The following issues were found
drivers/net/ethernet/atheros/atl1e/atl1e_main.c
6 issues
Line: 377
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (netif_running(netdev))
return -EBUSY;
memcpy(netdev->dev_addr, addr->sa_data, netdev->addr_len);
memcpy(adapter->hw.mac_addr, addr->sa_data, netdev->addr_len);
atl1e_hw_set_mac_addr(&adapter->hw);
return 0;
Reported by FlawFinder.
Line: 378
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EBUSY;
memcpy(netdev->dev_addr, addr->sa_data, netdev->addr_len);
memcpy(adapter->hw.mac_addr, addr->sa_data, netdev->addr_len);
atl1e_hw_set_mac_addr(&adapter->hw);
return 0;
}
Reported by FlawFinder.
Line: 1453
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (skb == NULL)
goto skip_pkt;
memcpy(skb->data, (u8 *)(prrs + 1), packet_size);
skb_put(skb, packet_size);
skb->protocol = eth_type_trans(skb, netdev);
atl1e_rx_checksum(adapter, skb, prrs);
if (prrs->pkt_flag & RRS_IS_VLAN_TAG) {
Reported by FlawFinder.
Line: 1742
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
use_tpd = tpd;
} else {
use_tpd = atl1e_get_tpd(adapter);
memcpy(use_tpd, tpd, sizeof(struct atl1e_tpd_desc));
}
tx_buffer = atl1e_get_tx_buffer(adapter, use_tpd);
tx_buffer->skb = NULL;
tx_buffer->length = map_len =
Reported by FlawFinder.
Line: 1790
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
seg_num = (buf_len + MAX_TX_BUF_LEN - 1) / MAX_TX_BUF_LEN;
for (i = 0; i < seg_num; i++) {
use_tpd = atl1e_get_tpd(adapter);
memcpy(use_tpd, tpd, sizeof(struct atl1e_tpd_desc));
tx_buffer = atl1e_get_tx_buffer(adapter, use_tpd);
BUG_ON(tx_buffer->skb);
tx_buffer->skb = NULL;
Reported by FlawFinder.
Line: 2395
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_eeprom;
}
memcpy(netdev->dev_addr, adapter->hw.mac_addr, netdev->addr_len);
netdev_dbg(netdev, "mac address : %pM\n", adapter->hw.mac_addr);
INIT_WORK(&adapter->reset_task, atl1e_reset_task);
INIT_WORK(&adapter->link_chg_task, atl1e_link_chg_task);
netif_set_gso_max_size(netdev, MAX_TSO_SEG_SIZE);
Reported by FlawFinder.
drivers/media/dvb-frontends/mxl692.c
6 issues
Line: 286
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#endif
plocal_buf += sizeof(u32);
memcpy(plocal_buf, &buffer[ix], chunk_len);
convert_endian(chunk_len, plocal_buf);
if (mxl692_i2c_write(dev, local_buf,
(chunk_len + MXL_EAGLE_I2C_MHEADER_SIZE)) < 0) {
status = -EREMOTEIO;
break;
Reported by FlawFinder.
Line: 329
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*(u32 *)plocal_buf = addr;
plocal_buf += sizeof(u32);
memcpy(plocal_buf, buffer, total_len);
#ifdef __BIG_ENDIAN
convert_endian(sizeof(u32) + total_len, local_buf + 2);
#endif
if (mxl692_i2c_write(dev, local_buf,
(total_len + MXL_EAGLE_I2C_MHEADER_SIZE)) < 0) {
Reported by FlawFinder.
Line: 406
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*plocal_buf++ = 0xFE;
*plocal_buf++ = (u8)total_len;
memcpy(plocal_buf, buffer, total_len);
convert_endian(total_len, plocal_buf);
if (mxl692_i2c_write(dev, local_buf,
(total_len + MXL_EAGLE_I2C_PHEADER_SIZE)) < 0) {
status = -EREMOTEIO;
Reported by FlawFinder.
Line: 484
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->seqnum = 1;
if (tx_payload && tx_payload_size > 0)
memcpy(&tx_buf[MXL_EAGLE_HOST_MSG_HEADER_SIZE], tx_payload, tx_payload_size);
mxl692_tx_swap(opcode, tx_buf);
tx_header->checksum = 0;
tx_header->checksum = mxl692_checksum(tx_buf,
Reported by FlawFinder.
Line: 564
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
status = -EREMOTEIO;
goto err_finish;
}
memcpy(rx_payload, rx_buf + MXL_EAGLE_HOST_MSG_HEADER_SIZE,
rx_header->payload_size);
}
err_finish:
if (status)
dev_dbg(&dev->i2c_client->dev, "err %d\n", status);
Reported by FlawFinder.
Line: 1334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err;
}
memcpy(&dev->fe.ops, &mxl692_ops, sizeof(struct dvb_frontend_ops));
dev->fe.demodulator_priv = dev;
dev->i2c_client = client;
*config->fe = &dev->fe;
mutex_init(&dev->i2c_lock);
i2c_set_clientdata(client, dev);
Reported by FlawFinder.
drivers/net/ethernet/amd/xgbe/xgbe.h
6 issues
Line: 495
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* a DMA channel.
*/
struct xgbe_channel {
char name[16];
/* Address of private data area for device */
struct xgbe_prv_data *pdata;
/* Queue index and base address of queue's DMA registers */
Reported by FlawFinder.
Line: 506
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Per channel interrupt irq number */
int dma_irq;
char dma_irq_name[IFNAMSIZ + 32];
/* Netdev related settings */
struct napi_struct napi;
/* Per channel interrupt enablement tracker */
Reported by FlawFinder.
Line: 1090
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int channel_irq_count;
unsigned int channel_irq_mode;
char ecc_name[IFNAMSIZ + 32];
struct xgbe_hw_if hw_if;
struct xgbe_phy_if phy_if;
struct xgbe_desc_if desc_if;
struct xgbe_i2c_if i2c_if;
Reported by FlawFinder.
Line: 1172
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 vxlan_port;
/* Netdev related settings */
unsigned char mac_addr[ETH_ALEN];
netdev_features_t netdev_features;
struct napi_struct napi;
struct xgbe_mmc_stats mmc_stats;
struct xgbe_ext_stats ext_stats;
Reported by FlawFinder.
Line: 1236
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int kr_redrv;
char an_name[IFNAMSIZ + 32];
struct workqueue_struct *an_workqueue;
int an_irq;
struct work_struct an_irq_work;
Reported by FlawFinder.
Line: 1262
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xgbe_i2c i2c;
struct mutex i2c_mutex;
struct completion i2c_complete;
char i2c_name[IFNAMSIZ + 32];
unsigned int lpm_ctrl; /* CTRL1 for resume */
unsigned int isr_as_tasklet;
struct tasklet_struct tasklet_dev;
Reported by FlawFinder.
drivers/net/ethernet/amd/lance.c
6 issues
Line: 247
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sk_buff* rx_skbuff[RX_RING_SIZE];
unsigned long rx_buffs; /* Address of Rx and Tx buffers. */
/* Tx low-memory "bounce buffer" address. */
char (*tx_bounce_buffs)[PKT_BUF_SZ];
int cur_rx, cur_tx; /* The next free ring entry */
int dirty_rx, dirty_tx; /* The ring entries to be free()ed. */
int dma;
unsigned char chip_version; /* See lance_chip_type. */
spinlock_t devlock;
Reported by FlawFinder.
Line: 444
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!dev)
return ERR_PTR(-ENODEV);
sprintf(dev->name, "eth%d", unit);
netdev_boot_setup_check(dev);
err = do_lance_probe(dev);
if (err)
goto out;
Reported by FlawFinder.
Line: 590
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dev->dma = 4; /* Native bus-master, no DMA channel needed. */
dev->irq = irq;
} else if (hp_builtin) {
static const char dma_tbl[4] = {3, 5, 6, 0};
static const char irq_tbl[4] = {3, 4, 5, 9};
unsigned char port_val = inb(hp_builtin);
dev->dma = dma_tbl[(port_val >> 4) & 3];
dev->irq = irq_tbl[(port_val >> 2) & 3];
printk(" HP Vectra IRQ %d DMA %d.\n", dev->irq, dev->dma);
Reported by FlawFinder.
Line: 591
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dev->irq = irq;
} else if (hp_builtin) {
static const char dma_tbl[4] = {3, 5, 6, 0};
static const char irq_tbl[4] = {3, 4, 5, 9};
unsigned char port_val = inb(hp_builtin);
dev->dma = dma_tbl[(port_val >> 4) & 3];
dev->irq = irq_tbl[(port_val >> 2) & 3];
printk(" HP Vectra IRQ %d DMA %d.\n", dev->irq, dev->dma);
} else if (hpJ2405A) {
Reported by FlawFinder.
Line: 597
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dev->irq = irq_tbl[(port_val >> 2) & 3];
printk(" HP Vectra IRQ %d DMA %d.\n", dev->irq, dev->dma);
} else if (hpJ2405A) {
static const char dma_tbl[4] = {3, 5, 6, 7};
static const char irq_tbl[8] = {3, 4, 5, 9, 10, 11, 12, 15};
short reset_val = inw(ioaddr+LANCE_RESET);
dev->dma = dma_tbl[(reset_val >> 2) & 3];
dev->irq = irq_tbl[(reset_val >> 4) & 7];
printk(" HP J2405A IRQ %d DMA %d.\n", dev->irq, dev->dma);
Reported by FlawFinder.
Line: 598
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
printk(" HP Vectra IRQ %d DMA %d.\n", dev->irq, dev->dma);
} else if (hpJ2405A) {
static const char dma_tbl[4] = {3, 5, 6, 7};
static const char irq_tbl[8] = {3, 4, 5, 9, 10, 11, 12, 15};
short reset_val = inw(ioaddr+LANCE_RESET);
dev->dma = dma_tbl[(reset_val >> 2) & 3];
dev->irq = irq_tbl[(reset_val >> 4) & 7];
printk(" HP J2405A IRQ %d DMA %d.\n", dev->irq, dev->dma);
} else if (lance_version == PCNET_ISAP) { /* The plug-n-play version. */
Reported by FlawFinder.
drivers/net/ethernet/amd/declance.c
6 issues
Line: 1050
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
lp = netdev_priv(dev);
dev = lp->next;
}
snprintf(name, sizeof(name), fmt, i);
}
dev = alloc_etherdev(sizeof(struct lance_private));
if (!dev) {
ret = -ENOMEM;
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net_device *dev;
/* Pointers to the ring buffers as seen from the CPU */
char *rx_buf_ptr_cpu[RX_RING_SIZE];
char *tx_buf_ptr_cpu[TX_RING_SIZE];
/* Pointers to the ring buffers as seen from the LANCE */
uint rx_buf_ptr_lnc[RX_RING_SIZE];
uint tx_buf_ptr_lnc[TX_RING_SIZE];
Reported by FlawFinder.
Line: 268
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Pointers to the ring buffers as seen from the CPU */
char *rx_buf_ptr_cpu[RX_RING_SIZE];
char *tx_buf_ptr_cpu[TX_RING_SIZE];
/* Pointers to the ring buffers as seen from the LANCE */
uint rx_buf_ptr_lnc[RX_RING_SIZE];
uint tx_buf_ptr_lnc[TX_RING_SIZE];
};
Reported by FlawFinder.
Line: 337
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const unsigned char *rfp;
if (type == PMAD_LANCE) {
memcpy(to, from, len);
} else if (type == PMAX_LANCE) {
clen = len >> 1;
tp = to;
fp = from;
Reported by FlawFinder.
Line: 396
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const unsigned char *rfp;
if (type == PMAD_LANCE) {
memcpy(to, from, len);
} else if (type == PMAX_LANCE) {
clen = len >> 1;
tp = to;
fp = from;
while (clen--) {
Reported by FlawFinder.
Line: 1027
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static unsigned version_printed;
static const char fmt[] = "declance%d";
char name[10];
struct net_device *dev;
struct lance_private *lp;
volatile struct lance_regs *ll;
resource_size_t start = 0, len = 0;
int i, ret;
Reported by FlawFinder.
drivers/net/ethernet/cisco/enic/enic_pp.c
6 issues
Line: 76
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vic_provinfo *vp;
const u8 oui[3] = VIC_PROVINFO_CISCO_OUI;
const __be16 os_type = htons(VIC_GENERIC_PROV_OS_TYPE_LINUX);
char uuid_str[38];
char client_mac_str[18];
u8 *client_mac;
int err;
ENIC_PP_BY_INDEX(enic, vf, pp, &err);
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const u8 oui[3] = VIC_PROVINFO_CISCO_OUI;
const __be16 os_type = htons(VIC_GENERIC_PROV_OS_TYPE_LINUX);
char uuid_str[38];
char client_mac_str[18];
u8 *client_mac;
int err;
ENIC_PP_BY_INDEX(enic, vf, pp, &err);
if (err)
Reported by FlawFinder.
Line: 118
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sizeof(client_mac_str), client_mac_str);
if (pp->set & ENIC_SET_INSTANCE) {
sprintf(uuid_str, "%pUB", pp->instance_uuid);
VIC_PROVINFO_ADD_TLV(vp,
VIC_GENERIC_PROV_TLV_CLIENT_UUID_STR,
sizeof(uuid_str), uuid_str);
}
Reported by FlawFinder.
Line: 125
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (pp->set & ENIC_SET_HOST) {
sprintf(uuid_str, "%pUB", pp->host_uuid);
VIC_PROVINFO_ADD_TLV(vp,
VIC_GENERIC_PROV_TLV_HOST_UUID_STR,
sizeof(uuid_str), uuid_str);
}
Reported by FlawFinder.
Line: 85
Column: 37
CWE codes:
126
if (err)
return err;
if (!(pp->set & ENIC_SET_NAME) || !strlen(pp->name))
return -EINVAL;
vp = vic_provinfo_alloc(GFP_KERNEL, oui,
VIC_PROVINFO_GENERIC_TYPE);
if (!vp)
Reported by FlawFinder.
Line: 95
Column: 3
CWE codes:
126
VIC_PROVINFO_ADD_TLV(vp,
VIC_GENERIC_PROV_TLV_PORT_PROFILE_NAME_STR,
strlen(pp->name) + 1, pp->name);
if (!is_zero_ether_addr(pp->mac_addr)) {
client_mac = pp->mac_addr;
} else if (vf == PORT_SELF_VF) {
client_mac = netdev->dev_addr;
Reported by FlawFinder.
drivers/net/can/usb/ucan.c
6 issues
Line: 454
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* store the data */
up->can.clock.freq = le32_to_cpu(device_info->freq);
up->device_info.tx_fifo = device_info->tx_fifo;
strcpy(bittiming->name, "ucan");
bittiming->tseg1_min = device_info->tseg1_min;
bittiming->tseg1_max = device_info->tseg1_max;
bittiming->tseg2_min = device_info->tseg2_min;
bittiming->tseg2_max = device_info->tseg2_max;
bittiming->sjw_max = device_info->sjw_max;
Reported by FlawFinder.
Line: 621
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the payload of non RTR frames */
if (!(cf->can_id & CAN_RTR_FLAG) || (cf->can_id & CAN_ERR_FLAG))
memcpy(cf->data, m->msg.can_msg.data, cf->len);
/* don't count error frames as real packets */
stats->rx_packets++;
stats->rx_bytes += cf->len;
Reported by FlawFinder.
Line: 1085
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
mlen = UCAN_OUT_HDR_SIZE +
sizeof(m->msg.can_msg.id) + cf->len;
memcpy(m->msg.can_msg.data, cf->data, cf->len);
}
m->len = cpu_to_le16(mlen);
context->dlc = cf->len;
Reported by FlawFinder.
Line: 1313
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 in_ep_addr;
u8 out_ep_addr;
union ucan_ctl_payload *ctl_msg_buffer;
char firmware_str[sizeof(union ucan_ctl_payload) + 1];
udev = interface_to_usbdev(intf);
/* Stage 1 - Interface Parsing
* ---------------------------
Reported by FlawFinder.
Line: 1535
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
sizeof(union ucan_ctl_payload));
firmware_str[sizeof(union ucan_ctl_payload)] = '\0';
} else {
strcpy(firmware_str, "unknown");
}
/* device is compatible, reset it */
ret = ucan_ctrl_command_out(up, UCAN_COMMAND_RESET, 0, 0);
if (ret < 0)
Reported by FlawFinder.
Line: 1531
Column: 3
CWE codes:
120
sizeof(union ucan_ctl_payload));
if (ret > 0) {
/* copy string while ensuring zero terminiation */
strncpy(firmware_str, up->ctl_msg_buffer->raw,
sizeof(union ucan_ctl_payload));
firmware_str[sizeof(union ucan_ctl_payload)] = '\0';
} else {
strcpy(firmware_str, "unknown");
}
Reported by FlawFinder.
drivers/net/ethernet/cisco/enic/enic_ethtool.c
6 issues
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "vnic_stats.h"
struct enic_stat {
char name[ETH_GSTRING_LEN];
unsigned int index;
};
#define ENIC_TX_STAT(stat) { \
.name = #stat, \
Reported by FlawFinder.
Line: 164
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < enic_n_tx_stats; i++) {
memcpy(data, enic_tx_stats[i].name, ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
for (i = 0; i < enic_n_rx_stats; i++) {
memcpy(data, enic_rx_stats[i].name, ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
Reported by FlawFinder.
Line: 168
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data += ETH_GSTRING_LEN;
}
for (i = 0; i < enic_n_rx_stats; i++) {
memcpy(data, enic_rx_stats[i].name, ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
for (i = 0; i < enic_n_gen_stats; i++) {
memcpy(data, enic_gen_stats[i].name, ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
Reported by FlawFinder.
Line: 172
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data += ETH_GSTRING_LEN;
}
for (i = 0; i < enic_n_gen_stats; i++) {
memcpy(data, enic_gen_stats[i].name, ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
}
break;
}
}
Reported by FlawFinder.
Line: 584
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct enic *enic = netdev_priv(netdev);
if (hkey)
memcpy(hkey, enic->rss_key, ENIC_RSS_LEN);
if (hfunc)
*hfunc = ETH_RSS_HASH_TOP;
return 0;
Reported by FlawFinder.
Line: 602
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
if (hkey)
memcpy(enic->rss_key, hkey, ENIC_RSS_LEN);
return __enic_set_rsskey(enic);
}
static int enic_get_ts_info(struct net_device *netdev,
Reported by FlawFinder.
drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c
6 issues
Line: 45
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
memcpy(&buf_tx->cmd, reg, sizeof(buf_tx->cmd));
memcpy(buf_tx->data, val, val_len);
return spi_sync_transfer(spi, xfer, ARRAY_SIZE(xfer));
}
static inline bool mcp251xfd_update_bits_read_reg(unsigned int reg)
Reported by FlawFinder.
Line: 123
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
return err;
memcpy(&orig_le32, buf_rx->data, len);
}
mask_le32 = cpu_to_le32(mask >> BITS_PER_BYTE * first_byte);
val_le32 = cpu_to_le32(val >> BITS_PER_BYTE * first_byte);
Reported by FlawFinder.
Line: 133
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmp_le32 |= val_le32 & mask_le32;
mcp251xfd_spi_cmd_write_nocrc(&buf_tx->cmd, reg + first_byte);
memcpy(buf_tx->data, &tmp_le32, len);
return spi_write(spi, buf_tx, sizeof(buf_tx->cmd) + len);
}
static int
Reported by FlawFinder.
Line: 183
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
if (!(priv->devtype_data.quirks & MCP251XFD_QUIRK_HALF_DUPLEX))
memcpy(val_buf, buf_rx->data, val_len);
return 0;
}
static int
Reported by FlawFinder.
Line: 214
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
mcp251xfd_spi_cmd_write_crc(&buf_tx->cmd, reg, val_len);
memcpy(buf_tx->data, val, val_len);
crc = mcp251xfd_crc16_compute(buf_tx, sizeof(buf_tx->cmd) + val_len);
put_unaligned_be16(crc, buf_tx->data + val_len);
return spi_sync_transfer(spi, xfer, ARRAY_SIZE(xfer));
Reported by FlawFinder.
Line: 392
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
}
out:
memcpy(val_buf, buf_rx->data, val_len);
return 0;
}
static const struct regmap_range mcp251xfd_reg_table_yes_range[] = {
Reported by FlawFinder.
drivers/media/i2c/adv7604.c
6 issues
Line: 2305
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (edid->start_block + edid->blocks > state->edid.blocks)
edid->blocks = state->edid.blocks - edid->start_block;
memcpy(edid->edid, data + edid->start_block * 128, edid->blocks * 128);
return 0;
}
static int adv76xx_set_edid(struct v4l2_subdev *sd, struct v4l2_edid *edid)
Reported by FlawFinder.
Line: 2403
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
edid->edid[spa_loc] = state->spa_port_a[0];
edid->edid[spa_loc + 1] = state->spa_port_a[1];
memcpy(state->edid.edid, edid->edid, 128 * edid->blocks);
state->edid.blocks = edid->blocks;
state->aspect_ratio = v4l2_calc_aspect_ratio(edid->edid[0x15],
edid->edid[0x16]);
state->edid.present |= 1 << edid->pad;
Reported by FlawFinder.
Line: 2524
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 edid_enabled;
u8 cable_det;
static const char * const csc_coeff_sel_rb[16] = {
"bypassed", "YPbPr601 -> RGB", "reserved", "YPbPr709 -> RGB",
"reserved", "RGB -> YPbPr601", "reserved", "RGB -> YPbPr709",
"reserved", "YPbPr709 -> YPbPr601", "YPbPr601 -> YPbPr709",
"reserved", "reserved", "reserved", "reserved", "manual"
};
Reported by FlawFinder.
Line: 2530
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"reserved", "YPbPr709 -> YPbPr601", "YPbPr601 -> YPbPr709",
"reserved", "reserved", "reserved", "reserved", "manual"
};
static const char * const input_color_space_txt[16] = {
"RGB limited range (16-235)", "RGB full range (0-255)",
"YCbCr Bt.601 (16-235)", "YCbCr Bt.709 (16-235)",
"xvYCC Bt.601", "xvYCC Bt.709",
"YCbCr Bt.601 (0-255)", "YCbCr Bt.709 (0-255)",
"invalid", "invalid", "invalid", "invalid", "invalid",
Reported by FlawFinder.
Line: 2538
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"invalid", "invalid", "invalid", "invalid", "invalid",
"invalid", "invalid", "automatic"
};
static const char * const hdmi_color_space_txt[16] = {
"RGB limited range (16-235)", "RGB full range (0-255)",
"YCbCr Bt.601 (16-235)", "YCbCr Bt.709 (16-235)",
"xvYCC Bt.601", "xvYCC Bt.709",
"YCbCr Bt.601 (0-255)", "YCbCr Bt.709 (0-255)",
"sYCC", "opYCC 601", "opRGB", "invalid", "invalid",
Reported by FlawFinder.
Line: 2551
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"RGB limited range (16-235)",
"RGB full range (0-255)",
};
static const char * const deep_color_mode_txt[4] = {
"8-bits per channel",
"10-bits per channel",
"12-bits per channel",
"16-bits per channel (not supported)"
};
Reported by FlawFinder.