The following issues were found
drivers/net/ethernet/qlogic/qede/qede_main.c
4 issues
Line: 753
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SET_NETDEV_DEV(ndev, &pdev->dev);
memset(&edev->stats, 0, sizeof(edev->stats));
memcpy(&edev->dev_info, info, sizeof(*info));
/* As ethtool doesn't have the ability to show WoL behavior as
* 'default', if device supports it declare it's enabled.
*/
if (edev->dev_info.common.wol_support)
Reported by FlawFinder.
Line: 1202
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
edev->cdev = cdev;
memset(&edev->stats, 0, sizeof(edev->stats));
memcpy(&edev->dev_info, &dev_info, sizeof(dev_info));
}
if (is_vf)
set_bit(QEDE_FLAGS_IS_VF, &edev->flags);
Reported by FlawFinder.
Line: 1109
Column: 37
CWE codes:
126
(p_dev_info->mfw_rev & QED_MFW_VERSION_0_MASK) >>
QED_MFW_VERSION_0_OFFSET);
left_size = QEDE_FW_VER_STR_SIZE - strlen(buf);
if (p_dev_info->mbi_version && left_size)
snprintf(buf + strlen(buf), left_size,
" [MBI %d.%d.%d]",
(p_dev_info->mbi_version & QED_MBI_VERSION_2_MASK) >>
QED_MBI_VERSION_2_OFFSET,
Reported by FlawFinder.
Line: 1111
Column: 18
CWE codes:
126
left_size = QEDE_FW_VER_STR_SIZE - strlen(buf);
if (p_dev_info->mbi_version && left_size)
snprintf(buf + strlen(buf), left_size,
" [MBI %d.%d.%d]",
(p_dev_info->mbi_version & QED_MBI_VERSION_2_MASK) >>
QED_MBI_VERSION_2_OFFSET,
(p_dev_info->mbi_version & QED_MBI_VERSION_1_MASK) >>
QED_MBI_VERSION_1_OFFSET,
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/dvm/calib.c
4 issues
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GFP_ATOMIC);
if (!res)
return -ENOMEM;
memcpy(&res->hdr, cmd, len);
res->cmd_len = len;
list_for_each_entry(tmp, &priv->calib_results, list) {
if (tmp->hdr.op_code == res->hdr.op_code) {
list_replace(&tmp->list, &res->list);
Reported by FlawFinder.
Line: 441
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy table for comparison next time */
memcpy(&(priv->sensitivity_tbl[0]), &(cmd.table[0]),
sizeof(u16)*HD_TABLE_SIZE);
return iwl_dvm_send_cmd(priv, &cmd_out);
}
Reported by FlawFinder.
Line: 527
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy table for comparison next time */
memcpy(&(priv->sensitivity_tbl[0]), &(cmd.enhance_table[0]),
sizeof(u16)*HD_TABLE_SIZE);
memcpy(&(priv->enhance_sensitivity_tbl[0]),
&(cmd.enhance_table[HD_INA_NON_SQUARE_DET_OFDM_INDEX]),
sizeof(u16)*ENHANCE_HD_TABLE_ENTRIES);
Reported by FlawFinder.
Line: 529
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy table for comparison next time */
memcpy(&(priv->sensitivity_tbl[0]), &(cmd.enhance_table[0]),
sizeof(u16)*HD_TABLE_SIZE);
memcpy(&(priv->enhance_sensitivity_tbl[0]),
&(cmd.enhance_table[HD_INA_NON_SQUARE_DET_OFDM_INDEX]),
sizeof(u16)*ENHANCE_HD_TABLE_ENTRIES);
return iwl_dvm_send_cmd(priv, &cmd_out);
}
Reported by FlawFinder.
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
4 issues
Line: 270
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
net_dev->vlan_features = net_dev->features;
if (is_valid_ether_addr(mac_addr)) {
memcpy(net_dev->perm_addr, mac_addr, net_dev->addr_len);
memcpy(net_dev->dev_addr, mac_addr, net_dev->addr_len);
} else {
eth_hw_addr_random(net_dev);
err = priv->mac_dev->change_addr(priv->mac_dev->fman_mac,
(enet_addr_t *)net_dev->dev_addr);
Reported by FlawFinder.
Line: 271
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (is_valid_ether_addr(mac_addr)) {
memcpy(net_dev->perm_addr, mac_addr, net_dev->addr_len);
memcpy(net_dev->dev_addr, mac_addr, net_dev->addr_len);
} else {
eth_hw_addr_random(net_dev);
err = priv->mac_dev->change_addr(priv->mac_dev->fman_mac,
(enet_addr_t *)net_dev->dev_addr);
if (err) {
Reported by FlawFinder.
Line: 444
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv = netdev_priv(net_dev);
memcpy(old_addr.sa_data, net_dev->dev_addr, ETH_ALEN);
err = eth_mac_addr(net_dev, addr);
if (err < 0) {
netif_err(priv, drv, net_dev, "eth_mac_addr() = %d\n", err);
return err;
Reported by FlawFinder.
Line: 2240
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the data to the new buffer at a properly aligned offset */
new_buff = page_address(p);
memcpy(new_buff + headroom, xdpf->data, xdpf->len);
/* Create an XDP frame around the new buffer in a similar fashion
* to xdp_convert_buff_to_frame.
*/
new_xdpf = new_buff;
Reported by FlawFinder.
drivers/net/ethernet/intel/ixgbe/ixgbe_sysfs.c
4 issues
Line: 23
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct hwmon_attr *ixgbe_attr = container_of(attr, struct hwmon_attr,
dev_attr);
return sprintf(buf, "loc%u\n",
ixgbe_attr->sensor->location);
}
static ssize_t ixgbe_hwmon_show_temp(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 43
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* display millidegree */
value *= 1000;
return sprintf(buf, "%u\n", value);
}
static ssize_t ixgbe_hwmon_show_cautionthresh(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 57
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* display millidegree */
value *= 1000;
return sprintf(buf, "%u\n", value);
}
static ssize_t ixgbe_hwmon_show_maxopthresh(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 71
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* display millidegree */
value *= 1000;
return sprintf(buf, "%u\n", value);
}
/**
* ixgbe_add_hwmon_attr - Create hwmon attr table for a hwmon sysfs file.
* @adapter: pointer to the adapter structure
Reported by FlawFinder.
drivers/net/wireless/ath/ath11k/qmi.c
4 issues
Line: 2098
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req->end = 1;
}
memcpy(req->data, temp, req->data_len);
ret = qmi_txn_init(&ab->qmi.handle, &txn,
qmi_wlanfw_bdf_download_resp_msg_v01_ei,
&resp);
if (ret < 0)
Reported by FlawFinder.
Line: 2145
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct m3_mem_region *m3_mem = &ab->qmi.m3_mem;
const struct firmware *fw;
char path[100];
int ret;
if (m3_mem->vaddr || m3_mem->size)
return 0;
Reported by FlawFinder.
Line: 2170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(m3_mem->vaddr, fw->data, fw->size);
m3_mem->size = fw->size;
release_firmware(fw);
return 0;
}
Reported by FlawFinder.
Line: 2350
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req->shadow_reg_v2_len = min_t(u32,
ab->qmi.ce_cfg.shadow_reg_v2_len,
QMI_WLANFW_MAX_NUM_SHADOW_REG_V2_V01);
memcpy(&req->shadow_reg_v2, ab->qmi.ce_cfg.shadow_reg_v2,
sizeof(u32) * req->shadow_reg_v2_len);
} else {
req->shadow_reg_v2_valid = 0;
}
Reported by FlawFinder.
drivers/net/ethernet/ti/davinci_cpdma.c
4 issues
Line: 131
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct cpdma_control_info {
u32 reg;
u32 shift, mask;
int access;
#define ACCESS_RO BIT(0)
#define ACCESS_WO BIT(1)
#define ACCESS_RW (ACCESS_RO | ACCESS_WO)
};
Reported by FlawFinder.
Line: 320
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (control < 0 || control >= ARRAY_SIZE(controls))
return -ENOENT;
if ((info->access & ACCESS_WO) != ACCESS_WO)
return -EPERM;
val = dma_reg_read(ctlr, info->reg);
val &= ~(info->mask << info->shift);
val |= (value & info->mask) << info->shift;
Reported by FlawFinder.
Line: 345
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (control < 0 || control >= ARRAY_SIZE(controls))
return -ENOENT;
if ((info->access & ACCESS_RO) != ACCESS_RO)
return -EPERM;
ret = (dma_reg_read(ctlr, info->reg) >> info->shift) & info->mask;
return ret;
}
Reported by FlawFinder.
Line: 975
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!chan)
return -EINVAL;
spin_lock_irqsave(&chan->lock, flags);
memcpy(stats, &chan->stats, sizeof(*stats));
spin_unlock_irqrestore(&chan->lock, flags);
return 0;
}
static void __cpdma_chan_submit(struct cpdma_chan *chan,
Reported by FlawFinder.
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c
4 issues
Line: 713
CWE codes:
908
*(u64 *)&action = npc_get_mcam_action(rvu, mcam,
blkaddr, ucast_idx);
if (action.op != NIX_RX_ACTIONOP_RSS) {
*(u64 *)&action = 0x00;
action.op = NIX_RX_ACTIONOP_UCAST;
}
/* RX_ACTION set to MCAST for CGX PF's */
Reported by Cppcheck.
Line: 879
CWE codes:
908
*(u64 *)&action = npc_get_mcam_action(rvu, mcam,
blkaddr, ucast_idx);
if (action.op != NIX_RX_ACTIONOP_RSS) {
*(u64 *)&action = 0x00;
action.op = NIX_RX_ACTIONOP_UCAST;
action.pf_func = pcifunc;
}
Reported by Cppcheck.
Line: 1666
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kpu_profile);
rvu->kpu_fwdata = kzalloc(fw->size, GFP_KERNEL);
if (rvu->kpu_fwdata) {
memcpy(rvu->kpu_fwdata, fw->data, fw->size);
rvu->kpu_fwdata_sz = fw->size;
}
release_firmware(fw);
retry_fwdb = true;
goto program_kpu;
Reported by FlawFinder.
Line: 3183
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GET_KEX_LDFLAGS(NIX_INTF_TX, ld, fl);
}
}
memcpy(rsp->mkex_pfl_name, rvu->mkex_pfl_name, MKEX_NAME_LEN);
return 0;
}
int rvu_mbox_handler_npc_read_base_steer_rule(struct rvu *rvu,
struct msg_req *req,
Reported by FlawFinder.
drivers/net/ieee802154/at86rf230.c
4 issues
Line: 1633
Column: 2
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
{
char debugfs_dir_name[DNAME_INLINE_LEN + 1] = "at86rf230-";
strncat(debugfs_dir_name, dev_name(&lp->spi->dev), DNAME_INLINE_LEN);
at86rf230_debugfs_root = debugfs_create_dir(debugfs_dir_name, NULL);
debugfs_create_file("trac_stats", 0444, at86rf230_debugfs_root, lp,
&at86rf230_stats_fops);
Reported by FlawFinder.
Line: 869
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0] = CMD_FB | CMD_WRITE;
buf[1] = skb->len + 2;
memcpy(buf + 2, skb->data, skb->len);
ctx->trx.len = skb->len + 2;
ctx->msg.complete = at86rf230_write_frame_complete;
rc = spi_async(lp->spi, &ctx->msg);
if (rc) {
ctx->trx.len = 2;
Reported by FlawFinder.
Line: 1132
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (changed & IEEE802154_AFILT_IEEEADDR_CHANGED) {
u8 i, addr[8];
memcpy(addr, &filt->ieee_addr, 8);
dev_vdbg(&lp->spi->dev, "%s called for IEEE addr\n", __func__);
for (i = 0; i < 8; i++)
__at86rf230_write(lp, RG_IEEE_ADDR_0 + i, addr[i]);
}
Reported by FlawFinder.
Line: 1631
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void at86rf230_debugfs_init(struct at86rf230_local *lp)
{
char debugfs_dir_name[DNAME_INLINE_LEN + 1] = "at86rf230-";
strncat(debugfs_dir_name, dev_name(&lp->spi->dev), DNAME_INLINE_LEN);
at86rf230_debugfs_root = debugfs_create_dir(debugfs_dir_name, NULL);
Reported by FlawFinder.
drivers/net/ethernet/intel/ice/ice_flex_type.h
4 issues
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le32 seg_type;
struct ice_pkg_ver seg_format_ver;
__le32 seg_size;
char seg_id[ICE_PKG_NAME_SIZE];
};
/* ice specific segment */
union ice_device_id {
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ice_generic_seg_hdr hdr;
struct ice_pkg_ver pkg_ver;
__le32 rsvd;
char pkg_name[ICE_PKG_NAME_SIZE];
};
#define ICE_MIN_S_OFF 12
#define ICE_MAX_S_OFF 4095
#define ICE_MIN_S_SZ 1
Reported by FlawFinder.
Line: 125
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ice_meta_sect {
struct ice_pkg_ver ver;
#define ICE_META_SECT_NAME_SIZE 28
char name[ICE_META_SECT_NAME_SIZE];
__le32 track_id;
};
#define ICE_SID_CDID_REDIR_SW 18
Reported by FlawFinder.
Line: 264
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ice_label {
__le16 value;
#define ICE_PKG_LABEL_SIZE 64
char name[ICE_PKG_LABEL_SIZE];
};
struct ice_label_section {
__le16 count;
struct ice_label label[];
Reported by FlawFinder.
drivers/net/wan/fsl_ucc_hdlc.c
4 issues
Line: 412
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(priv->skb_curtx + 1) & TX_RING_MOD_MASK(TX_BD_RING_LEN);
/* copy skb data to tx buffer for sdma processing */
memcpy(priv->tx_buffer + (be32_to_cpu(bd->buf) - priv->dma_tx_addr),
skb->data, skb->len);
/* set bd status and length */
bd_status = (bd_status & T_W_S) | T_R_S | T_I_S | T_L_S | T_TC_S;
Reported by FlawFinder.
Line: 568
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_put(skb, length);
skb->len = length;
skb->dev = dev;
memcpy(skb->data, bdbuffer, length);
break;
case ARPHRD_PPP:
case ARPHRD_ETHER:
length -= HDLC_CRC_SIZE;
Reported by FlawFinder.
Line: 584
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_put(skb, length);
skb->len = length;
skb->dev = dev;
memcpy(skb->data, bdbuffer, length);
break;
}
dev->stats.rx_packets++;
dev->stats.rx_bytes += skb->len;
Reported by FlawFinder.
Line: 1134
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
memcpy(&utdm_info[ucc_num], &utdm_primary_info,
sizeof(utdm_primary_info));
ut_info = &utdm_info[ucc_num];
ut_info->uf_info.ucc_num = ucc_num;
Reported by FlawFinder.