The following issues were found
sound/pci/ymfpci/ymfpci.c
4 issues
Line: 266
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
chip->mpu_res = mpu_res;
card->private_data = chip;
strcpy(card->driver, str);
sprintf(card->shortname, "Yamaha %s (%s)", model, str);
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname,
chip->reg_area_phys,
chip->irq);
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
card->private_data = chip;
strcpy(card->driver, str);
sprintf(card->shortname, "Yamaha %s (%s)", model, str);
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname,
chip->reg_area_phys,
chip->irq);
err = snd_ymfpci_pcm(chip, 0);
Reported by FlawFinder.
Line: 268
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strcpy(card->driver, str);
sprintf(card->shortname, "Yamaha %s (%s)", model, str);
sprintf(card->longname, "%s at 0x%lx, irq %i",
card->shortname,
chip->reg_area_phys,
chip->irq);
err = snd_ymfpci_pcm(chip, 0);
if (err < 0)
Reported by FlawFinder.
Line: 22
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
static long fm_port[SNDRV_CARDS];
static long mpu_port[SNDRV_CARDS];
#ifdef SUPPORT_JOYSTICK
static long joystick_port[SNDRV_CARDS];
Reported by FlawFinder.
sound/soc/sof/probe.c
4 issues
Line: 163
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->hdr.size = size;
msg->num_elems = num_dma;
msg->hdr.cmd = SOF_IPC_GLB_PROBE | SOF_IPC_PROBE_DMA_ADD;
memcpy(&msg->dma[0], dma, size - sizeof(*msg));
ret = sof_ipc_tx_message(sdev->ipc, msg->hdr.cmd, msg, msg->hdr.size,
&reply, sizeof(reply));
kfree(msg);
return ret;
Reported by FlawFinder.
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->hdr.size = size;
msg->num_elems = num_stream_tag;
msg->hdr.cmd = SOF_IPC_GLB_PROBE | SOF_IPC_PROBE_DMA_REMOVE;
memcpy(&msg->stream_tag[0], stream_tag, size - sizeof(*msg));
ret = sof_ipc_tx_message(sdev->ipc, msg->hdr.cmd, msg, msg->hdr.size,
&reply, sizeof(reply));
kfree(msg);
return ret;
Reported by FlawFinder.
Line: 251
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->hdr.size = size;
msg->num_elems = num_desc;
msg->hdr.cmd = SOF_IPC_GLB_PROBE | SOF_IPC_PROBE_POINT_ADD;
memcpy(&msg->desc[0], desc, size - sizeof(*msg));
ret = sof_ipc_tx_message(sdev->ipc, msg->hdr.cmd, msg, msg->hdr.size,
&reply, sizeof(reply));
kfree(msg);
return ret;
Reported by FlawFinder.
Line: 283
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->hdr.size = size;
msg->num_elems = num_buffer_id;
msg->hdr.cmd = SOF_IPC_GLB_PROBE | SOF_IPC_PROBE_POINT_REMOVE;
memcpy(&msg->buffer_id[0], buffer_id, size - sizeof(*msg));
ret = sof_ipc_tx_message(sdev->ipc, msg->hdr.cmd, msg, msg->hdr.size,
&reply, sizeof(reply));
kfree(msg);
return ret;
Reported by FlawFinder.
sound/pci/via82xx_modem.c
4 issues
Line: 845
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_via686_capture_ops);
pcm->dev_class = SNDRV_PCM_CLASS_MODEM;
pcm->private_data = chip;
strcpy(pcm->name, chip->card->shortname);
chip->pcms[0] = pcm;
init_viadev(chip, 0, VIA_REG_MO_STATUS, 0);
init_viadev(chip, 1, VIA_REG_MI_STATUS, 1);
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV_SG,
Reported by FlawFinder.
Line: 1186
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < chip->num_devs; i++)
snd_via82xx_channel_reset(chip, &chip->devs[i]);
sprintf(card->longname, "%s at 0x%lx, irq %d",
card->shortname, chip->port, chip->irq);
snd_via82xx_proc_init(chip);
err = snd_card_register(card);
Reported by FlawFinder.
Line: 1160
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
card_type = pci_id->driver_data;
switch (card_type) {
case TYPE_CARD_VIA82XX_MODEM:
strcpy(card->driver, "VIA82XX-MODEM");
sprintf(card->shortname, "VIA 82XX modem");
break;
default:
dev_err(card->dev, "invalid card type %d\n", card_type);
err = -EINVAL;
Reported by FlawFinder.
Line: 1161
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
switch (card_type) {
case TYPE_CARD_VIA82XX_MODEM:
strcpy(card->driver, "VIA82XX-MODEM");
sprintf(card->shortname, "VIA 82XX modem");
break;
default:
dev_err(card->dev, "invalid card type %d\n", card_type);
err = -EINVAL;
goto __error;
Reported by FlawFinder.
security/selinux/ima.c
4 issues
Line: 29
Column: 12
CWE codes:
126
char *buf;
int buf_len, len, i, rc;
buf_len = strlen("initialized=0;enforcing=0;checkreqprot=0;") + 1;
len = strlen(on);
for (i = 0; i < __POLICYDB_CAPABILITY_MAX; i++)
buf_len += strlen(selinux_policycap_names[i]) + len;
Reported by FlawFinder.
Line: 31
Column: 8
CWE codes:
126
buf_len = strlen("initialized=0;enforcing=0;checkreqprot=0;") + 1;
len = strlen(on);
for (i = 0; i < __POLICYDB_CAPABILITY_MAX; i++)
buf_len += strlen(selinux_policycap_names[i]) + len;
buf = kzalloc(buf_len, GFP_KERNEL);
if (!buf)
Reported by FlawFinder.
Line: 33
Column: 14
CWE codes:
126
len = strlen(on);
for (i = 0; i < __POLICYDB_CAPABILITY_MAX; i++)
buf_len += strlen(selinux_policycap_names[i]) + len;
buf = kzalloc(buf_len, GFP_KERNEL);
if (!buf)
return NULL;
Reported by FlawFinder.
Line: 89
Column: 18
CWE codes:
126
}
ima_measure_critical_data("selinux", "selinux-state",
state_str, strlen(state_str), false);
kfree(state_str);
/*
* Measure SELinux policy only after initialization is completed.
Reported by FlawFinder.
sound/soc/soc-pcm.c
4 issues
Line: 1902
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
/* copy params for each dpcm */
memcpy(&dpcm->hw_params, &fe->dpcm[stream].hw_params,
sizeof(struct snd_pcm_hw_params));
/* perform any hw_params fixups */
ret = snd_soc_link_be_hw_params_fixup(be, &dpcm->hw_params);
if (ret < 0)
Reported by FlawFinder.
Line: 1911
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto unwind;
/* copy the fixed-up hw params for BE dai */
memcpy(&be->dpcm[stream].hw_params, &dpcm->hw_params,
sizeof(struct snd_pcm_hw_params));
/* only allow hw_params() if no connected FEs are running */
if (!snd_soc_dpcm_can_be_params(fe, be, stream))
continue;
Reported by FlawFinder.
Line: 1971
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock_nested(&fe->card->mutex, SND_SOC_CARD_CLASS_RUNTIME);
dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_FE);
memcpy(&fe->dpcm[stream].hw_params, params,
sizeof(struct snd_pcm_hw_params));
ret = dpcm_be_dai_hw_params(fe, stream);
if (ret < 0)
goto out;
Reported by FlawFinder.
Line: 2683
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_soc_pcm_runtime *rtd,
int playback, int capture, int num)
{
char new_name[64];
int ret;
/* create the PCM */
if (rtd->dai_link->params) {
snprintf(new_name, sizeof(new_name), "codec2codec(%s)",
Reported by FlawFinder.
net/rose/rose_route.c
4 issues
Line: 865
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char cause, diagnostic;
struct net_device *dev;
int res = 0;
char buf[11];
if (skb->len < ROSE_MIN_LEN)
return res;
if (!ax25)
Reported by FlawFinder.
Line: 1122
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int rose_node_show(struct seq_file *seq, void *v)
{
char rsbuf[11];
int i;
if (v == SEQ_START_TOKEN)
seq_puts(seq, "address mask n neigh neigh neigh\n");
else {
Reported by FlawFinder.
Line: 1188
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int rose_neigh_show(struct seq_file *seq, void *v)
{
char buf[11];
int i;
if (v == SEQ_START_TOKEN)
seq_puts(seq,
"addr callsign dev count use mode restart t0 tf digipeaters\n");
Reported by FlawFinder.
Line: 1259
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int rose_route_show(struct seq_file *seq, void *v)
{
char buf[11], rsbuf[11];
if (v == SEQ_START_TOKEN)
seq_puts(seq,
"lci address callsign neigh <-> lci address callsign neigh\n");
else {
Reported by FlawFinder.
net/sunrpc/auth_gss/auth_gss.c
4 issues
Line: 253
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rpc_wait_queue rpc_waitqueue;
wait_queue_head_t waitqueue;
struct gss_cl_ctx *ctx;
char databuf[UPCALL_BUF_LEN];
};
static int get_pipe_version(struct net *net)
{
struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
Reported by FlawFinder.
Line: 394
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct user_namespace *userns = cred->user_ns;
uid_t uid = from_kuid_munged(userns, gss_msg->uid);
memcpy(gss_msg->databuf, &uid, sizeof(uid));
gss_msg->msg.data = gss_msg->databuf;
gss_msg->msg.len = sizeof(uid);
BUILD_BUG_ON(sizeof(uid) > sizeof(gss_msg->databuf));
}
Reported by FlawFinder.
Line: 1433
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto realloc;
}
memcpy(string, acceptor->data, acceptor->len);
string[acceptor->len] = '\0';
out:
rcu_read_unlock();
return string;
}
Reported by FlawFinder.
Line: 1837
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *tmp;
tmp = page_address(rqstp->rq_enc_pages[rqstp->rq_enc_pages_num - 1]);
memcpy(tmp, snd_buf->tail[0].iov_base, snd_buf->tail[0].iov_len);
snd_buf->tail[0].iov_base = tmp;
}
offset = (u8 *)p - (u8 *)snd_buf->head[0].iov_base;
maj_stat = gss_wrap(ctx->gc_gss_ctx, offset, snd_buf, inpages);
/* slack space should prevent this ever happening: */
Reported by FlawFinder.
sound/firewire/digi00x/digi00x.c
4 issues
Line: 34
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
model = skip_spaces(name);
strcpy(dg00x->card->driver, "Digi00x");
strcpy(dg00x->card->shortname, model);
strcpy(dg00x->card->mixername, model);
snprintf(dg00x->card->longname, sizeof(dg00x->card->longname),
"Digidesign %s, GUID %08x%08x at %s, S%d", model,
fw_dev->config_rom[3], fw_dev->config_rom[4],
dev_name(&dg00x->unit->device), 100 << fw_dev->max_speed);
Reported by FlawFinder.
Line: 35
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(dg00x->card->driver, "Digi00x");
strcpy(dg00x->card->shortname, model);
strcpy(dg00x->card->mixername, model);
snprintf(dg00x->card->longname, sizeof(dg00x->card->longname),
"Digidesign %s, GUID %08x%08x at %s, S%d", model,
fw_dev->config_rom[3], fw_dev->config_rom[4],
dev_name(&dg00x->unit->device), 100 << fw_dev->max_speed);
Reported by FlawFinder.
Line: 22
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int name_card(struct snd_dg00x *dg00x)
{
struct fw_device *fw_dev = fw_parent_device(dg00x->unit);
char name[32] = {0};
char *model;
int err;
err = fw_csr_string(dg00x->unit->directory, CSR_MODEL, name,
sizeof(name));
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
model = skip_spaces(name);
strcpy(dg00x->card->driver, "Digi00x");
strcpy(dg00x->card->shortname, model);
strcpy(dg00x->card->mixername, model);
snprintf(dg00x->card->longname, sizeof(dg00x->card->longname),
"Digidesign %s, GUID %08x%08x at %s, S%d", model,
fw_dev->config_rom[3], fw_dev->config_rom[4],
Reported by FlawFinder.
sound/pci/pcxhr/pcxhr.h
4 issues
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long port[3];
/* share the name */
char name[40]; /* name of this soundcard */
struct pcxhr_rmh *prmh;
struct mutex lock; /* interrupt lock */
struct mutex msg_lock; /* message lock */
Reported by FlawFinder.
Line: 183
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int analog_capture_active; /* used by cards with MIC only */
int phantom_power; /* used by cards with MIC only */
unsigned char aes_bits[5]; /* Mixer : IEC958_AES bits */
};
struct pcxhr_hostport
{
char purgebuffer[6];
Reported by FlawFinder.
Line: 188
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pcxhr_hostport
{
char purgebuffer[6];
char reserved[2];
};
/* exported */
int pcxhr_create_pcm(struct snd_pcxhr *chip);
Reported by FlawFinder.
Line: 189
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pcxhr_hostport
{
char purgebuffer[6];
char reserved[2];
};
/* exported */
int pcxhr_create_pcm(struct snd_pcxhr *chip);
int pcxhr_set_clock(struct pcxhr_mgr *mgr, unsigned int rate);
Reported by FlawFinder.
net/sunrpc/auth_gss/gss_rpc_xdr.c
4 issues
Line: 89
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!buf->data)
return -ENOMEM;
} else {
memcpy(buf->data, p, length);
}
buf->len = length;
return 0;
}
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!p)
return -EINVAL;
/* Contents of linux creds are all host-endian: */
memcpy(res, p, sizeof(u32));
return 0;
}
static int gssx_dec_linux_creds(struct xdr_stream *xdr,
struct svc_cred *creds)
Reported by FlawFinder.
Line: 615
Column: 32
CWE codes:
362
return err;
/* ctx->open */
err = gssx_enc_bool(xdr, ctx->open);
if (err)
return err;
/* leave options empty for now, will add once we have any options
* to pass up at all */
Reported by FlawFinder.
Line: 678
Column: 33
CWE codes:
362
return err;
/* ctx->open */
err = gssx_dec_bool(xdr, &ctx->open);
if (err)
return err;
/* we assume we have no options for now, so simply consume them */
/* ctx->options */
Reported by FlawFinder.