The following issues were found
drivers/staging/rtl8188eu/core/rtw_ioctl_set.c
4 issues
Line: 83
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pibss = padapter->registrypriv.dev_network.MacAddress;
memcpy(&pdev_network->ssid, &pmlmepriv->assoc_ssid, sizeof(struct ndis_802_11_ssid));
rtw_update_registrypriv_dev_network(padapter);
rtw_generate_random_ibss(pibss);
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(&pmlmepriv->assoc_bssid, bssid, ETH_ALEN);
pmlmepriv->assoc_by_bssid = true;
if (check_fwstate(pmlmepriv, _FW_UNDER_SURVEY))
pmlmepriv->to_join = true;
else
Reported by FlawFinder.
Line: 259
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(&pmlmepriv->assoc_ssid, ssid, sizeof(struct ndis_802_11_ssid));
pmlmepriv->assoc_by_bssid = false;
if (check_fwstate(pmlmepriv, _FW_UNDER_SURVEY))
pmlmepriv->to_join = true;
else
Reported by FlawFinder.
Line: 432
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
}
memcpy(&psecuritypriv->dot11DefKey[keyid].skey[0],
&wep->KeyMaterial, wep->KeyLength);
psecuritypriv->dot11DefKeylen[keyid] = wep->KeyLength;
psecuritypriv->dot11PrivacyKeyIndex = keyid;
Reported by FlawFinder.
drivers/usb/gadget/udc/fsl_qe_udc.c
4 issues
Line: 2408
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct qe_ep *ep = &udc->eps[pipe_num];
ep->udc = udc;
strcpy(ep->name, ep_name[pipe_num]);
ep->ep.name = ep_name[pipe_num];
if (pipe_num == 0) {
ep->ep.caps.type_control = true;
} else {
Reported by FlawFinder.
Line: 804
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(fsize != 8))
return -EINVAL;
cp = (u8 *)&udc->local_setup_buff;
memcpy(cp, pframe->data, fsize);
ep->data01 = 1;
/* handle the usb command base on the usb_ctrlrequest */
setup_received_handle(udc, &udc->local_setup_buff);
return 0;
Reported by FlawFinder.
Line: 913
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cp = (u8 *)(req->req.buf) + req->req.actual;
if (cp) {
memcpy(cp, pframe->data, fsize);
req->req.actual += fsize;
if ((fsize < ep->ep.maxpacket) ||
(req->req.actual >= req->req.length)) {
if (ep->epnum == 0)
ep0_req_complete(ep->udc, req);
Reported by FlawFinder.
Line: 1520
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cp = (u8 *)(req->req.buf) + req->req.actual;
if (cp) {
memcpy(cp, pframe->data, fsize);
req->req.actual += fsize;
if ((fsize < ep->ep.maxpacket)
|| (req->req.actual >=
req->req.length)) {
finish_req = 1;
Reported by FlawFinder.
drivers/staging/rtl8723bs/include/rtw_event.h
4 issues
Line: 51
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct stassoc_event {
unsigned char macaddr[6];
unsigned char rsvd[2];
int cam_id;
};
Reported by FlawFinder.
Line: 52
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct stassoc_event {
unsigned char macaddr[6];
unsigned char rsvd[2];
int cam_id;
};
struct stadel_event {
Reported by FlawFinder.
Line: 58
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct stadel_event {
unsigned char macaddr[6];
unsigned char rsvd[2]; /* for reason */
int mac_id;
};
struct wmm_event {
Reported by FlawFinder.
Line: 59
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct stadel_event {
unsigned char macaddr[6];
unsigned char rsvd[2]; /* for reason */
int mac_id;
};
struct wmm_event {
unsigned char wmm;
Reported by FlawFinder.
drivers/scsi/qla4xxx/ql4_bsg.c
4 issues
Line: 469
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
bsg_reply->reply_payload_rcv_len = 0;
memcpy(mbox_cmd, &bsg_req->rqst_data.h_vendor.vendor_cmd[1],
sizeof(uint32_t) * MBOX_REG_COUNT);
DEBUG2(ql4_printk(KERN_INFO, ha,
"%s: mbox_cmd: %08X %08X %08X %08X %08X %08X %08X %08X\n",
__func__, mbox_cmd[0], mbox_cmd[1], mbox_cmd[2],
Reported by FlawFinder.
Line: 495
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Send mbox_sts to application */
bsg_job->reply_len = sizeof(struct iscsi_bsg_reply) + sizeof(mbox_sts);
rsp_ptr = ((uint8_t *)bsg_reply) + sizeof(struct iscsi_bsg_reply);
memcpy(rsp_ptr, mbox_sts, sizeof(mbox_sts));
exit_diag_mem_test:
DEBUG2(ql4_printk(KERN_INFO, ha,
"%s: bsg_reply->result = x%x, status = %s\n",
__func__, bsg_reply->result, STATUS(status)));
Reported by FlawFinder.
Line: 682
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto exit_loopback_cmd;
}
memcpy(mbox_cmd, &bsg_req->rqst_data.h_vendor.vendor_cmd[1],
sizeof(uint32_t) * MBOX_REG_COUNT);
if (is_qla8032(ha) || is_qla8042(ha)) {
status = qla4_83xx_pre_loopback_config(ha, mbox_cmd);
if (status != QLA_SUCCESS) {
Reported by FlawFinder.
Line: 723
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Send mbox_sts to application */
bsg_job->reply_len = sizeof(struct iscsi_bsg_reply) + sizeof(mbox_sts);
rsp_ptr = ((uint8_t *)bsg_reply) + sizeof(struct iscsi_bsg_reply);
memcpy(rsp_ptr, mbox_sts, sizeof(mbox_sts));
restore:
if (is_qla8032(ha) || is_qla8042(ha)) {
status = qla4_83xx_post_loopback_config(ha, mbox_cmd);
if (status != QLA_SUCCESS) {
bsg_reply->result = DID_ERROR << 16;
Reported by FlawFinder.
drivers/staging/rtl8192e/rtl819x_HTProc.c
4 issues
Line: 289
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((bAssoc) && (pHT->ePeerHTSpecVer == HT_SPEC_VER_EWC)) {
u8 EWC11NHTCap[] = {0x00, 0x90, 0x4c, 0x33};
memcpy(posHTCap, EWC11NHTCap, sizeof(EWC11NHTCap));
pCapELE = (struct ht_capab_ele *)&(posHTCap[4]);
*len = 30 + 2;
} else {
pCapELE = (struct ht_capab_ele *)posHTCap;
*len = 26 + 2;
Reported by FlawFinder.
Line: 328
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pCapELE->MPDUDensity = 0;
}
memcpy(pCapELE->MCS, ieee->Regdot11HTOperationalRateSet, 16);
memset(&pCapELE->ExtHTCapInfo, 0, 2);
memset(pCapELE->TxBFCap, 0, 4);
pCapELE->ASCap = 0;
Reported by FlawFinder.
Line: 709
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pNetwork->bssht.bd_ht_cap_len > 0 &&
pNetwork->bssht.bd_ht_cap_len <= sizeof(pHTInfo->PeerHTCapBuf))
memcpy(pHTInfo->PeerHTCapBuf,
pNetwork->bssht.bd_ht_cap_buf,
pNetwork->bssht.bd_ht_cap_len);
if (pNetwork->bssht.bd_ht_info_len > 0 &&
pNetwork->bssht.bd_ht_info_len <=
Reported by FlawFinder.
Line: 716
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pNetwork->bssht.bd_ht_info_len > 0 &&
pNetwork->bssht.bd_ht_info_len <=
sizeof(pHTInfo->PeerHTInfoBuf))
memcpy(pHTInfo->PeerHTInfoBuf,
pNetwork->bssht.bd_ht_info_buf,
pNetwork->bssht.bd_ht_info_len);
if (pHTInfo->bRegRT2RTAggregation) {
pHTInfo->bCurrentRT2RTAggregation =
Reported by FlawFinder.
drivers/staging/iio/meter/ade7854.c
4 issues
Line: 38
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%u\n", val);
}
static ssize_t ade7854_read_16bit(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 55
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%u\n", val);
}
static ssize_t ade7854_read_24bit(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 72
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%u\n", val);
}
static ssize_t ade7854_read_32bit(struct device *dev,
struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 89
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ret < 0)
return ret;
return sprintf(buf, "%u\n", val);
}
static ssize_t ade7854_write_8bit(struct device *dev,
struct device_attribute *attr,
const char *buf,
Reported by FlawFinder.
drivers/usb/storage/cypress_atacb.c
4 issues
Line: 75
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static void cypress_atacb_passthrough(struct scsi_cmnd *srb, struct us_data *us)
{
unsigned char save_cmnd[MAX_COMMAND_SIZE];
if (likely(srb->cmnd[0] != ATA_16 && srb->cmnd[0] != ATA_12)) {
usb_stor_transparent_scsi_command(srb, us);
return;
}
Reported by FlawFinder.
Line: 166
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
srb->result != (DID_ABORT << 16)) &&
save_cmnd[2] & 0x20) {
struct scsi_eh_save ses;
unsigned char regs[8];
unsigned char *sb = srb->sense_buffer;
unsigned char *desc = sb + 8;
int tmp_result;
/* build the command for reading the ATA registers */
Reported by FlawFinder.
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
invalid_fld:
srb->result = SAM_STAT_CHECK_CONDITION;
memcpy(srb->sense_buffer,
usb_stor_sense_invalidCDB,
sizeof(usb_stor_sense_invalidCDB));
end:
memcpy(srb->cmnd, save_cmnd, sizeof(save_cmnd));
if (srb->cmnd[0] == ATA_12)
Reported by FlawFinder.
Line: 234
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
usb_stor_sense_invalidCDB,
sizeof(usb_stor_sense_invalidCDB));
end:
memcpy(srb->cmnd, save_cmnd, sizeof(save_cmnd));
if (srb->cmnd[0] == ATA_12)
srb->cmd_len = 12;
}
static struct scsi_host_template cypress_host_template;
Reported by FlawFinder.
drivers/tty/serial/ip22zilog.h
4 issues
Line: 9
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct zilog_channel {
#ifdef __BIG_ENDIAN
volatile unsigned char unused0[3];
volatile unsigned char control;
volatile unsigned char unused1[3];
volatile unsigned char data;
#else /* __LITTLE_ENDIAN */
volatile unsigned char control;
Reported by FlawFinder.
Line: 11
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef __BIG_ENDIAN
volatile unsigned char unused0[3];
volatile unsigned char control;
volatile unsigned char unused1[3];
volatile unsigned char data;
#else /* __LITTLE_ENDIAN */
volatile unsigned char control;
volatile unsigned char unused0[3];
volatile unsigned char data;
Reported by FlawFinder.
Line: 15
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
volatile unsigned char data;
#else /* __LITTLE_ENDIAN */
volatile unsigned char control;
volatile unsigned char unused0[3];
volatile unsigned char data;
volatile unsigned char unused1[3];
#endif
};
Reported by FlawFinder.
Line: 17
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
volatile unsigned char control;
volatile unsigned char unused0[3];
volatile unsigned char data;
volatile unsigned char unused1[3];
#endif
};
struct zilog_layout {
struct zilog_channel channelB;
Reported by FlawFinder.
drivers/video/fbdev/cyber2000fb.c
4 issues
Line: 1429
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else
cfb->divisors[3] = 6;
strcpy(cfb->fb.fix.id, name);
cfb->fb.fix.type = FB_TYPE_PACKED_PIXELS;
cfb->fb.fix.type_aux = 0;
cfb->fb.fix.xpanstep = 0;
cfb->fb.fix.ypanstep = 1;
Reported by FlawFinder.
Line: 1501
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
continue;
if (strncmp(opt, "font:", 5) == 0) {
static char default_font_storage[40];
strlcpy(default_font_storage, opt + 5,
sizeof(default_font_storage));
default_font = default_font_storage;
continue;
Reported by FlawFinder.
Line: 1718
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct pci_device_id *id)
{
struct cfb_info *cfb;
char name[16];
int err;
sprintf(name, "CyberPro%4X", id->device);
err = pci_enable_device(dev);
Reported by FlawFinder.
Line: 1721
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char name[16];
int err;
sprintf(name, "CyberPro%4X", id->device);
err = pci_enable_device(dev);
if (err)
return err;
Reported by FlawFinder.
drivers/scsi/qla4xxx/ql4_init.c
4 issues
Line: 393
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DEBUG2(ql4_printk(KERN_INFO, ha,
"Total Minidump size = 0x%x KB\n", ha->fw_dump_size));
memcpy(ha->fw_dump, md_tmp, ha->fw_dump_tmplt_size);
ha->fw_dump_tmplt_hdr = ha->fw_dump;
alloc_cleanup:
dma_free_coherent(&ha->pdev->dev, ha->fw_dump_tmplt_size,
md_tmp, md_tmp_dma);
Reported by FlawFinder.
Line: 591
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset += 1;
}
memcpy(ha->model_name, board_id_string, size);
}
static int qla4xxx_config_nvram(struct scsi_qla_host *ha)
{
unsigned long flags;
Reported by FlawFinder.
Line: 633
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (is_qla4022(ha) || is_qla4032(ha))
qla4xxx_set_model_info(ha);
else
strcpy(ha->model_name, "QLA4010");
DEBUG(printk("scsi%ld: %s: Setting extHwConfig to 0xFFFF%04x\n",
ha->host_no, __func__, extHwConfig.Asuint32_t));
spin_lock_irqsave(&ha->hardware_lock, flags);
Reported by FlawFinder.
Line: 1242
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ha->tot_ddbs++;
}
memcpy(fw_ddb_entry, &ddb_entry->fw_ddb_entry,
sizeof(struct dev_db_entry));
ddb_entry->sess->target_id = ddb_entry->fw_ddb_index;
ret = qla4xxx_set_ddb_entry(ha, ddb_entry->fw_ddb_index,
fw_ddb_dma, &mbx_sts);
Reported by FlawFinder.