The following issues were found
sound/isa/sb/sb8_main.c
4 issues
Line: 470
Column: 12
CWE codes:
362
unsigned long flags;
spin_lock_irqsave(&chip->open_lock, flags);
if (chip->open) {
spin_unlock_irqrestore(&chip->open_lock, flags);
return -EAGAIN;
}
chip->open |= SB_OPEN_PCM;
spin_unlock_irqrestore(&chip->open_lock, flags);
Reported by FlawFinder.
Line: 474
Column: 8
CWE codes:
362
spin_unlock_irqrestore(&chip->open_lock, flags);
return -EAGAIN;
}
chip->open |= SB_OPEN_PCM;
spin_unlock_irqrestore(&chip->open_lock, flags);
if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) {
chip->playback_substream = substream;
runtime->hw = snd_sb8_playback;
} else {
Reported by FlawFinder.
Line: 534
Column: 8
CWE codes:
362
chip->playback_substream = NULL;
chip->capture_substream = NULL;
spin_lock_irqsave(&chip->open_lock, flags);
chip->open &= ~SB_OPEN_PCM;
if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)
chip->mode &= ~SB_MODE_PLAYBACK;
else
chip->mode &= ~SB_MODE_CAPTURE;
spin_unlock_irqrestore(&chip->open_lock, flags);
Reported by FlawFinder.
Line: 573
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
err = snd_pcm_new(card, "SB8 DSP", device, 1, 1, &pcm);
if (err < 0)
return err;
sprintf(pcm->name, "DSP v%i.%i", chip->version >> 8, chip->version & 0xff);
pcm->info_flags = SNDRV_PCM_INFO_HALF_DUPLEX;
pcm->private_data = chip;
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &snd_sb8_playback_ops);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_sb8_capture_ops);
Reported by FlawFinder.
net/rxrpc/security.c
4 issues
Line: 149
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rxrpc_sock *rx;
struct key *key = ERR_PTR(-EKEYREJECTED);
key_ref_t kref = NULL;
char kdesc[5 + 1 + 3 + 1 + 12 + 1 + 12 + 1];
int ret;
_enter("");
if (enctype)
Reported by FlawFinder.
Line: 155
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
_enter("");
if (enctype)
sprintf(kdesc, "%u:%u:%u:%u",
sp->hdr.serviceId, sp->hdr.securityIndex, kvno, enctype);
else if (kvno)
sprintf(kdesc, "%u:%u:%u",
sp->hdr.serviceId, sp->hdr.securityIndex, kvno);
else
Reported by FlawFinder.
Line: 158
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(kdesc, "%u:%u:%u:%u",
sp->hdr.serviceId, sp->hdr.securityIndex, kvno, enctype);
else if (kvno)
sprintf(kdesc, "%u:%u:%u",
sp->hdr.serviceId, sp->hdr.securityIndex, kvno);
else
sprintf(kdesc, "%u:%u",
sp->hdr.serviceId, sp->hdr.securityIndex);
Reported by FlawFinder.
Line: 161
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
sprintf(kdesc, "%u:%u:%u",
sp->hdr.serviceId, sp->hdr.securityIndex, kvno);
else
sprintf(kdesc, "%u:%u",
sp->hdr.serviceId, sp->hdr.securityIndex);
rcu_read_lock();
rx = rcu_dereference(conn->params.local->service);
Reported by FlawFinder.
scripts/kconfig/tests/preprocess/builtin_func/__init__.py
4 issues
Line: 6
Column: 1
Built-in function tests.
"""
def test(conf):
assert conf.oldaskconfig() == 0
assert conf.stdout_contains('expected_stdout')
assert conf.stderr_matches('expected_stderr')
Reported by Pylint.
Line: 7
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
"""
def test(conf):
assert conf.oldaskconfig() == 0
assert conf.stdout_contains('expected_stdout')
assert conf.stderr_matches('expected_stderr')
Reported by Bandit.
Line: 8
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldaskconfig() == 0
assert conf.stdout_contains('expected_stdout')
assert conf.stderr_matches('expected_stderr')
Reported by Bandit.
Line: 9
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldaskconfig() == 0
assert conf.stdout_contains('expected_stdout')
assert conf.stderr_matches('expected_stderr')
Reported by Bandit.
sound/isa/sscape.c
4 issues
Line: 1066
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto _release_dma;
}
strcpy(card->driver, "SoundScape");
strcpy(card->shortname, name);
snprintf(card->longname, sizeof(card->longname),
"%s at 0x%lx, IRQ %d, DMA1 %d, DMA2 %d\n",
name, sscape->chip->port, sscape->chip->irq,
sscape->chip->dma1, sscape->chip->dma2);
Reported by FlawFinder.
Line: 465
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned long len;
len = min(size, dma.bytes);
memcpy(dma.area, data, len);
data += len;
size -= len;
snd_dma_program(s->chip->dma1, dma.addr, len, DMA_MODE_WRITE);
sscape_start_dma_unsafe(s->io_base, GA_DMAA_REG);
Reported by FlawFinder.
Line: 568
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct soundscape *sscape = get_card_soundscape(card);
const struct firmware *init_fw = NULL;
char name[14];
int err;
snprintf(name, sizeof(name), "sndscape.co%d", version);
err = request_firmware(&init_fw, name, card->dev);
Reported by FlawFinder.
Line: 1065
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
wss_port[dev], irq[dev]);
goto _release_dma;
}
strcpy(card->driver, "SoundScape");
strcpy(card->shortname, name);
snprintf(card->longname, sizeof(card->longname),
"%s at 0x%lx, IRQ %d, DMA1 %d, DMA2 %d\n",
name, sscape->chip->port, sscape->chip->irq,
sscape->chip->dma1, sscape->chip->dma2);
Reported by FlawFinder.
net/xfrm/xfrm_state.c
4 issues
Line: 941
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case AF_INET6:
if (ipv6_addr_any((struct in6_addr *)&x->id.daddr))
memcpy(&x->id.daddr, daddr, sizeof(x->sel.daddr));
memcpy(&x->props.saddr, &tmpl->saddr, sizeof(x->props.saddr));
if (ipv6_addr_any((struct in6_addr *)&x->props.saddr))
memcpy(&x->props.saddr, saddr, sizeof(x->props.saddr));
break;
}
Reported by FlawFinder.
Line: 1497
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uctx->ctx_doi = security->ctx_doi;
uctx->ctx_alg = security->ctx_alg;
uctx->ctx_len = security->ctx_len;
memcpy(uctx + 1, security->ctx_str, security->ctx_len);
err = security_xfrm_state_alloc(x, uctx);
kfree(uctx);
if (err)
return err;
Reported by FlawFinder.
Line: 1731
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (likely(x1->km.state == XFRM_STATE_VALID)) {
if (x->encap && x1->encap &&
x->encap->encap_type == x1->encap->encap_type)
memcpy(x1->encap, x->encap, sizeof(*x1->encap));
else if (x->encap || x1->encap)
goto fail;
if (x->coaddr && x1->coaddr) {
memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
Reported by FlawFinder.
Line: 1736
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto fail;
if (x->coaddr && x1->coaddr) {
memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
}
if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
x1->km.dying = 0;
Reported by FlawFinder.
sound/mips/ad1843.c
4 issues
Line: 177
Column: 14
CWE codes:
120
20
{
int w;
w = ad1843->read(ad1843->chip, field->reg);
return w >> field->lo_bit & ((1 << field->nbits) - 1);
}
/*
* write a new value to an AD1843 bitfield and return the old value.
Reported by FlawFinder.
Line: 191
Column: 14
CWE codes:
120
20
{
int w, mask, oldval, newbits;
w = ad1843->read(ad1843->chip, field->reg);
mask = ((1 << field->nbits) - 1) << field->lo_bit;
oldval = (w & mask) >> field->lo_bit;
newbits = (newval << field->lo_bit) & mask;
w = (w & ~mask) | newbits;
ad1843->write(ad1843->chip, field->reg, w);
Reported by FlawFinder.
Line: 226
Column: 16
CWE codes:
120
20
value = va_arg(ap, int *);
if (reg == -1) {
reg = fp->reg;
w = ad1843->read(ad1843->chip, reg);
}
mask = (1 << fp->nbits) - 1;
*value = w >> fp->lo_bit & mask;
}
Reported by FlawFinder.
net/tls/tls_device_fallback.c
4 issues
Line: 55
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct scatter_walk *out, int *in_len,
struct tls_prot_info *prot)
{
unsigned char buf[TLS_HEADER_SIZE + TLS_CIPHER_AES_GCM_128_IV_SIZE];
struct scatterlist sg_in[3];
struct scatterlist sg_out[3];
u16 len;
int rc;
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tls_make_aad(aad, len - TLS_CIPHER_AES_GCM_128_TAG_SIZE,
(char *)&rcd_sn, buf[0], prot);
memcpy(iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, buf + TLS_HEADER_SIZE,
TLS_CIPHER_AES_GCM_128_IV_SIZE);
sg_init_table(sg_in, ARRAY_SIZE(sg_in));
sg_init_table(sg_out, ARRAY_SIZE(sg_out));
sg_set_buf(sg_in, aad, TLS_AAD_SPACE_SIZE);
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_copy_header(nskb, skb);
skb_put(nskb, skb->len);
memcpy(nskb->data, skb->data, headln);
nskb->destructor = skb->destructor;
nskb->sk = sk;
skb->destructor = NULL;
skb->sk = NULL;
Reported by FlawFinder.
Line: 335
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto free_req;
iv = buf;
memcpy(iv, tls_ctx->crypto_send.aes_gcm_128.salt,
TLS_CIPHER_AES_GCM_128_SALT_SIZE);
aad = buf + TLS_CIPHER_AES_GCM_128_SALT_SIZE +
TLS_CIPHER_AES_GCM_128_IV_SIZE;
dummy_buf = aad + TLS_AAD_SPACE_SIZE;
Reported by FlawFinder.
sound/pci/cs5535audio/cs5535audio.c
4 issues
Line: 361
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
goto probefail_out;
strcpy(card->driver, DRIVER_NAME);
strcpy(card->shortname, "CS5535 Audio");
sprintf(card->longname, "%s %s at 0x%lx, irq %i",
card->shortname, card->driver,
cs5535au->port, cs5535au->irq);
Reported by FlawFinder.
Line: 364
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, DRIVER_NAME);
strcpy(card->shortname, "CS5535 Audio");
sprintf(card->longname, "%s %s at 0x%lx, irq %i",
card->shortname, card->driver,
cs5535au->port, cs5535au->irq);
err = snd_card_register(card);
if (err < 0)
Reported by FlawFinder.
Line: 45
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for " DRIVER_NAME);
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 363
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(card->driver, DRIVER_NAME);
strcpy(card->shortname, "CS5535 Audio");
sprintf(card->longname, "%s %s at 0x%lx, irq %i",
card->shortname, card->driver,
cs5535au->port, cs5535au->irq);
err = snd_card_register(card);
Reported by FlawFinder.
sound/pci/cs5530.c
4 issues
Line: 270
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "CS5530");
strcpy(card->shortname, "CS5530 Audio");
sprintf(card->longname, "%s at 0x%lx", card->shortname, chip->pci_base);
err = snd_card_register(card);
if (err < 0) {
snd_card_free(card);
return err;
Reported by FlawFinder.
Line: 43
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX;
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR;
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP;
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for CS5530 Audio driver.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 268
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
}
strcpy(card->driver, "CS5530");
strcpy(card->shortname, "CS5530 Audio");
sprintf(card->longname, "%s at 0x%lx", card->shortname, chip->pci_base);
err = snd_card_register(card);
if (err < 0) {
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcpy(card->driver, "CS5530");
strcpy(card->shortname, "CS5530 Audio");
sprintf(card->longname, "%s at 0x%lx", card->shortname, chip->pci_base);
err = snd_card_register(card);
if (err < 0) {
snd_card_free(card);
Reported by FlawFinder.
sound/pci/ali5451/ali5451.c
4 issues
Line: 1650
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->info_flags = 0;
pcm->dev_class = desc->class;
pcm->dev_subclass = SNDRV_PCM_SUBCLASS_GENERIC_MIX;
strcpy(pcm->name, desc->name);
codec->pcm[0] = pcm;
return 0;
}
static struct ali_pcm_description ali_pcms[] = {
Reported by FlawFinder.
Line: 2199
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, "ALI5451");
strcpy(card->shortname, "ALI 5451");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, codec->port, codec->irq);
dev_dbg(&pci->dev, "register card.\n");
err = snd_card_register(card);
if (err < 0)
Reported by FlawFinder.
Line: 2196
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snd_ali_proc_init(codec);
strcpy(card->driver, "ALI5451");
strcpy(card->shortname, "ALI 5451");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, codec->port, codec->irq);
Reported by FlawFinder.
Line: 2197
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snd_ali_proc_init(codec);
strcpy(card->driver, "ALI5451");
strcpy(card->shortname, "ALI 5451");
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname, codec->port, codec->irq);
dev_dbg(&pci->dev, "register card.\n");
Reported by FlawFinder.