The following issues were found
drivers/atm/idt77252.c
24 issues
Line: 3457
CWE codes:
908
linkrate = 149760000;
#endif
card->link_pcr = (linkrate / 8 / 53);
printk("%s: Linkrate on ATM line : %u bit/s, %u cell/s.\n",
card->name, linkrate, card->link_pcr);
#ifdef ATM_IDT77252_SEND_IDLE
card->utopia_pcr = card->link_pcr;
Reported by Cppcheck.
Line: 2614
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(&vcc->qos, qos, sizeof(struct atm_qos));
set_bit(ATM_VF_HASQOS, &vcc->flags);
out:
mutex_unlock(&card->mutex);
Reported by FlawFinder.
Line: 2631
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
left = (int) *pos;
if (!left--)
return sprintf(page, "IDT77252 Interrupts:\n");
if (!left--)
return sprintf(page, "TSIF: %lu\n", card->irqstat[15]);
if (!left--)
return sprintf(page, "TXICP: %lu\n", card->irqstat[14]);
if (!left--)
Reported by FlawFinder.
Line: 2633
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "IDT77252 Interrupts:\n");
if (!left--)
return sprintf(page, "TSIF: %lu\n", card->irqstat[15]);
if (!left--)
return sprintf(page, "TXICP: %lu\n", card->irqstat[14]);
if (!left--)
return sprintf(page, "TSQF: %lu\n", card->irqstat[12]);
if (!left--)
Reported by FlawFinder.
Line: 2635
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "TSIF: %lu\n", card->irqstat[15]);
if (!left--)
return sprintf(page, "TXICP: %lu\n", card->irqstat[14]);
if (!left--)
return sprintf(page, "TSQF: %lu\n", card->irqstat[12]);
if (!left--)
return sprintf(page, "TMROF: %lu\n", card->irqstat[11]);
if (!left--)
Reported by FlawFinder.
Line: 2637
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "TXICP: %lu\n", card->irqstat[14]);
if (!left--)
return sprintf(page, "TSQF: %lu\n", card->irqstat[12]);
if (!left--)
return sprintf(page, "TMROF: %lu\n", card->irqstat[11]);
if (!left--)
return sprintf(page, "PHYI: %lu\n", card->irqstat[10]);
if (!left--)
Reported by FlawFinder.
Line: 2639
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "TSQF: %lu\n", card->irqstat[12]);
if (!left--)
return sprintf(page, "TMROF: %lu\n", card->irqstat[11]);
if (!left--)
return sprintf(page, "PHYI: %lu\n", card->irqstat[10]);
if (!left--)
return sprintf(page, "FBQ3A: %lu\n", card->irqstat[8]);
if (!left--)
Reported by FlawFinder.
Line: 2641
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "TMROF: %lu\n", card->irqstat[11]);
if (!left--)
return sprintf(page, "PHYI: %lu\n", card->irqstat[10]);
if (!left--)
return sprintf(page, "FBQ3A: %lu\n", card->irqstat[8]);
if (!left--)
return sprintf(page, "FBQ2A: %lu\n", card->irqstat[7]);
if (!left--)
Reported by FlawFinder.
Line: 2643
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "PHYI: %lu\n", card->irqstat[10]);
if (!left--)
return sprintf(page, "FBQ3A: %lu\n", card->irqstat[8]);
if (!left--)
return sprintf(page, "FBQ2A: %lu\n", card->irqstat[7]);
if (!left--)
return sprintf(page, "RSQF: %lu\n", card->irqstat[6]);
if (!left--)
Reported by FlawFinder.
Line: 2645
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!left--)
return sprintf(page, "FBQ3A: %lu\n", card->irqstat[8]);
if (!left--)
return sprintf(page, "FBQ2A: %lu\n", card->irqstat[7]);
if (!left--)
return sprintf(page, "RSQF: %lu\n", card->irqstat[6]);
if (!left--)
return sprintf(page, "EPDU: %lu\n", card->irqstat[5]);
if (!left--)
Reported by FlawFinder.
drivers/net/wireless/marvell/mwifiex/scan.c
24 issues
Line: 601
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rates_tlv = (struct mwifiex_ie_types_rates_param_set *)tlv_pos;
rates_tlv->header.type = cpu_to_le16(WLAN_EID_SUPP_RATES);
rates_tlv->header.len = cpu_to_le16((u16) rates_size);
memcpy(rates_tlv->rates, rates, rates_size);
scan_cfg_out->tlv_buf_len += sizeof(rates_tlv->header) + rates_size;
return rates_size;
}
Reported by FlawFinder.
Line: 692
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the current channel TLV to the command being
prepared */
memcpy(chan_tlv_out->chan_scan_param + tlv_idx,
tmp_chan_list,
sizeof(chan_tlv_out->chan_scan_param));
/* Increment the TLV header length by the size
appended */
Reported by FlawFinder.
Line: 892
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
user_scan_in->specific_bssid,
sizeof(scan_cfg_out->specific_bssid));
memcpy(tmpaddr, scan_cfg_out->specific_bssid, ETH_ALEN);
if (adapter->ext_scan &&
!is_zero_ether_addr(tmpaddr)) {
bssid_tlv =
(struct mwifiex_ie_types_bssid_list *)tlv_pos;
Reported by FlawFinder.
Line: 900
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(struct mwifiex_ie_types_bssid_list *)tlv_pos;
bssid_tlv->header.type = cpu_to_le16(TLV_TYPE_BSSID);
bssid_tlv->header.len = cpu_to_le16(ETH_ALEN);
memcpy(bssid_tlv->bssid, user_scan_in->specific_bssid,
ETH_ALEN);
tlv_pos += sizeof(struct mwifiex_ie_types_bssid_list);
}
for (i = 0; i < user_scan_in->num_ssids; i++) {
Reported by FlawFinder.
Line: 933
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"DIRECT-", 7))
wildcard_ssid_tlv->max_ssid_length = 0xfe;
memcpy(wildcard_ssid_tlv->ssid,
user_scan_in->ssid_list[i].ssid, ssid_len);
tlv_pos += (sizeof(wildcard_ssid_tlv->header)
+ le16_to_cpu(wildcard_ssid_tlv->header.len));
Reported by FlawFinder.
Line: 958
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* truncate scan results. That is not an issue with an SSID
* or BSSID filter applied to the scan results in the firmware.
*/
memcpy(tmpaddr, scan_cfg_out->specific_bssid, ETH_ALEN);
if ((i && ssid_filter) ||
!is_zero_ether_addr(tmpaddr))
*filtered_scan = true;
if (user_scan_in->scan_chan_gap) {
Reported by FlawFinder.
Line: 1253
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (element_len > IEEE80211_MAX_SSID_LEN)
return -EINVAL;
bss_entry->ssid.ssid_len = element_len;
memcpy(bss_entry->ssid.ssid, (current_ptr + 2),
element_len);
mwifiex_dbg(adapter, INFO,
"info: InterpretIE: ssid: %-32s\n",
bss_entry->ssid.ssid);
break;
Reported by FlawFinder.
Line: 1263
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case WLAN_EID_SUPP_RATES:
if (element_len > MWIFIEX_SUPPORTED_RATES)
return -EINVAL;
memcpy(bss_entry->data_rates, current_ptr + 2,
element_len);
memcpy(bss_entry->supported_rates, current_ptr + 2,
element_len);
rate_size = element_len;
found_data_rate_ie = true;
Reported by FlawFinder.
Line: 1265
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
memcpy(bss_entry->data_rates, current_ptr + 2,
element_len);
memcpy(bss_entry->supported_rates, current_ptr + 2,
element_len);
rate_size = element_len;
found_data_rate_ie = true;
break;
Reported by FlawFinder.
Line: 1276
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
fh_param_set =
(struct ieee_types_fh_param_set *) current_ptr;
memcpy(&bss_entry->phy_param_set.fh_param_set,
fh_param_set,
sizeof(struct ieee_types_fh_param_set));
break;
case WLAN_EID_DS_PARAMS:
Reported by FlawFinder.
scripts/asn1_compiler.c
24 issues
Line: 314
Column: 49
CWE codes:
134
Suggestion:
Use a constant for the format specification
static bool verbose_opt;
static bool debug_opt;
#define verbose(fmt, ...) do { if (verbose_opt) printf(fmt, ## __VA_ARGS__); } while (0)
#define debug(fmt, ...) do { if (debug_opt) printf(fmt, ## __VA_ARGS__); } while (0)
static int directive_compare(const void *_key, const void *_pdir)
{
const struct token *token = _key;
Reported by FlawFinder.
Line: 315
Column: 45
CWE codes:
134
Suggestion:
Use a constant for the format specification
static bool debug_opt;
#define verbose(fmt, ...) do { if (verbose_opt) printf(fmt, ## __VA_ARGS__); } while (0)
#define debug(fmt, ...) do { if (debug_opt) printf(fmt, ## __VA_ARGS__); } while (0)
static int directive_compare(const void *_key, const void *_pdir)
{
const struct token *token = _key;
const char *const *pdir = _pdir, *dir = *pdir;
Reported by FlawFinder.
Line: 1221
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (e->class == 0 && e->method == 0 && e->tag == 0)
strcpy(tag, "<...>");
else if (e->class == ASN1_UNIV)
sprintf(tag, "%s %s %s",
asn1_classes[e->class],
asn1_methods[e->method],
asn1_universal_tags[e->tag]);
else
sprintf(tag, "%s %s %u",
Reported by FlawFinder.
Line: 1226
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
asn1_methods[e->method],
asn1_universal_tags[e->tag]);
else
sprintf(tag, "%s %s %u",
asn1_classes[e->class],
asn1_methods[e->method],
e->tag);
printf("%c%c%c%c%c %c %*s[*] \e[33m%s\e[m %s %s \e[35m%s\e[m\n",
Reported by FlawFinder.
Line: 1263
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
static int render_depth = 1;
static struct element *render_list, **render_list_p = &render_list;
__attribute__((format(printf, 2, 3)))
static void render_opcode(FILE *out, const char *fmt, ...)
{
va_list va;
if (out) {
Reported by FlawFinder.
Line: 1271
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (out) {
fprintf(out, "\t[%4d] =%*s", nr_entries, render_depth, "");
va_start(va, fmt);
vfprintf(out, fmt, va);
va_end(va);
}
nr_entries++;
}
Reported by FlawFinder.
Line: 1277
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
nr_entries++;
}
__attribute__((format(printf, 2, 3)))
static void render_more(FILE *out, const char *fmt, ...)
{
va_list va;
if (out) {
Reported by FlawFinder.
Line: 1284
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (out) {
va_start(va, fmt);
vfprintf(out, fmt, va);
va_end(va);
}
}
/*
Reported by FlawFinder.
Line: 569
Column: 19
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
char *kbuild_verbose;
int fd;
kbuild_verbose = getenv("KBUILD_VERBOSE");
if (kbuild_verbose)
verbose_opt = atoi(kbuild_verbose);
while (argc > 4) {
if (strcmp(argv[1], "-v") == 0)
Reported by FlawFinder.
Line: 118
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NR__TOKENS
};
static const unsigned char token_to_tag[NR__TOKENS] = {
/* EOC goes first */
[DIRECTIVE_BOOLEAN] = ASN1_BOOL,
[DIRECTIVE_INTEGER] = ASN1_INT,
[DIRECTIVE_BIT] = ASN1_BTS,
[DIRECTIVE_OCTET] = ASN1_OTS,
Reported by FlawFinder.
drivers/crypto/ccree/cc_aead.c
24 issues
Line: 576
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy nonce from last 4 bytes in CTR key to
* first 4 bytes in CTR IV
*/
memcpy(ctx->ctr_nonce, enckey + ctx->enc_keylen -
CTR_RFC3686_NONCE_SIZE, CTR_RFC3686_NONCE_SIZE);
/* Set CTR key size */
ctx->enc_keylen -= CTR_RFC3686_NONCE_SIZE;
}
} else { /* non-authenc - has just one key */
Reported by FlawFinder.
Line: 595
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* STAT_PHASE_1: Copy key to ctx */
/* Get key material */
memcpy(ctx->enckey, enckey, ctx->enc_keylen);
if (ctx->enc_keylen == 24)
memset(ctx->enckey + 24, 0, CC_AES_KEY_SIZE_MAX - 24);
if (ctx->auth_mode == DRV_HASH_XCBC_MAC) {
memcpy(ctx->auth_state.xcbc.xcbc_keys, authkey,
ctx->auth_keylen);
Reported by FlawFinder.
Line: 599
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->enc_keylen == 24)
memset(ctx->enckey + 24, 0, CC_AES_KEY_SIZE_MAX - 24);
if (ctx->auth_mode == DRV_HASH_XCBC_MAC) {
memcpy(ctx->auth_state.xcbc.xcbc_keys, authkey,
ctx->auth_keylen);
} else if (ctx->auth_mode != DRV_HASH_NULL) { /* HMAC */
rc = cc_get_plain_hmac_key(tfm, authkey, ctx->auth_keylen);
if (rc)
return rc;
Reported by FlawFinder.
Line: 664
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
keylen -= 3;
memcpy(ctx->ctr_nonce, key + keylen, 3);
return cc_aead_setkey(tfm, key, keylen);
}
static int cc_aead_setauthsize(struct crypto_aead *authenc,
Reported by FlawFinder.
Line: 1404
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EOVERFLOW;
data = cpu_to_be32(msglen);
memcpy(block - csize, (u8 *)&data + 4 - csize, csize);
return 0;
}
static int cc_ccm(struct aead_request *req, struct cc_hw_desc desc[],
Reported by FlawFinder.
Line: 1562
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_dbg(dev, "illegal iv value %X\n", req->iv[0]);
return -EINVAL;
}
memcpy(b0, req->iv, AES_BLOCK_SIZE);
/* format control info per RFC 3610 and
* NIST Special Publication 800-38C
*/
*b0 |= (8 * ((m - 2) / 2));
Reported by FlawFinder.
Line: 1584
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(req->iv + 15 - req->iv[0], 0, req->iv[0] + 1);
req->iv[15] = 1;
memcpy(ctr_count_0, req->iv, AES_BLOCK_SIZE);
ctr_count_0[15] = 0;
return 0;
}
Reported by FlawFinder.
Line: 1606
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* In RFC 4309 there is an 11-bytes nonce+IV part,
* that we build here.
*/
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_NONCE_OFFSET, ctx->ctr_nonce,
CCM_BLOCK_NONCE_SIZE);
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_IV_OFFSET, req->iv,
CCM_BLOCK_IV_SIZE);
req->iv = areq_ctx->ctr_iv;
}
Reported by FlawFinder.
Line: 1608
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_NONCE_OFFSET, ctx->ctr_nonce,
CCM_BLOCK_NONCE_SIZE);
memcpy(areq_ctx->ctr_iv + CCM_BLOCK_IV_OFFSET, req->iv,
CCM_BLOCK_IV_SIZE);
req->iv = areq_ctx->ctr_iv;
}
static void cc_set_ghash_desc(struct aead_request *req,
Reported by FlawFinder.
Line: 1849
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(req_ctx->mac_buf, 0, AES_BLOCK_SIZE);
memcpy(req->iv + 12, &counter, 4);
memcpy(req_ctx->gcm_iv_inc2, req->iv, 16);
counter = cpu_to_be32(1);
memcpy(req->iv + 12, &counter, 4);
memcpy(req_ctx->gcm_iv_inc1, req->iv, 16);
Reported by FlawFinder.
drivers/hwmon/f71805f.c
24 issues
Line: 981
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct f71805f_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%s\n", data->name);
}
static SENSOR_DEVICE_ATTR(in0_input, S_IRUGO, show_in0, NULL, 0);
static SENSOR_DEVICE_ATTR(in0_max, S_IRUGO | S_IWUSR,
show_in0_max, set_in0_max, 0);
Reported by FlawFinder.
Line: 426
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
int nr = attr->index;
return sprintf(buf, "%ld\n", in0_from_reg(data->in[nr]));
}
static ssize_t show_in0_max(struct device *dev, struct device_attribute
*devattr, char *buf)
{
Reported by FlawFinder.
Line: 436
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
int nr = attr->index;
return sprintf(buf, "%ld\n", in0_from_reg(data->in_high[nr]));
}
static ssize_t show_in0_min(struct device *dev, struct device_attribute
*devattr, char *buf)
{
Reported by FlawFinder.
Line: 446
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
int nr = attr->index;
return sprintf(buf, "%ld\n", in0_from_reg(data->in_low[nr]));
}
static ssize_t set_in0_max(struct device *dev, struct device_attribute
*devattr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 498
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
int nr = attr->index;
return sprintf(buf, "%ld\n", in_from_reg(data->in[nr]));
}
static ssize_t show_in_max(struct device *dev, struct device_attribute
*devattr, char *buf)
{
Reported by FlawFinder.
Line: 508
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
int nr = attr->index;
return sprintf(buf, "%ld\n", in_from_reg(data->in_high[nr]));
}
static ssize_t show_in_min(struct device *dev, struct device_attribute
*devattr, char *buf)
{
Reported by FlawFinder.
Line: 518
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
int nr = attr->index;
return sprintf(buf, "%ld\n", in_from_reg(data->in_low[nr]));
}
static ssize_t set_in_max(struct device *dev, struct device_attribute
*devattr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 570
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
int nr = attr->index;
return sprintf(buf, "%ld\n", fan_from_reg(data->fan[nr]));
}
static ssize_t show_fan_min(struct device *dev, struct device_attribute
*devattr, char *buf)
{
Reported by FlawFinder.
Line: 580
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
int nr = attr->index;
return sprintf(buf, "%ld\n", fan_from_reg(data->fan_low[nr]));
}
static ssize_t show_fan_target(struct device *dev, struct device_attribute
*devattr, char *buf)
{
Reported by FlawFinder.
Line: 590
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
int nr = attr->index;
return sprintf(buf, "%ld\n", fan_from_reg(data->fan_target[nr]));
}
static ssize_t set_fan_min(struct device *dev, struct device_attribute
*devattr, const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/staging/rtl8188eu/core/rtw_mlme.c
24 issues
Line: 247
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
__le16 val;
memcpy((u8 *)&val, rtw_get_capability_from_ie(bss->ies), 2);
return le16_to_cpu(val);
}
u8 *rtw_get_beacon_interval_from_ie(u8 *ie)
Reported by FlawFinder.
Line: 284
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u16 s_cap, d_cap;
__le16 le_scap, le_dcap;
memcpy((u8 *)&le_scap, rtw_get_capability_from_ie(src->ies), 2);
memcpy((u8 *)&le_dcap, rtw_get_capability_from_ie(dst->ies), 2);
s_cap = le16_to_cpu(le_scap);
d_cap = le16_to_cpu(le_dcap);
Reported by FlawFinder.
Line: 285
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__le16 le_scap, le_dcap;
memcpy((u8 *)&le_scap, rtw_get_capability_from_ie(src->ies), 2);
memcpy((u8 *)&le_dcap, rtw_get_capability_from_ie(dst->ies), 2);
s_cap = le16_to_cpu(le_scap);
d_cap = le16_to_cpu(le_dcap);
return ((src->ssid.ssid_length == dst->ssid.ssid_length) &&
Reported by FlawFinder.
Line: 353
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
if (update_ie)
memcpy((u8 *)dst, (u8 *)src, get_wlan_bssid_ex_sz(src));
dst->PhyInfo.SignalStrength = ss_final;
dst->PhyInfo.SignalQuality = sq_final;
dst->Rssi = rssi_final;
}
Reported by FlawFinder.
Line: 404
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rtw_hal_get_def_var(adapter, HAL_DEF_CURRENT_ANTENNA,
&target->PhyInfo.Optimum_antenna);
memcpy(&pnetwork->network, target,
get_wlan_bssid_ex_sz(target));
/* variable initialize */
pnetwork->fixed = false;
pnetwork->last_scanned = jiffies;
Reported by FlawFinder.
Line: 429
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
target->Length = bssid_ex_sz;
rtw_hal_get_def_var(adapter, HAL_DEF_CURRENT_ANTENNA,
&target->PhyInfo.Optimum_antenna);
memcpy(&pnetwork->network, target, bssid_ex_sz);
pnetwork->last_scanned = jiffies;
/* bss info not receiving from the right channel */
if (pnetwork->network.PhyInfo.SignalQuality == 101)
Reported by FlawFinder.
Line: 528
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!memcmp(&pmlmepriv->cur_network.network.MacAddress, pnetwork->MacAddress, ETH_ALEN)) {
struct wlan_network *ibss_wlan = NULL;
memcpy(pmlmepriv->cur_network.network.ies, pnetwork->ies, 8);
spin_lock_bh(&pmlmepriv->scanned_queue.lock);
ibss_wlan = rtw_find_network(&pmlmepriv->scanned_queue, pnetwork->MacAddress);
if (ibss_wlan) {
memcpy(ibss_wlan->network.ies, pnetwork->ies, 8);
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
Reported by FlawFinder.
Line: 532
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_bh(&pmlmepriv->scanned_queue.lock);
ibss_wlan = rtw_find_network(&pmlmepriv->scanned_queue, pnetwork->MacAddress);
if (ibss_wlan) {
memcpy(ibss_wlan->network.ies, pnetwork->ies, 8);
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
goto exit;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
}
Reported by FlawFinder.
Line: 584
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
_clr_fwstate_(pmlmepriv, _FW_UNDER_SURVEY);
memcpy(&pdev_network->ssid, &pmlmepriv->assoc_ssid, sizeof(struct ndis_802_11_ssid));
rtw_update_registrypriv_dev_network(adapter);
rtw_generate_random_ibss(pibss);
pmlmepriv->fw_state = WIFI_ADHOC_MASTER_STATE;
Reported by FlawFinder.
Line: 842
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct wlan_network *cur_network = &pmlmepriv->cur_network;
/* why not use ptarget_wlan?? */
memcpy(&cur_network->network, &pnetwork->network, pnetwork->network.Length);
/* some ies in pnetwork is wrong, so we should use ptarget_wlan ies */
cur_network->network.ie_length = ptarget_wlan->network.ie_length;
memcpy(&cur_network->network.ies[0], &ptarget_wlan->network.ies[0], MAX_IE_SZ);
cur_network->aid = pnetwork->join_res;
Reported by FlawFinder.
drivers/usb/gadget/configfs.c
24 issues
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!str)
return -ENOMEM;
}
strcpy(str, s);
if (str[ret - 1] == '\n')
str[ret - 1] = '\0';
*s_copy = str;
return 0;
}
Reported by FlawFinder.
Line: 236
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&gi->lock);
udc_name = gi->composite.gadget_driver.udc_name;
ret = sprintf(page, "%s\n", udc_name ?: "");
mutex_unlock(&gi->lock);
return ret;
}
Reported by FlawFinder.
Line: 305
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
enum usb_device_speed speed = to_gadget_info(item)->composite.max_speed;
return sprintf(page, "%s\n", usb_speed_string(speed));
}
static ssize_t gadget_dev_desc_max_speed_store(struct config_item *item,
const char *page, size_t len)
{
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usb_composite_dev cdev;
bool use_os_desc;
char b_vendor_code;
char qw_sign[OS_STRING_QW_SIGN_LEN];
spinlock_t spinlock;
bool unbind;
};
static inline struct gadget_info *to_gadget_info(struct config_item *item)
Reported by FlawFinder.
Line: 129
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
char *page) \
{ \
return sprintf(page, "0x%02x\n", \
to_gadget_info(item)->cdev.desc.__name); \
}
#define GI_DEVICE_DESC_SIMPLE_R_u16(__name) \
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
Reported by FlawFinder.
Line: 137
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_dev_desc_##__name##_show(struct config_item *item, \
char *page) \
{ \
return sprintf(page, "0x%04x\n", \
le16_to_cpup(&to_gadget_info(item)->cdev.desc.__name)); \
}
#define GI_DEVICE_DESC_SIMPLE_W_u8(_name) \
Reported by FlawFinder.
Line: 508
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_config_desc_MaxPower_show(struct config_item *item,
char *page)
{
return sprintf(page, "%u\n", to_config_usb_cfg(item)->c.MaxPower);
}
static ssize_t gadget_config_desc_MaxPower_store(struct config_item *item,
const char *page, size_t len)
{
Reported by FlawFinder.
Line: 528
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t gadget_config_desc_bmAttributes_show(struct config_item *item,
char *page)
{
return sprintf(page, "0x%02x\n",
to_config_usb_cfg(item)->c.bmAttributes);
}
static ssize_t gadget_config_desc_bmAttributes_store(struct config_item *item,
const char *page, size_t len)
Reported by FlawFinder.
Line: 583
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gadget_info *gi;
struct usb_function_instance *fi;
char buf[MAX_NAME_LEN];
char *func_name;
char *instance_name;
int ret;
ret = snprintf(buf, MAX_NAME_LEN, "%s", name);
Reported by FlawFinder.
Line: 677
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct gadget_info *gi;
struct config_usb_cfg *cfg;
char buf[MAX_NAME_LEN];
char *num_str;
u8 num;
int ret;
gi = container_of(group, struct gadget_info, configs_group);
Reported by FlawFinder.
arch/x86/kvm/mmu/paging_tmpl.h
24 issues
Line: 104
Column: 77
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return (gpte & PT_LVL_ADDR_MASK(lvl)) >> PAGE_SHIFT;
}
static inline void FNAME(protect_clean_gpte)(struct kvm_mmu *mmu, unsigned *access,
unsigned gpte)
{
unsigned mask;
/* dirty bit is not supported, so no need to track it */
Reported by FlawFinder.
Line: 119
Column: 3
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* Allow write access to dirty gptes */
mask |= (gpte >> (PT_GUEST_DIRTY_SHIFT - PT_WRITABLE_SHIFT)) &
PT_WRITABLE_MASK;
*access &= mask;
}
static inline int FNAME(is_present_gpte)(unsigned long pte)
{
#if PTTYPE != PTTYPE_EPT
Reported by FlawFinder.
Line: 219
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
*/
static inline unsigned FNAME(gpte_access)(u64 gpte)
{
unsigned access;
#if PTTYPE == PTTYPE_EPT
access = ((gpte & VMX_EPT_WRITABLE_MASK) ? ACC_WRITE_MASK : 0) |
((gpte & VMX_EPT_EXECUTABLE_MASK) ? ACC_EXEC_MASK : 0) |
((gpte & VMX_EPT_READABLE_MASK) ? ACC_USER_MASK : 0);
#else
Reported by FlawFinder.
Line: 229
Column: 2
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
BUILD_BUG_ON(ACC_EXEC_MASK != 1);
access = gpte & (PT_WRITABLE_MASK | PT_USER_MASK | PT_PRESENT_MASK);
/* Combine NX with P (which is set here) to get ACC_EXEC_MASK. */
access ^= (gpte >> PT64_NX_SHIFT);
#endif
return access;
}
Reported by FlawFinder.
Line: 232
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
access ^= (gpte >> PT64_NX_SHIFT);
#endif
return access;
}
static int FNAME(update_accessed_dirty_bits)(struct kvm_vcpu *vcpu,
struct kvm_mmu *mmu,
struct guest_walker *walker,
Reported by FlawFinder.
Line: 342
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
*/
static int FNAME(walk_addr_generic)(struct guest_walker *walker,
struct kvm_vcpu *vcpu, struct kvm_mmu *mmu,
gpa_t addr, u32 access)
{
int ret;
pt_element_t pte;
pt_element_t __user *ptep_user;
gfn_t table_gfn;
Reported by FlawFinder.
Line: 355
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
bool have_ad;
int offset;
u64 walk_nx_mask = 0;
const int write_fault = access & PFERR_WRITE_MASK;
const int user_fault = access & PFERR_USER_MASK;
const int fetch_fault = access & PFERR_FETCH_MASK;
u16 errcode = 0;
gpa_t real_gpa;
gfn_t gfn;
Reported by FlawFinder.
Line: 356
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int offset;
u64 walk_nx_mask = 0;
const int write_fault = access & PFERR_WRITE_MASK;
const int user_fault = access & PFERR_USER_MASK;
const int fetch_fault = access & PFERR_FETCH_MASK;
u16 errcode = 0;
gpa_t real_gpa;
gfn_t gfn;
Reported by FlawFinder.
Line: 357
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u64 walk_nx_mask = 0;
const int write_fault = access & PFERR_WRITE_MASK;
const int user_fault = access & PFERR_USER_MASK;
const int fetch_fault = access & PFERR_FETCH_MASK;
u16 errcode = 0;
gpa_t real_gpa;
gfn_t gfn;
trace_kvm_mmu_pagetable_walk(addr, access);
Reported by FlawFinder.
Line: 362
Column: 37
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
gpa_t real_gpa;
gfn_t gfn;
trace_kvm_mmu_pagetable_walk(addr, access);
retry_walk:
walker->level = mmu->root_level;
pte = mmu->get_guest_pgd(vcpu);
have_ad = PT_HAVE_ACCESSED_DIRTY(mmu);
Reported by FlawFinder.
fs/ecryptfs/crypto.c
24 issues
Line: 741
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
mount_crypt_stat);
ecryptfs_set_default_sizes(crypt_stat);
strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
crypt_stat->mount_crypt_stat = mount_crypt_stat;
}
Reported by FlawFinder.
Line: 969
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
str[0] = '\0';
for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++)
if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code)
strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str);
if (str[0] == '\0') {
ecryptfs_printk(KERN_WARNING, "Cipher code not recognized: "
"[%d]\n", cipher_code);
rc = -EINVAL;
}
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void ecryptfs_from_hex(char *dst, char *src, int dst_size)
{
int x;
char tmp[3] = { 0, };
for (x = 0; x < dst_size; x++) {
tmp[0] = src[x * 2];
tmp[1] = src[x * 2 + 1];
dst[x] = (unsigned char)simple_strtol(tmp, NULL, 16);
Reported by FlawFinder.
Line: 114
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
loff_t offset)
{
int rc = 0;
char dst[MD5_DIGEST_SIZE];
char src[ECRYPTFS_MAX_IV_BYTES + 16];
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "root iv:\n");
ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int rc = 0;
char dst[MD5_DIGEST_SIZE];
char src[ECRYPTFS_MAX_IV_BYTES + 16];
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "root iv:\n");
ecryptfs_dump_hex(crypt_stat->root_iv, crypt_stat->iv_bytes);
}
Reported by FlawFinder.
Line: 125
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* significant bits of the root IV into an unsigned long and
* add the offset to that rather than go through all this
* hashing business. -Halcrow */
memcpy(src, crypt_stat->root_iv, crypt_stat->iv_bytes);
memset((src + crypt_stat->iv_bytes), 0, 16);
snprintf((src + crypt_stat->iv_bytes), 16, "%lld", offset);
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "source:\n");
ecryptfs_dump_hex(src, (crypt_stat->iv_bytes + 16));
Reported by FlawFinder.
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"MD5 while generating IV for a page\n");
goto out;
}
memcpy(iv, dst, crypt_stat->iv_bytes);
if (unlikely(ecryptfs_verbosity > 0)) {
ecryptfs_printk(KERN_DEBUG, "derived iv:\n");
ecryptfs_dump_hex(iv, crypt_stat->iv_bytes);
}
out:
Reported by FlawFinder.
Line: 381
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
pgoff_t page_index = op == ENCRYPT ? src_page->index : dst_page->index;
loff_t extent_base;
char extent_iv[ECRYPTFS_MAX_IV_BYTES];
struct scatterlist src_sg, dst_sg;
size_t extent_size = crypt_stat->extent_size;
int rc;
extent_base = (((loff_t)page_index) * (PAGE_SIZE / extent_size));
Reported by FlawFinder.
Line: 634
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
{
int rc = 0;
char dst[MD5_DIGEST_SIZE];
BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
BUG_ON(crypt_stat->iv_bytes <= 0);
if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
rc = -EINVAL;
Reported by FlawFinder.
Line: 651
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"MD5 while generating root IV\n");
goto out;
}
memcpy(crypt_stat->root_iv, dst, crypt_stat->iv_bytes);
out:
if (rc) {
memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
}
Reported by FlawFinder.
sound/pci/rme9652/hdsp.c
24 issues
Line: 4555
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (RPM != hdsp->io_type) {
hdsp->creg_spdif_stream = hdsp->creg_spdif;
hdsp->spdif_ctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(hdsp->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &hdsp->spdif_ctl->id);
}
return 0;
}
Reported by FlawFinder.
Line: 4574
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
spin_unlock_irq(&hdsp->lock);
if (RPM != hdsp->io_type) {
hdsp->spdif_ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(hdsp->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &hdsp->spdif_ctl->id);
}
return 0;
}
Reported by FlawFinder.
Line: 5008
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
hdsp->pcm = pcm;
pcm->private_data = hdsp;
strcpy(pcm->name, hdsp->card_name);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &snd_hdsp_playback_ops);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_hdsp_capture_ops);
pcm->info_flags = SNDRV_PCM_INFO_JOINT_DUPLEX;
Reported by FlawFinder.
Line: 5157
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!(hdsp->state & HDSP_InitializationComplete)) {
strcpy(card->shortname, "Hammerfall DSP");
sprintf(card->longname, "%s at 0x%lx, irq %d", hdsp->card_name,
hdsp->port, hdsp->irq);
err = snd_card_register(card);
if (err < 0) {
dev_err(card->dev,
Reported by FlawFinder.
Line: 5477
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto free_card;
strcpy(card->shortname, "Hammerfall DSP");
sprintf(card->longname, "%s at 0x%lx, irq %d", hdsp->card_name,
hdsp->port, hdsp->irq);
err = snd_card_register(card);
if (err) {
free_card:
snd_card_free(card);
Reported by FlawFinder.
Line: 35
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/current.h>
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
module_param_array(index, int, NULL, 0444);
MODULE_PARM_DESC(index, "Index value for RME Hammerfall DSP interface.");
module_param_array(id, charp, NULL, 0444);
Reported by FlawFinder.
Line: 502
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
where the data for that channel can be read/written from/to.
*/
static const char channel_map_df_ss[HDSP_MAX_CHANNELS] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
18, 19, 20, 21, 22, 23, 24, 25
};
static const char channel_map_mf_ss[HDSP_MAX_CHANNELS] = { /* Multiface */
Reported by FlawFinder.
Line: 507
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
18, 19, 20, 21, 22, 23, 24, 25
};
static const char channel_map_mf_ss[HDSP_MAX_CHANNELS] = { /* Multiface */
/* Analog */
0, 1, 2, 3, 4, 5, 6, 7,
/* ADAT 2 */
16, 17, 18, 19, 20, 21, 22, 23,
/* SPDIF */
Reported by FlawFinder.
Line: 517
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
-1, -1, -1, -1, -1, -1, -1, -1
};
static const char channel_map_ds[HDSP_MAX_CHANNELS] = {
/* ADAT channels are remapped */
1, 3, 5, 7, 9, 11, 13, 15, 17, 19, 21, 23,
/* channels 12 and 13 are S/PDIF */
24, 25,
/* others don't exist */
Reported by FlawFinder.
Line: 526
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
static const char channel_map_H9632_ss[HDSP_MAX_CHANNELS] = {
/* ADAT channels */
0, 1, 2, 3, 4, 5, 6, 7,
/* SPDIF */
8, 9,
/* Analog */
Reported by FlawFinder.