The following issues were found
drivers/media/common/b2c2/flexcop-eeprom.c
3 issues
Line: 40
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len != 16)
return 0;
memcpy(wbuf, key, len);
wbuf[16] = 0;
wbuf[17] = 0;
wbuf[18] = 0;
wbuf[19] = calc_lrc(wbuf, 19);
return eeprom_lrc_write(adapter, 0x3e4, 20, wbuf, rbuf, 4);
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (eeprom_lrc_read(adapter, 0x3e4, 20, buf, 4) == 0)
return 0;
memcpy(key, buf, len);
return 1;
}
static char eeprom_set_mac_addr(struct adapter *adapter, char type, u8 *mac)
{
Reported by FlawFinder.
Line: 143
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err("TODO: extended (EUI64) MAC addresses aren't completely supported yet");
ret = -EINVAL;
} else
memcpy(fc->dvb_adapter.proposed_mac,buf,6);
}
return ret;
}
EXPORT_SYMBOL(flexcop_eeprom_check_mac_addr);
Reported by FlawFinder.
drivers/media/common/siano/smscoreapi.c
3 issues
Line: 410
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct smscore_registry_entry_t {
struct list_head entry;
char devpath[32];
int mode;
enum sms_device_type_st type;
};
static struct list_head g_smscore_notifyees;
Reported by FlawFinder.
Line: 962
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(u32) + payload_size));
data_msg->mem_addr = mem_address;
memcpy(data_msg->payload, payload, payload_size);
rc = smscore_sendrequest_and_wait(coredev, data_msg,
data_msg->x_msg_header.msg_length,
&coredev->data_download_done);
Reported by FlawFinder.
Line: 1166
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_err("failed to allocate firmware buffer\n");
rc = -ENOMEM;
} else {
memcpy(fw_buf, fw->data, fw->size);
fw_buf_size = fw->size;
rc = (coredev->device_flags & SMS_DEVICE_FAMILY2) ?
smscore_load_firmware_family2(coredev, fw_buf, fw_buf_size)
: loadfirmware_handler(coredev->context, fw_buf,
Reported by FlawFinder.
drivers/media/common/ttpci-eeprom.c
3 issues
Line: 61
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
/* In case there is a sig check failure have the orig contents available */
memcpy(data, encodedMAC, 20);
for (i = 0; i < 20; i++)
data[i] ^= xor[i];
for (i = 0; i < 10; i++)
data[i] = ((data[2 * i + 1] << 8) | data[2 * i])
Reported by FlawFinder.
Line: 85
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 data[20];
int i;
memcpy(data, encodedMAC, 20);
for (i = 0; i < 20; i++)
data[i] ^= xor[i];
for (i = 0; i < 10; i++)
data[i] = ((data[2 * i + 1] << 8) | data[2 * i])
Reported by FlawFinder.
Line: 150
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(proposed_mac, decodedMAC, 6);
dprintk("adapter has MAC addr = %pM\n", decodedMAC);
return 0;
}
EXPORT_SYMBOL(ttpci_eeprom_parse_mac);
Reported by FlawFinder.
drivers/media/dvb-frontends/cx24116.c
3 issues
Line: 221
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
*(buf) = reg;
memcpy(buf + 1, data, len);
msg.addr = state->config->demod_address;
msg.flags = 0;
msg.buf = buf;
msg.len = len + 1;
Reported by FlawFinder.
Line: 556
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cx24116_state *state = fe->demodulator_priv;
struct cx24116_cmd cmd;
int i, ret, len, max, remaining;
unsigned char vers[4];
dprintk("%s\n", __func__);
dprintk("Firmware is %zu bytes (%02x %02x .. %02x %02x)\n",
fw->size,
fw->data[0],
Reported by FlawFinder.
Line: 1131
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* create dvb_frontend */
memcpy(&state->frontend.ops, &cx24116_ops,
sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
return &state->frontend;
}
EXPORT_SYMBOL(cx24116_attach);
Reported by FlawFinder.
drivers/media/dvb-frontends/cxd2099.c
3 issues
Line: 111
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!status) {
u8 buf[256];
memcpy(buf, data, n);
status = regmap_raw_write(ci->regmap, 3, buf, n);
}
return status;
}
Reported by FlawFinder.
Line: 180
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ci->cfg.max_i2c && (len + 1 > ci->cfg.max_i2c))
len = ci->cfg.max_i2c - 1;
memcpy(buf, data, len);
status = regmap_raw_write(ci->regmap, 1, buf, len);
if (status)
return status;
n -= len;
data += len;
Reported by FlawFinder.
Line: 540
Column: 70
CWE codes:
362
return 0;
}
static int poll_slot_status(struct dvb_ca_en50221 *ca, int slot, int open)
{
struct cxd *ci = ca->data;
u8 slotstat;
mutex_lock(&ci->lock);
Reported by FlawFinder.
drivers/media/dvb-frontends/dib0070.c
3 issues
Line: 234
Column: 58
CWE codes:
362
return dib0070_write_reg(state, 0x15, lo5);
}
void dib0070_ctrl_agc_filter(struct dvb_frontend *fe, u8 open)
{
struct dib0070_state *state = fe->tuner_priv;
if (open) {
dib0070_write_reg(state, 0x1b, 0xff00);
Reported by FlawFinder.
Line: 238
Column: 6
CWE codes:
362
{
struct dib0070_state *state = fe->tuner_priv;
if (open) {
dib0070_write_reg(state, 0x1b, 0xff00);
dib0070_write_reg(state, 0x1a, 0x0000);
} else {
dib0070_write_reg(state, 0x1b, 0x4112);
if (state->cfg->vga_filter != 0) {
Reported by FlawFinder.
Line: 755
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto free_mem;
pr_info("DiB0070: successfully identified\n");
memcpy(&fe->ops.tuner_ops, &dib0070_ops, sizeof(struct dvb_tuner_ops));
fe->tuner_priv = state;
return fe;
free_mem:
Reported by FlawFinder.
drivers/media/dvb-frontends/dib8000.c
3 issues
Line: 3597
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (index_frontend = 0; (index_frontend < MAX_NUMBER_OF_FRONTENDS) && (state->fe[index_frontend] != NULL); index_frontend++) {
/* synchronization of the cache */
state->fe[index_frontend]->dtv_property_cache.delivery_system = SYS_ISDBT;
memcpy(&state->fe[index_frontend]->dtv_property_cache, &fe->dtv_property_cache, sizeof(struct dtv_frontend_properties));
/* set output mode and diversity input */
if (state->revision != 0x8090) {
dib8000_set_diversity_in(state->fe[index_frontend], 1);
if (index_frontend != 0)
Reported by FlawFinder.
Line: 4430
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (fe == NULL)
goto error;
memcpy(&state->cfg, cfg, sizeof(struct dib8000_config));
state->i2c.adap = i2c_adap;
state->i2c.addr = i2c_addr;
state->i2c.i2c_write_buffer = state->i2c_write_buffer;
state->i2c.i2c_read_buffer = state->i2c_read_buffer;
mutex_init(&state->i2c_buffer_lock);
Reported by FlawFinder.
Line: 4448
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
state->fe[0] = fe;
fe->demodulator_priv = state;
memcpy(&state->fe[0]->ops, &dib8000_ops, sizeof(struct dvb_frontend_ops));
state->timf_default = cfg->pll->timf;
if (dib8000_identify(&state->i2c) == 0)
goto error;
Reported by FlawFinder.
drivers/media/dvb-frontends/dvb_dummy_fe.c
3 issues
Line: 122
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
/* create dvb_frontend */
memcpy(&state->frontend.ops,
&dvb_dummy_fe_ofdm_ops,
sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
return &state->frontend;
Reported by FlawFinder.
Line: 143
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
/* create dvb_frontend */
memcpy(&state->frontend.ops,
&dvb_dummy_fe_qpsk_ops,
sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
return &state->frontend;
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
/* create dvb_frontend */
memcpy(&state->frontend.ops,
&dvb_dummy_fe_qam_ops,
sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
return &state->frontend;
Reported by FlawFinder.
drivers/media/dvb-frontends/lg2160.c
3 issues
Line: 1347
.frequency_stepsize_hz = 62500,
},
.i2c_gate_ctrl = lg216x_i2c_gate_ctrl,
#if 0
.init = lg216x_init,
.sleep = lg216x_sleep,
#endif
.set_frontend = lg2160_set_frontend,
.get_frontend = lg216x_get_frontend,
Reported by Cppcheck.
Line: 1413
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lg_warn("invalid chip requested, defaulting to LG2160");
fallthrough;
case LG2160:
memcpy(&state->frontend.ops, &lg2160_ops,
sizeof(struct dvb_frontend_ops));
break;
case LG2161:
memcpy(&state->frontend.ops, &lg2161_ops,
sizeof(struct dvb_frontend_ops));
Reported by FlawFinder.
Line: 1417
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct dvb_frontend_ops));
break;
case LG2161:
memcpy(&state->frontend.ops, &lg2161_ops,
sizeof(struct dvb_frontend_ops));
break;
}
state->frontend.demodulator_priv = state;
Reported by FlawFinder.
drivers/media/dvb-frontends/mb86a16.c
3 issues
Line: 406
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret;
int smrtd;
unsigned char S[3];
int i;
if (*SIG > 45) {
if (CNTM_set(state, 2, 1, 2) < 0) {
dprintk(verbose, MB86A16_ERROR, 1, "CNTM set Error");
Reported by FlawFinder.
Line: 458
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned char C, F, B;
int M;
unsigned char rf_val[5];
int ack = -1;
if (smrt > 37750)
C = 1;
else if (smrt > 18875)
Reported by FlawFinder.
Line: 1842
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dev_id != 0xfe)
goto error;
memcpy(&state->frontend.ops, &mb86a16_ops, sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
state->frontend.ops.set_voltage = state->config->set_voltage;
return &state->frontend;
error:
Reported by FlawFinder.