The following issues were found
drivers/net/ppp/ppp_mppe.c
6 issues
Line: 77
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct sha_pad {
unsigned char sha_pad1[SHA1_PAD_SIZE];
unsigned char sha_pad2[SHA1_PAD_SIZE];
};
static struct sha_pad *sha_pad;
static inline void sha_pad_init(struct sha_pad *shapad)
Reported by FlawFinder.
Line: 78
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sha_pad {
unsigned char sha_pad1[SHA1_PAD_SIZE];
unsigned char sha_pad2[SHA1_PAD_SIZE];
};
static struct sha_pad *sha_pad;
static inline void sha_pad_init(struct sha_pad *shapad)
{
Reported by FlawFinder.
Line: 95
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct arc4_ctx arc4;
struct shash_desc *sha1;
unsigned char *sha1_digest;
unsigned char master_key[MPPE_MAX_KEY_LEN];
unsigned char session_key[MPPE_MAX_KEY_LEN];
unsigned keylen; /* key length in bytes */
/* NB: 128-bit == 16, 40-bit == 8! */
/* If we want to support 56-bit, */
/* the unit has to change to bits */
Reported by FlawFinder.
Line: 96
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct shash_desc *sha1;
unsigned char *sha1_digest;
unsigned char master_key[MPPE_MAX_KEY_LEN];
unsigned char session_key[MPPE_MAX_KEY_LEN];
unsigned keylen; /* key length in bytes */
/* NB: 128-bit == 16, 40-bit == 8! */
/* If we want to support 56-bit, */
/* the unit has to change to bits */
unsigned char bits; /* MPPE control bits */
Reported by FlawFinder.
Line: 157
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
arc4_crypt(&state->arc4, state->session_key, state->sha1_digest,
state->keylen);
} else {
memcpy(state->session_key, state->sha1_digest, state->keylen);
}
if (state->keylen == 8) {
/* See RFC 3078 */
state->session_key[0] = 0xd1;
state->session_key[1] = 0x26;
Reported by FlawFinder.
Line: 211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Save keys. */
memcpy(state->master_key, &options[CILEN_MPPE],
sizeof(state->master_key));
memcpy(state->session_key, state->master_key,
sizeof(state->master_key));
/*
* We defer initial key generation until mppe_init(), as mppe_alloc()
* is called frequently during negotiation.
Reported by FlawFinder.
drivers/net/ethernet/intel/ice/ice_controlq.c
6 issues
Line: 1039
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc_on_ring = ICE_CTL_Q_DESC(cq->sq, cq->sq.next_to_use);
/* if the desc is available copy the temp desc to the right place */
memcpy(desc_on_ring, desc, sizeof(*desc_on_ring));
/* if buf is not NULL assume indirect command */
if (buf) {
dma_buf = &cq->sq.r.sq_bi[cq->sq.next_to_use];
/* copy the user buf into the respective DMA buf */
Reported by FlawFinder.
Line: 1045
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buf) {
dma_buf = &cq->sq.r.sq_bi[cq->sq.next_to_use];
/* copy the user buf into the respective DMA buf */
memcpy(dma_buf->va, buf, buf_size);
desc_on_ring->datalen = cpu_to_le16(buf_size);
/* Update the address values in the desc with the pa value
* for respective buffer
*/
Reported by FlawFinder.
Line: 1077
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* if ready, copy the desc back to temp */
if (ice_sq_done(hw, cq)) {
memcpy(desc, desc_on_ring, sizeof(*desc));
if (buf) {
/* get returned length to copy */
u16 copy_size = le16_to_cpu(desc->datalen);
if (copy_size > buf_size) {
Reported by FlawFinder.
Line: 1087
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy_size, buf_size);
status = ICE_ERR_AQ_ERROR;
} else {
memcpy(buf, dma_buf->va, copy_size);
}
}
retval = le16_to_cpu(desc->retval);
if (retval) {
ice_debug(hw, ICE_DBG_AQ_MSG, "Control Send Queue command 0x%04X completed with error 0x%X\n",
Reported by FlawFinder.
Line: 1111
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* save writeback AQ if requested */
if (details->wb_desc)
memcpy(details->wb_desc, desc_on_ring,
sizeof(*details->wb_desc));
/* update the error if time out occurred */
if (!cmd_completed) {
if (rd32(hw, cq->rq.len) & cq->rq.len_crit_mask ||
Reported by FlawFinder.
Line: 1207
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
datalen = le16_to_cpu(desc->datalen);
e->msg_len = min_t(u16, datalen, e->buf_len);
if (e->msg_buf && e->msg_len)
memcpy(e->msg_buf, cq->rq.r.rq_bi[desc_idx].va, e->msg_len);
ice_debug(hw, ICE_DBG_AQ_DESC, "ARQ: desc and buffer:\n");
ice_debug_cq(hw, (void *)desc, e->msg_buf, cq->rq_buf_size);
Reported by FlawFinder.
drivers/net/ethernet/qlogic/netxen/netxen_nic.h
6 issues
Line: 1841
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
int i, found = 0;
for (i = 0; i < NUM_SUPPORTED_BOARDS; ++i) {
if (netxen_boards[i].brdtype == type) {
strcpy(name, netxen_boards[i].short_name);
found = 1;
break;
}
}
Reported by FlawFinder.
Line: 637
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int irq;
dma_addr_t phys_addr;
char name[IFNAMSIZ+4];
};
struct nx_host_tx_ring {
u32 producer;
__le32 *hw_consumer;
Reported by FlawFinder.
Line: 828
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
The following is packed:
- N hostrq_rds_rings
- N hostrq_sds_rings */
char data[0];
} nx_hostrq_rx_ctx_t;
typedef struct {
__le32 host_producer_crb; /* Crb to use */
__le32 rsvd1; /* Padding */
Reported by FlawFinder.
Line: 857
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
The following is packed:
- N cardrsp_rds_rings
- N cardrs_sds_rings */
char data[0];
} nx_cardrsp_rx_ctx_t;
#define SIZEOF_HOSTRQ_RX(HOSTRQ_RX, rds_rings, sds_rings) \
(sizeof(HOSTRQ_RX) + \
(rds_rings)*(sizeof(nx_hostrq_rds_ring_t)) + \
Reported by FlawFinder.
Line: 1802
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct netxen_brdinfo {
int brdtype; /* type of board */
long ports; /* max no of physical ports */
char short_name[NETXEN_MAX_SHORT_NAME];
};
struct netxen_dimm_cfg {
u8 presence;
u8 mem_type;
Reported by FlawFinder.
Line: 1848
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
if (!found) {
strcpy(name, "Unknown");
return -EINVAL;
}
return 0;
}
Reported by FlawFinder.
drivers/net/hamradio/baycom_par.c
6 issues
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
break;
case HDLCDRVCTL_GETMODE:
strcpy(hi->data.modename, bc->options ? "par96" : "picpar");
if (copy_to_user(ifr->ifr_data, hi, sizeof(struct hdlcdrv_ioctl)))
return -EFAULT;
return 0;
case HDLCDRVCTL_SETMODE:
Reported by FlawFinder.
Line: 442
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return baycom_setmode(bc, hi->data.modename);
case HDLCDRVCTL_MODELIST:
strcpy(hi->data.modename, "par96,picpar");
if (copy_to_user(ifr->ifr_data, hi, sizeof(struct hdlcdrv_ioctl)))
return -EFAULT;
return 0;
case HDLCDRVCTL_MODEMPARMASK:
Reported by FlawFinder.
Line: 478
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* command line settable parameters
*/
static char *mode[NR_PORTS] = { "picpar", };
static int iobase[NR_PORTS] = { 0x378, };
module_param_array(mode, charp, NULL, 0);
MODULE_PARM_DESC(mode, "baycom operating mode; eg. par96 or picpar");
module_param_hw_array(iobase, int, ioport, NULL, 0);
Reported by FlawFinder.
Line: 526
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < NR_PORTS; i++) {
struct net_device *dev;
struct baycom_state *bc;
char ifname[IFNAMSIZ];
sprintf(ifname, "bcp%d", i);
if (!mode[i])
set_hw = 0;
Reported by FlawFinder.
Line: 528
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct baycom_state *bc;
char ifname[IFNAMSIZ];
sprintf(ifname, "bcp%d", i);
if (!mode[i])
set_hw = 0;
if (!set_hw)
iobase[i] = 0;
Reported by FlawFinder.
Line: 495
Column: 12
CWE codes:
126
static int baycom_par_probe(struct pardevice *par_dev)
{
struct device_driver *drv = par_dev->dev.driver;
int len = strlen(drv->name);
if (strncmp(par_dev->name, drv->name, len))
return -ENODEV;
return 0;
Reported by FlawFinder.
drivers/net/hamradio/baycom_ser_fdx.c
6 issues
Line: 521
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
case HDLCDRVCTL_GETMODE:
sprintf(hi->data.modename, "ser%u", bc->baud / 100);
if (bc->opt_dcd <= 0)
strcat(hi->data.modename, (!bc->opt_dcd) ? "*" : "+");
if (copy_to_user(ifr->ifr_data, hi, sizeof(struct hdlcdrv_ioctl)))
return -EFAULT;
return 0;
case HDLCDRVCTL_SETMODE:
Reported by FlawFinder.
Line: 519
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
case HDLCDRVCTL_GETMODE:
sprintf(hi->data.modename, "ser%u", bc->baud / 100);
if (bc->opt_dcd <= 0)
strcat(hi->data.modename, (!bc->opt_dcd) ? "*" : "+");
if (copy_to_user(ifr->ifr_data, hi, sizeof(struct hdlcdrv_ioctl)))
return -EFAULT;
return 0;
Reported by FlawFinder.
Line: 533
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return baycom_setmode(bc, hi->data.modename);
case HDLCDRVCTL_MODELIST:
strcpy(hi->data.modename, "ser12,ser3,ser24");
if (copy_to_user(ifr->ifr_data, hi, sizeof(struct hdlcdrv_ioctl)))
return -EFAULT;
return 0;
case HDLCDRVCTL_MODEMPARMASK:
Reported by FlawFinder.
Line: 569
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* command line settable parameters
*/
static char *mode[NR_PORTS] = { "ser12*", };
static int iobase[NR_PORTS] = { 0x3f8, };
static int irq[NR_PORTS] = { 4, };
static int baud[NR_PORTS] = { [0 ... NR_PORTS-1] = 1200 };
module_param_array(mode, charp, NULL, 0);
Reported by FlawFinder.
Line: 601
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < NR_PORTS; i++) {
struct net_device *dev;
struct baycom_state *bc;
char ifname[IFNAMSIZ];
sprintf(ifname, "bcsf%d", i);
if (!mode[i])
set_hw = 0;
Reported by FlawFinder.
Line: 603
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct baycom_state *bc;
char ifname[IFNAMSIZ];
sprintf(ifname, "bcsf%d", i);
if (!mode[i])
set_hw = 0;
if (!set_hw)
iobase[i] = irq[i] = 0;
Reported by FlawFinder.
drivers/net/hamradio/baycom_ser_hdx.c
6 issues
Line: 575
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
case HDLCDRVCTL_GETMODE:
strcpy(hi->data.modename, "ser12");
if (bc->opt_dcd <= 0)
strcat(hi->data.modename, (!bc->opt_dcd) ? "*" : (bc->opt_dcd == -2) ? "@" : "+");
if (copy_to_user(ifr->ifr_data, hi, sizeof(struct hdlcdrv_ioctl)))
return -EFAULT;
return 0;
case HDLCDRVCTL_SETMODE:
Reported by FlawFinder.
Line: 573
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
break;
case HDLCDRVCTL_GETMODE:
strcpy(hi->data.modename, "ser12");
if (bc->opt_dcd <= 0)
strcat(hi->data.modename, (!bc->opt_dcd) ? "*" : (bc->opt_dcd == -2) ? "@" : "+");
if (copy_to_user(ifr->ifr_data, hi, sizeof(struct hdlcdrv_ioctl)))
return -EFAULT;
return 0;
Reported by FlawFinder.
Line: 587
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return baycom_setmode(bc, hi->data.modename);
case HDLCDRVCTL_MODELIST:
strcpy(hi->data.modename, "ser12");
if (copy_to_user(ifr->ifr_data, hi, sizeof(struct hdlcdrv_ioctl)))
return -EFAULT;
return 0;
case HDLCDRVCTL_MODEMPARMASK:
Reported by FlawFinder.
Line: 623
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* command line settable parameters
*/
static char *mode[NR_PORTS] = { "ser12*", };
static int iobase[NR_PORTS] = { 0x3f8, };
static int irq[NR_PORTS] = { 4, };
module_param_array(mode, charp, NULL, 0);
MODULE_PARM_DESC(mode, "baycom operating mode; * for software DCD");
Reported by FlawFinder.
Line: 652
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < NR_PORTS; i++) {
struct net_device *dev;
struct baycom_state *bc;
char ifname[IFNAMSIZ];
sprintf(ifname, "bcsh%d", i);
if (!mode[i])
set_hw = 0;
Reported by FlawFinder.
Line: 654
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct baycom_state *bc;
char ifname[IFNAMSIZ];
sprintf(ifname, "bcsh%d", i);
if (!mode[i])
set_hw = 0;
if (!set_hw)
iobase[i] = irq[i] = 0;
Reported by FlawFinder.
drivers/net/hamradio/hdlcdrv.c
6 issues
Line: 149
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
cp = skb_put(skb, pkt_len);
*cp++ = 0; /* KISS kludge */
memcpy(cp, s->hdlcrx.buffer, pkt_len - 1);
skb->protocol = ax25_type_trans(skb, dev);
netif_rx(skb);
dev->stats.rx_packets++;
}
Reported by FlawFinder.
Line: 418
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sockaddr *sa = (struct sockaddr *)addr;
/* addr is an AX.25 shifted ASCII mac address */
memcpy(dev->dev_addr, sa->sa_data, dev->addr_len);
return 0;
}
/* --------------------------------------------------------------------- */
/*
Reported by FlawFinder.
Line: 437
Column: 26
CWE codes:
362
struct hdlcdrv_state *s = netdev_priv(dev);
int i;
if (!s->ops || !s->ops->open)
return -ENODEV;
/*
* initialise some variables
*/
Reported by FlawFinder.
Line: 457
Column: 14
CWE codes:
362
s->hdlctx.slotcnt = s->ch_params.slottime;
s->hdlctx.calibrate = 0;
i = s->ops->open(dev);
if (i)
return i;
netif_start_queue(dev);
return 0;
}
Reported by FlawFinder.
Line: 675
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->hard_header_len = AX25_MAX_HEADER_LEN + AX25_BPQ_HEADER_LEN;
dev->mtu = AX25_DEF_PACLEN; /* eth_mtu is the default */
dev->addr_len = AX25_ADDR_LEN; /* sizeof an ax.25 address */
memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
dev->tx_queue_len = 16;
}
/* --------------------------------------------------------------------- */
Reported by FlawFinder.
Line: 676
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->mtu = AX25_DEF_PACLEN; /* eth_mtu is the default */
dev->addr_len = AX25_ADDR_LEN; /* sizeof an ax.25 address */
memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
dev->tx_queue_len = 16;
}
/* --------------------------------------------------------------------- */
struct net_device *hdlcdrv_register(const struct hdlcdrv_ops *ops,
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/en_tx.c
6 issues
Line: 210
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int cpy1_sz = 2 * ETH_ALEN;
int cpy2_sz = ihs - cpy1_sz;
memcpy(vhdr, skb->data, cpy1_sz);
vhdr->h_vlan_proto = skb->vlan_proto;
vhdr->h_vlan_TCI = cpu_to_be16(skb_vlan_tag_get(skb));
memcpy(&vhdr->h_vlan_encapsulated_proto, skb->data + cpy1_sz, cpy2_sz);
}
Reported by FlawFinder.
Line: 213
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(vhdr, skb->data, cpy1_sz);
vhdr->h_vlan_proto = skb->vlan_proto;
vhdr->h_vlan_TCI = cpu_to_be16(skb_vlan_tag_get(skb));
memcpy(&vhdr->h_vlan_encapsulated_proto, skb->data + cpy1_sz, cpy2_sz);
}
/* If packet is not IP's CHECKSUM_PARTIAL (e.g. icmd packet),
* need to set L3 checksum flag for IPsec
*/
Reported by FlawFinder.
Line: 514
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stats->added_vlan_packets++;
} else {
eseg->inline_hdr.sz |= cpu_to_be16(attr->ihs);
memcpy(eseg->inline_hdr.start, skb->data, attr->ihs);
}
dseg += wqe_attr->ds_cnt_inl;
} else if (skb_vlan_tag_present(skb)) {
eseg->insert.type = cpu_to_be16(MLX5_ETH_WQE_INSERT_VLAN);
if (skb->vlan_proto == cpu_to_be16(ETH_P_8021AD))
Reported by FlawFinder.
Line: 573
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
.inline_on = 0,
};
memcpy(&session->wqe->eth, eseg, MLX5E_ACCEL_ESEG_LEN);
sq->stats->mpwqe_blks++;
}
static bool mlx5e_tx_mpwqe_session_is_active(struct mlx5e_txqsq *sq)
Reported by FlawFinder.
Line: 966
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mlx5i_txwqe_build_datagram(struct mlx5_av *av, u32 dqpn, u32 dqkey,
struct mlx5_wqe_datagram_seg *dseg)
{
memcpy(&dseg->av, av, sizeof(struct mlx5_av));
dseg->av.dqp_dct = cpu_to_be32(dqpn | MLX5_EXTENDED_UD_AV);
dseg->av.key.qkey.qkey = cpu_to_be32(dqkey);
}
static void mlx5i_sq_calc_wqe_attr(struct sk_buff *skb,
Reported by FlawFinder.
Line: 1033
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eseg->mss = attr.mss;
if (attr.ihs) {
memcpy(eseg->inline_hdr.start, skb->data, attr.ihs);
eseg->inline_hdr.sz = cpu_to_be16(attr.ihs);
dseg += wqe_attr.ds_cnt_inl;
}
num_dma = mlx5e_txwqe_build_dsegs(sq, skb, skb->data + attr.ihs,
Reported by FlawFinder.
drivers/net/ethernet/intel/i40e/i40e_type.h
6 issues
Line: 606
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* debug mask */
u32 debug_mask;
char err_str[16];
};
static inline bool i40e_is_vf(struct i40e_hw *hw)
{
return (hw->mac.type == I40E_MAC_VF ||
Reported by FlawFinder.
Line: 1464
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 type;
struct i40e_ddp_version version;
u32 size;
char name[I40E_DDP_NAME_SIZE];
};
struct i40e_metadata_segment {
struct i40e_generic_seg_header header;
struct i40e_ddp_version version;
Reported by FlawFinder.
Line: 1472
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i40e_ddp_version version;
#define I40E_DDP_TRACKID_INVALID 0xFFFFFFFF
u32 track_id;
char name[I40E_DDP_NAME_SIZE];
};
struct i40e_device_id_entry {
u32 vendor_dev_id;
u32 sub_vendor_dev_id;
Reported by FlawFinder.
Line: 1483
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i40e_profile_segment {
struct i40e_generic_seg_header header;
struct i40e_ddp_version version;
char name[I40E_DDP_NAME_SIZE];
u32 device_table_count;
struct i40e_device_id_entry device_table[1];
};
struct i40e_section_table {
Reported by FlawFinder.
Line: 628
Column: 4
CWE codes:
120
20
struct {
__le64 pkt_addr; /* Packet buffer address */
__le64 hdr_addr; /* Header buffer address */
} read;
struct {
struct i40e_16b_rx_wb_qw0 {
struct {
union {
__le16 mirroring_status;
Reported by FlawFinder.
Line: 661
Column: 4
CWE codes:
120
20
/* bit 0 of hdr_buffer_addr is DD bit */
__le64 rsvd1;
__le64 rsvd2;
} read;
struct {
struct i40e_32b_rx_wb_qw0 {
struct {
union {
__le16 mirroring_status;
Reported by FlawFinder.
drivers/net/wireless/ath/ath5k/rfgain.h
6 issues
Line: 61
CWE codes:
190
{ AR5K_RF_GAIN(20), { 0x00000098, 0x00000092 } },
{ AR5K_RF_GAIN(21), { 0x000001a4, 0x0000017c } },
{ AR5K_RF_GAIN(22), { 0x000001e4, 0x000001bc } },
{ AR5K_RF_GAIN(23), { 0x00000024, 0x000001fc } },
{ AR5K_RF_GAIN(24), { 0x00000064, 0x0000000a } },
{ AR5K_RF_GAIN(25), { 0x000000a4, 0x0000004a } },
{ AR5K_RF_GAIN(26), { 0x000000e4, 0x0000008a } },
{ AR5K_RF_GAIN(27), { 0x0000010a, 0x0000015a } },
{ AR5K_RF_GAIN(28), { 0x0000014a, 0x0000019a } },
Reported by Cppcheck.
Line: 130
CWE codes:
190
{ AR5K_RF_GAIN(20), { 0x00000063, 0x00000063 } },
{ AR5K_RF_GAIN(21), { 0x00000184, 0x00000184 } },
{ AR5K_RF_GAIN(22), { 0x000001c4, 0x000001c4 } },
{ AR5K_RF_GAIN(23), { 0x00000004, 0x00000004 } },
{ AR5K_RF_GAIN(24), { 0x000001ea, 0x0000000b } },
{ AR5K_RF_GAIN(25), { 0x0000002a, 0x0000004b } },
{ AR5K_RF_GAIN(26), { 0x0000006a, 0x0000008b } },
{ AR5K_RF_GAIN(27), { 0x000000aa, 0x000001ac } },
{ AR5K_RF_GAIN(28), { 0x000001ab, 0x000001ec } },
Reported by Cppcheck.
Line: 198
CWE codes:
190
{ AR5K_RF_GAIN(20), { 0x00000000, 0x00000010 } },
{ AR5K_RF_GAIN(21), { 0x00000000, 0x00000050 } },
{ AR5K_RF_GAIN(22), { 0x00000000, 0x00000090 } },
{ AR5K_RF_GAIN(23), { 0x00000000, 0x00000191 } },
{ AR5K_RF_GAIN(24), { 0x00000000, 0x000001d1 } },
{ AR5K_RF_GAIN(25), { 0x00000000, 0x00000011 } },
{ AR5K_RF_GAIN(26), { 0x00000000, 0x00000051 } },
{ AR5K_RF_GAIN(27), { 0x00000000, 0x00000091 } },
{ AR5K_RF_GAIN(28), { 0x00000000, 0x00000178 } },
Reported by Cppcheck.
Line: 266
CWE codes:
190
{ AR5K_RF_GAIN(20), { 0x00000000, 0x000001b0 } },
{ AR5K_RF_GAIN(21), { 0x00000000, 0x000001f0 } },
{ AR5K_RF_GAIN(22), { 0x00000000, 0x00000030 } },
{ AR5K_RF_GAIN(23), { 0x00000000, 0x00000070 } },
{ AR5K_RF_GAIN(24), { 0x00000000, 0x000000b0 } },
{ AR5K_RF_GAIN(25), { 0x00000000, 0x000000f0 } },
{ AR5K_RF_GAIN(26), { 0x00000000, 0x000000f0 } },
{ AR5K_RF_GAIN(27), { 0x00000000, 0x000000f0 } },
{ AR5K_RF_GAIN(28), { 0x00000000, 0x000000f0 } },
Reported by Cppcheck.
Line: 336
CWE codes:
190
{ AR5K_RF_GAIN(20), { 0x000001b1, 0x00000010 } },
{ AR5K_RF_GAIN(21), { 0x000001f1, 0x00000050 } },
{ AR5K_RF_GAIN(22), { 0x00000031, 0x00000090 } },
{ AR5K_RF_GAIN(23), { 0x00000071, 0x00000171 } },
{ AR5K_RF_GAIN(24), { 0x000001b8, 0x000001b1 } },
{ AR5K_RF_GAIN(25), { 0x000001f8, 0x000001f1 } },
{ AR5K_RF_GAIN(26), { 0x00000038, 0x00000031 } },
{ AR5K_RF_GAIN(27), { 0x00000078, 0x00000071 } },
{ AR5K_RF_GAIN(28), { 0x00000199, 0x00000198 } },
Reported by Cppcheck.
Line: 405
CWE codes:
190
{ AR5K_RF_GAIN(20), { 0x00000000, 0x00000030 } },
{ AR5K_RF_GAIN(21), { 0x00000000, 0x00000070 } },
{ AR5K_RF_GAIN(22), { 0x00000000, 0x00000171 } },
{ AR5K_RF_GAIN(23), { 0x00000000, 0x000001b1 } },
{ AR5K_RF_GAIN(24), { 0x00000000, 0x000001f1 } },
{ AR5K_RF_GAIN(25), { 0x00000000, 0x00000031 } },
{ AR5K_RF_GAIN(26), { 0x00000000, 0x00000071 } },
{ AR5K_RF_GAIN(27), { 0x00000000, 0x000001b8 } },
{ AR5K_RF_GAIN(28), { 0x00000000, 0x000001f8 } },
Reported by Cppcheck.