The following issues were found
sound/core/seq/oss/seq_oss_synth.c
4 issues
Line: 33
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct seq_oss_synth_sysex {
int len;
int skip;
unsigned char buf[MAX_SYSEX_BUFLEN];
};
/* synth info */
struct seq_oss_synth {
int seq_device;
Reported by FlawFinder.
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int synth_subtype;
int nr_voices;
char name[SNDRV_SEQ_OSS_MAX_SYNTH_NAME];
struct snd_seq_oss_callback oper;
int opened;
void *private_data;
Reported by FlawFinder.
Line: 230
Column: 17
CWE codes:
362
snd_use_lock_free(&rec->use_lock);
continue;
}
if (rec->oper.open(&info->arg, rec->private_data) < 0) {
module_put(rec->oper.owner);
snd_use_lock_free(&rec->use_lock);
continue;
}
info->nr_voices = rec->nr_voices;
Reported by FlawFinder.
Line: 597
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!info || info->is_midi)
return -ENXIO;
ev->type = SNDRV_SEQ_EVENT_OSS;
memcpy(ev->data.raw8.d, data, 8);
return snd_seq_oss_synth_addr(dp, dev, ev);
}
/*
Reported by FlawFinder.
sound/soc/codecs/wcd934x.c
4 issues
Line: 3187
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 coeff[BAND_MAX];
int reg = WCD934X_CDC_SIDETONE_IIR0_IIR_COEF_B1_CTL + 16 * iir_idx;
memcpy(&coeff[0], ucontrol->value.bytes.data, params->max);
/* Mask top bit it is reserved */
/* Updates addr automatically for each B2 write */
snd_soc_component_write(component, reg, (band_idx * BAND_MAX *
sizeof(uint32_t)) & 0x7F);
Reported by FlawFinder.
Line: 3221
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
coeff[3] = get_iir_band_coeff(component, iir_idx, band_idx, 3);
coeff[4] = get_iir_band_coeff(component, iir_idx, band_idx, 4);
memcpy(ucontrol->value.bytes.data, &coeff[0], params->max);
return 0;
}
static int wcd934x_iir_filter_info(struct snd_kcontrol *kcontrol,
Reported by FlawFinder.
Line: 5888
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
regmap_update_bits(wcd->regmap, WCD934X_CODEC_RPM_CLK_MCLK_CFG,
WCD934X_CODEC_RPM_CLK_MCLK_CFG_MCLK_MASK,
WCD934X_CODEC_RPM_CLK_MCLK_CFG_9P6MHZ);
memcpy(wcd->rx_chs, wcd934x_rx_chs, sizeof(wcd934x_rx_chs));
memcpy(wcd->tx_chs, wcd934x_tx_chs, sizeof(wcd934x_tx_chs));
irq = regmap_irq_get_virq(data->irq_data, WCD934X_IRQ_SLIMBUS);
if (irq < 0) {
dev_err(wcd->dev, "Failed to get SLIM IRQ\n");
Reported by FlawFinder.
Line: 5889
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WCD934X_CODEC_RPM_CLK_MCLK_CFG_MCLK_MASK,
WCD934X_CODEC_RPM_CLK_MCLK_CFG_9P6MHZ);
memcpy(wcd->rx_chs, wcd934x_rx_chs, sizeof(wcd934x_rx_chs));
memcpy(wcd->tx_chs, wcd934x_tx_chs, sizeof(wcd934x_tx_chs));
irq = regmap_irq_get_virq(data->irq_data, WCD934X_IRQ_SLIMBUS);
if (irq < 0) {
dev_err(wcd->dev, "Failed to get SLIM IRQ\n");
return irq;
Reported by FlawFinder.
sound/usb/6fire/chip.c
4 issues
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
strcpy(card->driver, "6FireUSB");
strcpy(card->shortname, "TerraTec DMX6FireUSB");
sprintf(card->longname, "%s at %d:%d", card->shortname,
device->bus->busnum, device->devnum);
chip = card->private_data;
chips[regidx] = chip;
chip->dev = device;
Reported by FlawFinder.
Line: 31
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL v2");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-max */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* Id for card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable card */
static struct sfire_chip *chips[SNDRV_CARDS] = SNDRV_DEFAULT_PTR;
static struct usb_device *devices[SNDRV_CARDS] = SNDRV_DEFAULT_PTR;
module_param_array(index, int, NULL, 0444);
Reported by FlawFinder.
Line: 128
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
dev_err(&intf->dev, "cannot create alsa card.\n");
return ret;
}
strcpy(card->driver, "6FireUSB");
strcpy(card->shortname, "TerraTec DMX6FireUSB");
sprintf(card->longname, "%s at %d:%d", card->shortname,
device->bus->busnum, device->devnum);
chip = card->private_data;
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return ret;
}
strcpy(card->driver, "6FireUSB");
strcpy(card->shortname, "TerraTec DMX6FireUSB");
sprintf(card->longname, "%s at %d:%d", card->shortname,
device->bus->busnum, device->devnum);
chip = card->private_data;
chips[regidx] = chip;
Reported by FlawFinder.
net/sctp/protocol.c
4 issues
Line: 190
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
newopt = sock_kmalloc(newsk, sizeof(*inet_opt) +
inet_opt->opt.optlen, GFP_ATOMIC);
if (newopt)
memcpy(newopt, inet_opt, sizeof(*inet_opt) +
inet_opt->opt.optlen);
else
pr_err("%s: Failed to copy ip options\n", __func__);
}
RCU_INIT_POINTER(newinet->inet_opt, newopt);
Reported by FlawFinder.
Line: 453
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!IS_ERR(rt)) {
dst = &rt->dst;
t->dst = dst;
memcpy(fl, &_fl, sizeof(_fl));
}
/* If there is no association or if a source address is passed, no
* more validation is required.
*/
Reported by FlawFinder.
Line: 520
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dst) {
dst = &rt->dst;
t->dst = dst;
memcpy(fl, &_fl, sizeof(_fl));
} else {
dst_release(&rt->dst);
}
continue;
}
Reported by FlawFinder.
Line: 530
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst_release(dst);
dst = &rt->dst;
t->dst = dst;
memcpy(fl, &_fl, sizeof(_fl));
break;
}
out_unlock:
rcu_read_unlock();
Reported by FlawFinder.
sound/soc/codecs/mt6359-accdet.c
4 issues
Line: 583
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pwm_deb, ARRAY_SIZE(pwm_deb));
/* debounce8(auxadc debounce) is default, needn't get from dts */
if (!ret)
memcpy(priv->data->pwm_deb, pwm_deb, sizeof(pwm_deb));
ret = of_property_read_u32(node, "mediatek,eint-level-pol",
&priv->data->eint_pol);
if (ret)
priv->data->eint_pol = 8;
Reported by FlawFinder.
Line: 648
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
three_key,
ARRAY_SIZE(three_key));
if (!ret)
memcpy(&priv->data->three_key, three_key + 1,
sizeof(struct three_key_threshold));
} else if (tmp == 1) {
int four_key[5];
priv->caps |= ACCDET_FOUR_KEY;
Reported by FlawFinder.
Line: 659
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
four_key,
ARRAY_SIZE(four_key));
if (!ret) {
memcpy(&priv->data->four_key, four_key + 1,
sizeof(struct four_key_threshold));
} else {
dev_warn(priv->dev,
"accdet no 4-key-thrsh dts, use efuse\n");
}
Reported by FlawFinder.
Line: 674
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
three_key,
ARRAY_SIZE(three_key));
if (!ret)
memcpy(&priv->data->three_key, three_key + 1,
sizeof(struct three_key_threshold));
}
dev_warn(priv->dev, "accdet caps=%x\n", priv->caps);
Reported by FlawFinder.
sound/soc/codecs/madera.c
4 issues
Line: 1620
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const DECLARE_TLV_DB_SCALE(madera_mixer_tlv, -3200, 100, 0);
EXPORT_SYMBOL_GPL(madera_mixer_tlv);
const char * const madera_rate_text[MADERA_RATE_ENUM_SIZE] = {
"SYNCCLK rate 1", "SYNCCLK rate 2", "SYNCCLK rate 3",
"ASYNCCLK rate 1", "ASYNCCLK rate 2",
};
EXPORT_SYMBOL_GPL(madera_rate_text);
Reported by FlawFinder.
Line: 1631
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
EXPORT_SYMBOL_GPL(madera_rate_val);
static const char * const madera_dfc_width_text[MADERA_DFC_WIDTH_ENUM_SIZE] = {
"8 bit", "16 bit", "20 bit", "24 bit", "32 bit",
};
static const unsigned int madera_dfc_width_val[MADERA_DFC_WIDTH_ENUM_SIZE] = {
7, 15, 19, 23, 31,
Reported by FlawFinder.
Line: 1639
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
7, 15, 19, 23, 31,
};
static const char * const madera_dfc_type_text[MADERA_DFC_TYPE_ENUM_SIZE] = {
"Fixed", "Unsigned Fixed", "Single Precision Floating",
"Half Precision Floating", "Arm Alternative Floating",
};
static const unsigned int madera_dfc_type_val[MADERA_DFC_TYPE_ENUM_SIZE] = {
Reported by FlawFinder.
Line: 2035
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
madera_in_hpf_cut_text);
EXPORT_SYMBOL_GPL(madera_in_hpf_cut_enum);
static const char * const madera_in_dmic_osr_text[MADERA_OSR_ENUM_SIZE] = {
"384kHz", "768kHz", "1.536MHz", "3.072MHz", "6.144MHz",
};
static const unsigned int madera_in_dmic_osr_val[MADERA_OSR_ENUM_SIZE] = {
2, 3, 4, 5, 6,
Reported by FlawFinder.
sound/core/seq/seq_ports.c
4 issues
Line: 136
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
new_port->addr.client = client->number;
new_port->addr.port = -1;
new_port->owner = THIS_MODULE;
sprintf(new_port->name, "port-%d", num);
snd_use_lock_init(&new_port->use_lock);
port_subs_info_init(&new_port->c_src);
port_subs_info_init(&new_port->c_dest);
snd_use_lock_use(&new_port->use_lock);
Reported by FlawFinder.
Line: 155
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
list_add_tail(&new_port->list, &p->list);
client->num_ports++;
new_port->addr.port = num; /* store the port number in the port */
sprintf(new_port->name, "port-%d", num);
write_unlock_irq(&client->ports_lock);
mutex_unlock(&client->ports_mutex);
return new_port;
}
Reported by FlawFinder.
Line: 411
Column: 11
CWE codes:
362
if (!try_module_get(port->owner))
return -EFAULT;
grp->count++;
if (grp->open && grp->count == 1) {
err = grp->open(port->private_data, info);
if (err < 0) {
module_put(port->owner);
grp->count--;
}
Reported by FlawFinder.
Line: 412
Column: 14
CWE codes:
362
return -EFAULT;
grp->count++;
if (grp->open && grp->count == 1) {
err = grp->open(port->private_data, info);
if (err < 0) {
module_put(port->owner);
grp->count--;
}
}
Reported by FlawFinder.
scripts/dtc/libfdt/fdt_overlay.c
4 issues
Line: 817
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret < 0)
return ret;
} else
memcpy(buf, target_path, len + 1);
} else
len--;
buf[len] = '/';
Reported by FlawFinder.
Line: 823
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len--;
buf[len] = '/';
memcpy(buf + len + 1, rel_path, rel_path_len);
buf[len + 1 + rel_path_len] = '\0';
}
return 0;
}
Reported by FlawFinder.
Line: 273
Column: 11
CWE codes:
126
ret = fdt_setprop_inplace_namelen_partial(fdto,
tree_node,
name,
strlen(name),
poffset,
&adj_val,
sizeof(adj_val));
if (ret == -FDT_ERR_NOSPACE)
return -FDT_ERR_BADOVERLAY;
Reported by FlawFinder.
Line: 794
Column: 10
CWE codes:
126
return ret;
len = ret;
} else {
len = strlen(target_path);
}
ret = fdt_setprop_placeholder(fdt, root_sym, name,
len + (len > 1) + rel_path_len + 1, &p);
if (ret < 0)
Reported by FlawFinder.
sound/soc/codecs/cs43130.c
4 issues
Line: 2532
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (cs43130->dev_id) {
case CS43130_CHIP_ID:
case CS43131_CHIP_ID:
memcpy(all_hp_widgets, digital_hp_widgets,
sizeof(digital_hp_widgets));
memcpy(all_hp_widgets + ARRAY_SIZE(digital_hp_widgets),
analog_hp_widgets, sizeof(analog_hp_widgets));
memcpy(all_hp_routes, digital_hp_routes,
sizeof(digital_hp_routes));
Reported by FlawFinder.
Line: 2534
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case CS43131_CHIP_ID:
memcpy(all_hp_widgets, digital_hp_widgets,
sizeof(digital_hp_widgets));
memcpy(all_hp_widgets + ARRAY_SIZE(digital_hp_widgets),
analog_hp_widgets, sizeof(analog_hp_widgets));
memcpy(all_hp_routes, digital_hp_routes,
sizeof(digital_hp_routes));
memcpy(all_hp_routes + ARRAY_SIZE(digital_hp_routes),
analog_hp_routes, sizeof(analog_hp_routes));
Reported by FlawFinder.
Line: 2536
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(digital_hp_widgets));
memcpy(all_hp_widgets + ARRAY_SIZE(digital_hp_widgets),
analog_hp_widgets, sizeof(analog_hp_widgets));
memcpy(all_hp_routes, digital_hp_routes,
sizeof(digital_hp_routes));
memcpy(all_hp_routes + ARRAY_SIZE(digital_hp_routes),
analog_hp_routes, sizeof(analog_hp_routes));
soc_component_dev_cs43130.dapm_widgets =
Reported by FlawFinder.
Line: 2538
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
analog_hp_widgets, sizeof(analog_hp_widgets));
memcpy(all_hp_routes, digital_hp_routes,
sizeof(digital_hp_routes));
memcpy(all_hp_routes + ARRAY_SIZE(digital_hp_routes),
analog_hp_routes, sizeof(analog_hp_routes));
soc_component_dev_cs43130.dapm_widgets =
all_hp_widgets;
soc_component_dev_cs43130.num_dapm_widgets =
Reported by FlawFinder.
security/apparmor/policy_unpack.c
4 issues
Line: 211
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *p = kvmalloc(len, GFP_KERNEL);
if (p)
memcpy(p, src, len);
return p;
}
/**
* aa_u16_chunck - test and do bounds checking for a u16 size based chunk
Reported by FlawFinder.
Line: 1098
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (is_vmalloc_addr(stgbuf)) {
dstbuf = kvzalloc(strm.total_out, GFP_KERNEL);
if (dstbuf) {
memcpy(dstbuf, stgbuf, strm.total_out);
kvfree(stgbuf);
}
} else
/*
* If the staging buffer was kmalloc'd, then using krealloc is
Reported by FlawFinder.
Line: 657
Column: 21
CWE codes:
126
{
const char * const *key = data;
return jhash(*key, strlen(*key), seed);
}
static int datacmp(struct rhashtable_compare_arg *arg, const void *obj)
{
const struct aa_data *data = obj;
Reported by FlawFinder.
Line: 697
Column: 35
CWE codes:
126
if (*name == '\0')
goto fail;
tmpname = aa_splitn_fqname(name, strlen(name), &tmpns, &ns_len);
if (tmpns) {
*ns_name = kstrndup(tmpns, ns_len, GFP_KERNEL);
if (!*ns_name) {
info = "out of memory";
goto fail;
Reported by FlawFinder.