The following issues were found
drivers/staging/rtl8188eu/core/rtw_recv.c
21 issues
Line: 360
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (auth_alg == 2) {
/* get ether_type */
ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE + pfhdr->attrib.iv_len;
memcpy(&be_tmp, ptr, 2);
ether_type = ntohs(be_tmp);
if (psta && (psta->ieee8021x_blocked)) {
/* blocked */
/* only accept EAPOL frame */
Reported by FlawFinder.
Line: 906
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto exit;
}
memcpy(pattrib->dst, pda, ETH_ALEN);
memcpy(pattrib->src, psa, ETH_ALEN);
memcpy(pattrib->bssid, pbssid, ETH_ALEN);
switch (pattrib->to_fr_ds) {
Reported by FlawFinder.
Line: 907
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(pattrib->dst, pda, ETH_ALEN);
memcpy(pattrib->src, psa, ETH_ALEN);
memcpy(pattrib->bssid, pbssid, ETH_ALEN);
switch (pattrib->to_fr_ds) {
case 0:
Reported by FlawFinder.
Line: 909
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->dst, pda, ETH_ALEN);
memcpy(pattrib->src, psa, ETH_ALEN);
memcpy(pattrib->bssid, pbssid, ETH_ALEN);
switch (pattrib->to_fr_ds) {
case 0:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
Reported by FlawFinder.
Line: 913
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (pattrib->to_fr_ds) {
case 0:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2sta_data_frame(adapter, precv_frame, &psta);
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
Reported by FlawFinder.
Line: 914
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (pattrib->to_fr_ds) {
case 0:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2sta_data_frame(adapter, precv_frame, &psta);
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, pbssid, ETH_ALEN);
Reported by FlawFinder.
Line: 918
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = sta2sta_data_frame(adapter, precv_frame, &psta);
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, pbssid, ETH_ALEN);
ret = ap2sta_data_frame(adapter, precv_frame, &psta);
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
Reported by FlawFinder.
Line: 919
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 1:
memcpy(pattrib->ra, pda, ETH_ALEN);
memcpy(pattrib->ta, pbssid, ETH_ALEN);
ret = ap2sta_data_frame(adapter, precv_frame, &psta);
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
Reported by FlawFinder.
Line: 923
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = ap2sta_data_frame(adapter, precv_frame, &psta);
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2ap_data_frame(adapter, precv_frame, &psta);
break;
case 3:
memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
Reported by FlawFinder.
Line: 924
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 2:
memcpy(pattrib->ra, pbssid, ETH_ALEN);
memcpy(pattrib->ta, psa, ETH_ALEN);
ret = sta2ap_data_frame(adapter, precv_frame, &psta);
break;
case 3:
memcpy(pattrib->ra, GetAddr1Ptr(ptr), ETH_ALEN);
memcpy(pattrib->ta, GetAddr2Ptr(ptr), ETH_ALEN);
Reported by FlawFinder.
fs/btrfs/volumes.c
21 issues
Line: 4057
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_NOARG(a) \
do { \
ret = snprintf(bp, size_bp, (a)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 4066
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_1ARG(a, v1) \
do { \
ret = snprintf(bp, size_bp, (a), (v1)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 4075
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_2ARG(a, v1, v2) \
do { \
ret = snprintf(bp, size_bp, (a), (v1), (v2)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 4154
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define CHECK_APPEND_1ARG(a, v1) \
do { \
ret = snprintf(bp, size_bp, (a), (v1)); \
if (ret < 0 || ret >= size_bp) \
goto out_overflow; \
size_bp -= ret; \
bp += ret; \
} while (0)
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
u32 size_bp = size_buf;
if (!flags) {
strcpy(bp, "NONE");
return;
}
#define DESCRIBE_FLAG(flag, desc) \
do { \
Reported by FlawFinder.
Line: 362
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
INIT_LIST_HEAD(&fs_devs->fs_list);
INIT_LIST_HEAD(&fs_devs->seed_list);
if (fsid)
memcpy(fs_devs->fsid, fsid, BTRFS_FSID_SIZE);
if (metadata_fsid)
memcpy(fs_devs->metadata_uuid, metadata_fsid, BTRFS_FSID_SIZE);
else if (fsid)
memcpy(fs_devs->metadata_uuid, fsid, BTRFS_FSID_SIZE);
Reported by FlawFinder.
Line: 365
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(fs_devs->fsid, fsid, BTRFS_FSID_SIZE);
if (metadata_fsid)
memcpy(fs_devs->metadata_uuid, metadata_fsid, BTRFS_FSID_SIZE);
else if (fsid)
memcpy(fs_devs->metadata_uuid, fsid, BTRFS_FSID_SIZE);
return fs_devs;
}
Reported by FlawFinder.
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (metadata_fsid)
memcpy(fs_devs->metadata_uuid, metadata_fsid, BTRFS_FSID_SIZE);
else if (fsid)
memcpy(fs_devs->metadata_uuid, fsid, BTRFS_FSID_SIZE);
return fs_devs;
}
void btrfs_free_device(struct btrfs_device *device)
Reported by FlawFinder.
Line: 836
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (fs_devices->fsid_change &&
found_transid > fs_devices->latest_generation) {
memcpy(fs_devices->fsid, disk_super->fsid,
BTRFS_FSID_SIZE);
if (has_metadata_uuid)
memcpy(fs_devices->metadata_uuid,
disk_super->metadata_uuid,
Reported by FlawFinder.
Line: 840
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BTRFS_FSID_SIZE);
if (has_metadata_uuid)
memcpy(fs_devices->metadata_uuid,
disk_super->metadata_uuid,
BTRFS_FSID_SIZE);
else
memcpy(fs_devices->metadata_uuid,
disk_super->fsid, BTRFS_FSID_SIZE);
Reported by FlawFinder.
drivers/staging/rtl8188eu/core/rtw_xmit.c
21 issues
Line: 407
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pattrib->ether_type = ntohs(etherhdr.h_proto);
memcpy(pattrib->dst, ðerhdr.h_dest, ETH_ALEN);
memcpy(pattrib->src, ðerhdr.h_source, ETH_ALEN);
pattrib->pctrl = 0;
if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
Reported by FlawFinder.
Line: 408
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pattrib->ether_type = ntohs(etherhdr.h_proto);
memcpy(pattrib->dst, ðerhdr.h_dest, ETH_ALEN);
memcpy(pattrib->src, ðerhdr.h_source, ETH_ALEN);
pattrib->pctrl = 0;
if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
Reported by FlawFinder.
Line: 414
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
Reported by FlawFinder.
Line: 415
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) ||
check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
Reported by FlawFinder.
Line: 417
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, get_bssid(pmlmepriv), ETH_ALEN);
}
Reported by FlawFinder.
Line: 418
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_STATION_STATE)) {
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, get_bssid(pmlmepriv), ETH_ALEN);
}
Reported by FlawFinder.
Line: 420
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->ra, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, get_bssid(pmlmepriv), ETH_ALEN);
}
pattrib->pktlen = pkt->len - ETH_HLEN;
Reported by FlawFinder.
Line: 421
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pattrib->ta, pattrib->src, ETH_ALEN);
} else if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
memcpy(pattrib->ra, pattrib->dst, ETH_ALEN);
memcpy(pattrib->ta, get_bssid(pmlmepriv), ETH_ALEN);
}
pattrib->pktlen = pkt->len - ETH_HLEN;
if (pattrib->ether_type == ETH_P_IP) {
Reported by FlawFinder.
Line: 649
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rtw_secgetmic(&micdata, &mic[0]);
/* add mic code and add the mic code length in last_txcmdsz */
memcpy(payload, &mic[0], 8);
pattrib->last_txcmdsz += 8;
payload -= pattrib->last_txcmdsz + 8;
}
}
Reported by FlawFinder.
Line: 715
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* to_ds = 1, fr_ds = 0; */
/* Data transfer to AP */
SetToDs(fctrl);
memcpy(pwlanhdr->addr1, get_bssid(pmlmepriv), ETH_ALEN);
memcpy(pwlanhdr->addr2, pattrib->src, ETH_ALEN);
memcpy(pwlanhdr->addr3, pattrib->dst, ETH_ALEN);
if (pqospriv->qos_option)
qos_option = true;
Reported by FlawFinder.
drivers/hwmon/it87.c
21 issues
Line: 1973
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
label = labels[nr];
return sprintf(buf, "%s\n", label);
}
static SENSOR_DEVICE_ATTR(in3_label, S_IRUGO, show_label, NULL, 0);
static SENSOR_DEVICE_ATTR(in7_label, S_IRUGO, show_label, NULL, 1);
static SENSOR_DEVICE_ATTR(in8_label, S_IRUGO, show_label, NULL, 2);
/* AVCC3 */
Reported by FlawFinder.
Line: 863
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int index = sattr->index;
int nr = sattr->nr;
return sprintf(buf, "%d\n", in_from_reg(data, nr, data->in[nr][index]));
}
static ssize_t set_in(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 951
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int index = sattr->index;
struct it87_data *data = it87_update_device(dev);
return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[nr][index]));
}
static ssize_t set_temp(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 1030
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if ((has_temp_peci(data, nr) && (reg >> 6 == nr + 1)) ||
(has_temp_old_peci(data, nr) && (extra & 0x80)))
return sprintf(buf, "6\n"); /* Intel PECI */
if (reg & (1 << nr))
return sprintf(buf, "3\n"); /* thermal diode */
if (reg & (8 << nr))
return sprintf(buf, "4\n"); /* thermistor */
return sprintf(buf, "0\n"); /* disabled */
Reported by FlawFinder.
Line: 1032
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(has_temp_old_peci(data, nr) && (extra & 0x80)))
return sprintf(buf, "6\n"); /* Intel PECI */
if (reg & (1 << nr))
return sprintf(buf, "3\n"); /* thermal diode */
if (reg & (8 << nr))
return sprintf(buf, "4\n"); /* thermistor */
return sprintf(buf, "0\n"); /* disabled */
}
Reported by FlawFinder.
Line: 1034
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (reg & (1 << nr))
return sprintf(buf, "3\n"); /* thermal diode */
if (reg & (8 << nr))
return sprintf(buf, "4\n"); /* thermistor */
return sprintf(buf, "0\n"); /* disabled */
}
static ssize_t set_temp_type(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
Line: 1035
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return sprintf(buf, "3\n"); /* thermal diode */
if (reg & (8 << nr))
return sprintf(buf, "4\n"); /* thermistor */
return sprintf(buf, "0\n"); /* disabled */
}
static ssize_t set_temp_type(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 1122
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
FAN16_FROM_REG(data->fan[nr][index]) :
FAN_FROM_REG(data->fan[nr][index],
DIV_FROM_REG(data->fan_div[nr]));
return sprintf(buf, "%d\n", speed);
}
static ssize_t show_fan_div(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 1132
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct it87_data *data = it87_update_device(dev);
int nr = sensor_attr->index;
return sprintf(buf, "%lu\n", DIV_FROM_REG(data->fan_div[nr]));
}
static ssize_t show_pwm_enable(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 1142
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct it87_data *data = it87_update_device(dev);
int nr = sensor_attr->index;
return sprintf(buf, "%d\n", pwm_mode(data, nr));
}
static ssize_t show_pwm(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
include/linux/mod_devicetable.h
21 issues
Line: 263
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Struct used for matching a device
*/
struct of_device_id {
char name[32];
char type[32];
char compatible[128];
const void *data;
};
Reported by FlawFinder.
Line: 264
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct of_device_id {
char name[32];
char type[32];
char compatible[128];
const void *data;
};
/* VIO */
Reported by FlawFinder.
Line: 265
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct of_device_id {
char name[32];
char type[32];
char compatible[128];
const void *data;
};
/* VIO */
struct vio_device_id {
Reported by FlawFinder.
Line: 271
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* VIO */
struct vio_device_id {
char type[32];
char compat[32];
};
/* PCMCIA */
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* VIO */
struct vio_device_id {
char type[32];
char compat[32];
};
/* PCMCIA */
struct pcmcia_device_id {
Reported by FlawFinder.
Line: 294
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 prod_id_hash[4];
/* not matched against in kernelspace */
const char * prod_id[4];
/* not matched against */
kernel_ulong_t driver_info;
char * cisfile;
};
Reported by FlawFinder.
Line: 371
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The EISA signature, in ASCII form, null terminated */
struct eisa_device_id {
char sig[EISA_SIG_LEN];
kernel_ulong_t driver_data;
};
#define EISA_DEVICE_MODALIAS_FMT "eisa:s%s"
Reported by FlawFinder.
Line: 449
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define RPMSG_DEVICE_MODALIAS_FMT "rpmsg:%s"
struct rpmsg_device_id {
char name[RPMSG_NAME_SIZE];
kernel_ulong_t driver_data;
};
/* i2c */
Reported by FlawFinder.
Line: 459
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define I2C_MODULE_PREFIX "i2c:"
struct i2c_device_id {
char name[I2C_NAME_SIZE];
kernel_ulong_t driver_data; /* Data private to the driver */
};
/* pci_epf */
Reported by FlawFinder.
Line: 469
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PCI_EPF_MODULE_PREFIX "pci_epf:"
struct pci_epf_device_id {
char name[PCI_EPF_NAME_SIZE];
kernel_ulong_t driver_data;
};
/* i3c */
Reported by FlawFinder.
drivers/net/ethernet/neterion/vxge/vxge-main.c
21 issues
Line: 4665
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
vxge_print_parm(vdev, vpath_mask);
/* Store the fw version for ethttool option */
strcpy(vdev->fw_version, ll_config->device_hw_info.fw_version.version);
memcpy(vdev->ndev->dev_addr, (u8 *)vdev->vpaths[0].macaddr, ETH_ALEN);
/* Copy the station mac address to the list */
for (i = 0; i < vdev->no_of_vpath; i++) {
entry = kzalloc(sizeof(struct vxge_mac_addrs), GFP_KERNEL);
Reported by FlawFinder.
Line: 470
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"%s: %s:%d skb_up = %p",
ring->ndev->name, __func__,
__LINE__, skb);
memcpy(skb_up->data, skb->data, pkt_length);
vxge_re_pre_post(dtr, ring, rx_priv);
vxge_post(&dtr_cnt, &first_dtr, dtr,
ringh);
Reported by FlawFinder.
Line: 687
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the new mac address to the list */
mac_address = (u8 *)&new_mac_entry->macaddr;
memcpy(mac_address, mac->macaddr, ETH_ALEN);
new_mac_entry->state = mac->state;
vpath->mac_addr_cnt++;
if (is_multicast_ether_addr(mac->macaddr))
Reported by FlawFinder.
Line: 735
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct vxge_vpath *vpath = NULL;
mac_address = (u8 *)&mac_addr;
memcpy(mac_address, mac_header, ETH_ALEN);
/* Is this mac address already in the list? */
for (vpath_idx = 0; vpath_idx < vdev->no_of_vpath; vpath_idx++) {
vpath = &vdev->vpaths[vpath_idx];
if (vxge_search_mac_addr_in_list(vpath, mac_addr))
Reported by FlawFinder.
Line: 745
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memset(&mac_info, 0, sizeof(struct macInfo));
memcpy(mac_info.macaddr, mac_header, ETH_ALEN);
/* Any vpath has room to add mac address to its da table? */
for (vpath_idx = 0; vpath_idx < vdev->no_of_vpath; vpath_idx++) {
vpath = &vdev->vpaths[vpath_idx];
if (vpath->mac_addr_cnt < vpath->max_mac_addr_cnt) {
Reported by FlawFinder.
Line: 1074
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *mac_address = (u8 *) (&del_mac);
/* Copy the mac address to delete from the list */
memcpy(mac_address, mac->macaddr, ETH_ALEN);
list_for_each_safe(entry, next, &vpath->mac_addr_list) {
if (((struct vxge_mac_addrs *)entry)->macaddr == del_mac) {
list_del(entry);
kfree(entry);
Reported by FlawFinder.
Line: 1200
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mac_entry = (struct vxge_mac_addrs *)entry;
/* Copy the mac address to delete */
mac_address = (u8 *)&mac_entry->macaddr;
memcpy(mac_info.macaddr, mac_address, ETH_ALEN);
if (is_multicast_ether_addr(mac_info.macaddr)) {
for (vpath_idx = 0; vpath_idx <
vdev->no_of_vpath;
vpath_idx++) {
Reported by FlawFinder.
Line: 1217
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Add new ones */
netdev_for_each_mc_addr(ha, dev) {
memcpy(mac_info.macaddr, ha->addr, ETH_ALEN);
for (vpath_idx = 0; vpath_idx < vdev->no_of_vpath;
vpath_idx++) {
mac_info.vpath_no = vpath_idx;
mac_info.state = VXGE_LL_MAC_ADDR_IN_DA_TABLE;
status = vxge_add_mac_addr(vdev, &mac_info);
Reported by FlawFinder.
Line: 1242
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mac_entry = (struct vxge_mac_addrs *)entry;
/* Copy the mac address to delete */
mac_address = (u8 *)&mac_entry->macaddr;
memcpy(mac_info.macaddr, mac_address, ETH_ALEN);
if (is_multicast_ether_addr(mac_info.macaddr))
break;
}
Reported by FlawFinder.
Line: 1304
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__func__, __LINE__);
/* Get the old address */
memcpy(mac_info_old.macaddr, dev->dev_addr, dev->addr_len);
/* Copy the new address */
memcpy(mac_info_new.macaddr, addr->sa_data, dev->addr_len);
/* First delete the old mac address from all the vpaths
Reported by FlawFinder.
drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h
21 issues
Line: 118
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{ \
int i = get_##type##_instance_id(kobj); \
if (i >= 0) \
return sprintf(buf, "%s\n", wmi_priv.type##_data[i].name); \
return 0; \
}
#define attribute_n_property_show(name, type) \
static ssize_t name##_show(struct kobject *kobj, struct kobj_attribute *attr, \
Reported by FlawFinder.
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct enumeration_data {
struct kobject *attr_name_kobj;
char display_name_language_code[MAX_BUFF];
char dell_value_modifier[MAX_BUFF];
char possible_values[MAX_BUFF];
char attribute_name[MAX_BUFF];
char default_value[MAX_BUFF];
char dell_modifier[MAX_BUFF];
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct enumeration_data {
struct kobject *attr_name_kobj;
char display_name_language_code[MAX_BUFF];
char dell_value_modifier[MAX_BUFF];
char possible_values[MAX_BUFF];
char attribute_name[MAX_BUFF];
char default_value[MAX_BUFF];
char dell_modifier[MAX_BUFF];
char display_name[MAX_BUFF];
Reported by FlawFinder.
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kobject *attr_name_kobj;
char display_name_language_code[MAX_BUFF];
char dell_value_modifier[MAX_BUFF];
char possible_values[MAX_BUFF];
char attribute_name[MAX_BUFF];
char default_value[MAX_BUFF];
char dell_modifier[MAX_BUFF];
char display_name[MAX_BUFF];
};
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char display_name_language_code[MAX_BUFF];
char dell_value_modifier[MAX_BUFF];
char possible_values[MAX_BUFF];
char attribute_name[MAX_BUFF];
char default_value[MAX_BUFF];
char dell_modifier[MAX_BUFF];
char display_name[MAX_BUFF];
};
Reported by FlawFinder.
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char dell_value_modifier[MAX_BUFF];
char possible_values[MAX_BUFF];
char attribute_name[MAX_BUFF];
char default_value[MAX_BUFF];
char dell_modifier[MAX_BUFF];
char display_name[MAX_BUFF];
};
struct integer_data {
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char possible_values[MAX_BUFF];
char attribute_name[MAX_BUFF];
char default_value[MAX_BUFF];
char dell_modifier[MAX_BUFF];
char display_name[MAX_BUFF];
};
struct integer_data {
struct kobject *attr_name_kobj;
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char attribute_name[MAX_BUFF];
char default_value[MAX_BUFF];
char dell_modifier[MAX_BUFF];
char display_name[MAX_BUFF];
};
struct integer_data {
struct kobject *attr_name_kobj;
char display_name_language_code[MAX_BUFF];
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct integer_data {
struct kobject *attr_name_kobj;
char display_name_language_code[MAX_BUFF];
char attribute_name[MAX_BUFF];
char dell_modifier[MAX_BUFF];
char display_name[MAX_BUFF];
int scalar_increment;
int default_value;
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct integer_data {
struct kobject *attr_name_kobj;
char display_name_language_code[MAX_BUFF];
char attribute_name[MAX_BUFF];
char dell_modifier[MAX_BUFF];
char display_name[MAX_BUFF];
int scalar_increment;
int default_value;
int min_value;
Reported by FlawFinder.
drivers/scsi/bnx2fc/bnx2fc_fcoe.c
21 issues
Line: 379
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fc_fcoe_set_mac(eh->h_dest, fh->fh_d_id);
else
/* insert GW address */
memcpy(eh->h_dest, ctlr->dest_addr, ETH_ALEN);
if (unlikely(ctlr->flogi_oxid != FC_XID_UNKNOWN))
memcpy(eh->h_source, ctlr->ctl_src_addr, ETH_ALEN);
else
memcpy(eh->h_source, port->data_src_addr, ETH_ALEN);
Reported by FlawFinder.
Line: 382
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(eh->h_dest, ctlr->dest_addr, ETH_ALEN);
if (unlikely(ctlr->flogi_oxid != FC_XID_UNKNOWN))
memcpy(eh->h_source, ctlr->ctl_src_addr, ETH_ALEN);
else
memcpy(eh->h_source, port->data_src_addr, ETH_ALEN);
hp = (struct fcoe_hdr *)(eh + 1);
memset(hp, 0, sizeof(*hp));
Reported by FlawFinder.
Line: 384
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(ctlr->flogi_oxid != FC_XID_UNKNOWN))
memcpy(eh->h_source, ctlr->ctl_src_addr, ETH_ALEN);
else
memcpy(eh->h_source, port->data_src_addr, ETH_ALEN);
hp = (struct fcoe_hdr *)(eh + 1);
memset(hp, 0, sizeof(*hp));
if (FC_FCOE_VER)
FC_FCOE_ENCAPS_VER(hp, FC_FCOE_VER);
Reported by FlawFinder.
Line: 726
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bnx2fc_stats->loss_of_signal_count = 0;
bnx2fc_stats->prim_seq_protocol_err_count = 0;
memcpy(&hba->prev_stats, hba->stats_buffer,
sizeof(struct fcoe_statistics_params));
unlock_stats_mutex:
mutex_unlock(&hba->hba_stats_mutex);
return bnx2fc_stats;
Reported by FlawFinder.
Line: 997
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
/* Set the function pointers set by bnx2fc driver */
memcpy(&lport->tt, &bnx2fc_libfc_fcn_templ,
sizeof(struct libfc_function_template));
fc_elsct_init(lport);
fc_exch_init(lport);
fc_disc_init(lport);
fc_disc_config(lport, lport);
Reported by FlawFinder.
Line: 1086
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct fcoe_port *port = lport_priv(lport);
memcpy(port->data_src_addr, addr, ETH_ALEN);
}
/**
* bnx2fc_get_src_mac - return the ethernet source address for an lport
*
Reported by FlawFinder.
Line: 1137
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net_device *netdev = interface->netdev;
struct fc_lport *vn_port;
int rc;
char buf[32];
rc = fcoe_validate_vport_create(vport);
if (rc) {
fcoe_wwn_to_str(vport->port_name, buf, sizeof(buf));
printk(KERN_ERR PFX "Failed to create vport, "
Reported by FlawFinder.
Line: 1258
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ha->type == NETDEV_HW_ADDR_T_SAN) &&
(is_valid_ether_addr(ha->addr))) {
memcpy(ctlr->ctl_src_addr, ha->addr,
ETH_ALEN);
sel_san_mac = 1;
BNX2FC_MISC_DBG("Found SAN MAC\n");
}
}
Reported by FlawFinder.
Line: 2136
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fc_vport_identifiers vpid;
uint i, created = 0;
u64 wwnn = 0;
char wwpn_str[32];
char wwnn_str[32];
if (npiv_tbl->count > MAX_NPIV_ENTRIES) {
BNX2FC_HBA_DBG(lport, "Exceeded count max of npiv table\n");
goto done;
Reported by FlawFinder.
Line: 2137
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint i, created = 0;
u64 wwnn = 0;
char wwpn_str[32];
char wwnn_str[32];
if (npiv_tbl->count > MAX_NPIV_ENTRIES) {
BNX2FC_HBA_DBG(lport, "Exceeded count max of npiv table\n");
goto done;
}
Reported by FlawFinder.
net/mac80211/mesh.c
21 issues
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
/* Don't care about endianness since only match matters */
memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum));
idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask;
hlist_for_each_entry_safe(p, n, &rmc->bucket[idx], list) {
++entries;
if (time_after(jiffies, p->exp_time) ||
entries == RMC_QUEUE_MAX_LEN) {
Reported by FlawFinder.
Line: 249
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p->seqnum = seqnum;
p->exp_time = jiffies + RMC_TIMEOUT;
memcpy(p->sa, sa, ETH_ALEN);
hlist_add_head(&p->list, &rmc->bucket[idx]);
return 0;
}
int mesh_add_meshconf_ie(struct ieee80211_sub_if_data *sdata,
Reported by FlawFinder.
Line: 315
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*pos++ = WLAN_EID_MESH_ID;
*pos++ = ifmsh->mesh_id_len;
if (ifmsh->mesh_id_len)
memcpy(pos, ifmsh->mesh_id, ifmsh->mesh_id_len);
return 0;
}
static int mesh_add_awake_window_ie(struct ieee80211_sub_if_data *sdata,
Reported by FlawFinder.
Line: 715
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (is_multicast_ether_addr(meshda)) {
*fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
/* DA TA SA */
memcpy(hdr->addr1, meshda, ETH_ALEN);
memcpy(hdr->addr2, meshsa, ETH_ALEN);
memcpy(hdr->addr3, meshsa, ETH_ALEN);
return 24;
} else {
*fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
Reported by FlawFinder.
Line: 716
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
/* DA TA SA */
memcpy(hdr->addr1, meshda, ETH_ALEN);
memcpy(hdr->addr2, meshsa, ETH_ALEN);
memcpy(hdr->addr3, meshsa, ETH_ALEN);
return 24;
} else {
*fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
/* RA TA DA SA */
Reported by FlawFinder.
Line: 717
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* DA TA SA */
memcpy(hdr->addr1, meshda, ETH_ALEN);
memcpy(hdr->addr2, meshsa, ETH_ALEN);
memcpy(hdr->addr3, meshsa, ETH_ALEN);
return 24;
} else {
*fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
/* RA TA DA SA */
eth_zero_addr(hdr->addr1); /* RA is resolved later */
Reported by FlawFinder.
Line: 723
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
/* RA TA DA SA */
eth_zero_addr(hdr->addr1); /* RA is resolved later */
memcpy(hdr->addr2, meshsa, ETH_ALEN);
memcpy(hdr->addr3, meshda, ETH_ALEN);
memcpy(hdr->addr4, meshsa, ETH_ALEN);
return 30;
}
}
Reported by FlawFinder.
Line: 724
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* RA TA DA SA */
eth_zero_addr(hdr->addr1); /* RA is resolved later */
memcpy(hdr->addr2, meshsa, ETH_ALEN);
memcpy(hdr->addr3, meshda, ETH_ALEN);
memcpy(hdr->addr4, meshsa, ETH_ALEN);
return 30;
}
}
Reported by FlawFinder.
Line: 725
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eth_zero_addr(hdr->addr1); /* RA is resolved later */
memcpy(hdr->addr2, meshsa, ETH_ALEN);
memcpy(hdr->addr3, meshda, ETH_ALEN);
memcpy(hdr->addr4, meshsa, ETH_ALEN);
return 30;
}
}
/**
Reported by FlawFinder.
Line: 759
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (addr4or5 && !addr6) {
meshhdr->flags |= MESH_FLAGS_AE_A4;
memcpy(meshhdr->eaddr1, addr4or5, ETH_ALEN);
return 2 * ETH_ALEN;
} else if (addr4or5 && addr6) {
meshhdr->flags |= MESH_FLAGS_AE_A5_A6;
memcpy(meshhdr->eaddr1, addr4or5, ETH_ALEN);
memcpy(meshhdr->eaddr2, addr6, ETH_ALEN);
Reported by FlawFinder.
arch/ia64/scripts/unwcheck.py
21 issues
Line: 40
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b605_start_process_with_a_shell.html
func = False
slots = 0
rlen_sum = 0
for line in os.popen("%s -u %s" % (readelf, sys.argv[1])):
m = start_pattern.match(line)
if m:
check_func(func, slots, rlen_sum)
func = m.group(1)
Reported by Bandit.
Line: 30
Column: 9
def check_func (func, slots, rlen_sum):
if slots != rlen_sum:
global num_errors
num_errors += 1
if not func: func = "[%#x-%#x]" % (start, end)
print("ERROR: %s: %lu slots, total region length = %lu" % (func, slots, rlen_sum))
return
num_funcs = 0
Reported by Pylint.
Line: 24
Column: 41
readelf = os.getenv("READELF", "readelf")
start_pattern = re.compile("<([^>]*)>: \[0x([0-9a-f]+)-0x([0-9a-f]+)\]")
rlen_pattern = re.compile(".*rlen=([0-9]+)")
def check_func (func, slots, rlen_sum):
if slots != rlen_sum:
global num_errors
Reported by Pylint.
Line: 24
Column: 12
readelf = os.getenv("READELF", "readelf")
start_pattern = re.compile("<([^>]*)>: \[0x([0-9a-f]+)-0x([0-9a-f]+)\]")
rlen_pattern = re.compile(".*rlen=([0-9]+)")
def check_func (func, slots, rlen_sum):
if slots != rlen_sum:
global num_errors
Reported by Pylint.
Line: 27
Column: 23
start_pattern = re.compile("<([^>]*)>: \[0x([0-9a-f]+)-0x([0-9a-f]+)\]")
rlen_pattern = re.compile(".*rlen=([0-9]+)")
def check_func (func, slots, rlen_sum):
if slots != rlen_sum:
global num_errors
num_errors += 1
if not func: func = "[%#x-%#x]" % (start, end)
print("ERROR: %s: %lu slots, total region length = %lu" % (func, slots, rlen_sum))
Reported by Pylint.
Line: 27
Column: 30
start_pattern = re.compile("<([^>]*)>: \[0x([0-9a-f]+)-0x([0-9a-f]+)\]")
rlen_pattern = re.compile(".*rlen=([0-9]+)")
def check_func (func, slots, rlen_sum):
if slots != rlen_sum:
global num_errors
num_errors += 1
if not func: func = "[%#x-%#x]" % (start, end)
print("ERROR: %s: %lu slots, total region length = %lu" % (func, slots, rlen_sum))
Reported by Pylint.
Line: 27
Column: 17
start_pattern = re.compile("<([^>]*)>: \[0x([0-9a-f]+)-0x([0-9a-f]+)\]")
rlen_pattern = re.compile(".*rlen=([0-9]+)")
def check_func (func, slots, rlen_sum):
if slots != rlen_sum:
global num_errors
num_errors += 1
if not func: func = "[%#x-%#x]" % (start, end)
print("ERROR: %s: %lu slots, total region length = %lu" % (func, slots, rlen_sum))
Reported by Pylint.
Line: 29
Column: 9
def check_func (func, slots, rlen_sum):
if slots != rlen_sum:
global num_errors
num_errors += 1
if not func: func = "[%#x-%#x]" % (start, end)
print("ERROR: %s: %lu slots, total region length = %lu" % (func, slots, rlen_sum))
return
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python3
# SPDX-License-Identifier: GPL-2.0
#
# Usage: unwcheck.py FILE
#
# This script checks the unwind info of each function in file FILE
# and verifies that the sum of the region-lengths matches the total
# length of the function.
#
Reported by Pylint.
Line: 27
Column: 1
start_pattern = re.compile("<([^>]*)>: \[0x([0-9a-f]+)-0x([0-9a-f]+)\]")
rlen_pattern = re.compile(".*rlen=([0-9]+)")
def check_func (func, slots, rlen_sum):
if slots != rlen_sum:
global num_errors
num_errors += 1
if not func: func = "[%#x-%#x]" % (start, end)
print("ERROR: %s: %lu slots, total region length = %lu" % (func, slots, rlen_sum))
Reported by Pylint.