The following issues were found
sound/core/compress_offload.c
4 issues
Line: 133
Column: 20
CWE codes:
362
data->stream.runtime = runtime;
f->private_data = (void *)data;
mutex_lock(&compr->lock);
ret = compr->ops->open(&data->stream);
mutex_unlock(&compr->lock);
if (ret) {
kfree(runtime);
kfree(data);
}
Reported by FlawFinder.
Line: 1105
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_compress_proc_init(struct snd_compr *compr)
{
struct snd_info_entry *entry;
char name[16];
sprintf(name, "compr%i", compr->device);
entry = snd_info_create_card_entry(compr->card, name,
compr->card->proc_root);
if (!entry)
Reported by FlawFinder.
Line: 1107
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct snd_info_entry *entry;
char name[16];
sprintf(name, "compr%i", compr->device);
entry = snd_info_create_card_entry(compr->card, name,
compr->card->proc_root);
if (!entry)
return -ENOMEM;
entry->mode = S_IFDIR | 0555;
Reported by FlawFinder.
Line: 1233
Column: 31
CWE codes:
362
return -EINVAL;
pr_debug("Registering compressed device %s\n", device->name);
if (snd_BUG_ON(!device->ops->open))
return -EINVAL;
if (snd_BUG_ON(!device->ops->free))
return -EINVAL;
if (snd_BUG_ON(!device->ops->set_params))
return -EINVAL;
Reported by FlawFinder.
scripts/dtc/fdtget.c
4 issues
Line: 96
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf(" ");
value = size == 4 ? fdt32_to_cpu(*(const uint32_t *)p) :
size == 2 ? (*p << 8) | p[1] : *p;
printf(fmt, value);
}
return 0;
}
/**
Reported by FlawFinder.
Line: 302
Column: 11
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
disp.size = -1;
disp.mode = MODE_SHOW_VALUE;
for (;;) {
int c = getopt(argc, argv, "d:hlpt:");
if (c == -1)
break;
switch (c) {
case 'h':
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *s;
int value;
int is_string;
char fmt[3];
/* no data, don't print */
if (len == 0)
return 0;
Reported by FlawFinder.
Line: 73
Column: 39
CWE codes:
126
fprintf(stderr, "Unterminated string\n");
return -1;
}
for (s = data; s - data < len; s += strlen(s) + 1) {
if (s != data)
printf(" ");
printf("%s", (const char *)s);
}
return 0;
Reported by FlawFinder.
sound/core/hwdep.c
4 issues
Line: 101
Column: 16
CWE codes:
362
err = -EBUSY;
break;
}
if (!hw->ops.open) {
err = 0;
break;
}
err = hw->ops.open(hw, file);
if (err >= 0)
Reported by FlawFinder.
Line: 105
Column: 17
CWE codes:
362
err = 0;
break;
}
err = hw->ops.open(hw, file);
if (err >= 0)
break;
if (err == -EAGAIN) {
if (file->f_flags & O_NONBLOCK) {
err = -EBUSY;
Reported by FlawFinder.
Line: 54
Column: 14
CWE codes:
120
20
size_t count, loff_t *offset)
{
struct snd_hwdep *hw = file->private_data;
if (hw->ops.read)
return hw->ops.read(hw, buf, count, offset);
return -ENXIO;
}
static ssize_t snd_hwdep_write(struct file * file, const char __user *buf,
Reported by FlawFinder.
Line: 55
Column: 18
CWE codes:
120
20
{
struct snd_hwdep *hw = file->private_data;
if (hw->ops.read)
return hw->ops.read(hw, buf, count, offset);
return -ENXIO;
}
static ssize_t snd_hwdep_write(struct file * file, const char __user *buf,
size_t count, loff_t *offset)
Reported by FlawFinder.
sound/soc/intel/boards/bxt_rt298.c
4 issues
Line: 331
Column: 21
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
SND_SOC_DAILINK_DEF(dummy,
DAILINK_COMP_ARRAY(COMP_DUMMY()));
SND_SOC_DAILINK_DEF(system,
DAILINK_COMP_ARRAY(COMP_CPU("System Pin")));
SND_SOC_DAILINK_DEF(reference,
DAILINK_COMP_ARRAY(COMP_CPU("Reference Pin")));
Reported by FlawFinder.
Line: 399
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
.trigger = {SND_SOC_DPCM_TRIGGER_POST, SND_SOC_DPCM_TRIGGER_POST},
.dpcm_playback = 1,
.ops = &broxton_rt286_fe_ops,
SND_SOC_DAILINK_REG(system, dummy, platform),
},
[BXT_DPCM_AUDIO_CP] =
{
.name = "Bxt Audio Capture Port",
.stream_name = "Audio Record",
Reported by FlawFinder.
Line: 410
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
.trigger = {SND_SOC_DPCM_TRIGGER_POST, SND_SOC_DPCM_TRIGGER_POST},
.dpcm_capture = 1,
.ops = &broxton_rt286_fe_ops,
SND_SOC_DAILINK_REG(system, dummy, platform),
},
[BXT_DPCM_AUDIO_REF_CP] =
{
.name = "Bxt Audio Reference cap",
.stream_name = "refcap",
Reported by FlawFinder.
Line: 530
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bxt_hdmi_pcm *pcm;
struct snd_soc_component *component = NULL;
int err, i = 0;
char jack_name[NAME_SIZE];
if (list_empty(&ctx->hdmi_pcm_list))
return -EINVAL;
if (ctx->common_hdmi_codec_drv) {
Reported by FlawFinder.
sound/soc/intel/boards/bxt_da7219_max98357a.c
4 issues
Line: 410
Column: 21
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
SND_SOC_DAILINK_DEF(dummy,
DAILINK_COMP_ARRAY(COMP_DUMMY()));
SND_SOC_DAILINK_DEF(system,
DAILINK_COMP_ARRAY(COMP_CPU("System Pin")));
SND_SOC_DAILINK_DEF(system2,
DAILINK_COMP_ARRAY(COMP_CPU("System Pin2")));
Reported by FlawFinder.
Line: 490
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
SND_SOC_DPCM_TRIGGER_POST, SND_SOC_DPCM_TRIGGER_POST},
.dpcm_playback = 1,
.ops = &broxton_da7219_fe_ops,
SND_SOC_DAILINK_REG(system, dummy, platform),
},
[BXT_DPCM_AUDIO_CP] =
{
.name = "Bxt Audio Capture Port",
.stream_name = "Audio Record",
Reported by FlawFinder.
Line: 502
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
SND_SOC_DPCM_TRIGGER_POST, SND_SOC_DPCM_TRIGGER_POST},
.dpcm_capture = 1,
.ops = &broxton_da7219_fe_ops,
SND_SOC_DAILINK_REG(system, dummy, platform),
},
[BXT_DPCM_AUDIO_HS_PB] = {
.name = "Bxt Audio Headset Playback",
.stream_name = "Headset Playback",
.dynamic = 1,
Reported by FlawFinder.
Line: 659
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct snd_soc_dapm_widget *widgets;
const struct snd_soc_dapm_route *routes;
int num_controls, num_widgets, num_routes, err, i = 0;
char jack_name[NAME_SIZE];
switch (ctx->spkamp) {
case SPKAMP_MAX98357A:
controls = max98357a_controls;
num_controls = ARRAY_SIZE(max98357a_controls);
Reported by FlawFinder.
scripts/kconfig/tests/choice_value_with_m_dep/__init__.py
4 issues
Line: 13
Column: 1
"""
def test(conf):
assert conf.oldaskconfig('config', 'y') == 0
assert conf.config_contains('expected_config')
assert conf.stdout_contains('expected_stdout')
Reported by Pylint.
Line: 14
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldaskconfig('config', 'y') == 0
assert conf.config_contains('expected_config')
assert conf.stdout_contains('expected_stdout')
Reported by Bandit.
Line: 15
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldaskconfig('config', 'y') == 0
assert conf.config_contains('expected_config')
assert conf.stdout_contains('expected_stdout')
Reported by Bandit.
Line: 16
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldaskconfig('config', 'y') == 0
assert conf.config_contains('expected_config')
assert conf.stdout_contains('expected_stdout')
Reported by Bandit.
sound/core/oss/pcm_plugin.c
4 issues
Line: 580
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (width < 0)
return width;
nchannels = format->channels;
if (snd_BUG_ON(plugin->access != SNDRV_PCM_ACCESS_RW_INTERLEAVED &&
format->channels > 1))
return -ENXIO;
for (channel = 0; channel < nchannels; channel++, v++) {
v->frames = count;
v->enabled = 1;
Reported by FlawFinder.
Line: 708
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
width /= 8;
while (samples-- > 0) {
memcpy(dst, silence, width);
dst += dst_step;
}
}
return 0;
}
Reported by FlawFinder.
Line: 735
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (src_area->step == (unsigned int) width &&
dst_area->step == (unsigned int) width && width >= 8) {
size_t bytes = samples * width / 8;
memcpy(dst, src, bytes);
return 0;
}
src_step = src_area->step / 8;
dst_step = dst_area->step / 8;
if (width == 4) {
Reported by FlawFinder.
Line: 772
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
width /= 8;
while (samples-- > 0) {
memcpy(dst, src, width);
src += src_step;
dst += dst_step;
}
}
return 0;
Reported by FlawFinder.
sound/soc/fsl/fsl_ssi.c
4 issues
Line: 278
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct imx_pcm_fiq_params fiq_params;
struct platform_device *card_pdev;
char card_name[32];
u32 card_idx;
struct fsl_ssi_dbg dbg_stats;
const struct fsl_ssi_soc_data *soc;
Reported by FlawFinder.
Line: 1420
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
dev_err(dev, "failed to get SSI index property\n");
return -EINVAL;
}
strcpy(ssi->card_name, "ac97-codec");
} else if (!of_find_property(np, "fsl,ssi-asynchronous", NULL)) {
/*
* In synchronous mode, STCK and STFS ports are used by RX
* as well. So the software should limit the sample rates,
* sample bits and channels to be symmetric.
Reported by FlawFinder.
Line: 1497
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
if (fsl_ssi_is_ac97(ssi)) {
memcpy(&ssi->cpu_dai_drv, &fsl_ssi_ac97_dai,
sizeof(fsl_ssi_ac97_dai));
fsl_ac97_data = ssi;
} else {
memcpy(&ssi->cpu_dai_drv, &fsl_ssi_dai_template,
sizeof(fsl_ssi_dai_template));
Reported by FlawFinder.
Line: 1501
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(fsl_ssi_ac97_dai));
fsl_ac97_data = ssi;
} else {
memcpy(&ssi->cpu_dai_drv, &fsl_ssi_dai_template,
sizeof(fsl_ssi_dai_template));
}
ssi->cpu_dai_drv.name = dev_name(dev);
iomem = devm_platform_get_and_ioremap_resource(pdev, 0, &res);
Reported by FlawFinder.
security/apparmor/lsm.c
4 issues
Line: 1540
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -EINVAL;
if (apparmor_initialized && !policy_view_capable(NULL))
return -EPERM;
return sprintf(buffer, "%s", audit_mode_names[aa_g_audit]);
}
static int param_set_audit(const char *val, const struct kernel_param *kp)
{
int i;
Reported by FlawFinder.
Line: 1569
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (apparmor_initialized && !policy_view_capable(NULL))
return -EPERM;
return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]);
}
static int param_set_mode(const char *val, const struct kernel_param *kp)
{
int i;
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union aa_buffer {
struct list_head list;
char buffer[1];
};
#define RESERVE_COUNT 2
static int reserve_count = RESERVE_COUNT;
static int buffer_count;
Reported by FlawFinder.
Line: 641
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
largs = args = kmalloc(size + 1, GFP_KERNEL);
if (!args)
return -ENOMEM;
memcpy(args, value, size);
args[size] = '\0';
}
error = -EINVAL;
args = strim(args);
Reported by FlawFinder.
samples/qmi/qmi_sample_client.c
4 issues
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct test_name_type_v01 {
u32 name_len;
char name[TEST_MAX_NAME_SIZE_V01];
};
static struct qmi_elem_info test_name_type_v01_ei[] = {
{
.data_type = QMI_DATA_LEN,
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct test_ping_req_msg_v01 {
char ping[4];
u8 client_name_valid;
struct test_name_type_v01 client_name;
};
Reported by FlawFinder.
Line: 110
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qmi_response_type_v01 resp;
u8 pong_valid;
char pong[4];
u8 service_name_valid;
struct test_name_type_v01 service_name;
};
Reported by FlawFinder.
Line: 457
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct sockaddr_qrtr *sq;
struct qmi_sample *sample;
char path[20];
int ret;
sample = devm_kzalloc(&pdev->dev, sizeof(*sample), GFP_KERNEL);
if (!sample)
return -ENOMEM;
Reported by FlawFinder.