The following issues were found
drivers/mtd/nand/raw/meson_nand.c
7 issues
Line: 362
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < nand->ecc.steps; i++) {
if (buf) {
dsrc = meson_nfc_data_ptr(nand, i);
memcpy(buf, dsrc, nand->ecc.size);
buf += nand->ecc.size;
}
osrc = meson_nfc_oob_ptr(nand, i);
memcpy(oobbuf, osrc, oob_len);
oobbuf += oob_len;
Reported by FlawFinder.
Line: 366
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += nand->ecc.size;
}
osrc = meson_nfc_oob_ptr(nand, i);
memcpy(oobbuf, osrc, oob_len);
oobbuf += oob_len;
}
}
static void meson_nfc_set_data_oob(struct nand_chip *nand,
Reported by FlawFinder.
Line: 381
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < nand->ecc.steps; i++) {
if (buf) {
dsrc = meson_nfc_data_ptr(nand, i);
memcpy(dsrc, buf, nand->ecc.size);
buf += nand->ecc.size;
}
osrc = meson_nfc_oob_ptr(nand, i);
memcpy(osrc, oobbuf, oob_len);
oobbuf += oob_len;
Reported by FlawFinder.
Line: 385
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += nand->ecc.size;
}
osrc = meson_nfc_oob_ptr(nand, i);
memcpy(osrc, oobbuf, oob_len);
oobbuf += oob_len;
}
}
static int meson_nfc_queue_rb(struct meson_nfc *nfc, int timeout_ms)
Reported by FlawFinder.
Line: 688
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct meson_nfc_nand_chip *meson_chip = to_meson_nand(nand);
u8 *oob_buf = nand->oob_poi;
memcpy(meson_chip->data_buf, buf, mtd->writesize);
memset(meson_chip->info_buf, 0, nand->ecc.steps * PER_INFO_BYTE);
meson_nfc_set_user_byte(nand, oob_buf);
return meson_nfc_write_page_sub(nand, page, 0);
}
Reported by FlawFinder.
Line: 817
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
} else if (buf && buf != meson_chip->data_buf) {
memcpy(buf, meson_chip->data_buf, mtd->writesize);
}
return bitflips;
}
Reported by FlawFinder.
Line: 863
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buf == instr->ctx.data.buf.in)
return;
memcpy(instr->ctx.data.buf.in, buf, instr->ctx.data.len);
kfree(buf);
}
static void *
meson_nand_op_get_dma_safe_output_buf(const struct nand_op_instr *instr)
Reported by FlawFinder.
drivers/media/pci/bt8xx/dst_ca.c
7 issues
Line: 309
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (command) {
case CA_APP_INFO:
memcpy(p_ca_message->msg, state->messages, 128);
if (copy_to_user(arg, p_ca_message, sizeof (struct ca_msg)) )
return -EFAULT;
break;
case CA_INFO:
memcpy(p_ca_message->msg, state->messages, 128);
Reported by FlawFinder.
Line: 314
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EFAULT;
break;
case CA_INFO:
memcpy(p_ca_message->msg, state->messages, 128);
if (copy_to_user(arg, p_ca_message, sizeof (struct ca_msg)) )
return -EFAULT;
break;
}
Reported by FlawFinder.
Line: 345
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Need to compute length for EN50221 section 8.3.2, for the time being
* assuming 8.3.2 is not applicable
*/
memcpy(&hw_buffer->msg[7], &p_ca_message->msg[4], length);
}
return 0;
}
Reported by FlawFinder.
Line: 64
Column: 90
CWE codes:
120
20
dprintk(verbose, DST_CA_DEBUG, 1, " -> checksum : 0x%02x", check_string[length]);
}
static int dst_ci_command(struct dst_state* state, u8 * data, u8 *ca_string, u8 len, int read)
{
u8 reply;
mutex_lock(&state->dst_mutex);
dst_comm_init(state);
Reported by FlawFinder.
Line: 86
Column: 6
CWE codes:
120
20
dst_error_recovery(state);
goto error;
}
if (read) {
if (! dst_wait_dst_ready(state, LONG_DELAY)) {
dprintk(verbose, DST_CA_NOTICE, 1, " 8820 not ready");
goto error;
}
if (read_dst(state, ca_string, 128) < 0) { /* Try to make this dynamic */
Reported by FlawFinder.
Line: 106
Column: 86
CWE codes:
120
20
}
static int dst_put_ci(struct dst_state *state, u8 *data, int len, u8 *ca_string, int read)
{
u8 dst_ca_comm_err = 0;
while (dst_ca_comm_err < RETRIES) {
dprintk(verbose, DST_CA_NOTICE, 1, " Put Command");
Reported by FlawFinder.
Line: 112
Column: 51
CWE codes:
120
20
while (dst_ca_comm_err < RETRIES) {
dprintk(verbose, DST_CA_NOTICE, 1, " Put Command");
if (dst_ci_command(state, data, ca_string, len, read)) { // If error
dst_error_recovery(state);
dst_ca_comm_err++; // work required here.
} else {
break;
}
Reported by FlawFinder.
drivers/media/usb/cpia2/cpia2_usb.c
7 issues
Line: 164
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cam->workbuff->data[cam->workbuff->length++] = 0xE0+cam->APPn;
cam->workbuff->data[cam->workbuff->length++] = 0;
cam->workbuff->data[cam->workbuff->length++] = cam->APP_len+2;
memcpy(cam->workbuff->data+cam->workbuff->length,
cam->APP_data, cam->APP_len);
cam->workbuff->length += cam->APP_len;
}
}
Reported by FlawFinder.
Line: 183
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cam->workbuff->data[cam->workbuff->length++] = 0xFE;
cam->workbuff->data[cam->workbuff->length++] = 0;
cam->workbuff->data[cam->workbuff->length++] = cam->COM_len+2;
memcpy(cam->workbuff->data+cam->workbuff->length,
cam->COM_data, cam->COM_len);
cam->workbuff->length += cam->COM_len;
}
}
Reported by FlawFinder.
Line: 325
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cam->workbuff->length = 2;
add_APPn(cam);
add_COM(cam);
memcpy(cam->workbuff->data+cam->workbuff->length,
cdata+data_offset, n-data_offset);
cam->workbuff->length += n-data_offset;
} else if (cam->workbuff->length > 0) {
memcpy(cam->workbuff->data + cam->workbuff->length,
cdata, n);
Reported by FlawFinder.
Line: 329
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cdata+data_offset, n-data_offset);
cam->workbuff->length += n-data_offset;
} else if (cam->workbuff->length > 0) {
memcpy(cam->workbuff->data + cam->workbuff->length,
cdata, n);
cam->workbuff->length += n;
}
if ((cam->workbuff->length >= 3) &&
Reported by FlawFinder.
Line: 373
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*****************************************************************************/
static int configure_transfer_mode(struct camera_data *cam, unsigned int alt)
{
static unsigned char iso_regs[8][4] = {
{0x00, 0x00, 0x00, 0x00},
{0x00, 0x00, 0x00, 0x00},
{0xB9, 0x00, 0x00, 0x7E},
{0xB9, 0x00, 0x01, 0x7E},
{0xB9, 0x00, 0x02, 0x7E},
Reported by FlawFinder.
Line: 588
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
HZ);
if (ret >= 0)
memcpy(registers, buf, size);
kfree(buf);
return ret;
}
Reported by FlawFinder.
Line: 628
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
LOG("Message: request = 0x%0X, start = 0x%0X\n",
request, start);
LOG("Message: count = %d, register[0] = 0x%0X\n",
count, ((unsigned char *) registers)[0]);
} else
err=0;
} else {
LOG("Unexpected first byte of direction: %d\n",
direction);
Reported by FlawFinder.
drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_hw.c
7 issues
Line: 255
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 keylen, u32 optname,
int cipher_type)
{
unsigned char key[AES_MAX_KEY_SIZE];
unsigned char *key_p, *salt;
unsigned char ghash_h[AEAD_H_SIZE];
int ck_size, key_ctx_size, kctx_mackey_size, salt_size;
struct crypto_aes_ctx aes;
int ret;
Reported by FlawFinder.
Line: 257
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned char key[AES_MAX_KEY_SIZE];
unsigned char *key_p, *salt;
unsigned char ghash_h[AEAD_H_SIZE];
int ck_size, key_ctx_size, kctx_mackey_size, salt_size;
struct crypto_aes_ctx aes;
int ret;
key_ctx_size = sizeof(struct _key_ctx) +
Reported by FlawFinder.
Line: 273
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct tls12_crypto_info_aes_gcm_128 *gcm_ctx_128 =
(struct tls12_crypto_info_aes_gcm_128 *)
&csk->tlshws.crypto_info;
memcpy(key, gcm_ctx_128->key, keylen);
key_p = gcm_ctx_128->key;
salt = gcm_ctx_128->salt;
ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_128;
salt_size = TLS_CIPHER_AES_GCM_128_SALT_SIZE;
Reported by FlawFinder.
Line: 286
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct tls12_crypto_info_aes_gcm_256 *gcm_ctx_256 =
(struct tls12_crypto_info_aes_gcm_256 *)
&csk->tlshws.crypto_info;
memcpy(key, gcm_ctx_256->key, keylen);
key_p = gcm_ctx_256->key;
salt = gcm_ctx_256->salt;
ck_size = CHCR_KEYCTX_CIPHER_KEY_SIZE_256;
salt_size = TLS_CIPHER_AES_GCM_256_SALT_SIZE;
Reported by FlawFinder.
Line: 327
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
0, 0, key_ctx_size >> 4);
}
memcpy(kctx->salt, salt, salt_size);
memcpy(kctx->key, key_p, keylen);
memcpy(kctx->key + keylen, ghash_h, AEAD_H_SIZE);
/* erase key info from driver */
memset(key_p, 0, keylen);
Reported by FlawFinder.
Line: 328
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(kctx->salt, salt, salt_size);
memcpy(kctx->key, key_p, keylen);
memcpy(kctx->key + keylen, ghash_h, AEAD_H_SIZE);
/* erase key info from driver */
memset(key_p, 0, keylen);
return 0;
Reported by FlawFinder.
Line: 329
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(kctx->salt, salt, salt_size);
memcpy(kctx->key, key_p, keylen);
memcpy(kctx->key + keylen, ghash_h, AEAD_H_SIZE);
/* erase key info from driver */
memset(key_p, 0, keylen);
return 0;
}
Reported by FlawFinder.
drivers/media/dvb-core/dvbdev.c
7 issues
Line: 112
Column: 19
CWE codes:
362
goto fail;
file->private_data = dvbdev;
replace_fops(file, new_fops);
if (file->f_op->open)
err = file->f_op->open(inode, file);
up_read(&minor_rwsem);
mutex_unlock(&dvbdev_mutex);
return err;
}
Reported by FlawFinder.
Line: 113
Column: 22
CWE codes:
362
file->private_data = dvbdev;
replace_fops(file, new_fops);
if (file->f_op->open)
err = file->f_op->open(inode, file);
up_read(&minor_rwsem);
mutex_unlock(&dvbdev_mutex);
return err;
}
fail:
Reported by FlawFinder.
Line: 490
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(dvbdev, template, sizeof(struct dvb_device));
dvbdev->type = type;
dvbdev->id = id;
dvbdev->adapter = adap;
dvbdev->priv = priv;
dvbdev->fops = dvbdevfops;
Reported by FlawFinder.
Line: 917
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int (*func)(struct file *file,
unsigned int cmd, void *arg))
{
char sbuf[128];
void *mbuf = NULL;
void *parg = NULL;
int err = -EINVAL;
/* Copy arguments into temp kernel buffer */
Reported by FlawFinder.
Line: 608
Column: 36
CWE codes:
126
media_device_for_each_entity(entity, mdev) {
if (entity->function == MEDIA_ENT_F_IO_DTV) {
if (strncmp(entity->name, name, strlen(name)))
continue;
link = media_create_intf_link(entity, intf,
MEDIA_LNK_FL_ENABLED |
MEDIA_LNK_FL_IMMUTABLE);
if (!link)
Reported by FlawFinder.
Line: 754
Column: 9
CWE codes:
126
media_device_for_each_entity(entity, mdev) {
if (entity->function == MEDIA_ENT_F_IO_DTV) {
if (!strncmp(entity->name, DVR_TSOUT,
strlen(DVR_TSOUT))) {
ret = media_create_pad_link(demux,
++dvr_pad,
entity, 0, 0);
if (ret)
return ret;
Reported by FlawFinder.
Line: 762
Column: 9
CWE codes:
126
return ret;
}
if (!strncmp(entity->name, DEMUX_TSOUT,
strlen(DEMUX_TSOUT))) {
ret = media_create_pad_link(demux,
++demux_pad,
entity, 0, 0);
if (ret)
return ret;
Reported by FlawFinder.
drivers/md/dm-log-userspace-base.c
7 issues
Line: 150
Column: 15
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
str_size = sprintf(str, "%llu", (unsigned long long)ti->len);
for (i = 0; i < argc; i++)
str_size += sprintf(str + str_size, " %s", argv[i]);
*ctr_str = str;
return str_size;
}
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t region_size;
region_t region_count;
uint64_t luid;
char uuid[DM_UUID_LEN];
/*
* Mark and clear requests are held until a flush is issued
* so that we can group, and thereby limit, the amount of
* network traffic between kernel and userspace. The 'flush_lock'
Reported by FlawFinder.
Line: 148
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
}
str_size = sprintf(str, "%llu", (unsigned long long)ti->len);
for (i = 0; i < argc; i++)
str_size += sprintf(str + str_size, " %s", argv[i]);
*ctr_str = str;
return str_size;
Reported by FlawFinder.
Line: 109
Column: 7
CWE codes:
126
DMWARN("Attempting to contact userspace log server...");
r = dm_consult_userspace(uuid, lc->luid, DM_ULOG_CTR,
lc->usr_argv_str,
strlen(lc->usr_argv_str) + 1,
NULL, NULL);
if (!r)
break;
}
DMINFO("Reconnected to userspace log server... DM_ULOG_CTR complete");
Reported by FlawFinder.
Line: 138
Column: 15
CWE codes:
126
* Determine overall size of the string.
*/
for (i = 0, str_size = 0; i < argc; i++)
str_size += strlen(argv[i]) + 1; /* +1 for space between args */
str_size += 20; /* Max number of chars in a printed u64 number */
str = kzalloc(str_size, GFP_KERNEL);
if (!str) {
Reported by FlawFinder.
Line: 218
Column: 6
CWE codes:
126
lc->ti = ti;
if (strlen(argv[0]) > (DM_UUID_LEN - 1)) {
DMWARN("UUID argument too long.");
kfree(lc);
return -EINVAL;
}
Reported by FlawFinder.
Line: 226
Column: 2
CWE codes:
120
lc->usr_argc = argc;
strncpy(lc->uuid, argv[0], DM_UUID_LEN);
argc--;
argv++;
spin_lock_init(&lc->flush_lock);
INIT_LIST_HEAD(&lc->mark_list);
INIT_LIST_HEAD(&lc->clear_list);
Reported by FlawFinder.
drivers/md/persistent-data/dm-space-map-common.c
7 issues
Line: 954
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int metadata_ll_load_ie(struct ll_disk *ll, dm_block_t index,
struct disk_index_entry *ie)
{
memcpy(ie, ll->mi_le.index + index, sizeof(*ie));
return 0;
}
static int metadata_ll_save_ie(struct ll_disk *ll, dm_block_t index,
struct disk_index_entry *ie)
Reported by FlawFinder.
Line: 962
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct disk_index_entry *ie)
{
ll->bitmap_index_changed = true;
memcpy(ll->mi_le.index + index, ie, sizeof(*ie));
return 0;
}
static int metadata_ll_init_index(struct ll_disk *ll)
{
Reported by FlawFinder.
Line: 1012
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (r)
return r;
memcpy(dm_block_data(b), &ll->mi_le, sizeof(ll->mi_le));
ll->bitmap_root = dm_block_location(b);
dm_tm_unlock(ll->tm, b);
return 0;
Reported by FlawFinder.
Line: 1109
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (iec->valid) {
if (iec->index == index) {
memcpy(ie, &iec->ie, sizeof(*ie));
return 0;
}
if (iec->dirty) {
r = ie_cache_writeback(ll, iec);
Reported by FlawFinder.
Line: 1125
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iec->valid = true;
iec->dirty = false;
iec->index = index;
memcpy(&iec->ie, ie, sizeof(*ie));
}
return r;
}
Reported by FlawFinder.
Line: 1141
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ll->bitmap_index_changed = true;
if (iec->valid) {
if (iec->index == index) {
memcpy(&iec->ie, ie, sizeof(*ie));
iec->dirty = true;
return 0;
}
if (iec->dirty) {
Reported by FlawFinder.
Line: 1156
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iec->valid = true;
iec->dirty = true;
iec->index = index;
memcpy(&iec->ie, ie, sizeof(*ie));
return 0;
}
static int disk_ll_init_index(struct ll_disk *ll)
{
Reported by FlawFinder.
drivers/media/platform/exynos4-is/fimc-is.c
7 issues
Line: 41
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "fimc-is-regs.h"
static char *fimc_is_clocks[ISS_CLKS_MAX] = {
[ISS_CLK_PPMUISPX] = "ppmuispx",
[ISS_CLK_PPMUISPMX] = "ppmuispmx",
[ISS_CLK_LITE0] = "lite0",
[ISS_CLK_LITE1] = "lite1",
[ISS_CLK_MPLL] = "mpll",
Reported by FlawFinder.
Line: 242
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
buf = is->memory.vaddr + is->setfile.base;
memcpy(buf, fw->data, fw->size);
fimc_is_mem_barrier();
is->setfile.size = fw->size;
pr_debug("mem vaddr: %p, setfile buf: %p\n", is->memory.vaddr, buf);
Reported by FlawFinder.
Line: 248
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_debug("mem vaddr: %p, setfile buf: %p\n", is->memory.vaddr, buf);
memcpy(is->fw.setfile_info,
fw->data + fw->size - FIMC_IS_SETFILE_INFO_LEN,
FIMC_IS_SETFILE_INFO_LEN - 1);
is->fw.setfile_info[FIMC_IS_SETFILE_INFO_LEN - 1] = '\0';
is->setfile.state = 1;
Reported by FlawFinder.
Line: 317
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(is->memory.vaddr, is->fw.f_w->data, is->fw.f_w->size);
wmb();
ret = fimc_is_cpu_set_power(is, 1);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 402
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto done;
}
memcpy(is->memory.vaddr, fw->data, fw->size);
wmb();
/* Read firmware description. */
buf = (void *)(is->memory.vaddr + fw->size - FIMC_IS_FW_DESC_LEN);
memcpy(&is->fw.info, buf, FIMC_IS_FW_INFO_LEN);
Reported by FlawFinder.
Line: 407
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Read firmware description. */
buf = (void *)(is->memory.vaddr + fw->size - FIMC_IS_FW_DESC_LEN);
memcpy(&is->fw.info, buf, FIMC_IS_FW_INFO_LEN);
is->fw.info[FIMC_IS_FW_INFO_LEN] = 0;
buf = (void *)(is->memory.vaddr + fw->size - FIMC_IS_FW_VER_LEN);
memcpy(&is->fw.version, buf, FIMC_IS_FW_VER_LEN);
is->fw.version[FIMC_IS_FW_VER_LEN - 1] = 0;
Reported by FlawFinder.
Line: 411
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
is->fw.info[FIMC_IS_FW_INFO_LEN] = 0;
buf = (void *)(is->memory.vaddr + fw->size - FIMC_IS_FW_VER_LEN);
memcpy(&is->fw.version, buf, FIMC_IS_FW_VER_LEN);
is->fw.version[FIMC_IS_FW_VER_LEN - 1] = 0;
is->fw.state = 1;
dev_info(dev, "loaded firmware: %s, rev. %s\n",
Reported by FlawFinder.
drivers/media/usb/dvb-usb-v2/af9015.c
7 issues
Line: 83
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rlen = ACK_HDR_LEN;
if (write) {
wlen += req->data_len;
memcpy(&state->buf[REQ_HDR_LEN], req->data, req->data_len);
} else {
rlen += req->data_len;
}
/* no ack for these packets */
Reported by FlawFinder.
Line: 106
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* read request, copy returned data to return buf */
if (!write)
memcpy(req->data, &state->buf[ACK_HDR_LEN], req->data_len);
error:
mutex_unlock(&d->usb_mutex);
return ret;
}
Reported by FlawFinder.
Line: 856
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (adap->id == 0) {
state->af9013_pdata[0].ts_mode = AF9013_TS_MODE_USB;
memcpy(state->af9013_pdata[0].api_version, "\x0\x1\x9\x0", 4);
state->af9013_pdata[0].gpio[0] = AF9013_GPIO_HI;
state->af9013_pdata[0].gpio[3] = AF9013_GPIO_TUNER_ON;
} else if (adap->id == 1) {
state->af9013_pdata[1].ts_mode = AF9013_TS_MODE_SERIAL;
state->af9013_pdata[1].ts_output_pin = 7;
Reported by FlawFinder.
Line: 862
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (adap->id == 1) {
state->af9013_pdata[1].ts_mode = AF9013_TS_MODE_SERIAL;
state->af9013_pdata[1].ts_output_pin = 7;
memcpy(state->af9013_pdata[1].api_version, "\x0\x1\x9\x0", 4);
state->af9013_pdata[1].gpio[0] = AF9013_GPIO_TUNER_ON;
state->af9013_pdata[1].gpio[1] = AF9013_GPIO_LO;
/* copy firmware to 2nd demodulator */
if (state->dual_mode) {
Reported by FlawFinder.
Line: 1192
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto error;
/* Remember this key */
memcpy(state->rc_last, &buf[12], 4);
if (buf[14] == (u8)~buf[15]) {
if (buf[12] == (u8)~buf[13]) {
/* NEC */
state->rc_keycode = RC_SCANCODE_NEC(buf[12],
buf[14]);
Reported by FlawFinder.
Line: 1265
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* reference IDs are used.
* DO NOT ADD ANYTHING NEW HERE. Use hashes instead.
*/
char manufacturer[10];
memset(manufacturer, 0, sizeof(manufacturer));
usb_string(d->udev, d->udev->descriptor.iManufacturer,
manufacturer, sizeof(manufacturer));
if (!strcmp("MSI", manufacturer)) {
Reported by FlawFinder.
Line: 1342
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usb_interface *intf = d->intf;
struct usb_device *udev = interface_to_usbdev(intf);
int ret;
char manufacturer[sizeof("ITE Technologies, Inc.")];
static const struct regmap_config regmap_config = {
.reg_bits = 16,
.val_bits = 8,
};
static const struct regmap_bus regmap_bus = {
Reported by FlawFinder.
drivers/mfd/ab8500-core.c
7 issues
Line: 837
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ab8500 = dev_get_drvdata(dev);
return sprintf(buf, "%#x\n", ab8500 ? ab8500->chip_id : -EINVAL);
}
/*
* ab8500 has switched off due to (SWITCH_OFF_STATUS):
* 0x01 Swoff bit programming
Reported by FlawFinder.
Line: 863
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
AB8500_SWITCH_OFF_STATUS, &value);
if (ret < 0)
return ret;
return sprintf(buf, "%#x\n", value);
}
/* use mask and set to override the register turn_on_stat value */
void ab8500_override_turn_on_stat(u8 mask, u8 set)
{
Reported by FlawFinder.
Line: 912
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
spin_unlock(&on_stat_lock);
}
return sprintf(buf, "%#x\n", value);
}
static ssize_t turn_on_status_2_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 927
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
AB8505_TURN_ON_STATUS_2, &value);
if (ret < 0)
return ret;
return sprintf(buf, "%#x\n", (value & 0x1));
}
static ssize_t dbbrstn_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 944
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%d\n",
(value & AB9540_MODEM_CTRL2_SWDBBRSTN_BIT) ? 1 : 0);
}
static ssize_t dbbrstn_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
Reported by FlawFinder.
Line: 246
Column: 16
CWE codes:
120
20
mutex_lock(&ab8500->lock);
ret = ab8500->read(ab8500, addr);
if (ret < 0)
dev_err(ab8500->dev, "failed to read reg %#x: %d\n",
addr, ret);
else
*value = ret;
Reported by FlawFinder.
Line: 282
Column: 17
CWE codes:
120
20
if (ab8500->write_masked == NULL) {
u8 data;
ret = ab8500->read(ab8500, addr);
if (ret < 0) {
dev_err(ab8500->dev, "failed to read reg %#x: %d\n",
addr, ret);
goto out;
}
Reported by FlawFinder.