The following issues were found
drivers/net/bonding/bond_alb.c
4 issues
Line: 1017
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sockaddr_storage ss;
if (BOND_MODE(slave->bond) == BOND_MODE_TLB) {
memcpy(dev->dev_addr, addr, len);
return 0;
}
/* for rlb each slave must have a unique hw mac addresses so that
* each slave will receive packets destined to a different mac
Reported by FlawFinder.
Line: 1024
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* for rlb each slave must have a unique hw mac addresses so that
* each slave will receive packets destined to a different mac
*/
memcpy(ss.__data, addr, len);
ss.ss_family = dev->type;
if (dev_set_mac_address(dev, (struct sockaddr *)&ss, NULL)) {
slave_err(slave->bond->dev, dev, "dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open\n");
return -EOPNOTSUPP;
}
Reported by FlawFinder.
Line: 1232
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct slave *slave, *rollback_slave;
struct list_head *iter;
struct sockaddr_storage ss;
char tmp_addr[MAX_ADDR_LEN];
int res;
if (bond->alb_info.rlb_enabled)
return 0;
Reported by FlawFinder.
Line: 1256
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
unwind:
memcpy(ss.__data, bond->dev->dev_addr, bond->dev->addr_len);
ss.ss_family = bond->dev->type;
/* unwind from head to the slave that failed */
bond_for_each_slave(bond, rollback_slave, iter) {
if (rollback_slave == slave)
Reported by FlawFinder.
drivers/net/bonding/bond_procfs.c
4 issues
Line: 145
Column: 27
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
optval->string);
if (capable(CAP_NET_ADMIN)) {
seq_printf(seq, "System priority: %d\n",
BOND_AD_INFO(bond).system.sys_priority);
seq_printf(seq, "System MAC address: %pM\n",
&BOND_AD_INFO(bond).system.sys_mac_addr);
if (__bond_3ad_get_active_agg_info(bond, &ad_info)) {
seq_printf(seq,
Reported by FlawFinder.
Line: 147
Column: 28
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
seq_printf(seq, "System priority: %d\n",
BOND_AD_INFO(bond).system.sys_priority);
seq_printf(seq, "System MAC address: %pM\n",
&BOND_AD_INFO(bond).system.sys_mac_addr);
if (__bond_3ad_get_active_agg_info(bond, &ad_info)) {
seq_printf(seq,
"bond %s has no active aggregator\n",
bond->dev->name);
Reported by FlawFinder.
Line: 230
Column: 29
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
seq_printf(seq, " system priority: %d\n",
port->partner_oper.system_priority);
seq_printf(seq, " system mac address: %pM\n",
&port->partner_oper.system);
seq_printf(seq, " oper key: %d\n",
port->partner_oper.key);
seq_printf(seq, " port priority: %d\n",
port->partner_oper.port_priority);
seq_printf(seq, " port number: %d\n",
Reported by FlawFinder.
Line: 276
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
netdev_warn(bond_dev, "Cannot create /proc/net/%s/%s\n",
DRV_NAME, bond_dev->name);
else
memcpy(bond->proc_file_name, bond_dev->name, IFNAMSIZ);
}
}
void bond_remove_proc_entry(struct bonding *bond)
{
Reported by FlawFinder.
drivers/media/pci/ddbridge/ddbridge-ci.c
4 issues
Line: 139
Column: 70
CWE codes:
362
return 0;
}
static int poll_slot_status(struct dvb_ca_en50221 *ca, int slot, int open)
{
struct ddb_ci *ci = ca->data;
u32 val = ddbreadl(ci->port->dev, CI_CONTROL(ci->nr));
int stat = 0;
Reported by FlawFinder.
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ci = kzalloc(sizeof(*ci), GFP_KERNEL);
if (!ci)
return;
memcpy(&ci->en, &en_templ, sizeof(en_templ));
ci->en.data = ci;
port->en = &ci->en;
port->en_freedata = 1;
ci->port = port;
ci->nr = port->nr - 2;
Reported by FlawFinder.
Line: 268
Column: 74
CWE codes:
362
return 0;
}
static int poll_slot_status_xo2(struct dvb_ca_en50221 *ca, int slot, int open)
{
struct ddb_ci *ci = ca->data;
struct i2c_adapter *i2c = &ci->port->i2c->adap;
u8 adr = (ci->port->type == DDB_CI_EXTERNAL_XO2) ? 0x12 : 0x13;
u8 val = 0;
Reported by FlawFinder.
Line: 303
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ci = kzalloc(sizeof(*ci), GFP_KERNEL);
if (!ci)
return;
memcpy(&ci->en, &en_xo2_templ, sizeof(en_xo2_templ));
ci->en.data = ci;
port->en = &ci->en;
port->en_freedata = 1;
ci->port = port;
ci->nr = port->nr - 2;
Reported by FlawFinder.
drivers/mmc/host/rtsx_usb_sdmmc.c
4 issues
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef RTSX_USB_USE_LEDS_CLASS
struct led_classdev led;
char led_name[32];
struct work_struct led_work;
#endif
};
static inline struct device *sdmmc_dev(struct rtsx_usb_sdmmc *host)
Reported by FlawFinder.
Line: 460
Column: 6
CWE codes:
120
20
size_t data_len = data->blksz * data->blocks;
unsigned int pipe;
if (read) {
dev_dbg(sdmmc_dev(host), "%s: read %zu bytes\n",
__func__, data_len);
cfg2 = SD_CALCULATE_CRC7 | SD_CHECK_CRC16 |
SD_NO_WAIT_BUSY_END | SD_CHECK_CRC7 | SD_RSP_LEN_0;
trans_mode = SD_TM_AUTO_READ_3;
Reported by FlawFinder.
Line: 494
Column: 6
CWE codes:
120
20
0xFF, (u8)(data_len >> 8));
rtsx_usb_add_cmd(ucr, WRITE_REG_CMD, MC_DMA_TC0,
0xFF, (u8)data_len);
if (read) {
flag = MODE_CDIR;
rtsx_usb_add_cmd(ucr, WRITE_REG_CMD, MC_DMA_CTL,
0x03 | DMA_PACK_SIZE_MASK,
DMA_DIR_FROM_CARD | DMA_EN | DMA_512);
} else {
Reported by FlawFinder.
Line: 516
Column: 6
CWE codes:
120
20
if (err)
return err;
if (read)
pipe = usb_rcvbulkpipe(ucr->pusb_dev, EP_BULK_IN);
else
pipe = usb_sndbulkpipe(ucr->pusb_dev, EP_BULK_OUT);
err = rtsx_usb_transfer_data(ucr, pipe, data->sg, data_len,
Reported by FlawFinder.
drivers/mmc/host/omap_hsmmc.c
4 issues
Line: 752
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct mmc_host *mmc = container_of(dev, struct mmc_host, class_dev);
struct omap_hsmmc_host *host = mmc_priv(mmc);
return sprintf(buf, "%s\n", mmc_pdata(host)->name);
}
static DEVICE_ATTR(slot_name, S_IRUGO, omap_hsmmc_show_slot_name, NULL);
/*
Reported by FlawFinder.
Line: 955
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < ARRAY_SIZE(omap_hsmmc_status_bits); i++)
if (status & (1 << i)) {
len = sprintf(buf, " %s", omap_hsmmc_status_bits[i]);
buf += len;
}
dev_vdbg(mmc_dev(host->mmc), "%s\n", res);
}
Reported by FlawFinder.
Line: 946
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"CTO" , "CCRC", "CEB", "CIE", "DTO" , "DCRC", "DEB" , "---" ,
"ACE" , "---" , "---", "---", "CERR", "BADA", "---" , "---"
};
char res[256];
char *buf = res;
int len, i;
len = sprintf(buf, "MMC IRQ 0x%x :", status);
buf += len;
Reported by FlawFinder.
Line: 950
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *buf = res;
int len, i;
len = sprintf(buf, "MMC IRQ 0x%x :", status);
buf += len;
for (i = 0; i < ARRAY_SIZE(omap_hsmmc_status_bits); i++)
if (status & (1 << i)) {
len = sprintf(buf, " %s", omap_hsmmc_status_bits[i]);
Reported by FlawFinder.
drivers/media/pci/dm1105/dm1105.c
4 issues
Line: 1125
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dm1105_ir_init(dev);
INIT_WORK(&dev->work, dm1105_dmx_buffer);
sprintf(dev->wqn, "%s/%d", dvb_adapter->name, dvb_adapter->num);
dev->wq = create_singlethread_workqueue(dev->wqn);
if (!dev->wq) {
ret = -ENOMEM;
goto err_dvb_net;
}
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* infrared remote control */
struct infrared {
struct rc_dev *dev;
char input_phys[32];
struct work_struct work;
u32 ir_command;
};
struct dm1105_dev {
Reported by FlawFinder.
Line: 345
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* irq */
struct work_struct work;
struct workqueue_struct *wq;
char wqn[16];
/* dma */
dma_addr_t dma_addr;
unsigned char *ts_buf;
u32 wrp;
Reported by FlawFinder.
Line: 692
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (nextwrp < oldwrp) {
memcpy(dev->ts_buf + dev->buffer_size, dev->ts_buf, nextwrp);
nbpackets = ((dev->buffer_size - oldwrp) + nextwrp) / 188;
} else
nbpackets = (nextwrp - oldwrp) / 188;
dev->wrp = nextwrp;
Reported by FlawFinder.
drivers/media/pci/intel/ipu3/cio2-bridge.c
4 issues
Line: 120
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
static void cio2_bridge_init_swnode_names(struct cio2_sensor *sensor)
{
snprintf(sensor->node_names.remote_port,
sizeof(sensor->node_names.remote_port),
SWNODE_GRAPH_PORT_NAME_FMT, sensor->ssdb.link);
snprintf(sensor->node_names.port,
sizeof(sensor->node_names.port),
SWNODE_GRAPH_PORT_NAME_FMT, 0); /* Always port 0 */
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
snprintf(sensor->node_names.remote_port,
sizeof(sensor->node_names.remote_port),
SWNODE_GRAPH_PORT_NAME_FMT, sensor->ssdb.link);
snprintf(sensor->node_names.port,
sizeof(sensor->node_names.port),
SWNODE_GRAPH_PORT_NAME_FMT, 0); /* Always port 0 */
snprintf(sensor->node_names.endpoint,
sizeof(sensor->node_names.endpoint),
SWNODE_GRAPH_ENDPOINT_NAME_FMT, 0); /* And endpoint 0 */
Reported by FlawFinder.
Line: 126
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
snprintf(sensor->node_names.port,
sizeof(sensor->node_names.port),
SWNODE_GRAPH_PORT_NAME_FMT, 0); /* Always port 0 */
snprintf(sensor->node_names.endpoint,
sizeof(sensor->node_names.endpoint),
SWNODE_GRAPH_ENDPOINT_NAME_FMT, 0); /* And endpoint 0 */
}
static void cio2_bridge_create_connection_swnodes(struct cio2_bridge *bridge,
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_free_buff;
}
memcpy(data, obj->buffer.pointer, obj->buffer.length);
out_free_buff:
kfree(buffer.pointer);
return ret;
}
Reported by FlawFinder.
drivers/net/can/kvaser_pciefd.c
4 issues
Line: 433
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct kvaser_pciefd_cfg_param *param;
param = &img->params[KVASER_PCIEFD_CFG_PARAM_NR_CHAN];
memcpy(&pcie->nr_channels, param->data, le32_to_cpu(param->len));
}
static int kvaser_pciefd_read_cfg(struct kvaser_pciefd *pcie)
{
int res;
Reported by FlawFinder.
Line: 760
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p->header[1] |= seq & KVASER_PCIEFD_PACKET_SEQ_MSK;
packet_size = cf->len;
memcpy(p->data, cf->data, packet_size);
return DIV_ROUND_UP(packet_size, 4);
}
static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb,
Reported by FlawFinder.
Line: 1188
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (p->header[0] & KVASER_PCIEFD_RPACKET_RTR)
cf->can_id |= CAN_RTR_FLAG;
else
memcpy(cf->data, data, cf->len);
shhwtstamps = skb_hwtstamps(skb);
shhwtstamps->hwtstamp =
ns_to_ktime(div_u64(p->timestamp * 1000,
Reported by FlawFinder.
Line: 1598
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p->header[1] = le32_to_cpu(buffer[pos++]);
/* Read 64-bit timestamp */
memcpy(×tamp, &buffer[pos], sizeof(__le64));
pos += 2;
p->timestamp = le64_to_cpu(timestamp);
type = (p->header[1] >> KVASER_PCIEFD_PACKET_TYPE_SHIFT) & 0xf;
switch (type) {
Reported by FlawFinder.
drivers/net/can/m_can/tcan4x5x-regmap.c
4 issues
Line: 31
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
},
};
memcpy(&buf_tx->cmd, reg, sizeof(buf_tx->cmd.cmd) +
sizeof(buf_tx->cmd.addr));
tcan4x5x_spi_cmd_set_len(&buf_tx->cmd, val_len);
memcpy(buf_tx->data, val, val_len);
return spi_sync_transfer(spi, xfer, ARRAY_SIZE(xfer));
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&buf_tx->cmd, reg, sizeof(buf_tx->cmd.cmd) +
sizeof(buf_tx->cmd.addr));
tcan4x5x_spi_cmd_set_len(&buf_tx->cmd, val_len);
memcpy(buf_tx->data, val, val_len);
return spi_sync_transfer(spi, xfer, ARRAY_SIZE(xfer));
}
static int tcan4x5x_regmap_write(void *context, const void *data, size_t count)
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spi_message_init(&msg);
spi_message_add_tail(&xfer[0], &msg);
memcpy(&buf_tx->cmd, reg_buf, sizeof(buf_tx->cmd.cmd) +
sizeof(buf_tx->cmd.addr));
tcan4x5x_spi_cmd_set_len(&buf_tx->cmd, val_len);
if (spi->controller->flags & SPI_CONTROLLER_HALF_DUPLEX) {
xfer[0].len = sizeof(buf_tx->cmd);
Reported by FlawFinder.
Line: 88
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
if (!(spi->controller->flags & SPI_CONTROLLER_HALF_DUPLEX))
memcpy(val_buf, buf_rx->data, val_len);
return 0;
}
static const struct regmap_range tcan4x5x_reg_table_yes_range[] = {
Reported by FlawFinder.
drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_common.h
4 issues
Line: 25
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__be32 ctx_hdr;
u8 salt[CHCR_MAX_SALT];
__be64 iv_to_auth;
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE +
TLS_CIPHER_AES_GCM_256_TAG_SIZE];
};
/* Crypto key context */
#define KEY_CONTEXT_CTX_LEN_S 24
Reported by FlawFinder.
Line: 65
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u64 *p;
if (likely(length <= left)) {
memcpy(pos, src, length);
pos += length;
} else {
memcpy(pos, src, left);
memcpy(q->desc, src + left, length - left);
pos = (void *)q->desc + (length - left);
Reported by FlawFinder.
Line: 68
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pos, src, length);
pos += length;
} else {
memcpy(pos, src, left);
memcpy(q->desc, src + left, length - left);
pos = (void *)q->desc + (length - left);
}
/* 0-pad to multiple of 16 */
p = PTR_ALIGN(pos, 8);
Reported by FlawFinder.
Line: 69
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos += length;
} else {
memcpy(pos, src, left);
memcpy(q->desc, src + left, length - left);
pos = (void *)q->desc + (length - left);
}
/* 0-pad to multiple of 16 */
p = PTR_ALIGN(pos, 8);
if ((uintptr_t)p & 8) {
Reported by FlawFinder.