The following issues were found
drivers/usb/gadget/function/f_uac1_legacy.c
6 issues
Line: 872
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result; \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%s\n", opts->name); \
mutex_unlock(&opts->lock); \
\
return result; \
} \
\
Reported by FlawFinder.
Line: 348
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(copy_buf->buf + copy_buf->actual, req->buf, req->actual);
copy_buf->actual += req->actual;
audio->copy_buf = copy_buf;
err = usb_ep_queue(ep, req, GFP_ATOMIC);
if (err)
Reported by FlawFinder.
Line: 373
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ep == out_ep)
f_audio_out_ep_complete(ep, req);
else if (audio->set_con) {
memcpy(&data, req->buf, req->length);
audio->set_con->set(audio->set_con, audio->set_cmd,
le16_to_cpu(data));
audio->set_con = NULL;
}
break;
Reported by FlawFinder.
Line: 453
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req->context = audio;
req->complete = f_audio_complete;
len = min_t(size_t, sizeof(value), len);
memcpy(req->buf, &value, len);
return len;
}
static int audio_set_endpoint_req(struct usb_function *f,
Reported by FlawFinder.
Line: 691
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Set sample rates */
rate = u_audio_get_playback_rate(card);
sam_freq = as_type_i_desc.tSamFreq[0];
memcpy(sam_freq, &rate, 3);
/* Todo: Set Sample bits and other parameters */
return;
}
Reported by FlawFinder.
Line: 827
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result; \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%u\n", opts->name); \
mutex_unlock(&opts->lock); \
\
return result; \
} \
\
Reported by FlawFinder.
drivers/usb/typec/ucsi/ucsi.c
6 issues
Line: 75
Column: 19
CWE codes:
120
20
if (ret < 0)
return ret;
ret = ucsi->ops->read(ucsi, UCSI_MESSAGE_IN, &error, sizeof(error));
if (ret)
return ret;
switch (error) {
case UCSI_ERROR_INCOMPATIBLE_PARTNER:
Reported by FlawFinder.
Line: 896
Column: 20
CWE codes:
120
20
goto out;
}
ret = ucsi->ops->read(ucsi, UCSI_CCI, &cci, sizeof(cci));
if (ret)
goto out;
/* If the PPM is still doing something else, reset it again. */
if (cci & ~UCSI_CCI_RESET_COMPLETE) {
Reported by FlawFinder.
Line: 1302
Column: 20
CWE codes:
120
20
{
struct ucsi *ucsi;
if (!ops || !ops->read || !ops->sync_write || !ops->async_write)
return ERR_PTR(-EINVAL);
ucsi = kzalloc(sizeof(*ucsi), GFP_KERNEL);
if (!ucsi)
return ERR_PTR(-ENOMEM);
Reported by FlawFinder.
drivers/usb/core/hub.c
6 issues
Line: 1464
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* FIXME for USB 3.0, skip for now */
if ((wHubCharacteristics & HUB_CHAR_COMPOUND) &&
!(hub_is_superspeed(hdev))) {
char portstr[USB_MAXCHILDREN + 1];
for (i = 0; i < maxchild; i++)
portstr[i] = hub->descriptor->u.hs.DeviceRemovable
[((i + 1) / 8)] & (1 << ((i + 1) % 8))
? 'F' : 'R';
Reported by FlawFinder.
Line: 5495
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Handle notifying userspace about hub over-current events */
static void port_over_current_notify(struct usb_port *port_dev)
{
char *envp[3];
struct device *hub_dev;
char *port_dev_path;
sysfs_notify(&port_dev->dev.kobj, NULL, "over_current_count");
Reported by FlawFinder.
Line: 2547
Column: 39
CWE codes:
126
announce_device(udev);
if (udev->serial)
add_device_randomness(udev->serial, strlen(udev->serial));
if (udev->product)
add_device_randomness(udev->product, strlen(udev->product));
if (udev->manufacturer)
add_device_randomness(udev->manufacturer,
strlen(udev->manufacturer));
Reported by FlawFinder.
Line: 2549
Column: 40
CWE codes:
126
if (udev->serial)
add_device_randomness(udev->serial, strlen(udev->serial));
if (udev->product)
add_device_randomness(udev->product, strlen(udev->product));
if (udev->manufacturer)
add_device_randomness(udev->manufacturer,
strlen(udev->manufacturer));
device_enable_async_suspend(&udev->dev);
Reported by FlawFinder.
Line: 2552
Column: 11
CWE codes:
126
add_device_randomness(udev->product, strlen(udev->product));
if (udev->manufacturer)
add_device_randomness(udev->manufacturer,
strlen(udev->manufacturer));
device_enable_async_suspend(&udev->dev);
/* check whether the hub or firmware marks this port as non-removable */
set_usb_port_removable(udev);
Reported by FlawFinder.
Line: 5132
Column: 16
CWE codes:
126
* different flash card of the same brand).
*/
if (udev->serial)
serial_len = strlen(udev->serial) + 1;
len = serial_len;
for (index = 0; index < udev->descriptor.bNumConfigurations; index++) {
old_length = le16_to_cpu(udev->config[index].desc.wTotalLength);
len = max(len, old_length);
Reported by FlawFinder.
drivers/scsi/sg.c
6 issues
Line: 124
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sg_fd *parentfp; /* NULL -> not in use */
Sg_scatter_hold data; /* hold buffer, perhaps scatter list */
sg_io_hdr_t header; /* scsi command+info, see <scsi/sg.h> */
unsigned char sense_b[SCSI_SENSE_BUFFERSIZE];
char res_used; /* 1 -> using reserve buffer, 0 -> not ... */
char orphan; /* 1 -> drop on sight, 0 -> normal */
char sg_io_owned; /* 1 -> packet belongs to SG_IO */
/* done protected by rq_list_lock */
char done; /* 0->before bh, 1->before read, 2->read */
Reported by FlawFinder.
Line: 612
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Sg_request *srp;
struct sg_header old_hdr;
sg_io_hdr_t *hp;
unsigned char cmnd[SG_MAX_CDB_SIZE];
int retval;
retval = sg_check_file_access(filp, __func__);
if (retval)
return retval;
Reported by FlawFinder.
Line: 722
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int k;
Sg_request *srp;
sg_io_hdr_t *hp;
unsigned char cmnd[SG_MAX_CDB_SIZE];
int timeout;
unsigned long ul_timeout;
if (count < SZ_SG_IO_HDR)
return -EINVAL;
Reported by FlawFinder.
Line: 1401
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (req->sense_len)
memcpy(srp->sense_b, req->sense, SCSI_SENSE_BUFFERSIZE);
/* Rely on write phase to clean out srp status values, so no "else" */
/*
* Free the request as soon as it is complete so that its resources
Reported by FlawFinder.
Line: 1495
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
SCSI_LOG_TIMEOUT(3, sdev_printk(KERN_INFO, scsidp,
"sg_alloc: dev=%d \n", k));
sprintf(disk->disk_name, "sg%d", k);
disk->first_minor = k;
sdp->disk = disk;
sdp->device = scsidp;
mutex_init(&sdp->open_rel_lock);
INIT_LIST_HEAD(&sdp->sfds);
Reported by FlawFinder.
Line: 1771
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hp->cmd_len > BLK_MAX_CDB)
req->cmd = long_cmdp;
memcpy(req->cmd, cmd, hp->cmd_len);
req->cmd_len = hp->cmd_len;
srp->rq = rq;
rq->end_io_data = srp;
req->retries = SG_DEFAULT_RETRIES;
Reported by FlawFinder.
drivers/nvme/host/fabrics.c
6 issues
Line: 389
Column: 2
CWE codes:
120
uuid_copy(&data->hostid, &ctrl->opts->host->id);
data->cntlid = cpu_to_le16(0xffff);
strncpy(data->subsysnqn, ctrl->opts->subsysnqn, NVMF_NQN_SIZE);
strncpy(data->hostnqn, ctrl->opts->host->nqn, NVMF_NQN_SIZE);
ret = __nvme_submit_sync_cmd(ctrl->fabrics_q, &cmd, &res,
data, sizeof(*data), 0, NVME_QID_ANY, 1,
BLK_MQ_REQ_RESERVED | BLK_MQ_REQ_NOWAIT);
Reported by FlawFinder.
Line: 390
Column: 2
CWE codes:
120
uuid_copy(&data->hostid, &ctrl->opts->host->id);
data->cntlid = cpu_to_le16(0xffff);
strncpy(data->subsysnqn, ctrl->opts->subsysnqn, NVMF_NQN_SIZE);
strncpy(data->hostnqn, ctrl->opts->host->nqn, NVMF_NQN_SIZE);
ret = __nvme_submit_sync_cmd(ctrl->fabrics_q, &cmd, &res,
data, sizeof(*data), 0, NVME_QID_ANY, 1,
BLK_MQ_REQ_RESERVED | BLK_MQ_REQ_NOWAIT);
if (ret) {
Reported by FlawFinder.
Line: 450
Column: 2
CWE codes:
120
uuid_copy(&data->hostid, &ctrl->opts->host->id);
data->cntlid = cpu_to_le16(ctrl->cntlid);
strncpy(data->subsysnqn, ctrl->opts->subsysnqn, NVMF_NQN_SIZE);
strncpy(data->hostnqn, ctrl->opts->host->nqn, NVMF_NQN_SIZE);
ret = __nvme_submit_sync_cmd(ctrl->connect_q, &cmd, &res,
data, sizeof(*data), 0, qid, 1,
BLK_MQ_REQ_RESERVED | BLK_MQ_REQ_NOWAIT);
Reported by FlawFinder.
Line: 451
Column: 2
CWE codes:
120
uuid_copy(&data->hostid, &ctrl->opts->host->id);
data->cntlid = cpu_to_le16(ctrl->cntlid);
strncpy(data->subsysnqn, ctrl->opts->subsysnqn, NVMF_NQN_SIZE);
strncpy(data->hostnqn, ctrl->opts->host->nqn, NVMF_NQN_SIZE);
ret = __nvme_submit_sync_cmd(ctrl->connect_q, &cmd, &res,
data, sizeof(*data), 0, qid, 1,
BLK_MQ_REQ_RESERVED | BLK_MQ_REQ_NOWAIT);
if (ret) {
Reported by FlawFinder.
Line: 605
Column: 13
CWE codes:
126
}
kfree(opts->subsysnqn);
opts->subsysnqn = p;
nqnlen = strlen(opts->subsysnqn);
if (nqnlen >= NVMF_NQN_SIZE) {
pr_err("%s needs to be < %d bytes\n",
opts->subsysnqn, NVMF_NQN_SIZE);
ret = -EINVAL;
goto out;
Reported by FlawFinder.
Line: 714
Column: 13
CWE codes:
126
ret = -ENOMEM;
goto out;
}
nqnlen = strlen(p);
if (nqnlen >= NVMF_NQN_SIZE) {
pr_err("%s needs to be < %d bytes\n",
p, NVMF_NQN_SIZE);
kfree(p);
ret = -EINVAL;
Reported by FlawFinder.
drivers/rtc/rtc-pcf2127.c
6 issues
Line: 120
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcf2127_rtc_read_time(struct device *dev, struct rtc_time *tm)
{
struct pcf2127 *pcf2127 = dev_get_drvdata(dev);
unsigned char buf[10];
int ret;
/*
* Avoid reading CTRL2 register as it causes WD_VAL register
* value to reset to 0 which means watchdog is stopped.
Reported by FlawFinder.
Line: 179
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcf2127_rtc_set_time(struct device *dev, struct rtc_time *tm)
{
struct pcf2127 *pcf2127 = dev_get_drvdata(dev);
unsigned char buf[7];
int i = 0, err;
dev_dbg(dev, "%s: secs=%d, mins=%d, hours=%d, "
"mday=%d, mon=%d, year=%d, wday=%d\n",
__func__,
Reported by FlawFinder.
Line: 456
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pcf2127 *pcf2127 = dev_get_drvdata(dev);
struct rtc_time tm;
int ret;
unsigned char data[25];
ret = regmap_bulk_read(pcf2127->regmap, PCF2127_REG_CTRL1, data,
sizeof(data));
if (ret) {
dev_err(dev, "%s: read error ret=%d\n", __func__, ret);
Reported by FlawFinder.
Line: 619
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
return ret;
}
return sprintf(buf, "%llu\n", (unsigned long long)ts);
};
static DEVICE_ATTR_RW(timestamp0);
static struct attribute *pcf2127_attrs[] = {
Reported by FlawFinder.
Line: 828
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!buf)
return -ENOMEM;
memcpy(buf, reg, 1);
memcpy(buf + 1, val, val_size);
ret = i2c_master_send(client, buf, val_size + 1);
kfree(buf);
Reported by FlawFinder.
Line: 829
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
memcpy(buf, reg, 1);
memcpy(buf + 1, val, val_size);
ret = i2c_master_send(client, buf, val_size + 1);
kfree(buf);
Reported by FlawFinder.
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8192e.c
6 issues
Line: 579
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (l >= 2) {
char value[80];
memcpy(value, &record[2], l - 2);
value[l - 2] = '\0';
dev_info(&priv->udev->dev, "%s: %s\n", record_name, value);
*record_offset = *record_offset + l;
Reported by FlawFinder.
Line: 581
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (l >= 2) {
char value[80];
memcpy(value, &record[2], l - 2);
value[l - 2] = '\0';
dev_info(&priv->udev->dev, "%s: %s\n", record_name, value);
*record_offset = *record_offset + l;
} else {
dev_info(&priv->udev->dev, "%s not available.\n", record_name);
Reported by FlawFinder.
Line: 601
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ether_addr_copy(priv->mac_addr, efuse->mac_addr);
memcpy(priv->cck_tx_power_index_A, efuse->tx_power_index_A.cck_base,
sizeof(efuse->tx_power_index_A.cck_base));
memcpy(priv->cck_tx_power_index_B, efuse->tx_power_index_B.cck_base,
sizeof(efuse->tx_power_index_B.cck_base));
memcpy(priv->ht40_1s_tx_power_index_A,
Reported by FlawFinder.
Line: 603
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->cck_tx_power_index_A, efuse->tx_power_index_A.cck_base,
sizeof(efuse->tx_power_index_A.cck_base));
memcpy(priv->cck_tx_power_index_B, efuse->tx_power_index_B.cck_base,
sizeof(efuse->tx_power_index_B.cck_base));
memcpy(priv->ht40_1s_tx_power_index_A,
efuse->tx_power_index_A.ht40_base,
sizeof(efuse->tx_power_index_A.ht40_base));
Reported by FlawFinder.
Line: 606
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->cck_tx_power_index_B, efuse->tx_power_index_B.cck_base,
sizeof(efuse->tx_power_index_B.cck_base));
memcpy(priv->ht40_1s_tx_power_index_A,
efuse->tx_power_index_A.ht40_base,
sizeof(efuse->tx_power_index_A.ht40_base));
memcpy(priv->ht40_1s_tx_power_index_B,
efuse->tx_power_index_B.ht40_base,
sizeof(efuse->tx_power_index_B.ht40_base));
Reported by FlawFinder.
Line: 609
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->ht40_1s_tx_power_index_A,
efuse->tx_power_index_A.ht40_base,
sizeof(efuse->tx_power_index_A.ht40_base));
memcpy(priv->ht40_1s_tx_power_index_B,
efuse->tx_power_index_B.ht40_base,
sizeof(efuse->tx_power_index_B.ht40_base));
priv->ht20_tx_power_diff[0].a =
efuse->tx_power_index_A.ht20_ofdm_1s_diff.b;
Reported by FlawFinder.
drivers/scsi/fnic/fnic_res.h
6 issues
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc->u.icmnd_16._resvd1 = 0; /* reserved: should be 0 */
desc->u.icmnd_16.flags = flags; /* command flags */
memset(desc->u.icmnd_16.scsi_cdb, 0, CDB_16);
memcpy(desc->u.icmnd_16.scsi_cdb, scsi_cdb, cdb_len); /* SCSI CDB */
desc->u.icmnd_16.data_len = data_len; /* length of data expected */
memcpy(desc->u.icmnd_16.lun, lun, LUN_ADDRESS); /* LUN address */
desc->u.icmnd_16._resvd2 = 0; /* reserved */
hton24(desc->u.icmnd_16.d_id, d_id); /* FC vNIC only: Target D_ID */
desc->u.icmnd_16.mss = mss; /* FC vNIC only: max burst */
Reported by FlawFinder.
Line: 114
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(desc->u.icmnd_16.scsi_cdb, 0, CDB_16);
memcpy(desc->u.icmnd_16.scsi_cdb, scsi_cdb, cdb_len); /* SCSI CDB */
desc->u.icmnd_16.data_len = data_len; /* length of data expected */
memcpy(desc->u.icmnd_16.lun, lun, LUN_ADDRESS); /* LUN address */
desc->u.icmnd_16._resvd2 = 0; /* reserved */
hton24(desc->u.icmnd_16.d_id, d_id); /* FC vNIC only: Target D_ID */
desc->u.icmnd_16.mss = mss; /* FC vNIC only: max burst */
desc->u.icmnd_16.r_a_tov = ratov; /*FC vNIC only: Res. Alloc Timeout */
desc->u.icmnd_16.e_d_tov = edtov; /*FC vNIC only: Err Detect Timeout */
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc->u.itmf.tm_req = tm_req; /* SCSI Task Management request */
desc->u.itmf.t_tag = tm_id; /* tag of fcpio to be aborted */
desc->u.itmf._resvd = 0;
memcpy(desc->u.itmf.lun, lun, LUN_ADDRESS); /* LUN address */
desc->u.itmf._resvd1 = 0;
hton24(desc->u.itmf.d_id, d_id); /* FC vNIC only: Target D_ID */
desc->u.itmf.r_a_tov = r_a_tov; /* FC vNIC only: R_A_TOV in msec */
desc->u.itmf.e_d_tov = e_d_tov; /* FC vNIC only: E_D_TOV in msec */
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc->u.flogi_reg.format = format;
desc->u.flogi_reg._resvd = 0;
hton24(desc->u.flogi_reg.s_id, s_id);
memcpy(desc->u.flogi_reg.gateway_mac, gw_mac, ETH_ALEN);
vnic_wq_copy_post(wq);
}
static inline void fnic_queue_wq_copy_desc_fip_reg(struct vnic_wq_copy *wq,
Reported by FlawFinder.
Line: 183
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc->u.flogi_fip_reg._resvd0 = 0;
hton24(desc->u.flogi_fip_reg.s_id, s_id);
memcpy(desc->u.flogi_fip_reg.fcf_mac, fcf_mac, ETH_ALEN);
desc->u.flogi_fip_reg._resvd1 = 0;
desc->u.flogi_fip_reg.r_a_tov = r_a_tov;
desc->u.flogi_fip_reg.e_d_tov = e_d_tov;
memcpy(desc->u.flogi_fip_reg.ha_mac, ha_mac, ETH_ALEN);
desc->u.flogi_fip_reg._resvd2 = 0;
Reported by FlawFinder.
Line: 187
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc->u.flogi_fip_reg._resvd1 = 0;
desc->u.flogi_fip_reg.r_a_tov = r_a_tov;
desc->u.flogi_fip_reg.e_d_tov = e_d_tov;
memcpy(desc->u.flogi_fip_reg.ha_mac, ha_mac, ETH_ALEN);
desc->u.flogi_fip_reg._resvd2 = 0;
vnic_wq_copy_post(wq);
}
Reported by FlawFinder.
drivers/net/wireless/intersil/p54/main.c
6 issues
Line: 171
Column: 14
CWE codes:
362
int err;
mutex_lock(&priv->conf_mutex);
err = priv->open(dev);
if (err)
goto out;
P54_SET_QUEUE(priv->qos_params[0], 0x0002, 0x0003, 0x0007, 47);
P54_SET_QUEUE(priv->qos_params[1], 0x0002, 0x0007, 0x000f, 94);
P54_SET_QUEUE(priv->qos_params[2], 0x0003, 0x000f, 0x03ff, 0);
Reported by FlawFinder.
Line: 251
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EOPNOTSUPP;
}
memcpy(priv->mac_addr, vif->addr, ETH_ALEN);
err = p54_setup_mac(priv);
mutex_unlock(&priv->conf_mutex);
return err;
}
Reported by FlawFinder.
Line: 379
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i = 1;
priv->mc_maclist_num = netdev_hw_addr_list_count(mc_list) + i;
netdev_hw_addr_list_for_each(ha, mc_list) {
memcpy(&priv->mc_maclist[i], ha->addr, ETH_ALEN);
i++;
if (i >= ARRAY_SIZE(priv->mc_maclist))
break;
}
Reported by FlawFinder.
Line: 445
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct p54_common *priv = dev->priv;
memcpy(stats, &priv->stats, sizeof(*stats));
return 0;
}
static void p54_bss_info_changed(struct ieee80211_hw *dev,
struct ieee80211_vif *vif,
Reported by FlawFinder.
Line: 458
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock(&priv->conf_mutex);
if (changed & BSS_CHANGED_BSSID) {
memcpy(priv->bssid, info->bssid, ETH_ALEN);
p54_setup_mac(priv);
}
if (changed & BSS_CHANGED_BEACON) {
p54_scan(priv, P54_SCAN_EXIT, 0);
Reported by FlawFinder.
Line: 627
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
in_use = true;
}
memcpy(survey, &priv->survey[idx], sizeof(*survey));
if (in_use) {
/* test if the reported statistics are valid. */
if (survey->time != 0) {
survey->filled |= SURVEY_INFO_IN_USE;
Reported by FlawFinder.
drivers/net/wireless/realtek/rtw88/fw.c
6 issues
Line: 902
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < pno_req->match_set_cnt; i++) {
pos = skb_put_zero(skb, IEEE80211_MAX_SSID_LEN);
memcpy(pos, pno_req->match_sets[i].ssid.ssid,
pno_req->match_sets[i].ssid.ssid_len);
}
return skb;
}
Reported by FlawFinder.
Line: 961
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dpk_hdr = skb_put_zero(skb, sizeof(*dpk_hdr));
dpk_hdr->dpk_ch = dpk_info->dpk_ch;
dpk_hdr->dpk_path_ok = dpk_info->dpk_path_ok[0];
memcpy(dpk_hdr->dpk_txagc, dpk_info->dpk_txagc, 2);
memcpy(dpk_hdr->dpk_gs, dpk_info->dpk_gs, 4);
memcpy(dpk_hdr->coef, dpk_info->coef, 160);
return skb;
}
Reported by FlawFinder.
Line: 962
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dpk_hdr->dpk_ch = dpk_info->dpk_ch;
dpk_hdr->dpk_path_ok = dpk_info->dpk_path_ok[0];
memcpy(dpk_hdr->dpk_txagc, dpk_info->dpk_txagc, 2);
memcpy(dpk_hdr->dpk_gs, dpk_info->dpk_gs, 4);
memcpy(dpk_hdr->coef, dpk_info->coef, 160);
return skb;
}
Reported by FlawFinder.
Line: 963
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dpk_hdr->dpk_path_ok = dpk_info->dpk_path_ok[0];
memcpy(dpk_hdr->dpk_txagc, dpk_info->dpk_txagc, 2);
memcpy(dpk_hdr->dpk_gs, dpk_info->dpk_gs, 4);
memcpy(dpk_hdr->coef, dpk_info->coef, 160);
return skb;
}
static struct sk_buff *rtw_lps_pg_info_get(struct ieee80211_hw *hw)
Reported by FlawFinder.
Line: 1092
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sk_buff *skb = rsvd_pkt->skb;
if (page >= 1)
memcpy(buf + page_margin + page_size * (page - 1),
skb->data, skb->len);
else
memcpy(buf, skb->data, skb->len);
}
Reported by FlawFinder.
Line: 1095
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(buf + page_margin + page_size * (page - 1),
skb->data, skb->len);
else
memcpy(buf, skb->data, skb->len);
}
static struct rtw_rsvd_page *rtw_alloc_rsvd_page(struct rtw_dev *rtwdev,
enum rtw_rsvd_packet_type type,
bool txdesc)
Reported by FlawFinder.