The following issues were found
include/sound/timer.h
3 issues
Line: 48
Column: 8
CWE codes:
362
unsigned long resolution_max; /* maximal resolution */
unsigned long ticks; /* max timer ticks per interrupt */
/* -- low-level functions -- */
int (*open) (struct snd_timer * timer);
int (*close) (struct snd_timer * timer);
unsigned long (*c_resolution) (struct snd_timer * timer);
int (*start) (struct snd_timer * timer);
int (*stop) (struct snd_timer * timer);
int (*set_period) (struct snd_timer * timer, unsigned long period_num, unsigned long period_den);
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct module *module;
int tmr_device;
int tmr_subdevice;
char id[64];
char name[80];
unsigned int flags;
int running; /* running instances */
unsigned long sticks; /* schedule ticks */
void *private_data;
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int tmr_device;
int tmr_subdevice;
char id[64];
char name[80];
unsigned int flags;
int running; /* running instances */
unsigned long sticks; /* schedule ticks */
void *private_data;
void (*private_free) (struct snd_timer *timer);
Reported by FlawFinder.
include/sound/wavefront.h
3 issues
Line: 567
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct wavefront_control {
int cmd; /* WFC_* */
char status; /* return status to user-space */
unsigned char rbuf[WF_MAX_READ]; /* bytes read from card */
unsigned char wbuf[WF_MAX_WRITE]; /* bytes written to card */
} wavefront_control;
#define WFCTL_WFCMD 0x1
#define WFCTL_LOAD_SPP 0x2
Reported by FlawFinder.
Line: 568
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cmd; /* WFC_* */
char status; /* return status to user-space */
unsigned char rbuf[WF_MAX_READ]; /* bytes read from card */
unsigned char wbuf[WF_MAX_WRITE]; /* bytes written to card */
} wavefront_control;
#define WFCTL_WFCMD 0x1
#define WFCTL_LOAD_SPP 0x2
Reported by FlawFinder.
Line: 17
Column: 44
CWE codes:
120
20
it is necessary to pack the "wavefront_alias" structure to a size
of 22 bytes, corresponding to 16-bit alignment (as would have been
the case on the original platform, MS-DOS). If this is not done,
then WavePatch-format files cannot be read/written correctly.
The method used to do this here ("__attribute__((packed)") is
completely compiler dependent.
All other wavefront_* types end up aligned to 32 bit values and
still have the same (correct) size.
Reported by FlawFinder.
include/sound/wss.h
3 issues
Line: 87
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_pcm_substream *capture_substream;
struct snd_timer *timer;
unsigned char image[32]; /* registers image */
unsigned char eimage[32]; /* extended registers image */
unsigned char cimage[16]; /* control registers image */
int mce_bit;
int calibrate_mute;
int sw_3d_bit;
Reported by FlawFinder.
Line: 88
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_timer *timer;
unsigned char image[32]; /* registers image */
unsigned char eimage[32]; /* extended registers image */
unsigned char cimage[16]; /* control registers image */
int mce_bit;
int calibrate_mute;
int sw_3d_bit;
unsigned int p_dma_size;
Reported by FlawFinder.
Line: 89
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char image[32]; /* registers image */
unsigned char eimage[32]; /* extended registers image */
unsigned char cimage[16]; /* control registers image */
int mce_bit;
int calibrate_mute;
int sw_3d_bit;
unsigned int p_dma_size;
unsigned int c_dma_size;
Reported by FlawFinder.
include/target/target_core_backend.h
3 issues
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct scatterlist;
struct target_backend_ops {
char name[16];
char inquiry_prod[16];
char inquiry_rev[4];
struct module *owner;
u8 transport_flags_default;
Reported by FlawFinder.
Line: 22
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct target_backend_ops {
char name[16];
char inquiry_prod[16];
char inquiry_rev[4];
struct module *owner;
u8 transport_flags_default;
u8 transport_flags_changeable;
Reported by FlawFinder.
Line: 23
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct target_backend_ops {
char name[16];
char inquiry_prod[16];
char inquiry_rev[4];
struct module *owner;
u8 transport_flags_default;
u8 transport_flags_changeable;
Reported by FlawFinder.
include/trace/events/fscache.h
3 issues
Line: 236
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->p_usage = atomic_read(&cookie->parent->usage);
__entry->p_n_children = atomic_read(&cookie->parent->n_children);
__entry->p_flags = cookie->parent->flags;
memcpy(__entry->name, cookie->def->name, 8);
__entry->name[7] = 0;
),
TP_printk("c=%p p=%p pu=%d pc=%d pf=%02x n=%s",
__entry->cookie, __entry->parent, __entry->p_usage,
Reported by FlawFinder.
Line: 350
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->wait = wait;
__entry->oob = oob;
__entry->event_num = event_num;
memcpy(__entry->state, state->short_name, 8);
),
TP_printk("c=%p o=%p %s %s%sev=%d",
__entry->cookie,
__entry->object,
Reported by FlawFinder.
Line: 208
Column: 7
CWE codes:
120
TP_fast_assign(
__entry->cookie = netfs->primary_index;
strncpy(__entry->name, netfs->name, 8);
__entry->name[7] = 0;
),
TP_printk("c=%p n=%s",
__entry->cookie, __entry->name)
Reported by FlawFinder.
include/trace/events/lock.h
3 issues
Line: 16
Column: 20
CWE codes:
120
20
TRACE_EVENT(lock_acquire,
TP_PROTO(struct lockdep_map *lock, unsigned int subclass,
int trylock, int read, int check,
struct lockdep_map *next_lock, unsigned long ip),
TP_ARGS(lock, subclass, trylock, read, check, next_lock, ip),
TP_STRUCT__entry(
Reported by FlawFinder.
Line: 19
Column: 35
CWE codes:
120
20
int trylock, int read, int check,
struct lockdep_map *next_lock, unsigned long ip),
TP_ARGS(lock, subclass, trylock, read, check, next_lock, ip),
TP_STRUCT__entry(
__field(unsigned int, flags)
__string(name, lock->name)
__field(void *, lockdep_addr)
Reported by FlawFinder.
Line: 28
Column: 41
CWE codes:
120
20
),
TP_fast_assign(
__entry->flags = (trylock ? 1 : 0) | (read ? 2 : 0);
__assign_str(name, lock->name);
__entry->lockdep_addr = lock;
),
TP_printk("%p %s%s%s", __entry->lockdep_addr,
Reported by FlawFinder.
include/trace/events/neigh.h
3 issues
Line: 108
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->family = n->tbl->family;
__assign_str(dev, (n->dev ? n->dev->name : "NULL"));
__entry->lladdr_len = lladdr_len;
memcpy(__entry->lladdr, n->ha, lladdr_len);
__entry->flags = n->flags;
__entry->nud_state = n->nud_state;
__entry->type = n->type;
__entry->dead = n->dead;
__entry->refcnt = refcount_read(&n->refcnt);
Reported by FlawFinder.
Line: 135
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->updated = n->updated;
__entry->used = n->used;
if (lladdr)
memcpy(__entry->new_lladdr, lladdr, lladdr_len);
__entry->new_state = new;
__entry->update_flags = flags;
__entry->pid = nlmsg_pid;
),
Reported by FlawFinder.
Line: 185
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->family = n->tbl->family;
__assign_str(dev, (n->dev ? n->dev->name : "NULL"));
__entry->lladdr_len = lladdr_len;
memcpy(__entry->lladdr, n->ha, lladdr_len);
__entry->flags = n->flags;
__entry->nud_state = n->nud_state;
__entry->type = n->type;
__entry->dead = n->dead;
__entry->refcnt = refcount_read(&n->refcnt);
Reported by FlawFinder.
include/trace/events/scsi.h
3 issues
Line: 185
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->data_sglen = scsi_sg_count(cmd);
__entry->prot_sglen = scsi_prot_sg_count(cmd);
__entry->prot_op = scsi_get_prot_op(cmd);
memcpy(__get_dynamic_array(cmnd), cmd->cmnd, cmd->cmd_len);
),
TP_printk("host_no=%u channel=%u id=%u lun=%u data_sgl=%u prot_sgl=%u" \
" prot_op=%s cmnd=(%s %s raw=%s)",
__entry->host_no, __entry->channel, __entry->id,
Reported by FlawFinder.
Line: 229
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->data_sglen = scsi_sg_count(cmd);
__entry->prot_sglen = scsi_prot_sg_count(cmd);
__entry->prot_op = scsi_get_prot_op(cmd);
memcpy(__get_dynamic_array(cmnd), cmd->cmnd, cmd->cmd_len);
),
TP_printk("host_no=%u channel=%u id=%u lun=%u data_sgl=%u prot_sgl=%u" \
" prot_op=%s cmnd=(%s %s raw=%s) rtn=%d",
__entry->host_no, __entry->channel, __entry->id,
Reported by FlawFinder.
Line: 274
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->data_sglen = scsi_sg_count(cmd);
__entry->prot_sglen = scsi_prot_sg_count(cmd);
__entry->prot_op = scsi_get_prot_op(cmd);
memcpy(__get_dynamic_array(cmnd), cmd->cmnd, cmd->cmd_len);
),
TP_printk("host_no=%u channel=%u id=%u lun=%u data_sgl=%u " \
"prot_sgl=%u prot_op=%s cmnd=(%s %s raw=%s) result=(driver=" \
"%s host=%s message=%s status=%s)",
Reported by FlawFinder.
include/trace/events/target.h
3 issues
Line: 156
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->data_length = cmd->data_length;
__entry->task_attribute = cmd->sam_task_attr;
__entry->control = scsi_command_control(cmd->t_task_cdb);
memcpy(__entry->cdb, cmd->t_task_cdb, TCM_MAX_COMMAND_SIZE);
__assign_str(initiator, cmd->se_sess->se_node_acl->initiatorname);
),
TP_printk("%s -> LUN %03u tag %#llx %s data_length %6u CDB %s (TA:%s C:%02x)",
__get_str(initiator), __entry->unpacked_lun,
Reported by FlawFinder.
Line: 199
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->scsi_status = cmd->scsi_status;
__entry->sense_length = cmd->scsi_status == SAM_STAT_CHECK_CONDITION ?
min(18, ((u8 *) cmd->sense_buffer)[SPC_ADD_SENSE_LEN_OFFSET] + 8) : 0;
memcpy(__entry->cdb, cmd->t_task_cdb, TCM_MAX_COMMAND_SIZE);
memcpy(__entry->sense_data, cmd->sense_buffer, __entry->sense_length);
__assign_str(initiator, cmd->se_sess->se_node_acl->initiatorname);
),
TP_printk("%s <- LUN %03u tag %#llx status %s (sense len %d%s%s) %s data_length %6u CDB %s (TA:%s C:%02x)",
Reported by FlawFinder.
Line: 200
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->sense_length = cmd->scsi_status == SAM_STAT_CHECK_CONDITION ?
min(18, ((u8 *) cmd->sense_buffer)[SPC_ADD_SENSE_LEN_OFFSET] + 8) : 0;
memcpy(__entry->cdb, cmd->t_task_cdb, TCM_MAX_COMMAND_SIZE);
memcpy(__entry->sense_data, cmd->sense_buffer, __entry->sense_length);
__assign_str(initiator, cmd->se_sess->se_node_acl->initiatorname);
),
TP_printk("%s <- LUN %03u tag %#llx status %s (sense len %d%s%s) %s data_length %6u CDB %s (TA:%s C:%02x)",
__get_str(initiator), __entry->unpacked_lun,
Reported by FlawFinder.
include/uapi/drm/drm_mode.h
3 issues
Line: 259
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 flags;
__u32 type;
char name[DRM_DISPLAY_MODE_LEN];
};
struct drm_mode_card_res {
__u64 fb_id_ptr;
__u64 crtc_id_ptr;
Reported by FlawFinder.
Line: 514
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct drm_mode_property_enum {
__u64 value;
char name[DRM_PROP_NAME_LEN];
};
struct drm_mode_get_property {
__u64 values_ptr; /* values and blob lengths */
__u64 enum_blob_ptr; /* enum and blob id ptrs */
Reported by FlawFinder.
Line: 523
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 prop_id;
__u32 flags;
char name[DRM_PROP_NAME_LEN];
__u32 count_values;
/* This is only used to count enum values, not blobs. The _blobs is
* simply because of a historical reason, i.e. backwards compat. */
__u32 count_enum_blobs;
Reported by FlawFinder.