The following issues were found
drivers/net/ethernet/amd/ni65.h
4 issues
Line: 91
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct init_block {
unsigned short mode;
unsigned char eaddr[6];
unsigned char filter[8];
/* bit 29-31: number of rmd's (power of 2) */
u32 rrp; /* receive ring pointer (align 8) */
/* bit 29-31: number of tmd's (power of 2) */
u32 trp; /* transmit ring pointer (align 8) */
Reported by FlawFinder.
Line: 92
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct init_block {
unsigned short mode;
unsigned char eaddr[6];
unsigned char filter[8];
/* bit 29-31: number of rmd's (power of 2) */
u32 rrp; /* receive ring pointer (align 8) */
/* bit 29-31: number of tmd's (power of 2) */
u32 trp; /* transmit ring pointer (align 8) */
};
Reported by FlawFinder.
Line: 103
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
volatile u32 buffer;
struct {
volatile unsigned char dummy[3];
volatile unsigned char status;
} s;
} u;
volatile short blen;
volatile unsigned short mlen;
Reported by FlawFinder.
Line: 115
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
volatile u32 buffer;
struct {
volatile unsigned char dummy[3];
volatile unsigned char status;
} s;
} u;
volatile unsigned short blen;
volatile unsigned short status2;
Reported by FlawFinder.
drivers/net/ethernet/amd/sun3lance.c
4 issues
Line: 129
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The LANCE initialization block, described in databook. */
struct lance_init_block {
unsigned short mode; /* Pre-set mode */
unsigned char hwaddr[6]; /* Physical ethernet address */
unsigned int filter[2]; /* Multicast filter (unused). */
/* Receive and transmit ring base, along with length bits. */
unsigned short rdra;
unsigned short rlen;
unsigned short tdra;
Reported by FlawFinder.
Line: 144
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lance_init_block init;
struct lance_tx_head tx_head[TX_RING_SIZE];
struct lance_rx_head rx_head[RX_RING_SIZE];
char rx_data[RX_RING_SIZE][PKT_BUF_SZ];
char tx_data[TX_RING_SIZE][PKT_BUF_SZ];
};
/* The driver's private device structure */
Reported by FlawFinder.
Line: 145
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lance_tx_head tx_head[TX_RING_SIZE];
struct lance_rx_head rx_head[RX_RING_SIZE];
char rx_data[RX_RING_SIZE][PKT_BUF_SZ];
char tx_data[TX_RING_SIZE][PKT_BUF_SZ];
};
/* The driver's private device structure */
struct lance_private {
Reported by FlawFinder.
Line: 276
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!dev)
return ERR_PTR(-ENOMEM);
if (unit >= 0) {
sprintf(dev->name, "eth%d", unit);
netdev_boot_setup_check(dev);
}
if (!lance_probe(dev))
goto out;
Reported by FlawFinder.
drivers/md/raid0.c
4 issues
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int j, k;
sector_t zone_size = 0;
sector_t zone_start = 0;
char b[BDEVNAME_SIZE];
struct r0conf *conf = mddev->private;
int raid_disks = conf->strip_zone[0].nb_dev;
pr_debug("md: RAID0 configuration for %s - %d zone%s\n",
mdname(mddev),
conf->nr_strip_zones, conf->nr_strip_zones==1?"":"s");
Reported by FlawFinder.
Line: 47
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mdname(mddev),
conf->nr_strip_zones, conf->nr_strip_zones==1?"":"s");
for (j = 0; j < conf->nr_strip_zones; j++) {
char line[200];
int len = 0;
for (k = 0; k < conf->strip_zone[j].nb_dev; k++)
len += snprintf(line+len, 200-len, "%s%s", k?"/":"",
bdevname(conf->devlist[j*raid_disks
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct md_rdev *smallest, *rdev1, *rdev2, *rdev, **dev;
struct strip_zone *zone;
int cnt;
char b[BDEVNAME_SIZE];
char b2[BDEVNAME_SIZE];
struct r0conf *conf = kzalloc(sizeof(*conf), GFP_KERNEL);
unsigned blksize = 512;
*private_conf = ERR_PTR(-ENOMEM);
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct strip_zone *zone;
int cnt;
char b[BDEVNAME_SIZE];
char b2[BDEVNAME_SIZE];
struct r0conf *conf = kzalloc(sizeof(*conf), GFP_KERNEL);
unsigned blksize = 512;
*private_conf = ERR_PTR(-ENOMEM);
if (!conf)
Reported by FlawFinder.
drivers/net/ethernet/amd/xgbe/xgbe-dev.c
4 issues
Line: 985
CWE codes:
758
if (ha) {
mac_addr = (u8 *)&mac_addr_lo;
mac_addr[0] = ha->addr[0];
mac_addr[1] = ha->addr[1];
mac_addr[2] = ha->addr[2];
mac_addr[3] = ha->addr[3];
mac_addr = (u8 *)&mac_addr_hi;
mac_addr[0] = ha->addr[4];
mac_addr[1] = ha->addr[5];
Reported by Cppcheck.
Line: 986
CWE codes:
758
mac_addr = (u8 *)&mac_addr_lo;
mac_addr[0] = ha->addr[0];
mac_addr[1] = ha->addr[1];
mac_addr[2] = ha->addr[2];
mac_addr[3] = ha->addr[3];
mac_addr = (u8 *)&mac_addr_hi;
mac_addr[0] = ha->addr[4];
mac_addr[1] = ha->addr[5];
Reported by Cppcheck.
Line: 987
CWE codes:
758
mac_addr[0] = ha->addr[0];
mac_addr[1] = ha->addr[1];
mac_addr[2] = ha->addr[2];
mac_addr[3] = ha->addr[3];
mac_addr = (u8 *)&mac_addr_hi;
mac_addr[0] = ha->addr[4];
mac_addr[1] = ha->addr[5];
netif_dbg(pdata, drv, pdata->netdev,
Reported by Cppcheck.
Line: 990
CWE codes:
758
mac_addr[3] = ha->addr[3];
mac_addr = (u8 *)&mac_addr_hi;
mac_addr[0] = ha->addr[4];
mac_addr[1] = ha->addr[5];
netif_dbg(pdata, drv, pdata->netdev,
"adding mac address %pM at %#x\n",
ha->addr, *mac_reg);
Reported by Cppcheck.
drivers/net/ethernet/cisco/enic/vnic_devcmd.h
4 issues
Line: 511
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* a 16-bit integer (e.g. 0xA2).
*/
struct vnic_devcmd_fw_info {
char fw_version[32];
char fw_build[32];
char hw_version[32];
char hw_serial_number[32];
u16 asic_type;
u16 asic_rev;
Reported by FlawFinder.
Line: 512
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct vnic_devcmd_fw_info {
char fw_version[32];
char fw_build[32];
char hw_version[32];
char hw_serial_number[32];
u16 asic_type;
u16 asic_rev;
};
Reported by FlawFinder.
Line: 513
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vnic_devcmd_fw_info {
char fw_version[32];
char fw_build[32];
char hw_version[32];
char hw_serial_number[32];
u16 asic_type;
u16 asic_rev;
};
Reported by FlawFinder.
Line: 514
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char fw_version[32];
char fw_build[32];
char hw_version[32];
char hw_serial_number[32];
u16 asic_type;
u16 asic_rev;
};
struct vnic_devcmd_notify {
Reported by FlawFinder.
drivers/net/ethernet/apm/xgene-v2/ethtool.c
4 issues
Line: 92
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct platform_device *pdev = pdata->pdev;
strcpy(info->driver, "xgene-enet-v2");
sprintf(info->bus_info, "%s", pdev->name);
}
static void xge_get_strings(struct net_device *ndev, u32 stringset, u8 *data)
{
u8 *p = data;
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct xge_pdata *pdata = netdev_priv(ndev);
struct platform_device *pdev = pdata->pdev;
strcpy(info->driver, "xgene-enet-v2");
sprintf(info->bus_info, "%s", pdev->name);
}
static void xge_get_strings(struct net_device *ndev, u32 stringset, u8 *data)
{
Reported by FlawFinder.
Line: 104
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
for (i = 0; i < XGE_STATS_LEN; i++) {
memcpy(p, gstrings_stats[i].name, ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
for (i = 0; i < XGE_EXTD_STATS_LEN; i++) {
memcpy(p, gstrings_extd_stats[i].name, ETH_GSTRING_LEN);
Reported by FlawFinder.
Line: 109
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
for (i = 0; i < XGE_EXTD_STATS_LEN; i++) {
memcpy(p, gstrings_extd_stats[i].name, ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
}
static int xge_get_sset_count(struct net_device *ndev, int sset)
Reported by FlawFinder.
drivers/misc/genwqe/card_debugfs.c
4 issues
Line: 326
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char name[64];
unsigned int i;
sprintf(card_name, "%s%d_card", GENWQE_DEVNAME, cd->card_idx);
root = debugfs_create_dir(card_name, cd->debugfs_genwqe);
/* non privileged interfaces are done here */
debugfs_create_file("ddcb_info", S_IRUGO, root, cd, &ddcb_info_fops);
Reported by FlawFinder.
Line: 322
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void genwqe_init_debugfs(struct genwqe_dev *cd)
{
struct dentry *root;
char card_name[64];
char name[64];
unsigned int i;
sprintf(card_name, "%s%d_card", GENWQE_DEVNAME, cd->card_idx);
Reported by FlawFinder.
Line: 323
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dentry *root;
char card_name[64];
char name[64];
unsigned int i;
sprintf(card_name, "%s%d_card", GENWQE_DEVNAME, cd->card_idx);
root = debugfs_create_dir(card_name, cd->debugfs_genwqe);
Reported by FlawFinder.
Line: 360
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
&prev_dbg_uid2_fops);
for (i = 0; i < GENWQE_MAX_VFS; i++) {
sprintf(name, "vf%u_jobtimeout_msec", i);
debugfs_create_u32(name, 0666, root,
&cd->vf_jobtimeout_msec[i]);
}
debugfs_create_file("jobtimer", S_IRUGO, root, cd, &jtimer_fops);
Reported by FlawFinder.
drivers/media/platform/allegro-dvt/nal-hevc.c
4 issues
Line: 515
Column: 28
CWE codes:
120
20
if (!src)
return -EINVAL;
rbsp_init(&rbsp, src, n, &read);
nal_hevc_read_start_code_prefix(&rbsp);
rbsp_bit(&rbsp, &forbidden_zero_bit);
rbsp_bits(&rbsp, 6, &nal_unit_type);
Reported by FlawFinder.
Line: 610
Column: 28
CWE codes:
120
20
if (!src)
return -EINVAL;
rbsp_init(&rbsp, src, n, &read);
nal_hevc_read_start_code_prefix(&rbsp);
rbsp_bit(&rbsp, &forbidden_zero_bit);
rbsp_bits(&rbsp, 6, &nal_unit_type);
Reported by FlawFinder.
Line: 705
Column: 28
CWE codes:
120
20
if (!src)
return -EINVAL;
rbsp_init(&rbsp, src, n, &read);
nal_hevc_read_start_code_prefix(&rbsp);
/* NAL unit header */
rbsp_bit(&rbsp, &forbidden_zero_bit);
Reported by FlawFinder.
Line: 801
Column: 28
CWE codes:
120
20
if (!src)
return -EINVAL;
rbsp_init(&rbsp, src, n, &read);
nal_hevc_read_start_code_prefix(&rbsp);
rbsp_bit(&rbsp, &forbidden_zero_bit);
rbsp_bits(&rbsp, 6, &nal_unit_type);
Reported by FlawFinder.
drivers/media/dvb-frontends/drxk_hard.c
4 issues
Line: 442
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
((address >> 18) & 0xF0));
adr_length = 2;
}
memcpy(&state->chunk[adr_length], p_block, chunk);
dprintk(2, "(0x%08x, 0x%02x)\n", address, flags);
if (debug > 1) {
int i;
if (p_block)
for (i = 0; i < chunk; i++)
Reported by FlawFinder.
Line: 1439
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 buffer[34];
int cnt = 0, ii;
const char *p;
char errname[30];
dprintk(1, "\n");
if ((cmd == 0) || ((parameter_len > 0) && (parameter == NULL)) ||
((result_len > 0) && (result == NULL))) {
Reported by FlawFinder.
Line: 1509
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p = "SCU_RESULT_INVPAR";
break;
default: /* Other negative values are errors */
sprintf(errname, "ERROR: %d\n", err);
p = errname;
}
pr_err("%s while sending cmd 0x%04x with params:", p, cmd);
print_hex_dump_bytes("drxk: ", DUMP_PREFIX_NONE, buffer, cnt);
status = -EINVAL;
Reported by FlawFinder.
Line: 6803
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_init(&state->mutex);
memcpy(&state->frontend.ops, &drxk_ops, sizeof(drxk_ops));
state->frontend.demodulator_priv = state;
init_state(state);
/* Load firmware and initialize DRX-K */
Reported by FlawFinder.
drivers/misc/dw-xdata-pcie.c
4 issues
Line: 342
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return id;
}
snprintf(name, sizeof(name), DW_XDATA_DRIVER_NAME ".%d", id);
dw->misc_dev.name = kstrdup(name, GFP_KERNEL);
if (!dw->misc_dev.name) {
err = -ENOMEM;
goto err_ida_remove;
}
Reported by FlawFinder.
Line: 390
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
struct dw_xdata *dw = pci_get_drvdata(pdev);
int id;
if (sscanf(dw->misc_dev.name, DW_XDATA_DRIVER_NAME ".%d", &id) != 1)
return;
if (id < 0)
return;
Reported by FlawFinder.
Line: 293
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct device *dev = &pdev->dev;
struct dw_xdata *dw;
char name[24];
u64 addr;
int err;
int id;
/* Enable PCI device */
Reported by FlawFinder.