The following issues were found
drivers/scsi/cxlflash/sislite.h
5 issues
Line: 445
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sisl_global_map {
union {
struct sisl_global_regs regs;
char page0[SIZE_4K]; /* page 0 */
};
char page1[SIZE_4K]; /* page 1 */
struct fc_port_bank bank[CXLFLASH_MAX_FC_BANKS]; /* pages 2 - 9 */
Reported by FlawFinder.
Line: 448
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char page0[SIZE_4K]; /* page 0 */
};
char page1[SIZE_4K]; /* page 1 */
struct fc_port_bank bank[CXLFLASH_MAX_FC_BANKS]; /* pages 2 - 9 */
/* pages 10 - 15 are reserved */
Reported by FlawFinder.
Line: 475
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cxlflash_afu_map {
union {
struct sisl_host_map host;
char harea[SIZE_64K]; /* 64KB each */
} hosts[CXLFLASH_MAX_CONTEXT];
union {
struct sisl_ctrl_map ctrl;
char carea[cache_line_size()]; /* 128B each */
Reported by FlawFinder.
Line: 480
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
struct sisl_ctrl_map ctrl;
char carea[cache_line_size()]; /* 128B each */
} ctrls[CXLFLASH_MAX_CONTEXT];
union {
struct sisl_global_map global;
char garea[SIZE_64K]; /* 64KB single block */
Reported by FlawFinder.
Line: 485
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
struct sisl_global_map global;
char garea[SIZE_64K]; /* 64KB single block */
};
};
/*
* LXT - LBA Translation Table
Reported by FlawFinder.
drivers/scsi/libfc/fc_encode.h
5 issues
Line: 504
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
put_unaligned_be16(FC_FDMI_PORT_ATTR_FC4TYPES,
&entry->type);
put_unaligned_be16(len, &entry->len);
memcpy(&entry->value, fc_host_supported_fc4s(lport->host),
FC_FDMI_PORT_ATTR_FC4TYPES_LEN);
/* Supported Speed */
entry = (struct fc_fdmi_attr_entry *)((char *)entry->value +
FC_FDMI_PORT_ATTR_FC4TYPES_LEN);
Reported by FlawFinder.
Line: 651
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
put_unaligned_be16(FC_FDMI_PORT_ATTR_CURRENTFC4TYPE,
&entry->type);
put_unaligned_be16(len, &entry->len);
memcpy(&entry->value, fc_host_active_fc4s(lport->host),
FC_FDMI_PORT_ATTR_CURRENTFC4TYPE_LEN);
/* Port state */
entry = (struct fc_fdmi_attr_entry *)((char *)entry->value +
FC_FDMI_PORT_ATTR_CURRENTFC4TYPE_LEN);
Reported by FlawFinder.
Line: 143
Column: 3
CWE codes:
120
ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rspn) + len,
FC_FST_DIR, FC_NS_SUBTYPE);
hton24(ct->payload.spn.fr_fid.fp_fid, lport->port_id);
strncpy(ct->payload.spn.fr_name,
fc_host_symbolic_name(lport->host), len);
ct->payload.spn.fr_name_len = len;
break;
case FC_NS_RSNN_NN:
Reported by FlawFinder.
Line: 153
Column: 3
CWE codes:
120
ct = fc_ct_hdr_fill(fp, op, sizeof(struct fc_ns_rsnn) + len,
FC_FST_DIR, FC_NS_SUBTYPE);
put_unaligned_be64(lport->wwnn, &ct->payload.snn.fr_wwn);
strncpy(ct->payload.snn.fr_name,
fc_host_symbolic_name(lport->host), len);
ct->payload.snn.fr_name_len = len;
break;
default:
Reported by FlawFinder.
Line: 563
Column: 7
CWE codes:
126
put_unaligned_be16(FC_FDMI_PORT_ATTR_HOSTNAME,
&entry->type);
put_unaligned_be16(len, &entry->len);
if (strlen(fc_host_system_hostname(lport->host)))
fc_ct_ms_fill_attr(entry,
fc_host_system_hostname(lport->host),
strnlen(fc_host_system_hostname(lport->host),
FC_FDMI_PORT_ATTR_HOSTNAME_LEN));
else
Reported by FlawFinder.
drivers/rtc/rtc-pcf8563.c
5 issues
Line: 118
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, err;
for (i = 0; i < length; i++) {
unsigned char data[2] = { reg + i, buf[i] };
err = i2c_master_send(client, data, sizeof(data));
if (err != sizeof(data)) {
dev_err(&client->dev,
"%s: err=%d addr=%02x, data=%02x\n",
Reported by FlawFinder.
Line: 202
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i2c_client *client = to_i2c_client(dev);
struct pcf8563 *pcf8563 = i2c_get_clientdata(client);
unsigned char buf[9];
int err;
err = pcf8563_read_block_data(client, PCF8563_REG_ST1, 9, buf);
if (err)
return err;
Reported by FlawFinder.
Line: 248
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i2c_client *client = to_i2c_client(dev);
struct pcf8563 *pcf8563 = i2c_get_clientdata(client);
unsigned char buf[9];
dev_dbg(&client->dev, "%s: secs=%d, mins=%d, hours=%d, "
"mday=%d, mon=%d, year=%d, wday=%d\n",
__func__,
tm->tm_sec, tm->tm_min, tm->tm_hour,
Reported by FlawFinder.
Line: 298
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcf8563_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *tm)
{
struct i2c_client *client = to_i2c_client(dev);
unsigned char buf[4];
int err;
err = pcf8563_read_block_data(client, PCF8563_REG_AMN, 4, buf);
if (err)
return err;
Reported by FlawFinder.
Line: 330
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcf8563_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *tm)
{
struct i2c_client *client = to_i2c_client(dev);
unsigned char buf[4];
int err;
/* The alarm has no seconds, round up to nearest minute */
if (tm->time.tm_sec) {
time64_t alarm_time = rtc_tm_to_time64(&tm->time);
Reported by FlawFinder.
drivers/ps3/ps3-lpm.c
5 issues
Line: 118
Column: 11
CWE codes:
362
*/
struct ps3_lpm_priv {
atomic_t open;
u64 rights;
u64 node_id;
u64 pu_id;
u64 lpm_id;
u64 outlet_id;
Reported by FlawFinder.
Line: 948
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return result == LV1_WRONG_STATE ? -EBUSY : -EINVAL;
}
memcpy(buf, lpm_priv->tb_cache, tmp);
buf += tmp;
*bytes_copied += tmp;
offset += tmp;
}
dev_dbg(sbd_core(), "%s:%u: copied %lxh bytes\n", __func__, __LINE__,
Reported by FlawFinder.
Line: 1087
Column: 36
CWE codes:
362
if (tb_type == PS3_LPM_TB_TYPE_NONE && tb_cache)
dev_dbg(sbd_core(), "%s:%u: bad in vals\n", __func__, __LINE__);
if (!atomic_add_unless(&lpm_priv->open, 1, 1)) {
dev_dbg(sbd_core(), "%s:%u: busy\n", __func__, __LINE__);
return -EBUSY;
}
/* Note tb_cache needs 128 byte alignment. */
Reported by FlawFinder.
Line: 1149
Column: 24
CWE codes:
362
lpm_priv->tb_cache_internal = NULL;
fail_malloc:
fail_align:
atomic_dec(&lpm_priv->open);
return result;
}
EXPORT_SYMBOL_GPL(ps3_lpm_open);
/**
Reported by FlawFinder.
Line: 1169
Column: 24
CWE codes:
362
kfree(lpm_priv->tb_cache_internal);
lpm_priv->tb_cache_internal = NULL;
atomic_dec(&lpm_priv->open);
return 0;
}
EXPORT_SYMBOL_GPL(ps3_lpm_close);
static int ps3_lpm_probe(struct ps3_system_bus_device *dev)
Reported by FlawFinder.
drivers/scsi/ibmvscsi/ibmvscsi.c
5 issues
Line: 267
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
sizeof(hostdata->madapter_info));
dev_info(hostdata->dev, "SRP_VERSION: %s\n", SRP_VERSION);
strcpy(hostdata->madapter_info.srp_version, SRP_VERSION);
strncpy(hostdata->madapter_info.partition_name, partition_name,
sizeof(hostdata->madapter_info.partition_name));
hostdata->madapter_info.partition_number =
Reported by FlawFinder.
Line: 82
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int max_events = IBMVSCSI_MAX_REQUESTS_DEFAULT + 2;
static int fast_fail = 1;
static int client_reserve = 1;
static char partition_name[96] = "UNKNOWN";
static unsigned int partition_number = -1;
static LIST_HEAD(ibmvscsi_head);
static DEFINE_SPINLOCK(ibmvscsi_driver_lock);
static struct scsi_transport_template *ibmvscsi_transport_template;
Reported by FlawFinder.
Line: 739
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
indirect->table_desc.va = cpu_to_be64(evt_struct->ext_list_token);
indirect->table_desc.len = cpu_to_be32(sg_mapped *
sizeof(indirect->desc_list[0]));
memcpy(indirect->desc_list, evt_struct->ext_list,
MAX_INDIRECT_BUFS * sizeof(struct srp_direct_buf));
return 1;
}
/**
Reported by FlawFinder.
Line: 1009
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cmnd) {
cmnd->result |= rsp->status;
if (scsi_status_is_check_condition(cmnd->result))
memcpy(cmnd->sense_buffer,
rsp->data,
be32_to_cpu(rsp->sense_data_len));
unmap_cmd_data(&evt_struct->iu.srp.cmd,
evt_struct,
evt_struct->hostdata->dev);
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
120
dev_info(hostdata->dev, "SRP_VERSION: %s\n", SRP_VERSION);
strcpy(hostdata->madapter_info.srp_version, SRP_VERSION);
strncpy(hostdata->madapter_info.partition_name, partition_name,
sizeof(hostdata->madapter_info.partition_name));
hostdata->madapter_info.partition_number =
cpu_to_be32(partition_number);
Reported by FlawFinder.
drivers/rtc/rtc-s35390a.c
5 issues
Line: 173
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int s35390a_disable_test_mode(struct s35390a *s35390a)
{
char buf[1];
if (s35390a_get_reg(s35390a, S35390A_CMD_STATUS2, buf, sizeof(buf)) < 0)
return -EIO;
if (!(buf[0] & S35390A_FLAG_TEST))
Reported by FlawFinder.
Line: 215
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2c_client *client = to_i2c_client(dev);
struct s35390a *s35390a = i2c_get_clientdata(client);
int i, err;
char buf[7], status;
dev_dbg(&client->dev, "%s: tm is secs=%d, mins=%d, hours=%d mday=%d, "
"mon=%d, year=%d, wday=%d\n", __func__, tm->tm_sec,
tm->tm_min, tm->tm_hour, tm->tm_mday, tm->tm_mon, tm->tm_year,
tm->tm_wday);
Reported by FlawFinder.
Line: 246
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i2c_client *client = to_i2c_client(dev);
struct s35390a *s35390a = i2c_get_clientdata(client);
char buf[7], status;
int i, err;
if (s35390a_read_status(s35390a, &status) == 1)
return -EINVAL;
Reported by FlawFinder.
Line: 280
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i2c_client *client = to_i2c_client(dev);
struct s35390a *s35390a = i2c_get_clientdata(client);
char buf[3], sts = 0;
int err, i;
dev_dbg(&client->dev, "%s: alm is secs=%d, mins=%d, hours=%d mday=%d, "\
"mon=%d, year=%d, wday=%d\n", __func__, alm->time.tm_sec,
alm->time.tm_min, alm->time.tm_hour, alm->time.tm_mday,
Reported by FlawFinder.
Line: 336
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct i2c_client *client = to_i2c_client(dev);
struct s35390a *s35390a = i2c_get_clientdata(client);
char buf[3], sts;
int i, err;
err = s35390a_get_reg(s35390a, S35390A_CMD_STATUS2, &sts, sizeof(sts));
if (err < 0)
return err;
Reported by FlawFinder.
drivers/scsi/lpfc/lpfc_nvmet.c
5 issues
Line: 2775
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case NVMET_FCOP_READDATA:
case NVMET_FCOP_READDATA_RSP:
/* From the tsend template, initialize words 7 - 11 */
memcpy(&wqe->words[7],
&lpfc_tsend_cmd_template.words[7],
sizeof(uint32_t) * 5);
/* Words 0 - 2 : The first sg segment */
sgel = &rsp->sg[0];
Reported by FlawFinder.
Line: 2851
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bf_set(wqe_irsp, &wqe->fcp_tsend.wqe_com, 1);
bf_set(wqe_irsplen, &wqe->fcp_tsend.wqe_com,
((rsp->rsplen >> 2) - 1));
memcpy(&wqe->words[16], rsp->rspaddr,
rsp->rsplen);
}
} else {
atomic_inc(&tgtp->xmt_fcp_read);
Reported by FlawFinder.
Line: 2864
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case NVMET_FCOP_WRITEDATA:
/* From the treceive template, initialize words 3 - 11 */
memcpy(&wqe->words[3],
&lpfc_treceive_cmd_template.words[3],
sizeof(uint32_t) * 9);
/* Words 0 - 2 : First SGE is skipped, set invalid BDE type */
wqe->fcp_treceive.bde.tus.f.bdeFlags = LPFC_SGE_TYPE_SKIP;
Reported by FlawFinder.
Line: 2927
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case NVMET_FCOP_RSP:
/* From the treceive template, initialize words 4 - 11 */
memcpy(&wqe->words[4],
&lpfc_trsp_cmd_template.words[4],
sizeof(uint32_t) * 8);
/* Words 0 - 2 */
physaddr = rsp->rspdma;
Reported by FlawFinder.
Line: 2970
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bf_set(wqe_irsp, &wqe->fcp_trsp.wqe_com, 1);
bf_set(wqe_irsplen, &wqe->fcp_trsp.wqe_com,
((rsp->rsplen >> 2) - 1));
memcpy(&wqe->words[16], rsp->rspaddr, rsp->rsplen);
}
do_pbde = 0;
/* Word 12 */
wqe->fcp_trsp.rsvd_12_15[0] = 0;
Reported by FlawFinder.
drivers/s390/char/raw3270.c
5 issues
Line: 56
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct raw3270_request init_reset;
struct raw3270_request init_readpart;
struct raw3270_request init_readmod;
unsigned char init_data[256];
};
/* raw3270->state */
#define RAW3270_STATE_INIT 0 /* Initial state */
#define RAW3270_STATE_RESET 1 /* Reset command is pending */
Reported by FlawFinder.
Line: 98
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* Encode array for 12 bit 3270 addresses.
*/
static unsigned char raw3270_ebcgraf[64] = {
0x40, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
0x50, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
0xd8, 0xd9, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
0x60, 0x61, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
Reported by FlawFinder.
Line: 207
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (size + rq->ccw.count > rq->size)
return -E2BIG;
memcpy(rq->buffer + rq->ccw.count, data, size);
rq->ccw.count += size;
return 0;
}
/*
Reported by FlawFinder.
Line: 558
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Store 'read partition' data stream to init_data */
memset(&rp->init_readpart, 0, sizeof(rp->init_readpart));
memset(&rp->init_data, 0, sizeof(rp->init_data));
memcpy(&rp->init_data, wbuf, sizeof(wbuf));
rp->init_readpart.ccw.cmd_code = TC_WRITESF;
rp->init_readpart.ccw.flags = CCW_FLAG_SLI;
rp->init_readpart.ccw.count = sizeof(wbuf);
rp->init_readpart.ccw.cda = (__u32) __pa(&rp->init_data);
rp->state = RAW3270_STATE_W4ATTN;
Reported by FlawFinder.
Line: 696
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(rp, 0, sizeof(struct raw3270));
/* Copy ebcdic -> ascii translation table. */
memcpy(ascebc, _ascebc, 256);
if (tubxcorrect) {
/* correct brackets and circumflex */
ascebc['['] = 0xad;
ascebc[']'] = 0xbd;
ascebc['^'] = 0xb0;
Reported by FlawFinder.
drivers/s390/scsi/zfcp_scsi.c
5 issues
Line: 881
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
snprintf(fc_host_hardware_version(shost),
FC_VERSION_STRING_SIZE,
"0x%08x", bottom->hardware_version);
memcpy(fc_host_serial_number(shost), bottom->serial_number,
min(FC_SERIAL_NUMBER_SIZE, 17));
EBCASC(fc_host_serial_number(shost),
min(FC_SERIAL_NUMBER_SIZE, 17));
}
Reported by FlawFinder.
Line: 946
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fc_host_maxframe_size(shost) = bottom->maximum_frame_size;
fc_host_supported_speeds(shost) =
zfcp_fsf_convert_portspeed(bottom->supported_speed);
memcpy(fc_host_supported_fc4s(shost), bottom->supported_fc4_types,
FC_FC4_LIST_SIZE);
memcpy(fc_host_active_fc4s(shost), bottom->active_fc4_types,
FC_FC4_LIST_SIZE);
}
Reported by FlawFinder.
Line: 948
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
zfcp_fsf_convert_portspeed(bottom->supported_speed);
memcpy(fc_host_supported_fc4s(shost), bottom->supported_fc4_types,
FC_FC4_LIST_SIZE);
memcpy(fc_host_active_fc4s(shost), bottom->active_fc4_types,
FC_FC4_LIST_SIZE);
}
struct fc_function_template zfcp_transport_functions = {
.show_starget_port_id = 1,
Reported by FlawFinder.
Line: 153
Column: 23
CWE codes:
120
20
zfcp_sdev->port = port;
zfcp_sdev->latencies.write.channel.min = 0xFFFFFFFF;
zfcp_sdev->latencies.write.fabric.min = 0xFFFFFFFF;
zfcp_sdev->latencies.read.channel.min = 0xFFFFFFFF;
zfcp_sdev->latencies.read.fabric.min = 0xFFFFFFFF;
zfcp_sdev->latencies.cmd.channel.min = 0xFFFFFFFF;
zfcp_sdev->latencies.cmd.fabric.min = 0xFFFFFFFF;
spin_lock_init(&zfcp_sdev->latencies.lock);
Reported by FlawFinder.
Line: 154
Column: 23
CWE codes:
120
20
zfcp_sdev->latencies.write.channel.min = 0xFFFFFFFF;
zfcp_sdev->latencies.write.fabric.min = 0xFFFFFFFF;
zfcp_sdev->latencies.read.channel.min = 0xFFFFFFFF;
zfcp_sdev->latencies.read.fabric.min = 0xFFFFFFFF;
zfcp_sdev->latencies.cmd.channel.min = 0xFFFFFFFF;
zfcp_sdev->latencies.cmd.fabric.min = 0xFFFFFFFF;
spin_lock_init(&zfcp_sdev->latencies.lock);
zfcp_erp_set_lun_status(sdev, ZFCP_STATUS_COMMON_RUNNING);
Reported by FlawFinder.
drivers/s390/scsi/zfcp_fsf.c
5 issues
Line: 548
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
- sizeof(u32));
if (req->data)
memcpy(req->data, bottom, sizeof(*bottom));
adapter->timer_ticks = bottom->timer_interval & ZFCP_FSF_TIMER_INT_MASK;
adapter->stat_read_buf_num = max(bottom->status_read_buf_num,
(u16)FSF_STATUS_READS_RECOM);
Reported by FlawFinder.
Line: 759
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct fsf_qtcb_bottom_port *bottom = &req->qtcb->bottom.port;
if (req->data)
memcpy(req->data, bottom, sizeof(*bottom));
if (adapter->adapter_features & FSF_FEATURE_FC_SECURITY)
adapter->fc_security_algorithms =
bottom->fc_security_algorithms;
else
Reported by FlawFinder.
Line: 1590
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void zfcp_fsf_log_port_fc_security(struct zfcp_port *port,
struct zfcp_fsf_req *req)
{
char mnemonic_old[ZFCP_FSF_MAX_FC_SECURITY_MNEMONIC_LENGTH];
char mnemonic_new[ZFCP_FSF_MAX_FC_SECURITY_MNEMONIC_LENGTH];
if (port->connection_info == port->connection_info_old) {
/* no change, no log nor trace */
return;
Reported by FlawFinder.
Line: 1591
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct zfcp_fsf_req *req)
{
char mnemonic_old[ZFCP_FSF_MAX_FC_SECURITY_MNEMONIC_LENGTH];
char mnemonic_new[ZFCP_FSF_MAX_FC_SECURITY_MNEMONIC_LENGTH];
if (port->connection_info == port->connection_info_old) {
/* no change, no log nor trace */
return;
}
Reported by FlawFinder.
Line: 2359
Column: 32
CWE codes:
120
20
case FSF_DATADIR_DIF_READ_STRIP:
case FSF_DATADIR_DIF_READ_CONVERT:
case FSF_DATADIR_READ:
lat = &zfcp_sdev->latencies.read;
break;
case FSF_DATADIR_DIF_WRITE_INSERT:
case FSF_DATADIR_DIF_WRITE_CONVERT:
case FSF_DATADIR_WRITE:
lat = &zfcp_sdev->latencies.write;
Reported by FlawFinder.