The following issues were found
drivers/soc/ti/k3-ringacc.c
4 issues
Line: 1102
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
elem_idx = ring->size - (ring->state.occ - ring->state.windex);
elem_ptr = k3_ringacc_get_elm_addr(ring, elem_idx);
memcpy(elem, elem_ptr, (4 << ring->elm_size));
k3_dmaring_remove_asel_from_elem(elem);
ring->state.occ--;
writel(-1, &ring->rt->db);
Reported by FlawFinder.
Line: 1121
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
elem_ptr = k3_ringacc_get_elm_addr(ring, ring->state.rindex);
if (ring->state.occ) {
memcpy(elem, elem_ptr, (4 << ring->elm_size));
k3_dmaring_remove_asel_from_elem(elem);
ring->state.rindex = (ring->state.rindex + 1) % ring->size;
ring->state.occ--;
writel(-1 & K3_DMARING_RT_DB_ENTRY_MASK, &ring->rt->db);
Reported by FlawFinder.
Line: 1146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
elem_ptr = k3_ringacc_get_elm_addr(ring, ring->state.windex);
memcpy(elem_ptr, elem, (4 << ring->elm_size));
if (ring->parent->dma_rings) {
u64 *addr = elem_ptr;
*addr |= ((u64)ring->asel << K3_ADDRESS_ASEL_SHIFT);
}
Reported by FlawFinder.
Line: 1169
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
elem_ptr = k3_ringacc_get_elm_addr(ring, ring->state.rindex);
memcpy(elem, elem_ptr, (4 << ring->elm_size));
ring->state.rindex = (ring->state.rindex + 1) % ring->size;
ring->state.occ--;
writel(-1, &ring->rt->db);
Reported by FlawFinder.
drivers/usb/mon/mon_bin.c
4 issues
Line: 104
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int len_urb; /* Length of data (submitted or actual) */
unsigned int len_cap; /* Delivered length */
union {
unsigned char setup[SETUP_LEN]; /* Only for Control S-type */
struct iso_rec {
int error_count;
int numdesc;
} iso;
} s;
Reported by FlawFinder.
Line: 212
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MON_RING_EMPTY(rp) ((rp)->b_cnt == 0)
static unsigned char xfer_to_pipe[4] = {
PIPE_CONTROL, PIPE_ISOCHRONOUS, PIPE_BULK, PIPE_INTERRUPT
};
static struct class *mon_bin_class;
static dev_t mon_bin_dev0;
Reported by FlawFinder.
Line: 249
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Copy data and advance pointers.
*/
buf = this->b_vec[off / CHUNK_SIZE].ptr + off % CHUNK_SIZE;
memcpy(buf, from, step_len);
if ((off += step_len) >= this->b_size) off = 0;
from += step_len;
length -= step_len;
}
return off;
Reported by FlawFinder.
Line: 399
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (urb->setup_packet == NULL)
return 'Z';
memcpy(setupb, urb->setup_packet, SETUP_LEN);
return 0;
}
static unsigned int mon_bin_get_data(const struct mon_reader_bin *rp,
unsigned int offset, struct urb *urb, unsigned int length,
Reported by FlawFinder.
drivers/scsi/scsi_ioctl.c
4 issues
Line: 145
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int scsi_set_medium_removal(struct scsi_device *sdev, char state)
{
char scsi_cmd[MAX_COMMAND_SIZE];
int ret;
if (!sdev->removable || !sdev->lockable)
return 0;
Reported by FlawFinder.
Line: 195
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int scsi_ioctl_common(struct scsi_device *sdev, int cmd, void __user *arg)
{
char scsi_cmd[MAX_COMMAND_SIZE];
struct scsi_sense_hdr sense_hdr;
/* Check for deprecated ioctls ... all the ioctls which don't
* follow the new unique numbering scheme are deprecated */
switch (cmd) {
Reported by FlawFinder.
Line: 56
Column: 11
CWE codes:
126
else
string = host->hostt->name;
if (string) {
slen = strlen(string);
if (len > slen)
len = slen + 1;
if (copy_to_user(buffer, string, len))
return -EFAULT;
}
Reported by FlawFinder.
Line: 188
Column: 44
CWE codes:
126
/* compatibility with old ioctl which only returned
* 20 characters */
return copy_to_user(arg, name, min(strlen(name), (size_t)20))
? -EFAULT: 0;
}
static int scsi_ioctl_common(struct scsi_device *sdev, int cmd, void __user *arg)
Reported by FlawFinder.
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac_wx.c
4 issues
Line: 124
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eth_zero_addr(wrqu->ap_addr.sa_data);
else
memcpy(wrqu->ap_addr.sa_data,
ieee->current_network.bssid, ETH_ALEN);
spin_unlock_irqrestore(&ieee->lock, flags);
return 0;
Reported by FlawFinder.
Line: 167
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
spin_lock_irqsave(&ieee->lock, flags);
memcpy(ieee->current_network.bssid, temp->sa_data, ETH_ALEN);
ieee->wap_set = !is_zero_ether_addr(temp->sa_data);
spin_unlock_irqrestore(&ieee->lock, flags);
if (ifup)
Reported by FlawFinder.
Line: 205
Column: 2
CWE codes:
120
}
len = ieee->current_network.ssid_len;
wrqu->essid.length = len;
strncpy(b, ieee->current_network.ssid, len);
wrqu->essid.flags = 1;
out:
spin_unlock_irqrestore(&ieee->lock, flags);
Reported by FlawFinder.
Line: 419
Column: 3
CWE codes:
120
if (wrqu->essid.flags && wrqu->essid.length) {
/* first flush current network.ssid */
len = ((wrqu->essid.length - 1) < IW_ESSID_MAX_SIZE) ? (wrqu->essid.length - 1) : IW_ESSID_MAX_SIZE;
strncpy(ieee->current_network.ssid, extra, len + 1);
ieee->current_network.ssid_len = len + 1;
ieee->ssid_set = 1;
} else {
ieee->ssid_set = 0;
ieee->current_network.ssid[0] = '\0';
Reported by FlawFinder.
drivers/ssb/main.c
4 issues
Line: 361
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
static ssize_t \
attrib##_show(struct device *dev, struct device_attribute *attr, char *buf) \
{ \
return sprintf(buf, format_string, dev_to_ssb_dev(dev)->field); \
} \
static DEVICE_ATTR_RO(attrib);
ssb_config_attr(core_num, core_index, "%u\n")
ssb_config_attr(coreid, id.coreid, "0x%04x\n")
Reported by FlawFinder.
Line: 373
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t
name_show(struct device *dev, struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%s\n",
ssb_core_name(dev_to_ssb_dev(dev)->id.coreid));
}
static DEVICE_ATTR_RO(name);
static struct attribute *ssb_device_attrs[] = {
Reported by FlawFinder.
Line: 612
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = get_invariants(bus, &iv);
if (err)
goto out;
memcpy(&bus->boardinfo, &iv.boardinfo, sizeof(iv.boardinfo));
memcpy(&bus->sprom, &iv.sprom, sizeof(iv.sprom));
bus->has_cardbus_slot = iv.has_cardbus_slot;
out:
return err;
}
Reported by FlawFinder.
Line: 613
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
goto out;
memcpy(&bus->boardinfo, &iv.boardinfo, sizeof(iv.boardinfo));
memcpy(&bus->sprom, &iv.sprom, sizeof(iv.sprom));
bus->has_cardbus_slot = iv.has_cardbus_slot;
out:
return err;
}
Reported by FlawFinder.
drivers/scsi/ufs/ufs-mediatek.c
4 issues
Line: 392
Column: 14
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (!ufs_mtk_is_boost_crypt_enabled(hba))
return;
cfg = host->crypt;
volt = cfg->vcore_volt;
reg = cfg->reg_vcore;
ret = clk_prepare_enable(cfg->clk_crypt_mux);
if (ret) {
Reported by FlawFinder.
Line: 460
Column: 49
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
struct regulator *reg;
u32 volt;
host->crypt = devm_kzalloc(dev, sizeof(*(host->crypt)),
GFP_KERNEL);
if (!host->crypt)
goto disable_caps;
reg = devm_regulator_get_optional(dev, "dvfsrc-vcore");
Reported by FlawFinder.
Line: 462
Column: 13
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
host->crypt = devm_kzalloc(dev, sizeof(*(host->crypt)),
GFP_KERNEL);
if (!host->crypt)
goto disable_caps;
reg = devm_regulator_get_optional(dev, "dvfsrc-vcore");
if (IS_ERR(reg)) {
dev_info(dev, "failed to get dvfsrc-vcore: %ld",
Reported by FlawFinder.
Line: 478
Column: 14
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
goto disable_caps;
}
cfg = host->crypt;
if (ufs_mtk_init_host_clk(hba, "crypt_mux",
&cfg->clk_crypt_mux))
goto disable_caps;
if (ufs_mtk_init_host_clk(hba, "crypt_lp",
Reported by FlawFinder.
drivers/video/fbdev/omap2/omapfb/dss/dispc.c
4 issues
Line: 3434
Column: 26
CWE codes:
126
#define DISPC_REG(i, name) name(i)
#define DUMPREG(i, r) seq_printf(s, "%s(%s)%*s %08x\n", #r, p_names[i], \
(int)(48 - strlen(#r) - strlen(p_names[i])), " ", \
dispc_read_reg(DISPC_REG(i, r)))
p_names = mgr_names;
/* DISPC channel specific registers */
Reported by FlawFinder.
Line: 3434
Column: 13
CWE codes:
126
#define DISPC_REG(i, name) name(i)
#define DUMPREG(i, r) seq_printf(s, "%s(%s)%*s %08x\n", #r, p_names[i], \
(int)(48 - strlen(#r) - strlen(p_names[i])), " ", \
dispc_read_reg(DISPC_REG(i, r)))
p_names = mgr_names;
/* DISPC channel specific registers */
Reported by FlawFinder.
Line: 3538
Column: 29
CWE codes:
126
#define DISPC_REG(plane, name, i) name(plane, i)
#define DUMPREG(plane, name, i) \
seq_printf(s, "%s_%d(%s)%*s %08x\n", #name, i, p_names[plane], \
(int)(46 - strlen(#name) - strlen(p_names[plane])), " ", \
dispc_read_reg(DISPC_REG(plane, name, i)))
/* Video pipeline coefficient registers */
/* start from OMAP_DSS_VIDEO1 */
Reported by FlawFinder.
Line: 3538
Column: 13
CWE codes:
126
#define DISPC_REG(plane, name, i) name(plane, i)
#define DUMPREG(plane, name, i) \
seq_printf(s, "%s_%d(%s)%*s %08x\n", #name, i, p_names[plane], \
(int)(46 - strlen(#name) - strlen(p_names[plane])), " ", \
dispc_read_reg(DISPC_REG(plane, name, i)))
/* Video pipeline coefficient registers */
/* start from OMAP_DSS_VIDEO1 */
Reported by FlawFinder.
drivers/scsi/scsi_proc.c
4 issues
Line: 142
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct scsi_host_template *sht = shost->hostt;
struct proc_dir_entry *p;
char name[10];
if (!sht->proc_dir)
return;
sprintf(name,"%d", shost->host_no);
Reported by FlawFinder.
Line: 147
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!sht->proc_dir)
return;
sprintf(name,"%d", shost->host_no);
p = proc_create_data(name, S_IRUGO | S_IWUSR,
sht->proc_dir, &proc_scsi_ops, shost);
if (!p)
printk(KERN_ERR "%s: Failed to register host %d in"
"%s\n", __func__, shost->host_no,
Reported by FlawFinder.
Line: 162
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
void scsi_proc_host_rm(struct Scsi_Host *shost)
{
char name[10];
if (!shost->hostt->proc_dir)
return;
sprintf(name,"%d", shost->host_no);
Reported by FlawFinder.
Line: 167
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!shost->hostt->proc_dir)
return;
sprintf(name,"%d", shost->host_no);
remove_proc_entry(name, shost->hostt->proc_dir);
}
/**
* proc_print_scsidevice - return data about this host
* @dev: A scsi device
Reported by FlawFinder.
drivers/staging/media/ipu3/ipu3-css-params.c
4 issues
Line: 2927
CWE codes:
908
x = (x0 * 2 + x1) * IMGU_DVS_BLOCK_W + OFFSET_X;
x &= XMEM_ALIGN_MASK;
y = y0 * IMGU_DVS_BLOCK_H + OFFSET_Y;
*gdc = gdc_luma;
gdc->in_addr_offset =
(y * frame_in_x + x) * BYP;
gdc++;
}
Reported by Cppcheck.
Line: 2937
CWE codes:
908
x = x0 * IMGU_DVS_BLOCK_W + OFFSET_X / 2;
x &= XMEM_ALIGN_MASK;
y = y0 * (IMGU_DVS_BLOCK_H / 2) + OFFSET_Y / 2;
*gdc = gdc_chroma;
gdc->in_addr_offset = (y * frame_in_x + x) * BYP;
gdc++;
}
}
}
Reported by Cppcheck.
Line: 2705
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (use_user) {
/* Take new user parameters */
memcpy(new_setting, user_setting, par_size);
} else if (old_binary_params) {
/* Take previous value */
old_setting = imgu_css_fw_pipeline_params(css, pipe, c, m, par,
par_size,
old_binary_params);
Reported by FlawFinder.
Line: 2713
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_binary_params);
if (!old_setting)
return ERR_PTR(-EPROTO);
memcpy(new_setting, old_setting, par_size);
} else {
return new_setting; /* Need to calculate */
}
return NULL; /* Copied from other value */
Reported by FlawFinder.
drivers/target/target_core_fabric_configfs.c
4 issues
Line: 170
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
rcu_read_lock();
deve = target_nacl_find_deve(se_nacl, lacl->mapped_lun);
if (deve) {
len = sprintf(page, "%d\n", deve->lun_access_ro);
}
rcu_read_unlock();
return len;
}
Reported by FlawFinder.
Line: 928
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct se_wwn *wwn = container_of(to_config_group(item), struct se_wwn,
param_group);
return sprintf(page, "%d\n",
wwn->cmd_compl_affinity == WORK_CPU_UNBOUND ?
SE_COMPL_AFFINITY_CURR_CPU : wwn->cmd_compl_affinity);
}
static ssize_t
Reported by FlawFinder.
Line: 277
Column: 16
CWE codes:
126
unsigned long long mapped_lun;
int ret = 0;
buf = kzalloc(strlen(name) + 1, GFP_KERNEL);
if (!buf) {
pr_err("Unable to allocate memory for name buf\n");
return ERR_PTR(-ENOMEM);
}
snprintf(buf, strlen(name) + 1, "%s", name);
Reported by FlawFinder.
Line: 282
Column: 16
CWE codes:
126
pr_err("Unable to allocate memory for name buf\n");
return ERR_PTR(-ENOMEM);
}
snprintf(buf, strlen(name) + 1, "%s", name);
/*
* Make sure user is creating iscsi/$IQN/$TPGT/acls/$INITIATOR/lun_$ID.
*/
if (strstr(buf, "lun_") != buf) {
pr_err("Unable to locate \"lun_\" from buf: %s"
Reported by FlawFinder.