The following issues were found
drivers/net/wireless/ath/ath9k/ar9003_phy.c
3 issues
Line: 1887
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void ar9003_hw_init_txpower_stbc(struct ath_hw *ah, int ss_offset,
int ds_offset, int ts_offset)
{
memcpy(&ah->tx_power_stbc[ss_offset], &ah->tx_power[ss_offset],
AR9300_HT_SS_RATES);
memcpy(&ah->tx_power_stbc[ds_offset], &ah->tx_power[ds_offset],
AR9300_HT_DS_RATES);
memcpy(&ah->tx_power_stbc[ts_offset], &ah->tx_power[ts_offset],
AR9300_HT_TS_RATES);
Reported by FlawFinder.
Line: 1889
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
memcpy(&ah->tx_power_stbc[ss_offset], &ah->tx_power[ss_offset],
AR9300_HT_SS_RATES);
memcpy(&ah->tx_power_stbc[ds_offset], &ah->tx_power[ds_offset],
AR9300_HT_DS_RATES);
memcpy(&ah->tx_power_stbc[ts_offset], &ah->tx_power[ts_offset],
AR9300_HT_TS_RATES);
}
Reported by FlawFinder.
Line: 1891
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
AR9300_HT_SS_RATES);
memcpy(&ah->tx_power_stbc[ds_offset], &ah->tx_power[ds_offset],
AR9300_HT_DS_RATES);
memcpy(&ah->tx_power_stbc[ts_offset], &ah->tx_power[ts_offset],
AR9300_HT_TS_RATES);
}
void ar9003_hw_init_rate_txpower(struct ath_hw *ah, u8 *rate_array,
struct ath9k_channel *chan)
Reported by FlawFinder.
drivers/net/ethernet/intel/ice/ice_sched.c
3 issues
Line: 38
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ICE_ERR_NO_MEMORY;
}
memcpy(&root->info, info, sizeof(*info));
pi->root = root;
return 0;
}
/**
Reported by FlawFinder.
Line: 589
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(*q_ctx), GFP_KERNEL);
if (!q_ctx)
return ICE_ERR_NO_MEMORY;
memcpy(q_ctx, vsi_ctx->lan_q_ctx[tc],
prev_num * sizeof(*q_ctx));
devm_kfree(ice_hw_to_dev(hw), vsi_ctx->lan_q_ctx[tc]);
vsi_ctx->lan_q_ctx[tc] = q_ctx;
vsi_ctx->num_lan_q_entries[tc] = new_numqs;
}
Reported by FlawFinder.
Line: 633
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(*q_ctx), GFP_KERNEL);
if (!q_ctx)
return ICE_ERR_NO_MEMORY;
memcpy(q_ctx, vsi_ctx->rdma_q_ctx[tc],
prev_num * sizeof(*q_ctx));
devm_kfree(ice_hw_to_dev(hw), vsi_ctx->rdma_q_ctx[tc]);
vsi_ctx->rdma_q_ctx[tc] = q_ctx;
vsi_ctx->num_rdma_q_entries[tc] = new_numqs;
}
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_dev.c
3 issues
Line: 969
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!test_bit(QED_MF_LLH_MAC_CLSS, &cdev->mf_bits))
goto out;
memcpy(filter.mac.addr, mac_addr, ETH_ALEN);
rc = qed_llh_shadow_add_filter(cdev, ppfid,
QED_LLH_FILTER_TYPE_MAC,
&filter, &filter_idx, &ref_cnt);
if (rc)
goto err;
Reported by FlawFinder.
Line: 2398
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Read shadow of current MFW mailbox */
qed_mcp_read_mb(p_hwfn, p_hwfn->p_main_ptt);
memcpy(p_hwfn->mcp_info->mfw_mb_shadow,
p_hwfn->mcp_info->mfw_mb_cur,
p_hwfn->mcp_info->mfw_mb_length);
qed_int_setup(p_hwfn, p_hwfn->p_main_ptt);
Reported by FlawFinder.
Line: 2973
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
/* Read shadow of current MFW mailbox */
qed_mcp_read_mb(p_hwfn, p_main_ptt);
memcpy(p_hwfn->mcp_info->mfw_mb_shadow,
p_hwfn->mcp_info->mfw_mb_cur, p_hwfn->mcp_info->mfw_mb_length);
}
static void
qed_fill_load_req_params(struct qed_load_req_params *p_load_req,
Reported by FlawFinder.
drivers/net/wireless/ath/ath6kl/htc_mbox.c
3 issues
Line: 1707
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lk_ahd->pre_valid, lk_ahd->post_valid);
/* look ahead bytes are valid, copy them over */
memcpy((u8 *)&next_lk_ahds[0], lk_ahd->lk_ahd, 4);
ath6kl_dbg_dump(ATH6KL_DBG_HTC,
"htc rx next look ahead",
"", next_lk_ahds, 4);
Reported by FlawFinder.
Line: 1733
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"", record_buf, record->len);
for (i = 0; i < len; i++) {
memcpy((u8 *)&next_lk_ahds[i],
bundle_lkahd_rpt->lk_ahd, 4);
bundle_lkahd_rpt++;
}
*n_lk_ahds = i;
Reported by FlawFinder.
Line: 1821
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
payload_len = le16_to_cpu(get_unaligned(&htc_hdr->payld_len));
memcpy((u8 *)&lk_ahd, packet->buf, sizeof(lk_ahd));
if (packet->info.rx.rx_flags & HTC_RX_PKT_REFRESH_HDR) {
/*
* Refresh the expected header and the actual length as it
* was unknown when this packet was grabbed as part of the
Reported by FlawFinder.
drivers/net/ethernet/fealnx.c
3 issues
Line: 411
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* MII transceiver section. */
int mii_cnt; /* MII device addresses. */
unsigned char phys[2]; /* MII device addresses. */
struct mii_if_info mii;
void __iomem *mem;
};
Reported by FlawFinder.
Line: 478
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct netdev_private *np;
int i, option, err, irq;
static int card_idx = -1;
char boardname[12];
void __iomem *ioaddr;
unsigned long len;
unsigned int chip_id = ent->driver_data;
struct net_device *dev;
void *ring_space;
Reported by FlawFinder.
Line: 492
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#endif
card_idx++;
sprintf(boardname, "fealnx%d", card_idx);
option = card_idx < MAX_UNITS ? options[card_idx] : 0;
i = pci_enable_device(pdev);
if (i) return i;
Reported by FlawFinder.
drivers/net/ethernet/qlogic/qed/qed_mng_tlv.c
3 issues
Line: 1234
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = min_t(int, len, 4 * tlv.tlv_length);
tlv.tlv_flags |= QED_DRV_TLV_FLAGS_CHANGED;
TLV_FLAGS(p_tlv) = tlv.tlv_flags;
memcpy(p_mfw_buf + offset + sizeof(tlv),
buffer.p_val, len);
}
}
vfree(p_tlv_data);
Reported by FlawFinder.
Line: 1280
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (offset = 0; offset < size; offset += sizeof(u32)) {
val = qed_rd(p_hwfn, p_ptt, addr + offset);
val = be32_to_cpu((__force __be32)val);
memcpy(&p_mfw_buf[offset], &val, sizeof(u32));
}
/* Parse the headers to enumerate the requested TLV groups */
for (offset = 0; offset < size;
offset += sizeof(tlv) + sizeof(u32) * tlv.tlv_length) {
Reported by FlawFinder.
Line: 1328
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* converted to big endian as required by mcp-write.
*/
for (offset = 0; offset < size; offset += sizeof(u32)) {
memcpy(&val, &p_mfw_buf[offset], sizeof(u32));
val = (__force u32)cpu_to_be32(val);
qed_wr(p_hwfn, p_ptt, addr + offset, val);
}
drv_done:
Reported by FlawFinder.
drivers/net/wireless/ath/ath11k/trace.h
3 issues
Line: 42
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__assign_str(driver, dev_driver_string(ar->ab->dev));
__entry->buf_len = buf_len;
__entry->pktlog_checksum = pktlog_checksum;
memcpy(__get_dynamic_array(pktlog), buf, buf_len);
),
TP_printk(
"%s %s size %u pktlog_checksum %d",
__get_str(driver),
Reported by FlawFinder.
Line: 70
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__assign_str(device, dev_name(ar->ab->dev));
__assign_str(driver, dev_driver_string(ar->ab->dev));
__entry->len = len;
memcpy(__get_dynamic_array(ppdu), data, len);
),
TP_printk(
"%s %s ppdu len %d",
__get_str(driver),
Reported by FlawFinder.
Line: 97
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__assign_str(device, dev_name(ar->ab->dev));
__assign_str(driver, dev_driver_string(ar->ab->dev));
__entry->len = len;
memcpy(__get_dynamic_array(rxdesc), data, len);
),
TP_printk(
"%s %s rxdesc len %d",
__get_str(driver),
Reported by FlawFinder.
drivers/net/ethernet/huawei/hinic/hinic_hw_mbox.c
3 issues
Line: 455
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
pos = seq_id * MBOX_SEG_LEN;
memcpy((u8 *)recv_mbox->mbox + pos, mbox_body,
HINIC_MBOX_HEADER_GET(mbox_header, SEG_LEN));
if (!HINIC_MBOX_HEADER_GET(mbox_header, LAST))
return;
Reported by FlawFinder.
Line: 692
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* The mbox message should be aligned in 4 bytes. */
if (seg_len % chk_sz) {
memcpy(mbox_max_buf, seg, seg_len);
data = (u32 *)mbox_max_buf;
}
data_len = seg_len;
idx_max = ALIGN(data_len, chk_sz) / chk_sz;
Reported by FlawFinder.
Line: 995
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (mbox_for_resp->mbox_len)
memcpy(buf_out, mbox_for_resp->mbox,
mbox_for_resp->mbox_len);
*out_size = mbox_for_resp->mbox_len;
}
Reported by FlawFinder.
drivers/net/ethernet/intel/ice/ice_nvm.c
3 issues
Line: 214
Column: 64
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* This function will request NVM ownership.
*/
enum ice_status
ice_acquire_nvm(struct ice_hw *hw, enum ice_aq_res_access_type access)
{
if (hw->flash.blank_nvm_mode)
return 0;
return ice_acquire_res(hw, ICE_NVM_RES_ID, access, ICE_NVM_TIMEOUT);
Reported by FlawFinder.
Line: 219
Column: 45
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (hw->flash.blank_nvm_mode)
return 0;
return ice_acquire_res(hw, ICE_NVM_RES_ID, access, ICE_NVM_TIMEOUT);
}
/**
* ice_release_nvm - Generic request for releasing the NVM ownership
* @hw: pointer to the HW structure
Reported by FlawFinder.
Line: 648
CWE codes:
758
/* Verify that the simple checksum is zero */
for (i = 0; i < sizeof(tmp); i++)
/* cppcheck-suppress objectIndex */
sum += ((u8 *)&tmp)[i];
if (sum) {
ice_debug(hw, ICE_DBG_NVM, "Found CIVD data with invalid checksum of %u\n",
sum);
return ICE_ERR_NVM;
Reported by Cppcheck.
drivers/net/ethernet/qlogic/qlcnic/qlcnic.h
3 issues
Line: 602
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int irq;
dma_addr_t phys_addr;
char name[IFNAMSIZ + 12];
} ____cacheline_internodealigned_in_smp;
struct qlcnic_tx_queue_stats {
u64 xmit_on;
u64 xmit_off;
Reported by FlawFinder.
Line: 616
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct qlcnic_host_tx_ring {
int irq;
void __iomem *crb_intr_mask;
char name[IFNAMSIZ + 12];
u16 ctx_id;
u32 state;
u32 producer;
u32 sw_consumer;
Reported by FlawFinder.
Line: 1719
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short device;
unsigned short sub_vendor;
unsigned short sub_device;
char short_name[QLCNIC_MAX_BOARD_NAME_LEN];
};
static inline u32 qlcnic_tx_avail(struct qlcnic_host_tx_ring *tx_ring)
{
if (likely(tx_ring->producer < tx_ring->sw_consumer))
Reported by FlawFinder.