The following issues were found
arch/arm64/crypto/aes-ce-ccm-glue.c
3 issues
Line: 82
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n[0] = 0;
n[1] = cpu_to_be32(msglen);
memcpy(maciv, req->iv, AES_BLOCK_SIZE - l);
/*
* Meaning of byte 0 according to CCM spec (RFC 3610/NIST 800-38C)
* - bits 0..2 : max # of bytes required to represent msglen, minus 1
* (already set by caller)
Reported by FlawFinder.
Line: 240
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ccm_calculate_auth_mac(req, mac);
/* preserve the original iv for the final round */
memcpy(buf, req->iv, AES_BLOCK_SIZE);
err = skcipher_walk_aead_encrypt(&walk, req, false);
if (crypto_simd_usable()) {
while (walk.nbytes) {
Reported by FlawFinder.
Line: 298
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ccm_calculate_auth_mac(req, mac);
/* preserve the original iv for the final round */
memcpy(buf, req->iv, AES_BLOCK_SIZE);
err = skcipher_walk_aead_decrypt(&walk, req, false);
if (crypto_simd_usable()) {
while (walk.nbytes) {
Reported by FlawFinder.
samples/bpf/test_lwt_bpf.c
3 issues
Line: 36
#define CB_MAGIC 1234
/* Test: Pass all packets through */
SEC("nop")
int do_nop(struct __sk_buff *skb)
{
return BPF_OK;
}
Reported by Cppcheck.
Line: 180
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ehdr.h_proto = __constant_htons(ETH_P_IP);
memcpy(&ehdr.h_source, &smac, 6);
memcpy(&ehdr.h_dest, &dmac, 6);
ret = bpf_skb_store_bytes(skb, 0, &ehdr, sizeof(ehdr), 0);
if (ret < 0) {
printk("skb_store_bytes() failed: %d\n", ret);
Reported by FlawFinder.
Line: 181
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ehdr.h_proto = __constant_htons(ETH_P_IP);
memcpy(&ehdr.h_source, &smac, 6);
memcpy(&ehdr.h_dest, &dmac, 6);
ret = bpf_skb_store_bytes(skb, 0, &ehdr, sizeof(ehdr), 0);
if (ret < 0) {
printk("skb_store_bytes() failed: %d\n", ret);
return BPF_DROP;
Reported by FlawFinder.
sound/pci/ca0106/ca_midi.c
3 issues
Line: 290
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
spin_lock_init(&midi->input_lock);
spin_lock_init(&midi->output_lock);
strcpy(rmidi->name, name);
snd_rawmidi_set_ops(rmidi, SNDRV_RAWMIDI_STREAM_OUTPUT, &ca_midi_output);
snd_rawmidi_set_ops(rmidi, SNDRV_RAWMIDI_STREAM_INPUT, &ca_midi_input);
rmidi->info_flags |= SNDRV_RAWMIDI_INFO_OUTPUT |
SNDRV_RAWMIDI_INFO_INPUT |
SNDRV_RAWMIDI_INFO_DUPLEX;
Reported by FlawFinder.
Line: 22
Column: 40
CWE codes:
120
20
#define ca_midi_write_data(midi, data) midi->write(midi, data, 0)
#define ca_midi_write_cmd(midi, data) midi->write(midi, data, 1)
#define ca_midi_read_data(midi) midi->read(midi, 0)
#define ca_midi_read_stat(midi) midi->read(midi, 1)
#define ca_midi_input_avail(midi) (!(ca_midi_read_stat(midi) & midi->input_avail))
#define ca_midi_output_ready(midi) (!(ca_midi_read_stat(midi) & midi->output_ready))
static void ca_midi_clear_rx(struct snd_ca_midi *midi)
Reported by FlawFinder.
Line: 23
Column: 40
CWE codes:
120
20
#define ca_midi_write_data(midi, data) midi->write(midi, data, 0)
#define ca_midi_write_cmd(midi, data) midi->write(midi, data, 1)
#define ca_midi_read_data(midi) midi->read(midi, 0)
#define ca_midi_read_stat(midi) midi->read(midi, 1)
#define ca_midi_input_avail(midi) (!(ca_midi_read_stat(midi) & midi->input_avail))
#define ca_midi_output_ready(midi) (!(ca_midi_read_stat(midi) & midi->output_ready))
static void ca_midi_clear_rx(struct snd_ca_midi *midi)
{
Reported by FlawFinder.
sound/pci/ca0106/ca0106_proc.c
3 issues
Line: 285
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct snd_ca0106 *emu = entry->private_data;
unsigned long flags;
char line[64];
u32 reg, val;
while (!snd_info_get_line(buffer, line, sizeof(line))) {
if (sscanf(line, "%x %x", ®, &val) != 2)
continue;
if (reg < 0x40 && val <= 0xffffffff) {
Reported by FlawFinder.
Line: 386
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_info_buffer *buffer)
{
struct snd_ca0106 *emu = entry->private_data;
char line[64];
unsigned int reg, channel_id , val;
while (!snd_info_get_line(buffer, line, sizeof(line))) {
if (sscanf(line, "%x %x %x", ®, &channel_id, &val) != 3)
continue;
if (reg < 0x80 && val <= 0xffffffff && channel_id <= 3)
Reported by FlawFinder.
Line: 400
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_info_buffer *buffer)
{
struct snd_ca0106 *emu = entry->private_data;
char line[64];
unsigned int reg, val;
while (!snd_info_get_line(buffer, line, sizeof(line))) {
if (sscanf(line, "%x %x", ®, &val) != 2)
continue;
if ((reg <= 0x7f) || (val <= 0x1ff)) {
Reported by FlawFinder.
sound/ac97/bus.c
3 issues
Line: 463
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ac97_codec_device *codec = to_ac97_device(dev);
return sprintf(buf, "%08x", codec->vendor_id);
}
DEVICE_ATTR_RO(vendor_id);
static struct attribute *ac97_dev_attrs[] = {
&dev_attr_vendor_id.attr,
Reported by FlawFinder.
Line: 139
Column: 19
CWE codes:
120
20
unsigned short vid1, vid2;
int ret;
ret = adrv->ops->read(adrv, codec_num, AC97_VENDOR_ID1);
vid1 = (ret & 0xffff);
if (ret < 0)
return 0;
ret = adrv->ops->read(adrv, codec_num, AC97_VENDOR_ID2);
Reported by FlawFinder.
Line: 144
Column: 19
CWE codes:
120
20
if (ret < 0)
return 0;
ret = adrv->ops->read(adrv, codec_num, AC97_VENDOR_ID2);
vid2 = (ret & 0xffff);
if (ret < 0)
return 0;
dev_dbg(&adrv->adap, "%s(codec_num=%u): vendor_id=0x%08x\n",
Reported by FlawFinder.
sound/usb/line6/playback.c
3 issues
Line: 218
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = runtime->buffer_size - line6pcm->out.pos;
if (len > 0) {
memcpy(urb_out->transfer_buffer,
runtime->dma_area +
line6pcm->out.pos * bytes_per_frame,
len * bytes_per_frame);
memcpy(urb_out->transfer_buffer +
len * bytes_per_frame, runtime->dma_area,
Reported by FlawFinder.
Line: 222
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
runtime->dma_area +
line6pcm->out.pos * bytes_per_frame,
len * bytes_per_frame);
memcpy(urb_out->transfer_buffer +
len * bytes_per_frame, runtime->dma_area,
(urb_frames - len) * bytes_per_frame);
} else
dev_err(line6pcm->line6->ifcdev, "driver bug: len = %d\n",
len);
Reported by FlawFinder.
Line: 229
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_err(line6pcm->line6->ifcdev, "driver bug: len = %d\n",
len);
} else {
memcpy(urb_out->transfer_buffer,
runtime->dma_area +
line6pcm->out.pos * bytes_per_frame,
urb_out->transfer_buffer_length);
}
Reported by FlawFinder.
net/sched/sch_api.c
3 issues
Line: 434
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rtab) {
rtab->rate = *r;
rtab->refcnt = 1;
memcpy(rtab->data, nla_data(tab), 1024);
if (r->linklayer == TC_LINKLAYER_UNAWARE)
r->linklayer = __detect_linklayer(r, rtab->data);
rtab->next = qdisc_rtab_list;
qdisc_rtab_list = rtab;
} else {
Reported by FlawFinder.
Line: 523
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stab->refcnt = 1;
stab->szopts = *s;
if (tsize > 0)
memcpy(stab->data, tab, tsize * sizeof(u16));
list_add_tail(&stab->list, &qdisc_stab_list);
return stab;
}
Reported by FlawFinder.
Line: 1173
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ops = qdisc_lookup_ops(kind);
#ifdef CONFIG_MODULES
if (ops == NULL && kind != NULL) {
char name[IFNAMSIZ];
if (nla_strscpy(name, kind, IFNAMSIZ) >= 0) {
/* We dropped the RTNL semaphore in order to
* perform the module load. So, even if we
* succeeded in loading the module we have to
* tell the caller to replay the request. We
Reported by FlawFinder.
sound/soc/stm/stm32_adfsdm.c
3 issues
Line: 114
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct stm32_adfsdm_priv *priv = snd_soc_dai_get_drvdata(dai);
ssize_t size;
char str_freq[10];
dev_dbg(dai->dev, "%s: Enter for freq %d\n", __func__, freq);
/* Set IIO frequency if CODEC is master as clock comes from SPI_IN */
Reported by FlawFinder.
Line: 190
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stm32_memcpy_32to16(&pcm_buff[priv->pos], src_buff,
buff_size - priv->pos);
else
memcpy(&pcm_buff[priv->pos], src_buff,
buff_size - priv->pos);
cur_size -= buff_size - priv->pos;
priv->pos = 0;
}
Reported by FlawFinder.
Line: 200
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stm32_memcpy_32to16(&pcm_buff[priv->pos],
&src_buff[src_size - cur_size], cur_size);
else
memcpy(&pcm_buff[priv->pos], &src_buff[src_size - cur_size],
cur_size);
priv->pos = (priv->pos + cur_size) % buff_size;
if (cur_size != src_size || (old_pos && (old_pos % period_size < size)))
Reported by FlawFinder.
sound/sh/sh_dac_audio.c
3 issues
Line: 247
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
pcm->private_data = chip;
strcpy(pcm->name, "SH_DAC PCM");
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &snd_sh_dac_pcm_ops);
/* buffer size=48K */
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_CONTINUOUS,
NULL, 48 * 1024, 48 * 1024);
Reported by FlawFinder.
Line: 383
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err < 0)
goto probe_error;
strcpy(card->driver, "snd_sh_dac");
strcpy(card->shortname, "SuperH DAC audio driver");
printk(KERN_INFO "%s %s", card->longname, card->shortname);
err = snd_card_register(card);
if (err < 0)
Reported by FlawFinder.
Line: 384
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto probe_error;
strcpy(card->driver, "snd_sh_dac");
strcpy(card->shortname, "SuperH DAC audio driver");
printk(KERN_INFO "%s %s", card->longname, card->shortname);
err = snd_card_register(card);
if (err < 0)
goto probe_error;
Reported by FlawFinder.
scripts/kconfig/tests/inter_choice/__init__.py
3 issues
Line: 13
Column: 1
"""
def test(conf):
assert conf.defconfig('defconfig') == 0
assert conf.config_contains('expected_config')
Reported by Pylint.
Line: 14
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.defconfig('defconfig') == 0
assert conf.config_contains('expected_config')
Reported by Bandit.
Line: 15
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.defconfig('defconfig') == 0
assert conf.config_contains('expected_config')
Reported by Bandit.