->name, O_RDWR)) < 0) {
perror ("can't open dev file r/w");
return 0;
}
restart:
Reported by FlawFinder.
Line: 317
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* NOTE: each thread emits complete lines; no fragments! */
if (status < 0) {
char buf [80];
int err = errno;
if (strerror_r (errno, buf, sizeof buf)) {
snprintf (buf, sizeof buf, "error %d", err);
errno = err;
Reported by FlawFinder.
Line: 424
Column: 10
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
goto usage;
continue;
case 't': /* run just one test */
test = atoi (optarg);
if (test < 0)
goto usage;
continue;
case 'v': /* vary packet size by ... */
if (parse_num(¶m.vary, optarg))
Reported by FlawFinder.
tools/usb/usbip/libsrc/usbip_common.h
8 issues
Line: 69
Column: 4
CWE codes:
134
Suggestion:
Use a constant format string for syslog
#define err(fmt, args...) \
do { \
if (usbip_use_syslog) { \
syslog(LOG_ERR, pr_fmt(fmt), "error", ##args); \
} \
if (usbip_use_stderr) { \
fprintf(stderr, pr_fmt(fmt), "error", ##args); \
} \
} while (0)
Reported by FlawFinder.
Line: 72
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
syslog(LOG_ERR, pr_fmt(fmt), "error", ##args); \
} \
if (usbip_use_stderr) { \
fprintf(stderr, pr_fmt(fmt), "error", ##args); \
} \
} while (0)
#define info(fmt, args...) \
do { \
Reported by FlawFinder.
Line: 79
Column: 4
CWE codes:
134
Suggestion:
Use a constant format string for syslog
#define info(fmt, args...) \
do { \
if (usbip_use_syslog) { \
syslog(LOG_INFO, pr_fmt(fmt), "info", ##args); \
} \
if (usbip_use_stderr) { \
fprintf(stderr, pr_fmt(fmt), "info", ##args); \
} \
} while (0)
Reported by FlawFinder.
Line: 82
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
syslog(LOG_INFO, pr_fmt(fmt), "info", ##args); \
} \
if (usbip_use_stderr) { \
fprintf(stderr, pr_fmt(fmt), "info", ##args); \
} \
} while (0)
#define dbg(fmt, args...) \
do { \
Reported by FlawFinder.
Line: 90
Column: 4
CWE codes:
134
Suggestion:
Use a constant format string for syslog
do { \
if (usbip_use_debug) { \
if (usbip_use_syslog) { \
syslog(LOG_DEBUG, dbg_fmt(fmt), ##args); \
} \
if (usbip_use_stderr) { \
fprintf(stderr, dbg_fmt(fmt), ##args); \
} \
} \
Reported by FlawFinder.
Line: 93
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
syslog(LOG_DEBUG, dbg_fmt(fmt), ##args); \
} \
if (usbip_use_stderr) { \
fprintf(stderr, dbg_fmt(fmt), ##args); \
} \
} \
} while (0)
#define BUG() \
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __attribute__((packed));
struct usbip_usb_device {
char path[SYSFS_PATH_MAX];
char busid[SYSFS_BUS_ID_SIZE];
uint32_t busnum;
uint32_t devnum;
uint32_t speed;
Reported by FlawFinder.
Line: 113
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usbip_usb_device {
char path[SYSFS_PATH_MAX];
char busid[SYSFS_BUS_ID_SIZE];
uint32_t busnum;
uint32_t devnum;
uint32_t speed;
Reported by FlawFinder.
tools/usb/usbip/src/usbip_attach.c
8 issues
Line: 61
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return -1;
}
snprintf(path, PATH_MAX, VHCI_STATE_PATH"/port%d", rhport);
fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU);
if (fd < 0)
return -1;
Reported by FlawFinder.
Line: 215
Column: 9
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int ret = -1;
for (;;) {
opt = getopt_long(argc, argv, "d:r:b:", opts, NULL);
if (opt == -1)
break;
switch (opt) {
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int record_connection(char *host, char *port, char *busid, int rhport)
{
int fd;
char path[PATH_MAX+1];
char buff[MAX_BUFF+1];
int ret;
ret = mkdir(VHCI_STATE_PATH, 0700);
if (ret < 0) {
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int fd;
char path[PATH_MAX+1];
char buff[MAX_BUFF+1];
int ret;
ret = mkdir(VHCI_STATE_PATH, 0700);
if (ret < 0) {
/* if VHCI_STATE_PATH exists, then it better be a directory */
Reported by FlawFinder.
Line: 63
Column: 7
CWE codes:
362
snprintf(path, PATH_MAX, VHCI_STATE_PATH"/port%d", rhport);
fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU);
if (fd < 0)
return -1;
snprintf(buff, MAX_BUFF, "%s %s %s\n",
host, port, busid);
Reported by FlawFinder.
Line: 70
Column: 24
CWE codes:
126
snprintf(buff, MAX_BUFF, "%s %s %s\n",
host, port, busid);
ret = write(fd, buff, strlen(buff));
if (ret != (ssize_t) strlen(buff)) {
close(fd);
return -1;
}
Reported by FlawFinder.
Line: 71
Column: 23
CWE codes:
126
host, port, busid);
ret = write(fd, buff, strlen(buff));
if (ret != (ssize_t) strlen(buff)) {
close(fd);
return -1;
}
close(fd);
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
120
return -1;
}
strncpy(request.busid, busid, SYSFS_BUS_ID_SIZE-1);
PACK_OP_IMPORT_REQUEST(0, &request);
rc = usbip_net_send(sockfd, (void *) &request, sizeof(request));
if (rc < 0) {
Reported by FlawFinder.
tools/usb/usbip/libsrc/usbip_host_common.c
8 issues
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int32_t read_attr_usbip_status(struct usbip_usb_device *udev)
{
char status_attr_path[SYSFS_PATH_MAX];
int size;
int fd;
int length;
char status[2] = { 0 };
int value = 0;
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int size;
int fd;
int length;
char status[2] = { 0 };
int value = 0;
size = snprintf(status_attr_path, sizeof(status_attr_path),
"%s/usbip_status", udev->path);
if (size < 0 || (unsigned int)size >= sizeof(status_attr_path)) {
Reported by FlawFinder.
Line: 46
Column: 7
CWE codes:
362
}
fd = open(status_attr_path, O_RDONLY);
if (fd < 0) {
err("error opening attribute %s", status_attr_path);
return -1;
}
Reported by FlawFinder.
Line: 59
Column: 10
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return -1;
}
value = atoi(status);
close(fd);
return value;
}
static
Reported by FlawFinder.
Line: 215
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int usbip_export_device(struct usbip_exported_device *edev, int sockfd)
{
char attr_name[] = "usbip_sockfd";
char sockfd_attr_path[SYSFS_PATH_MAX];
int size;
char sockfd_buff[30];
int ret;
if (edev->status != SDEV_ST_AVAILABLE) {
Reported by FlawFinder.
Line: 217
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char attr_name[] = "usbip_sockfd";
char sockfd_attr_path[SYSFS_PATH_MAX];
int size;
char sockfd_buff[30];
int ret;
if (edev->status != SDEV_ST_AVAILABLE) {
dbg("device not available: %s", edev->udev.busid);
switch (edev->status) {
Reported by FlawFinder.
Line: 255
Column: 9
CWE codes:
126
}
ret = write_sysfs_attribute(sockfd_attr_path, sockfd_buff,
strlen(sockfd_buff));
if (ret < 0) {
err("write_sysfs_attribute failed: sockfd %s to %s",
sockfd_buff, sockfd_attr_path);
return ret;
}
Reported by FlawFinder.
tools/usb/ffs-test.c
8 issues
Line: 81
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(stderr, "%s: %s ", argv0, levels[level]);
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
if (fmt[strlen(fmt) - 1] != '\n') {
char buffer[128];
strerror_r(_errno, buffer, sizeof buffer);
Reported by FlawFinder.
Line: 67
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
level = 7;
if (level <= verbosity) {
static const char levels[8][6] = {
[2] = "crit:",
[3] = "err: ",
[4] = "warn:",
[5] = "note:",
[6] = "info:",
Reported by FlawFinder.
Line: 85
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
va_end(ap);
if (fmt[strlen(fmt) - 1] != '\n') {
char buffer[128];
strerror_r(_errno, buffer, sizeof buffer);
fprintf(stderr, ": (-%d) %s\n", _errno, buffer);
}
fflush(stderr);
Reported by FlawFinder.
Line: 300
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out->header.length = cpu_to_le32(length);
out->header.fs_count = cpu_to_le32(fs_count);
out->header.hs_count = cpu_to_le32(hs_count);
memcpy(out->descriptors, descs_start, descs_end - descs_start);
*legacy = out;
}
return length;
}
Reported by FlawFinder.
Line: 314
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usb_functionfs_strings_head header;
struct {
__le16 code;
const char str1[sizeof STR_INTERFACE_];
} __attribute__((packed)) lang0;
} __attribute__((packed)) strings = {
.header = {
.magic = cpu_to_le32(FUNCTIONFS_STRINGS_MAGIC),
.length = cpu_to_le32(sizeof strings),
Reported by FlawFinder.
Line: 384
Column: 10
CWE codes:
362
t->buf = malloc(t->buf_size);
die_on(!t->buf, "malloc");
t->fd = open(t->filename, O_RDWR);
die_on(t->fd < 0, "%s", t->filename);
}
static void cleanup_thread(void *arg)
{
Reported by FlawFinder.
Line: 84
Column: 11
CWE codes:
126
vfprintf(stderr, fmt, ap);
va_end(ap);
if (fmt[strlen(fmt) - 1] != '\n') {
char buffer[128];
strerror_r(_errno, buffer, sizeof buffer);
fprintf(stderr, ": (-%d) %s\n", _errno, buffer);
}
Reported by FlawFinder.
Line: 485
Column: 9
CWE codes:
120
20
static ssize_t read_wrap(struct thread *t, void *buf, size_t nbytes)
{
return read(t->fd, buf, nbytes);
}
static ssize_t write_wrap(struct thread *t, const void *buf, size_t nbytes)
{
return write(t->fd, buf, nbytes);
Reported by FlawFinder.
drivers/net/ethernet/sfc/ef100_nic.c
8 issues
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_addr_t dma_addr;
u8 *pdu = ef100_mcdi_buf(efx, 0, &dma_addr);
memcpy(pdu, hdr, hdr_len);
memcpy(pdu + hdr_len, sdu, sdu_len);
wmb();
/* The hardware provides 'low' and 'high' (doorbell) registers
* for passing the 64-bit address of an MCDI request to
Reported by FlawFinder.
Line: 69
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *pdu = ef100_mcdi_buf(efx, 0, &dma_addr);
memcpy(pdu, hdr, hdr_len);
memcpy(pdu + hdr_len, sdu, sdu_len);
wmb();
/* The hardware provides 'low' and 'high' (doorbell) registers
* for passing the 64-bit address of an MCDI request to
* firmware. However the dwords are swapped by firmware. The
Reported by FlawFinder.
Line: 97
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
const u8 *pdu = ef100_mcdi_buf(efx, 0, NULL);
memcpy(outbuf, pdu + offset, outlen);
}
static int ef100_mcdi_poll_reboot(struct efx_nic *efx)
{
struct ef100_nic_data *nic_data = efx->nic_data;
Reported by FlawFinder.
Line: 630
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EOPNOTSUPP;
ppid->id_len = ETH_ALEN;
memcpy(ppid->id, nic_data->port_id, ppid->id_len);
return 0;
}
static int efx_ef100_irq_test_generate(struct efx_nic *efx)
Reported by FlawFinder.
Line: 664
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* MCDI_SET_QWORD is not appropriate here since EFX_POPULATE_* has
* already swapped the data to little-endian order.
*/
memcpy(MCDI_PTR(inbuf, DRIVER_EVENT_IN_DATA), &event.u64[0],
sizeof(efx_qword_t));
rc = efx_mcdi_rpc(efx, MC_CMD_DRIVER_EVENT, inbuf, sizeof(inbuf),
NULL, 0, NULL);
if (rc && (rc != -ENETDOWN))
Reported by FlawFinder.
Line: 1103
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int bar_size = resource_size(&efx->pci_dev->resource[efx->mem_bar]);
struct net_device *net_dev = efx->net_dev;
struct ef100_nic_data *nic_data;
char fw_version[32];
int i, rc;
if (WARN_ON(bar_size == 0))
return -EIO;
Reported by FlawFinder.
Line: 1253
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
goto fail;
/* Assign MAC address */
memcpy(net_dev->dev_addr, net_dev->perm_addr, ETH_ALEN);
memcpy(nic_data->port_id, net_dev->perm_addr, ETH_ALEN);
return 0;
fail:
Reported by FlawFinder.
Line: 1254
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
/* Assign MAC address */
memcpy(net_dev->dev_addr, net_dev->perm_addr, ETH_ALEN);
memcpy(nic_data->port_id, net_dev->perm_addr, ETH_ALEN);
return 0;
fail:
return rc;
Reported by FlawFinder.
drivers/net/ethernet/ti/netcp_ethss.c
8 issues
Line: 696
Column: 10
CWE codes:
362
int slave_num; /* 0 based logical number */
int port_num; /* actual port number */
atomic_t link_state;
bool open;
struct phy_device *phy;
u32 link_interface;
u32 mac_control;
u8 phy_port_t;
struct device_node *node;
Reported by FlawFinder.
Line: 774
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Statistic management */
struct netcp_ethtool_stat {
char desc[ETH_GSTRING_LEN];
int type;
u32 size;
int offset;
};
Reported by FlawFinder.
Line: 1783
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < gbe_dev->num_et_stats; i++) {
memcpy(data, gbe_dev->et_stats[i].desc,
ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
break;
case ETH_SS_TEST:
Reported by FlawFinder.
Line: 2098
Column: 22
CWE codes:
362
ALE_PORT_STATE,
ALE_PORT_STATE_FORWARD);
if (ndev && slave->open &&
((slave->link_interface != SGMII_LINK_MAC_PHY) &&
(slave->link_interface != RGMII_LINK_MAC_PHY) &&
(slave->link_interface != XGMII_LINK_MAC_PHY)))
netif_carrier_on(ndev);
} else {
Reported by FlawFinder.
Line: 2142
Column: 14
CWE codes:
362
bool sw_link_state = true, phy_link_state;
int sp = slave->slave_num, link_state;
if (!slave->open)
return;
if (SLAVE_LINK_IS_RGMII(slave))
netcp_2u_rgmii_get_port_link(gbe_dev,
&sw_link_state);
Reported by FlawFinder.
Line: 2851
Column: 25
CWE codes:
362
/* Check & update SGMII link state of interfaces */
for_each_intf(gbe_intf, gbe_dev) {
if (!gbe_intf->slave->open)
continue;
netcp_ethss_update_link_state(gbe_dev, gbe_intf->slave,
gbe_intf->ndev);
}
Reported by FlawFinder.
Line: 1738
Column: 2
CWE codes:
120
static void keystone_get_drvinfo(struct net_device *ndev,
struct ethtool_drvinfo *info)
{
strncpy(info->driver, NETCP_DRIVER_NAME, sizeof(info->driver));
strncpy(info->version, NETCP_DRIVER_VERSION, sizeof(info->version));
}
static u32 keystone_get_msglevel(struct net_device *ndev)
{
Reported by FlawFinder.
Line: 1739
Column: 2
CWE codes:
120
struct ethtool_drvinfo *info)
{
strncpy(info->driver, NETCP_DRIVER_NAME, sizeof(info->driver));
strncpy(info->version, NETCP_DRIVER_VERSION, sizeof(info->version));
}
static u32 keystone_get_msglevel(struct net_device *ndev)
{
struct netcp_intf *netcp = netdev_priv(ndev);
Reported by FlawFinder.
drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c
8 issues
Line: 237
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
case HWTSTAMP_FILTER_PTP_V2_L4_EVENT:
adapter->hwts_rx_en = 1;
pch_ch_control_write(pdev, V2_MODE | CAP_MODE2);
strcpy(station, PTP_L4_MULTICAST_SA);
pch_set_station_address(station, pdev);
break;
case HWTSTAMP_FILTER_PTP_V2_L2_EVENT:
adapter->hwts_rx_en = 1;
pch_ch_control_write(pdev, V2_MODE | CAP_MODE2);
Reported by FlawFinder.
Line: 243
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
case HWTSTAMP_FILTER_PTP_V2_L2_EVENT:
adapter->hwts_rx_en = 1;
pch_ch_control_write(pdev, V2_MODE | CAP_MODE2);
strcpy(station, PTP_L2_MULTICAST_SA);
pch_set_station_address(station, pdev);
break;
default:
return -ERANGE;
}
Reported by FlawFinder.
Line: 1141
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp_skb = buffer_info->skb;
/* [Header:14][payload] ---> [Header:14][paddong:2][payload] */
memcpy(tmp_skb->data, skb->data, ETH_HLEN);
tmp_skb->data[ETH_HLEN] = 0x00;
tmp_skb->data[ETH_HLEN + 1] = 0x00;
tmp_skb->len = skb->len;
memcpy(&tmp_skb->data[ETH_HLEN + 2], &skb->data[ETH_HLEN],
(skb->len - ETH_HLEN));
Reported by FlawFinder.
Line: 1145
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp_skb->data[ETH_HLEN] = 0x00;
tmp_skb->data[ETH_HLEN + 1] = 0x00;
tmp_skb->len = skb->len;
memcpy(&tmp_skb->data[ETH_HLEN + 2], &skb->data[ETH_HLEN],
(skb->len - ETH_HLEN));
/*-- Set Buffer information --*/
buffer_info->length = tmp_skb->len;
buffer_info->dma = dma_map_single(&adapter->pdev->dev, tmp_skb->data,
buffer_info->length,
Reported by FlawFinder.
Line: 1663
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* buffer_info->rx_buffer: [Header:14][payload]
* skb->data: [Reserve:2][Header:14][payload]
*/
memcpy(skb->data, buffer_info->rx_buffer, length);
/* update status of driver */
adapter->stats.rx_bytes += length;
adapter->stats.rx_packets++;
if ((gbec_status & PCH_GBE_RXD_GMAC_STAT_MARMLT))
Reported by FlawFinder.
Line: 2146
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(skaddr->sa_data)) {
ret_val = -EADDRNOTAVAIL;
} else {
memcpy(netdev->dev_addr, skaddr->sa_data, netdev->addr_len);
memcpy(adapter->hw.mac.addr, skaddr->sa_data, netdev->addr_len);
pch_gbe_mac_mar_set(&adapter->hw, adapter->hw.mac.addr, 0);
ret_val = 0;
}
netdev_dbg(netdev, "ret_val : 0x%08x\n", ret_val);
Reported by FlawFinder.
Line: 2147
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret_val = -EADDRNOTAVAIL;
} else {
memcpy(netdev->dev_addr, skaddr->sa_data, netdev->addr_len);
memcpy(adapter->hw.mac.addr, skaddr->sa_data, netdev->addr_len);
pch_gbe_mac_mar_set(&adapter->hw, adapter->hw.mac.addr, 0);
ret_val = 0;
}
netdev_dbg(netdev, "ret_val : 0x%08x\n", ret_val);
netdev_dbg(netdev, "dev_addr : %pM\n", netdev->dev_addr);
Reported by FlawFinder.
Line: 2564
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_free_adapter;
}
memcpy(netdev->dev_addr, adapter->hw.mac.addr, netdev->addr_len);
if (!is_valid_ether_addr(netdev->dev_addr)) {
/*
* If the MAC is invalid (or just missing), display a warning
* but do not abort setting up the device. pch_gbe_up will
* prevent the interface from being brought up until a valid MAC
Reported by FlawFinder.