The following issues were found
drivers/net/wireless/wl3501.h
6 issues
Line: 295
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 rx_next_frame;
u8 rx_next_frame1;
u8 rssi;
char time[8];
u8 signal;
u8 service;
u16 len;
u16 crc16;
u16 frame_ctrl;
Reported by FlawFinder.
Line: 448
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 sig_id;
u8 reserved;
u16 status;
char timestamp[8];
char localtime[8];
struct wl3501_req req;
u8 rssi;
};
Reported by FlawFinder.
Line: 449
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 reserved;
u16 status;
char timestamp[8];
char localtime[8];
struct wl3501_req req;
u8 rssi;
};
struct wl3501_start_confirm {
Reported by FlawFinder.
Line: 596
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iw_mgmt_essid_pset keep_essid;
u8 bssid[ETH_ALEN];
int net_type;
char nick[32];
char card_name[32];
char firmware_date[32];
u8 chan;
u8 cap_info;
u16 start_seg;
Reported by FlawFinder.
Line: 597
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 bssid[ETH_ALEN];
int net_type;
char nick[32];
char card_name[32];
char firmware_date[32];
u8 chan;
u8 cap_info;
u16 start_seg;
u16 bss_cnt;
Reported by FlawFinder.
Line: 598
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int net_type;
char nick[32];
char card_name[32];
char firmware_date[32];
u8 chan;
u8 cap_info;
u16 start_seg;
u16 bss_cnt;
u16 join_sta_bss;
Reported by FlawFinder.
drivers/net/wwan/wwan_core.c
6 issues
Line: 262
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct wwan_port *port = to_wwan_port(dev);
return sprintf(buf, "%s\n", wwan_port_types[port->type].name);
}
static DEVICE_ATTR_RO(type);
static struct attribute *wwan_port_attrs[] = {
&dev_attr_type.attr,
Reported by FlawFinder.
Line: 332
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
while ((dev = class_dev_iter_next(&iter))) {
if (dev->parent != &wwandev->dev)
continue;
if (sscanf(dev_name(dev), fmt, &id) != 1)
continue;
if (id < 0 || id >= max_ports)
continue;
set_bit(id, idmap);
}
Reported by FlawFinder.
Line: 344
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
id = find_first_zero_bit(idmap, max_ports);
free_page((unsigned long)idmap);
snprintf(buf, sizeof(buf), fmt, id); /* Name generation */
dev = device_find_child_by_name(&wwandev->dev, buf);
if (dev) {
put_device(dev);
return -ENFILE;
Reported by FlawFinder.
Line: 87
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct wwan_device *wwan = to_wwan_dev(dev);
return sprintf(buf, "%d\n", wwan->id);
}
static DEVICE_ATTR_RO(index);
static struct attribute *wwan_dev_attrs[] = {
&dev_attr_index.attr,
Reported by FlawFinder.
Line: 320
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct class_dev_iter iter;
unsigned long *idmap;
struct device *dev;
char buf[0x20];
int id;
idmap = (unsigned long *)get_zeroed_page(GFP_KERNEL);
if (!idmap)
return -ENOMEM;
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct wwan_device *wwandev;
struct wwan_port *port;
int minor, err = -ENOMEM;
char namefmt[0x20];
if (type > WWAN_PORT_MAX || !ops)
return ERR_PTR(-EINVAL);
/* A port is always a child of a WWAN device, retrieve (allocate or
Reported by FlawFinder.
drivers/scsi/csiostor/csio_attr.c
6 issues
Line: 249
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct csio_lnode *ln = shost_priv(shost);
struct csio_hw *hw = csio_lnode_to_hw(ln);
char state[16];
spin_lock_irq(&hw->lock);
csio_lnode_state_to_str(ln, state);
if (!strcmp(state, "READY"))
Reported by FlawFinder.
Line: 393
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct fc_vport *fc_vport = ln->fc_vport;
struct csio_lnode *pln = ln->pln;
char state[16];
/* Set fc vport state based on phyiscal lnode */
csio_lnode_state_to_str(pln, state);
if (strcmp(state, "READY")) {
fc_vport_set_state(fc_vport, FC_VPORT_LINKDOWN);
Reported by FlawFinder.
Line: 475
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ln->vnp_flowid = FW_FCOE_VNP_CMD_VNPI_GET(
ntohl(rsp->gen_wwn_to_vnpi));
memcpy(csio_ln_wwnn(ln), rsp->vnport_wwnn, 8);
memcpy(csio_ln_wwpn(ln), rsp->vnport_wwpn, 8);
csio_ln_dbg(ln, "FCOE VNPI: 0x%x\n", ln->vnp_flowid);
csio_ln_dbg(ln, "\tWWNN: %x%x%x%x%x%x%x%x\n",
ln->ln_sparm.wwnn[0], ln->ln_sparm.wwnn[1],
Reported by FlawFinder.
Line: 476
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ln->vnp_flowid = FW_FCOE_VNP_CMD_VNPI_GET(
ntohl(rsp->gen_wwn_to_vnpi));
memcpy(csio_ln_wwnn(ln), rsp->vnport_wwnn, 8);
memcpy(csio_ln_wwpn(ln), rsp->vnport_wwpn, 8);
csio_ln_dbg(ln, "FCOE VNPI: 0x%x\n", ln->vnp_flowid);
csio_ln_dbg(ln, "\tWWNN: %x%x%x%x%x%x%x%x\n",
ln->ln_sparm.wwnn[0], ln->ln_sparm.wwnn[1],
ln->ln_sparm.wwnn[2], ln->ln_sparm.wwnn[3],
Reported by FlawFinder.
Line: 573
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"vport create failed. Invalid wwnn\n");
goto error;
}
memcpy(csio_ln_wwnn(ln), wwn, 8);
}
if (fc_vport->port_name != 0) {
u64_to_wwn(fc_vport->port_name, wwn);
Reported by FlawFinder.
Line: 590
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"vport create failed. wwpn already exists\n");
goto error;
}
memcpy(csio_ln_wwpn(ln), wwn, 8);
}
fc_vport_set_state(fc_vport, FC_VPORT_INITIALIZING);
ln->fc_vport = fc_vport;
Reported by FlawFinder.
drivers/nfc/st21nfca/core.c
6 issues
Line: 562
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto exit;
}
memcpy(uid, uid_skb->data, uid_skb->len);
*len = uid_skb->len;
exit:
kfree_skb(uid_skb);
return r;
}
Reported by FlawFinder.
Line: 589
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto exit;
}
memcpy(target->iso15693_uid, inventory_skb->data, inventory_skb->len);
target->iso15693_dsfid = inventory_skb->data[1];
target->is_iso15693 = 1;
exit:
kfree_skb(inventory_skb);
return r;
Reported by FlawFinder.
Line: 653
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
target->sens_res = atqa;
target->sel_res = sak;
memcpy(target->nfcid1, uid, len);
target->nfcid1_len = len;
}
break;
case ST21NFCA_RF_READER_ISO15693_GATE:
Reported by FlawFinder.
Line: 698
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (nfcid_skb->len > 0) {
/* P2P in type F */
memcpy(target->sensf_res, nfcid_skb->data,
nfcid_skb->len);
target->sensf_res_len = nfcid_skb->len;
/* NFC Forum Digital Protocol Table 44 */
if (target->sensf_res[0] == 0x01 &&
target->sensf_res[1] == 0xfe)
Reported by FlawFinder.
Line: 723
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
r = -EPROTO;
goto exit;
}
memcpy(target->sensf_res, nfcid_skb->data,
nfcid_skb->len);
target->sensf_res_len = nfcid_skb->len;
target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
}
target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE;
Reported by FlawFinder.
Line: 961
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
init_data.gate_count = ARRAY_SIZE(st21nfca_gates);
memcpy(init_data.gates, st21nfca_gates, sizeof(st21nfca_gates));
/*
* Session id must include the driver name + i2c bus addr
* persistent info to discriminate 2 identical chips
*/
Reported by FlawFinder.
drivers/scsi/bfa/bfad_im.c
6 issues
Line: 1051
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strlcpy(symname, bfad->bfa_fcs.fabric.bport.port_cfg.sym_name.symname,
BFA_SYMNAME_MAXLEN);
sprintf(fc_host_symbolic_name(host), "%s", symname);
fc_host_supported_speeds(host) = bfad_im_supported_speeds(&bfad->bfa);
fc_host_maxframe_size(host) = fcport->cfg.maxfrsize;
}
Reported by FlawFinder.
Line: 52
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bfa_trc(bfad, sns_len);
if (sns_len > SCSI_SENSE_BUFFERSIZE)
sns_len = SCSI_SENSE_BUFFERSIZE;
memcpy(cmnd->sense_buffer, sns_info, sns_len);
}
if (residue > 0) {
bfa_trc(bfad, residue);
scsi_set_resid(cmnd, residue);
Reported by FlawFinder.
Line: 171
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *
bfad_im_info(struct Scsi_Host *shost)
{
static char bfa_buf[256];
struct bfad_im_port_s *im_port =
(struct bfad_im_port_s *) shost->hostdata[0];
struct bfad_s *bfad = im_port->bfad;
memset(bfa_buf, 0, sizeof(bfa_buf));
Reported by FlawFinder.
Line: 455
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfad_port_s *port;
wwn_t wwpn;
u32 fcid;
char wwpn_str[32], fcid_str[16];
struct bfad_im_s *im = itnim_drv->im;
/* online to free state transtion should not happen */
WARN_ON(itnim_drv->state == ITNIM_STATE_ONLINE);
Reported by FlawFinder.
Line: 1030
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct Scsi_Host *host = im_port->shost;
struct bfad_s *bfad = im_port->bfad;
struct bfad_port_s *port = im_port->port;
char symname[BFA_SYMNAME_MAXLEN];
struct bfa_fcport_s *fcport = BFA_FCPORT_MOD(&bfad->bfa);
fc_host_node_name(host) =
cpu_to_be64((bfa_fcs_lport_get_nwwn(port->fcs_port)));
fc_host_port_name(host) =
Reported by FlawFinder.
Line: 1115
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fc_rport *fc_rport;
wwn_t wwpn;
u32 fcid;
char wwpn_str[32], fcid_str[16];
spin_lock_irqsave(&bfad->bfad_lock, flags);
im_port = itnim->im_port;
bfa_trc(bfad, itnim->state);
switch (itnim->state) {
Reported by FlawFinder.
drivers/rtc/rtc-tps65910.c
6 issues
Line: 70
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int tps65910_rtc_read_time(struct device *dev, struct rtc_time *tm)
{
unsigned char rtc_data[NUM_TIME_REGS];
struct tps65910 *tps = dev_get_drvdata(dev->parent);
int ret;
/* Copy RTC counting registers to static registers or latches */
ret = regmap_update_bits(tps->regmap, TPS65910_RTC_CTRL,
Reported by FlawFinder.
Line: 101
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int tps65910_rtc_set_time(struct device *dev, struct rtc_time *tm)
{
unsigned char rtc_data[NUM_TIME_REGS];
struct tps65910 *tps = dev_get_drvdata(dev->parent);
int ret;
rtc_data[0] = bin2bcd(tm->tm_sec);
rtc_data[1] = bin2bcd(tm->tm_min);
Reported by FlawFinder.
Line: 142
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int tps65910_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alm)
{
unsigned char alarm_data[NUM_TIME_REGS];
u32 int_val;
struct tps65910 *tps = dev_get_drvdata(dev->parent);
int ret;
ret = regmap_bulk_read(tps->regmap, TPS65910_ALARM_SECONDS, alarm_data,
Reported by FlawFinder.
Line: 173
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int tps65910_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alm)
{
unsigned char alarm_data[NUM_TIME_REGS];
struct tps65910 *tps = dev_get_drvdata(dev->parent);
int ret;
ret = tps65910_rtc_alarm_irq_enable(dev, 0);
if (ret)
Reported by FlawFinder.
Line: 204
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int tps65910_rtc_set_calibration(struct device *dev, int calibration)
{
unsigned char comp_data[NUM_COMP_REGS];
struct tps65910 *tps = dev_get_drvdata(dev->parent);
s16 value;
int ret;
/*
Reported by FlawFinder.
Line: 249
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int tps65910_rtc_get_calibration(struct device *dev, int *calibration)
{
unsigned char comp_data[NUM_COMP_REGS];
struct tps65910 *tps = dev_get_drvdata(dev->parent);
unsigned int ctrl;
u16 value;
int ret;
Reported by FlawFinder.
drivers/nvme/target/fc.c
6 issues
Line: 770
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_unlock_irqrestore(&queue->qlock, flags);
/* Save NVME CMD IO in fod */
memcpy(&fod->cmdiubuf, fcpreq->rspaddr, fcpreq->rsplen);
/* Setup new fcpreq to be processed */
fcpreq->rspaddr = NULL;
fcpreq->rsplen = 0;
fcpreq->nvmet_fc_private = fod;
Reported by FlawFinder.
Line: 2059
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iod->lsrsp = lsrsp;
iod->fcpreq = NULL;
memcpy(iod->rqstbuf, lsreqbuf, lsreqbuf_len);
iod->rqstdatalen = lsreqbuf_len;
iod->hosthandle = hosthandle;
schedule_work(&iod->work);
Reported by FlawFinder.
Line: 2681
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fcpreq->nvmet_fc_private = fod;
fod->fcpreq = fcpreq;
memcpy(&fod->cmdiubuf, cmdiubuf, cmdiubuf_len);
nvmet_fc_queue_fcp_req(tgtport, queue, fcpreq);
return 0;
}
Reported by FlawFinder.
Line: 2808
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
nvme_fc_parse_traddr(struct nvmet_fc_traddr *traddr, char *buf, size_t blen)
{
char name[2 + NVME_FC_TRADDR_HEXNAMELEN + 1];
substring_t wwn = { name, &name[sizeof(name)-1] };
int nnoffset, pnoffset;
/* validate if string is one of the 2 allowed formats */
if (strnlen(buf, blen) == NVME_FC_TRADDR_MAXLENGTH &&
Reported by FlawFinder.
Line: 2833
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
name[1] = 'x';
name[2 + NVME_FC_TRADDR_HEXNAMELEN] = 0;
memcpy(&name[2], &buf[nnoffset], NVME_FC_TRADDR_HEXNAMELEN);
if (__nvme_fc_parse_u64(&wwn, &traddr->nn))
goto out_einval;
memcpy(&name[2], &buf[pnoffset], NVME_FC_TRADDR_HEXNAMELEN);
if (__nvme_fc_parse_u64(&wwn, &traddr->pn))
Reported by FlawFinder.
Line: 2837
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (__nvme_fc_parse_u64(&wwn, &traddr->nn))
goto out_einval;
memcpy(&name[2], &buf[pnoffset], NVME_FC_TRADDR_HEXNAMELEN);
if (__nvme_fc_parse_u64(&wwn, &traddr->pn))
goto out_einval;
return 0;
Reported by FlawFinder.
drivers/remoteproc/remoteproc_debugfs.c
6 issues
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct rproc *rproc = filp->private_data;
char buf[20];
int len;
len = scnprintf(buf, sizeof(buf), "%s\n",
rproc_coredump_str[rproc->dump_conf]);
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct rproc *rproc = filp->private_data;
int ret, err = 0;
char buf[20];
if (count > sizeof(buf))
return -EINVAL;
ret = copy_from_user(buf, user_buf, count);
Reported by FlawFinder.
Line: 132
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rproc_debug_trace *data = filp->private_data;
struct rproc_mem_entry *trace = &data->trace_mem;
void *va;
char buf[100];
int len;
va = rproc_da_to_va(data->rproc, trace->da, trace->len, NULL);
if (!va) {
Reported by FlawFinder.
Line: 160
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct rproc *rproc = filp->private_data;
/* need room for the name, a newline and a terminating null */
char buf[100];
int i;
i = scnprintf(buf, sizeof(buf), "%.98s\n", rproc->name);
return simple_read_from_buffer(userbuf, count, ppos, buf, i);
Reported by FlawFinder.
Line: 213
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct rproc *rproc = filp->private_data;
char buf[10];
int ret;
if (count < 1 || count > sizeof(buf))
return -EINVAL;
Reported by FlawFinder.
Line: 181
Column: 60
CWE codes:
126
struct rproc *rproc = filp->private_data;
char *buf = rproc->recovery_disabled ? "disabled\n" : "enabled\n";
return simple_read_from_buffer(userbuf, count, ppos, buf, strlen(buf));
}
/*
* By writing to the 'recovery' debugfs entry, we control the behavior of the
* recovery mechanism dynamically. The default value of this entry is "enabled".
Reported by FlawFinder.
drivers/s390/block/dasd.c
6 issues
Line: 1329
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dasd_device *device;
int retries, rc;
char errorstring[ERRORLENGTH];
/* Check the cqr */
rc = dasd_check_cqr(cqr);
if (rc)
return rc;
Reported by FlawFinder.
Line: 1390
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dasd_device *device;
int rc;
char errorstring[ERRORLENGTH];
/* Check the cqr */
rc = dasd_check_cqr(cqr);
if (rc) {
cqr->intrc = rc;
Reported by FlawFinder.
Line: 1411
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
if (cqr->retries < 0) {
/* internal error 14 - start_IO run out of retries */
sprintf(errorstring, "14 %p", cqr);
dev_err(&device->cdev->dev, "An error occurred in the DASD "
"device driver, reason=%s\n", errorstring);
cqr->status = DASD_CQR_ERROR;
return -EIO;
}
Reported by FlawFinder.
Line: 1677
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
!(scsw_dstat(&irb->scsw) == (DEV_STAT_CHN_END | DEV_STAT_DEV_END) &&
scsw_cstat(&irb->scsw) == 0)) {
if (cqr)
memcpy(&cqr->irb, irb, sizeof(*irb));
device = dasd_device_from_cdev_locked(cdev);
if (IS_ERR(device))
return;
/* ignore unsolicited interrupts for DIAG discipline */
if (device->discipline == dasd_diag_discipline_pointer) {
Reported by FlawFinder.
Line: 1918
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __dasd_process_cqr(struct dasd_device *device,
struct dasd_ccw_req *cqr)
{
char errorstring[ERRORLENGTH];
switch (cqr->status) {
case DASD_CQR_SUCCESS:
cqr->status = DASD_CQR_DONE;
break;
Reported by FlawFinder.
Line: 4055
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = dasd_sleep_on(cqr);
if (ret == 0)
memcpy(rdc_buffer, cqr->data, rdc_buffer_size);
dasd_sfree_request(cqr, cqr->memdev);
return ret;
}
EXPORT_SYMBOL_GPL(dasd_generic_read_dev_chars);
Reported by FlawFinder.
drivers/net/wireless/marvell/libertas/main.c
6 issues
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd.hdr.size = cpu_to_le16(sizeof(cmd));
cmd.action = cpu_to_le16(CMD_ACT_SET);
memcpy(cmd.macadd, priv->current_addr, ETH_ALEN);
ret = lbs_cmd_with_response(priv, CMD_802_11_MAC_ADDRESS, &cmd);
if (ret) {
lbs_deb_net("set MAC address failed\n");
goto err;
Reported by FlawFinder.
Line: 304
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* In case it was called from the mesh device */
dev = priv->dev;
memcpy(priv->current_addr, phwaddr->sa_data, ETH_ALEN);
memcpy(dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
if (priv->mesh_dev)
memcpy(priv->mesh_dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
return ret;
Reported by FlawFinder.
Line: 305
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev = priv->dev;
memcpy(priv->current_addr, phwaddr->sa_data, ETH_ALEN);
memcpy(dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
if (priv->mesh_dev)
memcpy(priv->mesh_dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
return ret;
}
Reported by FlawFinder.
Line: 307
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->current_addr, phwaddr->sa_data, ETH_ALEN);
memcpy(dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
if (priv->mesh_dev)
memcpy(priv->mesh_dev->dev_addr, phwaddr->sa_data, ETH_ALEN);
return ret;
}
Reported by FlawFinder.
Line: 348
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i == MRVDRV_MAX_MULTICAST_LIST_SIZE)
break;
memcpy(&cmd->maclist[6*i], ha->addr, ETH_ALEN);
lbs_deb_net("mcast address %s:%pM added to filter\n", dev->name,
ha->addr);
i++;
cnt--;
}
Reported by FlawFinder.
Line: 951
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
priv->card = card;
strcpy(dev->name, "wlan%d");
lbs_deb_thread("Starting main thread...\n");
init_waitqueue_head(&priv->waitq);
priv->main_thread = kthread_run(lbs_thread, dev, "lbs_main");
if (IS_ERR(priv->main_thread)) {
Reported by FlawFinder.