The following issues were found
sound/pci/oxygen/xonar_pcm179x.c
3 issues
Line: 737
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int rolloff_info(struct snd_kcontrol *ctl,
struct snd_ctl_elem_info *info)
{
static const char *const names[2] = {
"Sharp Roll-off", "Slow Roll-off"
};
return snd_ctl_enum_info(info, 1, 2, names);
}
Reported by FlawFinder.
Line: 844
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int st_output_switch_info(struct snd_kcontrol *ctl,
struct snd_ctl_elem_info *info)
{
static const char *const names[3] = {
"Speakers", "Headphones", "FP Headphones"
};
return snd_ctl_enum_info(info, 1, 3, names);
}
Reported by FlawFinder.
Line: 899
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int st_hp_volume_offset_info(struct snd_kcontrol *ctl,
struct snd_ctl_elem_info *info)
{
static const char *const names[4] = {
"< 32 ohms", "32-64 ohms", "64-300 ohms", "300-600 ohms"
};
return snd_ctl_enum_info(info, 1, 4, names);
}
Reported by FlawFinder.
sound/firewire/motu/motu.h
3 issues
Line: 39
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char pcm_byte_offset;
unsigned char msg_chunks;
unsigned char pcm_chunks[3];
};
struct amdtp_motu_cache {
unsigned int *event_offsets;
unsigned int size;
Reported by FlawFinder.
Line: 121
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// The combination of snd_motu_spec_flags enumeration-constants.
unsigned int flags;
unsigned char tx_fixed_pcm_chunks[3];
unsigned char rx_fixed_pcm_chunks[3];
};
extern const struct snd_motu_spec snd_motu_spec_828;
extern const struct snd_motu_spec snd_motu_spec_896;
Reported by FlawFinder.
Line: 122
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int flags;
unsigned char tx_fixed_pcm_chunks[3];
unsigned char rx_fixed_pcm_chunks[3];
};
extern const struct snd_motu_spec snd_motu_spec_828;
extern const struct snd_motu_spec snd_motu_spec_896;
Reported by FlawFinder.
scripts/dtc/data.c
3 issues
Line: 51
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
d = data_grow_for(empty_data, len);
d.len = len;
memcpy(d.val, mem, len);
return d;
}
struct data data_copy_escape_string(const char *s, int len)
Reported by FlawFinder.
Line: 110
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct data data_append_data(struct data d, const void *p, int len)
{
d = data_grow_for(d, len);
memcpy(d.val + d.len, p, len);
d.len += len;
return d;
}
struct data data_insert_at_marker(struct data d, struct marker *m,
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
d = data_grow_for(d, len);
memmove(d.val + m->offset + len, d.val + m->offset, d.len - m->offset);
memcpy(d.val + m->offset, p, len);
d.len += len;
/* Adjust all markers after the one we're inserting at */
m = m->next;
for_each_marker(m)
Reported by FlawFinder.
sound/soc/codecs/arizona.c
3 issues
Line: 387
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
EXPORT_SYMBOL_GPL(arizona_init_vol_limit);
const char * const arizona_mixer_texts[ARIZONA_NUM_MIXER_INPUTS] = {
"None",
"Tone Generator 1",
"Tone Generator 2",
"Haptics",
"AEC",
Reported by FlawFinder.
Line: 606
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const DECLARE_TLV_DB_SCALE(arizona_mixer_tlv, -3200, 100, 0);
EXPORT_SYMBOL_GPL(arizona_mixer_tlv);
const char * const arizona_sample_rate_text[ARIZONA_SAMPLE_RATE_ENUM_SIZE] = {
"12kHz", "24kHz", "48kHz", "96kHz", "192kHz",
"11.025kHz", "22.05kHz", "44.1kHz", "88.2kHz", "176.4kHz",
"4kHz", "8kHz", "16kHz", "32kHz",
};
EXPORT_SYMBOL_GPL(arizona_sample_rate_text);
Reported by FlawFinder.
Line: 632
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
EXPORT_SYMBOL_GPL(arizona_sample_rate_val_to_name);
const char * const arizona_rate_text[ARIZONA_RATE_ENUM_SIZE] = {
"SYNCCLK rate", "8kHz", "16kHz", "ASYNCCLK rate",
};
EXPORT_SYMBOL_GPL(arizona_rate_text);
const unsigned int arizona_rate_val[ARIZONA_RATE_ENUM_SIZE] = {
Reported by FlawFinder.
security/integrity/ima/ima_crypto.c
3 issues
Line: 333
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct crypto_ahash *tfm)
{
loff_t i_size, offset;
char *rbuf[2] = { NULL, };
int rc, rbuf_len, active = 0, ahash_rc = 0;
struct ahash_request *req;
struct scatterlist sg[1];
struct crypto_wait wait;
size_t rbuf_size[2];
Reported by FlawFinder.
Line: 611
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
break;
} else if (strcmp(td->fields[i]->field_id, "n") == 0) {
memcpy(buffer, data_to_hash, datalen);
data_to_hash = buffer;
datalen = IMA_EVENT_NAME_LEN_MAX + 1;
}
rc = crypto_shash_update(shash, data_to_hash, datalen);
if (rc)
Reported by FlawFinder.
Line: 649
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* for unmapped TPM algorithms digest is still a padded SHA1 */
if (!ima_algo_array[i].tfm) {
memcpy(entry->digests[i].digest,
entry->digests[ima_sha1_idx].digest,
TPM_DIGEST_SIZE);
continue;
}
Reported by FlawFinder.
sound/pci/cs46xx/cs46xx_dsp_spos.h
3 issues
Line: 55
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dsp_symbol_entry {
u32 address;
char symbol_name[DSP_MAX_SYMBOL_NAME];
int symbol_type;
/* initialized by driver */
struct dsp_module_desc * module;
int deleted;
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct dsp_scb_descriptor {
char scb_name[DSP_MAX_SCB_NAME];
u32 address;
int index;
u32 *data;
struct dsp_scb_descriptor * sub_list_ptr;
Reported by FlawFinder.
Line: 114
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct dsp_task_descriptor {
char task_name[DSP_MAX_TASK_NAME];
int size;
u32 address;
int index;
u32 *data;
};
Reported by FlawFinder.
scripts/kconfig/tests/new_choice_with_dep/__init__.py
3 issues
Line: 13
Column: 1
"""
def test(conf):
assert conf.oldconfig('config', 'y') == 0
assert conf.stdout_contains('expected_stdout')
Reported by Pylint.
Line: 14
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldconfig('config', 'y') == 0
assert conf.stdout_contains('expected_stdout')
Reported by Bandit.
Line: 15
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def test(conf):
assert conf.oldconfig('config', 'y') == 0
assert conf.stdout_contains('expected_stdout')
Reported by Bandit.
sound/usb/line6/midi.c
3 issues
Line: 229
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return err;
rmidi = *rmidi_ret;
strcpy(rmidi->id, line6->properties->id);
strcpy(rmidi->name, line6->properties->name);
rmidi->info_flags =
SNDRV_RAWMIDI_INFO_OUTPUT |
SNDRV_RAWMIDI_INFO_INPUT | SNDRV_RAWMIDI_INFO_DUPLEX;
Reported by FlawFinder.
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
rmidi = *rmidi_ret;
strcpy(rmidi->id, line6->properties->id);
strcpy(rmidi->name, line6->properties->name);
rmidi->info_flags =
SNDRV_RAWMIDI_INFO_OUTPUT |
SNDRV_RAWMIDI_INFO_INPUT | SNDRV_RAWMIDI_INFO_DUPLEX;
Reported by FlawFinder.
Line: 43
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
line6_rawmidi_substream_midi(substream)->line6;
struct snd_line6_midi *line6midi = line6->line6midi;
struct midi_buffer *mb = &line6midi->midibuf_out;
unsigned char chunk[LINE6_FALLBACK_MAXPACKETSIZE];
int req, done;
for (;;) {
req = min(line6_midibuf_bytes_free(mb), line6->max_packet_size);
done = snd_rawmidi_transmit_peek(substream, chunk, req);
Reported by FlawFinder.
samples/bpf/test_overhead_kprobe_kern.c
3 issues
Line: 20
val; \
})
SEC("kprobe/__set_task_comm")
int prog(struct pt_regs *ctx)
{
struct signal_struct *signal;
struct task_struct *tsk;
char oldcomm[16] = {};
Reported by Cppcheck.
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct signal_struct *signal;
struct task_struct *tsk;
char oldcomm[16] = {};
char newcomm[16] = {};
u16 oom_score_adj;
u32 pid;
tsk = (void *)PT_REGS_PARM1(ctx);
Reported by FlawFinder.
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct signal_struct *signal;
struct task_struct *tsk;
char oldcomm[16] = {};
char newcomm[16] = {};
u16 oom_score_adj;
u32 pid;
tsk = (void *)PT_REGS_PARM1(ctx);
Reported by FlawFinder.
net/sched/sch_atm.c
3 issues
Line: 313
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
list_add(&flow->list, &p->link.list);
flow->hdr_len = hdr_len;
if (hdr)
memcpy(flow->hdr, hdr, hdr_len);
else
memcpy(flow->hdr, llc_oui_ip, sizeof(llc_oui_ip));
*arg = (unsigned long)flow;
return 0;
err_out:
Reported by FlawFinder.
Line: 315
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hdr)
memcpy(flow->hdr, hdr, hdr_len);
else
memcpy(flow->hdr, llc_oui_ip, sizeof(llc_oui_ip));
*arg = (unsigned long)flow;
return 0;
err_out:
sockfd_put(sock);
return error;
Reported by FlawFinder.
Line: 510
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_debug("sch_atm_dequeue: ip %p, data %p\n",
skb_network_header(skb), skb->data);
ATM_SKB(skb)->vcc = flow->vcc;
memcpy(skb_push(skb, flow->hdr_len), flow->hdr,
flow->hdr_len);
refcount_add(skb->truesize,
&sk_atm(flow->vcc)->sk_wmem_alloc);
/* atm.atm_options are already set by atm_tc_enqueue */
flow->vcc->send(flow->vcc, skb);
Reported by FlawFinder.