The following issues were found
sound/pci/hda/hda_tegra.c
3 issues
Line: 362
Column: 2
CWE codes:
120
}
/* driver name */
strncpy(card->driver, drv_name, sizeof(card->driver));
/* shortname for card */
sname = of_get_property(np, "nvidia,model", NULL);
if (!sname)
sname = drv_name;
if (strlen(sname) > sizeof(card->shortname))
Reported by FlawFinder.
Line: 367
Column: 6
CWE codes:
126
sname = of_get_property(np, "nvidia,model", NULL);
if (!sname)
sname = drv_name;
if (strlen(sname) > sizeof(card->shortname))
dev_info(card->dev, "truncating shortname for card\n");
strncpy(card->shortname, sname, sizeof(card->shortname));
/* longname for card */
snprintf(card->longname, sizeof(card->longname),
Reported by FlawFinder.
Line: 369
Column: 2
CWE codes:
120
sname = drv_name;
if (strlen(sname) > sizeof(card->shortname))
dev_info(card->dev, "truncating shortname for card\n");
strncpy(card->shortname, sname, sizeof(card->shortname));
/* longname for card */
snprintf(card->longname, sizeof(card->longname),
"%s at 0x%lx irq %i",
card->shortname, bus->addr, bus->irq);
Reported by FlawFinder.
sound/isa/cs423x/cs4236.c
3 issues
Line: 529
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -ENODEV;
/* prepare second id */
strcpy(cid, pdev->id[0].id);
cid[5] = '1';
cdev = NULL;
list_for_each_entry(cdev, &(pdev->protocol->devices), protocol_list) {
if (!strcmp(cdev->id[0].id, cid))
break;
Reported by FlawFinder.
Line: 27
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DEV_NAME "cs4232+"
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_ISAPNP; /* Enable this card */
#ifdef CONFIG_PNP
static bool isapnp[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = 1};
#endif
static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* PnP setup */
Reported by FlawFinder.
Line: 517
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int err;
struct snd_card *card;
struct pnp_dev *cdev;
char cid[PNP_ID_LEN];
if (pnp_device_is_isapnp(pdev))
return -ENOENT; /* we have another procedure - card */
for (; dev < SNDRV_CARDS; dev++) {
if (enable[dev] && isapnp[dev])
Reported by FlawFinder.
security/keys/keyring.c
3 issues
Line: 187
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (n > 4)
n = 4;
piece = 0;
memcpy(&piece, description, n);
description += n;
desc_len -= n;
acc = mult_64x32_and_fold(acc, piece);
acc = mult_64x32_and_fold(acc, 9207);
}
Reported by FlawFinder.
Line: 219
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static struct key_tag default_domain_tag = { .usage = REFCOUNT_INIT(1), };
size_t n = min_t(size_t, index_key->desc_len, sizeof(index_key->desc));
memcpy(index_key->desc, index_key->description, n);
if (!index_key->domain_tag) {
if (index_key->type->flags & KEY_TYPE_NET_DOMAIN)
index_key->domain_tag = current->nsproxy->net_ns->key_domain;
else
Reported by FlawFinder.
Line: 945
Column: 25
CWE codes:
126
struct keyring_search_context ctx = {
.index_key.type = type,
.index_key.description = description,
.index_key.desc_len = strlen(description),
.cred = current_cred(),
.match_data.cmp = key_default_cmp,
.match_data.raw_data = description,
.match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
.flags = KEYRING_SEARCH_DO_STATE_CHECK,
Reported by FlawFinder.
security/lsm_audit.c
3 issues
Line: 211
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void dump_common_audit_data(struct audit_buffer *ab,
struct common_audit_data *a)
{
char comm[sizeof(current->comm)];
/*
* To keep stack sizes in check force programers to notice if they
* start making this union too large! See struct lsm_network_audit
* as an example of how to deal with large data.
Reported by FlawFinder.
Line: 313
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (tsk) {
pid_t pid = task_tgid_nr(tsk);
if (pid) {
char comm[sizeof(tsk->comm)];
audit_log_format(ab, " opid=%d ocomm=", pid);
audit_log_untrustedstring(ab,
memcpy(comm, tsk->comm, sizeof(comm)));
}
}
Reported by FlawFinder.
Line: 421
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&sbn_pfx.s6_addr, 0,
sizeof(sbn_pfx.s6_addr));
memcpy(&sbn_pfx.s6_addr, &a->u.ibpkey->subnet_prefix,
sizeof(a->u.ibpkey->subnet_prefix));
audit_log_format(ab, " pkey=0x%x subnet_prefix=%pI6c",
a->u.ibpkey->pkey, &sbn_pfx);
break;
}
Reported by FlawFinder.
sound/pci/hda/hda_jack.c
3 issues
Line: 580
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *base_name)
{
unsigned int def_conf, conn;
char name[SNDRV_CTL_ELEM_ID_NAME_MAXLEN];
int err;
bool phantom_jack;
WARN_ON(codec->dp_mst);
Reported by FlawFinder.
Line: 601
Column: 44
CWE codes:
126
snd_hda_get_pin_label(codec, nid, cfg, name, sizeof(name), NULL);
if (phantom_jack)
/* Example final name: "Internal Mic Phantom Jack" */
strncat(name, " Phantom", sizeof(name) - strlen(name) - 1);
err = snd_hda_jack_add_kctl(codec, nid, name, phantom_jack, 0, NULL);
if (err < 0)
return err;
if (!phantom_jack)
Reported by FlawFinder.
Line: 601
Column: 3
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
snd_hda_get_pin_label(codec, nid, cfg, name, sizeof(name), NULL);
if (phantom_jack)
/* Example final name: "Internal Mic Phantom Jack" */
strncat(name, " Phantom", sizeof(name) - strlen(name) - 1);
err = snd_hda_jack_add_kctl(codec, nid, name, phantom_jack, 0, NULL);
if (err < 0)
return err;
if (!phantom_jack)
Reported by FlawFinder.
samples/bpf/trace_event_user.c
3 issues
Line: 129
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
static inline int generate_load(void)
{
if (system("dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
printf("failed to generate some load with dd: %s\n", strerror(errno));
return -1;
}
return 0;
Reported by FlawFinder.
Line: 56
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define TASK_COMM_LEN 16
struct key_t {
char comm[TASK_COMM_LEN];
__u32 kernstack;
__u32 userstack;
};
static void print_stack(struct key_t *key, __u64 count)
Reported by FlawFinder.
Line: 298
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char **argv)
{
struct bpf_object *obj = NULL;
char filename[256];
int error = 1;
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
signal(SIGINT, err_exit);
Reported by FlawFinder.
sound/usb/line6/toneport.c
3 issues
Line: 202
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (uinfo->value.enumerated.item >= size)
uinfo->value.enumerated.item = size - 1;
strcpy(uinfo->value.enumerated.name,
toneport_source_info[uinfo->value.enumerated.item].name);
return 0;
}
Reported by FlawFinder.
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct toneport_led {
struct led_classdev dev;
char name[64];
struct usb_line6_toneport *toneport;
bool registered;
};
struct usb_line6_toneport {
Reported by FlawFinder.
Line: 286
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static const char * const toneport_led_colors[2] = { "red", "green" };
static const int toneport_led_init_vals[2] = { 0x00, 0x26 };
static void toneport_update_led(struct usb_line6_toneport *toneport)
{
toneport_send_cmd(toneport->line6.usbdev,
Reported by FlawFinder.
net/sctp/debug.c
3 issues
Line: 29
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <net/sctp/sctp.h>
/* These are printable forms of Chunk ID's from section 3.1. */
static const char *const sctp_cid_tbl[SCTP_NUM_BASE_CHUNK_TYPES] = {
"DATA",
"INIT",
"INIT_ACK",
"SACK",
"HEARTBEAT",
Reported by FlawFinder.
Line: 83
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
/* These are printable forms of the states. */
const char *const sctp_state_tbl[SCTP_STATE_NUM_STATES] = {
"STATE_CLOSED",
"STATE_COOKIE_WAIT",
"STATE_COOKIE_ECHOED",
"STATE_ESTABLISHED",
"STATE_SHUTDOWN_PENDING",
Reported by FlawFinder.
Line: 117
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Printable forms of primitives */
static const char *const sctp_primitive_tbl[SCTP_NUM_PRIMITIVE_TYPES] = {
"PRIMITIVE_ASSOCIATE",
"PRIMITIVE_SHUTDOWN",
"PRIMITIVE_ABORT",
"PRIMITIVE_SEND",
"PRIMITIVE_REQUESTHEARTBEAT",
Reported by FlawFinder.
scripts/dtc/libfdt/libfdt.h
3 issues
Line: 1500
Column: 31
CWE codes:
126
int fdt_property_placeholder(void *fdt, const char *name, int len, void **valp);
#define fdt_property_string(fdt, name, str) \
fdt_property(fdt, name, str, strlen(str)+1)
int fdt_end_node(void *fdt);
int fdt_finish(void *fdt);
/**********************************************************************/
/* Read-write functions */
Reported by FlawFinder.
Line: 1765
Column: 50
CWE codes:
126
* -FDT_ERR_TRUNCATED, standard meanings
*/
#define fdt_setprop_string(fdt, nodeoffset, name, str) \
fdt_setprop((fdt), (nodeoffset), (name), (str), strlen(str)+1)
/**
* fdt_setprop_empty - set a property to an empty value
* @fdt: pointer to the device tree blob
Reported by FlawFinder.
Line: 1942
Column: 53
CWE codes:
126
* -FDT_ERR_TRUNCATED, standard meanings
*/
#define fdt_appendprop_string(fdt, nodeoffset, name, str) \
fdt_appendprop((fdt), (nodeoffset), (name), (str), strlen(str)+1)
/**
* fdt_appendprop_addrrange - append a address range property
* @fdt: pointer to the device tree blob
* @parent: offset of the parent node
Reported by FlawFinder.
sound/isa/gus/gus_mem_proc.c
3 issues
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int snd_gf1_mem_proc_init(struct snd_gus_card * gus)
{
int idx;
char name[16];
struct gus_proc_private *priv;
struct snd_info_entry *entry;
for (idx = 0; idx < 4; idx++) {
if (gus->gf1.mem_alloc.banks_8[idx].size > 0) {
Reported by FlawFinder.
Line: 57
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (priv == NULL)
return -ENOMEM;
priv->gus = gus;
sprintf(name, "gus-ram-%i", idx);
if (! snd_card_proc_new(gus->card, name, &entry)) {
entry->content = SNDRV_INFO_CONTENT_DATA;
entry->private_data = priv;
entry->private_free = snd_gf1_mem_proc_free;
entry->c.ops = &snd_gf1_mem_proc_ops;
Reported by FlawFinder.
Line: 75
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
priv->rom = 1;
priv->gus = gus;
sprintf(name, "gus-rom-%i", idx);
if (! snd_card_proc_new(gus->card, name, &entry)) {
entry->content = SNDRV_INFO_CONTENT_DATA;
entry->private_data = priv;
entry->private_free = snd_gf1_mem_proc_free;
entry->c.ops = &snd_gf1_mem_proc_ops;
Reported by FlawFinder.