The following issues were found
drivers/infiniband/hw/hns/hns_roce_hw_v2.c
27 issues
Line: 108
Column: 44
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u64 pbl_ba;
/* use ib_access_flags */
hr_reg_write_bool(fseg, FRMR_BIND_EN, wr->access & IB_ACCESS_MW_BIND);
hr_reg_write_bool(fseg, FRMR_ATOMIC,
wr->access & IB_ACCESS_REMOTE_ATOMIC);
hr_reg_write_bool(fseg, FRMR_RR, wr->access & IB_ACCESS_REMOTE_READ);
hr_reg_write_bool(fseg, FRMR_RW, wr->access & IB_ACCESS_REMOTE_WRITE);
hr_reg_write_bool(fseg, FRMR_LW, wr->access & IB_ACCESS_LOCAL_WRITE);
Reported by FlawFinder.
Line: 110
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* use ib_access_flags */
hr_reg_write_bool(fseg, FRMR_BIND_EN, wr->access & IB_ACCESS_MW_BIND);
hr_reg_write_bool(fseg, FRMR_ATOMIC,
wr->access & IB_ACCESS_REMOTE_ATOMIC);
hr_reg_write_bool(fseg, FRMR_RR, wr->access & IB_ACCESS_REMOTE_READ);
hr_reg_write_bool(fseg, FRMR_RW, wr->access & IB_ACCESS_REMOTE_WRITE);
hr_reg_write_bool(fseg, FRMR_LW, wr->access & IB_ACCESS_LOCAL_WRITE);
/* Data structure reuse may lead to confusion */
Reported by FlawFinder.
Line: 111
Column: 39
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
hr_reg_write_bool(fseg, FRMR_BIND_EN, wr->access & IB_ACCESS_MW_BIND);
hr_reg_write_bool(fseg, FRMR_ATOMIC,
wr->access & IB_ACCESS_REMOTE_ATOMIC);
hr_reg_write_bool(fseg, FRMR_RR, wr->access & IB_ACCESS_REMOTE_READ);
hr_reg_write_bool(fseg, FRMR_RW, wr->access & IB_ACCESS_REMOTE_WRITE);
hr_reg_write_bool(fseg, FRMR_LW, wr->access & IB_ACCESS_LOCAL_WRITE);
/* Data structure reuse may lead to confusion */
pbl_ba = mr->pbl_mtr.hem_cfg.root_ba;
Reported by FlawFinder.
Line: 112
Column: 39
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
hr_reg_write_bool(fseg, FRMR_ATOMIC,
wr->access & IB_ACCESS_REMOTE_ATOMIC);
hr_reg_write_bool(fseg, FRMR_RR, wr->access & IB_ACCESS_REMOTE_READ);
hr_reg_write_bool(fseg, FRMR_RW, wr->access & IB_ACCESS_REMOTE_WRITE);
hr_reg_write_bool(fseg, FRMR_LW, wr->access & IB_ACCESS_LOCAL_WRITE);
/* Data structure reuse may lead to confusion */
pbl_ba = mr->pbl_mtr.hem_cfg.root_ba;
rc_sq_wqe->msg_len = cpu_to_le32(lower_32_bits(pbl_ba));
Reported by FlawFinder.
Line: 113
Column: 39
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
wr->access & IB_ACCESS_REMOTE_ATOMIC);
hr_reg_write_bool(fseg, FRMR_RR, wr->access & IB_ACCESS_REMOTE_READ);
hr_reg_write_bool(fseg, FRMR_RW, wr->access & IB_ACCESS_REMOTE_WRITE);
hr_reg_write_bool(fseg, FRMR_LW, wr->access & IB_ACCESS_LOCAL_WRITE);
/* Data structure reuse may lead to confusion */
pbl_ba = mr->pbl_mtr.hem_cfg.root_ba;
rc_sq_wqe->msg_len = cpu_to_le32(lower_32_bits(pbl_ba));
rc_sq_wqe->inv_key = cpu_to_le32(upper_32_bits(pbl_ba));
Reported by FlawFinder.
Line: 3080
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
hr_reg_enable(mpt_entry, MPT_L_INV_EN);
hr_reg_write_bool(mpt_entry, MPT_BIND_EN,
mr->access & IB_ACCESS_MW_BIND);
hr_reg_write_bool(mpt_entry, MPT_ATOMIC_EN,
mr->access & IB_ACCESS_REMOTE_ATOMIC);
hr_reg_write_bool(mpt_entry, MPT_RR_EN,
mr->access & IB_ACCESS_REMOTE_READ);
hr_reg_write_bool(mpt_entry, MPT_RW_EN,
Reported by FlawFinder.
Line: 3082
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
hr_reg_write_bool(mpt_entry, MPT_BIND_EN,
mr->access & IB_ACCESS_MW_BIND);
hr_reg_write_bool(mpt_entry, MPT_ATOMIC_EN,
mr->access & IB_ACCESS_REMOTE_ATOMIC);
hr_reg_write_bool(mpt_entry, MPT_RR_EN,
mr->access & IB_ACCESS_REMOTE_READ);
hr_reg_write_bool(mpt_entry, MPT_RW_EN,
mr->access & IB_ACCESS_REMOTE_WRITE);
hr_reg_write_bool(mpt_entry, MPT_LW_EN,
Reported by FlawFinder.
Line: 3084
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
hr_reg_write_bool(mpt_entry, MPT_ATOMIC_EN,
mr->access & IB_ACCESS_REMOTE_ATOMIC);
hr_reg_write_bool(mpt_entry, MPT_RR_EN,
mr->access & IB_ACCESS_REMOTE_READ);
hr_reg_write_bool(mpt_entry, MPT_RW_EN,
mr->access & IB_ACCESS_REMOTE_WRITE);
hr_reg_write_bool(mpt_entry, MPT_LW_EN,
mr->access & IB_ACCESS_LOCAL_WRITE);
Reported by FlawFinder.
Line: 3086
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
hr_reg_write_bool(mpt_entry, MPT_RR_EN,
mr->access & IB_ACCESS_REMOTE_READ);
hr_reg_write_bool(mpt_entry, MPT_RW_EN,
mr->access & IB_ACCESS_REMOTE_WRITE);
hr_reg_write_bool(mpt_entry, MPT_LW_EN,
mr->access & IB_ACCESS_LOCAL_WRITE);
mpt_entry->len_l = cpu_to_le32(lower_32_bits(mr->size));
mpt_entry->len_h = cpu_to_le32(upper_32_bits(mr->size));
Reported by FlawFinder.
Line: 3088
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
hr_reg_write_bool(mpt_entry, MPT_RW_EN,
mr->access & IB_ACCESS_REMOTE_WRITE);
hr_reg_write_bool(mpt_entry, MPT_LW_EN,
mr->access & IB_ACCESS_LOCAL_WRITE);
mpt_entry->len_l = cpu_to_le32(lower_32_bits(mr->size));
mpt_entry->len_h = cpu_to_le32(upper_32_bits(mr->size));
mpt_entry->lkey = cpu_to_le32(mr->key);
mpt_entry->va_l = cpu_to_le32(lower_32_bits(mr->iova));
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/core.c
27 issues
Line: 387
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
mlxsw_emad_reg_tlv_type_set(reg_tlv, MLXSW_EMAD_TLV_TYPE_REG);
mlxsw_emad_reg_tlv_len_set(reg_tlv, reg->len / sizeof(u32) + 1);
memcpy(reg_tlv + sizeof(u32), payload, reg->len);
}
static void mlxsw_emad_pack_string_tlv(char *string_tlv)
{
mlxsw_emad_string_tlv_type_set(string_tlv, MLXSW_EMAD_TLV_TYPE_STRING);
Reported by FlawFinder.
Line: 945
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcqi_pl[MLXSW_REG_MCQI_LEN];
int err;
mlxsw_reg_mcqi_pack(mcqi_pl, component_index);
err = mlxsw_reg_query(mlxsw_core, MLXSW_REG(mcqi), mcqi_pl);
if (err)
Reported by FlawFinder.
Line: 964
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
u8 control_state;
int err;
mlxsw_reg_mcc_pack(mcc_pl, 0, 0, 0, 0);
err = mlxsw_reg_query(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
Reported by FlawFinder.
Line: 987
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_UPDATE_COMPONENT,
component_index, fwhandle, component_size);
return mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
Line: 1000
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcda_pl[MLXSW_REG_MCDA_LEN];
mlxsw_reg_mcda_pack(mcda_pl, fwhandle, offset, size, data);
return mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcda), mcda_pl);
}
Reported by FlawFinder.
Line: 1012
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_VERIFY_COMPONENT,
component_index, fwhandle, 0);
return mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
Line: 1024
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_ACTIVATE, 0, fwhandle, 0);
return mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
Line: 1037
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
u8 control_state;
u8 error_code;
int err;
mlxsw_reg_mcc_pack(mcc_pl, 0, 0, fwhandle, 0);
Reported by FlawFinder.
Line: 1058
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_CANCEL, 0, fwhandle, 0);
mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
Line: 1069
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_core_fw_info *mlxsw_core_fw_info =
container_of(mlxfw_dev, struct mlxsw_core_fw_info, mlxfw_dev);
struct mlxsw_core *mlxsw_core = mlxsw_core_fw_info->mlxsw_core;
char mcc_pl[MLXSW_REG_MCC_LEN];
mlxsw_reg_mcc_pack(mcc_pl, MLXSW_REG_MCC_INSTRUCTION_RELEASE_UPDATE_HANDLE, 0, fwhandle, 0);
mlxsw_reg_write(mlxsw_core, MLXSW_REG(mcc), mcc_pl);
}
Reported by FlawFinder.
tools/perf/pmu-events/jevents.c
27 issues
Line: 114
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_start(args, fmt);
ret = vfprintf(stderr, fmt, args);
va_end(args);
return ret;
}
Reported by FlawFinder.
Line: 139
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!olen)
*(*dst) = 0;
else
strcat(*dst, sep);
strcat(*dst, a);
if (bt)
strncat(*dst, map + bt->start, blen);
}
Reported by FlawFinder.
Line: 140
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
*(*dst) = 0;
else
strcat(*dst, sep);
strcat(*dst, a);
if (bt)
strncat(*dst, map + bt->start, blen);
}
static void fixname(char *s)
Reported by FlawFinder.
Line: 996
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char path[PATH_MAX];
struct stat st;
sprintf(path, "%s/%s", fpath, dir->d_name);
if (stat(path, &st))
break;
if (S_ISDIR(st.st_mode)) {
res = 0;
Reported by FlawFinder.
Line: 1221
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 2;
}
sprintf(ldirname, "%s/%s", start_dirname, arch);
/* If architecture does not have any event lists, bail out */
if (stat(ldirname, &stbuf) < 0) {
pr_info("%s: Arch %s has no PMU event lists\n", prog, arch);
empty_map = 1;
Reported by FlawFinder.
Line: 1252
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (rc)
goto err_processing_dir;
sprintf(ldirname, "%s/test", start_dirname);
rc = nftw(ldirname, preprocess_arch_std_files, maxfds, 0);
if (rc)
goto err_processing_std_arch_event_dir;
Reported by FlawFinder.
Line: 528
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; fixed[i].name; i++)
if (!strcasecmp(name, fixed[i].name))
return (char *)fixed[i].event;
return event;
}
static int
try_fixup(const char *fn, char *arch_std, struct json_event *je, char **event)
Reported by FlawFinder.
Line: 561
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
jsmntok_t *tokens, *tok;
int i, j, len;
char *map;
char buf[128];
if (!fn)
return -ENOENT;
tokens = parse_json(fn, &map, &size, &len);
Reported by FlawFinder.
Line: 864
Column: 10
CWE codes:
362
if (!line)
return -1;
mapfp = fopen(fpath, "r");
if (!mapfp) {
pr_info("%s: Error %s opening %s\n", prog, strerror(errno),
fpath);
free(line);
return -1;
Reported by FlawFinder.
Line: 944
Column: 10
CWE codes:
362
pr_info("%s: Creating empty pmu_events_map[] table\n", prog);
/* Truncate file to clear any partial writes to it */
outfp = fopen(output_file, "w");
if (!outfp) {
perror("fopen()");
_Exit(1);
}
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/debug.c
27 issues
Line: 91
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath_softc *sc = file->private_data;
struct ath_common *common = ath9k_hw_common(sc->sc_ah);
char buf[32];
unsigned int len;
len = sprintf(buf, "0x%08x\n", common->debug_mask);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
Reported by FlawFinder.
Line: 94
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char buf[32];
unsigned int len;
len = sprintf(buf, "0x%08x\n", common->debug_mask);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
size_t count, loff_t *ppos)
Reported by FlawFinder.
Line: 104
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ath_softc *sc = file->private_data;
struct ath_common *common = ath9k_hw_common(sc->sc_ah);
unsigned long mask;
char buf[32];
ssize_t len;
len = min(count, sizeof(buf) - 1);
if (copy_from_user(buf, user_buf, len))
return -EFAULT;
Reported by FlawFinder.
Line: 194
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ath_softc *sc = file->private_data;
struct ath_common *common = ath9k_hw_common(sc->sc_ah);
unsigned long ani;
char buf[32];
ssize_t len;
len = min(count, sizeof(buf) - 1);
if (copy_from_user(buf, user_buf, len))
return -EFAULT;
Reported by FlawFinder.
Line: 236
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ath_softc *sc = file->private_data;
struct ath_common *common = ath9k_hw_common(sc->sc_ah);
char buf[32];
unsigned int len;
len = sprintf(buf, "%d\n", common->bt_ant_diversity);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
Reported by FlawFinder.
Line: 239
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char buf[32];
unsigned int len;
len = sprintf(buf, "%d\n", common->bt_ant_diversity);
return simple_read_from_buffer(user_buf, count, ppos, buf, len);
}
static ssize_t write_file_bt_ant_diversity(struct file *file,
const char __user *user_buf,
Reported by FlawFinder.
Line: 251
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ath_common *common = ath9k_hw_common(sc->sc_ah);
struct ath9k_hw_capabilities *pCap = &sc->sc_ah->caps;
unsigned long bt_ant_diversity;
char buf[32];
ssize_t len;
len = min(count, sizeof(buf) - 1);
if (copy_from_user(buf, user_buf, len))
return -EFAULT;
Reported by FlawFinder.
Line: 313
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned int size = 1024;
ssize_t retval = 0;
char *buf;
static const char *lna_conf_str[4] = {
"LNA1_MINUS_LNA2", "LNA2", "LNA1", "LNA1_PLUS_LNA2"
};
buf = kzalloc(size, GFP_KERNEL);
if (buf == NULL)
Reported by FlawFinder.
Line: 642
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ath_softc *sc = hw->priv;
struct ath_txq *txq;
int i;
static const char *qname[4] = {
"VO", "VI", "BE", "BK"
};
for (i = 0; i < IEEE80211_NUM_ACS; i++) {
txq = sc->tx.txq_map[i];
Reported by FlawFinder.
Line: 754
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ieee80211_hw *hw = dev_get_drvdata(file->private);
struct ath_softc *sc = hw->priv;
static const char * const reset_cause[__RESET_TYPE_MAX] = {
[RESET_TYPE_BB_HANG] = "Baseband Hang",
[RESET_TYPE_BB_WATCHDOG] = "Baseband Watchdog",
[RESET_TYPE_FATAL_INT] = "Fatal HW Error",
[RESET_TYPE_TX_ERROR] = "TX HW error",
[RESET_TYPE_TX_GTT] = "Transmit timeout",
Reported by FlawFinder.
drivers/staging/rtl8723bs/core/rtw_mlme.c
27 issues
Line: 316
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
__le16 val;
memcpy((u8 *)&val, rtw_get_capability_from_ie(bss->IEs), 2);
return le16_to_cpu(val);
}
u8 *rtw_get_beacon_interval_from_ie(u8 *ie)
Reported by FlawFinder.
Line: 392
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rtw_bug_check(dst, src, &s_cap, &d_cap) == false)
return false;
memcpy((u8 *)&tmps, rtw_get_capability_from_ie(src->IEs), 2);
memcpy((u8 *)&tmpd, rtw_get_capability_from_ie(dst->IEs), 2);
s_cap = le16_to_cpu(tmps);
d_cap = le16_to_cpu(tmpd);
Reported by FlawFinder.
Line: 393
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
memcpy((u8 *)&tmps, rtw_get_capability_from_ie(src->IEs), 2);
memcpy((u8 *)&tmpd, rtw_get_capability_from_ie(dst->IEs), 2);
s_cap = le16_to_cpu(tmps);
d_cap = le16_to_cpu(tmpd);
return (src->Ssid.SsidLength == dst->Ssid.SsidLength) &&
Reported by FlawFinder.
Line: 488
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (update_ie) {
dst->Reserved[0] = src->Reserved[0];
dst->Reserved[1] = src->Reserved[1];
memcpy((u8 *)dst, (u8 *)src, get_wlan_bssid_ex_sz(src));
}
dst->PhyInfo.SignalStrength = ss_final;
dst->PhyInfo.SignalQuality = sq_final;
dst->Rssi = rssi_final;
Reported by FlawFinder.
Line: 561
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!pnetwork)
goto exit;
memcpy(&(pnetwork->network), target, get_wlan_bssid_ex_sz(target));
/* variable initialize */
pnetwork->fixed = false;
pnetwork->last_scanned = jiffies;
pnetwork->network_type = 0;
Reported by FlawFinder.
Line: 583
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bssid_ex_sz = get_wlan_bssid_ex_sz(target);
target->Length = bssid_ex_sz;
memcpy(&(pnetwork->network), target, bssid_ex_sz);
pnetwork->last_scanned = jiffies;
/* bss info not receiving from the right channel */
if (pnetwork->network.PhyInfo.SignalQuality == 101)
Reported by FlawFinder.
Line: 717
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!memcmp(&(pmlmepriv->cur_network.network.MacAddress), pnetwork->MacAddress, ETH_ALEN)) {
struct wlan_network *ibss_wlan = NULL;
memcpy(pmlmepriv->cur_network.network.IEs, pnetwork->IEs, 8);
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
ibss_wlan = rtw_find_network(&pmlmepriv->scanned_queue, pnetwork->MacAddress);
if (ibss_wlan) {
memcpy(ibss_wlan->network.IEs, pnetwork->IEs, 8);
spin_unlock_bh(&(pmlmepriv->scanned_queue.lock));
Reported by FlawFinder.
Line: 721
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
ibss_wlan = rtw_find_network(&pmlmepriv->scanned_queue, pnetwork->MacAddress);
if (ibss_wlan) {
memcpy(ibss_wlan->network.IEs, pnetwork->IEs, 8);
spin_unlock_bh(&(pmlmepriv->scanned_queue.lock));
goto exit;
}
spin_unlock_bh(&(pmlmepriv->scanned_queue.lock));
}
Reported by FlawFinder.
Line: 774
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* pmlmepriv->fw_state ^= _FW_UNDER_SURVEY;because don't set assoc_timer */
_clr_fwstate_(pmlmepriv, _FW_UNDER_SURVEY);
memcpy(&pdev_network->Ssid, &pmlmepriv->assoc_ssid, sizeof(struct ndis_802_11_ssid));
rtw_update_registrypriv_dev_network(adapter);
rtw_generate_random_ibss(pibss);
pmlmepriv->fw_state = WIFI_ADHOC_MASTER_STATE;
Reported by FlawFinder.
Line: 1040
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* update station supportRate */
psta->bssratelen = rtw_get_rateset_len(pnetwork->network.SupportedRates);
memcpy(psta->bssrateset, pnetwork->network.SupportedRates, psta->bssratelen);
rtw_hal_update_sta_rate_mask(padapter, psta);
psta->wireless_mode = pmlmeext->cur_wireless_mode;
psta->raid = networktype_to_raid_ex(padapter, psta);
Reported by FlawFinder.
drivers/net/wireless/ath/ath6kl/bmi.c
27 issues
Line: 144
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rx_len = (len_remain < ar->bmi.max_data_size) ?
len_remain : ar->bmi.max_data_size;
offset = 0;
memcpy(&(ar->bmi.cmd_buf[offset]), &cid, sizeof(cid));
offset += sizeof(cid);
memcpy(&(ar->bmi.cmd_buf[offset]), &addr, sizeof(addr));
offset += sizeof(addr);
memcpy(&(ar->bmi.cmd_buf[offset]), &rx_len, sizeof(rx_len));
offset += sizeof(len);
Reported by FlawFinder.
Line: 146
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset = 0;
memcpy(&(ar->bmi.cmd_buf[offset]), &cid, sizeof(cid));
offset += sizeof(cid);
memcpy(&(ar->bmi.cmd_buf[offset]), &addr, sizeof(addr));
offset += sizeof(addr);
memcpy(&(ar->bmi.cmd_buf[offset]), &rx_len, sizeof(rx_len));
offset += sizeof(len);
ret = ath6kl_hif_bmi_write(ar, ar->bmi.cmd_buf, offset);
Reported by FlawFinder.
Line: 148
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset += sizeof(cid);
memcpy(&(ar->bmi.cmd_buf[offset]), &addr, sizeof(addr));
offset += sizeof(addr);
memcpy(&(ar->bmi.cmd_buf[offset]), &rx_len, sizeof(rx_len));
offset += sizeof(len);
ret = ath6kl_hif_bmi_write(ar, ar->bmi.cmd_buf, offset);
if (ret) {
ath6kl_err("Unable to write to the device: %d\n",
Reported by FlawFinder.
Line: 163
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret);
return ret;
}
memcpy(&buf[len - len_remain], ar->bmi.cmd_buf, rx_len);
len_remain -= rx_len; addr += rx_len;
}
return 0;
}
Reported by FlawFinder.
Line: 207
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* align it with 4 bytes */
len_remain = len_remain +
(4 - (len_remain & 3));
memcpy(aligned_buf, src, len_remain);
src = aligned_buf;
}
tx_len = len_remain;
} else {
tx_len = (ar->bmi.max_data_size - header);
Reported by FlawFinder.
Line: 216
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
offset = 0;
memcpy(&(ar->bmi.cmd_buf[offset]), &cid, sizeof(cid));
offset += sizeof(cid);
memcpy(&(ar->bmi.cmd_buf[offset]), &addr, sizeof(addr));
offset += sizeof(addr);
memcpy(&(ar->bmi.cmd_buf[offset]), &tx_len, sizeof(tx_len));
offset += sizeof(tx_len);
Reported by FlawFinder.
Line: 218
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset = 0;
memcpy(&(ar->bmi.cmd_buf[offset]), &cid, sizeof(cid));
offset += sizeof(cid);
memcpy(&(ar->bmi.cmd_buf[offset]), &addr, sizeof(addr));
offset += sizeof(addr);
memcpy(&(ar->bmi.cmd_buf[offset]), &tx_len, sizeof(tx_len));
offset += sizeof(tx_len);
memcpy(&(ar->bmi.cmd_buf[offset]), src, tx_len);
offset += tx_len;
Reported by FlawFinder.
Line: 220
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset += sizeof(cid);
memcpy(&(ar->bmi.cmd_buf[offset]), &addr, sizeof(addr));
offset += sizeof(addr);
memcpy(&(ar->bmi.cmd_buf[offset]), &tx_len, sizeof(tx_len));
offset += sizeof(tx_len);
memcpy(&(ar->bmi.cmd_buf[offset]), src, tx_len);
offset += tx_len;
ret = ath6kl_hif_bmi_write(ar, ar->bmi.cmd_buf, offset);
Reported by FlawFinder.
Line: 222
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset += sizeof(addr);
memcpy(&(ar->bmi.cmd_buf[offset]), &tx_len, sizeof(tx_len));
offset += sizeof(tx_len);
memcpy(&(ar->bmi.cmd_buf[offset]), src, tx_len);
offset += tx_len;
ret = ath6kl_hif_bmi_write(ar, ar->bmi.cmd_buf, offset);
if (ret) {
ath6kl_err("Unable to write to the device: %d\n",
Reported by FlawFinder.
Line: 260
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr, *param);
offset = 0;
memcpy(&(ar->bmi.cmd_buf[offset]), &cid, sizeof(cid));
offset += sizeof(cid);
memcpy(&(ar->bmi.cmd_buf[offset]), &addr, sizeof(addr));
offset += sizeof(addr);
memcpy(&(ar->bmi.cmd_buf[offset]), param, sizeof(*param));
offset += sizeof(*param);
Reported by FlawFinder.
drivers/md/dm-crypt.c
27 issues
Line: 458
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* LMK seed is on the position of LMK_KEYS + 1 key */
if (lmk->seed)
memcpy(lmk->seed, cc->key + (cc->tfms_count * subkey_size),
crypto_shash_digestsize(lmk->hash_tfm));
return 0;
}
Reported by FlawFinder.
Line: 517
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < MD5_HASH_WORDS; i++)
__cpu_to_le32s(&md5state.hash[i]);
memcpy(iv, &md5state.hash, cc->iv_size);
return 0;
}
static int crypt_iv_lmk_gen(struct crypt_config *cc, u8 *iv,
Reported by FlawFinder.
Line: 614
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct iv_tcw_private *tcw = &cc->iv_gen_private.tcw;
int key_offset = cc->key_size - cc->iv_size - TCW_WHITENING_SIZE;
memcpy(tcw->iv_seed, &cc->key[key_offset], cc->iv_size);
memcpy(tcw->whitening, &cc->key[key_offset + cc->iv_size],
TCW_WHITENING_SIZE);
return 0;
}
Reported by FlawFinder.
Line: 615
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int key_offset = cc->key_size - cc->iv_size - TCW_WHITENING_SIZE;
memcpy(tcw->iv_seed, &cc->key[key_offset], cc->iv_size);
memcpy(tcw->whitening, &cc->key[key_offset + cc->iv_size],
TCW_WHITENING_SIZE);
return 0;
}
Reported by FlawFinder.
Line: 981
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (bio_data_dir(dmreq->ctx->bio_in) == WRITE) {
sg2 = crypt_get_sg_data(cc, dmreq->sg_in);
data2 = kmap_atomic(sg_page(sg2));
memcpy(data_offset, data2 + sg2->offset, cc->sector_size);
kunmap_atomic(data2);
}
if (bio_data_dir(dmreq->ctx->bio_in) != WRITE) {
diffuser_disk_to_cpu((u32*)data_offset, cc->sector_size / sizeof(u32));
Reported by FlawFinder.
Line: 1336
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cc->iv_gen_ops) {
/* For READs use IV stored in integrity metadata */
if (cc->integrity_iv_size && bio_data_dir(ctx->bio_in) != WRITE) {
memcpy(org_iv, tag_iv, cc->iv_size);
} else {
r = cc->iv_gen_ops->generator(cc, org_iv, dmreq);
if (r < 0)
return r;
/* Store generated IV in integrity metadata */
Reported by FlawFinder.
Line: 1343
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return r;
/* Store generated IV in integrity metadata */
if (cc->integrity_iv_size)
memcpy(tag_iv, org_iv, cc->iv_size);
}
/* Working copy of IV, to be modified in crypto API */
memcpy(iv, org_iv, cc->iv_size);
}
Reported by FlawFinder.
Line: 1346
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tag_iv, org_iv, cc->iv_size);
}
/* Working copy of IV, to be modified in crypto API */
memcpy(iv, org_iv, cc->iv_size);
}
aead_request_set_ad(req, sizeof(uint64_t) + cc->iv_size);
if (bio_data_dir(ctx->bio_in) == WRITE) {
aead_request_set_crypt(req, dmreq->sg_in, dmreq->sg_out,
Reported by FlawFinder.
Line: 1364
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (r == -EBADMSG) {
char b[BDEVNAME_SIZE];
DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu", bio_devname(ctx->bio_in, b),
(unsigned long long)le64_to_cpu(*sector));
}
if (!r && cc->iv_gen_ops && cc->iv_gen_ops->post)
Reported by FlawFinder.
Line: 1423
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cc->iv_gen_ops) {
/* For READs use IV stored in integrity metadata */
if (cc->integrity_iv_size && bio_data_dir(ctx->bio_in) != WRITE) {
memcpy(org_iv, tag_iv, cc->integrity_iv_size);
} else {
r = cc->iv_gen_ops->generator(cc, org_iv, dmreq);
if (r < 0)
return r;
/* Data can be already preprocessed in generator */
Reported by FlawFinder.
tools/perf/util/annotate.c
27 issues
Line: 1669
Column: 8
CWE codes:
362
20
Suggestion:
Reconsider approach
if (dso__is_kcore(dso))
goto fallback;
len = readlink(build_id_path, linkname, sizeof(linkname) - 1);
if (len < 0)
goto fallback;
linkname[len] = '\0';
if (strstr(linkname, DSO__NAME_KALLSYMS) ||
Reported by FlawFinder.
Line: 1675
Column: 3
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
linkname[len] = '\0';
if (strstr(linkname, DSO__NAME_KALLSYMS) ||
access(filename, R_OK)) {
fallback:
/*
* If we don't have build-ids or the build-id file isn't in the
* cache, or is just a kallsyms file, well, lets hope that this
* DSO is the same as when 'perf record' ran.
Reported by FlawFinder.
Line: 1740
Column: 26
CWE codes:
134
Suggestion:
Use a constant for the format specification
goto out;
}
init_disassemble_info(&info, s,
(fprintf_ftype) fprintf);
info.arch = bfd_get_arch(bfdf);
info.mach = bfd_get_mach(bfdf);
info_node = perf_env__find_bpf_prog_info(dso->bpf_prog.env,
Reported by FlawFinder.
Line: 1988
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -1;
decomp = true;
strcpy(symfs_filename, tmp);
}
err = asprintf(&command,
"%s %s%s --start-address=0x%016" PRIx64
" --stop-address=0x%016" PRIx64
Reported by FlawFinder.
Line: 2487
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, fmt);
vfprintf(fp, fmt, args);
va_end(args);
}
static void FILE__write_graph(void *fp, int graph)
{
Reported by FlawFinder.
Line: 3078
Column: 43
CWE codes:
134
Suggestion:
Use a constant for the format specification
wops->change_color, wops->width, wops->obj,
opts->percent_type,
wops->set_color, wops->set_percent_color,
wops->set_jumps_percent_color, wops->printf,
wops->write_graph);
}
int symbol__annotate2(struct map_symbol *ms, struct evsel *evsel,
struct annotation_options *options, struct arch **parch)
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (new_instructions == NULL)
return -1;
memcpy(new_instructions, arch->instructions, arch->nr_instructions);
goto out_update_instructions;
}
static int arch__associate_ins_ops(struct arch* arch, const char *name, struct ins_ops *ops)
{
Reported by FlawFinder.
Line: 1496
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
/* /filename:linenr ? Save line number and ignore. */
if (regexec(&file_lineno, parsed_line, 2, match, 0) == 0) {
*line_nr = atoi(parsed_line + match[1].rm_so);
*fileloc = strdup(parsed_line);
return 0;
}
/* Process hex address followed by ':'. */
Reported by FlawFinder.
Line: 1591
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
switch (errnum) {
case SYMBOL_ANNOTATE_ERRNO__NO_VMLINUX: {
char bf[SBUILD_ID_SIZE + 15] = " with build id ";
char *build_id_msg = NULL;
if (dso->has_build_id) {
build_id__sprintf(&dso->bid, bf + 15);
build_id_msg = bf;
Reported by FlawFinder.
Line: 1633
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int dso__disassemble_filename(struct dso *dso, char *filename, size_t filename_size)
{
char linkname[PATH_MAX];
char *build_id_filename;
char *build_id_path = NULL;
char *pos;
int len;
Reported by FlawFinder.
drivers/net/wireless/ath/ath11k/wmi.c
27 issues
Line: 388
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_cap_info[0] = mac_phy_caps->he_cap_info_2g;
cap_band->he_cap_info[1] = mac_phy_caps->he_cap_info_2g_ext;
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_2g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_2g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet2g,
sizeof(struct ath11k_ppe_threshold));
}
Reported by FlawFinder.
Line: 390
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_2g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_2g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet2g,
sizeof(struct ath11k_ppe_threshold));
}
if (mac_phy_caps->supported_bands & WMI_HOST_WLAN_5G_CAP) {
cap_band = &pdev_cap->band[NL80211_BAND_5GHZ];
Reported by FlawFinder.
Line: 402
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_cap_info[0] = mac_phy_caps->he_cap_info_5g;
cap_band->he_cap_info[1] = mac_phy_caps->he_cap_info_5g_ext;
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_5g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_5g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet5g,
sizeof(struct ath11k_ppe_threshold));
}
Reported by FlawFinder.
Line: 404
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_5g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_5g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet5g,
sizeof(struct ath11k_ppe_threshold));
}
cap_band = &pdev_cap->band[NL80211_BAND_6GHZ];
cap_band->max_bw_supported = mac_phy_caps->max_bw_supported_5g;
Reported by FlawFinder.
Line: 414
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_cap_info[0] = mac_phy_caps->he_cap_info_5g;
cap_band->he_cap_info[1] = mac_phy_caps->he_cap_info_5g_ext;
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_5g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_5g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet5g,
sizeof(struct ath11k_ppe_threshold));
return 0;
Reported by FlawFinder.
Line: 416
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cap_band->he_mcs = mac_phy_caps->he_supp_mcs_5g;
memcpy(cap_band->he_cap_phy_info, &mac_phy_caps->he_cap_phy_info_5g,
sizeof(u32) * PSOC_HOST_MAX_PHY_SIZE);
memcpy(&cap_band->he_ppet, &mac_phy_caps->he_ppet5g,
sizeof(struct ath11k_ppe_threshold));
return 0;
}
Reported by FlawFinder.
Line: 609
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
frame_tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_BYTE) |
FIELD_PREP(WMI_TLV_LEN, buf_len);
memcpy(frame_tlv->value, frame->data, buf_len);
ath11k_ce_byte_swap(frame_tlv->value, buf_len);
ret = ath11k_wmi_cmd_send(wmi, skb, WMI_MGMT_TX_SEND_CMDID);
if (ret) {
Reported by FlawFinder.
Line: 862
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!restart) {
if (arg->ssid) {
cmd->ssid.ssid_len = arg->ssid_len;
memcpy(cmd->ssid.ssid, arg->ssid, arg->ssid_len);
}
if (arg->hidden_ssid)
cmd->flags |= WMI_VDEV_START_HIDDEN_SSID;
if (arg->pmf_enabled)
cmd->flags |= WMI_VDEV_START_PMF_ENABLED;
Reported by FlawFinder.
Line: 1627
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tlv = ptr;
tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_BYTE) |
FIELD_PREP(WMI_TLV_LEN, aligned_len);
memcpy(tlv->value, bcn->data, bcn->len);
ret = ath11k_wmi_cmd_send(wmi, skb, WMI_BCN_TMPL_CMDID);
if (ret) {
ath11k_warn(ar->ab, "failed to send WMI_BCN_TMPL_CMDID\n");
dev_kfree_skb(skb);
Reported by FlawFinder.
Line: 1667
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->key_rxmic_len = arg->key_rxmic_len;
if (arg->key_rsc_counter)
memcpy(&cmd->key_rsc_counter, &arg->key_rsc_counter,
sizeof(struct wmi_key_seq_counter));
tlv = (struct wmi_tlv *)(skb->data + sizeof(*cmd));
tlv->header = FIELD_PREP(WMI_TLV_TAG, WMI_TAG_ARRAY_BYTE) |
FIELD_PREP(WMI_TLV_LEN, key_len_aligned);
Reported by FlawFinder.
drivers/infiniband/hw/hfi1/trace_ibhdrs.h
27 issues
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.
Line: 213
&__entry->dlid,
&__entry->slid);
if (__entry->l4 == OPA_16B_L4_FM) {
__entry->opcode = IB_OPCODE_UD_SEND_ONLY;
__entry->dest_qpn = hfi1_16B_get_dest_qpn(packet->mgmt);
__entry->src_qpn = hfi1_16B_get_src_qpn(packet->mgmt);
} else {
hfi1_trace_parse_16b_bth(packet->ohdr,
Reported by Cppcheck.