The following issues were found
sound/soc/codecs/arizona.h
5 issues
Line: 138
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ARIZONA_NUM_MIXER_INPUTS 104
extern const unsigned int arizona_mixer_tlv[];
extern const char * const arizona_mixer_texts[ARIZONA_NUM_MIXER_INPUTS];
extern unsigned int arizona_mixer_values[ARIZONA_NUM_MIXER_INPUTS];
#define ARIZONA_GAINMUX_CONTROLS(name, base) \
SOC_SINGLE_RANGE_TLV(name " Input Volume", base + 1, \
ARIZONA_MIXER_VOL_SHIFT, 0x20, 0x50, 0, \
Reported by FlawFinder.
Line: 263
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* SND_JACK_* mask for supported cable/switch types */
#define ARIZONA_JACK_MASK (SND_JACK_HEADSET | SND_JACK_LINEOUT | SND_JACK_MECHANICAL)
extern const char * const arizona_rate_text[ARIZONA_RATE_ENUM_SIZE];
extern const unsigned int arizona_rate_val[ARIZONA_RATE_ENUM_SIZE];
extern const char * const arizona_sample_rate_text[ARIZONA_SAMPLE_RATE_ENUM_SIZE];
extern const unsigned int arizona_sample_rate_val[ARIZONA_SAMPLE_RATE_ENUM_SIZE];
extern const struct soc_enum arizona_isrc_fsl[];
Reported by FlawFinder.
Line: 265
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern const char * const arizona_rate_text[ARIZONA_RATE_ENUM_SIZE];
extern const unsigned int arizona_rate_val[ARIZONA_RATE_ENUM_SIZE];
extern const char * const arizona_sample_rate_text[ARIZONA_SAMPLE_RATE_ENUM_SIZE];
extern const unsigned int arizona_sample_rate_val[ARIZONA_SAMPLE_RATE_ENUM_SIZE];
extern const struct soc_enum arizona_isrc_fsl[];
extern const struct soc_enum arizona_isrc_fsh[];
extern const struct soc_enum arizona_asrc_rate1;
Reported by FlawFinder.
Line: 331
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ref_src;
unsigned int ref_freq;
char lock_name[ARIZONA_FLL_NAME_LEN];
char clock_ok_name[ARIZONA_FLL_NAME_LEN];
};
int arizona_dvfs_up(struct snd_soc_component *component, unsigned int flags);
int arizona_dvfs_down(struct snd_soc_component *component, unsigned int flags);
Reported by FlawFinder.
Line: 332
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int ref_freq;
char lock_name[ARIZONA_FLL_NAME_LEN];
char clock_ok_name[ARIZONA_FLL_NAME_LEN];
};
int arizona_dvfs_up(struct snd_soc_component *component, unsigned int flags);
int arizona_dvfs_down(struct snd_soc_component *component, unsigned int flags);
int arizona_dvfs_sysclk_ev(struct snd_soc_dapm_widget *w,
Reported by FlawFinder.
sound/soc/codecs/da7218.c
5 issues
Line: 571
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Determine which BiQuads we're setting based on size of config data */
switch (bytes_ext->max) {
case DA7218_OUT_1_BIQ_5STAGE_CFG_SIZE:
memcpy(ucontrol->value.bytes.data, da7218->biq_5stage_coeff,
bytes_ext->max);
break;
case DA7218_SIDETONE_BIQ_3STAGE_CFG_SIZE:
memcpy(ucontrol->value.bytes.data, da7218->stbiq_3stage_coeff,
bytes_ext->max);
Reported by FlawFinder.
Line: 575
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bytes_ext->max);
break;
case DA7218_SIDETONE_BIQ_3STAGE_CFG_SIZE:
memcpy(ucontrol->value.bytes.data, da7218->stbiq_3stage_coeff,
bytes_ext->max);
break;
default:
return -EINVAL;
}
Reported by FlawFinder.
Line: 603
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (bytes_ext->max) {
case DA7218_OUT_1_BIQ_5STAGE_CFG_SIZE:
reg = DA7218_OUT_1_BIQ_5STAGE_DATA;
memcpy(da7218->biq_5stage_coeff, ucontrol->value.bytes.data,
bytes_ext->max);
break;
case DA7218_SIDETONE_BIQ_3STAGE_CFG_SIZE:
reg = DA7218_SIDETONE_BIQ_3STAGE_DATA;
memcpy(da7218->stbiq_3stage_coeff, ucontrol->value.bytes.data,
Reported by FlawFinder.
Line: 608
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case DA7218_SIDETONE_BIQ_3STAGE_CFG_SIZE:
reg = DA7218_SIDETONE_BIQ_3STAGE_DATA;
memcpy(da7218->stbiq_3stage_coeff, ucontrol->value.bytes.data,
bytes_ext->max);
break;
default:
return -EINVAL;
}
Reported by FlawFinder.
Line: 2627
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
}
static const char *da7218_supply_names[DA7218_NUM_SUPPLIES] = {
[DA7218_SUPPLY_VDD] = "VDD",
[DA7218_SUPPLY_VDDMIC] = "VDDMIC",
[DA7218_SUPPLY_VDDIO] = "VDDIO",
};
Reported by FlawFinder.
sound/soc/intel/atom/sst-mfld-dsp.h
5 issues
Line: 229
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Firmware build info */
struct sst_fw_build_info {
unsigned char date[16]; /* Firmware build date */
unsigned char time[16]; /* Firmware build time */
} __packed;
/* Firmware Version info */
struct snd_sst_fw_version {
Reported by FlawFinder.
Line: 230
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Firmware build info */
struct sst_fw_build_info {
unsigned char date[16]; /* Firmware build date */
unsigned char time[16]; /* Firmware build time */
} __packed;
/* Firmware Version info */
struct snd_sst_fw_version {
u8 build; /* build number*/
Reported by FlawFinder.
Line: 277
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 media_type;
u8 lib_name[12];
u32 lib_caps;
unsigned char b_date[16]; /* Lib build date */
unsigned char b_time[16]; /* Lib build time */
} __packed;
/* Library slot info */
struct lib_slot_info {
Reported by FlawFinder.
Line: 278
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 lib_name[12];
u32 lib_caps;
unsigned char b_date[16]; /* Lib build date */
unsigned char b_time[16]; /* Lib build time */
} __packed;
/* Library slot info */
struct lib_slot_info {
u8 slot_num; /* 1 or 2 */
Reported by FlawFinder.
Line: 517
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 pipe_id;
u8 rsvd;
u16 len;
char bytes[0];
};
#define MAX_VTSV_FILES 2
struct snd_sst_vtsv_info {
struct sst_address_info vfiles[MAX_VTSV_FILES];
Reported by FlawFinder.
sound/soc/sof/topology.c
5 issues
Line: 500
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct snd_soc_tplg_vendor_uuid_elem *velem = elem;
u8 *dst = (u8 *)object + offset;
memcpy(dst, velem->uuid, UUID_SIZE);
return 0;
}
static int get_token_comp_format(void *elem, void *object, u32 offset, u32 size)
Reported by FlawFinder.
Line: 1198
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scontrol->comp_id, scontrol->num_channels);
if (le32_to_cpu(control->priv.size) > 0) {
memcpy(cdata->data, control->priv.data,
le32_to_cpu(control->priv.size));
if (cdata->data->magic != SOF_ABI_MAGIC) {
dev_err(scomp->dev, "error: Wrong ABI magic 0x%08x.\n",
cdata->data->magic);
Reported by FlawFinder.
Line: 1503
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* handle the extended data if needed */
if (total_size > *ipc_size) {
/* append extended data to the end of the component */
memcpy((u8 *)comp + *ipc_size, &swidget->comp_ext, sizeof(swidget->comp_ext));
comp->ext_data_length = sizeof(swidget->comp_ext);
}
/* update ipc_size and return */
*ipc_size = total_size;
Reported by FlawFinder.
Line: 1566
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* the snd_sof_dai, the extended data is kept in the
* snd_sof_widget.
*/
memcpy(&dai->comp_dai, comp_dai, sizeof(*comp_dai));
}
finish:
kfree(comp_dai);
return ret;
Reported by FlawFinder.
Line: 2266
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (ipc_data_size) {
for (i = 0; i < widget->num_kcontrols; i++) {
memcpy(&process->data + offset,
wdata[i].pdata->data,
wdata[i].pdata->size);
offset += wdata[i].pdata->size;
}
}
Reported by FlawFinder.
sound/soc/ti/omap-mcbsp.c
5 issues
Line: 563
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (s = &dma_op_modes[i]; i < ARRAY_SIZE(dma_op_modes); s++, i++) {
if (dma_op_mode == i)
len += sprintf(buf + len, "[%s] ", *s);
else
len += sprintf(buf + len, "%s ", *s);
}
len += sprintf(buf + len, "\n");
Reported by FlawFinder.
Line: 565
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (dma_op_mode == i)
len += sprintf(buf + len, "[%s] ", *s);
else
len += sprintf(buf + len, "%s ", *s);
}
len += sprintf(buf + len, "\n");
return len;
}
Reported by FlawFinder.
Line: 520
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{ \
struct omap_mcbsp *mcbsp = dev_get_drvdata(dev); \
\
return sprintf(buf, "%u\n", mcbsp->prop); \
} \
\
static ssize_t prop##_store(struct device *dev, \
struct device_attribute *attr, \
const char *buf, size_t size) \
Reported by FlawFinder.
Line: 1388
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!pdata)
return -ENOMEM;
memcpy(pdata, match->data, sizeof(*pdata));
if (!of_property_read_u32(node, "ti,buffer-size", &buffer_size))
pdata->buffer_size = buffer_size;
if (pdata_quirk)
pdata->force_ick_on = pdata_quirk->force_ick_on;
} else if (!pdata) {
Reported by FlawFinder.
Line: 567
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
len += sprintf(buf + len, "%s ", *s);
}
len += sprintf(buf + len, "\n");
return len;
}
static ssize_t dma_op_mode_store(struct device *dev,
Reported by FlawFinder.
sound/usb/caiaq/input.c
5 issues
Line: 613
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
input->absbit[0] = BIT_MASK(ABS_X) | BIT_MASK(ABS_Y) |
BIT_MASK(ABS_Z);
BUILD_BUG_ON(sizeof(cdev->keycode) < sizeof(keycode_rk2));
memcpy(cdev->keycode, keycode_rk2, sizeof(keycode_rk2));
input->keycodemax = ARRAY_SIZE(keycode_rk2);
input_set_abs_params(input, ABS_X, 0, 4096, 0, 10);
input_set_abs_params(input, ABS_Y, 0, 4096, 0, 10);
input_set_abs_params(input, ABS_Z, 0, 4096, 0, 10);
snd_usb_caiaq_set_auto_msg(cdev, 1, 10, 0);
Reported by FlawFinder.
Line: 625
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
input->absbit[0] = BIT_MASK(ABS_X) | BIT_MASK(ABS_Y) |
BIT_MASK(ABS_Z);
BUILD_BUG_ON(sizeof(cdev->keycode) < sizeof(keycode_rk3));
memcpy(cdev->keycode, keycode_rk3, sizeof(keycode_rk3));
input->keycodemax = ARRAY_SIZE(keycode_rk3);
input_set_abs_params(input, ABS_X, 0, 1024, 0, 10);
input_set_abs_params(input, ABS_Y, 0, 1024, 0, 10);
input_set_abs_params(input, ABS_Z, 0, 1024, 0, 10);
snd_usb_caiaq_set_auto_msg(cdev, 1, 10, 0);
Reported by FlawFinder.
Line: 636
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_ABS);
input->absbit[0] = BIT_MASK(ABS_X);
BUILD_BUG_ON(sizeof(cdev->keycode) < sizeof(keycode_ak1));
memcpy(cdev->keycode, keycode_ak1, sizeof(keycode_ak1));
input->keycodemax = ARRAY_SIZE(keycode_ak1);
input_set_abs_params(input, ABS_X, 0, 999, 0, 10);
snd_usb_caiaq_set_auto_msg(cdev, 1, 0, 5);
break;
case USB_ID(USB_VID_NATIVEINSTRUMENTS, USB_PID_KORECONTROLLER):
Reported by FlawFinder.
Line: 652
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BIT_MASK(ABS_Z);
input->absbit[BIT_WORD(ABS_MISC)] |= BIT_MASK(ABS_MISC);
BUILD_BUG_ON(sizeof(cdev->keycode) < sizeof(keycode_kore));
memcpy(cdev->keycode, keycode_kore, sizeof(keycode_kore));
input->keycodemax = ARRAY_SIZE(keycode_kore);
input_set_abs_params(input, ABS_HAT0X, 0, 999, 0, 10);
input_set_abs_params(input, ABS_HAT0Y, 0, 999, 0, 10);
input_set_abs_params(input, ABS_HAT1X, 0, 999, 0, 10);
input_set_abs_params(input, ABS_HAT1Y, 0, 999, 0, 10);
Reported by FlawFinder.
Line: 768
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BIT_MASK(ABS_RZ);
BUILD_BUG_ON(sizeof(cdev->keycode) < sizeof(keycode_maschine));
memcpy(cdev->keycode, keycode_maschine, sizeof(keycode_maschine));
input->keycodemax = ARRAY_SIZE(keycode_maschine);
for (i = 0; i < MASCHINE_PADS; i++) {
input->absbit[0] |= MASCHINE_PAD(i);
input_set_abs_params(input, MASCHINE_PAD(i), 0, 0xfff, 5, 10);
Reported by FlawFinder.
drivers/video/fbdev/pm2fb.c
5 issues
Line: 1066
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vxres = info->var.xres_virtual;
vyres = info->var.yres_virtual;
memcpy(&modded, region, sizeof(struct fb_fillrect));
if (!modded.width || !modded.height ||
modded.dx >= vxres || modded.dy >= vyres)
return;
Reported by FlawFinder.
Line: 1118
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(&modded, area, sizeof(struct fb_copyarea));
vxres = info->var.xres_virtual;
vyres = info->var.yres_virtual;
if (!modded.width || !modded.height ||
Reported by FlawFinder.
Line: 1534
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
switch (pdev->device) {
case PCI_DEVICE_ID_TI_TVP4020:
strcpy(pm2fb_fix.id, "TVP4020");
default_par->type = PM2_TYPE_PERMEDIA2;
break;
case PCI_DEVICE_ID_3DLABS_PERMEDIA2:
strcpy(pm2fb_fix.id, "Permedia2");
default_par->type = PM2_TYPE_PERMEDIA2;
Reported by FlawFinder.
Line: 1538
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
default_par->type = PM2_TYPE_PERMEDIA2;
break;
case PCI_DEVICE_ID_3DLABS_PERMEDIA2:
strcpy(pm2fb_fix.id, "Permedia2");
default_par->type = PM2_TYPE_PERMEDIA2;
break;
case PCI_DEVICE_ID_3DLABS_PERMEDIA2V:
strcpy(pm2fb_fix.id, "Permedia2v");
default_par->type = PM2_TYPE_PERMEDIA2V;
Reported by FlawFinder.
Line: 1542
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
default_par->type = PM2_TYPE_PERMEDIA2;
break;
case PCI_DEVICE_ID_3DLABS_PERMEDIA2V:
strcpy(pm2fb_fix.id, "Permedia2v");
default_par->type = PM2_TYPE_PERMEDIA2V;
break;
}
pm2fb_fix.mmio_start = pci_resource_start(pdev, 0);
Reported by FlawFinder.
drivers/scsi/lpfc/lpfc_vport.c
5 issues
Line: 169
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(&vport->fc_sparam, mp->virt, sizeof (struct serv_parm));
memcpy(&vport->fc_nodename, &vport->fc_sparam.nodeName,
sizeof (struct lpfc_name));
memcpy(&vport->fc_portname, &vport->fc_sparam.portName,
sizeof (struct lpfc_name));
Reported by FlawFinder.
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(&vport->fc_sparam, mp->virt, sizeof (struct serv_parm));
memcpy(&vport->fc_nodename, &vport->fc_sparam.nodeName,
sizeof (struct lpfc_name));
memcpy(&vport->fc_portname, &vport->fc_sparam.portName,
sizeof (struct lpfc_name));
lpfc_mbuf_free(phba, mp->virt, mp->phys);
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&vport->fc_sparam, mp->virt, sizeof (struct serv_parm));
memcpy(&vport->fc_nodename, &vport->fc_sparam.nodeName,
sizeof (struct lpfc_name));
memcpy(&vport->fc_portname, &vport->fc_sparam.portName,
sizeof (struct lpfc_name));
lpfc_mbuf_free(phba, mp->virt, mp->phys);
kfree(mp);
mempool_free(pmb, phba->mbox_mem_pool);
Reported by FlawFinder.
Line: 376
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u64_to_wwn(fc_vport->node_name, vport->fc_nodename.u.wwn);
u64_to_wwn(fc_vport->port_name, vport->fc_portname.u.wwn);
memcpy(&vport->fc_sparam.portName, vport->fc_portname.u.wwn, 8);
memcpy(&vport->fc_sparam.nodeName, vport->fc_nodename.u.wwn, 8);
if (!lpfc_valid_wwn_format(phba, &vport->fc_sparam.nodeName, "WWNN") ||
!lpfc_valid_wwn_format(phba, &vport->fc_sparam.portName, "WWPN")) {
lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,
Reported by FlawFinder.
Line: 377
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u64_to_wwn(fc_vport->port_name, vport->fc_portname.u.wwn);
memcpy(&vport->fc_sparam.portName, vport->fc_portname.u.wwn, 8);
memcpy(&vport->fc_sparam.nodeName, vport->fc_nodename.u.wwn, 8);
if (!lpfc_valid_wwn_format(phba, &vport->fc_sparam.nodeName, "WWNN") ||
!lpfc_valid_wwn_format(phba, &vport->fc_sparam.portName, "WWPN")) {
lpfc_printf_vlog(vport, KERN_ERR, LOG_TRACE_EVENT,
"1821 Create VPORT failed. "
Reported by FlawFinder.
drivers/scsi/mpi3mr/mpi3mr_os.c
5 issues
Line: 3718
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mrioc = shost_priv(shost);
mrioc->id = mrioc_ids++;
sprintf(mrioc->driver_name, "%s", MPI3MR_DRIVER_NAME);
sprintf(mrioc->name, "%s%d", mrioc->driver_name, mrioc->id);
INIT_LIST_HEAD(&mrioc->list);
spin_lock(&mrioc_list_lock);
list_add_tail(&mrioc->list, &mrioc_list);
spin_unlock(&mrioc_list_lock);
Reported by FlawFinder.
Line: 3719
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mrioc = shost_priv(shost);
mrioc->id = mrioc_ids++;
sprintf(mrioc->driver_name, "%s", MPI3MR_DRIVER_NAME);
sprintf(mrioc->name, "%s%d", mrioc->driver_name, mrioc->id);
INIT_LIST_HEAD(&mrioc->list);
spin_lock(&mrioc_list_lock);
list_add_tail(&mrioc->list, &mrioc_list);
spin_unlock(&mrioc_list_lock);
Reported by FlawFinder.
Line: 1939
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(fwevt->event_data, event_reply->event_data, sz);
fwevt->mrioc = mrioc;
fwevt->event_id = evt_type;
fwevt->send_ack = ack_req;
fwevt->process_evt = process_evt_bh;
fwevt->evt_ctx = le32_to_cpu(event_reply->event_context);
Reported by FlawFinder.
Line: 2236
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sense_buf) {
u32 sz = min_t(u32, SCSI_SENSE_BUFFERSIZE, sense_count);
memcpy(scmd->sense_buffer, sense_buf, sz);
}
switch (ioc_status) {
case MPI3_IOCSTATUS_BUSY:
case MPI3_IOCSTATUS_INSUFFICIENT_RESOURCES:
Reported by FlawFinder.
Line: 3538
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mpi3mr_setup_eedp(mrioc, scmd, scsiio_req);
memcpy(scsiio_req->cdb.cdb32, scmd->cmnd, scmd->cmd_len);
scsiio_req->data_length = cpu_to_le32(scsi_bufflen(scmd));
scsiio_req->dev_handle = cpu_to_le16(dev_handle);
scsiio_req->flags = cpu_to_le32(scsiio_flags);
int_to_scsilun(sdev_priv_data->lun_id,
(struct scsi_lun *)scsiio_req->lun);
Reported by FlawFinder.
drivers/scsi/mpt3sas/mpt3sas_config.c
5 issues
Line: 265
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mpi_reply = mpt3sas_base_get_reply_virt_addr(ioc, reply);
if (mpi_reply) {
ioc->config_cmds.status |= MPT3_CMD_REPLY_VALID;
memcpy(ioc->config_cmds.reply, mpi_reply,
mpi_reply->MsgLength*4);
}
ioc->config_cmds.status &= ~MPT3_CMD_PENDING;
if (ioc->logging_level & MPT_DEBUG_CONFIG)
_config_display_some_debug(ioc, smid, "config_done", mpi_reply);
Reported by FlawFinder.
Line: 341
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ioc->base_add_sg_single(&mpi_request->PageBufferSGE,
MPT3_CONFIG_COMMON_WRITE_SGLFLAGS | mem.sz,
mem.page_dma);
memcpy(mem.page, config_page, min_t(u16, mem.sz,
config_page_sz));
} else {
memset(config_page, 0, config_page_sz);
ioc->base_add_sg_single(&mpi_request->PageBufferSGE,
MPT3_CONFIG_COMMON_SGLFLAGS | mem.sz, mem.page_dma);
Reported by FlawFinder.
Line: 381
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ioc->config_cmds.status = MPT3_CMD_PENDING;
config_request = mpt3sas_base_get_msg_frame(ioc, smid);
ioc->config_cmds.smid = smid;
memcpy(config_request, mpi_request, sizeof(Mpi2ConfigRequest_t));
if (ioc->logging_level & MPT_DEBUG_CONFIG)
_config_display_some_debug(ioc, smid, "config_request", NULL);
init_completion(&ioc->config_cmds.done);
ioc->put_smid_default(ioc, smid);
wait_for_completion_timeout(&ioc->config_cmds.done, timeout*HZ);
Reported by FlawFinder.
Line: 405
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (ioc->config_cmds.status & MPT3_CMD_REPLY_VALID) {
memcpy(mpi_reply, ioc->config_cmds.reply,
sizeof(Mpi2ConfigReply_t));
/* Reply Frame Sanity Checks to workaround FW issues */
if ((mpi_request->Header.PageType & 0xF) !=
(mpi_reply->Header.PageType & 0xF)) {
Reported by FlawFinder.
Line: 480
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mpi_request->ExtPageType, p[6]);
}
}
memcpy(config_page, mem.page, min_t(u16, mem.sz,
config_page_sz));
}
free_mem:
if (config_page)
Reported by FlawFinder.