The following issues were found
sound/isa/ad1816a/ad1816a.c
4 issues
Line: 154
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "AD1816A");
strcpy(card->shortname, "ADI SoundPort AD1816A");
sprintf(card->longname, "%s, SS at 0x%lx, irq %d, dma %d&%d",
card->shortname, chip->port, irq[dev], dma1[dev], dma2[dev]);
error = snd_ad1816a_pcm(chip, 0);
if (error < 0) {
snd_card_free(card);
Reported by FlawFinder.
Line: 27
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 1-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_ISAPNP; /* Enable this card */
static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* PnP setup */
static long mpu_port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* PnP setup */
static long fm_port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* PnP setup */
static int irq[SNDRV_CARDS] = SNDRV_DEFAULT_IRQ; /* Pnp setup */
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (clockfreq[dev] >= 5000 && clockfreq[dev] <= 100000)
chip->clock_freq = clockfreq[dev];
strcpy(card->driver, "AD1816A");
strcpy(card->shortname, "ADI SoundPort AD1816A");
sprintf(card->longname, "%s, SS at 0x%lx, irq %d, dma %d&%d",
card->shortname, chip->port, irq[dev], dma1[dev], dma2[dev]);
error = snd_ad1816a_pcm(chip, 0);
Reported by FlawFinder.
Line: 153
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
chip->clock_freq = clockfreq[dev];
strcpy(card->driver, "AD1816A");
strcpy(card->shortname, "ADI SoundPort AD1816A");
sprintf(card->longname, "%s, SS at 0x%lx, irq %d, dma %d&%d",
card->shortname, chip->port, irq[dev], dma1[dev], dma2[dev]);
error = snd_ad1816a_pcm(chip, 0);
if (error < 0) {
Reported by FlawFinder.
sound/isa/ad1816a/ad1816a_lib.c
4 issues
Line: 671
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->private_data = chip;
pcm->info_flags = (chip->dma1 == chip->dma2 ) ? SNDRV_PCM_INFO_JOINT_DUPLEX : 0;
strcpy(pcm->name, snd_ad1816a_chip_id(chip));
snd_ad1816a_init(chip);
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV, chip->card->dev,
64*1024, chip->dma1 > 3 || chip->dma2 > 3 ? 128*1024 : 64*1024);
Reported by FlawFinder.
Line: 695
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
error = snd_timer_new(chip->card, "AD1816A", &tid, &timer);
if (error < 0)
return error;
strcpy(timer->name, snd_ad1816a_chip_id(chip));
timer->private_data = chip;
chip->timer = timer;
timer->hw = snd_ad1816a_timer_table;
return 0;
}
Reported by FlawFinder.
Line: 952
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
card = chip->card;
strcpy(card->mixername, snd_ad1816a_chip_id(chip));
for (idx = 0; idx < ARRAY_SIZE(snd_ad1816a_controls); idx++) {
err = snd_ctl_add(card, snd_ctl_new1(&snd_ad1816a_controls[idx], chip));
if (err < 0)
return err;
Reported by FlawFinder.
Line: 708
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_ad1816a_info_mux(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[8] = {
"Line", "Mix", "CD", "Synth", "Video",
"Mic", "Phone",
};
return snd_ctl_enum_info(uinfo, 2, 7, texts);
Reported by FlawFinder.
sound/pci/ice1712/delta.c
4 issues
Line: 568
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_PM_SLEEP
static int snd_ice1712_delta_resume(struct snd_ice1712 *ice)
{
unsigned char akm_img_bak[AK4XXX_IMAGE_SIZE];
unsigned char akm_vol_bak[AK4XXX_IMAGE_SIZE];
/* init spdif */
switch (ice->eeprom.subvendor) {
case ICE1712_SUBDEVICE_AUDIOPHILE:
Reported by FlawFinder.
Line: 569
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_ice1712_delta_resume(struct snd_ice1712 *ice)
{
unsigned char akm_img_bak[AK4XXX_IMAGE_SIZE];
unsigned char akm_vol_bak[AK4XXX_IMAGE_SIZE];
/* init spdif */
switch (ice->eeprom.subvendor) {
case ICE1712_SUBDEVICE_AUDIOPHILE:
case ICE1712_SUBDEVICE_DELTA410:
Reported by FlawFinder.
Line: 597
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(akm_img_bak, ice->akm->images, sizeof(akm_img_bak));
memcpy(akm_vol_bak, ice->akm->volumes, sizeof(akm_vol_bak));
snd_akm4xxx_init(ice->akm);
memcpy(ice->akm->images, akm_img_bak, sizeof(akm_img_bak));
memcpy(ice->akm->volumes, akm_vol_bak, sizeof(akm_vol_bak));
snd_akm4xxx_reset(ice->akm, 0);
}
return 0;
Reported by FlawFinder.
Line: 598
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(akm_vol_bak, ice->akm->volumes, sizeof(akm_vol_bak));
snd_akm4xxx_init(ice->akm);
memcpy(ice->akm->images, akm_img_bak, sizeof(akm_img_bak));
memcpy(ice->akm->volumes, akm_vol_bak, sizeof(akm_vol_bak));
snd_akm4xxx_reset(ice->akm, 0);
}
return 0;
}
Reported by FlawFinder.
sound/isa/adlib.c
4 issues
Line: 71
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
card->private_free = snd_adlib_free;
strcpy(card->driver, DEV_NAME);
strcpy(card->shortname, CRD_NAME);
sprintf(card->longname, CRD_NAME " at %#lx", port[n]);
error = snd_opl3_create(card, port[n], port[n] + 2, OPL3_HW_AUTO, 1, &opl3);
if (error < 0) {
Reported by FlawFinder.
Line: 72
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
card->private_free = snd_adlib_free;
strcpy(card->driver, DEV_NAME);
strcpy(card->shortname, CRD_NAME);
sprintf(card->longname, CRD_NAME " at %#lx", port[n]);
error = snd_opl3_create(card, port[n], port[n] + 2, OPL3_HW_AUTO, 1, &opl3);
if (error < 0) {
dev_err(dev, "could not create OPL\n");
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
strcpy(card->driver, DEV_NAME);
strcpy(card->shortname, CRD_NAME);
sprintf(card->longname, CRD_NAME " at %#lx", port[n]);
error = snd_opl3_create(card, port[n], port[n] + 2, OPL3_HW_AUTO, 1, &opl3);
if (error < 0) {
dev_err(dev, "could not create OPL\n");
goto out;
Reported by FlawFinder.
Line: 21
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE;
static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT;
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for " CRD_NAME " soundcard.");
Reported by FlawFinder.
sound/isa/azt2320.c
4 issues
Line: 202
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "AZT2320");
strcpy(card->shortname, "Aztech AZT2320");
sprintf(card->longname, "%s, WSS at 0x%lx, irq %i, dma %i&%i",
card->shortname, chip->port, irq[dev], dma1[dev], dma2[dev]);
error = snd_wss_pcm(chip, 0);
if (error < 0) {
snd_card_free(card);
Reported by FlawFinder.
Line: 40
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_ISAPNP; /* Enable this card */
static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* PnP setup */
static long wss_port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* PnP setup */
static long mpu_port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* PnP setup */
static long fm_port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* PnP setup */
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return error;
}
strcpy(card->driver, "AZT2320");
strcpy(card->shortname, "Aztech AZT2320");
sprintf(card->longname, "%s, WSS at 0x%lx, irq %i, dma %i&%i",
card->shortname, chip->port, irq[dev], dma1[dev], dma2[dev]);
error = snd_wss_pcm(chip, 0);
Reported by FlawFinder.
Line: 201
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcpy(card->driver, "AZT2320");
strcpy(card->shortname, "Aztech AZT2320");
sprintf(card->longname, "%s, WSS at 0x%lx, irq %i, dma %i&%i",
card->shortname, chip->port, irq[dev], dma1[dev], dma2[dev]);
error = snd_wss_pcm(chip, 0);
if (error < 0) {
Reported by FlawFinder.
net/tipc/addr.c
4 issues
Line: 60
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct tipc_net *tn = tipc_net(net);
memcpy(tn->node_id, id, NODE_ID_LEN);
tipc_nodeid2string(tn->node_id_string, id);
tn->trial_addr = hash128to32(id);
pr_info("Node identity %s, cluster identity %u\n",
tipc_own_id_string(net), tn->net_id);
}
Reported by FlawFinder.
Line: 74
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
tn->node_addr = addr;
if (!tipc_own_id(net)) {
sprintf(node_id, "%x", addr);
tipc_set_node_id(net, node_id);
}
tn->trial_addr = addr;
tn->addr_trial_end = jiffies;
pr_info("Node number set to %u\n", addr);
Reported by FlawFinder.
Line: 110
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
if (i == NODE_ID_LEN) {
memcpy(str, id, NODE_ID_LEN);
str[NODE_ID_LEN] = 0;
return str;
}
/* Translate to hex string */
Reported by FlawFinder.
Line: 117
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Translate to hex string */
for (i = 0; i < NODE_ID_LEN; i++)
sprintf(&str[2 * i], "%02x", id[i]);
/* Strip off trailing zeroes */
for (i = NODE_ID_STR_LEN - 2; str[i] == '0'; i--)
str[i] = 0;
Reported by FlawFinder.
sound/soc/qcom/qdsp6/q6afe.c
4 issues
Line: 556
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct afe_cmd_remote_lpass_core_hw_vote_request {
uint32_t hw_block_id;
char client_name[8];
} __packed;
struct afe_cmd_remote_lpass_core_hw_devote_request {
uint32_t hw_block_id;
uint32_t client_handle;
Reported by FlawFinder.
Line: 999
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
param = p + APR_HDR_SIZE;
pdata = p + APR_HDR_SIZE + sizeof(*param);
pl = p + APR_HDR_SIZE + sizeof(*param) + sizeof(*pdata);
memcpy(pl, data, psize);
pkt->hdr.hdr_field = APR_HDR_FIELD(APR_MSG_TYPE_SEQ_CMD,
APR_HDR_LEN(APR_HDR_SIZE),
APR_PKT_VER);
pkt->hdr.pkt_size = pkt_size;
Reported by FlawFinder.
Line: 1053
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
param = p + APR_HDR_SIZE;
pdata = p + APR_HDR_SIZE + sizeof(*param);
pl = p + APR_HDR_SIZE + sizeof(*param) + sizeof(*pdata);
memcpy(pl, data, psize);
pkt->hdr.hdr_field = APR_HDR_FIELD(APR_MSG_TYPE_SEQ_CMD,
APR_HDR_LEN(APR_HDR_SIZE),
APR_PKT_VER);
pkt->hdr.pkt_size = pkt_size;
Reported by FlawFinder.
Line: 1287
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
port->scfg->num_channels = cfg->num_channels;
port->scfg->bitwidth = cfg->bit_width;
port->scfg->data_align_type = cfg->data_align_type;
memcpy(port->scfg->ch_mapping, cfg->ch_mapping,
sizeof(u16) * AFE_PORT_MAX_AUDIO_CHAN_CNT);
}
EXPORT_SYMBOL_GPL(q6afe_tdm_port_prepare);
/**
Reported by FlawFinder.
net/tipc/bearer.h
4 issues
Line: 128
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 mtu;
u32 type_id;
u32 hwaddr_len;
char name[TIPC_MAX_MEDIA_NAME];
};
/**
* struct tipc_bearer - Generic TIPC bearer structure
* @media_ptr: pointer to additional media-specific information about bearer
Reported by FlawFinder.
Line: 160
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __rcu *media_ptr; /* initialized by media */
u32 mtu; /* initialized by media */
struct tipc_media_addr addr; /* initialized by media */
char name[TIPC_MAX_BEARER_NAME];
struct tipc_media *media;
struct tipc_media_addr bcast_addr;
struct packet_type pt;
struct rcu_head rcu;
u32 priority;
Reported by FlawFinder.
Line: 178
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct tipc_bearer_names {
char media_name[TIPC_MAX_MEDIA_NAME];
char if_name[TIPC_MAX_IF_NAME];
};
/*
* TIPC routines available to supported media types
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tipc_bearer_names {
char media_name[TIPC_MAX_MEDIA_NAME];
char if_name[TIPC_MAX_IF_NAME];
};
/*
* TIPC routines available to supported media types
*/
Reported by FlawFinder.
samples/bpf/syscall_tp_user.c
4 issues
Line: 121
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int opt, num_progs = 1;
char filename[256];
while ((opt = getopt(argc, argv, "i:h")) != -1) {
switch (opt) {
case 'i':
num_progs = atoi(optarg);
break;
case 'h':
Reported by FlawFinder.
Line: 94
Column: 7
CWE codes:
362
* cpu affinity.
*/
/* trigger some "open" operations */
fd = open(filename, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "open failed: %s\n", strerror(errno));
return 1;
}
close(fd);
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char **argv)
{
int opt, num_progs = 1;
char filename[256];
while ((opt = getopt(argc, argv, "i:h")) != -1) {
switch (opt) {
case 'i':
num_progs = atoi(optarg);
Reported by FlawFinder.
Line: 124
Column: 16
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
while ((opt = getopt(argc, argv, "i:h")) != -1) {
switch (opt) {
case 'i':
num_progs = atoi(optarg);
break;
case 'h':
default:
usage(argv[0]);
return 0;
Reported by FlawFinder.
sound/isa/galaxy/galaxy.c
4 issues
Line: 551
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto error;
}
strcpy(card->driver, DRV_NAME);
strcpy(card->shortname, DRV_NAME);
sprintf(card->longname, "%s at %#lx/%#lx, irq %d, dma %d/%d",
card->shortname, port[n], wss_port[n], irq[n], dma1[n],
dma2[n]);
Reported by FlawFinder.
Line: 552
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcpy(card->driver, DRV_NAME);
strcpy(card->shortname, DRV_NAME);
sprintf(card->longname, "%s at %#lx/%#lx, irq %d, dma %d/%d",
card->shortname, port[n], wss_port[n], irq[n], dma1[n],
dma2[n]);
err = snd_wss_create(card, wss_port[n] + 4, -1, irq[n], dma1[n],
Reported by FlawFinder.
Line: 553
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, DRV_NAME);
strcpy(card->shortname, DRV_NAME);
sprintf(card->longname, "%s at %#lx/%#lx, irq %d, dma %d/%d",
card->shortname, port[n], wss_port[n], irq[n], dma1[n],
dma2[n]);
err = snd_wss_create(card, wss_port[n] + 4, -1, irq[n], dma1[n],
dma2[n], WSS_HW_DETECT, 0, &chip);
Reported by FlawFinder.
Line: 24
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE;
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for " CRD_NAME " soundcard.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.