The following issues were found
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c
7 issues
Line: 2904
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(outbox->buf, mpt_entry, sizeof(*mpt_entry));
err = 0;
} else if (mpt->com.from_state == RES_MPT_HW) {
err = mlx4_DMA_wrapper(dev, slave, vhcr, inbox, outbox, cmd);
} else {
Reported by FlawFinder.
Line: 3386
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eqe->event.cmd.token = cpu_to_be16(event_eq->token);
}
memcpy(mailbox->buf, (u8 *) eqe, 28);
in_modifier = (slave & 0xff) | ((event_eq->eqn & 0x3ff) << 16);
err = mlx4_cmd(dev, mailbox->dma, in_modifier, 0,
MLX4_CMD_GEN_EQE, MLX4_CMD_TIME_CLASS_B,
Reported by FlawFinder.
Line: 4044
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kfree(res);
err = -EEXIST;
} else {
memcpy(res->gid, gid, 16);
res->prot = prot;
res->steer = steer;
res->reg_id = reg_id;
list_add_tail(&res->list, &rqp->mcg_list);
err = 0;
Reported by FlawFinder.
Line: 4274
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(eth_header, 0, sizeof(*eth_header));
eth_header->size = sizeof(*eth_header) >> 2;
eth_header->id = cpu_to_be16(__sw_id_hw[MLX4_NET_TRANS_RULE_ID_ETH]);
memcpy(eth_header->dst_mac, &be_mac, ETH_ALEN);
memcpy(eth_header->dst_mac_msk, &mac_msk, ETH_ALEN);
return 0;
}
Reported by FlawFinder.
Line: 4275
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eth_header->size = sizeof(*eth_header) >> 2;
eth_header->id = cpu_to_be16(__sw_id_hw[MLX4_NET_TRANS_RULE_ID_ETH]);
memcpy(eth_header->dst_mac, &be_mac, ETH_ALEN);
memcpy(eth_header->dst_mac_msk, &mac_msk, ETH_ALEN);
return 0;
}
Reported by FlawFinder.
Line: 4458
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
rrule->mirr_mbox_size = mbox_size;
rrule->mirr_rule_id = 0;
memcpy(rrule->mirr_mbox, inbox->buf, mbox_size);
/* set different port */
ctrl = (struct mlx4_net_trans_rule_hw_ctrl *)rrule->mirr_mbox;
if (ctrl->port == 1)
ctrl->port = 2;
Reported by FlawFinder.
Line: 4993
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlx4_free_cmd_mailbox(dev, mailbox);
return -EINVAL;
}
memcpy(mailbox->buf, fs_rule->mirr_mbox, fs_rule->mirr_mbox_size);
err = mlx4_cmd_imm(dev, mailbox->dma, ®_id, fs_rule->mirr_mbox_size >> 2, 0,
MLX4_QP_FLOW_STEERING_ATTACH, MLX4_CMD_TIME_CLASS_A,
MLX4_CMD_NATIVE);
mlx4_free_cmd_mailbox(dev, mailbox);
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/diag/fw_tracer.c
7 issues
Line: 565
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
char tmp[512];
snprintf(tmp, sizeof(tmp), str_frmt->string,
str_frmt->params[0],
str_frmt->params[1],
str_frmt->params[2],
str_frmt->params[3],
str_frmt->params[4],
Reported by FlawFinder.
Line: 303
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
out_value = MLX5_ADDR_OF(mtrc_stdb, out, string_db_data);
memcpy(tracer->str_db.buffer[i] + offset, out_value,
STRINGS_DB_READ_SIZE_BYTES);
offset += STRINGS_DB_READ_SIZE_BYTES;
}
/* Strings database is aligned to 64, need to read leftovers*/
Reported by FlawFinder.
Line: 324
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
out_value = MLX5_ADDR_OF(mtrc_stdb, out, string_db_data);
memcpy(tracer->str_db.buffer[i] + offset, out_value,
STRINGS_DB_LEFTOVER_SIZE_BYTES);
offset += STRINGS_DB_LEFTOVER_SIZE_BYTES;
}
}
Reported by FlawFinder.
Line: 418
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* replace %llx with %x%x */
substr = strstr(pstr, VAL_PARM);
while (substr) {
memcpy(substr, REPLACE_64_VAL_PARM, 4);
pstr = substr;
substr = strstr(pstr, VAL_PARM);
}
/* count all the % characters */
Reported by FlawFinder.
Line: 563
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlx5_core_dev *dev,
u64 trace_timestamp)
{
char tmp[512];
snprintf(tmp, sizeof(tmp), str_frmt->string,
str_frmt->params[0],
str_frmt->params[1],
str_frmt->params[2],
Reported by FlawFinder.
Line: 682
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
start_offset = tracer->buff.consumer_index * TRACER_BLOCK_SIZE_BYTE;
/* Copy the block to local buffer to avoid HW override while being processed */
memcpy(tmp_trace_block, tracer->buff.log_buf + start_offset,
TRACER_BLOCK_SIZE_BYTE);
block_timestamp =
get_block_timestamp(tracer, &tmp_trace_block[TRACES_PER_BLOCK - 1]);
Reported by FlawFinder.
Line: 729
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tracer->last_timestamp = block_timestamp;
start_offset = tracer->buff.consumer_index * TRACER_BLOCK_SIZE_BYTE;
memcpy(tmp_trace_block, tracer->buff.log_buf + start_offset,
TRACER_BLOCK_SIZE_BYTE);
block_timestamp = get_block_timestamp(tracer,
&tmp_trace_block[TRACES_PER_BLOCK - 1]);
}
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
7 issues
Line: 210
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
syndrome = ntohl(resp->syndrome);
context->status_code = syndrome_to_errno(syndrome);
context->status = MLX5_FPGA_IPSEC_CMD_COMPLETE;
memcpy(&context->resp, resp, sizeof(*resp));
if (context->status_code)
mlx5_fpga_warn(fdev, "IPSec command failed with syndrome %08x\n",
syndrome);
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
context->dev = fdev;
context->buf.complete = mlx5_fpga_ipsec_send_complete;
init_completion(&context->complete);
memcpy(&context->command, cmd, cmd_size);
context->buf.sg[0].size = cmd_size;
context->buf.sg[0].data = &context->command;
spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
res = mlx5_fpga_sbu_conn_sendmsg(fdev->ipsec->conn, &context->buf);
Reported by FlawFinder.
Line: 468
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct aes_gcm_keymat *aes_gcm = &xfrm_attrs->keymat.aes_gcm;
/* key */
memcpy(&hw_sa->ipsec_sa_v1.key_enc, aes_gcm->aes_key,
aes_gcm->key_len / 8);
/* Duplicate 128 bit key twice according to HW layout */
if (aes_gcm->key_len == 128)
memcpy(&hw_sa->ipsec_sa_v1.key_enc[16],
aes_gcm->aes_key, aes_gcm->key_len / 8);
Reported by FlawFinder.
Line: 472
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aes_gcm->key_len / 8);
/* Duplicate 128 bit key twice according to HW layout */
if (aes_gcm->key_len == 128)
memcpy(&hw_sa->ipsec_sa_v1.key_enc[16],
aes_gcm->aes_key, aes_gcm->key_len / 8);
/* salt and seq_iv */
memcpy(&hw_sa->ipsec_sa_v1.gcm.salt_iv, &aes_gcm->seq_iv,
sizeof(aes_gcm->seq_iv));
Reported by FlawFinder.
Line: 476
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aes_gcm->aes_key, aes_gcm->key_len / 8);
/* salt and seq_iv */
memcpy(&hw_sa->ipsec_sa_v1.gcm.salt_iv, &aes_gcm->seq_iv,
sizeof(aes_gcm->seq_iv));
memcpy(&hw_sa->ipsec_sa_v1.gcm.salt, &aes_gcm->salt,
sizeof(aes_gcm->salt));
/* esn */
Reported by FlawFinder.
Line: 478
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* salt and seq_iv */
memcpy(&hw_sa->ipsec_sa_v1.gcm.salt_iv, &aes_gcm->seq_iv,
sizeof(aes_gcm->seq_iv));
memcpy(&hw_sa->ipsec_sa_v1.gcm.salt, &aes_gcm->salt,
sizeof(aes_gcm->salt));
/* esn */
if (xfrm_attrs->flags & MLX5_ACCEL_ESP_FLAGS_ESN_TRIGGERED) {
hw_sa->ipsec_sa_v1.flags |= MLX5_FPGA_IPSEC_SA_ESN_EN;
Reported by FlawFinder.
Line: 1548
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rollback_sa:
if (err) {
/* return original hw_sa to hash */
memcpy(&fpga_xfrm->sa_ctx->hw_sa, &org_hw_sa,
sizeof(org_hw_sa));
WARN_ON(rhashtable_insert_fast(&fipsec->sa_hash,
&fpga_xfrm->sa_ctx->hash,
rhash_sa));
}
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/pci.c
7 issues
Line: 688
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 wqe_counter = mlxsw_pci_cqe_wqe_counter_get(cqe);
u8 sendq = mlxsw_pci_cqe_sr_get(q->u.cq.v, cqe);
u8 dqn = mlxsw_pci_cqe_dqn_get(q->u.cq.v, cqe);
char ncqe[MLXSW_PCI_CQE_SIZE_MAX];
memcpy(ncqe, cqe, q->elem_size);
mlxsw_pci_queue_doorbell_consumer_ring(mlxsw_pci, q);
if (sendq) {
Reported by FlawFinder.
Line: 690
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 dqn = mlxsw_pci_cqe_dqn_get(q->u.cq.v, cqe);
char ncqe[MLXSW_PCI_CQE_SIZE_MAX];
memcpy(ncqe, cqe, q->elem_size);
mlxsw_pci_queue_doorbell_consumer_ring(mlxsw_pci, q);
if (sendq) {
struct mlxsw_pci_queue *sdq;
Reported by FlawFinder.
Line: 1449
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct pci_device_id *id)
{
struct pci_dev *pdev = mlxsw_pci->pdev;
char mrsr_pl[MLXSW_REG_MRSR_LEN];
u32 sys_status;
int err;
err = mlxsw_pci_sys_ready_wait(mlxsw_pci, id, &sys_status);
if (err) {
Reported by FlawFinder.
Line: 1742
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
if (in_mbox) {
memcpy(mlxsw_pci->cmd.in_mbox.buf, in_mbox, in_mbox_size);
in_mapaddr = mlxsw_pci->cmd.in_mbox.mapaddr;
}
mlxsw_pci_write32(mlxsw_pci, CIR_IN_PARAM_HI, upper_32_bits(in_mapaddr));
mlxsw_pci_write32(mlxsw_pci, CIR_IN_PARAM_LO, lower_32_bits(in_mapaddr));
Reported by FlawFinder.
Line: 1802
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!evreq) {
tmp = cpu_to_be32(mlxsw_pci_read32(mlxsw_pci,
CIR_OUT_PARAM_HI));
memcpy(out_mbox, &tmp, sizeof(tmp));
tmp = cpu_to_be32(mlxsw_pci_read32(mlxsw_pci,
CIR_OUT_PARAM_LO));
memcpy(out_mbox + sizeof(tmp), &tmp, sizeof(tmp));
}
} else if (!err && out_mbox) {
Reported by FlawFinder.
Line: 1805
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(out_mbox, &tmp, sizeof(tmp));
tmp = cpu_to_be32(mlxsw_pci_read32(mlxsw_pci,
CIR_OUT_PARAM_LO));
memcpy(out_mbox + sizeof(tmp), &tmp, sizeof(tmp));
}
} else if (!err && out_mbox) {
memcpy(out_mbox, mlxsw_pci->cmd.out_mbox.buf, out_mbox_size);
}
Reported by FlawFinder.
Line: 1808
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(out_mbox + sizeof(tmp), &tmp, sizeof(tmp));
}
} else if (!err && out_mbox) {
memcpy(out_mbox, mlxsw_pci->cmd.out_mbox.buf, out_mbox_size);
}
mutex_unlock(&mlxsw_pci->cmd.lock);
return err;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_atcam.c
7 issues
Line: 23
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MLXSW_SP_ACL_ATCAM_LKEY_ID_BLOCK_CLEAR_END 5
struct mlxsw_sp_acl_atcam_lkey_id_ht_key {
char enc_key[MLXSW_REG_PTCEX_FLEX_KEY_BLOCKS_LEN]; /* MSB blocks */
u8 erp_id;
};
struct mlxsw_sp_acl_atcam_lkey_id {
struct rhash_head ht_node;
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
lkey_id->id = id;
memcpy(&lkey_id->ht_key, ht_key, sizeof(*ht_key));
refcount_set(&lkey_id->refcnt, 1);
err = rhashtable_insert_fast(®ion_12kb->lkey_ht,
&lkey_id->ht_node,
mlxsw_sp_acl_atcam_lkey_id_ht_params);
Reported by FlawFinder.
Line: 279
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mlxsw_sp_acl_atcam_region_associate(struct mlxsw_sp *mlxsw_sp,
u16 region_id)
{
char perar_pl[MLXSW_REG_PERAR_LEN];
/* For now, just assume that every region has 12 key blocks */
u16 hw_region = region_id * 3;
u64 max_regions;
max_regions = MLXSW_CORE_RES_GET(mlxsw_sp->core, ACL_MAX_REGIONS);
Reported by FlawFinder.
Line: 388
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_acl_tcam_region *region = aregion->region;
u8 erp_id = mlxsw_sp_acl_erp_mask_erp_id(aentry->erp_mask);
struct mlxsw_sp_acl_atcam_lkey_id *lkey_id;
char ptce3_pl[MLXSW_REG_PTCE3_LEN];
u32 kvdl_index, priority;
int err;
err = mlxsw_sp_acl_tcam_priority_get(mlxsw_sp, rulei, &priority, true);
if (err)
Reported by FlawFinder.
Line: 429
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_acl_atcam_lkey_id *lkey_id = aentry->lkey_id;
struct mlxsw_sp_acl_tcam_region *region = aregion->region;
u8 erp_id = mlxsw_sp_acl_erp_mask_erp_id(aentry->erp_mask);
char ptce3_pl[MLXSW_REG_PTCE3_LEN];
mlxsw_reg_ptce3_pack(ptce3_pl, false, MLXSW_REG_PTCE3_OP_WRITE_WRITE, 0,
region->tcam_region_info,
aentry->enc_key, erp_id,
aentry->delta_info.start,
Reported by FlawFinder.
Line: 452
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_acl_atcam_lkey_id *lkey_id = aentry->lkey_id;
u8 erp_id = mlxsw_sp_acl_erp_mask_erp_id(aentry->erp_mask);
struct mlxsw_sp_acl_tcam_region *region = aregion->region;
char ptce3_pl[MLXSW_REG_PTCE3_LEN];
u32 kvdl_index, priority;
int err;
err = mlxsw_sp_acl_tcam_priority_get(mlxsw_sp, rulei, &priority, true);
if (err)
Reported by FlawFinder.
Line: 478
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_acl_rule_info *rulei)
{
struct mlxsw_sp_acl_tcam_region *region = aregion->region;
char mask[MLXSW_REG_PTCEX_FLEX_KEY_BLOCKS_LEN] = { 0 };
struct mlxsw_afk *afk = mlxsw_sp_acl_afk(mlxsw_sp->acl);
const struct mlxsw_sp_acl_erp_delta *delta;
struct mlxsw_sp_acl_erp_mask *erp_mask;
int err;
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c
7 issues
Line: 562
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NFP_PCIE_BAR_PCIE2CPP_MapType(
NFP_PCIE_BAR_PCIE2CPP_MapType_EXPLICIT3),
};
char status_msg[196] = {};
int i, err, bars_free;
struct nfp_bar *bar;
int expl_groups;
char *msg, *end;
Reported by FlawFinder.
Line: 766
Column: 18
CWE codes:
120
20
priv->width.read = PUSH_WIDTH(pp);
priv->width.write = PULL_WIDTH(pp);
if (priv->width.read > 0 &&
priv->width.write > 0 &&
priv->width.read != priv->width.write) {
return -EINVAL;
}
Reported by FlawFinder.
Line: 768
Column: 18
CWE codes:
120
20
priv->width.write = PULL_WIDTH(pp);
if (priv->width.read > 0 &&
priv->width.write > 0 &&
priv->width.read != priv->width.write) {
return -EINVAL;
}
if (priv->width.read > 0)
priv->width.bar = priv->width.read;
Reported by FlawFinder.
Line: 773
Column: 33
CWE codes:
120
20
}
if (priv->width.read > 0)
priv->width.bar = priv->width.read;
else
priv->width.bar = priv->width.write;
atomic_set(&priv->refcnt, 0);
priv->bar = NULL;
Reported by FlawFinder.
Line: 940
Column: 22
CWE codes:
120
20
if (offset + length > priv->size)
return -EFAULT;
width = priv->width.read;
if (width <= 0)
return -EINVAL;
/* MU reads via a PCIe2CPP BAR support 32bit (and other) lengths */
if (priv->target == (NFP_CPP_TARGET_MU & NFP_CPP_TARGET_ID_MASK) &&
Reported by FlawFinder.
drivers/net/ethernet/qlogic/netxen/netxen_nic_hw.c
7 issues
Line: 584
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pbuf->skb = NULL;
pbuf->frag_count = 0;
memcpy(&tx_ring->desc_head[producer],
&cmd_desc_arr[i], sizeof(struct cmd_desc_type0));
producer = get_next_index(producer, tx_ring->num_desc);
i++;
Reported by FlawFinder.
Line: 616
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mac_req = (nx_mac_req_t *)&req.words[0];
mac_req->op = op;
memcpy(mac_req->mac_addr, addr, ETH_ALEN);
return netxen_send_cmd_descs(adapter, (struct cmd_desc_type0 *)&req, 1);
}
static int nx_p3_nic_add_mac(struct netxen_adapter *adapter,
Reported by FlawFinder.
Line: 641
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cur == NULL)
return -ENOMEM;
memcpy(cur->mac_addr, addr, ETH_ALEN);
list_add_tail(&cur->list, &adapter->mac_list);
return nx_p3_sre_macaddr_change(adapter,
cur->mac_addr, NETXEN_MAC_ADD);
}
Reported by FlawFinder.
Line: 755
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
word[0] = NETXEN_CONFIG_INTR_COALESCE | ((u64)adapter->portnum << 16);
req.req_hdr = cpu_to_le64(word[0]);
memcpy(&word[0], &adapter->coal, sizeof(adapter->coal));
for (i = 0; i < 6; i++)
req.words[i] = cpu_to_le64(word[i]);
rv = netxen_send_cmd_descs(adapter, (struct cmd_desc_type0 *)&req, 1);
if (rv != 0) {
Reported by FlawFinder.
Line: 888
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req.req_hdr = cpu_to_le64(word);
req.words[0] = cpu_to_le64(cmd);
memcpy(&req.words[1], &ip, sizeof(u32));
rv = netxen_send_cmd_descs(adapter, (struct cmd_desc_type0 *)&req, 1);
if (rv != 0) {
printk(KERN_ERR "%s: could not notify %s IP 0x%x request\n",
adapter->netdev->name,
Reported by FlawFinder.
Line: 992
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
local = cpu_to_le32(v);
memcpy(ptr32, &local, (char *)buf + size - (char *)ptr32);
}
return 0;
}
Reported by FlawFinder.
Line: 2350
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
num_of_entries = template_hdr->num_of_entries;
entry = (struct netxen_minidump_entry *) ((char *) template_buff +
template_hdr->first_entry_offset);
memcpy(dump_buff, template_buff, adapter->mdump.md_template_size);
dump_buff = dump_buff + adapter->mdump.md_template_size;
if (template_hdr->entry_type == TLHDR)
sane_start = 1;
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_main.c
7 issues
Line: 1232
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int qed_slowpath_wq_start(struct qed_dev *cdev)
{
struct qed_hwfn *hwfn;
char name[NAME_SIZE];
int i;
if (IS_VF(cdev))
return 0;
Reported by FlawFinder.
Line: 1452
Column: 48
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
}
static void qed_set_name(struct qed_dev *cdev, char name[NAME_SIZE])
{
int i;
memcpy(cdev->name, name, NAME_SIZE);
for_each_hwfn(cdev, i)
Reported by FlawFinder.
Line: 1456
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
int i;
memcpy(cdev->name, name, NAME_SIZE);
for_each_hwfn(cdev, i)
snprintf(cdev->hwfns[i].name, NAME_SIZE, "%s-%d", name, i);
}
static u32 qed_sb_init(struct qed_dev *cdev,
Reported by FlawFinder.
Line: 1844
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = qed_mcp_get_link_params(hwfn);
if (!p)
return -ENXIO;
memcpy(params, p, sizeof(*params));
p = qed_mcp_get_link_state(hwfn);
if (!p)
return -ENXIO;
memcpy(link, p, sizeof(*link));
Reported by FlawFinder.
Line: 1849
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = qed_mcp_get_link_state(hwfn);
if (!p)
return -ENXIO;
memcpy(link, p, sizeof(*link));
p = qed_mcp_get_link_capabilities(hwfn);
if (!p)
return -ENXIO;
memcpy(link_caps, p, sizeof(*link_caps));
Reported by FlawFinder.
Line: 1854
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = qed_mcp_get_link_capabilities(hwfn);
if (!p)
return -ENXIO;
memcpy(link_caps, p, sizeof(*link_caps));
return 0;
}
static void qed_fill_link_capability(struct qed_hwfn *hwfn,
Reported by FlawFinder.
Line: 2579
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(*data)++;
len = **data;
(*data)++;
memcpy(buf, *data, len);
*data += len;
flags = 0;
if (need_nvm_init) {
flags |= QED_NVM_CFG_OPTION_INIT;
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c
7 issues
Line: 204
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!qlcnic_sriov_pf_check(adapter) || (vlan_id == 0xffff))
vlan_id = 0;
memcpy(&src_addr, phdr->h_source, ETH_ALEN);
hindex = qlcnic_mac_hash(src_addr, vlan_id) &
(adapter->fhash.fbucket_size - 1);
if (loopback_pkt) {
if (adapter->rx_fhash.fnum >= adapter->rx_fhash.fmax)
Reported by FlawFinder.
Line: 227
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
fil->ftime = jiffies;
memcpy(fil->faddr, &src_addr, ETH_ALEN);
fil->vlan_id = vlan_id;
spin_lock(&adapter->rx_mac_learn_lock);
hlist_add_head(&(fil->fnode), head);
adapter->rx_fhash.fnum++;
spin_unlock(&adapter->rx_mac_learn_lock);
Reported by FlawFinder.
Line: 291
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mac_req = (struct qlcnic_mac_req *)&(req->words[0]);
mac_req->op = vlan_id ? QLCNIC_MAC_VLAN_ADD : QLCNIC_MAC_ADD;
memcpy(mac_req->mac_addr, uaddr, ETH_ALEN);
vlan_req = (struct qlcnic_vlan_req *)&req->words[1];
vlan_req->vlan_id = cpu_to_le16(vlan_id);
tx_ring->producer = get_next_index(producer, tx_ring->num_desc);
Reported by FlawFinder.
Line: 327
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(&src_addr, phdr->h_source, ETH_ALEN);
hval = qlcnic_mac_hash(src_addr, vlan_id);
hindex = hval & (adapter->fhash.fbucket_size - 1);
head = &(adapter->fhash.fhead[hindex]);
hlist_for_each_entry_safe(tmp_fil, n, head, fnode) {
Reported by FlawFinder.
Line: 355
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qlcnic_change_filter(adapter, &src_addr, vlan_id, tx_ring);
fil->ftime = jiffies;
fil->vlan_id = vlan_id;
memcpy(fil->faddr, &src_addr, ETH_ALEN);
spin_lock(&adapter->mac_learn_lock);
hlist_add_head(&(fil->fnode), head);
adapter->fhash.fnum++;
spin_unlock(&adapter->mac_learn_lock);
}
Reported by FlawFinder.
Line: 495
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (*(skb->data) & BIT_0) {
flags |= BIT_0;
memcpy(&first_desc->eth_addr, skb->data, ETH_ALEN);
}
opcode = QLCNIC_TX_ETHER_PKT;
if (skb_is_gso(skb)) {
hdr_len = skb_transport_offset(skb) + tcp_hdrlen(skb);
first_desc->mss = cpu_to_le16(skb_shinfo(skb)->gso_size);
Reported by FlawFinder.
Line: 1481
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void dump_skb(struct sk_buff *skb, struct qlcnic_adapter *adapter)
{
if (adapter->ahw->msg_enable & NETIF_MSG_DRV) {
char prefix[30];
scnprintf(prefix, sizeof(prefix), "%s: %s: ",
dev_name(&adapter->pdev->dev), __func__);
print_hex_dump_debug(prefix, DUMP_PREFIX_NONE, 16, 1,
Reported by FlawFinder.
drivers/net/ethernet/sfc/mcdi_mon.c
7 issues
Line: 274
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct efx_mcdi_mon_attribute *mon_attr =
container_of(attr, struct efx_mcdi_mon_attribute, dev_attr);
return sprintf(buf, "%s\n",
efx_mcdi_sensor_type[mon_attr->type].label);
}
static void
efx_mcdi_mon_add_attr(struct efx_nic *efx, const char *name,
Reported by FlawFinder.
Line: 27
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EFX_HWMON_TYPES_COUNT
};
static const char *const efx_hwmon_unit[EFX_HWMON_TYPES_COUNT] = {
[EFX_HWMON_TEMP] = " degC",
[EFX_HWMON_COOL] = " rpm", /* though nonsense for a heatsink */
[EFX_HWMON_IN] = " mV",
[EFX_HWMON_CURR] = " mA",
[EFX_HWMON_POWER] = " W",
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int type;
enum efx_hwmon_type hwmon_type;
unsigned int limit_value;
char name[12];
};
static int efx_mcdi_mon_update(struct efx_nic *efx)
{
struct efx_mcdi_mon *hwmon = efx_mcdi_mon(efx);
Reported by FlawFinder.
Line: 220
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%u\n", value);
}
static ssize_t efx_mcdi_mon_show_limit(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 247
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
}
return sprintf(buf, "%u\n", value);
}
static ssize_t efx_mcdi_mon_show_alarm(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 265
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return rc;
state = EFX_DWORD_FIELD(entry, MC_CMD_SENSOR_VALUE_ENTRY_TYPEDEF_STATE);
return sprintf(buf, "%d\n", state != MC_CMD_SENSOR_STATE_OK);
}
static ssize_t efx_mcdi_mon_show_label(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 311
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MCDI_DECLARE_BUF(outbuf, MC_CMD_SENSOR_INFO_OUT_LENMAX);
unsigned int n_pages, n_sensors, n_attrs, page;
size_t outlen;
char name[12];
u32 mask;
int rc, i, j, type;
/* Find out how many sensors are present */
n_sensors = 0;
Reported by FlawFinder.