The following issues were found
sound/pci/hda/hda_local.h
6 issues
Line: 134
Column: 19
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int __snd_hda_add_vmaster(struct hda_codec *codec, char *name,
unsigned int *tlv, const char * const *followers,
const char *suffix, bool init_follower_vol,
unsigned int access, struct snd_kcontrol **ctl_ret);
#define snd_hda_add_vmaster(codec, name, tlv, followers, suffix, access) \
__snd_hda_add_vmaster(codec, name, tlv, followers, suffix, true, access, NULL)
int snd_hda_codec_reset(struct hda_codec *codec);
void snd_hda_codec_register(struct hda_codec *codec);
void snd_hda_codec_cleanup_for_unbind(struct hda_codec *codec);
Reported by FlawFinder.
Line: 135
Column: 66
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
unsigned int *tlv, const char * const *followers,
const char *suffix, bool init_follower_vol,
unsigned int access, struct snd_kcontrol **ctl_ret);
#define snd_hda_add_vmaster(codec, name, tlv, followers, suffix, access) \
__snd_hda_add_vmaster(codec, name, tlv, followers, suffix, true, access, NULL)
int snd_hda_codec_reset(struct hda_codec *codec);
void snd_hda_codec_register(struct hda_codec *codec);
void snd_hda_codec_cleanup_for_unbind(struct hda_codec *codec);
Reported by FlawFinder.
Line: 136
Column: 67
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
const char *suffix, bool init_follower_vol,
unsigned int access, struct snd_kcontrol **ctl_ret);
#define snd_hda_add_vmaster(codec, name, tlv, followers, suffix, access) \
__snd_hda_add_vmaster(codec, name, tlv, followers, suffix, true, access, NULL)
int snd_hda_codec_reset(struct hda_codec *codec);
void snd_hda_codec_register(struct hda_codec *codec);
void snd_hda_codec_cleanup_for_unbind(struct hda_codec *codec);
#define snd_hda_regmap_sync(codec) snd_hdac_regmap_sync(&(codec)->core)
Reported by FlawFinder.
Line: 177
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
#define HDA_MAX_NUM_INPUTS 36
struct hda_input_mux_item {
char label[32];
unsigned int index;
};
struct hda_input_mux {
unsigned int num_items;
struct hda_input_mux_item items[HDA_MAX_NUM_INPUTS];
Reported by FlawFinder.
Line: 668
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int baseline_len;
int eld_ver;
int cea_edid_ver;
char monitor_name[ELD_MAX_MNL + 1];
int manufacture_id;
int product_id;
u64 port_id;
int support_hdcp;
int support_ai;
Reported by FlawFinder.
Line: 685
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool monitor_present;
bool eld_valid;
int eld_size;
char eld_buffer[ELD_MAX_SIZE];
struct parsed_hdmi_eld info;
};
int snd_hdmi_get_eld_size(struct hda_codec *codec, hda_nid_t nid);
int snd_hdmi_get_eld(struct hda_codec *codec, hda_nid_t nid,
Reported by FlawFinder.
sound/pci/ice1712/ews.c
6 issues
Line: 221
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void snd_ice1712_ews_cs8404_spdif_write(struct snd_ice1712 *ice, unsigned char bits)
{
struct ews_spec *spec = ice->spec;
unsigned char bytes[2];
snd_i2c_lock(ice->i2c);
switch (ice->eeprom.subvendor) {
case ICE1712_SUBDEVICE_EWS88MT:
case ICE1712_SUBDEVICE_EWS88MT_NEW:
Reported by FlawFinder.
Line: 570
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* i/o sensitivity - this callback is shared among other devices, too */
static int snd_ice1712_ewx_io_sense_info(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_info *uinfo){
static const char * const texts[2] = {
"+4dBu", "-10dBV",
};
return snd_ctl_enum_info(uinfo, 1, 2, texts);
}
Reported by FlawFinder.
Line: 742
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ews_spec *spec = ice->spec;
int shift = kcontrol->private_value & 0xff;
int invert = (kcontrol->private_value >> 8) & 1;
unsigned char data[2];
snd_i2c_lock(ice->i2c);
if (snd_i2c_readbytes(spec->i2cdevs[EWS_I2C_88D], data, 2) != 2) {
snd_i2c_unlock(ice->i2c);
return -EIO;
Reported by FlawFinder.
Line: 763
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ews_spec *spec = ice->spec;
int shift = kcontrol->private_value & 0xff;
int invert = (kcontrol->private_value >> 8) & 1;
unsigned char data[2], ndata[2];
int change;
snd_i2c_lock(ice->i2c);
if (snd_i2c_readbytes(spec->i2cdevs[EWS_I2C_88D], data, 2) != 2) {
snd_i2c_unlock(ice->i2c);
Reported by FlawFinder.
Line: 837
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_ice1712_6fire_write_pca(struct snd_ice1712 *ice, unsigned char reg, unsigned char data)
{
unsigned char bytes[2];
struct ews_spec *spec = ice->spec;
snd_i2c_lock(ice->i2c);
bytes[0] = reg;
bytes[1] = data;
Reported by FlawFinder.
Line: 894
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_ice1712_6fire_select_input_info(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[4] = {
"Internal", "Front Input", "Rear Input", "Wave Table"
};
return snd_ctl_enum_info(uinfo, 1, 4, texts);
}
Reported by FlawFinder.
sound/sparc/amd7930.c
6 issues
Line: 758
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->private_data = amd;
pcm->info_flags = 0;
strcpy(pcm->name, amd->card->shortname);
amd->pcm = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_CONTINUOUS,
NULL, 64*1024, 64*1024);
Reported by FlawFinder.
Line: 878
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -EINVAL;
card = amd->card;
strcpy(card->mixername, card->shortname);
for (idx = 0; idx < ARRAY_SIZE(amd7930_controls); idx++) {
if ((err = snd_ctl_add(card,
snd_ctl_new1(&amd7930_controls[idx], amd))) < 0)
return err;
Reported by FlawFinder.
Line: 1013
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "AMD7930");
strcpy(card->shortname, "Sun AMD7930");
sprintf(card->longname, "%s at 0x%02lx:0x%08Lx, irq %d",
card->shortname,
rp->flags & 0xffL,
(unsigned long long)rp->start,
irq);
Reported by FlawFinder.
Line: 53
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/prom.h>
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for Sun AMD7930 soundcard.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 1011
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
return err;
strcpy(card->driver, "AMD7930");
strcpy(card->shortname, "Sun AMD7930");
sprintf(card->longname, "%s at 0x%02lx:0x%08Lx, irq %d",
card->shortname,
rp->flags & 0xffL,
(unsigned long long)rp->start,
Reported by FlawFinder.
Line: 1012
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
strcpy(card->driver, "AMD7930");
strcpy(card->shortname, "Sun AMD7930");
sprintf(card->longname, "%s at 0x%02lx:0x%08Lx, irq %d",
card->shortname,
rp->flags & 0xffL,
(unsigned long long)rp->start,
irq);
Reported by FlawFinder.
sound/pci/lx6464es/lx6464es.c
6 issues
Line: 835
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->info_flags = 0;
pcm->nonatomic = true;
strcpy(pcm->name, card_name);
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV,
&chip->pci->dev, size, size);
chip->pcm = pcm;
Reported by FlawFinder.
Line: 1085
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
chip->mac_address[0], chip->mac_address[1], chip->mac_address[2],
chip->mac_address[3], chip->mac_address[4], chip->mac_address[5]);
sprintf(card->longname, "%s at 0x%lx, 0x%p, irq %i",
card->shortname, chip->port_plx,
chip->port_dsp_bar, chip->irq);
err = snd_card_register(card);
if (err < 0)
Reported by FlawFinder.
Line: 26
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_DESCRIPTION("digigram lx6464es");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for Digigram LX6464ES interface.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 1077
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto out_free;
}
strcpy(card->driver, "LX6464ES");
sprintf(card->id, "LX6464ES_%02X%02X%02X",
chip->mac_address[3], chip->mac_address[4], chip->mac_address[5]);
sprintf(card->shortname, "LX6464ES %02X.%02X.%02X.%02X.%02X.%02X",
chip->mac_address[0], chip->mac_address[1], chip->mac_address[2],
Reported by FlawFinder.
Line: 1078
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
strcpy(card->driver, "LX6464ES");
sprintf(card->id, "LX6464ES_%02X%02X%02X",
chip->mac_address[3], chip->mac_address[4], chip->mac_address[5]);
sprintf(card->shortname, "LX6464ES %02X.%02X.%02X.%02X.%02X.%02X",
chip->mac_address[0], chip->mac_address[1], chip->mac_address[2],
chip->mac_address[3], chip->mac_address[4], chip->mac_address[5]);
Reported by FlawFinder.
Line: 1081
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(card->id, "LX6464ES_%02X%02X%02X",
chip->mac_address[3], chip->mac_address[4], chip->mac_address[5]);
sprintf(card->shortname, "LX6464ES %02X.%02X.%02X.%02X.%02X.%02X",
chip->mac_address[0], chip->mac_address[1], chip->mac_address[2],
chip->mac_address[3], chip->mac_address[4], chip->mac_address[5]);
sprintf(card->longname, "%s at 0x%lx, 0x%p, irq %i",
card->shortname, chip->port_plx,
Reported by FlawFinder.
net/rxrpc/peer_event.c
6 issues
Line: 52
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (serr->ee.ee_origin) {
case SO_EE_ORIGIN_ICMP:
_net("Rx ICMP");
memcpy(&srx->transport.sin.sin_addr,
skb_network_header(skb) + serr->addr_offset,
sizeof(struct in_addr));
break;
case SO_EE_ORIGIN_ICMP6:
_net("Rx ICMP6 on v4 sock");
Reported by FlawFinder.
Line: 58
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case SO_EE_ORIGIN_ICMP6:
_net("Rx ICMP6 on v4 sock");
memcpy(&srx->transport.sin.sin_addr,
skb_network_header(skb) + serr->addr_offset + 12,
sizeof(struct in_addr));
break;
default:
memcpy(&srx->transport.sin.sin_addr, &ip_hdr(skb)->saddr,
Reported by FlawFinder.
Line: 63
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct in_addr));
break;
default:
memcpy(&srx->transport.sin.sin_addr, &ip_hdr(skb)->saddr,
sizeof(struct in_addr));
break;
}
break;
Reported by FlawFinder.
Line: 75
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case SO_EE_ORIGIN_ICMP6:
_net("Rx ICMP6");
srx->transport.sin6.sin6_port = serr->port;
memcpy(&srx->transport.sin6.sin6_addr,
skb_network_header(skb) + serr->addr_offset,
sizeof(struct in6_addr));
break;
case SO_EE_ORIGIN_ICMP:
_net("Rx ICMP on v6 sock");
Reported by FlawFinder.
Line: 84
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
srx->transport_len = sizeof(srx->transport.sin);
srx->transport.family = AF_INET;
srx->transport.sin.sin_port = serr->port;
memcpy(&srx->transport.sin.sin_addr,
skb_network_header(skb) + serr->addr_offset,
sizeof(struct in_addr));
break;
default:
memcpy(&srx->transport.sin6.sin6_addr,
Reported by FlawFinder.
Line: 89
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct in_addr));
break;
default:
memcpy(&srx->transport.sin6.sin6_addr,
&ipv6_hdr(skb)->saddr,
sizeof(struct in6_addr));
break;
}
break;
Reported by FlawFinder.
net/sunrpc/svcauth_unix.c
6 issues
Line: 131
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct ip_map *new = container_of(cnew, struct ip_map, h);
struct ip_map *item = container_of(citem, struct ip_map, h);
strcpy(new->m_class, item->m_class);
new->m_addr = item->m_addr;
}
static void update(struct cache_head *cnew, struct cache_head *citem)
{
struct ip_map *new = container_of(cnew, struct ip_map, h);
Reported by FlawFinder.
Line: 294
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct ip_map ip;
struct cache_head *ch;
strcpy(ip.m_class, class);
ip.m_addr = *addr;
ch = sunrpc_cache_lookup_rcu(cd, &ip.h,
hash_str(class, IP_HASHBITS) ^
hash_ip6(addr));
Reported by FlawFinder.
Line: 98
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ip_map {
struct cache_head h;
char m_class[8]; /* e.g. "nfsd" */
struct in6_addr m_addr;
struct unix_domain *m_client;
struct rcu_head m_rcu;
};
Reported by FlawFinder.
Line: 160
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cache_head *h,
char **bpp, int *blen)
{
char text_addr[40];
struct ip_map *im = container_of(h, struct ip_map, h);
if (ipv6_addr_v4mapped(&(im->m_addr))) {
snprintf(text_addr, 20, "%pI4", &im->m_addr.s6_addr32[3]);
} else {
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* for scratch: */
char *buf = mesg;
int len;
char class[8];
union {
struct sockaddr sa;
struct sockaddr_in s4;
struct sockaddr_in6 s6;
} address;
Reported by FlawFinder.
Line: 466
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cache_head *h,
char **bpp, int *blen)
{
char tuid[20];
struct unix_gid *ug = container_of(h, struct unix_gid, h);
snprintf(tuid, 20, "%u", from_kuid(&init_user_ns, ug->uid));
qword_add(bpp, blen, tuid);
(*bpp)[-1] = '\n';
Reported by FlawFinder.
sound/pci/mixart/mixart_hwdep.c
6 issues
Line: 568
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i, err;
for (i = 0; i < 3; i++) {
sprintf(path, "mixart/%s", fw_files[i]);
if (request_firmware(&fw_entry, path, &mgr->pci->dev)) {
dev_err(&mgr->pci->dev,
"miXart: can't load firmware %s\n", path);
return -ENOENT;
}
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mixart_load_elf(struct mixart_mgr *mgr, const struct firmware *dsp )
{
char elf32_magic_number[4] = {0x7f,'E','L','F'};
struct snd_mixart_elf32_ehdr *elf_header;
int i;
elf_header = (struct snd_mixart_elf32_ehdr *)dsp->data;
for( i=0; i<4; i++ )
Reported by FlawFinder.
Line: 559
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int snd_mixart_setup_firmware(struct mixart_mgr *mgr)
{
static const char * const fw_files[3] = {
"miXart8.xlx", "miXart8.elf", "miXart8AES.xlx"
};
char path[32];
const struct firmware *fw_entry;
Reported by FlawFinder.
Line: 562
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char * const fw_files[3] = {
"miXart8.xlx", "miXart8.elf", "miXart8AES.xlx"
};
char path[32];
const struct firmware *fw_entry;
int i, err;
for (i = 0; i < 3; i++) {
Reported by FlawFinder.
Line: 39
Column: 6
CWE codes:
120
20
u32 value, unsigned long timeout)
{
unsigned long end_time = jiffies + (timeout * HZ / 100);
u32 read;
do { /* we may take too long time in this loop.
* so give controls back to kernel if needed.
*/
cond_resched();
Reported by FlawFinder.
Line: 51
Column: 7
CWE codes:
120
20
if(read == value) return 0;
}
else { /* wait for different value */
if(read != value) return 0;
}
} while ( time_after_eq(end_time, jiffies) );
return -EBUSY;
}
Reported by FlawFinder.
net/sunrpc/clnt.c
6 issues
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static uint32_t clntid;
const char *dir_name = clnt->cl_program->pipe_dir_name;
char name[15];
struct dentry *dir, *dentry;
dir = rpc_d_lookup_sb(sb, dir_name);
if (dir == NULL) {
pr_info("RPC: pipefs directory doesn't exist: %s\n", dir_name);
Reported by FlawFinder.
Line: 529
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.servername = args->servername,
.bc_xprt = args->bc_xprt,
};
char servername[48];
struct rpc_clnt *clnt;
int i;
if (args->bc_xprt) {
WARN_ON_ONCE(!(args->protocol & XPRT_TRANSPORT_BC));
Reported by FlawFinder.
Line: 1293
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bytes = xprt->addrlen;
if (bytes > bufsize)
bytes = bufsize;
memcpy(buf, &xprt->addr, bytes);
rcu_read_unlock();
return bytes;
}
EXPORT_SYMBOL_GPL(rpc_peeraddr);
Reported by FlawFinder.
Line: 1413
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case AF_INET:
if (buflen < sizeof(rpc_inaddr_loopback))
return -EINVAL;
memcpy(buf, &rpc_inaddr_loopback,
sizeof(rpc_inaddr_loopback));
break;
case AF_INET6:
if (buflen < sizeof(rpc_in6addr_loopback))
return -EINVAL;
Reported by FlawFinder.
Line: 1419
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case AF_INET6:
if (buflen < sizeof(rpc_in6addr_loopback))
return -EINVAL;
memcpy(buf, &rpc_in6addr_loopback,
sizeof(rpc_in6addr_loopback));
break;
default:
dprintk("RPC: %s: address family not supported\n",
__func__);
Reported by FlawFinder.
Line: 1459
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rcu_read_lock();
xprt = rcu_dereference(clnt->cl_xprt);
salen = xprt->addrlen;
memcpy(sap, &xprt->addr, salen);
net = get_net(xprt->xprt_net);
rcu_read_unlock();
rpc_set_port(sap, 0);
err = rpc_sockname(net, sap, salen, buf);
Reported by FlawFinder.
sound/pci/nm256/nm256.c
6 issues
Line: 1335
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return err;
if (! (chip->ac97->id & (0xf0000000))) {
/* looks like an invalid id */
sprintf(chip->card->mixername, "%s AC97", chip->card->driver);
}
return 0;
}
/*
Reported by FlawFinder.
Line: 1735
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return err;
}
sprintf(card->shortname, "NeoMagic %s", card->driver);
sprintf(card->longname, "%s at 0x%lx & 0x%lx, irq %d",
card->shortname,
chip->buffer_addr, chip->cport_addr, chip->irq);
err = snd_card_register(card);
Reported by FlawFinder.
Line: 1736
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
sprintf(card->shortname, "NeoMagic %s", card->driver);
sprintf(card->longname, "%s at 0x%lx & 0x%lx, irq %d",
card->shortname,
chip->buffer_addr, chip->cport_addr, chip->irq);
err = snd_card_register(card);
if (err < 0) {
Reported by FlawFinder.
Line: 1682
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
switch (pci->device) {
case PCI_DEVICE_ID_NEOMAGIC_NM256AV_AUDIO:
strcpy(card->driver, "NM256AV");
break;
case PCI_DEVICE_ID_NEOMAGIC_NM256ZX_AUDIO:
strcpy(card->driver, "NM256ZX");
break;
case PCI_DEVICE_ID_NEOMAGIC_NM256XL_PLUS_AUDIO:
Reported by FlawFinder.
Line: 1685
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(card->driver, "NM256AV");
break;
case PCI_DEVICE_ID_NEOMAGIC_NM256ZX_AUDIO:
strcpy(card->driver, "NM256ZX");
break;
case PCI_DEVICE_ID_NEOMAGIC_NM256XL_PLUS_AUDIO:
strcpy(card->driver, "NM256XL+");
break;
default:
Reported by FlawFinder.
Line: 1688
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(card->driver, "NM256ZX");
break;
case PCI_DEVICE_ID_NEOMAGIC_NM256XL_PLUS_AUDIO:
strcpy(card->driver, "NM256XL+");
break;
default:
dev_err(&pci->dev, "invalid device id 0x%x\n", pci->device);
snd_card_free(card);
return -EINVAL;
Reported by FlawFinder.
sound/soc/intel/boards/kbl_da7219_max98927.c
6 issues
Line: 640
Column: 21
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
SND_SOC_DAILINK_DEF(dummy,
DAILINK_COMP_ARRAY(COMP_DUMMY()));
SND_SOC_DAILINK_DEF(system,
DAILINK_COMP_ARRAY(COMP_CPU("System Pin")));
SND_SOC_DAILINK_DEF(echoref,
DAILINK_COMP_ARRAY(COMP_CPU("Echoref Pin")));
Reported by FlawFinder.
Line: 713
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
SND_SOC_DPCM_TRIGGER_POST, SND_SOC_DPCM_TRIGGER_POST},
.dpcm_playback = 1,
.ops = &kabylake_da7219_fe_ops,
SND_SOC_DAILINK_REG(system, dummy, platform),
},
[KBL_DPCM_AUDIO_ECHO_REF_CP] = {
.name = "Kbl Audio Echo Reference cap",
.stream_name = "Echoreference Capture",
.init = NULL,
Reported by FlawFinder.
Line: 797
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
SND_SOC_DPCM_TRIGGER_POST, SND_SOC_DPCM_TRIGGER_POST},
.dpcm_capture = 1,
.ops = &kabylake_da7219_fe_ops,
SND_SOC_DAILINK_REG(system, dummy, platform),
},
/* Back End DAI links */
{
/* SSP0 - Codec */
Reported by FlawFinder.
Line: 879
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
SND_SOC_DPCM_TRIGGER_POST, SND_SOC_DPCM_TRIGGER_POST},
.dpcm_playback = 1,
.ops = &kabylake_da7219_fe_ops,
SND_SOC_DAILINK_REG(system, dummy, platform),
},
[KBL_DPCM_AUDIO_ECHO_REF_CP] = {
.name = "Kbl Audio Echo Reference cap",
.stream_name = "Echoreference Capture",
.init = NULL,
Reported by FlawFinder.
Line: 234
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_soc_component *component = codec_dai->component;
struct snd_soc_dapm_context *dapm =
snd_soc_component_get_dapm(component);
char pin_name[20];
if (strcmp(name, MAX98927_DEV0_NAME) &&
strcmp(name, MAX98927_DEV1_NAME) &&
strcmp(name, MAX98373_DEV0_NAME) &&
strcmp(name, MAX98373_DEV1_NAME))
Reported by FlawFinder.
Line: 1002
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_soc_dapm_context *dapm = &card->dapm;
struct snd_soc_component *component = NULL;
int err, i = 0;
char jack_name[NAME_SIZE];
list_for_each_entry(pcm, &ctx->hdmi_pcm_list, head) {
component = pcm->codec_dai->component;
snprintf(jack_name, sizeof(jack_name),
"HDMI/DP, pcm=%d Jack", pcm->device);
Reported by FlawFinder.