The following issues were found
drivers/tty/serial/pmac_zilog.c
3 issues
Line: 925
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
pwr_delay = __pmz_startup(uap);
spin_unlock_irqrestore(&port->lock, flags);
}
sprintf(uap->irq_name, PMACZILOG_NAME"%d", uap->port.line);
if (request_irq(uap->port.irq, pmz_interrupt, IRQF_SHARED,
uap->irq_name, uap)) {
pmz_error("Unable to register zs interrupt handler.\n");
pmz_set_scc_power(uap, 0);
return -ENXIO;
Reported by FlawFinder.
Line: 1238
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pmz_debug("pmz: set_termios()\n");
memcpy(&uap->termios_cache, termios, sizeof(struct ktermios));
/* XXX Check which revs of machines actually allow 1 and 4Mb speeds
* on the IR dongle. Note that the IRTTY driver currently doesn't know
* about the FIR mode and high speed modes. So these are unused. For
* implementing proper support for these, we should probably add some
Reported by FlawFinder.
Line: 1400
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *conn;
const struct slot_names_prop {
int count;
char name[1];
} *slots;
int len;
struct resource r_ports, r_rxdma, r_txdma;
/*
Reported by FlawFinder.
drivers/staging/media/atomisp/pci/isp/kernels/gc/gc_2/ia_css_gc2_table.host.c
3 issues
Line: 74
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
default_r_gamma_table.vamem_type = IA_CSS_VAMEM_TYPE_2;
default_g_gamma_table.vamem_type = IA_CSS_VAMEM_TYPE_2;
default_b_gamma_table.vamem_type = IA_CSS_VAMEM_TYPE_2;
memcpy(default_r_gamma_table.data.vamem_2, default_gamma_table_data,
sizeof(default_gamma_table_data));
memcpy(default_g_gamma_table.data.vamem_2, default_gamma_table_data,
sizeof(default_gamma_table_data));
memcpy(default_b_gamma_table.data.vamem_2, default_gamma_table_data,
sizeof(default_gamma_table_data));
Reported by FlawFinder.
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
default_b_gamma_table.vamem_type = IA_CSS_VAMEM_TYPE_2;
memcpy(default_r_gamma_table.data.vamem_2, default_gamma_table_data,
sizeof(default_gamma_table_data));
memcpy(default_g_gamma_table.data.vamem_2, default_gamma_table_data,
sizeof(default_gamma_table_data));
memcpy(default_b_gamma_table.data.vamem_2, default_gamma_table_data,
sizeof(default_gamma_table_data));
}
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(default_gamma_table_data));
memcpy(default_g_gamma_table.data.vamem_2, default_gamma_table_data,
sizeof(default_gamma_table_data));
memcpy(default_b_gamma_table.data.vamem_2, default_gamma_table_data,
sizeof(default_gamma_table_data));
}
Reported by FlawFinder.
drivers/staging/rtl8188eu/os_dep/os_intfs.c
3 issues
Line: 143
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct registry_priv *registry_par = &padapter->registrypriv;
memcpy(registry_par->ssid.ssid, "ANY", 3);
registry_par->ssid.ssid_length = 3;
registry_par->channel = (u8)rtw_channel;
registry_par->wireless_mode = (u8)rtw_wireless_mode;
registry_par->vrtl_carrier_sense = (u8)rtw_vrtl_carrier_sense;
Reported by FlawFinder.
Line: 192
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sockaddr *addr = p;
if (!padapter->bup)
memcpy(padapter->eeprompriv.mac_addr, addr->sa_data, ETH_ALEN);
return 0;
}
static struct net_device_stats *rtw_net_get_stats(struct net_device *pnetdev)
Reported by FlawFinder.
Line: 268
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 priority;
u8 *pdata = skb->data;
memcpy(ð_type, pdata + (ETH_ALEN << 1), 2);
switch (eth_type) {
case htons(ETH_P_IP):
piphdr = (struct iphdr *)(pdata + ETH_HLEN);
dscp = piphdr->tos & 0xfc;
Reported by FlawFinder.
drivers/staging/media/atomisp/pci/isp/kernels/sdis/sdis_1.0/ia_css_sdis.host.c
3 issues
Line: 36
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
assert((int)width >= 0);
assert((int)padding >= 0);
memcpy(private, public, width * sizeof(short));
memset(&private[width], 0, padding * sizeof(short));
}
void ia_css_sdis_horicoef_vmem_encode(
struct sh_css_isp_sdis_hori_coef_tbl *to,
Reported by FlawFinder.
Line: 296
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ver_ptr_dvs = host_stats->ver_proj;
for (i = 0; i < IA_CSS_DVS_NUM_COEF_TYPES; i++) {
memcpy(hor_ptr_dvs, hor_ptr_isp, hor_num_dvs * sizeof(int32_t));
hor_ptr_isp += hor_num_isp;
hor_ptr_dvs += hor_num_dvs;
memcpy(ver_ptr_dvs, ver_ptr_isp, ver_num_dvs * sizeof(int32_t));
ver_ptr_isp += ver_num_isp;
Reported by FlawFinder.
Line: 300
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hor_ptr_isp += hor_num_isp;
hor_ptr_dvs += hor_num_dvs;
memcpy(ver_ptr_dvs, ver_ptr_isp, ver_num_dvs * sizeof(int32_t));
ver_ptr_isp += ver_num_isp;
ver_ptr_dvs += ver_num_dvs;
}
IA_CSS_LEAVE("void");
Reported by FlawFinder.
drivers/staging/rtl8723bs/hal/hal_btcoex.c
3 issues
Line: 62
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
pbuf = pinfo->info + pinfo->len;
memcpy(pbuf, dbgmsg, msglen);
pinfo->len += msglen;
}
/* */
/* Debug related function */
Reported by FlawFinder.
Line: 1448
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void hal_btcoex_RecordPwrMode(struct adapter *padapter, u8 *pCmdBuf, u8 cmdLen)
{
memcpy(GLBtCoexist.pwrModeVal, pCmdBuf, cmdLen);
}
void hal_btcoex_DisplayBtCoexInfo(struct adapter *padapter, u8 *pbuf, u32 bufsize)
{
struct btcdbginfo *pinfo;
Reported by FlawFinder.
Line: 57
Column: 11
CWE codes:
126
if (!pinfo->info)
return;
msglen = strlen(dbgmsg);
if (pinfo->len + msglen > pinfo->size)
return;
pbuf = pinfo->info + pinfo->len;
memcpy(pbuf, dbgmsg, msglen);
Reported by FlawFinder.
drivers/staging/media/atomisp/pci/runtime/isys/src/virtual_isys.c
3 issues
Line: 654
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
isp2401_input_system_cfg_t *isys_cfg,
pixelgen_tpg_cfg_t *cfg)
{
memcpy(cfg, &isys_cfg->tpg_port_attr, sizeof(pixelgen_tpg_cfg_t));
return true;
}
static bool calculate_prbs_cfg(
Reported by FlawFinder.
Line: 665
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
isp2401_input_system_cfg_t *isys_cfg,
pixelgen_prbs_cfg_t *cfg)
{
memcpy(cfg, &isys_cfg->prbs_port_attr, sizeof(pixelgen_prbs_cfg_t));
return true;
}
static bool calculate_fe_cfg(
Reported by FlawFinder.
Line: 684
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bool metadata,
csi_rx_backend_cfg_t *cfg)
{
memcpy(&cfg->lut_entry,
metadata ? &input_port->metadata.backend_lut_entry :
&input_port->csi_rx.backend_lut_entry,
sizeof(csi_rx_backend_lut_entry_t));
cfg->csi_mipi_cfg.virtual_channel = isys_cfg->csi_port_attr.ch_id;
Reported by FlawFinder.
drivers/staging/media/atomisp/pci/runtime/pipeline/src/pipeline.c
3 issues
Line: 681
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pipeline->stop_requested = false;
pipeline->current_stage = NULL;
memcpy(&pipeline->in_frame, &ia_css_default_frame,
sizeof(ia_css_default_frame));
for (i = 0; i < IA_CSS_PIPE_MAX_OUTPUT_STAGE; i++) {
memcpy(&pipeline->out_frame[i], &ia_css_default_frame,
sizeof(ia_css_default_frame));
Reported by FlawFinder.
Line: 685
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(ia_css_default_frame));
for (i = 0; i < IA_CSS_PIPE_MAX_OUTPUT_STAGE; i++) {
memcpy(&pipeline->out_frame[i], &ia_css_default_frame,
sizeof(ia_css_default_frame));
memcpy(&pipeline->vf_frame[i], &ia_css_default_frame,
sizeof(ia_css_default_frame));
}
pipeline->num_execs = -1;
Reported by FlawFinder.
Line: 687
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < IA_CSS_PIPE_MAX_OUTPUT_STAGE; i++) {
memcpy(&pipeline->out_frame[i], &ia_css_default_frame,
sizeof(ia_css_default_frame));
memcpy(&pipeline->vf_frame[i], &ia_css_default_frame,
sizeof(ia_css_default_frame));
}
pipeline->num_execs = -1;
pipeline->acquire_isp_each_stage = true;
pipeline->pipe_num = (uint8_t)pipe_num;
Reported by FlawFinder.
drivers/soc/fsl/qbman/bman.c
3 issues
Line: 560
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
portal->irq_sources = 0;
bm_out(p, BM_REG_IER, 0);
bm_out(p, BM_REG_ISR, 0xffffffff);
snprintf(portal->irqname, MAX_IRQNAME, IRQNAME, c->cpu);
if (request_irq(c->irq, portal_isr, 0, portal->irqname, portal)) {
dev_err(c->dev, "request_irq() failed\n");
goto fail_irq;
}
Reported by FlawFinder.
Line: 223
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long irq_sources;
/* probing time config params for cpu-affine portals */
const struct bm_portal_config *config;
char irqname[MAX_IRQNAME];
};
static cpumask_t affine_mask;
static DEFINE_SPINLOCK(affine_mask_lock);
static DEFINE_PER_CPU(struct bman_portal, bman_affine_portal);
Reported by FlawFinder.
Line: 775
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bm_buffer_set64(r->bufs, bm_buffer_get64(bufs));
bm_buffer_set_bpid(r->bufs, pool->bpid);
if (i)
memcpy(&r->bufs[1], &bufs[1], i * sizeof(bufs[0]));
bm_rcr_pvb_commit(&p->p, BM_RCR_VERB_CMD_BPID_SINGLE |
(num & BM_RCR_VERB_BUFCOUNT_MASK));
local_irq_restore(irqflags);
Reported by FlawFinder.
drivers/tty/serial/stm32-usart.c
3 issues
Line: 372
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count = TX_BUF_L;
if (xmit->tail < xmit->head) {
memcpy(&stm32port->tx_buf[0], &xmit->buf[xmit->tail], count);
} else {
size_t one = UART_XMIT_SIZE - xmit->tail;
size_t two;
if (one > count)
Reported by FlawFinder.
Line: 381
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
one = count;
two = count - one;
memcpy(&stm32port->tx_buf[0], &xmit->buf[xmit->tail], one);
if (two)
memcpy(&stm32port->tx_buf[one], &xmit->buf[0], two);
}
desc = dmaengine_prep_slave_single(stm32port->tx_ch,
Reported by FlawFinder.
Line: 383
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&stm32port->tx_buf[0], &xmit->buf[xmit->tail], one);
if (two)
memcpy(&stm32port->tx_buf[one], &xmit->buf[0], two);
}
desc = dmaengine_prep_slave_single(stm32port->tx_ch,
stm32port->tx_dma_buf,
count,
Reported by FlawFinder.
drivers/staging/media/zoran/zoran.h
3 issues
Line: 171
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct card_info {
enum card_type type;
char name[32];
const char *i2c_decoder; /* i2c decoder device */
const unsigned short *addrs_decoder;
const char *i2c_encoder; /* i2c encoder device */
const unsigned short *addrs_encoder;
u16 video_vfe, video_codec; /* videocodec types */
Reported by FlawFinder.
Line: 182
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int inputs; /* number of video inputs */
struct input {
int muxsel;
char name[32];
} input[BUZ_MAX_INPUT];
v4l2_std_id norms;
const struct tvnorm *tvn[3]; /* supported TV norms */
Reported by FlawFinder.
Line: 228
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct tvnorm *timing;
unsigned short id; /* number of this device */
char name[32]; /* name of this device */
struct pci_dev *pci_dev; /* PCI device */
unsigned char revision; /* revision of zr36057 */
unsigned char __iomem *zr36057_mem;/* pointer to mapped IO memory */
spinlock_t spinlock; /* Spinlock */
Reported by FlawFinder.