The following issues were found
drivers/net/ethernet/cavium/thunder/nicvf_main.c
6 issues
Line: 1124
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int irq, ret = 0;
for_each_cq_irq(irq)
sprintf(nic->irq_name[irq], "%s-rxtx-%d",
nic->pnicvf->netdev->name,
nicvf_netdev_qidx(nic, irq));
for_each_sq_irq(irq)
sprintf(nic->irq_name[irq], "%s-sq-%d",
Reported by FlawFinder.
Line: 1129
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
nicvf_netdev_qidx(nic, irq));
for_each_sq_irq(irq)
sprintf(nic->irq_name[irq], "%s-sq-%d",
nic->pnicvf->netdev->name,
nicvf_netdev_qidx(nic, irq - NICVF_INTR_ID_SQ));
for_each_rbdr_irq(irq)
sprintf(nic->irq_name[irq], "%s-rbdr-%d",
Reported by FlawFinder.
Line: 1134
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
nicvf_netdev_qidx(nic, irq - NICVF_INTR_ID_SQ));
for_each_rbdr_irq(irq)
sprintf(nic->irq_name[irq], "%s-rbdr-%d",
nic->pnicvf->netdev->name,
nic->sqs_mode ? (nic->sqs_id + 1) : 0);
/* Register CQ interrupts */
for (irq = 0; irq < nic->qs->cq_cnt; irq++) {
Reported by FlawFinder.
Line: 1160
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
/* Register QS error interrupt */
sprintf(nic->irq_name[NICVF_INTR_ID_QS_ERR], "%s-qset-err-%d",
nic->pnicvf->netdev->name,
nic->sqs_mode ? (nic->sqs_id + 1) : 0);
irq = NICVF_INTR_ID_QS_ERR;
ret = request_irq(pci_irq_vector(nic->pdev, irq),
nicvf_qs_err_intr_handler,
Reported by FlawFinder.
Line: 1230
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 1;
}
sprintf(nic->irq_name[irq], "%s Mbox", "NICVF");
/* Register Misc interrupt */
ret = request_irq(pci_irq_vector(nic->pdev, irq),
nicvf_misc_intr_handler, 0, nic->irq_name[irq], nic);
if (ret)
Reported by FlawFinder.
Line: 1615
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(netdev->dev_addr, addr->sa_data, netdev->addr_len);
if (nic->pdev->msix_enabled) {
if (nicvf_hw_set_mac_addr(nic, netdev))
return -EBUSY;
} else {
Reported by FlawFinder.
drivers/net/ethernet/cavium/liquidio/octeon_device.h
6 issues
Line: 222
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 input_base_addr;
u64 output_base_addr;
octeon_console_print_fn print;
char leftover[OCTEON_CONSOLE_MAX_READ_BYTES];
};
struct octeon_board_info {
char name[OCT_BOARD_NAME];
char serial_number[OCT_SERIAL_LEN];
Reported by FlawFinder.
Line: 226
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct octeon_board_info {
char name[OCT_BOARD_NAME];
char serial_number[OCT_SERIAL_LEN];
u64 major;
u64 minor;
};
Reported by FlawFinder.
Line: 227
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct octeon_board_info {
char name[OCT_BOARD_NAME];
char serial_number[OCT_SERIAL_LEN];
u64 major;
u64 minor;
};
struct octeon_fn_list {
Reported by FlawFinder.
Line: 278
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 size;
/** name of named block */
char name[CVMX_BOOTMEM_NAME_LEN];
};
struct oct_fw_info {
u32 max_nic_ports; /** max nic ports for the device */
u32 num_gmx_ports; /** num gmx ports */
Reported by FlawFinder.
Line: 290
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* See octeon-drv-opcodes.h for values.
*/
u32 app_mode;
char liquidio_firmware_version[32];
/* Fields extracted from legacy string 'liquidio_firmware_version' */
struct {
u8 maj;
u8 min;
u8 rev;
Reported by FlawFinder.
Line: 540
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct oct_fw_info fw_info;
/** The name given to this device. */
char device_name[32];
/** Application Context */
void *app_ctx;
struct cavium_wq dma_comp_wq;
Reported by FlawFinder.
drivers/media/dvb-core/dmxdev.c
6 issues
Line: 751
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(*secfilter)->priv = filter;
memcpy(&((*secfilter)->filter_value[3]),
&(para->filter.filter[1]), DMX_FILTER_SIZE - 1);
memcpy(&(*secfilter)->filter_mask[3],
¶->filter.mask[1], DMX_FILTER_SIZE - 1);
memcpy(&(*secfilter)->filter_mode[3],
¶->filter.mode[1], DMX_FILTER_SIZE - 1);
Reported by FlawFinder.
Line: 753
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&((*secfilter)->filter_value[3]),
&(para->filter.filter[1]), DMX_FILTER_SIZE - 1);
memcpy(&(*secfilter)->filter_mask[3],
¶->filter.mask[1], DMX_FILTER_SIZE - 1);
memcpy(&(*secfilter)->filter_mode[3],
¶->filter.mode[1], DMX_FILTER_SIZE - 1);
(*secfilter)->filter_value[0] = para->filter.filter[0];
Reported by FlawFinder.
Line: 755
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&(para->filter.filter[1]), DMX_FILTER_SIZE - 1);
memcpy(&(*secfilter)->filter_mask[3],
¶->filter.mask[1], DMX_FILTER_SIZE - 1);
memcpy(&(*secfilter)->filter_mode[3],
¶->filter.mode[1], DMX_FILTER_SIZE - 1);
(*secfilter)->filter_value[0] = para->filter.filter[0];
(*secfilter)->filter_mask[0] = para->filter.mask[0];
(*secfilter)->filter_mode[0] = para->filter.mode[0];
Reported by FlawFinder.
Line: 931
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dvb_dmxdev_filter_stop(dmxdevfilter);
dmxdevfilter->type = DMXDEV_TYPE_SEC;
memcpy(&dmxdevfilter->params.sec,
params, sizeof(struct dmx_sct_filter_params));
invert_mode(&dmxdevfilter->params.sec.filter);
dvb_dmxdev_filter_state_set(dmxdevfilter, DMXDEV_STATE_SET);
if (params->flags & DMX_IMMEDIATE_START)
Reported by FlawFinder.
Line: 955
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
dmxdevfilter->type = DMXDEV_TYPE_PES;
memcpy(&dmxdevfilter->params, params,
sizeof(struct dmx_pes_filter_params));
INIT_LIST_HEAD(&dmxdevfilter->feed.ts);
dvb_dmxdev_filter_state_set(dmxdevfilter, DMXDEV_STATE_SET);
Reported by FlawFinder.
Line: 1418
Column: 21
CWE codes:
362
{
int i;
if (dmxdev->demux->open(dmxdev->demux) < 0)
return -EUSERS;
dmxdev->filter = vmalloc(array_size(sizeof(struct dmxdev_filter),
dmxdev->filternum));
if (!dmxdev->filter)
Reported by FlawFinder.
drivers/media/dvb-core/dvb_demux.c
6 issues
Line: 106
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void dvb_dmx_memcopy(struct dvb_demux_feed *f, u8 *d, const u8 *s,
size_t len)
{
memcpy(d, s, len);
}
/******************************************************************************
* Software filter functions
******************************************************************************/
Reported by FlawFinder.
Line: 560
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i = demux->tsbufp;
j = pktsize - i;
if (count < j) {
memcpy(&demux->tsbuf[i], buf, count);
demux->tsbufp += count;
goto bailout;
}
memcpy(&demux->tsbuf[i], buf, j);
if (demux->tsbuf[0] == 0x47) /* double check */
Reported by FlawFinder.
Line: 564
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
demux->tsbufp += count;
goto bailout;
}
memcpy(&demux->tsbuf[i], buf, j);
if (demux->tsbuf[0] == 0x47) /* double check */
dvb_dmx_swfilter_packet(demux, demux->tsbuf);
demux->tsbufp = 0;
p += j;
}
Reported by FlawFinder.
Line: 581
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
q = &buf[p];
if (pktsize == 204 && (*q == 0xB8)) {
memcpy(demux->tsbuf, q, 188);
demux->tsbuf[0] = 0x47;
q = demux->tsbuf;
}
dvb_dmx_swfilter_packet(demux, q);
p += pktsize;
Reported by FlawFinder.
Line: 591
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i = count - p;
if (i) {
memcpy(demux->tsbuf, &buf[p], i);
demux->tsbufp = i;
if (pktsize == 204 && demux->tsbuf[0] == 0xB8)
demux->tsbuf[0] = 0x47;
}
Reported by FlawFinder.
Line: 1240
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct dvb_demux *dvbdemux = (struct dvb_demux *)demux;
memcpy(pids, dvbdemux->pids, 5 * sizeof(u16));
return 0;
}
int dvb_dmx_init(struct dvb_demux *dvbdemux)
{
Reported by FlawFinder.
drivers/media/dvb-core/dvb_ringbuffer.c
6 issues
Line: 166
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
split = (rbuf->pread + len > rbuf->size) ? rbuf->size - rbuf->pread : 0;
if (split > 0) {
memcpy(buf, rbuf->data+rbuf->pread, split);
buf += split;
todo -= split;
/* smp_store_release() for read pointer update to ensure
* that buf is not overwritten until read is complete,
* this pairs with READ_ONCE() in dvb_ringbuffer_free()
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
smp_store_release(&rbuf->pread, 0);
}
memcpy(buf, rbuf->data+rbuf->pread, todo);
/* smp_store_release() to update read pointer, see above */
smp_store_release(&rbuf->pread, (rbuf->pread + todo) % rbuf->size);
}
Reported by FlawFinder.
Line: 190
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
split = (rbuf->pwrite + len > rbuf->size) ? rbuf->size - rbuf->pwrite : 0;
if (split > 0) {
memcpy(rbuf->data+rbuf->pwrite, buf, split);
buf += split;
todo -= split;
/* smp_store_release() for write pointer update to ensure that
* written data is visible on other cpu cores before the pointer
* update, this pairs with smp_load_acquire() in
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
smp_store_release(&rbuf->pwrite, 0);
}
memcpy(rbuf->data+rbuf->pwrite, buf, todo);
/* smp_store_release() for write pointer update, see above */
smp_store_release(&rbuf->pwrite, (rbuf->pwrite + todo) % rbuf->size);
return len;
}
Reported by FlawFinder.
Line: 296
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
todo = len;
split = ((idx + len) > rbuf->size) ? rbuf->size - idx : 0;
if (split > 0) {
memcpy(buf, rbuf->data+idx, split);
buf += split;
todo -= split;
idx = 0;
}
memcpy(buf, rbuf->data+idx, todo);
Reported by FlawFinder.
Line: 301
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
todo -= split;
idx = 0;
}
memcpy(buf, rbuf->data+idx, todo);
return len;
}
void dvb_ringbuffer_pkt_dispose(struct dvb_ringbuffer *rbuf, size_t idx)
{
Reported by FlawFinder.
drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c
6 issues
Line: 75
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sc->sc_status = OCTEON_REQUEST_PENDING;
sc_req = (struct lio_vf_rep_req *)sc->virtdptr;
memcpy(sc_req, req, req_size);
rep_resp = (struct lio_vf_rep_resp *)sc->virtrptr;
memset(rep_resp, 0, tot_resp_size);
WRITE_ONCE(rep_resp->status, 1);
Reported by FlawFinder.
Line: 97
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
dev_err(&oct->pci_dev->dev, "VF rep send config failed\n");
else if (resp)
memcpy(resp, (rep_resp + 1), resp_size);
WRITE_ONCE(sc->caller_is_done, true);
return err;
free_buff:
Reported by FlawFinder.
Line: 273
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pg_info->page) {
va = page_address(pg_info->page) +
pg_info->page_offset;
memcpy(skb->data, va, MIN_SKB_SIZE);
skb_put(skb, MIN_SKB_SIZE);
}
skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags,
pg_info->page,
Reported by FlawFinder.
Line: 482
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ret) {
octeon_swap_8B_data((u64 *)&stats, (sizeof(stats) >> 3));
memcpy(&vf_rep->stats, &stats, sizeof(stats));
}
schedule_delayed_work(&vf_rep->stats_wk.work,
msecs_to_jiffies(LIO_VF_REP_STATS_POLL_TIME_MS));
}
Reported by FlawFinder.
Line: 631
Column: 6
CWE codes:
126
vf_rep = netdev_priv(ndev);
oct = vf_rep->oct;
if (strlen(ndev->name) > LIO_IF_NAME_SIZE) {
dev_err(&oct->pci_dev->dev,
"Device name change sync failed as the size is > %d\n",
LIO_IF_NAME_SIZE);
return NOTIFY_DONE;
}
Reported by FlawFinder.
Line: 641
Column: 2
CWE codes:
120
memset(&rep_cfg, 0, sizeof(rep_cfg));
rep_cfg.req_type = LIO_VF_REP_REQ_DEVNAME;
rep_cfg.ifidx = vf_rep->ifidx;
strncpy(rep_cfg.rep_name.name, ndev->name, LIO_IF_NAME_SIZE);
ret = lio_vf_rep_send_soft_command(oct, &rep_cfg,
sizeof(rep_cfg), NULL, 0);
if (ret)
dev_err(&oct->pci_dev->dev,
Reported by FlawFinder.
drivers/media/dvb-frontends/dib9000.c
6 issues
Line: 347
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
do {
l = len < chunk_size ? len : chunk_size;
state->msg[0].len = l + 2;
memcpy(&state->i2c_write_buffer[2], buf, l);
ret = i2c_transfer(state->i2c.i2c_adap, state->msg, 1) != 1 ? -EREMOTEIO : 0;
buf += l;
len -= l;
Reported by FlawFinder.
Line: 741
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
block = state->platform.risc.message_cache[i];
if ((*block >> 8) == id) {
*size = (*block & 0xff) - 1;
memcpy(msg, block + 1, (*size) * 2);
*block = 0; /* free the block */
i = 0; /* signal that we found a message */
break;
}
}
Reported by FlawFinder.
Line: 1988
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct dib9000_state *state = fe->demodulator_priv;
memcpy(&state->channel_status, channel_status, sizeof(struct dvb_frontend_parametersContext));
return 0;
}
static int dib9000_set_frontend(struct dvb_frontend *fe)
{
Reported by FlawFinder.
Line: 2034
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dib9000_fw_set_diversity_in(state->fe[index_frontend], 1);
/* synchronization of the cache */
memcpy(&state->fe[index_frontend]->dtv_property_cache, &fe->dtv_property_cache, sizeof(struct dtv_frontend_properties));
state->fe[index_frontend]->dtv_property_cache.delivery_system = SYS_DVBT;
dib9000_fw_set_output_mode(state->fe[index_frontend], OUTMODE_HIGH_Z);
dib9000_set_channel_status(state->fe[index_frontend], &state->channel_status);
Reported by FlawFinder.
Line: 2486
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
}
memcpy(&st->chip.d9.cfg, cfg, sizeof(struct dib9000_config));
st->i2c.i2c_adap = i2c_adap;
st->i2c.i2c_addr = i2c_addr;
st->i2c.i2c_write_buffer = st->i2c_write_buffer;
st->i2c.i2c_read_buffer = st->i2c_read_buffer;
Reported by FlawFinder.
Line: 2507
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
st->fe[0] = fe;
fe->demodulator_priv = st;
memcpy(&st->fe[0]->ops, &dib9000_ops, sizeof(struct dvb_frontend_ops));
/* Ensure the output mode remains at the previous default if it's
* not specifically set by the caller.
*/
if ((st->chip.d9.cfg.output_mode != OUTMODE_MPEG2_SERIAL) && (st->chip.d9.cfg.output_mode != OUTMODE_MPEG2_PAR_GATED_CLK))
Reported by FlawFinder.
drivers/media/dvb-frontends/helene.c
6 issues
Line: 505
Column: 19
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
dev_dbg(&priv->i2c->dev,
"%s(): HELENE DTV system %d (delsys %d, bandwidth %d)\n",
__func__, (int)system, p->delivery_system,
p->bandwidth_hz);
return system;
}
static int helene_set_params_s(struct dvb_frontend *fe)
Reported by FlawFinder.
Line: 507
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
"%s(): HELENE DTV system %d (delsys %d, bandwidth %d)\n",
__func__, (int)system, p->delivery_system,
p->bandwidth_hz);
return system;
}
static int helene_set_params_s(struct dvb_frontend *fe)
{
u8 data[MAX_WRITE_REGSIZE];
Reported by FlawFinder.
Line: 310
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
helene_i2c_debug(priv, reg, 1, data, len);
buf[0] = reg;
memcpy(&buf[1], data, len);
ret = i2c_transfer(priv->i2c, msg, 1);
if (ret >= 0 && ret != 1)
ret = -EREMOTEIO;
if (ret < 0) {
dev_warn(&priv->i2c->dev,
Reported by FlawFinder.
Line: 1020
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fe->ops.i2c_gate_ctrl)
fe->ops.i2c_gate_ctrl(fe, 0);
memcpy(&fe->ops.tuner_ops, &helene_tuner_ops_s,
sizeof(struct dvb_tuner_ops));
fe->tuner_priv = priv;
dev_info(&priv->i2c->dev,
"Sony HELENE Sat attached on addr=%x at I2C adapter %p\n",
priv->i2c_address, priv->i2c);
Reported by FlawFinder.
Line: 1056
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fe->ops.i2c_gate_ctrl)
fe->ops.i2c_gate_ctrl(fe, 0);
memcpy(&fe->ops.tuner_ops, &helene_tuner_ops_t,
sizeof(struct dvb_tuner_ops));
fe->tuner_priv = priv;
dev_info(&priv->i2c->dev,
"Sony HELENE Ter attached on addr=%x at I2C adapter %p\n",
priv->i2c_address, priv->i2c);
Reported by FlawFinder.
Line: 1093
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fe->ops.i2c_gate_ctrl)
fe->ops.i2c_gate_ctrl(fe, 0);
memcpy(&fe->ops.tuner_ops, &helene_tuner_ops,
sizeof(struct dvb_tuner_ops));
fe->tuner_priv = priv;
i2c_set_clientdata(client, priv);
dev_info(dev, "Sony HELENE attached on addr=%x at I2C adapter %p\n",
Reported by FlawFinder.
drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
6 issues
Line: 191
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define REG_RD_DMAE(bp, offset, valp, len32) \
do { \
bnx2x_read_dmae(bp, offset, len32);\
memcpy(valp, bnx2x_sp(bp, wb_data[0]), (len32) * 4); \
} while (0)
#define REG_WR_DMAE(bp, offset, valp, len32) \
do { \
memcpy(bnx2x_sp(bp, wb_data[0]), valp, (len32) * 4); \
Reported by FlawFinder.
Line: 196
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define REG_WR_DMAE(bp, offset, valp, len32) \
do { \
memcpy(bnx2x_sp(bp, wb_data[0]), valp, (len32) * 4); \
bnx2x_write_dmae(bp, bnx2x_sp_mapping(bp, wb_data), \
offset, len32); \
} while (0)
#define REG_WR_DMAE_LEN(bp, offset, valp, len32) \
Reported by FlawFinder.
Line: 206
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define VIRT_WR_DMAE_LEN(bp, data, addr, len32, le32_swap) \
do { \
memcpy(GUNZIP_BUF(bp), data, (len32) * 4); \
bnx2x_write_big_buf_wb(bp, addr, len32); \
} while (0)
#define SHMEM_ADDR(bp, field) (bp->common.shmem_base + \
offsetof(struct shmem_region, field))
Reported by FlawFinder.
Line: 616
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
4 ('-Xx-' string) +
4 (for the digits and to make it DWORD aligned) */
#define FP_NAME_SIZE (sizeof(((struct net_device *)0)->name) + 8)
char name[FP_NAME_SIZE];
struct bnx2x_alloc_pool page_pool;
};
#define bnx2x_fp(bp, nr, var) ((bp)->fp[(nr)].var)
Reported by FlawFinder.
Line: 1082
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union cdu_context {
struct eth_context eth;
char pad[1024];
};
/* CDU host DB constants */
#define CDU_ILT_PAGE_SZ_HW 2
#define CDU_ILT_PAGE_SZ (8192 << CDU_ILT_PAGE_SZ_HW) /* 32K */
Reported by FlawFinder.
Line: 1759
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define INIT_CSEM_PRAM_DATA(bp) (bp->csem_pram_data)
#define PHY_FW_VER_LEN 20
char fw_ver[32];
const struct firmware *firmware;
struct bnx2x_vfdb *vfdb;
#define IS_SRIOV(bp) ((bp)->vfdb)
Reported by FlawFinder.
drivers/net/ethernet/broadcom/bcmsysport.c
6 issues
Line: 370
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct bcm_sysport_priv *priv = netdev_priv(dev);
const struct bcm_sysport_stats *s;
char buf[128];
int i, j;
switch (stringset) {
case ETH_SS_STATS:
for (i = 0, j = 0; i < BCM_SYSPORT_STATS_LEN; i++) {
Reported by FlawFinder.
Line: 381
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
!bcm_sysport_lite_stat_valid(s->type))
continue;
memcpy(data + j * ETH_GSTRING_LEN, s->stat_string,
ETH_GSTRING_LEN);
j++;
}
for (i = 0; i < dev->num_tx_queues; i++) {
Reported by FlawFinder.
Line: 388
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < dev->num_tx_queues; i++) {
snprintf(buf, sizeof(buf), "txq%d_packets", i);
memcpy(data + j * ETH_GSTRING_LEN, buf,
ETH_GSTRING_LEN);
j++;
snprintf(buf, sizeof(buf), "txq%d_bytes", i);
memcpy(data + j * ETH_GSTRING_LEN, buf,
Reported by FlawFinder.
Line: 393
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
j++;
snprintf(buf, sizeof(buf), "txq%d_bytes", i);
memcpy(data + j * ETH_GSTRING_LEN, buf,
ETH_GSTRING_LEN);
j++;
}
break;
default:
Reported by FlawFinder.
Line: 543
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!(priv->wolopts & WAKE_MAGICSECURE))
return;
memcpy(wol->sopass, priv->sopass, sizeof(priv->sopass));
}
static int bcm_sysport_set_wol(struct net_device *dev,
struct ethtool_wolinfo *wol)
{
Reported by FlawFinder.
Line: 1849
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EINVAL;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
/* interface is disabled, changes to MAC will be reflected on next
* open call
*/
if (!netif_running(dev))
Reported by FlawFinder.