The following issues were found
drivers/net/wireless/rsi/rsi_91x_usb.c
5 issues
Line: 56
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int ep = dev->bulkout_endpoint_addr[endpoint - 1];
memset(seg, 0, len + RSI_USB_TX_HEAD_ROOM);
memcpy(seg + RSI_USB_TX_HEAD_ROOM, buf, len);
len += RSI_USB_TX_HEAD_ROOM;
transfer = len;
status = usb_bulk_msg(dev->usbdev,
usb_sndbulkpipe(dev->usbdev, ep),
(void *)seg,
Reported by FlawFinder.
Line: 391
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kfree(buf);
return status;
}
memcpy(data, buf, transfer);
count -= transfer;
data += transfer;
addr += transfer;
}
kfree(buf);
Reported by FlawFinder.
Line: 424
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (count) {
transfer = min_t(u16, count, RSI_USB_BUF_SIZE);
memcpy(buf, data, transfer);
status = usb_control_msg(dev->usbdev,
usb_sndctrlpipe(dev->usbdev, 0),
USB_VENDOR_REGISTER_WRITE,
RSI_USB_REQ_OUT,
((addr & 0xffff0000) >> 16),
Reported by FlawFinder.
Line: 515
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rsi_dbg(INFO_ZONE, "num_blocks: %d\n", num_blocks);
for (cur_indx = 0, i = 0; i < num_blocks; i++, cur_indx += block_size) {
memcpy(temp_buf, ta_firmware + cur_indx, block_size);
status = rsi_usb_write_register_multiple(adapter, base_address,
(u8 *)(temp_buf),
block_size);
if (status < 0)
return status;
Reported by FlawFinder.
Line: 528
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (instructions_sz % block_size) {
memset(temp_buf, 0, block_size);
memcpy(temp_buf, ta_firmware + cur_indx,
instructions_sz % block_size);
status = rsi_usb_write_register_multiple
(adapter, base_address,
(u8 *)temp_buf,
instructions_sz % block_size);
Reported by FlawFinder.
drivers/net/wireless/microchip/wilc1000/wlan.c
5 issues
Line: 887
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
FIELD_PREP(WILC_VMM_HDR_BUFF_SIZE, vmm_sz));
cpu_to_le32s(&header);
memcpy(&txb[offset], &header, 4);
if (tqe->type == WILC_CFG_PKT) {
buffer_offset = ETH_CONFIG_PKT_HDR_OFFSET;
} else if (tqe->type == WILC_NET_PKT) {
int prio = tqe->q_num;
Reported by FlawFinder.
Line: 895
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bssid = tqe->vif->bssid;
buffer_offset = ETH_ETHERNET_HDR_OFFSET;
memcpy(&txb[offset + 4], &prio, sizeof(prio));
memcpy(&txb[offset + 8], bssid, 6);
} else {
buffer_offset = HOST_HDR_OFFSET;
}
Reported by FlawFinder.
Line: 896
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bssid = tqe->vif->bssid;
buffer_offset = ETH_ETHERNET_HDR_OFFSET;
memcpy(&txb[offset + 4], &prio, sizeof(prio));
memcpy(&txb[offset + 8], bssid, 6);
} else {
buffer_offset = HOST_HDR_OFFSET;
}
memcpy(&txb[offset + buffer_offset],
Reported by FlawFinder.
Line: 901
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buffer_offset = HOST_HDR_OFFSET;
}
memcpy(&txb[offset + buffer_offset],
tqe->buffer, tqe->buffer_size);
offset += vmm_sz;
i++;
tqe->status = 1;
if (tqe->tx_complete_func)
Reported by FlawFinder.
Line: 1093
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
size2 = blksz;
memcpy(dma_buffer, &buffer[offset], size2);
ret = wilc->hif_func->hif_block_tx(wilc, addr,
dma_buffer, size2);
if (ret)
break;
Reported by FlawFinder.
drivers/nvme/target/fcloop.c
5 issues
Line: 385
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct nvme_fc_remote_port *remoteport = tport->remoteport;
struct fcloop_rport *rport;
memcpy(lsreq->rspaddr, lsrsp->rspbuf,
((lsreq->rsplen < lsrsp->rsplen) ?
lsreq->rsplen : lsrsp->rsplen));
lsrsp->done(lsrsp);
Reported by FlawFinder.
Line: 473
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct nvmet_fc_target_port *targetport = rport->targetport;
struct fcloop_tport *tport;
memcpy(lsreq->rspaddr, lsrsp->rspbuf,
((lsreq->rsplen < lsrsp->rsplen) ?
lsreq->rsplen : lsrsp->rsplen));
lsrsp->done(lsrsp);
if (targetport) {
Reported by FlawFinder.
Line: 777
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tlen = min_t(u32, tlen, length);
if (op == NVMET_FCOP_WRITEDATA)
memcpy(data_p, io_p, tlen);
else
memcpy(io_p, data_p, tlen);
length -= tlen;
Reported by FlawFinder.
Line: 779
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (op == NVMET_FCOP_WRITEDATA)
memcpy(data_p, io_p, tlen);
else
memcpy(io_p, data_p, tlen);
length -= tlen;
io_len -= tlen;
if ((!io_len) && (length)) {
Reported by FlawFinder.
Line: 869
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fcpreq) {
rsplen = ((fcpreq->rsplen < tgt_fcpreq->rsplen) ?
fcpreq->rsplen : tgt_fcpreq->rsplen);
memcpy(fcpreq->rspaddr, tgt_fcpreq->rspaddr, rsplen);
if (rsplen < tgt_fcpreq->rsplen)
fcp_err = -E2BIG;
fcpreq->rcv_rsplen = rsplen;
fcpreq->status = 0;
}
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_ste_v1.c
5 issues
Line: 348
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WARN_ON(ste_size != DR_STE_SIZE);
/* Backup tag */
memcpy(tmp_tag, tag, DR_STE_SIZE_TAG);
/* Swap mask and tag both are the same size */
memcpy(tag, mask, DR_STE_SIZE_MASK);
memcpy(mask, tmp_tag, DR_STE_SIZE_TAG);
}
Reported by FlawFinder.
Line: 351
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(tmp_tag, tag, DR_STE_SIZE_TAG);
/* Swap mask and tag both are the same size */
memcpy(tag, mask, DR_STE_SIZE_MASK);
memcpy(mask, tmp_tag, DR_STE_SIZE_TAG);
}
static void dr_ste_v1_set_rx_flow_tag(u8 *s_action, u32 flow_tag)
{
Reported by FlawFinder.
Line: 352
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Swap mask and tag both are the same size */
memcpy(tag, mask, DR_STE_SIZE_MASK);
memcpy(mask, tmp_tag, DR_STE_SIZE_TAG);
}
static void dr_ste_v1_set_rx_flow_tag(u8 *s_action, u32 flow_tag)
{
MLX5_SET(ste_single_action_flow_tag_v1, s_action, action_id,
Reported by FlawFinder.
Line: 790
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_FLD_SZ_BYTES(ste_double_action_insert_with_inline_v1, inline_data);
/* Add an alignment padding */
memcpy(padded_data + data_sz % inline_data_sz, data, data_sz);
/* Remove L2L3 outer headers */
MLX5_SET(ste_single_action_remove_header_v1, hw_action, action_id,
DR_STE_V1_ACTION_ID_REMOVE_HEADER_TO_HEADER);
MLX5_SET(ste_single_action_remove_header_v1, hw_action, decap, 1);
Reported by FlawFinder.
Line: 821
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy bytes one by one to avoid endianness problem */
addr_inline = MLX5_ADDR_OF(ste_double_action_insert_with_inline_v1,
hw_action, inline_data);
memcpy(addr_inline, data_ptr - i * inline_data_sz, inline_data_sz);
hw_action += DR_STE_ACTION_DOUBLE_SZ;
used_actions++;
}
/* Remove first 2 extra bytes */
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_ctcam.c
5 issues
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_acl_tcam_region *region,
u16 new_size)
{
char ptar_pl[MLXSW_REG_PTAR_LEN];
mlxsw_reg_ptar_pack(ptar_pl, MLXSW_REG_PTAR_OP_RESIZE,
region->key_type, new_size, region->id,
region->tcam_region_info);
return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(ptar), ptar_pl);
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_acl_tcam_region *region,
u16 src_offset, u16 dst_offset, u16 size)
{
char prcr_pl[MLXSW_REG_PRCR_LEN];
mlxsw_reg_prcr_pack(prcr_pl, MLXSW_REG_PRCR_OP_MOVE,
region->tcam_region_info, src_offset,
region->tcam_region_info, dst_offset, size);
mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(prcr), prcr_pl);
Reported by FlawFinder.
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mlxsw_sp_acl_tcam_region *region = cregion->region;
struct mlxsw_afk *afk = mlxsw_sp_acl_afk(mlxsw_sp->acl);
char ptce2_pl[MLXSW_REG_PTCE2_LEN];
char *act_set;
u32 priority;
char *mask;
char *key;
int err;
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_sp_acl_ctcam_region *cregion,
struct mlxsw_sp_acl_ctcam_entry *centry)
{
char ptce2_pl[MLXSW_REG_PTCE2_LEN];
mlxsw_reg_ptce2_pack(ptce2_pl, false, MLXSW_REG_PTCE2_OP_WRITE_WRITE,
cregion->region->tcam_region_info,
centry->parman_item.index, 0);
mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(ptce2), ptce2_pl);
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mlxsw_afa_block *afa_block,
unsigned int priority)
{
char ptce2_pl[MLXSW_REG_PTCE2_LEN];
char *act_set;
mlxsw_reg_ptce2_pack(ptce2_pl, true, MLXSW_REG_PTCE2_OP_WRITE_UPDATE,
cregion->region->tcam_region_info,
centry->parman_item.index, priority);
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
5 issues
Line: 2776
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 ver_build;
u8 ver_min;
u8 ver_maj;
char driver_string[FW_CEM_DRIVER_VERSION_SIZE];
};
/* These need to be dword aligned */
struct ixgbe_hic_read_shadow_ram {
union ixgbe_hic_hdr2 hdr;
Reported by FlawFinder.
Line: 2846
Column: 4
CWE codes:
120
20
__le64 buffer_addr; /* Address of descriptor's data buf */
__le32 cmd_type_len;
__le32 olinfo_status;
} read;
struct {
__le64 rsvd; /* Reserved */
__le32 nxtseq_seed;
__le32 status;
} wb;
Reported by FlawFinder.
Line: 2859
Column: 4
CWE codes:
120
20
struct {
__le64 pkt_addr; /* Packet buffer address */
__le64 hdr_addr; /* Header buffer address */
} read;
struct {
struct {
union {
__le32 data;
struct {
Reported by FlawFinder.
Line: 3390
Column: 8
CWE codes:
120
20
/* Function pointer table */
struct ixgbe_eeprom_operations {
s32 (*init_params)(struct ixgbe_hw *);
s32 (*read)(struct ixgbe_hw *, u16, u16 *);
s32 (*read_buffer)(struct ixgbe_hw *, u16, u16, u16 *);
s32 (*write)(struct ixgbe_hw *, u16, u16);
s32 (*write_buffer)(struct ixgbe_hw *, u16, u16, u16 *);
s32 (*validate_checksum)(struct ixgbe_hw *, u16 *);
s32 (*update_checksum)(struct ixgbe_hw *);
Reported by FlawFinder.
Line: 3599
Column: 8
CWE codes:
120
20
struct ixgbe_mbx_operations {
s32 (*init_params)(struct ixgbe_hw *hw);
s32 (*read)(struct ixgbe_hw *, u32 *, u16, u16);
s32 (*write)(struct ixgbe_hw *, u32 *, u16, u16);
s32 (*read_posted)(struct ixgbe_hw *, u32 *, u16, u16);
s32 (*write_posted)(struct ixgbe_hw *, u32 *, u16, u16);
s32 (*check_for_msg)(struct ixgbe_hw *, u16);
s32 (*check_for_ack)(struct ixgbe_hw *, u16);
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/nfp_net_debugfs.c
5 issues
Line: 151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void nfp_net_debugfs_vnic_add(struct nfp_net *nn, struct dentry *ddir)
{
struct dentry *queues, *tx, *rx, *xdp;
char name[20];
int i;
if (IS_ERR_OR_NULL(nfp_dir))
return;
Reported by FlawFinder.
Line: 158
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return;
if (nfp_net_is_data_vnic(nn))
sprintf(name, "vnic%d", nn->id);
else
strcpy(name, "ctrl-vnic");
nn->debugfs_dir = debugfs_create_dir(name, ddir);
/* Create queue debugging sub-tree */
Reported by FlawFinder.
Line: 160
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (nfp_net_is_data_vnic(nn))
sprintf(name, "vnic%d", nn->id);
else
strcpy(name, "ctrl-vnic");
nn->debugfs_dir = debugfs_create_dir(name, ddir);
/* Create queue debugging sub-tree */
queues = debugfs_create_dir("queue", nn->debugfs_dir);
Reported by FlawFinder.
Line: 171
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
xdp = debugfs_create_dir("xdp", queues);
for (i = 0; i < min(nn->max_rx_rings, nn->max_r_vecs); i++) {
sprintf(name, "%d", i);
debugfs_create_file(name, 0400, rx,
&nn->r_vecs[i], &nfp_rx_q_fops);
debugfs_create_file(name, 0400, xdp,
&nn->r_vecs[i], &nfp_xdp_q_fops);
}
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < min(nn->max_tx_rings, nn->max_r_vecs); i++) {
sprintf(name, "%d", i);
debugfs_create_file(name, 0400, tx,
&nn->r_vecs[i], &nfp_tx_q_fops);
}
}
Reported by FlawFinder.
drivers/net/ethernet/sun/niu.h
5 issues
Line: 2985
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define NIU_VPD_PHY_TYPE_MAX 8
struct niu_vpd {
char model[NIU_VPD_MODEL_MAX];
char board_model[NIU_VPD_BD_MODEL_MAX];
char version[NIU_VPD_VERSION_MAX];
char phy_type[NIU_VPD_PHY_TYPE_MAX];
u8 mac_num;
u8 __pad;
Reported by FlawFinder.
Line: 2986
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct niu_vpd {
char model[NIU_VPD_MODEL_MAX];
char board_model[NIU_VPD_BD_MODEL_MAX];
char version[NIU_VPD_VERSION_MAX];
char phy_type[NIU_VPD_PHY_TYPE_MAX];
u8 mac_num;
u8 __pad;
u8 local_mac[6];
Reported by FlawFinder.
Line: 2987
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct niu_vpd {
char model[NIU_VPD_MODEL_MAX];
char board_model[NIU_VPD_BD_MODEL_MAX];
char version[NIU_VPD_VERSION_MAX];
char phy_type[NIU_VPD_PHY_TYPE_MAX];
u8 mac_num;
u8 __pad;
u8 local_mac[6];
int fcode_major;
Reported by FlawFinder.
Line: 2988
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char model[NIU_VPD_MODEL_MAX];
char board_model[NIU_VPD_BD_MODEL_MAX];
char version[NIU_VPD_VERSION_MAX];
char phy_type[NIU_VPD_PHY_TYPE_MAX];
u8 mac_num;
u8 __pad;
u8 local_mac[6];
int fcode_major;
int fcode_minor;
Reported by FlawFinder.
Line: 3261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define NIU_FLAGS_XMAC 0x00010000 /* 0=BMAC 1=XMAC */
u32 msg_enable;
char irq_name[NIU_NUM_RXCHAN+NIU_NUM_TXCHAN+3][IFNAMSIZ + 6];
/* Protects hw programming, and ring state. */
spinlock_t lock;
const struct niu_ops *ops;
Reported by FlawFinder.
drivers/net/ethernet/microsoft/mana/gdma_main.c
5 issues
Line: 325
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
event.type = type;
memcpy(&event.details, &eqe->details, GDMA_EVENT_DATA_SIZE);
eq->eq.callback(eq->eq.context, eq, &event);
break;
default:
break;
Reported by FlawFinder.
Line: 1008
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr = wqe_ptr + sizeof(header);
if (wqe_req->inline_oob_data && wqe_req->inline_oob_size > 0) {
memcpy(ptr, wqe_req->inline_oob_data, wqe_req->inline_oob_size);
if (client_oob_size > wqe_req->inline_oob_size)
memset(ptr + wqe_req->inline_oob_size, 0,
client_oob_size - wqe_req->inline_oob_size);
}
Reported by FlawFinder.
Line: 1031
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_to_end = (u32)(end_ptr - wqe_ptr);
if (size_to_end < sgl_size) {
memcpy(wqe_ptr, address, size_to_end);
wqe_ptr = base_ptr;
address += size_to_end;
sgl_size -= size_to_end;
}
Reported by FlawFinder.
Line: 1038
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sgl_size -= size_to_end;
}
memcpy(wqe_ptr, address, sgl_size);
}
int mana_gd_post_work_request(struct gdma_queue *wq,
const struct gdma_wqe_request *wqe_req,
struct gdma_posted_wqe_info *wqe_info)
Reported by FlawFinder.
Line: 1136
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
comp->wq_num = cqe->cqe_info.wq_num;
comp->is_sq = cqe->cqe_info.is_sq;
memcpy(comp->cqe_data, cqe->cqe_data, GDMA_COMP_DATA_SIZE);
return 1;
}
int mana_gd_poll_cq(struct gdma_queue *cq, struct gdma_comp *comp, int num_cqe)
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/dvm/tt.c
5 issues
Line: 630
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
transaction = tt->transaction +
(IWL_TI_0 * (IWL_TI_STATE_MAX - 1));
memcpy(transaction, &tt_range_0[0], size);
transaction = tt->transaction +
(IWL_TI_1 * (IWL_TI_STATE_MAX - 1));
memcpy(transaction, &tt_range_1[0], size);
transaction = tt->transaction +
(IWL_TI_2 * (IWL_TI_STATE_MAX - 1));
Reported by FlawFinder.
Line: 633
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(transaction, &tt_range_0[0], size);
transaction = tt->transaction +
(IWL_TI_1 * (IWL_TI_STATE_MAX - 1));
memcpy(transaction, &tt_range_1[0], size);
transaction = tt->transaction +
(IWL_TI_2 * (IWL_TI_STATE_MAX - 1));
memcpy(transaction, &tt_range_2[0], size);
transaction = tt->transaction +
(IWL_TI_CT_KILL * (IWL_TI_STATE_MAX - 1));
Reported by FlawFinder.
Line: 636
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(transaction, &tt_range_1[0], size);
transaction = tt->transaction +
(IWL_TI_2 * (IWL_TI_STATE_MAX - 1));
memcpy(transaction, &tt_range_2[0], size);
transaction = tt->transaction +
(IWL_TI_CT_KILL * (IWL_TI_STATE_MAX - 1));
memcpy(transaction, &tt_range_3[0], size);
size = sizeof(struct iwl_tt_restriction) *
IWL_TI_STATE_MAX;
Reported by FlawFinder.
Line: 639
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(transaction, &tt_range_2[0], size);
transaction = tt->transaction +
(IWL_TI_CT_KILL * (IWL_TI_STATE_MAX - 1));
memcpy(transaction, &tt_range_3[0], size);
size = sizeof(struct iwl_tt_restriction) *
IWL_TI_STATE_MAX;
memcpy(tt->restriction,
&restriction_range[0], size);
priv->thermal_throttle.advanced_tt = true;
Reported by FlawFinder.
Line: 642
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(transaction, &tt_range_3[0], size);
size = sizeof(struct iwl_tt_restriction) *
IWL_TI_STATE_MAX;
memcpy(tt->restriction,
&restriction_range[0], size);
priv->thermal_throttle.advanced_tt = true;
}
} else {
IWL_DEBUG_TEMP(priv, "Legacy Thermal Throttling\n");
Reported by FlawFinder.