The following issues were found
drivers/net/ethernet/cavium/liquidio/liquidio_common.h
4 issues
Line: 139
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct octeon_core_setup {
u64 corefreq;
char boardname[OCT_BOARD_NAME];
char board_serial_number[OCT_SERIAL_LEN];
u64 board_rev_major;
Reported by FlawFinder.
Line: 141
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char boardname[OCT_BOARD_NAME];
char board_serial_number[OCT_SERIAL_LEN];
u64 board_rev_major;
u64 board_rev_minor;
Reported by FlawFinder.
Line: 798
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 iqmask; /** mask for IQs enabled for the port */
u64 oqmask; /** mask for OQs enabled for the port */
struct oct_link_info linfo; /** initial link information */
char liquidio_firmware_version[32];
};
/** Stats for each NIC port in RX direction. */
struct nic_rx_stats {
/* link-level stats */
Reported by FlawFinder.
Line: 1019
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union {
struct lio_vf_rep_name {
char name[LIO_IF_NAME_SIZE];
} rep_name;
struct lio_vf_rep_mtu {
u32 mtu;
u32 rsvd;
Reported by FlawFinder.
drivers/media/platform/mtk-vcodec/venc/venc_h264_if.c
4 issues
Line: 301
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
handler = inst->vpu_inst.ctx->dev->fw_handler;
tmp_va = mtk_vcodec_fw_map_dm_addr(handler,
wb[i].vpua);
memcpy(inst->work_bufs[i].va, tmp_va,
wb[i].size);
}
}
wb[i].iova = inst->work_bufs[i].dma_addr;
Reported by FlawFinder.
Line: 431
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(bs_buf->va + bs_size_sps, inst->pps_buf.va, bs_size_pps);
*bs_size = bs_size_sps + bs_size_pps;
return ret;
}
Reported by FlawFinder.
Line: 465
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (inst->vpu_inst.state == VEN_IPI_MSG_ENC_STATE_SKIP) {
*bs_size = inst->vpu_inst.bs_size;
memcpy(bs_buf->va,
inst->work_bufs[VENC_H264_VPU_WORK_BUF_SKIP_FRAME].va,
*bs_size);
++inst->frm_cnt;
++inst->skip_frm_cnt;
return ret;
Reported by FlawFinder.
Line: 498
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(p, h264_filler_marker, ARRAY_SIZE(h264_filler_marker));
size -= H264_FILLER_MARKER_SIZE;
p += H264_FILLER_MARKER_SIZE;
memset(p, 0xff, size);
}
Reported by FlawFinder.
drivers/media/usb/em28xx/em28xx.h
4 issues
Line: 610
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct em28xx_audio {
char name[50];
unsigned int num_urb;
char **transfer_buffer;
struct urb **urb;
struct usb_device *udev;
unsigned int capture_transfer_done;
Reported by FlawFinder.
Line: 668
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int i2c_speed:2;
enum em28xx_int_audio_type int_audio_type;
enum em28xx_usb_audio_type usb_audio_type;
unsigned char name[32];
struct em28xx_board board;
enum em28xx_sensor em28xx_sensor; // camera specific
Reported by FlawFinder.
Line: 752
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// selected DVB ep at dvb_alt
unsigned int dvb_xfer_bulk:1; // use bulk instead of isoc
// transfers for DVB
char urb_buf[URB_MAX_CTRL_SIZE]; // urb control msg buffer
// helper funcs that call usb_control_msg
int (*em28xx_write_regs)(struct em28xx *dev, u16 reg,
char *buf, int len);
int (*em28xx_read_reg)(struct em28xx *dev, u16 reg);
Reported by FlawFinder.
Line: 773
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 num_button_polling_addresses;
u16 button_polling_interval; // [ms]
// Snapshot button input device
char snapshot_button_path[30]; // path of the input dev
struct input_dev *sbutton_input_dev;
#ifdef CONFIG_MEDIA_CONTROLLER
struct media_device *media_dev;
struct media_entity input_ent[MAX_EM28XX_INPUT];
Reported by FlawFinder.
drivers/media/radio/wl128x/fmdrv_tx.c
4 issues
Line: 42
Column: 4
CWE codes:
126
int ret;
ret = fmc_send_cmd(fmdev, RDS_DATA_SET, REG_WR, rds_text,
strlen(rds_text), NULL, NULL);
if (ret < 0)
return ret;
/* Scroll mode */
payload = (u16)0x1;
Reported by FlawFinder.
Line: 106
Column: 25
CWE codes:
126
if (rds_en_dis == FM_RDS_ENABLE) {
/* Set RDS length */
set_rds_len(fmdev, 0, strlen(rds_text));
/* Set RDS text */
set_rds_text(fmdev, rds_text);
/* Set RDS mode */
Reported by FlawFinder.
Line: 128
Column: 25
CWE codes:
126
if (rds_en_dis == FM_RDS_ENABLE) {
/* Set RDS length */
set_rds_len(fmdev, 0, strlen(rds_text));
/* Set RDS text */
set_rds_text(fmdev, rds_text);
}
fmdev->tx_data.rds.flag = rds_en_dis;
Reported by FlawFinder.
Line: 149
Column: 31
CWE codes:
126
fm_tx_set_rds_mode(fmdev, 0);
/* Set RDS length */
set_rds_len(fmdev, rds_type, strlen(rds_text));
/* Set RDS text */
set_rds_text(fmdev, rds_text);
/* Set RDS mode */
Reported by FlawFinder.
sound/core/timer_compat.c
4 issues
Line: 21
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_timer_id tid;
u32 period_num;
u32 period_den;
unsigned char reserved[32];
} __packed;
struct snd_timer_info32 {
u32 flags;
s32 card;
Reported by FlawFinder.
Line: 27
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_timer_info32 {
u32 flags;
s32 card;
unsigned char id[64];
unsigned char name[80];
u32 reserved0;
u32 resolution;
unsigned char reserved[64];
};
Reported by FlawFinder.
Line: 28
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 flags;
s32 card;
unsigned char id[64];
unsigned char name[80];
u32 reserved0;
u32 resolution;
unsigned char reserved[64];
};
Reported by FlawFinder.
Line: 31
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char name[80];
u32 reserved0;
u32 resolution;
unsigned char reserved[64];
};
static int snd_timer_user_gparams_compat(struct file *file,
struct snd_timer_gparams32 __user *user)
{
Reported by FlawFinder.
net/sunrpc/cache.c
4 issues
Line: 696
CWE codes:
476
{
struct cache_deferred_req *dreq;
if (req->thread_wait) {
cache_wait_req(req, item);
if (!test_bit(CACHE_PENDING, &item->flags))
return false;
}
dreq = req->defer(req);
Reported by Cppcheck.
Line: 696
CWE codes:
476
{
struct cache_deferred_req *dreq;
if (req->thread_wait) {
cache_wait_req(req, item);
if (!test_bit(CACHE_PENDING, &item->flags))
return false;
}
dreq = req->defer(req);
Reported by Cppcheck.
Line: 1485
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos,
struct cache_detail *cd)
{
char tbuf[22];
size_t len;
len = snprintf(tbuf, sizeof(tbuf), "%llu\n",
convert_to_wallclock(cd->flush_time));
return simple_read_from_buffer(buf, count, ppos, tbuf, len);
Reported by FlawFinder.
Line: 1497
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos,
struct cache_detail *cd)
{
char tbuf[20];
char *ep;
time64_t now;
if (*ppos || count > sizeof(tbuf)-1)
return -EINVAL;
Reported by FlawFinder.
sound/firewire/tascam/tascam.c
4 issues
Line: 77
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -ENODEV;
strcpy(tscm->card->driver, "FW-TASCAM");
strcpy(tscm->card->shortname, model);
strcpy(tscm->card->mixername, model);
snprintf(tscm->card->longname, sizeof(tscm->card->longname),
"TASCAM %s, GUID %08x%08x at %s, S%d", model,
fw_dev->config_rom[3], fw_dev->config_rom[4],
dev_name(&tscm->unit->device), 100 << fw_dev->max_speed);
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(tscm->card->driver, "FW-TASCAM");
strcpy(tscm->card->shortname, model);
strcpy(tscm->card->mixername, model);
snprintf(tscm->card->longname, sizeof(tscm->card->longname),
"TASCAM %s, GUID %08x%08x at %s, S%d", model,
fw_dev->config_rom[3], fw_dev->config_rom[4],
dev_name(&tscm->unit->device), 100 << fw_dev->max_speed);
Reported by FlawFinder.
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct fw_device *fw_dev = fw_parent_device(tscm->unit);
const u32 *config_rom = fw_dev->config_rom;
char model[9];
unsigned int i;
u8 c;
if (fw_dev->config_rom_length < 30) {
dev_err(&tscm->unit->device,
Reported by FlawFinder.
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (tscm->spec == NULL)
return -ENODEV;
strcpy(tscm->card->driver, "FW-TASCAM");
strcpy(tscm->card->shortname, model);
strcpy(tscm->card->mixername, model);
snprintf(tscm->card->longname, sizeof(tscm->card->longname),
"TASCAM %s, GUID %08x%08x at %s, S%d", model,
fw_dev->config_rom[3], fw_dev->config_rom[4],
Reported by FlawFinder.
sound/pci/ice1712/quartet.c
4 issues
Line: 35
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int bit;
void (*set_register)(struct snd_ice1712 *ice, unsigned int val);
unsigned int (*get_register)(struct snd_ice1712 *ice);
const char * const texts[2];
};
enum {
IN12_SEL = 0,
IN34_SEL,
Reported by FlawFinder.
Line: 51
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
OUT34_MON12,
};
static const char * const ext_clock_names[3] = {"IEC958 In", "Word Clock 1xFS",
"Word Clock 256xFS"};
/* chip address on I2C bus */
#define AK4113_ADDR 0x26 /* S/PDIF receiver */
Reported by FlawFinder.
Line: 478
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_info_buffer *buffer)
{
struct snd_ice1712 *ice = entry->private_data;
char bin_buffer[36];
snd_iprintf(buffer, "SCR: %s\n", get_binary(bin_buffer,
get_scr(ice)));
snd_iprintf(buffer, "MCR: %s\n", get_binary(bin_buffer,
get_mcr(ice)));
Reported by FlawFinder.
Line: 534
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int qtet_ain12_enum_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[3] =
{"Line In 1/2", "Mic", "Mic + Low-cut"};
return snd_ctl_enum_info(uinfo, 1, ARRAY_SIZE(texts), texts);
}
static int qtet_ain12_sw_get(struct snd_kcontrol *kcontrol,
Reported by FlawFinder.
sound/hda/hdmi_chmap.c
4 issues
Line: 842
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
chmap->private_data = hchmap;
kctl = chmap->kctl;
for (i = 0; i < kctl->count; i++)
kctl->vd[i].access |= SNDRV_CTL_ELEM_ACCESS_WRITE;
kctl->info = hdmi_chmap_ctl_info;
kctl->get = hdmi_chmap_ctl_get;
kctl->put = hdmi_chmap_ctl_put;
kctl->tlv.c = hdmi_chmap_ctl_tlv;
Reported by FlawFinder.
Line: 274
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
int ca = 0;
int spk_mask = 0;
char buf[SND_PRINT_CHANNEL_ALLOCATION_ADVISED_BUFSIZE];
/*
* CA defaults to 0 for basic stereo audio
*/
if (channels <= 2)
Reported by FlawFinder.
Line: 744
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_pcm_chmap *info = snd_kcontrol_chip(kcontrol);
struct hdac_chmap *chmap = info->private_data;
int pcm_idx = kcontrol->private_value;
unsigned char pcm_chmap[8];
int i;
memset(pcm_chmap, 0, sizeof(pcm_chmap));
chmap->ops.get_chmap(chmap->hdac, pcm_idx, pcm_chmap);
Reported by FlawFinder.
Line: 764
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int pcm_idx = kcontrol->private_value;
unsigned int ctl_idx;
struct snd_pcm_substream *substream;
unsigned char chmap[8], per_pin_chmap[8];
int i, err, ca, prepared = 0;
/* No monitor is connected in dyn_pcm_assign.
* It's invalid to setup the chmap
*/
Reported by FlawFinder.
sound/i2c/other/ak4117.c
4 issues
Line: 62
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
int snd_ak4117_create(struct snd_card *card, ak4117_read_t *read, ak4117_write_t *write,
const unsigned char pgm[5], void *private_data, struct ak4117 **r_ak4117)
{
struct ak4117 *chip;
int err = 0;
unsigned char reg;
static const struct snd_device_ops ops = {
Reported by FlawFinder.
Line: 34
Column: 17
CWE codes:
120
20
static inline unsigned char reg_read(struct ak4117 *ak4117, unsigned char reg)
{
return ak4117->read(ak4117->private_data, reg);
}
#if 0
static void reg_dump(struct ak4117 *ak4117)
{
Reported by FlawFinder.
Line: 61
Column: 61
CWE codes:
120
20
return 0;
}
int snd_ak4117_create(struct snd_card *card, ak4117_read_t *read, ak4117_write_t *write,
const unsigned char pgm[5], void *private_data, struct ak4117 **r_ak4117)
{
struct ak4117 *chip;
int err = 0;
unsigned char reg;
Reported by FlawFinder.
Line: 76
Column: 15
CWE codes:
120
20
return -ENOMEM;
spin_lock_init(&chip->lock);
chip->card = card;
chip->read = read;
chip->write = write;
chip->private_data = private_data;
timer_setup(&chip->timer, snd_ak4117_timer, 0);
for (reg = 0; reg < 5; reg++)
Reported by FlawFinder.