The following issues were found
drivers/net/ethernet/intel/ixgbe/ixgbe_debugfs.c
4 issues
Line: 11
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct dentry *ixgbe_dbg_root;
static char ixgbe_dbg_reg_ops_buf[256] = "";
static ssize_t ixgbe_dbg_common_ops_read(struct file *filp, char __user *buffer,
size_t count, loff_t *ppos,
char *dbg_buf)
{
Reported by FlawFinder.
Line: 122
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.write = ixgbe_dbg_reg_ops_write,
};
static char ixgbe_dbg_netdev_ops_buf[256] = "";
/**
* ixgbe_dbg_netdev_ops_read - read for netdev_ops datum
* @filp: the opened file
* @buffer: where to write the data for the user to read
Reported by FlawFinder.
Line: 30
Column: 14
CWE codes:
126
if (!buf)
return -ENOMEM;
if (count < strlen(buf)) {
kfree(buf);
return -ENOSPC;
}
len = simple_read_from_buffer(buffer, count, ppos, buf, strlen(buf));
Reported by FlawFinder.
Line: 35
Column: 58
CWE codes:
126
return -ENOSPC;
}
len = simple_read_from_buffer(buffer, count, ppos, buf, strlen(buf));
kfree(buf);
return len;
}
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.h
4 issues
Line: 187
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint max_segment_size;
uint txglomsz;
struct sg_table sgtable;
char fw_name[BRCMF_FW_NAME_LEN];
char nvram_name[BRCMF_FW_NAME_LEN];
bool wowl_enabled;
enum brcmf_sdiod_state state;
struct brcmf_sdiod_freezer *freezer;
};
Reported by FlawFinder.
Line: 188
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint txglomsz;
struct sg_table sgtable;
char fw_name[BRCMF_FW_NAME_LEN];
char nvram_name[BRCMF_FW_NAME_LEN];
bool wowl_enabled;
enum brcmf_sdiod_state state;
struct brcmf_sdiod_freezer *freezer;
};
Reported by FlawFinder.
Line: 258
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 PAD[128]; /* DMA engines */
/* SDIO/PCMCIA CIS region */
char cis[512]; /* 0x400-0x5ff, rev6 */
/* PCMCIA function control registers */
char pcmciafcr[256]; /* 0x600-6ff, rev6 */
u16 PAD[55];
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char cis[512]; /* 0x400-0x5ff, rev6 */
/* PCMCIA function control registers */
char pcmciafcr[256]; /* 0x600-6ff, rev6 */
u16 PAD[55];
/* PCMCIA backplane access */
u16 backplanecsr; /* 0x76E, rev6 */
u16 backplaneaddr0; /* rev6 */
Reported by FlawFinder.
drivers/net/usb/asix_devices.c
4 issues
Line: 692
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
priv->phy_addr = ret;
snprintf(priv->phy_name, sizeof(priv->phy_name), PHY_ID_FMT,
priv->mdio->id, priv->phy_addr);
priv->phydev = phy_connect(dev->net, priv->phy_name, &asix_adjust_link,
PHY_INTERFACE_MODE_INTERNAL);
if (IS_ERR(priv->phydev)) {
Reported by FlawFinder.
Line: 62
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void asix_set_netdev_dev_addr(struct usbnet *dev, u8 *addr)
{
if (is_valid_ether_addr(addr)) {
memcpy(dev->net->dev_addr, addr, ETH_ALEN);
} else {
netdev_info(dev->net, "invalid hw address, using random\n");
eth_hw_addr_random(dev->net);
}
}
Reported by FlawFinder.
Line: 548
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Rewrite MAC address */
memcpy(data->mac_addr, dev->net->dev_addr, ETH_ALEN);
ret = asix_write_cmd(dev, AX_CMD_WRITE_NODE_ID, 0, 0, ETH_ALEN,
data->mac_addr, in_pm);
if (ret < 0)
goto out;
Reported by FlawFinder.
Line: 987
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mii_nway_restart(&dev->mii);
/* Rewrite MAC address */
memcpy(data->mac_addr, dev->net->dev_addr, ETH_ALEN);
ret = asix_write_cmd(dev, AX_CMD_WRITE_NODE_ID, 0, 0, ETH_ALEN,
data->mac_addr, 0);
if (ret < 0)
return ret;
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/htc_drv_txrx.c
4 issues
Line: 256
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mgmt_hdr.keyix = tx_info->control.hw_key->hw_key_idx;
tx_fhdr = skb_push(skb, sizeof(mgmt_hdr));
memcpy(tx_fhdr, (u8 *) &mgmt_hdr, sizeof(mgmt_hdr));
tx_ctl->epid = priv->mgmt_ep;
}
static void ath9k_htc_tx_data(struct ath9k_htc_priv *priv,
struct ieee80211_vif *vif,
Reported by FlawFinder.
Line: 328
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tx_hdr.keyix = tx_info->control.hw_key->hw_key_idx;
tx_fhdr = skb_push(skb, sizeof(tx_hdr));
memcpy(tx_fhdr, (u8 *) &tx_hdr, sizeof(tx_hdr));
if (is_cab) {
CAB_STAT_INC;
tx_ctl->epid = priv->cab_ep;
return;
Reported by FlawFinder.
Line: 671
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!tx_pend)
continue;
memcpy(&tx_pend->txs, __txs,
sizeof(struct __wmi_event_txstatus));
spin_lock(&priv->wmi->event_lock);
list_add_tail(&tx_pend->list,
&priv->wmi->pending_tx_events);
Reported by FlawFinder.
Line: 1101
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto requeue;
}
memcpy(IEEE80211_SKB_RXCB(rxbuf->skb), &rx_status,
sizeof(struct ieee80211_rx_status));
skb = rxbuf->skb;
hdr = (struct ieee80211_hdr *) skb->data;
if (ieee80211_is_beacon(hdr->frame_control) && priv->ps_enabled)
Reported by FlawFinder.
drivers/net/usb/asix_common.c
4 issues
Line: 689
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(data, (u8 *)eeprom_buff + (eeprom->offset & 1), eeprom->len);
kfree(eeprom_buff);
return 0;
}
int asix_set_eeprom(struct net_device *net, struct ethtool_eeprom *eeprom,
Reported by FlawFinder.
Line: 740
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy((u8 *)eeprom_buff + (eeprom->offset & 1), data, eeprom->len);
/* write data to EEPROM */
ret = asix_write_cmd(dev, AX_CMD_WRITE_ENABLE, 0x0000, 0, 0, NULL, 0);
if (ret < 0) {
netdev_err(net, "Failed to enable EEPROM write\n");
Reported by FlawFinder.
Line: 794
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(net->dev_addr, addr->sa_data, ETH_ALEN);
/* We use the 20 byte dev->data
* for our 6 byte mac buffer
* to avoid allocating memory that
* is tricky to free later */
Reported by FlawFinder.
Line: 800
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* for our 6 byte mac buffer
* to avoid allocating memory that
* is tricky to free later */
memcpy(data->mac_addr, addr->sa_data, ETH_ALEN);
asix_write_cmd_async(dev, AX_CMD_WRITE_NODE_ID, 0, 0, ETH_ALEN,
data->mac_addr);
return 0;
}
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/ar9003_wow.c
4 issues
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 i;
u32 wow_ka_data_word0;
memcpy(sta_mac_addr, common->macaddr, ETH_ALEN);
memcpy(ap_mac_addr, common->curbssid, ETH_ALEN);
/* set the transmit buffer */
ctl[0] = (KAL_FRAME_LEN | (MAX_RATE_POWER << 16));
ctl[1] = 0;
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 wow_ka_data_word0;
memcpy(sta_mac_addr, common->macaddr, ETH_ALEN);
memcpy(ap_mac_addr, common->curbssid, ETH_ALEN);
/* set the transmit buffer */
ctl[0] = (KAL_FRAME_LEN | (MAX_RATE_POWER << 16));
ctl[1] = 0;
ctl[4] = 0;
Reported by FlawFinder.
Line: 138
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
REG_SET_BIT(ah, AR_MAC_PCU_WOW4, BIT(pattern_count - 8));
for (i = 0; i < MAX_PATTERN_SIZE; i += 4) {
memcpy(&pattern_val, user_pattern, 4);
REG_WRITE(ah, (AR_WOW_TB_PATTERN(pattern_count) + i),
pattern_val);
user_pattern += 4;
}
Reported by FlawFinder.
Line: 145
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (i = 0; i < MAX_PATTERN_MASK_SIZE; i += 4) {
memcpy(&mask_val, user_mask, 4);
REG_WRITE(ah, (AR_WOW_TB_MASK(pattern_count) + i), mask_val);
user_mask += 4;
}
if (pattern_count < MAX_NUM_PATTERN_LEGACY)
Reported by FlawFinder.
drivers/net/ethernet/qlogic/netxen/netxen_nic_ethtool.c
4 issues
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "netxen_nic_hw.h"
struct netxen_nic_stats {
char stat_string[ETH_GSTRING_LEN];
int sizeof_stat;
int stat_offset;
};
#define NETXEN_NIC_STAT(m) sizeof(((struct netxen_adapter *)0)->m), \
Reported by FlawFinder.
Line: 651
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_TEST:
memcpy(data, *netxen_nic_gstrings_test,
NETXEN_NIC_TEST_LEN * ETH_GSTRING_LEN);
break;
case ETH_SS_STATS:
for (index = 0; index < NETXEN_NIC_STATS_LEN; index++) {
memcpy(data + index * ETH_GSTRING_LEN,
Reported by FlawFinder.
Line: 656
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case ETH_SS_STATS:
for (index = 0; index < NETXEN_NIC_STATS_LEN; index++) {
memcpy(data + index * ETH_GSTRING_LEN,
netxen_nic_gstrings_stats[index].stat_string,
ETH_GSTRING_LEN);
}
break;
}
Reported by FlawFinder.
Line: 897
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*data++ = cpu_to_le32(*hdr_ptr++);
/* Copy captured dump data */
memcpy(buffer + copy_sz,
mdump->md_capture_buff + mdump->md_template_size,
mdump->md_capture_size);
dump->len = copy_sz + mdump->md_capture_size;
dump->flag = mdump->md_capture_mask;
Reported by FlawFinder.
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
4 issues
Line: 3491
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case VIRTCHNL_TCP_V4_FLOW:
cfilter.n_proto = ETH_P_IP;
if (mask.dst_ip[0] & tcf.dst_ip[0])
memcpy(&cfilter.ip.v4.dst_ip, tcf.dst_ip,
ARRAY_SIZE(tcf.dst_ip));
else if (mask.src_ip[0] & tcf.dst_ip[0])
memcpy(&cfilter.ip.v4.src_ip, tcf.src_ip,
ARRAY_SIZE(tcf.dst_ip));
break;
Reported by FlawFinder.
Line: 3494
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&cfilter.ip.v4.dst_ip, tcf.dst_ip,
ARRAY_SIZE(tcf.dst_ip));
else if (mask.src_ip[0] & tcf.dst_ip[0])
memcpy(&cfilter.ip.v4.src_ip, tcf.src_ip,
ARRAY_SIZE(tcf.dst_ip));
break;
case VIRTCHNL_TCP_V6_FLOW:
cfilter.n_proto = ETH_P_IPV6;
if (mask.dst_ip[3] & tcf.dst_ip[3])
Reported by FlawFinder.
Line: 3625
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case VIRTCHNL_TCP_V4_FLOW:
cfilter->n_proto = ETH_P_IP;
if (mask.dst_ip[0] & tcf.dst_ip[0])
memcpy(&cfilter->ip.v4.dst_ip, tcf.dst_ip,
ARRAY_SIZE(tcf.dst_ip));
else if (mask.src_ip[0] & tcf.dst_ip[0])
memcpy(&cfilter->ip.v4.src_ip, tcf.src_ip,
ARRAY_SIZE(tcf.dst_ip));
break;
Reported by FlawFinder.
Line: 3628
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&cfilter->ip.v4.dst_ip, tcf.dst_ip,
ARRAY_SIZE(tcf.dst_ip));
else if (mask.src_ip[0] & tcf.dst_ip[0])
memcpy(&cfilter->ip.v4.src_ip, tcf.src_ip,
ARRAY_SIZE(tcf.dst_ip));
break;
case VIRTCHNL_TCP_V6_FLOW:
cfilter->n_proto = ETH_P_IPV6;
if (mask.dst_ip[3] & tcf.dst_ip[3])
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_hw.c
4 issues
Line: 824
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (fmt) {
va_start(vl, fmt);
len = vsnprintf(buf, QED_HW_ERR_MAX_STR_SIZE, fmt, vl);
va_end(vl);
if (len > QED_HW_ERR_MAX_STR_SIZE - 1)
len = QED_HW_ERR_MAX_STR_SIZE - 1;
Reported by FlawFinder.
Line: 624
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case QED_DMAE_ADDRESS_HOST_VIRT:
cmd->src_addr_hi = cpu_to_le32(upper_32_bits(phys));
cmd->src_addr_lo = cpu_to_le32(lower_32_bits(phys));
memcpy(&p_hwfn->dmae_info.p_intermediate_buffer[0],
(void *)(uintptr_t)src_addr,
length_dw * sizeof(u32));
break;
default:
return -EINVAL;
Reported by FlawFinder.
Line: 661
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (dst_type == QED_DMAE_ADDRESS_HOST_VIRT)
memcpy((void *)(uintptr_t)(dst_addr),
&p_hwfn->dmae_info.p_intermediate_buffer[0],
length_dw * sizeof(u32));
return 0;
}
Reported by FlawFinder.
Line: 818
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void qed_hw_err_notify(struct qed_hwfn *p_hwfn, struct qed_ptt *p_ptt,
enum qed_hw_err_type err_type, const char *fmt, ...)
{
char buf[QED_HW_ERR_MAX_STR_SIZE];
va_list vl;
int len;
if (fmt) {
va_start(vl, fmt);
Reported by FlawFinder.
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c
4 issues
Line: 801
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (features & BIT_ULL((field))) { \
npc_update_entry(rvu, (field), entry, (val_lo), (val_hi), \
(mask_lo), (mask_hi), intf); \
memcpy(&opkt->member, &pkt->member, sizeof(pkt->member)); \
memcpy(&omask->member, &mask->member, sizeof(mask->member)); \
} \
} while (0)
NPC_WRITE_FLOW(NPC_DMAC, dmac, dmac_val, 0, dmac_mask, 0);
Reported by FlawFinder.
Line: 802
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
npc_update_entry(rvu, (field), entry, (val_lo), (val_hi), \
(mask_lo), (mask_hi), intf); \
memcpy(&opkt->member, &pkt->member, sizeof(pkt->member)); \
memcpy(&omask->member, &mask->member, sizeof(mask->member)); \
} \
} while (0)
NPC_WRITE_FLOW(NPC_DMAC, dmac, dmac_val, 0, dmac_mask, 0);
NPC_WRITE_FLOW(NPC_SMAC, smac, smac_val, 0, smac_mask, 0);
Reported by FlawFinder.
Line: 1090
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&rule->packet, &dummy.packet, sizeof(rule->packet));
memcpy(&rule->mask, &dummy.mask, sizeof(rule->mask));
rule->entry = entry_index;
memcpy(&rule->rx_action, &entry->action, sizeof(struct nix_rx_action));
if (is_npc_intf_tx(req->intf))
memcpy(&rule->tx_action, &entry->action,
sizeof(struct nix_tx_action));
rule->vtag_action = entry->vtag_action;
rule->features = installed_features;
Reported by FlawFinder.
Line: 1092
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rule->entry = entry_index;
memcpy(&rule->rx_action, &entry->action, sizeof(struct nix_rx_action));
if (is_npc_intf_tx(req->intf))
memcpy(&rule->tx_action, &entry->action,
sizeof(struct nix_tx_action));
rule->vtag_action = entry->vtag_action;
rule->features = installed_features;
rule->default_rule = req->default_rule;
rule->owner = owner;
Reported by FlawFinder.