The following issues were found
drivers/scsi/bfa/bfa_fcs_rport.c
4 issues
Line: 2435
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct bfa_fcs_lport_s *port = rport->port;
struct bfad_s *bfad = (struct bfad_s *)port->fcs->bfad;
char lpwwn_buf[BFA_STRING_32];
char rpwwn_buf[BFA_STRING_32];
rport->stats.onlines++;
if ((!rport->pid) || (!rport->pwwn)) {
Reported by FlawFinder.
Line: 2436
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfa_fcs_lport_s *port = rport->port;
struct bfad_s *bfad = (struct bfad_s *)port->fcs->bfad;
char lpwwn_buf[BFA_STRING_32];
char rpwwn_buf[BFA_STRING_32];
rport->stats.onlines++;
if ((!rport->pid) || (!rport->pwwn)) {
bfa_trc(rport->fcs, rport->pid);
Reported by FlawFinder.
Line: 2475
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct bfa_fcs_lport_s *port = rport->port;
struct bfad_s *bfad = (struct bfad_s *)port->fcs->bfad;
char lpwwn_buf[BFA_STRING_32];
char rpwwn_buf[BFA_STRING_32];
if (!rport->bfa_rport) {
bfa_fcs_rport_fcs_offline_action(rport);
return;
Reported by FlawFinder.
Line: 2476
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bfa_fcs_lport_s *port = rport->port;
struct bfad_s *bfad = (struct bfad_s *)port->fcs->bfad;
char lpwwn_buf[BFA_STRING_32];
char rpwwn_buf[BFA_STRING_32];
if (!rport->bfa_rport) {
bfa_fcs_rport_fcs_offline_action(rport);
return;
}
Reported by FlawFinder.
drivers/scsi/libfc/fc_fcp.c
4 issues
Line: 697
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* but we must not cross pages inside the kmap.
*/
page_addr = kmap_atomic(page);
memcpy(data, (char *)page_addr + (off & ~PAGE_MASK),
sg_bytes);
kunmap_atomic(page_addr);
data += sg_bytes;
}
offset += sg_bytes;
Reported by FlawFinder.
Line: 905
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
snsl = ntohl(rp_ex->fr_sns_len);
if (snsl > SCSI_SENSE_BUFFERSIZE)
snsl = SCSI_SENSE_BUFFERSIZE;
memcpy(fsp->cmd->sense_buffer,
(char *)fc_rp_info + respl, snsl);
}
}
if (flags & (FCP_RESID_UNDER | FCP_RESID_OVER)) {
if (plen < sizeof(*fc_rp) + sizeof(rp_ex->fr_resid))
Reported by FlawFinder.
Line: 1145
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fsp->cdb_cmd.fc_flags = fsp->req_flags & ~FCP_CFL_LEN_MASK;
int_to_scsilun(fsp->cmd->device->lun, &fsp->cdb_cmd.fc_lun);
memcpy(fsp->cdb_cmd.fc_cdb, fsp->cmd->cmnd, fsp->cmd->cmd_len);
spin_lock_irqsave(&si->scsi_queue_lock, flags);
list_add_tail(&fsp->list, &si->scsi_pkt_queue);
spin_unlock_irqrestore(&si->scsi_queue_lock, flags);
rc = lport->tt.fcp_cmd_send(lport, fsp, fc_fcp_recv);
Reported by FlawFinder.
Line: 1188
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto unlock;
}
memcpy(fc_frame_payload_get(fp, len), &fsp->cdb_cmd, len);
fr_fsp(fp) = fsp;
rport = fsp->rport;
fsp->max_payload = rport->maxframe_size;
rpriv = rport->dd_data;
Reported by FlawFinder.
drivers/rtc/rtc-max8925.c
4 issues
Line: 154
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int max8925_rtc_read_time(struct device *dev, struct rtc_time *tm)
{
struct max8925_rtc_info *info = dev_get_drvdata(dev);
unsigned char buf[TIME_NUM];
int ret;
ret = max8925_bulk_read(info->rtc, MAX8925_RTC_SEC, TIME_NUM, buf);
if (ret < 0)
goto out;
Reported by FlawFinder.
Line: 168
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int max8925_rtc_set_time(struct device *dev, struct rtc_time *tm)
{
struct max8925_rtc_info *info = dev_get_drvdata(dev);
unsigned char buf[TIME_NUM];
int ret;
ret = data_calc(buf, tm, TIME_NUM);
if (ret < 0)
goto out;
Reported by FlawFinder.
Line: 182
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int max8925_rtc_read_alarm(struct device *dev, struct rtc_wkalrm *alrm)
{
struct max8925_rtc_info *info = dev_get_drvdata(dev);
unsigned char buf[TIME_NUM];
int ret;
ret = max8925_bulk_read(info->rtc, MAX8925_ALARM0_SEC, TIME_NUM, buf);
if (ret < 0)
goto out;
Reported by FlawFinder.
Line: 220
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int max8925_rtc_set_alarm(struct device *dev, struct rtc_wkalrm *alrm)
{
struct max8925_rtc_info *info = dev_get_drvdata(dev);
unsigned char buf[TIME_NUM];
int ret;
ret = data_calc(buf, &alrm->time, TIME_NUM);
if (ret < 0)
goto out;
Reported by FlawFinder.
drivers/pcmcia/cistpl.c
4 issues
Line: 299
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock(&s->ops_mutex);
if (s->fake_cis) {
if (s->fake_cis_len >= addr+len)
memcpy(ptr, s->fake_cis+addr, len);
else {
memset(ptr, 0xff, len);
ret = -EINVAL;
}
mutex_unlock(&s->ops_mutex);
Reported by FlawFinder.
Line: 310
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
list_for_each_entry(cis, &s->cis_cache, node) {
if (cis->addr == addr && cis->len == len && cis->attr == attr) {
memcpy(ptr, cis->cache, len);
mutex_unlock(&s->ops_mutex);
return 0;
}
}
Reported by FlawFinder.
Line: 325
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cis->addr = addr;
cis->len = len;
cis->attr = attr;
memcpy(cis->cache, ptr, len);
list_add(&cis->node, &s->cis_cache);
}
}
mutex_unlock(&s->ops_mutex);
Reported by FlawFinder.
Line: 426
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
s->fake_cis_len = len;
memcpy(s->fake_cis, data, len);
dev_info(&s->dev, "Using replacement CIS\n");
mutex_unlock(&s->ops_mutex);
return 0;
}
Reported by FlawFinder.
drivers/scsi/fnic/vnic_devcmd.h
4 issues
Line: 422
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct vnic_devcmd_fw_info {
char fw_version[32];
char fw_build[32];
char hw_version[32];
char hw_serial_number[32];
};
Reported by FlawFinder.
Line: 423
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vnic_devcmd_fw_info {
char fw_version[32];
char fw_build[32];
char hw_version[32];
char hw_serial_number[32];
};
struct vnic_devcmd_notify {
Reported by FlawFinder.
Line: 424
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vnic_devcmd_fw_info {
char fw_version[32];
char fw_build[32];
char hw_version[32];
char hw_serial_number[32];
};
struct vnic_devcmd_notify {
u32 csum; /* checksum over following words */
Reported by FlawFinder.
Line: 425
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char fw_version[32];
char fw_build[32];
char hw_version[32];
char hw_serial_number[32];
};
struct vnic_devcmd_notify {
u32 csum; /* checksum over following words */
Reported by FlawFinder.
drivers/scsi/device_handler/scsi_dh_emc.c
4 issues
Line: 76
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* I/O buffer for both MODE_SELECT and INQUIRY commands.
*/
unsigned char buffer[CLARIION_BUFFER_SIZE];
/*
* LUN state
*/
int lun_state;
/*
Reported by FlawFinder.
Line: 239
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clariion_dh_data *csdev)
{
unsigned char *page22;
unsigned char cdb[MAX_COMMAND_SIZE];
int err, res = SCSI_DH_OK, len;
struct scsi_sense_hdr sshdr;
u64 req_flags = REQ_FAILFAST_DEV | REQ_FAILFAST_TRANSPORT |
REQ_FAILFAST_DRIVER;
Reported by FlawFinder.
Line: 264
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cdb[8] = len;
}
BUG_ON((len > CLARIION_BUFFER_SIZE));
memcpy(csdev->buffer, page22, len);
err = scsi_execute(sdev, cdb, DMA_TO_DEVICE, csdev->buffer, len, NULL,
&sshdr, CLARIION_TIMEOUT * HZ, CLARIION_RETRIES,
req_flags, 0, NULL);
if (err) {
Reported by FlawFinder.
Line: 359
Column: 7
CWE codes:
126
/*
* FC Series arrays do not support long trespass
*/
if (!strlen(sp_model) || !strncmp(sp_model, "FC",2))
csdev->flags |= CLARIION_SHORT_TRESPASS;
sdev_printk(KERN_INFO, sdev,
"%s: detected Clariion %s, flags %x\n",
CLARIION_NAME, sp_model, csdev->flags);
Reported by FlawFinder.
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8723b.c
4 issues
Line: 406
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ether_addr_copy(priv->mac_addr, efuse->mac_addr);
memcpy(priv->cck_tx_power_index_A, efuse->tx_power_index_A.cck_base,
sizeof(efuse->tx_power_index_A.cck_base));
memcpy(priv->cck_tx_power_index_B, efuse->tx_power_index_B.cck_base,
sizeof(efuse->tx_power_index_B.cck_base));
memcpy(priv->ht40_1s_tx_power_index_A,
Reported by FlawFinder.
Line: 408
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->cck_tx_power_index_A, efuse->tx_power_index_A.cck_base,
sizeof(efuse->tx_power_index_A.cck_base));
memcpy(priv->cck_tx_power_index_B, efuse->tx_power_index_B.cck_base,
sizeof(efuse->tx_power_index_B.cck_base));
memcpy(priv->ht40_1s_tx_power_index_A,
efuse->tx_power_index_A.ht40_base,
sizeof(efuse->tx_power_index_A.ht40_base));
Reported by FlawFinder.
Line: 411
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->cck_tx_power_index_B, efuse->tx_power_index_B.cck_base,
sizeof(efuse->tx_power_index_B.cck_base));
memcpy(priv->ht40_1s_tx_power_index_A,
efuse->tx_power_index_A.ht40_base,
sizeof(efuse->tx_power_index_A.ht40_base));
memcpy(priv->ht40_1s_tx_power_index_B,
efuse->tx_power_index_B.ht40_base,
sizeof(efuse->tx_power_index_B.ht40_base));
Reported by FlawFinder.
Line: 414
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(priv->ht40_1s_tx_power_index_A,
efuse->tx_power_index_A.ht40_base,
sizeof(efuse->tx_power_index_A.ht40_base));
memcpy(priv->ht40_1s_tx_power_index_B,
efuse->tx_power_index_B.ht40_base,
sizeof(efuse->tx_power_index_B.ht40_base));
priv->ofdm_tx_power_diff[0].a =
efuse->tx_power_index_A.ht20_ofdm_1s_diff.a;
Reported by FlawFinder.
drivers/net/wireless/ti/wl18xx/main.c
4 issues
Line: 1053
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct wl18xx_priv *priv = wl->priv;
memcpy(priv->cmd_buf, buf, len);
memset(priv->cmd_buf + len, 0, WL18XX_CMD_MAX_SIZE - len);
return wlcore_write(wl, cmd_box_addr, priv->cmd_buf,
WL18XX_CMD_MAX_SIZE, false);
}
Reported by FlawFinder.
Line: 1430
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_release;
}
memcpy(conf, &conf_file->core, sizeof(*conf));
memcpy(priv_conf, &conf_file->priv, sizeof(*priv_conf));
out_release:
release_firmware(fw);
return ret;
Reported by FlawFinder.
Line: 1431
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(conf, &conf_file->core, sizeof(*conf));
memcpy(priv_conf, &conf_file->priv, sizeof(*priv_conf));
out_release:
release_firmware(fw);
return ret;
}
Reported by FlawFinder.
Line: 1519
Column: 2
CWE codes:
120
struct wl18xx_static_data_priv *static_data_priv =
(struct wl18xx_static_data_priv *) static_data->priv;
strncpy(wl->chip.phy_fw_ver_str, static_data_priv->phy_version,
sizeof(wl->chip.phy_fw_ver_str));
/* make sure the string is NULL-terminated */
wl->chip.phy_fw_ver_str[sizeof(wl->chip.phy_fw_ver_str) - 1] = '\0';
Reported by FlawFinder.
drivers/scsi/gvp11.h
4 issues
Line: 30
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define GVP11_XFER_MASK (0xff000001)
struct gvp11_scsiregs {
unsigned char pad1[64];
volatile unsigned short CNTR;
unsigned char pad2[31];
volatile unsigned char SASR;
unsigned char pad3;
volatile unsigned char SCMD;
Reported by FlawFinder.
Line: 32
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gvp11_scsiregs {
unsigned char pad1[64];
volatile unsigned short CNTR;
unsigned char pad2[31];
volatile unsigned char SASR;
unsigned char pad3;
volatile unsigned char SCMD;
unsigned char pad4[4];
volatile unsigned short BANK;
Reported by FlawFinder.
Line: 36
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
volatile unsigned char SASR;
unsigned char pad3;
volatile unsigned char SCMD;
unsigned char pad4[4];
volatile unsigned short BANK;
unsigned char pad5[6];
volatile unsigned long ACR;
volatile unsigned short secret1; /* store 0 here */
volatile unsigned short ST_DMA;
Reported by FlawFinder.
Line: 38
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
volatile unsigned char SCMD;
unsigned char pad4[4];
volatile unsigned short BANK;
unsigned char pad5[6];
volatile unsigned long ACR;
volatile unsigned short secret1; /* store 0 here */
volatile unsigned short ST_DMA;
volatile unsigned short SP_DMA;
volatile unsigned short secret2; /* store 1 here */
Reported by FlawFinder.
drivers/platform/x86/intel-uncore-frequency.c
4 issues
Line: 189
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ret;
if (min_max)
return sprintf(buf, "%u\n", max);
return sprintf(buf, "%u\n", min);
}
#define store_uncore_min_max(name, min_max) \
Reported by FlawFinder.
Line: 191
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (min_max)
return sprintf(buf, "%u\n", max);
return sprintf(buf, "%u\n", min);
}
#define store_uncore_min_max(name, min_max) \
static ssize_t store_##name(struct kobject *kobj, \
struct attribute *attr, \
Reported by FlawFinder.
Line: 268
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* control cpu changed */
data->control_cpu = cpu;
} else {
char str[64];
int ret;
memset(data, 0, sizeof(*data));
sprintf(str, "package_%02d_die_%02d",
topology_physical_package_id(cpu),
Reported by FlawFinder.
Line: 272
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int ret;
memset(data, 0, sizeof(*data));
sprintf(str, "package_%02d_die_%02d",
topology_physical_package_id(cpu),
topology_die_id(cpu));
uncore_read_ratio(data, &data->initial_min_freq_khz,
&data->initial_max_freq_khz);
Reported by FlawFinder.