The following issues were found
drivers/scsi/ufs/ufs-qcom.c
3 issues
Line: 770
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* cache the power mode parameters to use internally */
memcpy(&host->dev_req_params,
dev_req_params, sizeof(*dev_req_params));
/* disable the device ref clock if entered PWM mode */
if (ufshcd_is_hs_mode(&hba->pwr_info) &&
!ufshcd_is_hs_mode(dev_req_params))
Reported by FlawFinder.
Line: 958
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
#define ANDROID_BOOT_DEV_MAX 30
static char android_boot_dev[ANDROID_BOOT_DEV_MAX];
#ifndef MODULE
static int __init get_android_boot_dev(char *str)
{
strlcpy(android_boot_dev, str, ANDROID_BOOT_DEV_MAX);
Reported by FlawFinder.
Line: 988
Column: 6
CWE codes:
126
struct resource *res;
struct ufs_clk_info *clki;
if (strlen(android_boot_dev) && strcmp(android_boot_dev, dev_name(dev)))
return -ENODEV;
host = devm_kzalloc(dev, sizeof(*host), GFP_KERNEL);
if (!host) {
err = -ENOMEM;
Reported by FlawFinder.
drivers/usb/gadget/function/f_ncm.c
3 issues
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gether port;
u8 ctrl_id, data_id;
char ethaddr[14];
struct usb_ep *notify;
struct usb_request *notify_req;
u8 notify_state;
atomic_t notify_count;
Reported by FlawFinder.
Line: 735
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto invalid;
value = w_length > sizeof ntb_parameters ?
sizeof ntb_parameters : w_length;
memcpy(req->buf, &ntb_parameters, value);
VDBG(cdev, "Host asked NTB parameters\n");
break;
case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8)
| USB_CDC_GET_NTB_INPUT_SIZE:
Reported by FlawFinder.
Line: 1628
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct f_ncm_opts *opts;
struct usb_os_desc *descs[1];
char *names[1];
struct config_group *ncm_interf_group;
opts = kzalloc(sizeof(*opts), GFP_KERNEL);
if (!opts)
return ERR_PTR(-ENOMEM);
Reported by FlawFinder.
drivers/usb/gadget/function/f_printer.c
3 issues
Line: 1010
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
value = strlen(dev->pnp_string);
buf[0] = (value >> 8) & 0xFF;
buf[1] = value & 0xFF;
memcpy(buf + 2, dev->pnp_string, value);
DBG(dev, "1284 PNP String: %x %s\n", value,
dev->pnp_string);
break;
case GET_PORT_STATUS: /* Get Port Status */
Reported by FlawFinder.
Line: 1271
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result;
mutex_lock(&opts->lock);
result = sprintf(page, "%d\n", opts->q_len);
mutex_unlock(&opts->lock);
return result;
}
Reported by FlawFinder.
Line: 1007
Column: 12
CWE codes:
126
value = 0;
break;
}
value = strlen(dev->pnp_string);
buf[0] = (value >> 8) & 0xFF;
buf[1] = value & 0xFF;
memcpy(buf + 2, dev->pnp_string, value);
DBG(dev, "1284 PNP String: %x %s\n", value,
dev->pnp_string);
Reported by FlawFinder.
drivers/staging/rtl8192e/rtl819x_TSProc.c
3 issues
Line: 274
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!pTsCommonInfo)
return;
memcpy(pTsCommonInfo->Addr, Addr, 6);
if (pTSPEC)
memcpy((u8 *)(&(pTsCommonInfo->TSpec)), (u8 *)pTSPEC,
sizeof(union tspec_body));
Reported by FlawFinder.
Line: 277
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pTsCommonInfo->Addr, Addr, 6);
if (pTSPEC)
memcpy((u8 *)(&(pTsCommonInfo->TSpec)), (u8 *)pTSPEC,
sizeof(union tspec_body));
for (count = 0; count < TCLAS_Num; count++)
memcpy((u8 *)(&(pTsCommonInfo->TClass[count])),
(u8 *)pTCLAS, sizeof(union qos_tclas));
Reported by FlawFinder.
Line: 281
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(union tspec_body));
for (count = 0; count < TCLAS_Num; count++)
memcpy((u8 *)(&(pTsCommonInfo->TClass[count])),
(u8 *)pTCLAS, sizeof(union qos_tclas));
pTsCommonInfo->TClasProc = TCLAS_Proc;
pTsCommonInfo->TClasNum = TCLAS_Num;
}
Reported by FlawFinder.
drivers/spi/spi-dw-bt1.c
3 issues
Line: 87
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (shift) {
chunk = min_t(size_t, 4 - shift, len);
data = readl_relaxed(from - shift);
memcpy(to, (char *)&data + shift, chunk);
from += chunk;
to += chunk;
len -= chunk;
}
Reported by FlawFinder.
Line: 95
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (len >= 4) {
data = readl_relaxed(from);
memcpy(to, &data, 4);
from += 4;
to += 4;
len -= 4;
}
Reported by FlawFinder.
Line: 103
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len) {
data = readl_relaxed(from);
memcpy(to, &data, len);
}
}
static ssize_t dw_spi_bt1_dirmap_read(struct spi_mem_dirmap_desc *desc,
u64 offs, size_t len, void *buf)
Reported by FlawFinder.
drivers/usb/gadget/function/f_uac1.c
3 issues
Line: 677
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Set sample rates */
rate = audio_opts->c_srate;
sam_freq = as_out_type_i_desc.tSamFreq[0];
memcpy(sam_freq, &rate, 3);
rate = audio_opts->p_srate;
sam_freq = as_in_type_i_desc.tSamFreq[0];
memcpy(sam_freq, &rate, 3);
/* allocate instance-specific interface IDs, and patch descriptors */
Reported by FlawFinder.
Line: 680
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(sam_freq, &rate, 3);
rate = audio_opts->p_srate;
sam_freq = as_in_type_i_desc.tSamFreq[0];
memcpy(sam_freq, &rate, 3);
/* allocate instance-specific interface IDs, and patch descriptors */
status = usb_interface_id(c, f);
if (status < 0)
goto fail;
Reported by FlawFinder.
Line: 795
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result; \
\
mutex_lock(&opts->lock); \
result = sprintf(page, "%u\n", opts->name); \
mutex_unlock(&opts->lock); \
\
return result; \
} \
\
Reported by FlawFinder.
drivers/scsi/sym53c8xx_2/sym_hipd.c
3 issues
Line: 5703
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*
* Copy scripts to controller instance.
*/
memcpy(np->scripta0, fw->a_base, np->scripta_sz);
memcpy(np->scriptb0, fw->b_base, np->scriptb_sz);
memcpy(np->scriptz0, fw->z_base, np->scriptz_sz);
/*
* Setup variable parts in scripts and compute
Reported by FlawFinder.
Line: 5704
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Copy scripts to controller instance.
*/
memcpy(np->scripta0, fw->a_base, np->scripta_sz);
memcpy(np->scriptb0, fw->b_base, np->scriptb_sz);
memcpy(np->scriptz0, fw->z_base, np->scriptz_sz);
/*
* Setup variable parts in scripts and compute
* scripts bus addresses used from the C code.
Reported by FlawFinder.
Line: 5705
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
memcpy(np->scripta0, fw->a_base, np->scripta_sz);
memcpy(np->scriptb0, fw->b_base, np->scriptb_sz);
memcpy(np->scriptz0, fw->z_base, np->scriptz_sz);
/*
* Setup variable parts in scripts and compute
* scripts bus addresses used from the C code.
*/
Reported by FlawFinder.
drivers/scsi/sym53c8xx_2/sym_glue.h
3 issues
Line: 73
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define printf_notice(args...) printk(KERN_NOTICE args)
#define printf_info(args...) printk(KERN_INFO args)
#define printf_debug(args...) printk(KERN_DEBUG args)
#define printf(args...) printk(args)
/*
* A 'read barrier' flushes any data that have been prefetched
* by the processor due to out of order execution. Such a barrier
* must notably be inserted prior to looking at data that have
Reported by FlawFinder.
Line: 167
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Chip and controller identification.
*/
int unit;
char inst_name[16];
char chip_name[8];
struct Scsi_Host *host;
void __iomem * ioaddr; /* MMIO kernel io address */
Reported by FlawFinder.
Line: 168
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
int unit;
char inst_name[16];
char chip_name[8];
struct Scsi_Host *host;
void __iomem * ioaddr; /* MMIO kernel io address */
void __iomem * ramaddr; /* RAM kernel io address */
Reported by FlawFinder.
drivers/scsi/storvsc_drv.c
3 issues
Line: 1223
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (vstor_packet->vm_srb.scsi_status == SAM_STAT_CHECK_CONDITION &&
(vstor_packet->vm_srb.srb_status & SRB_STATUS_AUTOSENSE_VALID))
memcpy(request->cmd->sense_buffer,
vstor_packet->vm_srb.sense_data,
stor_pkt->vm_srb.sense_info_length);
stor_pkt->vm_srb.data_transfer_length =
vstor_packet->vm_srb.data_transfer_length;
Reported by FlawFinder.
Line: 1331
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
}
memcpy(&request->vstor_packet, packet,
(sizeof(struct vstor_packet) - stor_device->vmscsi_size_delta));
complete(&request->wait_event);
}
}
Reported by FlawFinder.
Line: 1810
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vm_srb->cdb_length = scmnd->cmd_len;
memcpy(vm_srb->cdb, scmnd->cmnd, vm_srb->cdb_length);
sgl = (struct scatterlist *)scsi_sglist(scmnd);
sg_count = scsi_sg_count(scmnd);
length = scsi_bufflen(scmnd);
Reported by FlawFinder.
drivers/staging/media/rkvdec/rkvdec-h264.c
3 issues
Line: 807
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUILD_BUG_ON(sizeof(tbl->scaling_list.scaling_list_8x8) !=
sizeof(scaling->scaling_list_8x8));
memcpy(tbl->scaling_list.scaling_list_4x4,
scaling->scaling_list_4x4,
sizeof(scaling->scaling_list_4x4));
memcpy(tbl->scaling_list.scaling_list_8x8,
scaling->scaling_list_8x8,
Reported by FlawFinder.
Line: 811
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scaling->scaling_list_4x4,
sizeof(scaling->scaling_list_4x4));
memcpy(tbl->scaling_list.scaling_list_8x8,
scaling->scaling_list_8x8,
sizeof(scaling->scaling_list_8x8));
}
/*
Reported by FlawFinder.
Line: 1043
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h264_ctx->priv_tbl.size = sizeof(*priv_tbl);
h264_ctx->priv_tbl.cpu = priv_tbl;
memcpy(priv_tbl->cabac_table, rkvdec_h264_cabac_table,
sizeof(rkvdec_h264_cabac_table));
ctx->priv = h264_ctx;
return 0;
Reported by FlawFinder.