The following issues were found
drivers/net/wireless/broadcom/brcm80211/brcmsmac/rate.c
3 issues
Line: 395
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void brcms_c_rateset_copy(const struct brcms_c_rateset *src,
struct brcms_c_rateset *dst)
{
memcpy(dst, src, sizeof(struct brcms_c_rateset));
}
/*
* Copy and selectively filter one rateset to another.
* 'basic_only' means only copy basic rates.
Reported by FlawFinder.
Line: 432
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst->htphy_membership = src->htphy_membership;
if (mcsallow && rates != BRCMS_RATES_CCK)
memcpy(&dst->mcs[0], &src->mcs[0], MCSSET_LEN);
else
brcms_c_rateset_mcs_clear(dst);
}
/* select rateset for a given phy_type and bandtype and filter it, sort it
Reported by FlawFinder.
Line: 503
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void brcms_c_rateset_mcs_build(struct brcms_c_rateset *rateset, u8 txstreams)
{
memcpy(&rateset->mcs[0], &cck_ofdm_mimo_rates.mcs[0], MCSSET_LEN);
brcms_c_rateset_mcs_upd(rateset, txstreams);
}
/* Based on bandwidth passed, allow/disallow MCS 32 in the rateset */
void brcms_c_rateset_bw_mcs_filter(struct brcms_c_rateset *rateset, u8 bw)
Reported by FlawFinder.
drivers/net/ethernet/freescale/ucc_geth_ethtool.c
3 issues
Line: 288
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 stats_mode = ugeth->ug_info->statisticsMode;
if (stats_mode & UCC_GETH_STATISTICS_GATHERING_MODE_HARDWARE) {
memcpy(buf, hw_stat_gstrings, UEC_HW_STATS_LEN *
ETH_GSTRING_LEN);
buf += UEC_HW_STATS_LEN * ETH_GSTRING_LEN;
}
if (stats_mode & UCC_GETH_STATISTICS_GATHERING_MODE_FIRMWARE_TX) {
memcpy(buf, tx_fw_stat_gstrings, UEC_TX_FW_STATS_LEN *
Reported by FlawFinder.
Line: 293
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += UEC_HW_STATS_LEN * ETH_GSTRING_LEN;
}
if (stats_mode & UCC_GETH_STATISTICS_GATHERING_MODE_FIRMWARE_TX) {
memcpy(buf, tx_fw_stat_gstrings, UEC_TX_FW_STATS_LEN *
ETH_GSTRING_LEN);
buf += UEC_TX_FW_STATS_LEN * ETH_GSTRING_LEN;
}
if (stats_mode & UCC_GETH_STATISTICS_GATHERING_MODE_FIRMWARE_RX)
memcpy(buf, rx_fw_stat_gstrings, UEC_RX_FW_STATS_LEN *
Reported by FlawFinder.
Line: 298
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += UEC_TX_FW_STATS_LEN * ETH_GSTRING_LEN;
}
if (stats_mode & UCC_GETH_STATISTICS_GATHERING_MODE_FIRMWARE_RX)
memcpy(buf, rx_fw_stat_gstrings, UEC_RX_FW_STATS_LEN *
ETH_GSTRING_LEN);
}
static void uec_get_ethtool_stats(struct net_device *netdev,
struct ethtool_stats *stats, uint64_t *data)
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmsmac/main.h
3 issues
Line: 283
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* module control blocks */
struct modulecb {
/* module name : NULL indicates empty array member */
char name[32];
/* handle passed when handler 'doiovar' is called */
struct brcms_info *hdl;
int (*down_fn)(void *handle); /* down handler. Note: the int returned
* by the down function is a count of the
Reported by FlawFinder.
Line: 531
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 mc_fid_counter;
char country_default[BRCM_CNTRY_BUF_SZ];
char autocountry_default[BRCM_CNTRY_BUF_SZ];
u16 prb_resp_timeout;
u16 home_chanspec;
Reported by FlawFinder.
Line: 532
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 mc_fid_counter;
char country_default[BRCM_CNTRY_BUF_SZ];
char autocountry_default[BRCM_CNTRY_BUF_SZ];
u16 prb_resp_timeout;
u16 home_chanspec;
/* PHY parameters */
Reported by FlawFinder.
drivers/net/ethernet/ibm/ehea/ehea.h
3 issues
Line: 347
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ehea_mr send_mr; /* send memory region */
struct ehea_mr recv_mr; /* receive memory region */
struct ehea_port *port;
char int_recv_name[EHEA_IRQ_NAME_SIZE];
char int_send_name[EHEA_IRQ_NAME_SIZE];
struct ehea_qp *qp;
struct ehea_cq *send_cq;
struct ehea_cq *recv_cq;
struct ehea_eq *eq;
Reported by FlawFinder.
Line: 348
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ehea_mr recv_mr; /* receive memory region */
struct ehea_port *port;
char int_recv_name[EHEA_IRQ_NAME_SIZE];
char int_send_name[EHEA_IRQ_NAME_SIZE];
struct ehea_qp *qp;
struct ehea_cq *send_cq;
struct ehea_cq *recv_cq;
struct ehea_eq *eq;
struct ehea_q_skb_arr rq1_skba;
Reported by FlawFinder.
Line: 438
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct work_struct reset_task;
struct delayed_work stats_work;
struct mutex port_lock;
char int_aff_name[EHEA_IRQ_NAME_SIZE];
int allmulti; /* Indicates IFF_ALLMULTI state */
int promisc; /* Indicates IFF_PROMISC state */
int num_mcs;
int resets;
unsigned long flags;
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/coredump.h
3 issues
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* dump file information */
/* "ATH10K-FW-DUMP" */
char df_magic[16];
__le32 len;
/* file dump version */
__le32 version;
Reported by FlawFinder.
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le32 num_rf_chains;
/* firmware version string */
char fw_ver[ETHTOOL_FWVERS_LEN];
/* Kernel related information */
/* time-of-day stamp */
__le64 tv_sec;
Reported by FlawFinder.
Line: 85
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__le32 kernel_ver_code;
/* VERMAGIC_STRING */
char kernel_ver[64];
/* room for growth w/out changing binary format */
u8 unused[128];
/* struct ath10k_tlv_dump_data + more */
Reported by FlawFinder.
drivers/net/wireless/broadcom/brcm80211/brcmsmac/debug.c
3 issues
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct brcms_hardware *hw = drvr->wlc->hw;
struct bcma_device *core = hw->d11core;
struct bcma_bus *bus = core->bus;
char boardrev[BRCMU_BOARDREV_LEN];
seq_printf(s, "chipnum 0x%x\n"
"chiprev 0x%x\n"
"chippackage 0x%x\n"
"corerev 0x%x\n"
Reported by FlawFinder.
Line: 170
Column: 8
CWE codes:
120
20
}
struct brcms_debugfs_entry {
int (*read)(struct seq_file *seq, void *data);
struct brcms_pub *drvr;
};
static int brcms_debugfs_entry_open(struct inode *inode, struct file *f)
{
Reported by FlawFinder.
Line: 178
Column: 31
CWE codes:
120
20
{
struct brcms_debugfs_entry *entry = inode->i_private;
return single_open(f, entry->read, entry->drvr);
}
static const struct file_operations brcms_debugfs_def_ops = {
.owner = THIS_MODULE,
.open = brcms_debugfs_entry_open,
Reported by FlawFinder.
include/uapi/linux/if.h
3 issues
Line: 238
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IFHWADDRLEN 6
union
{
char ifrn_name[IFNAMSIZ]; /* if name, e.g. "en0" */
} ifr_ifrn;
union {
struct sockaddr ifru_addr;
struct sockaddr ifru_dstaddr;
Reported by FlawFinder.
Line: 251
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ifru_ivalue;
int ifru_mtu;
struct ifmap ifru_map;
char ifru_slave[IFNAMSIZ]; /* Just fits the size */
char ifru_newname[IFNAMSIZ];
void __user * ifru_data;
struct if_settings ifru_settings;
} ifr_ifru;
};
Reported by FlawFinder.
Line: 252
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ifru_mtu;
struct ifmap ifru_map;
char ifru_slave[IFNAMSIZ]; /* Just fits the size */
char ifru_newname[IFNAMSIZ];
void __user * ifru_data;
struct if_settings ifru_settings;
} ifr_ifru;
};
#endif /* __UAPI_DEF_IF_IFREQ */
Reported by FlawFinder.
include/linux/sunrpc/svc_xprt.h
3 issues
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t xpt_locallen; /* length of address */
struct sockaddr_storage xpt_remote; /* remote peer's address */
size_t xpt_remotelen; /* length of address */
char xpt_remotebuf[INET6_ADDRSTRLEN + 10];
struct list_head xpt_users; /* callbacks on free */
struct net *xpt_net;
const struct cred *xpt_cred;
struct rpc_xprt *xpt_bc_xprt; /* NFSv4.1 backchannel */
Reported by FlawFinder.
Line: 157
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct sockaddr *sa,
const size_t salen)
{
memcpy(&xprt->xpt_local, sa, salen);
xprt->xpt_locallen = salen;
}
static inline void svc_xprt_set_remote(struct svc_xprt *xprt,
const struct sockaddr *sa,
const size_t salen)
Reported by FlawFinder.
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct sockaddr *sa,
const size_t salen)
{
memcpy(&xprt->xpt_remote, sa, salen);
xprt->xpt_remotelen = salen;
snprintf(xprt->xpt_remotebuf, sizeof(xprt->xpt_remotebuf) - 1,
"%pISpc", sa);
}
Reported by FlawFinder.
include/linux/thermal.h
3 issues
Line: 148
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct thermal_zone_device {
int id;
char type[THERMAL_NAME_LENGTH];
struct device device;
struct attribute_group trips_attribute_group;
struct thermal_attr *trip_temp_attrs;
struct thermal_attr *trip_type_attrs;
struct thermal_attr *trip_hyst_attrs;
Reported by FlawFinder.
Line: 192
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @governor_list: node in thermal_governor_list (in thermal_core.c)
*/
struct thermal_governor {
char name[THERMAL_NAME_LENGTH];
int (*bind_to_tz)(struct thermal_zone_device *tz);
void (*unbind_from_tz)(struct thermal_zone_device *tz);
int (*throttle)(struct thermal_zone_device *tz, int trip);
struct list_head governor_list;
};
Reported by FlawFinder.
Line: 236
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Structure to define Thermal Zone parameters */
struct thermal_zone_params {
char governor_name[THERMAL_NAME_LENGTH];
/*
* a boolean to indicate if the thermal to hwmon sysfs interface
* is required. when no_hwmon == false, a hwmon sysfs interface
* will be created. when no_hwmon == true, nothing will be done
Reported by FlawFinder.
include/linux/ti_wilink_st.h
3 issues
Line: 250
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long uim_pid;
struct platform_device *kim_pdev;
struct completion kim_rcvd, ldisc_installed;
char resp_buffer[30];
const struct firmware *fw_entry;
unsigned nshutdown;
unsigned long rx_state;
unsigned long rx_count;
struct sk_buff *rx_skb;
Reported by FlawFinder.
Line: 259
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct st_data_s *core_data;
struct chip_version version;
unsigned char ldisc_install;
unsigned char dev_name[UART_DEV_NAME_LEN + 1];
unsigned flow_cntrl;
unsigned baud_rate;
};
/**
Reported by FlawFinder.
Line: 428
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct ti_st_plat_data {
u32 nshutdown_gpio;
unsigned char dev_name[UART_DEV_NAME_LEN]; /* uart name */
u32 flow_cntrl; /* flow control flag */
u32 baud_rate;
int (*suspend)(struct platform_device *, pm_message_t);
int (*resume)(struct platform_device *);
int (*chip_enable) (struct kim_data_s *);
Reported by FlawFinder.