The following issues were found
tools/perf/util/dso.c
26 issues
Line: 105
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Check predefined locations where debug file might reside */
ret = -1;
for (i = 0; i < ARRAY_SIZE(debuglink_paths); i++) {
snprintf(filename, size,
debuglink_paths[i], dso_dir, symfile);
if (is_regular_file(filename)) {
ret = 0;
break;
}
Reported by FlawFinder.
Line: 523
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
decomp = true;
strcpy(name, newpath);
}
fd = do_open(name);
if (decomp)
Reported by FlawFinder.
Line: 1261
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct dso *dso = calloc(1, sizeof(*dso) + strlen(name) + 1);
if (dso != NULL) {
strcpy(dso->name, name);
if (id)
dso->id = *id;
dso__set_long_name_id(dso, dso->name, id, false);
dso__set_short_name(dso, dso->name, false);
dso->symbols = dso->symbol_names = RB_ROOT_CACHED;
Reported by FlawFinder.
Line: 1362
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (machine__is_default_guest(machine))
return;
sprintf(path, "%s/sys/kernel/notes", machine->root_dir);
if (sysfs__read_build_id(path, &dso->bid) == 0)
dso->has_build_id = true;
}
int dso__kernel_module_get_build_id(struct dso *dso,
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum dso_binary_type type,
char *root_dir, char *filename, size_t size)
{
char build_id_hex[SBUILD_ID_SIZE];
int ret = 0;
size_t len;
switch (type) {
case DSO_BINARY_TYPE__DEBUGLINK:
Reported by FlawFinder.
Line: 81
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
case DSO_BINARY_TYPE__DEBUGLINK:
{
const char *last_slash;
char dso_dir[PATH_MAX];
char symfile[PATH_MAX];
unsigned int i;
len = __symbol__join_symfs(filename, size, dso->long_name);
last_slash = filename + len;
Reported by FlawFinder.
Line: 82
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char *last_slash;
char dso_dir[PATH_MAX];
char symfile[PATH_MAX];
unsigned int i;
len = __symbol__join_symfs(filename, size, dso->long_name);
last_slash = filename + len;
while (last_slash != filename && *last_slash != '/')
Reported by FlawFinder.
Line: 302
Column: 10
CWE codes:
362
* descriptor to the uncompressed file.
*/
if (!compressions[comp].is_compressed(name))
return open(name, O_RDONLY);
fd = mkstemp(tmpbuf);
if (fd < 0) {
*err = errno;
return -1;
Reported by FlawFinder.
Line: 304
Column: 7
CWE codes:
377
if (!compressions[comp].is_compressed(name))
return open(name, O_RDONLY);
fd = mkstemp(tmpbuf);
if (fd < 0) {
*err = errno;
return -1;
}
Reported by FlawFinder.
Line: 475
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int do_open(char *name)
{
int fd;
char sbuf[STRERR_BUFSIZE];
do {
fd = open(name, O_RDONLY|O_CLOEXEC);
if (fd >= 0)
return fd;
Reported by FlawFinder.
drivers/media/usb/dvb-usb/dw2102.c
26 issues
Line: 104
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (flags == DW210X_WRITE_MSG)
memcpy(u8buf, data, len);
ret = usb_control_msg(dev, pipe, request, request_type | USB_TYPE_VENDOR,
value, index , u8buf, len, 2000);
if (flags == DW210X_READ_MSG)
memcpy(data, u8buf, len);
Reported by FlawFinder.
Line: 109
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
value, index , u8buf, len, 2000);
if (flags == DW210X_READ_MSG)
memcpy(data, u8buf, len);
kfree(u8buf);
return ret;
}
Reported by FlawFinder.
Line: 225
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* read si2109 register */
dw210x_op_rw(d->udev, 0xc3, 0xd0, 0,
buf6, msg[1].len + 2, DW210X_READ_MSG);
memcpy(msg[1].buf, buf6 + 2, msg[1].len);
break;
case 1:
switch (msg[0].addr) {
case 0x68:
Reported by FlawFinder.
Line: 241
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* write to si2109 register */
buf6[0] = msg[0].addr << 1;
buf6[1] = msg[0].len;
memcpy(buf6 + 2, msg[0].buf, msg[0].len);
dw210x_op_rw(d->udev, 0xc2, 0, 0, buf6,
msg[0].len + 2, DW210X_WRITE_MSG);
break;
case(DW2102_RC_QUERY):
dw210x_op_rw(d->udev, 0xb8, 0, 0,
Reported by FlawFinder.
Line: 303
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* second read registers */
dw210x_op_rw(d->udev, 0xc3, 0xd1 , 0,
ibuf, msg[1].len + 2, DW210X_READ_MSG);
memcpy(msg[1].buf, ibuf + 2, msg[1].len);
break;
}
case 1:
switch (msg[0].addr) {
Reported by FlawFinder.
Line: 322
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
obuf[0] = msg[0].addr << 1;
obuf[1] = msg[0].len;
memcpy(obuf + 2, msg[0].buf, msg[0].len);
dw210x_op_rw(d->udev, 0xc2, 0, 0,
obuf, msg[0].len + 2, DW210X_WRITE_MSG);
break;
}
case 0x61: {
Reported by FlawFinder.
Line: 340
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
obuf[0] = msg[0].addr << 1;
obuf[1] = msg[0].len;
memcpy(obuf + 2, msg[0].buf, msg[0].len);
dw210x_op_rw(d->udev, 0xc2, 0, 0,
obuf, msg[0].len + 2, DW210X_WRITE_MSG);
break;
}
case(DW2102_RC_QUERY): {
Reported by FlawFinder.
Line: 349
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 ibuf[2];
dw210x_op_rw(d->udev, 0xb8, 0, 0,
ibuf, 2, DW210X_READ_MSG);
memcpy(msg[0].buf, ibuf , 2);
break;
}
case(DW2102_VOLTAGE_CTRL): {
u8 obuf[2];
obuf[0] = 0x30;
Reported by FlawFinder.
Line: 387
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 ibuf[2];
dw210x_op_rw(d->udev, 0xb8, 0, 0,
ibuf, 2, DW210X_READ_MSG);
memcpy(msg[j].buf, ibuf , 2);
break;
}
case(DW2102_VOLTAGE_CTRL): {
u8 obuf[2];
obuf[0] = 0x30;
Reported by FlawFinder.
Line: 418
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(msg[j].addr << 1) + 1, 0,
ibuf, msg[j].len + 2,
DW210X_READ_MSG);
memcpy(msg[j].buf, ibuf + 2, msg[j].len);
mdelay(10);
} else if (((msg[j].buf[0] == 0xb0) &&
(msg[j].addr == 0x68)) ||
((msg[j].buf[0] == 0xf7) &&
(msg[j].addr == 0x55))) {
Reported by FlawFinder.
drivers/scsi/csiostor/csio_lnode.c
26 issues
Line: 255
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len += 4; /* includes attribute type and length */
len = (len + 3) & ~3; /* should be multiple of 4 bytes */
ae->len = htons(len);
memcpy(ae->value, val, val_len);
if (len > val_len)
memset(ae->value + val_len, 0, len - val_len);
*ptr += len;
}
Reported by FlawFinder.
Line: 330
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Prepare RPA payload */
pld = (uint8_t *)csio_ct_get_pld(cmd);
port_name = (struct fc_fdmi_port_name *)pld;
memcpy(&port_name->portname, csio_ln_wwpn(ln), 8);
pld += sizeof(*port_name);
/* Start appending Port attributes */
attrib_blk = (struct fs_fdmi_attrs *)pld;
attrib_blk->numattrs = 0;
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
&mfs, sizeof(mfs));
numattrs++;
strcpy(buf, "csiostor");
csio_append_attrib(&pld, FC_FDMI_PORT_ATTR_OSDEVICENAME, buf,
strlen(buf));
numattrs++;
if (!csio_hostname(buf, sizeof(buf))) {
Reported by FlawFinder.
Line: 442
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Prepare RHBA payload */
pld = (uint8_t *)csio_ct_get_pld(cmd);
hbaid = (struct fc_fdmi_hba_identifier *)pld;
memcpy(&hbaid->id, csio_ln_wwpn(ln), 8); /* HBA identifer */
pld += sizeof(*hbaid);
/* Register one port per hba */
reg_pl = (struct fc_fdmi_rpl *)pld;
reg_pl->numport = htonl(1);
Reported by FlawFinder.
Line: 448
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Register one port per hba */
reg_pl = (struct fc_fdmi_rpl *)pld;
reg_pl->numport = htonl(1);
memcpy(®_pl->port[0].portname, csio_ln_wwpn(ln), 8);
pld += sizeof(*reg_pl);
/* Start appending HBA attributes hba */
attrib_blk = (struct fs_fdmi_attrs *)pld;
attrib_blk->numattrs = 0;
Reported by FlawFinder.
Line: 463
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
memset(buf, 0, sizeof(buf));
strcpy(buf, "Chelsio Communications");
csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_MANUFACTURER, buf,
strlen(buf));
numattrs++;
csio_append_attrib(&pld, FC_FDMI_HBA_ATTR_SERIALNUMBER,
hw->vpd.sn, sizeof(hw->vpd.sn));
Reported by FlawFinder.
Line: 544
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
csio_fill_ct_iu(cmd, FC_FST_MGMT, FC_FDMI_SUBTYPE, FC_FDMI_DPRT);
len = FC_CT_HDR_LEN;
port_name = (struct fc_fdmi_port_name *)csio_ct_get_pld(cmd);
memcpy(&port_name->portname, csio_ln_wwpn(ln), 8);
len += sizeof(*port_name);
/* Submit FDMI request */
spin_lock_irqsave(&hw->lock, flags);
if (csio_ln_mgmt_submit_req(fdmi_req, csio_ln_fdmi_dprt_cbfn,
Reported by FlawFinder.
Line: 594
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = FC_CT_HDR_LEN;
hbaid = (struct fc_fdmi_hba_identifier *)csio_ct_get_pld(cmd);
memcpy(&hbaid->id, csio_ln_wwpn(ln), 8);
len += sizeof(*hbaid);
/* Submit FDMI request */
if (csio_ln_mgmt_submit_req(fdmi_req, csio_ln_fdmi_dhba_cbfn,
FCOE_CT, &fdmi_req->dma_buf, len)) {
Reported by FlawFinder.
Line: 634
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_irq(&hw->lock);
memcpy(ln->mac, rsp->vnport_mac, sizeof(ln->mac));
memcpy(&nport_id, &rsp->vnport_mac[3], sizeof(uint8_t)*3);
ln->nport_id = ntohl(nport_id);
ln->nport_id = ln->nport_id >> 8;
/* Update WWNs */
/*
Reported by FlawFinder.
Line: 644
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* does, but is absolutely necessary if the vnpi changes between
* a FCOE LINK UP and FCOE LINK DOWN.
*/
memcpy(csio_ln_wwnn(ln), rsp->vnport_wwnn, 8);
memcpy(csio_ln_wwpn(ln), rsp->vnport_wwpn, 8);
/* Copy common sparam */
csp = (struct fc_els_csp *)rsp->cmn_srv_parms;
ln->ln_sparm.csp.sp_hi_ver = csp->sp_hi_ver;
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
26 issues
Line: 1048
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret)
goto print_clk_out;
size += sprintf(buf + size, "%d: %uMhz %s\n", i, value,
cur_value == value ? "*" : "");
}
} else {
ret = smu_v11_0_get_dpm_freq_by_index(smu, clk_type, 0, &freq_values[0]);
if (ret)
Reported by FlawFinder.
Line: 1070
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < count; i++) {
size += sprintf(buf + size, "%d: %uMhz %s\n", i, freq_values[i],
cur_value == freq_values[i] ? "*" : "");
}
}
break;
Reported by FlawFinder.
Line: 1081
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
lane_width = smu_v11_0_get_current_pcie_link_width_level(smu);
GET_PPTABLE_MEMBER(LclkFreq, &table_member);
for (i = 0; i < NUM_LINK_LEVELS; i++)
size += sprintf(buf + size, "%d: %s %s %dMhz %s\n", i,
(dpm_context->dpm_tables.pcie_table.pcie_gen[i] == 0) ? "2.5GT/s," :
(dpm_context->dpm_tables.pcie_table.pcie_gen[i] == 1) ? "5.0GT/s," :
(dpm_context->dpm_tables.pcie_table.pcie_gen[i] == 2) ? "8.0GT/s," :
(dpm_context->dpm_tables.pcie_table.pcie_gen[i] == 3) ? "16.0GT/s," : "",
(dpm_context->dpm_tables.pcie_table.pcie_lane[i] == 1) ? "x1" :
Reported by FlawFinder.
Line: 1140
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!smu->od_enabled || !od_table || !od_settings)
break;
size = sprintf(buf, "%s:\n", "OD_RANGE");
if (sienna_cichlid_is_od_feature_supported(od_settings, SMU_11_0_7_ODCAP_GFXCLK_LIMITS)) {
sienna_cichlid_get_od_setting_range(od_settings, SMU_11_0_7_ODSETTING_GFXCLKFMIN,
&min_value, NULL);
sienna_cichlid_get_od_setting_range(od_settings, SMU_11_0_7_ODSETTING_GFXCLKFMAX,
Reported by FlawFinder.
Line: 1379
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!buf)
return -EINVAL;
size += sprintf(buf + size, "%16s %s %s %s %s %s %s %s %s %s %s\n",
title[0], title[1], title[2], title[3], title[4], title[5],
title[6], title[7], title[8], title[9], title[10]);
for (i = 0; i <= PP_SMC_POWER_PROFILE_CUSTOM; i++) {
/* conv PP_SMC_POWER_PROFILE* to WORKLOAD_PPLIB_*_BIT */
Reported by FlawFinder.
Line: 1399
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return result;
}
size += sprintf(buf + size, "%2d %14s%s:\n",
i, profile_name[i], (i == smu->power_profile_mode) ? "*" : " ");
size += sprintf(buf + size, "%19s %d(%13s) %7d %7d %7d %7d %7d %7d %7d %7d %7d\n",
" ",
0,
Reported by FlawFinder.
Line: 1402
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
size += sprintf(buf + size, "%2d %14s%s:\n",
i, profile_name[i], (i == smu->power_profile_mode) ? "*" : " ");
size += sprintf(buf + size, "%19s %d(%13s) %7d %7d %7d %7d %7d %7d %7d %7d %7d\n",
" ",
0,
"GFXCLK",
activity_monitor->Gfx_FPS,
activity_monitor->Gfx_MinFreqStep,
Reported by FlawFinder.
Line: 1416
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
activity_monitor->Gfx_PD_Data_error_coeff,
activity_monitor->Gfx_PD_Data_error_rate_coeff);
size += sprintf(buf + size, "%19s %d(%13s) %7d %7d %7d %7d %7d %7d %7d %7d %7d\n",
" ",
1,
"SOCCLK",
activity_monitor->Fclk_FPS,
activity_monitor->Fclk_MinFreqStep,
Reported by FlawFinder.
Line: 1430
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
activity_monitor->Fclk_PD_Data_error_coeff,
activity_monitor->Fclk_PD_Data_error_rate_coeff);
size += sprintf(buf + size, "%19s %d(%13s) %7d %7d %7d %7d %7d %7d %7d %7d %7d\n",
" ",
2,
"MEMLK",
activity_monitor->Mem_FPS,
activity_monitor->Mem_MinFreqStep,
Reported by FlawFinder.
Line: 401
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
GET_PPTABLE_MEMBER(I2cControllers, &table_member);
memcpy(table_member, smc_dpm_table->I2cControllers,
sizeof(*smc_dpm_table) - sizeof(smc_dpm_table->table_header));
return 0;
}
Reported by FlawFinder.
drivers/scsi/bfa/bfa_defs.h
26 issues
Line: 266
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct bfa_adapter_attr_s {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfa_adapter_attr_s {
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char manufacturer[BFA_ADAPTER_MFG_NAME_LEN];
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 270
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char serial_num[BFA_ADAPTER_SERIAL_NUM_LEN];
u32 card_type;
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[BFA_ADAPTER_MODEL_NAME_LEN];
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
Reported by FlawFinder.
Line: 273
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model_descr[BFA_ADAPTER_MODEL_DESCR_LEN];
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
Reported by FlawFinder.
Line: 274
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wwn_t pwwn;
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
Reported by FlawFinder.
Line: 275
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char node_symname[FC_SYMNAME_MAX];
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
u8 nports;
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hw_ver[BFA_VERSION_LEN];
char fw_ver[BFA_VERSION_LEN];
char optrom_ver[BFA_VERSION_LEN];
char os_type[BFA_ADAPTER_OS_TYPE_LEN];
struct bfa_mfg_vpd_s vpd;
struct mac_s mac;
u8 nports;
u8 max_speed;
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Driver and firmware versions.
*/
struct bfa_ioc_driver_attr_s {
char driver[BFA_IOC_DRIVER_LEN]; /* driver name */
char driver_ver[BFA_VERSION_LEN]; /* driver version */
char fw_ver[BFA_VERSION_LEN]; /* firmware version */
char bios_ver[BFA_VERSION_LEN]; /* bios version */
char efi_ver[BFA_VERSION_LEN]; /* EFI version */
char ob_ver[BFA_VERSION_LEN]; /* openboot version */
Reported by FlawFinder.
drivers/staging/rtl8723bs/core/rtw_ap.c
26 issues
Line: 1522
CWE codes:
476
static void update_bcn_vendor_spec_ie(struct adapter *padapter, u8 *oui)
{
if (!memcmp(RTW_WPA_OUI, oui, 4))
update_bcn_wpa_ie(padapter);
else if (!memcmp(WMM_OUI, oui, 4))
update_bcn_wmm_ie(padapter);
Reported by Cppcheck.
Line: 1522
CWE codes:
476
static void update_bcn_vendor_spec_ie(struct adapter *padapter, u8 *oui)
{
if (!memcmp(RTW_WPA_OUI, oui, 4))
update_bcn_wpa_ie(padapter);
else if (!memcmp(WMM_OUI, oui, 4))
update_bcn_wmm_ie(padapter);
Reported by Cppcheck.
Line: 1525
CWE codes:
476
if (!memcmp(RTW_WPA_OUI, oui, 4))
update_bcn_wpa_ie(padapter);
else if (!memcmp(WMM_OUI, oui, 4))
update_bcn_wmm_ie(padapter);
else if (!memcmp(WPS_OUI, oui, 4))
update_bcn_wps_ie(padapter);
Reported by Cppcheck.
Line: 1528
CWE codes:
476
else if (!memcmp(WMM_OUI, oui, 4))
update_bcn_wmm_ie(padapter);
else if (!memcmp(WPS_OUI, oui, 4))
update_bcn_wps_ie(padapter);
else if (!memcmp(P2P_OUI, oui, 4))
update_bcn_p2p_ie(padapter);
}
Reported by Cppcheck.
Line: 1531
CWE codes:
476
else if (!memcmp(WPS_OUI, oui, 4))
update_bcn_wps_ie(padapter);
else if (!memcmp(P2P_OUI, oui, 4))
update_bcn_p2p_ie(padapter);
}
void update_beacon(struct adapter *padapter, u8 ie_id, u8 *oui, u8 tx)
{
Reported by Cppcheck.
Line: 121
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (remainder_ielen > 0) {
pbackup_remainder_ie = rtw_malloc(remainder_ielen);
if (pbackup_remainder_ie && premainder_ie)
memcpy(pbackup_remainder_ie, premainder_ie, remainder_ielen);
}
*dst_ie++ = WLAN_EID_TIM;
if ((pstapriv->tim_bitmap & 0xff00) && (pstapriv->tim_bitmap & 0x00fe))
Reported by FlawFinder.
Line: 152
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*dst_ie++ = le16_to_cpu(pvb);
} else if (tim_ielen == 5) {
memcpy(dst_ie, &tim_bitmap_le, 2);
dst_ie += 2;
}
/* copy remainder IE */
if (pbackup_remainder_ie) {
Reported by FlawFinder.
Line: 158
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy remainder IE */
if (pbackup_remainder_ie) {
memcpy(dst_ie, pbackup_remainder_ie, remainder_ielen);
kfree(pbackup_remainder_ie);
}
offset = (uint)(dst_ie - pie);
Reported by FlawFinder.
Line: 181
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sta_info *psta = NULL;
struct sta_priv *pstapriv = &padapter->stapriv;
u8 chk_alive_num = 0;
char chk_alive_list[NUM_STA];
int i;
spin_lock_bh(&pstapriv->auth_list_lock);
phead = &pstapriv->auth_list;
Reported by FlawFinder.
Line: 576
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
psta->wireless_mode = pmlmeext->cur_wireless_mode;
psta->bssratelen = rtw_get_rateset_len(pnetwork->SupportedRates);
memcpy(psta->bssrateset, pnetwork->SupportedRates, psta->bssratelen);
/* HT related cap */
if (phtpriv_ap->ht_option) {
/* check if sta supports rx ampdu */
/* phtpriv_ap->ampdu_enable = phtpriv_ap->ampdu_enable; */
Reported by FlawFinder.
drivers/staging/rtl8712/rtl871x_recv.c
26 issues
Line: 341
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sta_addr = pattrib->src;
}
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
Reported by FlawFinder.
Line: 342
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else {
Reported by FlawFinder.
Line: 343
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else {
ret = _FAIL;
Reported by FlawFinder.
Line: 344
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else {
ret = _FAIL;
}
Reported by FlawFinder.
Line: 345
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
sta_addr = mybssid;
} else {
ret = _FAIL;
}
if (bmcast)
Reported by FlawFinder.
Line: 408
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return _FAIL;
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) &&
check_fwstate(pmlmepriv, _FW_LINKED)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
Reported by FlawFinder.
Line: 409
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (check_fwstate(pmlmepriv, WIFI_MP_STATE) &&
check_fwstate(pmlmepriv, _FW_LINKED)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
*psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
Reported by FlawFinder.
Line: 410
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
check_fwstate(pmlmepriv, _FW_LINKED)) {
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
*psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
if (!*psta)
Reported by FlawFinder.
Line: 411
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->dst, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
*psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
if (!*psta)
return _FAIL;
Reported by FlawFinder.
Line: 412
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->src, GetAddr2Ptr(ptr), ETH_ALEN);
memcpy(pattrib->bssid, GetAddr3Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
memcpy(pattrib->bssid, mybssid, ETH_ALEN);
*psta = r8712_get_stainfo(pstapriv, pattrib->bssid);
if (!*psta)
return _FAIL;
} else {
Reported by FlawFinder.
include/uapi/linux/iso_fs.h
26 issues
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iso_volume_descriptor {
__u8 type[ISODCL(1,1)]; /* 711 */
char id[ISODCL(2,6)];
__u8 version[ISODCL(7,7)];
__u8 data[ISODCL(8,2048)];
};
/* volume descriptor types */
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iso_primary_descriptor {
__u8 type [ISODCL ( 1, 1)]; /* 711 */
char id [ISODCL ( 2, 6)];
__u8 version [ISODCL ( 7, 7)]; /* 711 */
__u8 unused1 [ISODCL ( 8, 8)];
char system_id [ISODCL ( 9, 40)]; /* achars */
char volume_id [ISODCL ( 41, 72)]; /* dchars */
__u8 unused2 [ISODCL ( 73, 80)];
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char id [ISODCL ( 2, 6)];
__u8 version [ISODCL ( 7, 7)]; /* 711 */
__u8 unused1 [ISODCL ( 8, 8)];
char system_id [ISODCL ( 9, 40)]; /* achars */
char volume_id [ISODCL ( 41, 72)]; /* dchars */
__u8 unused2 [ISODCL ( 73, 80)];
__u8 volume_space_size [ISODCL ( 81, 88)]; /* 733 */
__u8 unused3 [ISODCL ( 89, 120)];
__u8 volume_set_size [ISODCL (121, 124)]; /* 723 */
Reported by FlawFinder.
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 version [ISODCL ( 7, 7)]; /* 711 */
__u8 unused1 [ISODCL ( 8, 8)];
char system_id [ISODCL ( 9, 40)]; /* achars */
char volume_id [ISODCL ( 41, 72)]; /* dchars */
__u8 unused2 [ISODCL ( 73, 80)];
__u8 volume_space_size [ISODCL ( 81, 88)]; /* 733 */
__u8 unused3 [ISODCL ( 89, 120)];
__u8 volume_set_size [ISODCL (121, 124)]; /* 723 */
__u8 volume_sequence_number [ISODCL (125, 128)]; /* 723 */
Reported by FlawFinder.
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 type_m_path_table [ISODCL (149, 152)]; /* 732 */
__u8 opt_type_m_path_table [ISODCL (153, 156)]; /* 732 */
__u8 root_directory_record [ISODCL (157, 190)]; /* 9.1 */
char volume_set_id [ISODCL (191, 318)]; /* dchars */
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 opt_type_m_path_table [ISODCL (153, 156)]; /* 732 */
__u8 root_directory_record [ISODCL (157, 190)]; /* 9.1 */
char volume_set_id [ISODCL (191, 318)]; /* dchars */
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 root_directory_record [ISODCL (157, 190)]; /* 9.1 */
char volume_set_id [ISODCL (191, 318)]; /* dchars */
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
__u8 creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char volume_set_id [ISODCL (191, 318)]; /* dchars */
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
__u8 creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */
__u8 modification_date [ISODCL (831, 847)]; /* 8.4.26.1 */
Reported by FlawFinder.
Line: 52
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char publisher_id [ISODCL (319, 446)]; /* achars */
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
__u8 creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */
__u8 modification_date [ISODCL (831, 847)]; /* 8.4.26.1 */
__u8 expiration_date [ISODCL (848, 864)]; /* 8.4.26.1 */
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char preparer_id [ISODCL (447, 574)]; /* achars */
char application_id [ISODCL (575, 702)]; /* achars */
char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */
char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */
char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */
__u8 creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */
__u8 modification_date [ISODCL (831, 847)]; /* 8.4.26.1 */
__u8 expiration_date [ISODCL (848, 864)]; /* 8.4.26.1 */
__u8 effective_date [ISODCL (865, 881)]; /* 8.4.26.1 */
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
26 issues
Line: 1095
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
ver.l = cpu_to_le32(adapter->fw_release_number);
sprintf(fw_ver, "%u.%u.%u.p%u", ver.c[2], ver.c[1], ver.c[0], ver.c[3]);
snprintf(version, max_len, driver_version, fw_ver);
mwifiex_dbg(adapter, MSG, "info: MWIFIEX VERSION: %s\n", version);
return 0;
}
Reported by FlawFinder.
Line: 46
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct netdev_hw_addr *ha;
netdev_for_each_mc_addr(ha, dev)
memcpy(&mlist->mac_list[i++], ha->addr, ETH_ALEN);
return i;
}
/*
Reported by FlawFinder.
Line: 163
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(bss_desc->mac_address, bss->bssid, ETH_ALEN);
bss_desc->rssi = bss->signal;
/* The caller of this function will free beacon_ie */
bss_desc->beacon_buf = beacon_ie;
bss_desc->beacon_buf_size = beacon_ie_len;
bss_desc->beacon_period = bss->beacon_interval;
Reported by FlawFinder.
Line: 200
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (priv->adapter->dt_node) {
char txpwr[] = {"marvell,00_txpwrlimit"};
memcpy(&txpwr[8], priv->adapter->country_code, 2);
mwifiex_dnld_dt_cfgdata(priv, priv->adapter->dt_node, txpwr);
}
}
static int mwifiex_process_country_ie(struct mwifiex_private *priv,
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(priv->adapter->country_code, &country_ie[2], 2);
domain_info->country_code[0] = country_ie[2];
domain_info->country_code[1] = country_ie[3];
domain_info->country_code[2] = ' ';
Reported by FlawFinder.
Line: 252
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
domain_info->no_of_triplet =
country_ie_len / sizeof(struct ieee80211_country_ie_triplet);
memcpy((u8 *)domain_info->triplet,
&country_ie[2] + IEEE80211_COUNTRY_STRING_LEN, country_ie_len);
rcu_read_unlock();
if (mwifiex_send_cmd(priv, HostCmd_CMD_802_11D_DOMAIN_INFO,
Reported by FlawFinder.
Line: 592
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->bss_mode = priv->bss_mode;
memcpy(&info->ssid, &bss_desc->ssid, sizeof(struct cfg80211_ssid));
memcpy(&info->bssid, &bss_desc->mac_address, ETH_ALEN);
info->bss_chan = bss_desc->channel;
Reported by FlawFinder.
Line: 594
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&info->ssid, &bss_desc->ssid, sizeof(struct cfg80211_ssid));
memcpy(&info->bssid, &bss_desc->mac_address, ETH_ALEN);
info->bss_chan = bss_desc->channel;
memcpy(info->country_code, adapter->country_code,
IEEE80211_COUNTRY_STRING_LEN);
Reported by FlawFinder.
Line: 598
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info->bss_chan = bss_desc->channel;
memcpy(info->country_code, adapter->country_code,
IEEE80211_COUNTRY_STRING_LEN);
info->media_connected = priv->media_connected;
info->max_power_level = priv->max_tx_power_level;
Reported by FlawFinder.
Line: 796
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"failed to copy WPA IE, too big\n");
return -1;
}
memcpy(priv->wpa_ie, ie_data_ptr, ie_len);
priv->wpa_ie_len = ie_len;
mwifiex_dbg(priv->adapter, CMD,
"cmd: Set Wpa_ie_len=%d IE=%#x\n",
priv->wpa_ie_len, priv->wpa_ie[0]);
Reported by FlawFinder.
net/decnet/af_decnet.c
26 issues
Line: 294
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case 1:
*buf++ = 0;
*buf++ = le16_to_cpu(sdn->sdn_objnamel);
memcpy(buf, sdn->sdn_objname, le16_to_cpu(sdn->sdn_objnamel));
len = 3 + le16_to_cpu(sdn->sdn_objnamel);
break;
case 2:
memset(buf, 0, 5);
buf += 5;
Reported by FlawFinder.
Line: 301
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(buf, 0, 5);
buf += 5;
*buf++ = le16_to_cpu(sdn->sdn_objnamel);
memcpy(buf, sdn->sdn_objname, le16_to_cpu(sdn->sdn_objnamel));
len = 7 + le16_to_cpu(sdn->sdn_objnamel);
break;
}
return len;
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((len < 0) || (le16_to_cpu(sdn->sdn_objnamel) > namel))
return -1;
memcpy(sdn->sdn_objname, data, le16_to_cpu(sdn->sdn_objnamel));
return size - len;
}
struct sock *dn_sklist_find_listener(struct sockaddr_dn *addr)
Reported by FlawFinder.
Line: 512
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scp->addr.sdn_family = AF_DECnet;
scp->peer.sdn_family = AF_DECnet;
scp->accessdata.acc_accl = 5;
memcpy(scp->accessdata.acc_acc, "LINUX", 5);
scp->max_window = NSP_MAX_WINDOW;
scp->snd_window = NSP_MIN_WINDOW;
scp->nsp_srtt = NSP_INITIAL_SRTT;
scp->nsp_rttvar = NSP_INITIAL_RTTVAR;
Reported by FlawFinder.
Line: 662
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
node = addr & 0x03ff;
area = addr >> 10;
sprintf(buf, "%hd.%hd", area, node);
return buf;
}
Reported by FlawFinder.
Line: 766
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rv = -EINVAL;
lock_sock(sk);
if (sock_flag(sk, SOCK_ZAPPED)) {
memcpy(&scp->addr, saddr, addr_len);
sock_reset_flag(sk, SOCK_ZAPPED);
rv = dn_hash_sock(sk);
if (rv)
sock_set_flag(sk, SOCK_ZAPPED);
Reported by FlawFinder.
Line: 798
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(scp->accessdata.acc_accl <= 12)) {
scp->addr.sdn_objnamel = cpu_to_le16(scp->accessdata.acc_accl);
memcpy(scp->addr.sdn_objname, scp->accessdata.acc_acc, le16_to_cpu(scp->addr.sdn_objnamel));
scp->accessdata.acc_accl = 0;
memset(scp->accessdata.acc_acc, 0, 40);
}
/* End of compatibility stuff */
Reported by FlawFinder.
Line: 940
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(&scp->peer, addr, sizeof(struct sockaddr_dn));
err = -EHOSTUNREACH;
memset(&fld, 0, sizeof(fld));
fld.flowidn_oif = sk->sk_bound_dev_if;
fld.daddr = dn_saddr2dn(&scp->peer);
Reported by FlawFinder.
Line: 1005
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char *ptr = skb->data;
acc->acc_userl = *ptr++;
memcpy(&acc->acc_user, ptr, acc->acc_userl);
ptr += acc->acc_userl;
acc->acc_passl = *ptr++;
memcpy(&acc->acc_pass, ptr, acc->acc_passl);
ptr += acc->acc_passl;
Reported by FlawFinder.
Line: 1009
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += acc->acc_userl;
acc->acc_passl = *ptr++;
memcpy(&acc->acc_pass, ptr, acc->acc_passl);
ptr += acc->acc_passl;
acc->acc_accl = *ptr++;
memcpy(&acc->acc_acc, ptr, acc->acc_accl);
Reported by FlawFinder.