The following issues were found
sound/pci/ctxfi/ctmixer.c
3 issues
Line: 1222
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (err)
return err;
strcpy(atc->card->mixername, device_name);
return 0;
}
Reported by FlawFinder.
Line: 413
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int output_switch_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *info)
{
static const char *const names[3] = {
"FP Headphones", "Headphones", "Speakers"
};
return snd_ctl_enum_info(info, 1, 3, names);
}
Reported by FlawFinder.
Line: 448
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mic_source_switch_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *info)
{
static const char *const names[3] = {
"Mic", "FP Mic", "Aux"
};
return snd_ctl_enum_info(info, 1, 3, names);
}
Reported by FlawFinder.
security/apparmor/include/policy_ns.h
3 issues
Line: 150
Column: 35
CWE codes:
126
static inline struct aa_ns *__aa_find_ns(struct list_head *head,
const char *name)
{
return __aa_findn_ns(head, name, strlen(name));
}
static inline struct aa_ns *__aa_lookup_ns(struct aa_ns *base,
const char *hname)
{
Reported by FlawFinder.
Line: 156
Column: 38
CWE codes:
126
static inline struct aa_ns *__aa_lookup_ns(struct aa_ns *base,
const char *hname)
{
return __aa_lookupn_ns(base, hname, strlen(hname));
}
static inline struct aa_ns *aa_lookup_ns(struct aa_ns *view, const char *name)
{
return aa_lookupn_ns(view, name, strlen(name));
Reported by FlawFinder.
Line: 161
Column: 35
CWE codes:
126
static inline struct aa_ns *aa_lookup_ns(struct aa_ns *view, const char *name)
{
return aa_lookupn_ns(view, name, strlen(name));
}
#endif /* AA_NAMESPACE_H */
Reported by FlawFinder.
sound/pci/ac97/ac97_pcm.c
3 issues
Line: 29
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* PCM support
*/
static const unsigned char rate_reg_tables[2][4][9] = {
{
/* standard rates */
{
/* 3&4 front, 7&8 rear, 6&9 center/lfe */
AC97_PCM_FRONT_DAC_RATE, /* slot 3 */
Reported by FlawFinder.
Line: 132
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}};
/* FIXME: more various mappings for ADC? */
static const unsigned char rate_cregs[9] = {
AC97_PCM_LR_ADC_RATE, /* 3 */
AC97_PCM_LR_ADC_RATE, /* 4 */
0xff, /* 5 */
AC97_PCM_MIC_ADC_RATE, /* 6 */
0xff, /* 7 */
Reported by FlawFinder.
Line: 439
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct ac97_pcm *pcm;
struct ac97_pcm *rpcms, *rpcm;
unsigned short avail_slots[2][4];
unsigned char rate_table[2][4];
unsigned short tmp, slots;
unsigned short spdif_slots[4];
unsigned int rates;
struct snd_ac97 *codec;
Reported by FlawFinder.
security/tomoyo/network.c
3 issues
Line: 33
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* String table for socket's protocols. */
const char * const tomoyo_proto_keyword[TOMOYO_SOCK_MAX] = {
[SOCK_STREAM] = "stream",
[SOCK_DGRAM] = "dgram",
[SOCK_RAW] = "raw",
[SOCK_SEQPACKET] = "seqpacket",
[0] = " ", /* Dummy for avoiding NULL pointer dereference. */
Reported by FlawFinder.
Line: 381
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int tomoyo_audit_inet_log(struct tomoyo_request_info *r)
{
char buf[128];
int len;
const __be32 *address = r->param.inet_network.address;
if (r->param.inet_network.is_ipv6)
tomoyo_print_ipv6(buf, sizeof(buf), (const struct in6_addr *)
Reported by FlawFinder.
Line: 390
Column: 8
CWE codes:
126
address, (const struct in6_addr *) address);
else
tomoyo_print_ipv4(buf, sizeof(buf), address, address);
len = strlen(buf);
snprintf(buf + len, sizeof(buf) - len, " %u",
r->param.inet_network.port);
return tomoyo_audit_net_log(r, "inet", r->param.inet_network.protocol,
r->param.inet_network.operation, buf);
}
Reported by FlawFinder.
sound/soc/soc-compress.c
3 issues
Line: 518
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_soc_dai *cpu_dai = asoc_rtd_to_cpu(rtd, 0);
struct snd_compr *compr;
struct snd_pcm *be_pcm;
char new_name[64];
int ret = 0, direction = 0;
int playback = 0, capture = 0;
int i;
/*
Reported by FlawFinder.
Line: 590
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
be_pcm->streams[SNDRV_PCM_STREAM_PLAYBACK].substream->private_data = rtd;
else if (rtd->dai_link->dpcm_capture)
be_pcm->streams[SNDRV_PCM_STREAM_CAPTURE].substream->private_data = rtd;
memcpy(compr->ops, &soc_compr_dyn_ops, sizeof(soc_compr_dyn_ops));
} else {
snprintf(new_name, sizeof(new_name), "%s %s-%d",
rtd->dai_link->stream_name, codec_dai->name, num);
memcpy(compr->ops, &soc_compr_ops, sizeof(soc_compr_ops));
Reported by FlawFinder.
Line: 595
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
snprintf(new_name, sizeof(new_name), "%s %s-%d",
rtd->dai_link->stream_name, codec_dai->name, num);
memcpy(compr->ops, &soc_compr_ops, sizeof(soc_compr_ops));
}
for_each_rtd_components(rtd, i, component) {
if (!component->driver->compress_ops ||
!component->driver->compress_ops->copy)
Reported by FlawFinder.
sound/pci/sis7019.c
3 issues
Line: 875
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return rc;
pcm->private_data = sis;
strcpy(pcm->name, "SiS7019");
sis->pcm = pcm;
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &sis_playback_ops);
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &sis_capture_ops);
Reported by FlawFinder.
Line: 1395
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (rc < 0)
goto error_out;
strcpy(card->driver, "SiS7019");
strcpy(card->shortname, "SiS7019");
rc = sis_chip_create(card, pci);
if (rc)
goto card_error_out;
Reported by FlawFinder.
Line: 1396
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto error_out;
strcpy(card->driver, "SiS7019");
strcpy(card->shortname, "SiS7019");
rc = sis_chip_create(card, pci);
if (rc)
goto card_error_out;
sis = card->private_data;
Reported by FlawFinder.
sound/soc/ti/davinci-i2s.c
3 issues
Line: 111
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
DAVINCI_MCBSP_WORD_32,
};
static const unsigned char data_type[SNDRV_PCM_FORMAT_S32_LE + 1] = {
[SNDRV_PCM_FORMAT_S8] = 1,
[SNDRV_PCM_FORMAT_S16_LE] = 2,
[SNDRV_PCM_FORMAT_S32_LE] = 4,
};
Reported by FlawFinder.
Line: 117
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[SNDRV_PCM_FORMAT_S32_LE] = 4,
};
static const unsigned char asp_word_length[SNDRV_PCM_FORMAT_S32_LE + 1] = {
[SNDRV_PCM_FORMAT_S8] = DAVINCI_MCBSP_WORD_8,
[SNDRV_PCM_FORMAT_S16_LE] = DAVINCI_MCBSP_WORD_16,
[SNDRV_PCM_FORMAT_S32_LE] = DAVINCI_MCBSP_WORD_32,
};
Reported by FlawFinder.
Line: 123
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[SNDRV_PCM_FORMAT_S32_LE] = DAVINCI_MCBSP_WORD_32,
};
static const unsigned char double_fmt[SNDRV_PCM_FORMAT_S32_LE + 1] = {
[SNDRV_PCM_FORMAT_S8] = SNDRV_PCM_FORMAT_S16_LE,
[SNDRV_PCM_FORMAT_S16_LE] = SNDRV_PCM_FORMAT_S32_LE,
};
struct davinci_mcbsp_dev {
Reported by FlawFinder.
net/sched/em_meta.c
3 issues
Line: 933
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto errout;
}
memcpy(&meta->lvalue.hdr, &hdr->left, sizeof(hdr->left));
memcpy(&meta->rvalue.hdr, &hdr->right, sizeof(hdr->right));
if (!meta_is_supported(&meta->lvalue) ||
!meta_is_supported(&meta->rvalue)) {
err = -EOPNOTSUPP;
Reported by FlawFinder.
Line: 934
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(&meta->lvalue.hdr, &hdr->left, sizeof(hdr->left));
memcpy(&meta->rvalue.hdr, &hdr->right, sizeof(hdr->right));
if (!meta_is_supported(&meta->lvalue) ||
!meta_is_supported(&meta->rvalue)) {
err = -EOPNOTSUPP;
goto errout;
Reported by FlawFinder.
Line: 154
Column: 13
CWE codes:
126
return -1;
dst->value = (unsigned long) dev->name;
dst->len = strlen(dev->name);
return 0;
}
META_COLLECTOR(int_dev)
{
Reported by FlawFinder.
sound/core/seq/seq_virmidi.c
3 issues
Line: 491
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
&rmidi);
if (err < 0)
return err;
strcpy(rmidi->name, rmidi->id);
rdev = kzalloc(sizeof(*rdev), GFP_KERNEL);
if (rdev == NULL) {
snd_device_free(card, rmidi);
return -ENOMEM;
}
Reported by FlawFinder.
Line: 70
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool atomic)
{
struct snd_virmidi *vmidi;
unsigned char msg[4];
int len;
if (atomic)
read_lock(&rdev->filelist_lock);
else
Reported by FlawFinder.
Line: 372
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* create a port */
pinfo->addr.client = client;
sprintf(pinfo->name, "VirMIDI %d-%d", rdev->card->number, rdev->device);
/* set all capabilities */
pinfo->capability |= SNDRV_SEQ_PORT_CAP_WRITE | SNDRV_SEQ_PORT_CAP_SYNC_WRITE | SNDRV_SEQ_PORT_CAP_SUBS_WRITE;
pinfo->capability |= SNDRV_SEQ_PORT_CAP_READ | SNDRV_SEQ_PORT_CAP_SYNC_READ | SNDRV_SEQ_PORT_CAP_SUBS_READ;
pinfo->capability |= SNDRV_SEQ_PORT_CAP_DUPLEX;
pinfo->type = SNDRV_SEQ_PORT_TYPE_MIDI_GENERIC
Reported by FlawFinder.
net/smc/smc_ism.c
3 issues
Line: 215
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sk_buff *skb,
struct netlink_callback *cb)
{
char smc_pnet[SMC_MAX_PNETID_LEN + 1];
struct smc_pci_dev smc_pci_dev;
struct nlattr *port_attrs;
struct nlattr *attrs;
int use_cnt = 0;
void *nlh;
Reported by FlawFinder.
Line: 253
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto errattr;
if (nla_put_u8(skb, SMC_NLA_DEV_PORT_PNET_USR, smcd->pnetid_by_user))
goto errportattr;
memcpy(smc_pnet, smcd->pnetid, SMC_MAX_PNETID_LEN);
smc_pnet[SMC_MAX_PNETID_LEN] = 0;
if (nla_put_string(skb, SMC_NLA_DEV_PORT_PNETID, smc_pnet))
goto errportattr;
nla_nest_end(skb, port_attrs);
Reported by FlawFinder.
Line: 353
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (lgr->peer_shutdown)
return 0;
memcpy(ev_info.uid, lgr->id, SMC_LGR_ID_SIZE);
ev_info.vlan_id = lgr->vlan_id;
ev_info.code = ISM_EVENT_REQUEST;
rc = lgr->smcd->ops->signal_event(lgr->smcd, lgr->peer_gid,
ISM_EVENT_REQUEST_IR,
ISM_EVENT_CODE_SHUTDOWN,
Reported by FlawFinder.