The following issues were found
drivers/net/ethernet/huawei/hinic/hinic_hw_cmdq.c
5 issues
Line: 179
CWE codes:
476
{
struct hinic_sge_resp *sge_resp = &completion->sge_resp;
hinic_set_sge(&sge_resp->sge, buf_out->dma_addr, buf_out->size);
}
static void cmdq_prepare_wqe_ctrl(struct hinic_cmdq_wqe *wqe, int wrapped,
enum hinic_cmd_ack_type ack_type,
enum hinic_mod_type mod, u8 cmd, u16 prod_idx,
Reported by Cppcheck.
Line: 214
CWE codes:
908
HINIC_CMDQ_CTRL_SET(mod, MOD) |
HINIC_CMDQ_CTRL_SET(ack_type, ACK_TYPE);
CMDQ_WQE_HEADER(wqe)->header_info =
HINIC_CMDQ_WQE_HEADER_SET(buf_len, BUFDESC_LEN) |
HINIC_CMDQ_WQE_HEADER_SET(complete_format, COMPLETE_FMT) |
HINIC_CMDQ_WQE_HEADER_SET(data_format, DATA_FMT) |
HINIC_CMDQ_WQE_HEADER_SET(CEQ_SET, COMPLETE_REQ) |
HINIC_CMDQ_WQE_HEADER_SET(COMPLETE_LEN, COMPLETE_SECT_LEN) |
Reported by Cppcheck.
Line: 223
CWE codes:
908
HINIC_CMDQ_WQE_HEADER_SET(ctrl_len, CTRL_LEN) |
HINIC_CMDQ_WQE_HEADER_SET(wrapped, TOGGLED_WRAPPED);
saved_data = CMDQ_WQE_HEADER(wqe)->saved_data;
saved_data = HINIC_SAVED_DATA_CLEAR(saved_data, ARM);
if (cmd == CMDQ_SET_ARM_CMD && mod == HINIC_MOD_COMM)
CMDQ_WQE_HEADER(wqe)->saved_data |=
HINIC_SAVED_DATA_SET(1, ARM);
Reported by Cppcheck.
Line: 245
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct hinic_cmdq_wqe_scmd *wqe_scmd = &wqe->wqe_scmd;
wqe_scmd->buf_desc.buf_len = in_size;
memcpy(wqe_scmd->buf_desc.data, buf_in, in_size);
}
static void cmdq_set_lcmd_wqe(struct hinic_cmdq_wqe *wqe,
enum cmdq_cmd_type cmd_type,
struct hinic_cmdq_buf *buf_in,
Reported by FlawFinder.
Line: 308
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void cmdq_wqe_fill(void *dst, void *src)
{
memcpy(dst + FIRST_DATA_TO_WRITE_LAST, src + FIRST_DATA_TO_WRITE_LAST,
CMDQ_WQE_SIZE - FIRST_DATA_TO_WRITE_LAST);
wmb(); /* The first 8 bytes should be written last */
*(u64 *)dst = *(u64 *)src;
Reported by FlawFinder.
drivers/net/ethernet/i825xx/sun3_82586.h
5 issues
Line: 136
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char last; /* Bit15,Last Frame on List / Bit14,suspend */
unsigned short next; /* linkoffset to next RFD */
unsigned short rbd_offset; /* pointeroffset to RBD-buffer */
unsigned char dest[ETH_ALEN]; /* ethernet-address, destination */
unsigned char source[ETH_ALEN]; /* ethernet-address, source */
unsigned short length; /* 802.3 frame-length */
unsigned short zero_dummy; /* dummy */
};
Reported by FlawFinder.
Line: 137
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short next; /* linkoffset to next RFD */
unsigned short rbd_offset; /* pointeroffset to RBD-buffer */
unsigned char dest[ETH_ALEN]; /* ethernet-address, destination */
unsigned char source[ETH_ALEN]; /* ethernet-address, source */
unsigned short length; /* 802.3 frame-length */
unsigned short zero_dummy; /* dummy */
};
#define RFD_LAST 0x80 /* last: last rfd in the list */
Reported by FlawFinder.
Line: 219
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short cmd_status;
unsigned short cmd_cmd;
unsigned short cmd_link;
unsigned char iaddr[6];
};
/*
* Configure command
*/
Reported by FlawFinder.
Line: 253
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short cmd_cmd;
unsigned short cmd_link;
unsigned short mc_cnt; /* number of bytes in the MC-List */
unsigned char mc_list[0][6]; /* pointer to 6 bytes entries */
};
/*
* DUMP command
*/
Reported by FlawFinder.
Line: 276
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short cmd_cmd;
unsigned short cmd_link;
unsigned short tbd_offset; /* pointeroffset to TBD */
unsigned char dest[6]; /* destination address of the frame */
unsigned short length; /* user defined: 802.3 length / Ether type */
};
#define TCMD_ERRMASK 0x0fa0
#define TCMD_MAXCOLLMASK 0x000f
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
5 issues
Line: 377
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @traffic_lastreported_bmp: traffic last reported bitmap.
*/
struct brcmf_fws_mac_descriptor {
char name[16];
u8 occupied;
u8 mac_handle;
u8 interface_id;
u8 state;
bool suppressed;
Reported by FlawFinder.
Line: 713
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc->interface_id = ifidx;
desc->ac_bitmap = 0xff; /* update this when handling APSD */
if (addr)
memcpy(&desc->ea[0], addr, ETH_ALEN);
}
static
void brcmf_fws_macdesc_deinit(struct brcmf_fws_mac_descriptor *desc)
{
Reported by FlawFinder.
Line: 884
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wlh[0] = BRCMF_FWS_TYPE_PKTTAG;
wlh[1] = BRCMF_FWS_TYPE_PKTTAG_LEN;
memcpy(&wlh[2], &pkttag, sizeof(pkttag));
if (BRCMF_FWS_MODE_GET_REUSESEQ(fws->mode)) {
wlh[1] += BRCMF_FWS_TYPE_SEQ_LEN;
memcpy(&wlh[2 + BRCMF_FWS_TYPE_PKTTAG_LEN], &pktseq,
sizeof(pktseq));
}
Reported by FlawFinder.
Line: 887
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&wlh[2], &pkttag, sizeof(pkttag));
if (BRCMF_FWS_MODE_GET_REUSESEQ(fws->mode)) {
wlh[1] += BRCMF_FWS_TYPE_SEQ_LEN;
memcpy(&wlh[2 + BRCMF_FWS_TYPE_PKTTAG_LEN], &pktseq,
sizeof(pktseq));
}
wlh += wlh[1] + 2;
if (entry->send_tim_signal) {
Reported by FlawFinder.
Line: 1029
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (entry != existing) {
brcmf_dbg(TRACE, "copy mac %s\n", existing->name);
brcmf_fws_lock(fws);
memcpy(entry, existing,
offsetof(struct brcmf_fws_mac_descriptor, psq));
entry->mac_handle = mac_handle;
brcmf_fws_macdesc_deinit(existing);
brcmf_fws_macdesc_set_name(fws, entry);
brcmf_fws_unlock(fws);
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c
5 issues
Line: 949
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -EINVAL;
if (!nfp_nsp_has_hwinfo_lookup(state)) {
strcpy(buf, default_val);
return 0;
}
size = min_t(u32, size, NFP_HWINFO_LOOKUP_SIZE);
Reported by FlawFinder.
Line: 958
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
err = __nfp_nsp_hwinfo_lookup(state, buf, size, true);
if (err) {
if (err == -ENOENT) {
strcpy(buf, default_val);
return 0;
}
nfp_err(state->cpp, "NSP HWinfo lookup failed: %d\n", err);
return err;
Reported by FlawFinder.
Line: 535
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
coff = 0;
if (arg->in_size > off) {
coff = min_t(u64, arg->in_size - off, chunk_size);
memcpy(chunks[i].chunk, arg->in_buf + off, coff);
}
memset(chunks[i].chunk + coff, 0, chunk_size - coff);
off += chunks[i].len;
}
Reported by FlawFinder.
Line: 595
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int len;
len = min_t(u64, chunks[i].len, arg->out_size - off);
memcpy(arg->out_buf + off, chunks[i].chunk, len);
off += len;
i++;
}
exit_unmap_desc:
Reported by FlawFinder.
Line: 1095
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*read_len = min_t(unsigned int, len, le16_to_cpu(buf->readlen));
if (*read_len)
memcpy(data, buf->data, *read_len);
if (!ret && *read_len < len)
ret = -EIO;
kfree(buf);
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_rdma.c
5 issues
Line: 354
Column: 12
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if ((bmap->max_count % (64 * 8)) &&
(bitmap_weight((unsigned long *)&pmap[item],
bmap->max_count - item * 64))) {
offset = sprintf(str_last_line, "line 0x%04x: ", line);
for (; item < last_item; item++)
offset += sprintf(str_last_line + offset,
"0x%016llx ", pmap[item]);
DP_NOTICE(p_hwfn, "%s\n", str_last_line);
}
Reported by FlawFinder.
Line: 356
Column: 14
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
bmap->max_count - item * 64))) {
offset = sprintf(str_last_line, "line 0x%04x: ", line);
for (; item < last_item; item++)
offset += sprintf(str_last_line + offset,
"0x%016llx ", pmap[item]);
DP_NOTICE(p_hwfn, "%s\n", str_last_line);
}
end:
Reported by FlawFinder.
Line: 1421
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qp->vlan_id = params->vlan_id;
qp->mtu = params->mtu;
qp->lb_indication = params->lb_indication;
memcpy((u8 *)&qp->remote_mac_addr[0],
(u8 *)¶ms->remote_mac_addr[0], ETH_ALEN);
if (params->use_local_mac) {
memcpy((u8 *)&qp->local_mac_addr[0],
(u8 *)¶ms->local_mac_addr[0], ETH_ALEN);
} else {
Reported by FlawFinder.
Line: 1424
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy((u8 *)&qp->remote_mac_addr[0],
(u8 *)¶ms->remote_mac_addr[0], ETH_ALEN);
if (params->use_local_mac) {
memcpy((u8 *)&qp->local_mac_addr[0],
(u8 *)¶ms->local_mac_addr[0], ETH_ALEN);
} else {
memcpy((u8 *)&qp->local_mac_addr[0],
(u8 *)&p_hwfn->hw_info.hw_mac_addr, ETH_ALEN);
}
Reported by FlawFinder.
Line: 1427
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy((u8 *)&qp->local_mac_addr[0],
(u8 *)¶ms->local_mac_addr[0], ETH_ALEN);
} else {
memcpy((u8 *)&qp->local_mac_addr[0],
(u8 *)&p_hwfn->hw_info.hw_mac_addr, ETH_ALEN);
}
}
if (GET_FIELD(params->modify_flags, QED_ROCE_MODIFY_QP_VALID_RQ_PSN))
qp->rq_psn = params->rq_psn;
Reported by FlawFinder.
drivers/net/phy/mdio_bus.c
5 issues
Line: 233
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = mdio_bus_get_stat(&bus->stats[sattr->addr],
sattr->field_offset);
return sprintf(buf, "%llu\n", val);
}
static ssize_t mdio_bus_device_stat_field_show(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 252
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
val = mdio_bus_get_stat(&bus->stats[addr], sattr->field_offset);
return sprintf(buf, "%llu\n", val);
}
#define MDIO_BUS_STATS_ATTR_DECL(field, file) \
static struct dev_ext_attribute dev_attr_mdio_bus_##field = { \
.attr = { .attr = { .name = file, .mode = 0444 }, \
Reported by FlawFinder.
Line: 492
Column: 2
CWE codes:
120
if (IS_ERR(mdiodev))
return -ENODEV;
strncpy(mdiodev->modalias, bi->modalias,
sizeof(mdiodev->modalias));
mdiodev->bus_match = mdio_device_bus_match;
mdiodev->dev.platform_data = (void *)bi->platform_data;
ret = mdio_device_register(mdiodev);
Reported by FlawFinder.
Line: 525
Column: 19
CWE codes:
120
20
struct gpio_desc *gpiod;
if (NULL == bus || NULL == bus->name ||
NULL == bus->read || NULL == bus->write)
return -EINVAL;
BUG_ON(bus->state != MDIOBUS_ALLOCATED &&
bus->state != MDIOBUS_UNREGISTERED);
Reported by FlawFinder.
Line: 744
Column: 16
CWE codes:
120
20
lockdep_assert_held_once(&bus->mdio_lock);
retval = bus->read(bus, addr, regnum);
trace_mdio_access(bus, 1, addr, regnum, retval, retval);
mdiobus_stats_acct(&bus->stats[addr], true, retval);
return retval;
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_sriov.c
5 issues
Line: 1624
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qed_iov_vf_mbx_acquire_stats(p_hwfn, &pfdev_info->stats_info);
memcpy(pfdev_info->port_mac, p_hwfn->hw_info.hw_mac_addr, ETH_ALEN);
pfdev_info->fw_major = FW_MAJOR_VERSION;
pfdev_info->fw_minor = FW_MINOR_VERSION;
pfdev_info->fw_rev = FW_REVISION_VERSION;
pfdev_info->fw_eng = FW_ENGINEERING_VERSION;
Reported by FlawFinder.
Line: 2817
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
p_data->update_approx_mcast_flg = 1;
memcpy(p_data->bins, p_mcast_tlv->bins,
sizeof(u32) * ETH_MULTICAST_MAC_BINS_IN_REGS);
*tlvs_mask |= 1 << QED_IOV_VP_UPDATE_MCAST;
}
static void
Reported by FlawFinder.
Line: 3275
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
params.is_tx_filter = 1;
params.vport_to_remove_from = vf->vport_id;
params.vport_to_add_to = vf->vport_id;
memcpy(params.mac, req->mac, ETH_ALEN);
params.vlan = req->vlan;
DP_VERBOSE(p_hwfn,
QED_MSG_IOV,
"VF[%d]: opcode 0x%02x type 0x%02x [%s %s] [vport 0x%02x] MAC %pM, vlan 0x%04x\n",
Reported by FlawFinder.
Line: 4131
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
~BIT(VFPF_BULLETIN_MAC_ADDR);
}
memcpy(vf_info->bulletin.p_virt->mac, mac, ETH_ALEN);
vf_info->bulletin.p_virt->valid_bitmap |= feature;
qed_iov_configure_vport_forced(p_hwfn, vf_info, feature);
}
Reported by FlawFinder.
Line: 5206
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int qed_iov_wq_start(struct qed_dev *cdev)
{
char name[NAME_SIZE];
int i;
for_each_hwfn(cdev, i) {
struct qed_hwfn *p_hwfn = &cdev->hwfns[i];
Reported by FlawFinder.
drivers/net/netdevsim/ipsec.c
5 issues
Line: 49
Column: 46
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
p += scnprintf(p, bufsize - (p - buf),
"sa[%i] spi=0x%08x proto=0x%x salt=0x%08x crypt=%d\n",
i, be32_to_cpu(sap->xs->id.spi),
sap->xs->id.proto, sap->salt, sap->crypt);
p += scnprintf(p, bufsize - (p - buf),
"sa[%i] key=0x%08x %08x %08x %08x\n",
i, sap->key[0], sap->key[1],
sap->key[2], sap->key[3]);
}
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netdev_err(dev, "IPsec hw offload only supports 128 bit keys with optional 32 bit salt\n");
return -EINVAL;
}
memcpy(mykey, key_data, 16);
return 0;
}
static int nsim_ipsec_add_sa(struct xfrm_state *xs)
Reported by FlawFinder.
Line: 178
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sa.rx = true;
if (xs->props.family == AF_INET6)
memcpy(sa.ipaddr, &xs->id.daddr.a6, 16);
else
memcpy(&sa.ipaddr[3], &xs->id.daddr.a4, 4);
}
/* the preparations worked, so save the info */
Reported by FlawFinder.
Line: 180
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (xs->props.family == AF_INET6)
memcpy(sa.ipaddr, &xs->id.daddr.a6, 16);
else
memcpy(&sa.ipaddr[3], &xs->id.daddr.a4, 4);
}
/* the preparations worked, so save the info */
memcpy(&ipsec->sa[sa_idx], &sa, sizeof(sa));
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* the preparations worked, so save the info */
memcpy(&ipsec->sa[sa_idx], &sa, sizeof(sa));
/* the XFRM stack doesn't like offload_handle == 0,
* so add a bitflag in case our array index is 0
*/
xs->xso.offload_handle = sa_idx | NSIM_IPSEC_VALID;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx4/en_tx.c
5 issues
Line: 695
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
skb_copy_from_linear_data(skb, inl + 1, hlen);
if (shinfo->nr_frags)
memcpy(((void *)(inl + 1)) + hlen, fragptr,
skb_frag_size(&shinfo->frags[0]));
} else {
inl->byte_count = cpu_to_be32(1 << 31 | spc);
if (hlen <= spc) {
Reported by FlawFinder.
Line: 703
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hlen <= spc) {
skb_copy_from_linear_data(skb, inl + 1, hlen);
if (hlen < spc) {
memcpy(((void *)(inl + 1)) + hlen,
fragptr, spc - hlen);
fragptr += spc - hlen;
}
inl = (void *) (inl + 1) + spc;
memcpy(((void *)(inl + 1)), fragptr, skb->len - spc);
Reported by FlawFinder.
Line: 708
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fragptr += spc - hlen;
}
inl = (void *) (inl + 1) + spc;
memcpy(((void *)(inl + 1)), fragptr, skb->len - spc);
} else {
skb_copy_from_linear_data(skb, inl + 1, spc);
inl = (void *) (inl + 1) + spc;
skb_copy_from_linear_data_offset(skb, spc, inl + 1,
hlen - spc);
Reported by FlawFinder.
Line: 715
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_copy_from_linear_data_offset(skb, spc, inl + 1,
hlen - spc);
if (shinfo->nr_frags)
memcpy(((void *)(inl + 1)) + hlen - spc,
fragptr,
skb_frag_size(&shinfo->frags[0]));
}
dma_wmb();
Reported by FlawFinder.
Line: 1018
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy headers;
* note that we already verified that it is linear */
memcpy(tx_desc->lso.header, skb->data, lso_header_size);
ring->tso_packets++;
i = shinfo->gso_segs;
tx_info->nr_bytes = skb->len + (i - 1) * lso_header_size;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/esw/devlink_port.c
5 issues
Line: 14
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
parent_id = mlx5_query_nic_system_image_guid(dev);
ppid->id_len = sizeof(parent_id);
memcpy(ppid->id, &parent_id, sizeof(parent_id));
}
static bool mlx5_esw_devlink_port_supported(struct mlx5_eswitch *esw, u16 vport_num)
{
return vport_num == MLX5_VPORT_UPLINK ||
Reported by FlawFinder.
Line: 47
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (vport_num == MLX5_VPORT_UPLINK) {
attrs.flavour = DEVLINK_PORT_FLAVOUR_PHYSICAL;
attrs.phys.port_number = pfnum;
memcpy(attrs.switch_id.id, ppid.id, ppid.id_len);
attrs.switch_id.id_len = ppid.id_len;
devlink_port_attrs_set(dl_port, &attrs);
} else if (vport_num == MLX5_VPORT_PF) {
memcpy(dl_port->attrs.switch_id.id, ppid.id, ppid.id_len);
dl_port->attrs.switch_id.id_len = ppid.id_len;
Reported by FlawFinder.
Line: 51
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attrs.switch_id.id_len = ppid.id_len;
devlink_port_attrs_set(dl_port, &attrs);
} else if (vport_num == MLX5_VPORT_PF) {
memcpy(dl_port->attrs.switch_id.id, ppid.id, ppid.id_len);
dl_port->attrs.switch_id.id_len = ppid.id_len;
devlink_port_attrs_pci_pf_set(dl_port, controller_num, pfnum, external);
} else if (mlx5_eswitch_is_vf_vport(esw, vport_num)) {
memcpy(dl_port->attrs.switch_id.id, ppid.id, ppid.id_len);
dl_port->attrs.switch_id.id_len = ppid.id_len;
Reported by FlawFinder.
Line: 55
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dl_port->attrs.switch_id.id_len = ppid.id_len;
devlink_port_attrs_pci_pf_set(dl_port, controller_num, pfnum, external);
} else if (mlx5_eswitch_is_vf_vport(esw, vport_num)) {
memcpy(dl_port->attrs.switch_id.id, ppid.id, ppid.id_len);
dl_port->attrs.switch_id.id_len = ppid.id_len;
devlink_port_attrs_pci_vf_set(dl_port, controller_num, pfnum,
vport_num - 1, external);
}
return dl_port;
Reported by FlawFinder.
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pfnum = PCI_FUNC(dev->pdev->devfn);
mlx5_esw_get_port_parent_id(dev, &ppid);
memcpy(dl_port->attrs.switch_id.id, &ppid.id[0], ppid.id_len);
dl_port->attrs.switch_id.id_len = ppid.id_len;
devlink_port_attrs_pci_sf_set(dl_port, controller, pfnum, sfnum, !!controller);
devlink = priv_to_devlink(dev);
dl_port_index = mlx5_esw_vport_to_devlink_port_index(dev, vport_num);
err = devlink_port_register(devlink, dl_port, dl_port_index);
Reported by FlawFinder.