The following issues were found
sound/pci/oxygen/xonar_dg_mixer.c
3 issues
Line: 50
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int output_select_info(struct snd_kcontrol *ctl,
struct snd_ctl_elem_info *info)
{
static const char *const names[3] = {
"Stereo Headphones",
"Stereo Headphones FP",
"Multichannel",
};
Reported by FlawFinder.
Line: 272
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int input_sel_info(struct snd_kcontrol *ctl,
struct snd_ctl_elem_info *info)
{
static const char *const names[4] = {
"Mic", "Front Mic", "Line", "Aux"
};
return snd_ctl_enum_info(info, 1, 4, names);
}
Reported by FlawFinder.
Line: 322
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int hpf_info(struct snd_kcontrol *ctl, struct snd_ctl_elem_info *info)
{
static const char *const names[2] = { "Active", "Frozen" };
return snd_ctl_enum_info(info, 1, 2, names);
}
static int hpf_get(struct snd_kcontrol *ctl, struct snd_ctl_elem_value *value)
Reported by FlawFinder.
sound/drivers/opl3/opl3_midi.c
3 issues
Line: 26
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* it saves a lot of log() calculations. (Rob Hooft <hooft@chem.ruu.nl>)
*/
static const char opl3_volume_table[128] =
{
-63, -48, -40, -35, -32, -29, -27, -26,
-24, -23, -21, -20, -19, -18, -18, -17,
-16, -15, -15, -14, -13, -13, -12, -12,
-11, -11, -10, -10, -10, -9, -9, -8,
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
#ifdef DEBUG_ALLOC
char *alloc_type[3] = { "FREE ", "CHEAP ", "EXPENSIVE" };
#endif
/* This is our "allocation cost" table */
enum {
FREE = 0, CHEAP, EXPENSIVE, END
Reported by FlawFinder.
Line: 284
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_opl3_voice *vp, *vp2;
unsigned short connect_mask;
unsigned char connection;
unsigned char vol_op[4];
int extra_prg = 0;
unsigned short reg_side;
unsigned char op_offset;
Reported by FlawFinder.
net/sunrpc/auth_gss/gss_krb5_unseal.c
3 issues
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int signalg;
int sealalg;
char cksumdata[GSS_KRB5_MAX_CKSUM_LEN];
struct xdr_netobj md5cksum = {.len = sizeof(cksumdata),
.data = cksumdata};
s32 now;
int direction;
u32 seqnum;
Reported by FlawFinder.
Line: 149
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
gss_verify_mic_v2(struct krb5_ctx *ctx,
struct xdr_buf *message_buffer, struct xdr_netobj *read_token)
{
char cksumdata[GSS_KRB5_MAX_CKSUM_LEN];
struct xdr_netobj cksumobj = {.len = sizeof(cksumdata),
.data = cksumdata};
time64_t now;
u8 *ptr = read_token->data;
u8 *cksumkey;
Reported by FlawFinder.
Line: 162
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dprintk("RPC: %s\n", __func__);
memcpy(&be16_ptr, (char *) ptr, 2);
if (be16_to_cpu(be16_ptr) != KG2_TOK_MIC)
return GSS_S_DEFECTIVE_TOKEN;
flags = ptr[2];
if ((!ctx->initiate && (flags & KG2_TOKEN_FLAG_SENTBYACCEPTOR)) ||
Reported by FlawFinder.
sound/pci/pcxhr/pcxhr_mixer.c
3 issues
Line: 638
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcxhr_audio_src_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char *texts[5] = {
"Line", "Digital", "Digi+SRC", "Mic", "Line+Mic"
};
int i;
struct snd_pcxhr *chip = snd_kcontrol_chip(kcontrol);
Reported by FlawFinder.
Line: 717
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pcxhr_clock_type_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char *textsPCXHR[7] = {
"Internal", "WordClock", "AES Sync",
"AES 1", "AES 2", "AES 3", "AES 4"
};
static const char *textsHR22[3] = {
"Internal", "AES Sync", "AES 1"
Reported by FlawFinder.
Line: 721
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"Internal", "WordClock", "AES Sync",
"AES 1", "AES 2", "AES 3", "AES 4"
};
static const char *textsHR22[3] = {
"Internal", "AES Sync", "AES 1"
};
const char **texts;
struct pcxhr_mgr *mgr = snd_kcontrol_chip(kcontrol);
int clock_items = 2; /* at least Internal and AES Sync clock */
Reported by FlawFinder.
sound/pci/oxygen/oxygen_mixer.c
3 issues
Line: 1069
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (!strcmp(template.name, "Master Playback Volume") &&
chip->model.dac_tlv) {
template.tlv.p = chip->model.dac_tlv;
template.access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
}
ctl = snd_ctl_new1(&template, chip);
if (!ctl)
return -ENOMEM;
err = snd_ctl_add(chip->card, ctl);
Reported by FlawFinder.
Line: 100
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int upmix_info(struct snd_kcontrol *ctl, struct snd_ctl_elem_info *info)
{
static const char *const names[5] = {
"Front",
"Front+Surround",
"Front+Surround+Back",
"Front+Surround+Center/LFE",
"Front+Surround+Center/LFE+Back",
Reported by FlawFinder.
Line: 1033
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct snd_kcontrol_new controls[],
unsigned int count)
{
static const char *const known_ctl_names[CONTROL_COUNT] = {
[CONTROL_SPDIF_PCM] =
SNDRV_CTL_NAME_IEC958("", PLAYBACK, PCM_STREAM),
[CONTROL_SPDIF_INPUT_BITS] =
SNDRV_CTL_NAME_IEC958("", CAPTURE, DEFAULT),
[CONTROL_MIC_CAPTURE_SWITCH] = "Mic Capture Switch",
Reported by FlawFinder.
security/integrity/ima/ima_modsig.c
3 issues
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return rc;
}
memcpy(hdr->raw_pkcs7, buf + buf_len, sig_len);
hdr->raw_pkcs7_len = sig_len;
/* We don't know the hash algorithm yet. */
hdr->hash_algo = HASH_ALGO__LAST;
Reported by FlawFinder.
Line: 43
Column: 28
CWE codes:
126
int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
struct modsig **modsig)
{
const size_t marker_len = strlen(MODULE_SIG_STRING);
const struct module_signature *sig;
struct modsig *hdr;
size_t sig_len;
const void *p;
int rc;
Reported by FlawFinder.
Line: 105
Column: 34
CWE codes:
126
* Provide the file contents (minus the appended sig) so that the PKCS7
* code can calculate the file hash.
*/
size -= modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) +
sizeof(struct module_signature);
rc = pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size);
if (rc)
return;
Reported by FlawFinder.
security/integrity/ima/ima_policy.c
3 issues
Line: 796
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Convert each policy string rules to struct ima_rule_entry format */
for (rules = arch_rules, i = 0; *rules != NULL; rules++) {
char rule[255];
int result;
result = strlcpy(rule, *rules, sizeof(rule));
INIT_LIST_HEAD(&arch_policy_entry[i].list);
Reported by FlawFinder.
Line: 1707
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ima_rule_entry *entry = v;
int i;
char tbuf[64] = {0,};
int offset = 0;
rcu_read_lock();
if (entry->action & MEASURE)
Reported by FlawFinder.
Line: 1584
Column: 8
CWE codes:
126
int audit_info = 0;
p = strsep(&rule, "\n");
len = strlen(p) + 1;
p += strspn(p, " \t");
if (*p == '#' || *p == '\0')
return len;
Reported by FlawFinder.
net/sctp/ulpevent.c
3 issues
Line: 326
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* The affected address field, holds the remote peer's address that is
* encountering the change of state.
*/
memcpy(&spc->spc_aaddr, aaddr, sizeof(struct sockaddr_storage));
/* Map ipv4 address into v4-mapped-on-v6 address. */
sctp_get_pf_specific(asoc->base.sk->sk_family)->addr_to_user(
sctp_sk(asoc->base.sk),
(union sctp_addr *)&spc->spc_aaddr);
Reported by FlawFinder.
Line: 350
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
memset(&addr, 0, sizeof(struct sockaddr_storage));
memcpy(&addr, &transport->ipaddr, transport->af_specific->sockaddr_len);
event = sctp_ulpevent_make_peer_addr_change(asoc, &addr, 0, state,
error, GFP_ATOMIC);
if (event)
asoc->stream.si->enqueue_event(&asoc->ulpq, event);
Reported by FlawFinder.
Line: 509
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* The original send information associated with the undelivered
* message.
*/
memcpy(&ssf->ssf_info, &chunk->sinfo, sizeof(struct sctp_sndrcvinfo));
/* Per TSVWG discussion with Randy. Allow the application to
* reassemble a fragmented message.
*/
ssf->ssf_info.sinfo_flags = chunk->chunk_hdr->flags;
Reported by FlawFinder.
sound/ppc/awacs.c
3 issues
Line: 26
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef PMAC_AMP_AVAIL
struct awacs_amp {
unsigned char amp_master;
unsigned char amp_vol[2][2];
unsigned char amp_tone[2];
};
#define CHECK_CUDA_AMP() (sys_ctrler == SYS_CTRLER_CUDA)
Reported by FlawFinder.
Line: 27
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct awacs_amp {
unsigned char amp_master;
unsigned char amp_vol[2][2];
unsigned char amp_tone[2];
};
#define CHECK_CUDA_AMP() (sys_ctrler == SYS_CTRLER_CUDA)
#endif /* PMAC_AMP_AVAIL */
Reported by FlawFinder.
Line: 958
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/*
* build mixers
*/
strcpy(chip->card->mixername, "PowerMac AWACS");
err = build_mixers(chip, ARRAY_SIZE(snd_pmac_awacs_mixers),
snd_pmac_awacs_mixers);
if (err < 0)
return err;
Reported by FlawFinder.
sound/pci/pcxhr/pcxhr_core.c
3 issues
Line: 115
Column: 26
CWE codes:
120
20
*/
static int pcxhr_check_reg_bit(struct pcxhr_mgr *mgr, unsigned int reg,
unsigned char mask, unsigned char bit, int time,
unsigned char* read)
{
int i = 0;
unsigned long end_time = jiffies + (time * HZ + 999) / 1000;
do {
*read = PCXHR_INPB(mgr, reg);
Reported by FlawFinder.
Line: 121
Column: 9
CWE codes:
120
20
unsigned long end_time = jiffies + (time * HZ + 999) / 1000;
do {
*read = PCXHR_INPB(mgr, reg);
if ((*read & mask) == bit) {
if (i > 100)
dev_dbg(&mgr->pci->dev,
"ATTENTION! check_reg(%x) loopcount=%d\n",
reg, i);
return 0;
Reported by FlawFinder.
Line: 132
Column: 18
CWE codes:
120
20
} while (time_after_eq(end_time, jiffies));
dev_err(&mgr->pci->dev,
"pcxhr_check_reg_bit: timeout, reg=%x, mask=0x%x, val=%x\n",
reg, mask, *read);
return -EIO;
}
/* constants used with pcxhr_check_reg_bit() */
#define PCXHR_TIMEOUT_DSP 200
Reported by FlawFinder.