The following issues were found
drivers/net/ethernet/marvell/octeontx2/af/cgx.c
3 issues
Line: 50
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Convert firmware lmac type encoding to string */
static const char *cgx_lmactype_string[LMAC_MODE_MAX] = {
[LMAC_MODE_SGMII] = "SGMII",
[LMAC_MODE_XAUI] = "XAUI",
[LMAC_MODE_RXAUI] = "RXAUI",
[LMAC_MODE_10G_R] = "10G_R",
[LMAC_MODE_40G_R] = "40G_R",
Reported by FlawFinder.
Line: 1480
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
err = -ENOMEM;
goto err_lmac_free;
}
sprintf(lmac->name, "cgx_fwi_%d_%d", cgx->cgx_id, i);
if (cgx->mac_ops->non_contiguous_serdes_lane) {
lmac->lmac_id = __ffs64(lmac_list);
lmac_list &= ~BIT_ULL(lmac->lmac_id);
} else {
lmac->lmac_id = i;
Reported by FlawFinder.
Line: 1089
Column: 2
CWE codes:
120
linfo->fec = FIELD_GET(RESP_LINKSTAT_FEC, lstat);
linfo->lmac_type_id = cgx_get_lmac_type(cgx, lmac_id);
lmac_string = cgx_lmactype_string[linfo->lmac_type_id];
strncpy(linfo->lmac_type, lmac_string, LMACTYPE_STR_LEN - 1);
}
/* Hardware event handlers */
static inline void cgx_link_change_handler(u64 lstat,
struct lmac *lmac)
Reported by FlawFinder.
drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c
3 issues
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* pch_gbe_stats - Stats item information
*/
struct pch_gbe_stats {
char string[ETH_GSTRING_LEN];
size_t size;
size_t offset;
};
#define PCH_GBE_STAT(m) \
Reported by FlawFinder.
Line: 121
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pch_gbe_phy_write_reg_miic(hw, MII_BMCR, BMCR_RESET);
memcpy(©_ecmd, ecmd, sizeof(*ecmd));
/* when set_settings() is called with a ethtool_cmd previously
* filled by get_settings() on a down link, speed is -1: */
if (speed == UINT_MAX) {
speed = SPEED_1000;
Reported by FlawFinder.
Line: 445
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case (u32) ETH_SS_STATS:
for (i = 0; i < PCH_GBE_GLOBAL_STATS_LEN; i++) {
memcpy(p, pch_gbe_gstrings_stats[i].string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
}
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/pci.c
3 issues
Line: 893
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 csz;
u32 val;
int ret = 0;
char hw_name[64];
int msi_enabled = 0;
if (pcim_enable_device(pdev))
return -EIO;
Reported by FlawFinder.
Line: 804
Column: 15
CWE codes:
120
20
{
struct ath_hw *ah = (struct ath_hw *) common->ah;
common->ops->read(ah, AR5416_EEPROM_OFFSET + (off << AR5416_EEPROM_S));
if (!ath9k_hw_wait(ah,
AR_EEPROM_STATUS_DATA,
AR_EEPROM_STATUS_DATA_BUSY |
AR_EEPROM_STATUS_DATA_PROT_ACCESS, 0,
Reported by FlawFinder.
drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c
3 issues
Line: 1056
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
input->flow_type = ICE_FLTR_PTYPE_NONF_IPV6_OTHER;
if (hdr->field_selector) {
memcpy(input->ip.v6.src_ip,
ip6h->saddr.in6_u.u6_addr8,
sizeof(ip6h->saddr));
memcpy(input->ip.v6.dst_ip,
ip6h->daddr.in6_u.u6_addr8,
sizeof(ip6h->daddr));
Reported by FlawFinder.
Line: 1059
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(input->ip.v6.src_ip,
ip6h->saddr.in6_u.u6_addr8,
sizeof(ip6h->saddr));
memcpy(input->ip.v6.dst_ip,
ip6h->daddr.in6_u.u6_addr8,
sizeof(ip6h->daddr));
input->ip.v6.tc = ((u8)(ip6h->priority) << 4) |
(ip6h->flow_lbl[0] >> 4);
input->ip.v6.proto = ip6h->nexthdr;
Reported by FlawFinder.
Line: 1592
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx_done->conf = ctx_irq->conf;
ctx_done->stat = ICE_FDIR_CTX_IRQ;
ctx_done->v_opcode = ctx_irq->v_opcode;
memcpy(&ctx_done->rx_desc, rx_desc, sizeof(*rx_desc));
spin_unlock_irqrestore(&fdir->ctx_lock, flags);
ret = del_timer(&ctx_irq->rx_tmr);
if (!ret)
dev_err(dev, "VF %d: Unexpected inactive timer!\n", vf->vf_id);
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/mci.c
3 issues
Line: 60
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!entry)
return false;
memcpy(entry, info, 10);
INC_PROF(mci, info);
list_add_tail(&entry->list, &mci->info);
if (info->type == MCI_GPM_COEX_PROFILE_VOICE) {
if (info->voice_type < sizeof(voice_priority))
mci->voice_priority = voice_priority[info->voice_type];
Reported by FlawFinder.
Line: 317
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DEC_PROF(mci, entry);
INC_PROF(mci, info);
}
memcpy(entry, info, 10);
}
if (info->start) {
if (!entry && !ath_mci_add_profile(common, mci, info))
return 0;
Reported by FlawFinder.
Line: 396
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ar9003_mci_send_wlan_channels(ah);
break;
case MCI_GPM_COEX_BT_PROFILE_INFO:
memcpy(&profile_info,
(rx_payload + MCI_GPM_COEX_B_PROFILE_TYPE), 10);
if ((profile_info.type == MCI_GPM_COEX_PROFILE_UNKNOWN) ||
(profile_info.type >= MCI_GPM_COEX_PROFILE_MAX)) {
ath_dbg(common, MCI,
Reported by FlawFinder.
drivers/net/ethernet/pensando/ionic/ionic_main.c
3 issues
Line: 252
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
comp = cq_info->cq_desc;
memcpy(&ctx->comp, comp, sizeof(*comp));
dev_dbg(q->dev, "comp admin queue command:\n");
dynamic_hex_dump("comp ", DUMP_PREFIX_OFFSET, 16, 1,
&ctx->comp, sizeof(ctx->comp), true);
Reported by FlawFinder.
Line: 286
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_out;
desc_info = &q->info[q->head_idx];
memcpy(desc_info->desc, &ctx->cmd, sizeof(ctx->cmd));
dev_dbg(&lif->netdev->dev, "post admin queue command:\n");
dynamic_hex_dump("cmd ", DUMP_PREFIX_OFFSET, 16, 1,
&ctx->cmd, sizeof(ctx->cmd), true);
Reported by FlawFinder.
Line: 437
Column: 2
CWE codes:
120
memset(ident, 0, sizeof(*ident));
ident->drv.os_type = cpu_to_le32(IONIC_OS_TYPE_LINUX);
strncpy(ident->drv.driver_ver_str, UTS_RELEASE,
sizeof(ident->drv.driver_ver_str) - 1);
mutex_lock(&ionic->dev_cmd_lock);
sz = min(sizeof(ident->drv), sizeof(idev->dev_cmd_regs->data));
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/link.c
3 issues
Line: 249
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ftype = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC;
hdr->frame_control = cpu_to_le16(ftype);
hdr->duration_id = cpu_to_le16(10);
memcpy(hdr->addr1, hw->wiphy->perm_addr, ETH_ALEN);
memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN);
memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN);
for (chain = 0; chain < AR9300_MAX_CHAINS; chain++) {
if (!(ah->txchainmask & BIT(chain)))
Reported by FlawFinder.
Line: 250
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->frame_control = cpu_to_le16(ftype);
hdr->duration_id = cpu_to_le16(10);
memcpy(hdr->addr1, hw->wiphy->perm_addr, ETH_ALEN);
memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN);
memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN);
for (chain = 0; chain < AR9300_MAX_CHAINS; chain++) {
if (!(ah->txchainmask & BIT(chain)))
continue;
Reported by FlawFinder.
Line: 251
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->duration_id = cpu_to_le16(10);
memcpy(hdr->addr1, hw->wiphy->perm_addr, ETH_ALEN);
memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN);
memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN);
for (chain = 0; chain < AR9300_MAX_CHAINS; chain++) {
if (!(ah->txchainmask & BIT(chain)))
continue;
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c
3 issues
Line: 476
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->tsf_id = cpu_to_le32(mvmvif->tsf_id);
memcpy(cmd->node_addr, vif->addr, ETH_ALEN);
if (bssid)
memcpy(cmd->bssid_addr, bssid, ETH_ALEN);
else
eth_broadcast_addr(cmd->bssid_addr);
Reported by FlawFinder.
Line: 479
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(cmd->node_addr, vif->addr, ETH_ALEN);
if (bssid)
memcpy(cmd->bssid_addr, bssid, ETH_ALEN);
else
eth_broadcast_addr(cmd->bssid_addr);
rcu_read_lock();
chanctx = rcu_dereference(vif->chanctx_conf);
Reported by FlawFinder.
Line: 1459
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the data */
skb_put_data(skb, sb->data, size);
memcpy(IEEE80211_SKB_RXCB(skb), &rx_status, sizeof(rx_status));
/* pass it as regular rx to mac80211 */
ieee80211_rx_napi(mvm->hw, NULL, skb, NULL);
}
Reported by FlawFinder.
drivers/net/ethernet/intel/ice/ice_txrx.c
3 issues
Line: 66
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i = tx_ring->next_to_use;
first = &tx_ring->tx_buf[i];
f_desc = ICE_TX_FDIRDESC(tx_ring, i);
memcpy(f_desc, fdir_desc, sizeof(*f_desc));
i++;
i = (i < tx_ring->count) ? i : 0;
tx_desc = ICE_TX_DESC(tx_ring, i);
tx_buf = &tx_ring->tx_buf[i];
Reported by FlawFinder.
Line: 966
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
headlen = eth_get_headlen(skb->dev, xdp->data, ICE_RX_HDR_SIZE);
/* align pull length to size of long to optimize memcpy performance */
memcpy(__skb_put(skb, headlen), xdp->data, ALIGN(headlen,
sizeof(long)));
/* if we exhaust the linear part then add what is left as a frag */
size -= headlen;
if (size) {
Reported by FlawFinder.
Line: 697
Column: 12
CWE codes:
120
20
/* Refresh the desc even if buffer_addrs didn't change
* because each write-back erases this info.
*/
rx_desc->read.pkt_addr = cpu_to_le64(bi->dma + bi->page_offset);
rx_desc++;
bi++;
ntu++;
if (unlikely(ntu == rx_ring->count)) {
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed.h
3 issues
Line: 324
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 ovlan;
u32 part_num[4];
unsigned char hw_mac_addr[ETH_ALEN];
u64 node_wwn;
u64 port_wwn;
u16 num_fcoe_conns;
Reported by FlawFinder.
Line: 549
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 dp_module;
u8 dp_level;
char name[NAME_SIZE];
bool hw_init_done;
u8 num_funcs_on_engine;
u8 enabled_func_idx;
Reported by FlawFinder.
Line: 713
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qed_dev {
u32 dp_module;
u8 dp_level;
char name[NAME_SIZE];
enum qed_dev_type type;
/* Translate type/revision combo into the proper conditions */
#define QED_IS_BB(dev) ((dev)->type == QED_DEV_TYPE_BB)
#define QED_IS_BB_B0(dev) (QED_IS_BB(dev) && CHIP_REV_IS_B0(dev))
Reported by FlawFinder.