The following issues were found
sound/usb/line6/podhd.c
3 issues
Line: 149
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct snd_card *card = dev_to_snd_card(dev);
struct usb_line6_podhd *pod = card->private_data;
return sprintf(buf, "%u\n", pod->serial_number);
}
static ssize_t firmware_version_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 158
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct snd_card *card = dev_to_snd_card(dev);
struct usb_line6_podhd *pod = card->private_data;
return sprintf(buf, "%06x\n", pod->firmware_version);
}
static DEVICE_ATTR_RO(firmware_version);
static DEVICE_ATTR_RO(serial_number);
Reported by FlawFinder.
Line: 275
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void podhd_set_monitor_level(struct usb_line6_podhd *podhd, int value)
{
unsigned int fl;
static const unsigned char msg[16] = {
/* Chunk is 0xc bytes (without first word) */
0x0c, 0x00,
/* First chunk in the message */
0x01, 0x00,
/* Message size is 2 4-byte words */
Reported by FlawFinder.
sound/pci/ice1712/wm8766.c
3 issues
Line: 227
CWE codes:
908
if (wm->ctl[n].flags & WM8766_FLAG_INVERT) {
val1 = wm->ctl[n].max - (val1 - wm->ctl[n].min);
if (wm->ctl[n].flags & WM8766_FLAG_STEREO)
val2 = wm->ctl[n].max - (val2 - wm->ctl[n].min);
}
ucontrol->value.integer.value[0] = val1;
if (wm->ctl[n].flags & WM8766_FLAG_STEREO)
ucontrol->value.integer.value[1] = val2;
Reported by Cppcheck.
Line: 288
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
cont.access = SNDRV_CTL_ELEM_ACCESS_READWRITE;
if (wm->ctl[num].flags & WM8766_FLAG_LIM ||
wm->ctl[num].flags & WM8766_FLAG_ALC)
cont.access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
cont.tlv.p = NULL;
cont.get = snd_wm8766_ctl_get;
cont.put = snd_wm8766_ctl_put;
switch (wm->ctl[num].type) {
Reported by FlawFinder.
Line: 296
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
switch (wm->ctl[num].type) {
case SNDRV_CTL_ELEM_TYPE_INTEGER:
cont.info = snd_wm8766_volume_info;
cont.access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ;
cont.tlv.p = wm->ctl[num].tlv;
break;
case SNDRV_CTL_ELEM_TYPE_BOOLEAN:
wm->ctl[num].max = 1;
if (wm->ctl[num].flags & WM8766_FLAG_STEREO)
Reported by FlawFinder.
sound/soc/intel/atom/sst/sst.h
3 issues
Line: 228
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @reserved : reserved fields
*/
struct sst_fw_header {
unsigned char signature[FW_SIGNATURE_SIZE];
u32 file_size;
u32 modules;
u32 file_format;
u32 reserved[4];
};
Reported by FlawFinder.
Line: 245
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @entry_point: module netry point
*/
struct fw_module_header {
unsigned char signature[FW_SIGNATURE_SIZE];
u32 mod_size;
u32 blocks;
u32 type;
u32 entry_point;
};
Reported by FlawFinder.
Line: 411
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Holder for firmware name. Due to async call it needs to be
* persistent till worker thread gets called
*/
char firmware_name[FW_NAME_SIZE];
struct snd_sst_fw_version fw_version;
struct sst_fw_save *fw_save;
};
Reported by FlawFinder.
samples/bpf/test_cgrp2_attach.c
3 issues
Line: 136
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
enum bpf_attach_type type;
int opt, cg_fd, ret;
while ((opt = getopt(argc, argv, "Dd")) != -1) {
switch (opt) {
case 'd':
verdict = 0;
break;
case 'D':
Reported by FlawFinder.
Line: 40
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MAP_KEY_BYTES,
};
char bpf_log_buf[BPF_LOG_BUF_SIZE];
static int prog_load(int map_fd, int verdict)
{
struct bpf_insn prog[] = {
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), /* save r6 so it's not clobbered by BPF_CALL */
Reported by FlawFinder.
Line: 159
Column: 10
CWE codes:
362
else
return usage(argv[0]);
cg_fd = open(argv[optind], O_DIRECTORY | O_RDONLY);
if (cg_fd < 0) {
printf("Failed to open cgroup path: '%s'\n", strerror(errno));
return EXIT_FAILURE;
}
Reported by FlawFinder.
sound/pci/ice1712/prodigy192.c
3 issues
Line: 271
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int stac9460_mic_sw_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[2] = { "Line In", "Mic" };
return snd_ctl_enum_info(uinfo, 1, 2, texts);
}
Reported by FlawFinder.
Line: 308
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned char old, new;
int idx;
unsigned char changed[7];
struct prodigy192_spec *spec = ice->spec;
if (rate == 0) /* no hint - S/PDIF input is master, simply return */
return;
else if (rate <= 48000)
Reported by FlawFinder.
Line: 542
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ak4114_input_sw_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[2] = { "Toslink", "Coax" };
return snd_ctl_enum_info(uinfo, 1, 2, texts);
}
Reported by FlawFinder.
scripts/kconfig/tests/preprocess/circular_expansion/__init__.py
3 issues
Line: 9
Column: 1
it should fail with an error message.
"""
def test(conf):
assert conf.oldaskconfig() != 0
assert conf.stderr_matches('expected_stderr')
Reported by Pylint.
Line: 10
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
"""
def test(conf):
assert conf.oldaskconfig() != 0
assert conf.stderr_matches('expected_stderr')
Reported by Bandit.
Line: 11
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldaskconfig() != 0
assert conf.stderr_matches('expected_stderr')
Reported by Bandit.
sound/i2c/other/ak4113.c
3 issues
Line: 39
Column: 17
CWE codes:
120
20
static inline unsigned char reg_read(struct ak4113 *ak4113, unsigned char reg)
{
return ak4113->read(ak4113->private_data, reg);
}
static void snd_ak4113_free(struct ak4113 *chip)
{
atomic_inc(&chip->wq_processing); /* don't schedule new work */
Reported by FlawFinder.
Line: 56
Column: 61
CWE codes:
120
20
return 0;
}
int snd_ak4113_create(struct snd_card *card, ak4113_read_t *read,
ak4113_write_t *write, const unsigned char *pgm,
void *private_data, struct ak4113 **r_ak4113)
{
struct ak4113 *chip;
int err;
Reported by FlawFinder.
Line: 72
Column: 15
CWE codes:
120
20
return -ENOMEM;
spin_lock_init(&chip->lock);
chip->card = card;
chip->read = read;
chip->write = write;
chip->private_data = private_data;
INIT_DELAYED_WORK(&chip->work, ak4113_stats);
atomic_set(&chip->wq_processing, 0);
mutex_init(&chip->reinit_mutex);
Reported by FlawFinder.
sound/usb/line6/pod.c
3 issues
Line: 238
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct snd_card *card = dev_to_snd_card(dev);
struct usb_line6_pod *pod = card->private_data;
return sprintf(buf, "%u\n", pod->serial_number);
}
/*
"read" request on "firmware_version" special file.
*/
Reported by FlawFinder.
Line: 250
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct snd_card *card = dev_to_snd_card(dev);
struct usb_line6_pod *pod = card->private_data;
return sprintf(buf, "%d.%02d\n", pod->firmware_version / 100,
pod->firmware_version % 100);
}
/*
"read" request on "device_id" special file.
Reported by FlawFinder.
Line: 263
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct snd_card *card = dev_to_snd_card(dev);
struct usb_line6_pod *pod = card->private_data;
return sprintf(buf, "%d\n", pod->device_id);
}
/*
POD startup procedure.
This is a sequence of functions with special requirements (e.g., must
Reported by FlawFinder.
net/sched/sch_prio.c
3 issues
Line: 156
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (qopt) {
opt.command = TC_PRIO_REPLACE;
opt.replace_params.bands = qopt->bands;
memcpy(&opt.replace_params.priomap, qopt->priomap,
TC_PRIO_MAX + 1);
opt.replace_params.qstats = &sch->qstats;
} else {
opt.command = TC_PRIO_DESTROY;
}
Reported by FlawFinder.
Line: 213
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prio_offload(sch, qopt);
sch_tree_lock(sch);
q->bands = qopt->bands;
memcpy(q->prio2band, qopt->priomap, TC_PRIO_MAX+1);
for (i = q->bands; i < oldbands; i++)
qdisc_tree_flush_backlog(q->queues[i]);
for (i = oldbands; i < q->bands; i++) {
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int err;
opt.bands = q->bands;
memcpy(&opt.priomap, q->prio2band, TC_PRIO_MAX + 1);
err = prio_dump_offload(sch);
if (err)
goto nla_put_failure;
Reported by FlawFinder.
sound/soc/samsung/i2s.c
3 issues
Line: 1266
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char * const i2s_clk_desc[] = { "cdclk", "rclk_src", "prescaler" };
const char *clk_name[2] = { "i2s_opclk0", "i2s_opclk1" };
const char *p_names[2] = { NULL };
struct device *dev = &priv->pdev->dev;
const struct samsung_i2s_variant_regs *reg_info = priv->variant_regs;
const char *i2s_clk_name[ARRAY_SIZE(i2s_clk_desc)];
struct clk *rclksrc;
Reported by FlawFinder.
Line: 1267
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char * const i2s_clk_desc[] = { "cdclk", "rclk_src", "prescaler" };
const char *clk_name[2] = { "i2s_opclk0", "i2s_opclk1" };
const char *p_names[2] = { NULL };
struct device *dev = &priv->pdev->dev;
const struct samsung_i2s_variant_regs *reg_info = priv->variant_regs;
const char *i2s_clk_name[ARRAY_SIZE(i2s_clk_desc)];
struct clk *rclksrc;
int ret, i;
Reported by FlawFinder.
Line: 1270
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *p_names[2] = { NULL };
struct device *dev = &priv->pdev->dev;
const struct samsung_i2s_variant_regs *reg_info = priv->variant_regs;
const char *i2s_clk_name[ARRAY_SIZE(i2s_clk_desc)];
struct clk *rclksrc;
int ret, i;
/* Register the clock provider only if it's expected in the DTB */
if (!of_find_property(dev->of_node, "#clock-cells", NULL))
Reported by FlawFinder.