The following issues were found
drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.h
3 issues
Line: 37
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u8 high_version;
__u8 asic_state;
__u8 rsvd0[5];
char system_name[32];
__le16 year;
__le16 month;
__le16 day;
__le16 hour;
__le16 minute;
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le16 second;
__le16 utc_bias;
__le16 rsvd1;
char commandline[256];
__le32 total_segments;
__le32 os_ver_major;
__le32 os_ver_minor;
__le32 rsvd2;
char os_name[32];
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le32 os_ver_major;
__le32 os_ver_minor;
__le32 rsvd2;
char os_name[32];
__le16 end_year;
__le16 end_month;
__le16 end_day;
__le16 end_hour;
__le16 end_minute;
Reported by FlawFinder.
drivers/net/ethernet/broadcom/bnxt/bnxt_debugfs.c
3 issues
Line: 67
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void debugfs_dim_ring_init(struct dim *dim, int ring_idx,
struct dentry *dd)
{
static char qname[16];
snprintf(qname, 10, "%d", ring_idx);
debugfs_create_file(qname, 0600, dd, dim, &debugfs_dim_fops);
}
Reported by FlawFinder.
Line: 49
Column: 14
CWE codes:
126
dim->tired);
if (!buf)
return -ENOMEM;
if (count < strlen(buf)) {
kfree(buf);
return -ENOSPC;
}
len = simple_read_from_buffer(buffer, count, ppos, buf, strlen(buf));
kfree(buf);
Reported by FlawFinder.
Line: 53
Column: 58
CWE codes:
126
kfree(buf);
return -ENOSPC;
}
len = simple_read_from_buffer(buffer, count, ppos, buf, strlen(buf));
kfree(buf);
return len;
}
static const struct file_operations debugfs_dim_fops = {
Reported by FlawFinder.
drivers/net/ethernet/broadcom/tg3.h
3 issues
Line: 3035
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dma_addr_t rx_rcb_mapping;
dma_addr_t tx_desc_mapping;
char irq_lbl[IFNAMSIZ];
unsigned int irq_vec;
};
enum TG3_FLAGS {
TG3_FLAG_TAGGED_STATUS = 0,
Reported by FlawFinder.
Line: 3366
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 rss_ind_tbl[TG3_RSS_INDIR_TBL_SIZE];
#define TG3_BPN_SIZE 24
char board_part_number[TG3_BPN_SIZE];
#define TG3_VER_SIZE ETHTOOL_FWVERS_LEN
char fw_ver[TG3_VER_SIZE];
u32 nic_sram_data_cfg;
u32 pci_clock_ctrl;
struct pci_dev *pdev_peer;
Reported by FlawFinder.
Line: 3368
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define TG3_BPN_SIZE 24
char board_part_number[TG3_BPN_SIZE];
#define TG3_VER_SIZE ETHTOOL_FWVERS_LEN
char fw_ver[TG3_VER_SIZE];
u32 nic_sram_data_cfg;
u32 pci_clock_ctrl;
struct pci_dev *pdev_peer;
struct tg3_hw_stats *hw_stats;
Reported by FlawFinder.
drivers/net/ethernet/brocade/bna/bfa_msgq.c
3 issues
Line: 216
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (len) {
to_copy = (len < BFI_MSGQ_CMD_ENTRY_SIZE) ?
len : BFI_MSGQ_CMD_ENTRY_SIZE;
memcpy(dst, src, to_copy);
len -= to_copy;
src += BFI_MSGQ_CMD_ENTRY_SIZE;
BFA_MSGQ_INDX_ADD(cmdq->producer_index, 1, cmdq->depth);
dst = (u8 *)cmdq->addr.kva;
dst += (cmdq->producer_index * BFI_MSGQ_CMD_ENTRY_SIZE);
Reported by FlawFinder.
Line: 290
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copied = (cmdq->bytes_to_copy >= BFI_CMD_COPY_SZ) ? BFI_CMD_COPY_SZ :
cmdq->bytes_to_copy;
addr += cmdq->offset;
memcpy(rsp->data, addr, copied);
cmdq->token++;
cmdq->offset += copied;
cmdq->bytes_to_copy -= copied;
Reported by FlawFinder.
Line: 653
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (len) {
to_copy = (len < BFI_MSGQ_RSP_ENTRY_SIZE) ?
len : BFI_MSGQ_RSP_ENTRY_SIZE;
memcpy(dst, src, to_copy);
len -= to_copy;
dst += BFI_MSGQ_RSP_ENTRY_SIZE;
BFA_MSGQ_INDX_ADD(ci, 1, rspq->depth);
src = (u8 *)rspq->addr.kva;
src += (ci * BFI_MSGQ_RSP_ENTRY_SIZE);
Reported by FlawFinder.
drivers/net/ethernet/brocade/bna/bfi.h
3 issues
Line: 191
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 rsvd_b;
u8 fcoe_mac[ETH_ALEN];
u16 rsvd_c;
char brcd_serialnum[STRSZ(BFA_MFG_SERIALNUM_SIZE)];
u8 pcie_gen;
u8 pcie_lanes_orig;
u8 pcie_lanes;
u8 rx_bbcredit; /*!< receive buffer credits */
u32 adapter_prop; /*!< adapter properties */
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 maxfrsize; /*!< max receive frame size */
char asic_rev;
u8 rsvd_d;
char fw_version[BFA_VERSION_LEN];
char optrom_version[BFA_VERSION_LEN];
struct bfa_mfg_vpd vpd;
u32 card_type; /*!< card type */
} __packed;
Reported by FlawFinder.
Line: 201
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char asic_rev;
u8 rsvd_d;
char fw_version[BFA_VERSION_LEN];
char optrom_version[BFA_VERSION_LEN];
struct bfa_mfg_vpd vpd;
u32 card_type; /*!< card type */
} __packed;
/* BFI_IOC_I2H_GETATTR_REPLY message */
Reported by FlawFinder.
drivers/net/ethernet/brocade/bna/bna_types.h
3 issues
Line: 251
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define BNA_MAX_NAME_SIZE 64
struct bna_ident {
int id;
char name[BNA_MAX_NAME_SIZE];
};
struct bna_mac {
/* This should be the first one */
struct list_head qe;
Reported by FlawFinder.
Line: 434
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 priority; /* Current priority */
unsigned long flags; /* Used by bnad as required */
int id;
char name[BNA_Q_NAME_SIZE];
};
/* TxQ QPT and configuration */
struct bna_txq {
/* This should be the first one */
Reported by FlawFinder.
Line: 630
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int intr_vector;
u8 rx_coalescing_timeo; /* For NAPI */
int id;
char name[BNA_Q_NAME_SIZE];
};
/* CQ QPT, configuration */
struct bna_cq {
struct bna_qpt qpt;
Reported by FlawFinder.
drivers/net/ethernet/calxeda/xgmac.c
3 issues
Line: 1482
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
xgmac_set_mac_addr(ioaddr, dev->dev_addr, 0);
return 0;
}
Reported by FlawFinder.
Line: 1556
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct xgmac_stats {
char stat_string[ETH_GSTRING_LEN];
int stat_offset;
bool is_reg;
};
#define XGMAC_STAT(m) \
Reported by FlawFinder.
Line: 1626
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < XGMAC_STATS_LEN; i++) {
memcpy(p, xgmac_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
default:
Reported by FlawFinder.
drivers/net/ethernet/cavium/liquidio/octeon_nic.c
3 issues
Line: 47
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
/* Copy existing command structure into the soft command */
memcpy(&sc->cmd, cmd, sizeof(union octeon_instr_64B));
/* Add in the response related fields. Opcode and Param are already
* there.
*/
if (OCTEON_CN23XX_PF(oct) || OCTEON_CN23XX_VF(oct)) {
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data = (u8 *)sc->virtdptr;
memcpy(data, &nctrl->ncmd, OCTNET_CMD_SIZE);
octeon_swap_8B_data((u64 *)data, (OCTNET_CMD_SIZE >> 3));
if (uddsize) {
/* Endian-Swap for UDD should have been done by caller. */
Reported by FlawFinder.
Line: 122
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (uddsize) {
/* Endian-Swap for UDD should have been done by caller. */
memcpy(data + OCTNET_CMD_SIZE, nctrl->udd, uddsize);
}
sc->iq_no = (u32)nctrl->iq_no;
octeon_prepare_soft_command(oct, sc, OPCODE_NIC, OPCODE_NIC_CMD,
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb/cxgb2.c
3 issues
Line: 450
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void get_strings(struct net_device *dev, u32 stringset, u8 *data)
{
if (stringset == ETH_SS_STATS)
memcpy(data, stats_strings, sizeof(stats_strings));
}
static void get_stats(struct net_device *dev, struct ethtool_stats *stats,
u64 *data)
{
Reported by FlawFinder.
Line: 792
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->magic = EEPROM_MAGIC(adapter);
for (i = e->offset & ~3; i < e->offset + e->len; i += sizeof(u32))
t1_seeprom_read(adapter, i, (__le32 *)&buf[i]);
memcpy(data, buf + e->offset, e->len);
return 0;
}
static const struct ethtool_ops t1_ethtool_ops = {
.supported_coalesce_params = ETHTOOL_COALESCE_RX_USECS |
Reported by FlawFinder.
Line: 852
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!mac->ops->macaddress_set)
return -EOPNOTSUPP;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
mac->ops->macaddress_set(mac, dev->dev_addr);
return 0;
}
static netdev_features_t t1_fix_features(struct net_device *dev,
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb3/common.h
3 issues
Line: 169
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char nports1; /* # of ports on channel 1 */
unsigned char phy_base_addr; /* MDIO PHY base address */
unsigned int gpio_out; /* GPIO output settings */
unsigned char gpio_intr[MAX_NPORTS]; /* GPIO PHY IRQ pins */
unsigned long caps; /* adapter capabilities */
const struct mdio_ops *mdio_ops; /* MDIO operations */
const char *desc; /* product description */
};
Reported by FlawFinder.
Line: 157
Column: 8
CWE codes:
120
20
struct adapter;
struct mdio_ops {
int (*read)(struct net_device *dev, int phy_addr, int mmd_addr,
u16 reg_addr);
int (*write)(struct net_device *dev, int phy_addr, int mmd_addr,
u16 reg_addr, u16 val);
unsigned mode_support;
};
Reported by FlawFinder.
Line: 590
Column: 35
CWE codes:
120
20
phy->mdio.prtad = phy_addr;
phy->mdio.mmds = phy_ops->mmds;
phy->mdio.mode_support = mdio_ops->mode_support;
phy->mdio.mdio_read = mdio_ops->read;
phy->mdio.mdio_write = mdio_ops->write;
}
}
/* Accumulate MAC statistics every 180 seconds. For 1G we multiply by 10. */
Reported by FlawFinder.