The following issues were found
drivers/staging/rtl8723bs/include/wifi.h
6 issues
Line: 414
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char ht_param;
__le16 operation_mode;
__le16 stbc_param;
unsigned char basic_set[16];
} __attribute__ ((packed));
struct HT_caps_element {
union {
Reported by FlawFinder.
Line: 423
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
__le16 HT_caps_info;
unsigned char AMPDU_para;
unsigned char MCS_rate[16];
__le16 HT_ext_caps;
__le16 Beamforming_caps;
unsigned char ASEL_caps;
} HT_cap_element;
unsigned char HT_cap[26];
Reported by FlawFinder.
Line: 428
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le16 Beamforming_caps;
unsigned char ASEL_caps;
} HT_cap_element;
unsigned char HT_cap[26];
} u;
} __attribute__ ((packed));
struct HT_info_element {
unsigned char primary_channel;
Reported by FlawFinder.
Line: 434
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct HT_info_element {
unsigned char primary_channel;
unsigned char infos[5];
unsigned char MCS_rate[16];
} __attribute__ ((packed));
struct AC_param {
unsigned char ACI_AIFSN;
Reported by FlawFinder.
Line: 435
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct HT_info_element {
unsigned char primary_channel;
unsigned char infos[5];
unsigned char MCS_rate[16];
} __attribute__ ((packed));
struct AC_param {
unsigned char ACI_AIFSN;
unsigned char CW;
Reported by FlawFinder.
Line: 776
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct rtw_regulatory {
char alpha2[2];
u16 country_code;
u16 max_power_level;
u32 tp_scale;
u16 current_rd;
u16 current_rd_ext;
Reported by FlawFinder.
drivers/scsi/mpi3mr/mpi3mr.h
6 issues
Line: 353
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mpi3mr_ioc *mrioc;
u16 msix_index;
struct op_reply_qinfo *op_reply_q;
char name[MPI3MR_NAME_LENGTH];
};
/**
* struct tgt_dev_sas_sata - SAS/SATA device specific
* information cached from firmware given data
Reported by FlawFinder.
Line: 698
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool enable_segqueue;
u32 irqpoll_sleep;
char name[MPI3MR_NAME_LENGTH];
char driver_name[MPI3MR_NAME_LENGTH];
volatile struct mpi3_sysif_registers __iomem *sysif_regs;
resource_size_t sysif_regs_phys;
int bars;
Reported by FlawFinder.
Line: 699
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 irqpoll_sleep;
char name[MPI3MR_NAME_LENGTH];
char driver_name[MPI3MR_NAME_LENGTH];
volatile struct mpi3_sysif_registers __iomem *sysif_regs;
resource_size_t sysif_regs_phys;
int bars;
u64 dma_mask;
Reported by FlawFinder.
Line: 766
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 sbq_host_index;
u32 event_masks[MPI3_EVENT_NOTIFY_EVENTMASK_WORDS];
char fwevt_worker_name[MPI3MR_NAME_LENGTH];
struct workqueue_struct *fwevt_worker_thread;
spinlock_t fwevt_lock;
struct list_head fwevt_list;
char watchdog_work_q_name[20];
Reported by FlawFinder.
Line: 771
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t fwevt_lock;
struct list_head fwevt_list;
char watchdog_work_q_name[20];
struct workqueue_struct *watchdog_work_q;
struct delayed_work watchdog_work;
spinlock_t watchdog_lock;
u8 is_driver_loading;
Reported by FlawFinder.
Line: 839
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool process_evt;
u32 evt_ctx;
struct kref ref_count;
char event_data[0] __aligned(4);
};
/**
* struct delayed_dev_rmhs_node - Delayed device removal node
Reported by FlawFinder.
drivers/tty/ehv_bytechan.c
6 issues
Line: 52
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int tx_irq;
spinlock_t lock; /* lock for transmit buffer */
unsigned char buf[BUF_SIZE]; /* transmit circular buffer */
unsigned int head; /* circular buffer head */
unsigned int tail; /* circular buffer tail */
int tx_irq_enabled; /* true == TX interrupt is enabled */
};
Reported by FlawFinder.
Line: 143
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int *count,
const char *p)
{
char buffer[EV_BYTE_CHANNEL_MAX_BYTES];
unsigned int c = *count;
if (c < sizeof(buffer)) {
memcpy(buffer, p, c);
memset(&buffer[c], 0, sizeof(buffer) - c);
Reported by FlawFinder.
Line: 147
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int c = *count;
if (c < sizeof(buffer)) {
memcpy(buffer, p, c);
memset(&buffer[c], 0, sizeof(buffer) - c);
p = buffer;
}
return ev_byte_channel_send(handle, count, p);
}
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void ehv_bc_console_write(struct console *co, const char *s,
unsigned int count)
{
char s2[EV_BYTE_CHANNEL_MAX_BYTES];
unsigned int i, j = 0;
char c;
for (i = 0; i < count; i++) {
c = *s++;
Reported by FlawFinder.
Line: 352
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ehv_bc_data *bc = data;
unsigned int rx_count, tx_count, len;
int count;
char buffer[EV_BYTE_CHANNEL_MAX_BYTES];
int ret;
/* Find out how much data needs to be read, and then ask the TTY layer
* if it can handle that much. We want to ensure that every byte we
* read from the byte channel will be accepted by the TTY layer.
Reported by FlawFinder.
Line: 483
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (count < len)
len = count;
if (len) {
memcpy(bc->buf + bc->head, s, len);
bc->head = (bc->head + len) & (BUF_SIZE - 1);
}
spin_unlock_irqrestore(&bc->lock, flags);
if (!len)
break;
Reported by FlawFinder.
drivers/usb/serial/garmin_gps.c
6 issues
Line: 276
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
pkt->size = data_length;
memcpy(pkt->data, data, data_length);
spin_lock_irqsave(&garmin_data_p->lock, flags);
garmin_data_p->flags |= FLAGS_QUEUING;
result = list_empty(&garmin_data_p->pktlist);
pkt->seq = garmin_data_p->seq_counter++;
Reported by FlawFinder.
Line: 607
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -4;
}
memcpy(garmin_data_p->outbuffer+k, buf, count);
k += count;
garmin_data_p->outsize = k;
if (k >= GARMIN_PKTHDR_LENGTH) {
pktid = getPacketId(garmin_data_p->outbuffer);
Reported by FlawFinder.
Line: 660
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* can't add stuffing DLEs in place, move data to end
of buffer ... */
dst = garmin_data_p->outbuffer+GPS_OUT_BUFSIZ-datalen;
memcpy(dst, src, datalen);
src = dst;
}
dst = garmin_data_p->outbuffer;
Reported by FlawFinder.
Line: 768
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > 0) {
dest = garmin_data_p->inbuffer
+ garmin_data_p->insize;
memcpy(dest, buf+offs, len);
garmin_data_p->insize += len;
offs += len;
}
}
Reported by FlawFinder.
Line: 1001
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(buffer, buf, count);
usb_serial_debug_data(&port->dev, __func__, count, buffer);
usb_fill_bulk_urb(urb, serial->dev,
usb_sndbulkpipe(serial->dev,
Reported by FlawFinder.
Line: 1063
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (count < len)
len = count;
memcpy(garmin_data_p->privpkt, buf, len);
pktsiz = getDataLength(garmin_data_p->privpkt);
pktid = getPacketId(garmin_data_p->privpkt);
if (count == (GARMIN_PKTHDR_LENGTH + pktsiz) &&
Reported by FlawFinder.
drivers/spi/spi-pl022.c
6 issues
Line: 385
Column: 20
CWE codes:
120
20
void *tx_end;
void *rx;
void *rx_end;
enum ssp_reading read;
enum ssp_writing write;
u32 exp_fifo_level;
enum ssp_rx_level_trig rx_lev_trig;
enum ssp_tx_level_trig tx_lev_trig;
/* DMA settings */
Reported by FlawFinder.
Line: 684
Column: 18
CWE codes:
120
20
/* Read as much as you can */
while ((readw(SSP_SR(pl022->virtbase)) & SSP_SR_MASK_RNE)
&& (pl022->rx < pl022->rx_end)) {
switch (pl022->read) {
case READING_NULL:
readw(SSP_DR(pl022->virtbase));
break;
case READING_U8:
*(u8 *) (pl022->rx) =
Reported by FlawFinder.
Line: 733
Column: 19
CWE codes:
120
20
*/
while ((readw(SSP_SR(pl022->virtbase)) & SSP_SR_MASK_RNE)
&& (pl022->rx < pl022->rx_end)) {
switch (pl022->read) {
case READING_NULL:
readw(SSP_DR(pl022->virtbase));
break;
case READING_U8:
*(u8 *) (pl022->rx) =
Reported by FlawFinder.
Line: 983
Column: 17
CWE codes:
120
20
break;
}
switch (pl022->read) {
case READING_NULL:
/* Use the same as for writing */
rx_conf.src_addr_width = DMA_SLAVE_BUSWIDTH_UNDEFINED;
break;
case READING_U8:
Reported by FlawFinder.
Line: 1360
Column: 45
CWE codes:
120
20
pl022->rx_end = pl022->rx + pl022->cur_transfer->len;
pl022->write =
pl022->tx ? pl022->cur_chip->write : WRITING_NULL;
pl022->read = pl022->rx ? pl022->cur_chip->read : READING_NULL;
return 0;
}
/**
* pump_transfers - Tasklet function which schedules next transfer
Reported by FlawFinder.
drivers/staging/rtl8188eu/os_dep/usb_ops_linux.c
6 issues
Line: 35
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
/* HISR */
memcpy(&haldata->IntArray[0], &pbuf[USB_INTR_CONTENT_HISR_OFFSET], 4);
memcpy(&haldata->IntArray[1], &pbuf[USB_INTR_CONTENT_HISRE_OFFSET], 4);
/* C2H Event */
if (pbuf[0] != 0)
memcpy(&haldata->C2hArray[0],
Reported by FlawFinder.
Line: 36
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* HISR */
memcpy(&haldata->IntArray[0], &pbuf[USB_INTR_CONTENT_HISR_OFFSET], 4);
memcpy(&haldata->IntArray[1], &pbuf[USB_INTR_CONTENT_HISRE_OFFSET], 4);
/* C2H Event */
if (pbuf[0] != 0)
memcpy(&haldata->C2hArray[0],
&pbuf[USB_INTR_CONTENT_C2H_OFFSET], 16);
Reported by FlawFinder.
Line: 40
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* C2H Event */
if (pbuf[0] != 0)
memcpy(&haldata->C2hArray[0],
&pbuf[USB_INTR_CONTENT_C2H_OFFSET], 16);
}
static int recvbuf2recvframe(struct adapter *adapt, struct sk_buff *pskb)
{
Reported by FlawFinder.
Line: 239
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (reqtype == REALTEK_USB_VENQT_READ)
memset(pIo_buf, 0, len);
else
memcpy(pIo_buf, pdata, len);
status = usb_control_msg(udev, pipe, REALTEK_USB_VENQT_CMD_REQ,
reqtype, value, REALTEK_USB_VENQT_CMD_IDX,
pIo_buf, len, RTW_USB_CONTROL_MSG_TIMEOUT);
Reported by FlawFinder.
Line: 247
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (status == len) { /* Success this control transfer. */
if (reqtype == REALTEK_USB_VENQT_READ)
memcpy(pdata, pIo_buf, len);
} else { /* error cases */
if (status < 0) {
if (status == -ESHUTDOWN || status == -ENODEV)
adapt->bSurpriseRemoved = true;
else
Reported by FlawFinder.
Line: 258
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (status > 0) {
if (reqtype == REALTEK_USB_VENQT_READ) {
/* For Control read transfer, we have to copy the read data from pIo_buf to pdata. */
memcpy(pdata, pIo_buf, len);
}
}
}
}
Reported by FlawFinder.
drivers/usb/gadget/function/f_midi.c
6 issues
Line: 821
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto fail;
}
strcpy(card->driver, f_midi_longname);
strcpy(card->longname, f_midi_longname);
strcpy(card->shortname, f_midi_shortname);
/* Set up rawmidi */
snd_component_add(card, "MIDI");
Reported by FlawFinder.
Line: 822
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcpy(card->driver, f_midi_longname);
strcpy(card->longname, f_midi_longname);
strcpy(card->shortname, f_midi_shortname);
/* Set up rawmidi */
snd_component_add(card, "MIDI");
err = snd_rawmidi_new(card, card->longname, 0,
Reported by FlawFinder.
Line: 823
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(card->driver, f_midi_longname);
strcpy(card->longname, f_midi_longname);
strcpy(card->shortname, f_midi_shortname);
/* Set up rawmidi */
snd_component_add(card, "MIDI");
err = snd_rawmidi_new(card, card->longname, 0,
midi->out_ports, midi->in_ports, &rmidi);
Reported by FlawFinder.
Line: 835
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
midi->rmidi = rmidi;
midi->in_last_port = 0;
strcpy(rmidi->name, card->shortname);
rmidi->info_flags = SNDRV_RAWMIDI_INFO_OUTPUT |
SNDRV_RAWMIDI_INFO_INPUT |
SNDRV_RAWMIDI_INFO_DUPLEX;
rmidi->private_data = midi;
rmidi->private_free = f_midi_rmidi_free;
Reported by FlawFinder.
Line: 594
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int length = req->length;
u8 *buf = (u8 *)req->buf + length;
memcpy(buf, p, sizeof(p));
req->length = length + sizeof(p);
if (next_state == STATE_FINISHED) {
next_state = STATE_INITIAL;
port->data[0] = port->data[1] = 0;
Reported by FlawFinder.
Line: 1100
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result; \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%d\n", opts->name); \
mutex_unlock(&opts->lock); \
\
return result; \
} \
\
Reported by FlawFinder.
drivers/usb/mon/mon_text.c
6 issues
Line: 75
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char data_flag;
int numdesc; /* Full number */
struct mon_iso_desc isodesc[ISODESC_MAX];
unsigned char setup[SETUP_MAX];
unsigned char data[DATA_MAX];
};
#define SLAB_NAME_SZ 30
struct mon_reader_text {
Reported by FlawFinder.
Line: 76
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int numdesc; /* Full number */
struct mon_iso_desc isodesc[ISODESC_MAX];
unsigned char setup[SETUP_MAX];
unsigned char data[DATA_MAX];
};
#define SLAB_NAME_SZ 30
struct mon_reader_text {
struct kmem_cache *e_slab;
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *printf_buf;
struct mutex printf_lock;
char slab_name[SLAB_NAME_SZ];
};
static struct dentry *mon_dir; /* Usually /sys/kernel/debug/usbmon */
static void mon_text_ctor(void *);
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (urb->setup_packet == NULL)
return 'Z'; /* '0' would be not as pretty. */
memcpy(ep->setup, urb->setup_packet, SETUP_MAX);
return 0;
}
static inline char mon_text_get_data(struct mon_event_text *ep, struct urb *urb,
int len, char ev_type, struct mon_bus *mbus)
Reported by FlawFinder.
Line: 178
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src = sg_virt(sg);
}
memcpy(ep->data, src, len);
return 0;
}
static inline unsigned int mon_get_timestamp(void)
{
Reported by FlawFinder.
Line: 704
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mon_text_add(struct mon_bus *mbus, const struct usb_bus *ubus)
{
enum { NAMESZ = 10 };
char name[NAMESZ];
int busnum = ubus? ubus->busnum: 0;
int rc;
if (mon_dir == NULL)
return 0;
Reported by FlawFinder.
drivers/target/iscsi/cxgbit/cxgbit_target.c
6 issues
Line: 494
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(!skb))
return -ENOMEM;
memcpy(skb->data, cmd->pdu, ISCSI_HDR_LEN);
if (datain->length) {
cxgbit_skcb_submode(skb) |= (csk->submode &
CXGBIT_SUBMODE_DCRC);
cxgbit_skcb_tx_extralen(skb) =
Reported by FlawFinder.
Line: 544
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(!skb))
return -ENOMEM;
memcpy(skb->data, cmd->pdu, ISCSI_HDR_LEN);
if (data_buf_len) {
u32 pad_bytes = 0;
skb_store_bits(skb, ISCSI_HDR_LEN, data_buf, data_buf_len);
Reported by FlawFinder.
Line: 1330
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct iscsi_login_req *login_req;
login_req = (struct iscsi_login_req *)login->req;
memcpy(login_req, pdu_cb->hdr, sizeof(*login_req));
pr_debug("Got Login Command, Flags 0x%02x, ITT: 0x%08x,"
" CmdSN: 0x%08x, ExpStatSN: 0x%08x, CID: %hu, Length: %u\n",
login_req->flags, login_req->itt, login_req->cmdsn,
login_req->exp_statsn, login_req->cid, pdu_cb->dlen);
Reported by FlawFinder.
Line: 1347
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
login_req->flags);
login->version_min = login_req->min_version;
login->version_max = login_req->max_version;
memcpy(login->isid, login_req->isid, 6);
login->cmd_sn = be32_to_cpu(login_req->cmdsn);
login->init_task_tag = login_req->itt;
login->initial_exp_statsn = be32_to_cpu(login_req->exp_statsn);
login->cid = be16_to_cpu(login_req->cid);
login->tsih = be16_to_cpu(login_req->tsih);
Reported by FlawFinder.
Line: 1441
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hpdu_cb->hdr = pdu_cb->hdr;
hpdu_cb->hlen = pdu_cb->hlen;
memcpy(&hssi->frags[hfrag_idx], &ssi->frags[pdu_cb->hfrag_idx],
sizeof(skb_frag_t));
get_page(skb_frag_page(&hssi->frags[hfrag_idx]));
hssi->nr_frags++;
hpdu_cb->frags++;
Reported by FlawFinder.
Line: 1463
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = 0;
for (i = 0; i < pdu_cb->nr_dfrags; dfrag_idx++, i++) {
memcpy(&hssi->frags[dfrag_idx],
&ssi->frags[pdu_cb->dfrag_idx + i],
sizeof(skb_frag_t));
get_page(skb_frag_page(&hssi->frags[dfrag_idx]));
Reported by FlawFinder.
drivers/usb/storage/realtek_cr.c
6 issues
Line: 222
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the command payload */
memset(bcb->CDB, 0, sizeof(bcb->CDB));
memcpy(bcb->CDB, cmd, bcb->Length);
/* send it to out endpoint */
result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe,
bcb, cbwlen, NULL);
if (result != USB_STOR_XFER_GOOD)
Reported by FlawFinder.
Line: 311
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the command payload */
memset(bcb->CDB, 0, sizeof(bcb->CDB));
memcpy(bcb->CDB, cmd, bcb->Length);
/* send it to out endpoint */
result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe,
bcb, cbwlen, NULL);
if (result != USB_STOR_XFER_GOOD)
Reported by FlawFinder.
Line: 386
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
}
memcpy(data, buf, len);
kfree(buf);
return 0;
}
static int rts51x_write_mem(struct us_data *us, u16 addr, u8 *data, u16 len)
Reported by FlawFinder.
Line: 442
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
}
memcpy(status, buf, len);
kfree(buf);
return 0;
}
static int rts51x_check_status(struct us_data *us, u8 lun)
Reported by FlawFinder.
Line: 828
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
srb->result = SAM_STAT_GOOD;
} else {
srb->result = SAM_STAT_CHECK_CONDITION;
memcpy(srb->sense_buffer,
media_not_present,
US_SENSE_SIZE);
}
usb_stor_dbg(us, "TEST_UNIT_READY\n");
goto out;
Reported by FlawFinder.
Line: 839
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int prevent = srb->cmnd[4] & 0x1;
if (prevent) {
srb->result = SAM_STAT_CHECK_CONDITION;
memcpy(srb->sense_buffer,
invalid_cmd_field,
US_SENSE_SIZE);
} else {
srb->result = SAM_STAT_GOOD;
}
Reported by FlawFinder.