The following issues were found
drivers/net/ethernet/rocker/rocker_ofdpa.c
4 issues
Line: 1181
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
kfree(entry);
return -ENOMEM;
}
memcpy(entry->group_ids, group_ids, group_count * sizeof(u32));
return ofdpa_group_tbl_do(ofdpa_port, flags, entry);
}
static int ofdpa_group_l2_flood(struct ofdpa_port *ofdpa_port,
Reported by FlawFinder.
Line: 1295
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
entry->ttl_check = true;
ofdpa_neigh_add(ofdpa, entry);
} else if (removing) {
memcpy(entry, found, sizeof(*entry));
ofdpa_neigh_del(found);
} else if (updating) {
ofdpa_neigh_update(found, eth_dst, true);
memcpy(entry, found, sizeof(*entry));
} else {
Reported by FlawFinder.
Line: 1299
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ofdpa_neigh_del(found);
} else if (updating) {
ofdpa_neigh_update(found, eth_dst, true);
memcpy(entry, found, sizeof(*entry));
} else {
err = -ENOENT;
}
spin_unlock_irqrestore(&ofdpa->neigh_tbl_lock, lock_flags);
Reported by FlawFinder.
Line: 2151
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err_port_ctrl:
err_fdb_flush:
err_port_fwding:
memcpy(ofdpa_port->ctrls, prev_ctrls, sizeof(prev_ctrls));
ofdpa_port->stp_state = prev_state;
return err;
}
static int ofdpa_port_fwd_enable(struct ofdpa_port *ofdpa_port, int flags)
Reported by FlawFinder.
drivers/net/netdevsim/fib.c
4 issues
Line: 66
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct nsim_fib_rt_key {
unsigned char addr[sizeof(struct in6_addr)];
unsigned char prefix_len;
int family;
u32 tb_id;
};
Reported by FlawFinder.
Line: 243
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t addr_len, unsigned int prefix_len,
int family, u32 tb_id)
{
memcpy(fib_rt->key.addr, addr, addr_len);
fib_rt->key.prefix_len = prefix_len;
fib_rt->key.family = family;
fib_rt->key.tb_id = tb_id;
list_add(&fib_rt->list, &data->fib_rt_list);
}
Reported by FlawFinder.
Line: 263
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct nsim_fib_rt_key key;
memset(&key, 0, sizeof(key));
memcpy(key.addr, addr, addr_len);
key.prefix_len = prefix_len;
key.family = family;
key.tb_id = tb_id;
return rhashtable_lookup_fast(fib_rt_ht, &key, nsim_fib_rt_ht_params);
Reported by FlawFinder.
Line: 1359
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long *activity;
loff_t pos = *ppos;
u16 bucket_index;
char buf[128];
int err = 0;
u32 nhid;
if (pos != 0)
return -EINVAL;
Reported by FlawFinder.
drivers/net/ethernet/ti/netcp_core.c
4 issues
Line: 210
CWE codes:
786
break;
}
x[0] = (addr1 & 0x0000ff00) >> 8;
x[1] = addr1 & 0x000000ff;
x[2] = (addr0 & 0xff000000) >> 24;
x[3] = (addr0 & 0x00ff0000) >> 16;
x[4] = (addr0 & 0x0000ff00) >> 8;
x[5] = addr0 & 0x000000ff;
Reported by Cppcheck.
Line: 252
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for_each_available_child_of_node(devices, child) {
const char *name;
char node_name[32];
if (of_property_read_string(child, "label", &name) < 0) {
snprintf(node_name, sizeof(node_name), "%pOFn", child);
name = node_name;
}
Reported by FlawFinder.
Line: 1714
Column: 15
CWE codes:
362
for_each_module(netcp, intf_modpriv) {
module = intf_modpriv->netcp_module;
if (module->open) {
ret = module->open(intf_modpriv->module_priv, ndev);
if (ret != 0) {
dev_err(netcp->ndev_dev, "module open failed\n");
goto fail_open;
}
Reported by FlawFinder.
Line: 1715
Column: 18
CWE codes:
362
for_each_module(netcp, intf_modpriv) {
module = intf_modpriv->netcp_module;
if (module->open) {
ret = module->open(intf_modpriv->module_priv, ndev);
if (ret != 0) {
dev_err(netcp->ndev_dev, "module open failed\n");
goto fail_open;
}
}
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
4 issues
Line: 153
.type = FS_TYPE_NAMESPACE,
.ar_size = 7,
.children = (struct init_tree_node[]){
ADD_PRIO(0, BY_PASS_MIN_LEVEL, 0, FS_CHAINING_CAPS,
ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF,
ADD_MULTIPLE_PRIO(MLX5_BY_PASS_NUM_PRIOS,
BY_PASS_PRIO_NUM_LEVELS))),
ADD_PRIO(0, LAG_MIN_LEVEL, 0, FS_CHAINING_CAPS,
ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF,
Reported by Cppcheck.
Line: 959
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fs_get_obj(fg, fte->node.parent);
fs_get_obj(ft, fg->node.parent);
memcpy(&rule->dest_attr, dest, sizeof(*dest));
root = find_root(&ft->node);
err = root->cmds->update_fte(root, ft, fg,
modify_mask, fte);
up_write_ref_node(&fte->node, false);
Reported by FlawFinder.
Line: 1266
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
INIT_LIST_HEAD(&rule->next_ft);
rule->node.type = FS_TYPE_FLOW_DEST;
if (dest)
memcpy(&rule->dest_attr, dest, sizeof(*dest));
return rule;
}
static struct mlx5_flow_handle *alloc_handle(int num_rules)
Reported by FlawFinder.
Line: 1479
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
match_criteria_addr = MLX5_ADDR_OF(create_flow_group_in,
in, match_criteria);
memcpy(match_criteria_addr, fg->mask.match_criteria,
sizeof(fg->mask.match_criteria));
err = root->cmds->create_flow_group(root, ft, in, fg);
if (!err) {
fg->node.active = true;
Reported by FlawFinder.
drivers/net/ethernet/intel/igb/igb.h
4 issues
Line: 91
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IGB_XDP_REDIR BIT(2)
struct vf_data_storage {
unsigned char vf_mac_addresses[ETH_ALEN];
u16 vf_mc_hashes[IGB_MAX_VF_MC_ENTRIES];
u16 num_vf_mc_hashes;
u32 flags;
unsigned long last_nack;
u16 pf_vlan; /* When set, guest VLAN config not allowed. */
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct napi_struct napi;
struct rcu_head rcu; /* to avoid race with update stats on free */
char name[IFNAMSIZ + 9];
/* for dynamic allocation of rings associated with this q_vector */
struct igb_ring ring[] ____cacheline_internodealigned_in_smp;
};
Reported by FlawFinder.
Line: 463
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_attribute dev_attr;
struct e1000_hw *hw;
struct e1000_thermal_diode_data *sensor;
char name[12];
};
struct hwmon_buff {
struct attribute_group group;
const struct attribute_group *groups[2];
Reported by FlawFinder.
Line: 640
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct timespec64 period;
} perout[IGB_N_PEROUT];
char fw_version[32];
#ifdef CONFIG_IGB_HWMON
struct hwmon_buff *igb_hwmon_buff;
bool ets;
#endif
struct i2c_algo_bit_data i2c_algo;
Reported by FlawFinder.
drivers/net/ethernet/mellanox/mlx5/core/fw.c
4 issues
Line: 87
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto out;
memcpy(dev->board_id,
MLX5_ADDR_OF(query_adapter_out, out,
query_adapter_struct.vsd_contd_psid),
MLX5_FLD_SZ_BYTES(query_adapter_out,
query_adapter_struct.vsd_contd_psid));
Reported by FlawFinder.
Line: 443
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < dw_size; i++) {
j = i * 4;
data_element = htonl(*(u32 *)&data[j]);
memcpy(MLX5_ADDR_OF(mcda_reg, in, data) + j, &data_element, 4);
}
err = mlx5_core_access_reg(dev, in, in_size, out,
sizeof(out), MLX5_REG_MCDA, 0, 1);
kfree(in);
Reported by FlawFinder.
Line: 473
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
data = MLX5_ADDR_OF(mcqi_reg, out, data);
memcpy(mcqi_data, data, data_size);
return 0;
}
static int mlx5_reg_mcqi_caps_query(struct mlx5_core_dev *dev, u16 component_index,
Reported by FlawFinder.
Line: 680
Column: 17
CWE codes:
126
.mlxfw_dev = {
.ops = &mlx5_mlxfw_dev_ops,
.psid = dev->board_id,
.psid_size = strlen(dev->board_id),
.devlink = priv_to_devlink(dev),
},
.mlx5_core_dev = dev
};
Reported by FlawFinder.
drivers/net/ethernet/ti/am65-cpsw-ethtool.c
4 issues
Line: 185
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct am65_cpsw_ethtool_stat {
char desc[ETH_GSTRING_LEN];
int offset;
};
#define AM65_CPSW_STATS(prefix, field) \
{ \
Reported by FlawFinder.
Line: 653
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
num_stats = ARRAY_SIZE(am65_host_stats);
hw_stats = am65_host_stats;
for (i = 0; i < num_stats; i++) {
memcpy(p, hw_stats[i].desc, ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
num_stats = ARRAY_SIZE(am65_slave_stats);
hw_stats = am65_slave_stats;
Reported by FlawFinder.
Line: 660
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
num_stats = ARRAY_SIZE(am65_slave_stats);
hw_stats = am65_slave_stats;
for (i = 0; i < num_stats; i++) {
memcpy(p, hw_stats[i].desc, ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
case ETH_SS_PRIV_FLAGS:
num_stats = ARRAY_SIZE(am65_cpsw_ethtool_priv_flags);
Reported by FlawFinder.
Line: 668
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
num_stats = ARRAY_SIZE(am65_cpsw_ethtool_priv_flags);
for (i = 0; i < num_stats; i++) {
memcpy(p, am65_cpsw_ethtool_priv_flags[i],
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
}
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/qmi_wlfw_v01.h
4 issues
Line: 189
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct wlfw_fw_version_info_s_v01 {
u32 fw_version;
char fw_build_timestamp[QMI_WLFW_MAX_TIMESTAMP_LEN_V01 + 1];
};
struct wlfw_ind_register_req_msg_v01 {
u8 fw_ready_enable_valid;
u8 fw_ready_enable;
Reported by FlawFinder.
Line: 273
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct wlfw_wlan_cfg_req_msg_v01 {
u8 host_version_valid;
char host_version[QMI_WLFW_MAX_STR_LEN_V01 + 1];
u8 tgt_cfg_valid;
u32 tgt_cfg_len;
struct wlfw_ce_tgt_pipe_cfg_s_v01 tgt_cfg[QMI_WLFW_MAX_NUM_CE_V01];
u8 svc_cfg_valid;
u32 svc_cfg_len;
Reported by FlawFinder.
Line: 316
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 fw_version_info_valid;
struct wlfw_fw_version_info_s_v01 fw_version_info;
u8 fw_build_id_valid;
char fw_build_id[QMI_WLFW_MAX_BUILD_ID_LEN_V01 + 1];
u8 num_macs_valid;
u8 num_macs;
};
#define WLFW_CAP_RESP_MSG_V01_MAX_MSG_LEN 207
Reported by FlawFinder.
Line: 632
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 line_number_valid;
u16 line_number;
u8 function_name_valid;
char function_name[QMI_WLFW_FUNCTION_NAME_LEN_V01 + 1];
};
#define WLFW_REJUVENATE_IND_MSG_V01_MAX_MSG_LEN 144
extern struct qmi_elem_info wlfw_rejuvenate_ind_msg_v01_ei[];
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/pci.c
4 issues
Line: 991
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
remaining_bytes -= nbytes;
memcpy(data, data_buf, nbytes);
address += nbytes;
data += nbytes;
}
Reported by FlawFinder.
Line: 1095
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nbytes = min_t(int, remaining_bytes, DIAG_TRANSFER_LIMIT);
/* Copy caller's data to allocated DMA buf */
memcpy(data_buf, data, nbytes);
/* Set up to receive directly into Target(!) address */
ret = ath10k_ce_rx_post_buf(ce_diag, &address, address);
if (ret != 0)
goto done;
Reported by FlawFinder.
Line: 1754
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dump_work);
struct ath10k_fw_crash_data *crash_data;
struct ath10k *ar = ar_pci->ar;
char guid[UUID_STRING_LEN + 1];
mutex_lock(&ar->dump_mutex);
spin_lock_bh(&ar->data_lock);
ar->stats.fw_crash_counter++;
Reported by FlawFinder.
Line: 2188
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret == 0 && resp_len) {
*resp_len = min(*resp_len, xfer.resp_len);
memcpy(resp, tresp, *resp_len);
}
err_dma:
kfree(treq);
kfree(tresp);
Reported by FlawFinder.
drivers/net/wireless/intel/iwlegacy/common.h
4 issues
Line: 1204
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fw_desc ucode_boot; /* bootstrap inst */
enum ucode_type ucode_type;
u8 ucode_write_complete; /* the image write is complete */
char firmware_name[25];
struct ieee80211_vif *vif;
struct il_qos_info qos_data;
Reported by FlawFinder.
Line: 2722
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IL_MAX_MCS_DISPLAY_SIZE 12
struct il_rate_mcs_info {
char mbps[IL_MAX_MCS_DISPLAY_SIZE];
char mcs[IL_MAX_MCS_DISPLAY_SIZE];
};
/**
* struct il_rate_scale_data -- tx success history for one rate
Reported by FlawFinder.
Line: 2723
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct il_rate_mcs_info {
char mbps[IL_MAX_MCS_DISPLAY_SIZE];
char mcs[IL_MAX_MCS_DISPLAY_SIZE];
};
/**
* struct il_rate_scale_data -- tx success history for one rate
*/
Reported by FlawFinder.
Line: 597
Column: 6
CWE codes:
120
20
dma_addr_t bd_dma;
struct il_rx_buf pool[RX_QUEUE_SIZE + RX_FREE_BUFFERS];
struct il_rx_buf *queue[RX_QUEUE_SIZE];
u32 read;
u32 write;
u32 free_count;
u32 write_actual;
struct list_head rx_free;
struct list_head rx_used;
Reported by FlawFinder.