The following issues were found
drivers/net/ethernet/mellanox/mlx5/core/cmd.c
8 issues
Line: 1187
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlx5_core_dev *dev = filp->private_data;
struct mlx5_cmd_debug *dbg = &dev->cmd.dbg;
char lbuf[3];
int err;
if (!dbg->in_msg || !dbg->out_msg)
return -ENOMEM;
Reported by FlawFinder.
Line: 1226
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
copy = min_t(int, size, sizeof(to->first.data));
memcpy(to->first.data, from, copy);
size -= copy;
from += copy;
next = to->next;
while (size) {
Reported by FlawFinder.
Line: 1239
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy = min_t(int, size, MLX5_CMD_DATA_BLOCK_SIZE);
block = next->buf;
memcpy(block->data, from, copy);
from += copy;
size -= copy;
block->token = token;
next = next->next;
}
Reported by FlawFinder.
Line: 1259
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
copy = min_t(int, size, sizeof(from->first.data));
memcpy(to, from->first.data, copy);
size -= copy;
to += copy;
next = from->next;
while (size) {
Reported by FlawFinder.
Line: 1273
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy = min_t(int, size, MLX5_CMD_DATA_BLOCK_SIZE);
block = next->buf;
memcpy(to, block->data, copy);
to += copy;
size -= copy;
next = next->next;
}
Reported by FlawFinder.
Line: 1420
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlx5_core_dev *dev = filp->private_data;
struct mlx5_cmd_debug *dbg = &dev->cmd.dbg;
char outlen[8];
int err;
err = snprintf(outlen, sizeof(outlen), "%d", dbg->outlen);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 1435
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlx5_core_dev *dev = filp->private_data;
struct mlx5_cmd_debug *dbg = &dev->cmd.dbg;
char outlen_str[8] = {0};
int outlen;
void *ptr;
int err;
if (*pos != 0 || count > 6)
Reported by FlawFinder.
Line: 1626
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
sem = &cmd->sem;
ent->ts2 = ktime_get_ns();
memcpy(ent->out->first.data, ent->lay->out, sizeof(ent->lay->out));
dump_command(dev, ent, 0);
if (!ent->ret) {
if (!cmd->checksum_disabled)
ent->ret = verify_signature(ent);
else
Reported by FlawFinder.
drivers/net/ethernet/sfc/ef10.c
8 issues
Line: 379
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct efx_nic *efx = dev_get_drvdata(dev);
return sprintf(buf, "%d\n",
((efx->mcdi->fn_flags) &
(1 << MC_CMD_DRV_ATTACH_EXT_OUT_FLAG_LINKCTRL))
? 1 : 0);
}
Reported by FlawFinder.
Line: 391
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct efx_nic *efx = dev_get_drvdata(dev);
return sprintf(buf, "%d\n",
((efx->mcdi->fn_flags) &
(1 << MC_CMD_DRV_ATTACH_EXT_OUT_FLAG_PRIMARY))
? 1 : 0);
}
Reported by FlawFinder.
Line: 2035
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct efx_ef10_nic_data *nic_data = efx->nic_data;
u8 *pdu = nic_data->mcdi_buf.addr;
memcpy(pdu, hdr, hdr_len);
memcpy(pdu + hdr_len, sdu, sdu_len);
wmb();
/* The hardware provides 'low' and 'high' (doorbell) registers
* for passing the 64-bit address of an MCDI request to
Reported by FlawFinder.
Line: 2036
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *pdu = nic_data->mcdi_buf.addr;
memcpy(pdu, hdr, hdr_len);
memcpy(pdu + hdr_len, sdu, sdu_len);
wmb();
/* The hardware provides 'low' and 'high' (doorbell) registers
* for passing the 64-bit address of an MCDI request to
* firmware. However the dwords are swapped by firmware. The
Reported by FlawFinder.
Line: 2067
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct efx_ef10_nic_data *nic_data = efx->nic_data;
const u8 *pdu = nic_data->mcdi_buf.addr;
memcpy(outbuf, pdu + offset, outlen);
}
static void efx_ef10_mcdi_reboot_detected(struct efx_nic *efx)
{
struct efx_ef10_nic_data *nic_data = efx->nic_data;
Reported by FlawFinder.
Line: 2610
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* MCDI_SET_QWORD is not appropriate here since EFX_POPULATE_* has
* already swapped the data to little-endian order.
*/
memcpy(MCDI_PTR(inbuf, DRIVER_EVENT_IN_DATA), &event.u64[0],
sizeof(efx_qword_t));
efx_mcdi_rpc_async(channel->efx, MC_CMD_DRIVER_EVENT,
inbuf, sizeof(inbuf), 0,
efx_ef10_rx_defer_refill_complete, 0);
Reported by FlawFinder.
Line: 3179
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* MCDI_SET_QWORD is not appropriate here since EFX_POPULATE_* has
* already swapped the data to little-endian order.
*/
memcpy(MCDI_PTR(inbuf, DRIVER_EVENT_IN_DATA), &event.u64[0],
sizeof(efx_qword_t));
rc = efx_mcdi_rpc(efx, MC_CMD_DRIVER_EVENT, inbuf, sizeof(inbuf),
NULL, 0, NULL);
if (rc != 0)
Reported by FlawFinder.
Line: 3729
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EOPNOTSUPP;
ppid->id_len = ETH_ALEN;
memcpy(ppid->id, nic_data->port_id, ppid->id_len);
return 0;
}
static int efx_ef10_vlan_rx_add_vid(struct efx_nic *efx, __be16 proto, u16 vid)
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.c
8 issues
Line: 419
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pbuf->skb = NULL;
pbuf->frag_count = 0;
memcpy(&tx_ring->desc_head[producer],
cmd_desc, sizeof(struct cmd_desc_type0));
producer = get_next_index(producer, tx_ring->num_desc);
i++;
Reported by FlawFinder.
Line: 452
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mac_req = (struct qlcnic_mac_req *)&req.words[0];
mac_req->op = op;
memcpy(mac_req->mac_addr, addr, ETH_ALEN);
vlan_req = (struct qlcnic_vlan_req *)&req.words[1];
vlan_req->vlan_id = cpu_to_le16(vlan_id);
return qlcnic_send_cmd_descs(adapter, (struct cmd_desc_type0 *)&req, 1);
Reported by FlawFinder.
Line: 496
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cur == NULL)
return -ENOMEM;
memcpy(cur->mac_addr, addr, ETH_ALEN);
if (qlcnic_sre_macaddr_change(adapter,
cur->mac_addr, vlan, QLCNIC_MAC_ADD)) {
kfree(cur);
return -EIO;
Reported by FlawFinder.
Line: 762
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(adapter->ahw->phys_port_id, mac, ETH_ALEN);
adapter->flags |= QLCNIC_HAS_PHYS_PORT_ID;
return 0;
}
Reported by FlawFinder.
Line: 1611
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ADDR_IN_RANGE(offset, QLCNIC_PCI_CAMQM, QLCNIC_PCI_CAMQM_END)) {
qlcnic_pci_camqm_read_2M(adapter, offset, &qmdata);
memcpy(buf, &qmdata, size);
} else {
data = QLCRD32(adapter, offset, &err);
memcpy(buf, &data, size);
}
}
Reported by FlawFinder.
Line: 1614
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(buf, &qmdata, size);
} else {
data = QLCRD32(adapter, offset, &err);
memcpy(buf, &data, size);
}
}
void qlcnic_82xx_write_crb(struct qlcnic_adapter *adapter, char *buf,
loff_t offset, size_t size)
Reported by FlawFinder.
Line: 1625
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u64 qmdata;
if (ADDR_IN_RANGE(offset, QLCNIC_PCI_CAMQM, QLCNIC_PCI_CAMQM_END)) {
memcpy(&qmdata, buf, size);
qlcnic_pci_camqm_write_2M(adapter, offset, qmdata);
} else {
memcpy(&data, buf, size);
QLCWR32(adapter, offset, data);
}
Reported by FlawFinder.
Line: 1628
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&qmdata, buf, size);
qlcnic_pci_camqm_write_2M(adapter, offset, qmdata);
} else {
memcpy(&data, buf, size);
QLCWR32(adapter, offset, data);
}
}
int qlcnic_82xx_api_lock(struct qlcnic_adapter *adapter)
Reported by FlawFinder.
drivers/net/ethernet/sfc/ethtool_common.c
8 issues
Line: 270
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Fill string, if applicable */
if (strings) {
if (strchr(unit_format, '%'))
snprintf(unit_str, sizeof(unit_str),
unit_format, unit_id);
else
strcpy(unit_str, unit_format);
snprintf(test_str, sizeof(test_str), test_format, test_id);
snprintf(strings + test_index * ETH_GSTRING_LEN,
Reported by FlawFinder.
Line: 273
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snprintf(unit_str, sizeof(unit_str),
unit_format, unit_id);
else
strcpy(unit_str, unit_format);
snprintf(test_str, sizeof(test_str), test_format, test_id);
snprintf(strings + test_index * ETH_GSTRING_LEN,
ETH_GSTRING_LEN,
"%-6s %-24s", unit_str, test_str);
}
Reported by FlawFinder.
Line: 274
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
unit_format, unit_id);
else
strcpy(unit_str, unit_format);
snprintf(test_str, sizeof(test_str), test_format, test_id);
snprintf(strings + test_index * ETH_GSTRING_LEN,
ETH_GSTRING_LEN,
"%-6s %-24s", unit_str, test_str);
}
}
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int *test, const char *unit_format, int unit_id,
const char *test_format, const char *test_id)
{
char unit_str[ETH_GSTRING_LEN], test_str[ETH_GSTRING_LEN];
/* Fill data value, if applicable */
if (data)
data[test_index] = *test;
Reported by FlawFinder.
Line: 1184
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hfunc)
*hfunc = ETH_RSS_HASH_TOP;
if (indir)
memcpy(indir, efx->rss_context.rx_indir_table,
sizeof(efx->rss_context.rx_indir_table));
if (key)
memcpy(key, efx->rss_context.rx_hash_key,
efx->type->rx_hash_key_size);
return 0;
Reported by FlawFinder.
Line: 1187
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(indir, efx->rss_context.rx_indir_table,
sizeof(efx->rss_context.rx_indir_table));
if (key)
memcpy(key, efx->rss_context.rx_hash_key,
efx->type->rx_hash_key_size);
return 0;
}
int efx_ethtool_set_rxfh(struct net_device *net_dev, const u32 *indir,
Reported by FlawFinder.
Line: 1234
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hfunc)
*hfunc = ETH_RSS_HASH_TOP;
if (indir)
memcpy(indir, ctx->rx_indir_table, sizeof(ctx->rx_indir_table));
if (key)
memcpy(key, ctx->rx_hash_key, efx->type->rx_hash_key_size);
out_unlock:
mutex_unlock(&efx->rss_lock);
return rc;
Reported by FlawFinder.
Line: 1236
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (indir)
memcpy(indir, ctx->rx_indir_table, sizeof(ctx->rx_indir_table));
if (key)
memcpy(key, ctx->rx_hash_key, efx->type->rx_hash_key_size);
out_unlock:
mutex_unlock(&efx->rss_lock);
return rc;
}
Reported by FlawFinder.
drivers/net/ethernet/stmicro/stmmac/stmmac.h
8 issues
Line: 264
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rx_irq[MTL_MAX_RX_QUEUES];
int tx_irq[MTL_MAX_TX_QUEUES];
/*irq name */
char int_name_mac[IFNAMSIZ + 9];
char int_name_wol[IFNAMSIZ + 9];
char int_name_lpi[IFNAMSIZ + 9];
char int_name_sfty_ce[IFNAMSIZ + 10];
char int_name_sfty_ue[IFNAMSIZ + 10];
char int_name_rx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 14];
Reported by FlawFinder.
Line: 265
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int tx_irq[MTL_MAX_TX_QUEUES];
/*irq name */
char int_name_mac[IFNAMSIZ + 9];
char int_name_wol[IFNAMSIZ + 9];
char int_name_lpi[IFNAMSIZ + 9];
char int_name_sfty_ce[IFNAMSIZ + 10];
char int_name_sfty_ue[IFNAMSIZ + 10];
char int_name_rx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 14];
char int_name_tx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 18];
Reported by FlawFinder.
Line: 266
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*irq name */
char int_name_mac[IFNAMSIZ + 9];
char int_name_wol[IFNAMSIZ + 9];
char int_name_lpi[IFNAMSIZ + 9];
char int_name_sfty_ce[IFNAMSIZ + 10];
char int_name_sfty_ue[IFNAMSIZ + 10];
char int_name_rx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 14];
char int_name_tx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 18];
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char int_name_mac[IFNAMSIZ + 9];
char int_name_wol[IFNAMSIZ + 9];
char int_name_lpi[IFNAMSIZ + 9];
char int_name_sfty_ce[IFNAMSIZ + 10];
char int_name_sfty_ue[IFNAMSIZ + 10];
char int_name_rx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 14];
char int_name_tx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 18];
#ifdef CONFIG_DEBUG_FS
Reported by FlawFinder.
Line: 268
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char int_name_wol[IFNAMSIZ + 9];
char int_name_lpi[IFNAMSIZ + 9];
char int_name_sfty_ce[IFNAMSIZ + 10];
char int_name_sfty_ue[IFNAMSIZ + 10];
char int_name_rx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 14];
char int_name_tx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 18];
#ifdef CONFIG_DEBUG_FS
struct dentry *dbgfs_dir;
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char int_name_lpi[IFNAMSIZ + 9];
char int_name_sfty_ce[IFNAMSIZ + 10];
char int_name_sfty_ue[IFNAMSIZ + 10];
char int_name_rx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 14];
char int_name_tx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 18];
#ifdef CONFIG_DEBUG_FS
struct dentry *dbgfs_dir;
#endif
Reported by FlawFinder.
Line: 270
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char int_name_sfty_ce[IFNAMSIZ + 10];
char int_name_sfty_ue[IFNAMSIZ + 10];
char int_name_rx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 14];
char int_name_tx_irq[MTL_MAX_TX_QUEUES][IFNAMSIZ + 18];
#ifdef CONFIG_DEBUG_FS
struct dentry *dbgfs_dir;
#endif
Reported by FlawFinder.
Line: 284
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long fpe_task_state;
struct workqueue_struct *fpe_wq;
struct work_struct fpe_task;
char wq_name[IFNAMSIZ + 4];
/* TC Handling */
unsigned int tc_entries_max;
unsigned int tc_off_max;
struct stmmac_tc_entry *tc_entries;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx4/port.c
8 issues
Line: 138
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (IS_ERR(mailbox))
return PTR_ERR(mailbox);
memcpy(mailbox->buf, entries, MLX4_MAC_TABLE_SIZE);
in_mod = MLX4_SET_PORT_MAC_TABLE << 8 | port;
err = mlx4_cmd(dev, mailbox->dma, in_mod, MLX4_SET_PORT_ETH_OPCODE,
MLX4_CMD_SET_PORT, MLX4_CMD_TIME_CLASS_B,
Reported by FlawFinder.
Line: 547
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (IS_ERR(mailbox))
return PTR_ERR(mailbox);
memcpy(mailbox->buf, entries, MLX4_VLAN_TABLE_SIZE);
in_mod = MLX4_SET_PORT_VLAN_TABLE << 8 | port;
err = mlx4_cmd(dev, mailbox->dma, in_mod, MLX4_SET_PORT_ETH_OPCODE,
MLX4_CMD_SET_PORT, MLX4_CMD_TIME_CLASS_B,
MLX4_CMD_NATIVE);
Reported by FlawFinder.
Line: 1185
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock(&(priv->port[port].gid_table.mutex));
/* Zero-out gids belonging to that slave in the port GID table */
for (i = 0, offset = base; i < num_gids; offset++, i++)
memcpy(priv->port[port].gid_table.roce_gids[offset].raw,
zgid_entry.raw, MLX4_ROCE_GID_ENTRY_SIZE);
/* Now, copy roce port gids table to mailbox for passing to FW */
gid_entry_mbox = (struct mlx4_roce_gid_entry *)mailbox->buf;
for (i = 0; i < MLX4_ROCE_MAX_GIDS; gid_entry_mbox++, i++)
Reported by FlawFinder.
Line: 1191
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Now, copy roce port gids table to mailbox for passing to FW */
gid_entry_mbox = (struct mlx4_roce_gid_entry *)mailbox->buf;
for (i = 0; i < MLX4_ROCE_MAX_GIDS; gid_entry_mbox++, i++)
memcpy(gid_entry_mbox->raw,
priv->port[port].gid_table.roce_gids[i].raw,
MLX4_ROCE_GID_ENTRY_SIZE);
err = mlx4_cmd(dev, mailbox->dma,
((u32)port) | (MLX4_SET_PORT_GID_TABLE << 8),
Reported by FlawFinder.
Line: 1459
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* insert slave GIDs with memcpy, starting at slave's base index */
gid_entry_mbox = (struct mlx4_roce_gid_entry *)(inbox->buf);
for (i = 0, offset = base; i < num_gids; gid_entry_mbox++, offset++, i++)
memcpy(priv->port[port].gid_table.roce_gids[offset].raw,
gid_entry_mbox->raw, MLX4_ROCE_GID_ENTRY_SIZE);
/* Now, copy roce port gids table to current mailbox for passing to FW */
gid_entry_mbox = (struct mlx4_roce_gid_entry *)(inbox->buf);
for (i = 0; i < MLX4_ROCE_MAX_GIDS; gid_entry_mbox++, i++)
Reported by FlawFinder.
Line: 1465
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Now, copy roce port gids table to current mailbox for passing to FW */
gid_entry_mbox = (struct mlx4_roce_gid_entry *)(inbox->buf);
for (i = 0; i < MLX4_ROCE_MAX_GIDS; gid_entry_mbox++, i++)
memcpy(gid_entry_mbox->raw,
priv->port[port].gid_table.roce_gids[i].raw,
MLX4_ROCE_GID_ENTRY_SIZE);
err = mlx4_cmd(dev, inbox->dma, in_mod & 0xffff, op_mod,
MLX4_CMD_SET_PORT, MLX4_CMD_TIME_CLASS_B,
Reported by FlawFinder.
Line: 1964
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!mlx4_is_master(dev))
return -EINVAL;
memcpy(gid, priv->port[port].gid_table.roce_gids[slave_id].raw,
MLX4_ROCE_GID_ENTRY_SIZE);
return 0;
}
EXPORT_SYMBOL(mlx4_get_roce_gid_from_slave);
Reported by FlawFinder.
Line: 2211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
cable_info = (struct mlx4_cable_info *)outmad->data;
memcpy(data, cable_info->data, size);
ret = size;
out:
mlx4_free_cmd_mailbox(dev, inbox);
mlx4_free_cmd_mailbox(dev, outbox);
return ret;
Reported by FlawFinder.
drivers/net/ethernet/sun/sunhme.c
8 issues
Line: 2734
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr = of_get_property(dp, "local-mac-address", &len);
if (qfe_slot != -1 && addr && len == ETH_ALEN)
memcpy(dev->dev_addr, addr, ETH_ALEN);
else
memcpy(dev->dev_addr, idprom->id_ethaddr, ETH_ALEN);
}
hp = netdev_priv(dev);
Reported by FlawFinder.
Line: 2736
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (qfe_slot != -1 && addr && len == ETH_ALEN)
memcpy(dev->dev_addr, addr, ETH_ALEN);
else
memcpy(dev->dev_addr, idprom->id_ethaddr, ETH_ALEN);
}
hp = netdev_priv(dev);
hp->happy_dev = op;
Reported by FlawFinder.
Line: 2995
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __iomem *hpreg_base;
unsigned long hpreg_res;
int i, qfe_slot = -1;
char prom_name[64];
int err;
/* Now make sure pci_dev cookie is there. */
#ifdef CONFIG_SPARC
dp = pci_device_to_OF_node(pdev);
Reported by FlawFinder.
Line: 3004
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snprintf(prom_name, sizeof(prom_name), "%pOFn", dp);
#else
if (is_quattro_p(pdev))
strcpy(prom_name, "SUNW,qfe");
else
strcpy(prom_name, "SUNW,hme");
#endif
err = -ENODEV;
Reported by FlawFinder.
Line: 3006
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (is_quattro_p(pdev))
strcpy(prom_name, "SUNW,qfe");
else
strcpy(prom_name, "SUNW,hme");
#endif
err = -ENODEV;
if (pci_enable_device(pdev))
Reported by FlawFinder.
Line: 3082
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(addr = of_get_property(dp, "local-mac-address", &len))
!= NULL &&
len == 6) {
memcpy(dev->dev_addr, addr, ETH_ALEN);
} else {
memcpy(dev->dev_addr, idprom->id_ethaddr, ETH_ALEN);
}
#else
get_hme_mac_nonsparc(pdev, &dev->dev_addr[0]);
Reported by FlawFinder.
Line: 3084
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len == 6) {
memcpy(dev->dev_addr, addr, ETH_ALEN);
} else {
memcpy(dev->dev_addr, idprom->id_ethaddr, ETH_ALEN);
}
#else
get_hme_mac_nonsparc(pdev, &dev->dev_addr[0]);
#endif
}
Reported by FlawFinder.
Line: 3177
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
prom_name[0] = 0;
if (!strncmp(dev->name, "eth", 3)) {
int i = simple_strtoul(dev->name + 3, NULL, 10);
sprintf(prom_name, "-%d", i + 3);
}
printk(KERN_INFO "%s%s: Quattro HME (PCI/CheerIO) 10/100baseT Ethernet ", dev->name, prom_name);
if (qpdev->vendor == PCI_VENDOR_ID_DEC &&
qpdev->device == PCI_DEVICE_ID_DEC_21153)
printk("DEC 21153 PCI Bridge\n");
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_mcp.c
8 issues
Line: 414
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offsetof(struct public_drv_mb, union_data);
memset(&union_data, 0, sizeof(union_data));
if (p_mb_params->p_data_src != NULL && p_mb_params->data_src_size)
memcpy(&union_data, p_mb_params->p_data_src,
p_mb_params->data_src_size);
qed_memcpy_to(p_hwfn, p_ptt, union_data_addr, &union_data,
sizeof(union_data));
/* Set the drv param */
Reported by FlawFinder.
Line: 696
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*o_mcp_param = mb_params.mcp_param;
*o_txn_size = *o_mcp_param;
memcpy(o_buf, raw_data, *o_txn_size);
return 0;
}
static bool
Reported by FlawFinder.
Line: 2076
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy the new mfw messages into the shadow */
memcpy(info->mfw_mb_shadow, info->mfw_mb_cur, info->mfw_mb_length);
return rc;
}
int qed_mcp_get_mfw_ver(struct qed_hwfn *p_hwfn,
Reported by FlawFinder.
Line: 2495
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->mac[5] = (u8)(shmem_info.mac_lower);
/* Store primary MAC for later possible WoL */
memcpy(&p_hwfn->cdev->wol_mac, info->mac, ETH_ALEN);
} else {
DP_NOTICE(p_hwfn, "MAC is 0 in shmem\n");
}
info->wwn_port = (u64)shmem_info.fcoe_wwn_port_name_lower |
Reported by FlawFinder.
Line: 2885
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DP_ERR(p_hwfn, "Failed to send mac address, rc = %d\n", rc);
/* Store primary MAC for later possible WoL */
memcpy(p_hwfn->cdev->wol_mac, mac, ETH_ALEN);
return rc;
}
int qed_mcp_ov_update_wol(struct qed_hwfn *p_hwfn,
Reported by FlawFinder.
Line: 3063
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!p_ptt)
return -EBUSY;
memcpy(p_buf, &cdev->mcp_nvm_resp, sizeof(cdev->mcp_nvm_resp));
qed_ptt_release(p_hwfn, p_ptt);
return 0;
}
Reported by FlawFinder.
Line: 4127
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SET_MFW_FIELD(*p_header, QED_MCP_DBG_DATA_HDR_PF, p_hwfn->abs_pf_id);
while (tmp_size > QED_MCP_DBG_DATA_MAX_PAYLOAD_SIZE) {
memcpy(p_payload, p_tmp_buf, QED_MCP_DBG_DATA_MAX_PAYLOAD_SIZE);
rc = __qed_mcp_send_debug_data(p_hwfn, p_ptt, raw_data,
QED_MCP_DBG_DATA_MAX_SIZE);
if (rc)
return rc;
Reported by FlawFinder.
Line: 4147
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Last chunk is marked as 'last' */
flags |= QED_MCP_DBG_DATA_HDR_FLAGS_LAST;
SET_MFW_FIELD(*p_header, QED_MCP_DBG_DATA_HDR_FLAGS, flags);
memcpy(p_payload, p_tmp_buf, tmp_size);
/* Casting the left size to u8 is ok since at this point it is <= 32 */
return __qed_mcp_send_debug_data(p_hwfn, p_ptt, raw_data,
(u8)(QED_MCP_DBG_DATA_MAX_HEADER_SIZE +
tmp_size));
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_int.c
8 issues
Line: 1029
CWE codes:
788
continue;
for (j = 0, bit_idx = 0; bit_idx < 32; j++) {
struct aeu_invert_reg_bit *p_bit = &p_aeu->bits[j];
if (qed_int_is_parity_flag(p_hwfn, p_bit) &&
!!(parities & BIT(bit_idx)))
qed_int_deassertion_parity(p_hwfn, p_bit,
aeu_en, bit_idx);
Reported by Cppcheck.
Line: 1070
CWE codes:
788
long unsigned int bitmask;
u8 bit, bit_len;
p_aeu = &sb_attn_sw->p_aeu_desc[i].bits[j];
p_aeu = qed_int_aeu_translate(p_hwfn, p_aeu);
bit = bit_idx;
bit_len = ATTENTION_LENGTH(p_aeu->flags);
if (qed_int_is_parity_flag(p_hwfn, p_aeu)) {
Reported by Cppcheck.
Line: 1368
CWE codes:
788
for (j = 0, k = 0; k < 32; j++) {
struct aeu_invert_reg_bit *p_aeu;
p_aeu = &aeu_descs[i].bits[j];
if (qed_int_is_parity_flag(p_hwfn, p_aeu))
sb_info->parity_mask[i] |= 1 << k;
k += ATTENTION_LENGTH(p_aeu->flags);
}
Reported by Cppcheck.
Line: 1099
Column: 7
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (ATTENTION_LENGTH(flags) > 2 ||
((flags & ATTENTION_PAR_INT) &&
ATTENTION_LENGTH(flags) > 1))
snprintf(bit_name, 30,
p_aeu->bit_name, num);
else
strlcpy(bit_name,
p_aeu->bit_name, 30);
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ALIGNED_TYPE_SIZE(struct atten_status_block, p_hwfn)
struct aeu_invert_reg_bit {
char bit_name[30];
#define ATTENTION_PARITY (1 << 0)
#define ATTENTION_LENGTH_MASK (0x00000ff0)
#define ATTENTION_LENGTH_SHIFT (4)
Reported by FlawFinder.
Line: 237
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int qed_pglueb_rbc_attn_handler(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt,
bool hw_init)
{
char msg[256];
u32 tmp;
tmp = qed_rd(p_hwfn, p_ptt, PGLUE_B_REG_TX_ERR_WR_DETAILS2);
if (tmp & PGLUE_ATTENTION_VALID) {
u32 addr_lo, addr_hi, details;
Reported by FlawFinder.
Line: 1086
Column: 6
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (bitmask) {
u32 flags = p_aeu->flags;
char bit_name[30];
u8 num;
num = (u8)find_first_bit(&bitmask,
bit_len);
Reported by FlawFinder.
Line: 2326
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!info || !p_sb_cnt_info)
return;
memcpy(p_sb_cnt_info, &info->usage, sizeof(*p_sb_cnt_info));
}
void qed_int_disable_post_isr_release(struct qed_dev *cdev)
{
int i;
Reported by FlawFinder.
net/ipv4/ip_gre.c
8 issues
Line: 332
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
md = ip_tunnel_info_opts(&tun_dst->u.tun_info);
md->version = ver;
md2 = &md->u.md2;
memcpy(md2, pkt_md, ver == 1 ? ERSPAN_V1_MDSIZE :
ERSPAN_V2_MDSIZE);
info = &tun_dst->u.tun_info;
info->key.tun_flags |= TUNNEL_ERSPAN_OPT;
info->options_len = sizeof(*md);
Reported by FlawFinder.
Line: 852
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
greh->flags = gre_tnl_flags_to_gre_flags(t->parms.o_flags);
greh->protocol = htons(type);
memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
/* Set the source hardware address. */
if (saddr)
memcpy(&iph->saddr, saddr, 4);
if (daddr)
Reported by FlawFinder.
Line: 856
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Set the source hardware address. */
if (saddr)
memcpy(&iph->saddr, saddr, 4);
if (daddr)
memcpy(&iph->daddr, daddr, 4);
if (iph->daddr)
return t->hlen + sizeof(*iph);
Reported by FlawFinder.
Line: 858
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (saddr)
memcpy(&iph->saddr, saddr, 4);
if (daddr)
memcpy(&iph->daddr, daddr, 4);
if (iph->daddr)
return t->hlen + sizeof(*iph);
return -(t->hlen + sizeof(*iph));
}
Reported by FlawFinder.
Line: 868
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
{
const struct iphdr *iph = (const struct iphdr *) skb_mac_header(skb);
memcpy(haddr, &iph->saddr, 4);
return 4;
}
static const struct header_ops ipgre_header_ops = {
.create = ipgre_header,
Reported by FlawFinder.
Line: 984
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__gre_tunnel_init(dev);
memcpy(dev->dev_addr, &iph->saddr, 4);
memcpy(dev->broadcast, &iph->daddr, 4);
dev->flags = IFF_NOARP;
netif_keep_dst(dev);
dev->addr_len = 4;
Reported by FlawFinder.
Line: 985
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__gre_tunnel_init(dev);
memcpy(dev->dev_addr, &iph->saddr, 4);
memcpy(dev->broadcast, &iph->daddr, 4);
dev->flags = IFF_NOARP;
netif_keep_dst(dev);
dev->addr_len = 4;
Reported by FlawFinder.
Line: 1073
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
if (data[IFLA_GRE_REMOTE]) {
memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4);
if (!daddr)
return -EINVAL;
}
out:
Reported by FlawFinder.