The following issues were found
drivers/scsi/device_handler/scsi_dh_alua.c
3 issues
Line: 66
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rcu_head rcu;
struct list_head node;
struct list_head dh_list;
unsigned char device_id_str[256];
int device_id_len;
int group_id;
int tpgs;
int state;
int pref;
Reported by FlawFinder.
Line: 158
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct scsi_sense_hdr *sshdr)
{
u8 cdb[MAX_COMMAND_SIZE];
unsigned char stpg_data[8];
int stpg_len = 8;
int req_flags = REQ_FAILFAST_DEV | REQ_FAILFAST_TRANSPORT |
REQ_FAILFAST_DRIVER;
/* Prepare the data buffer */
Reported by FlawFinder.
Line: 184
Column: 30
CWE codes:
126
{
struct alua_port_group *pg;
if (!id_str || !id_size || !strlen(id_str))
return NULL;
list_for_each_entry(pg, &port_group_list, node) {
if (pg->group_id != group_id)
continue;
Reported by FlawFinder.
drivers/pcmcia/sa11xx_base.c
3 issues
Line: 153
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
soc_common_pcmcia_get_timing(skt, &timing);
p+=sprintf(p, "I/O : %uns (%uns)\n", timing.io,
sa1100_pcmcia_cmd_time(clock, MECR_BSIO_GET(mecr, skt->nr)));
p+=sprintf(p, "attribute: %uns (%uns)\n", timing.attr,
sa1100_pcmcia_cmd_time(clock, MECR_BSA_GET(mecr, skt->nr)));
Reported by FlawFinder.
Line: 156
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p+=sprintf(p, "I/O : %uns (%uns)\n", timing.io,
sa1100_pcmcia_cmd_time(clock, MECR_BSIO_GET(mecr, skt->nr)));
p+=sprintf(p, "attribute: %uns (%uns)\n", timing.attr,
sa1100_pcmcia_cmd_time(clock, MECR_BSA_GET(mecr, skt->nr)));
p+=sprintf(p, "common : %uns (%uns)\n", timing.mem,
sa1100_pcmcia_cmd_time(clock, MECR_BSM_GET(mecr, skt->nr)));
Reported by FlawFinder.
Line: 159
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p+=sprintf(p, "attribute: %uns (%uns)\n", timing.attr,
sa1100_pcmcia_cmd_time(clock, MECR_BSA_GET(mecr, skt->nr)));
p+=sprintf(p, "common : %uns (%uns)\n", timing.mem,
sa1100_pcmcia_cmd_time(clock, MECR_BSM_GET(mecr, skt->nr)));
return p - buf;
}
Reported by FlawFinder.
drivers/net/wireless/ti/wl18xx/debugfs.c
3 issues
Line: 200
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock(&wl->mutex);
pos = buf;
memcpy(pos, &header, sizeof(header));
pos += sizeof(header);
memcpy(pos, &wl->conf, sizeof(wl->conf));
pos += sizeof(wl->conf);
memcpy(pos, &priv->conf, sizeof(priv->conf));
Reported by FlawFinder.
Line: 202
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos = buf;
memcpy(pos, &header, sizeof(header));
pos += sizeof(header);
memcpy(pos, &wl->conf, sizeof(wl->conf));
pos += sizeof(wl->conf);
memcpy(pos, &priv->conf, sizeof(priv->conf));
mutex_unlock(&wl->mutex);
Reported by FlawFinder.
Line: 204
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pos += sizeof(header);
memcpy(pos, &wl->conf, sizeof(wl->conf));
pos += sizeof(wl->conf);
memcpy(pos, &priv->conf, sizeof(priv->conf));
mutex_unlock(&wl->mutex);
ret = simple_read_from_buffer(user_buf, count, ppos, buf, len);
Reported by FlawFinder.
drivers/net/wireless/intersil/prism54/islpci_dev.h
3 issues
Line: 39
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* ACL using MAC address */
struct mac_entry {
struct list_head _list;
char addr[ETH_ALEN];
};
struct islpci_acl {
enum { MAC_POLICY_OPEN=0, MAC_POLICY_ACCEPT=1, MAC_POLICY_REJECT=2 } policy;
struct list_head mac_list; /* a list of mac_entry */
Reported by FlawFinder.
Line: 75
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 iw_mode;
struct rw_semaphore mib_sem;
void **mib;
char nickname[IW_ESSID_MAX_SIZE+1];
/* Take care of the wireless stats */
struct work_struct stats_work;
struct mutex stats_lock;
/* remember when we last updated the stats */
Reported by FlawFinder.
Line: 98
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* PCI bus allocation & configuration members */
struct pci_dev *pdev; /* PCI structure information */
char firmware[33];
void __iomem *device_base; /* ioremapped device base address */
/* consistent DMA region */
void *driver_mem_address; /* base DMA address */
Reported by FlawFinder.
drivers/perf/fsl_imx8_ddr_perf.c
3 issues
Line: 241
Column: 29
CWE codes:
120
20
IMX8_DDR_PMU_EVENT_ATTR(read-command, 0x20),
IMX8_DDR_PMU_EVENT_ATTR(write-command, 0x21),
IMX8_DDR_PMU_EVENT_ATTR(read-modify-write-command, 0x22),
IMX8_DDR_PMU_EVENT_ATTR(hp-read, 0x23),
IMX8_DDR_PMU_EVENT_ATTR(hp-req-nocredit, 0x24),
IMX8_DDR_PMU_EVENT_ATTR(hp-xact-credit, 0x25),
IMX8_DDR_PMU_EVENT_ATTR(lp-req-nocredit, 0x26),
IMX8_DDR_PMU_EVENT_ATTR(lp-xact-credit, 0x27),
IMX8_DDR_PMU_EVENT_ATTR(wr-xact-credit, 0x29),
Reported by FlawFinder.
Line: 254
Column: 26
CWE codes:
120
20
IMX8_DDR_PMU_EVENT_ATTR(activate, 0x32),
IMX8_DDR_PMU_EVENT_ATTR(load-mode, 0x33),
IMX8_DDR_PMU_EVENT_ATTR(perf-mwr, 0x34),
IMX8_DDR_PMU_EVENT_ATTR(read, 0x35),
IMX8_DDR_PMU_EVENT_ATTR(read-activate, 0x36),
IMX8_DDR_PMU_EVENT_ATTR(refresh, 0x37),
IMX8_DDR_PMU_EVENT_ATTR(write, 0x38),
IMX8_DDR_PMU_EVENT_ATTR(raw-hazard, 0x39),
IMX8_DDR_PMU_EVENT_ATTR(axid-read, 0x41),
Reported by FlawFinder.
Line: 259
Column: 31
CWE codes:
120
20
IMX8_DDR_PMU_EVENT_ATTR(refresh, 0x37),
IMX8_DDR_PMU_EVENT_ATTR(write, 0x38),
IMX8_DDR_PMU_EVENT_ATTR(raw-hazard, 0x39),
IMX8_DDR_PMU_EVENT_ATTR(axid-read, 0x41),
IMX8_DDR_PMU_EVENT_ATTR(axid-write, 0x42),
NULL,
};
static const struct attribute_group ddr_perf_events_attr_group = {
Reported by FlawFinder.
drivers/scsi/aacraid/commsup.c
3 issues
Line: 2132
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*
* Make the copy of the FIB
*/
memcpy(hw_newfib, hw_fib, sizeof(struct hw_fib));
memcpy(newfib, fib, sizeof(struct fib));
newfib->hw_fib_va = hw_newfib;
/*
* Put the FIB onto the
* fibctx's fibs
Reported by FlawFinder.
Line: 2133
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Make the copy of the FIB
*/
memcpy(hw_newfib, hw_fib, sizeof(struct hw_fib));
memcpy(newfib, fib, sizeof(struct fib));
newfib->hw_fib_va = hw_newfib;
/*
* Put the FIB onto the
* fibctx's fibs
*/
Reported by FlawFinder.
Line: 2322
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(srbcmd->cdb, 0, sizeof(srbcmd->cdb));
srbcmd->cdb[0] = BMIC_OUT;
srbcmd->cdb[6] = WRITE_HOST_WELLNESS;
memcpy(dma_buf, (char *)wellness_str, datasize);
sg64 = (struct sgmap64 *)&srbcmd->sg;
sg64->count = cpu_to_le32(1);
sg64->sg[0].addr[1] = cpu_to_le32((u32)(((addr) >> 16) >> 16));
sg64->sg[0].addr[0] = cpu_to_le32((u32)(addr & 0xffffffff));
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/queue/tx.c
3 issues
Line: 250
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto unmap;
}
memcpy(page_address(page), virt, len);
phys = dma_map_single(trans->dev, page_address(page), len,
DMA_TO_DEVICE);
if (unlikely(dma_mapping_error(trans->dev, phys)))
return -ENOMEM;
Reported by FlawFinder.
Line: 503
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out_err;
/* building the A-MSDU might have changed this data, memcpy it now */
memcpy(&txq->first_tb_bufs[idx], dev_cmd, IWL_FIRST_TB_SIZE);
return tfd;
out_err:
iwl_txq_gen2_tfd_unmap(trans, out_meta, tfd);
return NULL;
Reported by FlawFinder.
Line: 559
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tb_phys = iwl_txq_get_first_tb_dma(txq, idx);
/* The first TB points to bi-directional DMA data */
memcpy(&txq->first_tb_bufs[idx], dev_cmd, IWL_FIRST_TB_SIZE);
/*
* No need for _with_wa, the first TB allocation is aligned up
* to a 64-byte boundary and thus can't be at the end or cross
* a page boundary (much less a 2^32 boundary).
Reported by FlawFinder.
drivers/scsi/NCR5380.c
3 issues
Line: 971
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__releases(&hostdata->lock) __acquires(&hostdata->lock)
{
struct NCR5380_hostdata *hostdata = shost_priv(instance);
unsigned char tmp[3], phase;
unsigned char *data;
int len;
int err;
bool ret = true;
bool can_disconnect = instance->irq != NO_IRQ &&
Reported by FlawFinder.
Line: 1685
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int len;
int transfersize;
unsigned char *data;
unsigned char phase, tmp, extended_msg[10], old_phase = 0xff;
struct scsi_cmnd *cmd;
#ifdef SUN3_SCSI_VME
dregs->csr |= CSR_INTR;
#endif
Reported by FlawFinder.
Line: 2032
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct NCR5380_hostdata *hostdata = shost_priv(instance);
unsigned char target_mask;
unsigned char lun;
unsigned char msg[3];
struct NCR5380_cmd *ncmd;
struct scsi_cmnd *tmp;
/*
* Disable arbitration, etc. since the host adapter obviously
Reported by FlawFinder.
drivers/phy/ti/phy-j721e-wiz.c
3 issues
Line: 652
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char **parent_names;
unsigned int num_parents;
struct wiz_clk_mux *mux;
char clk_name[100];
struct clk *clk;
int ret = 0, i;
mux = devm_kzalloc(dev, sizeof(*mux), GFP_KERNEL);
if (!mux)
Reported by FlawFinder.
Line: 713
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char **parent_names;
unsigned int num_parents;
struct wiz_clk_mux *mux;
char clk_name[100];
struct clk *clk;
int ret;
mux = devm_kzalloc(dev, sizeof(*mux), GFP_KERNEL);
if (!mux)
Reported by FlawFinder.
Line: 808
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct wiz_clk_divider *div;
struct clk_init_data *init;
const char **parent_names;
char clk_name[100];
struct clk *clk;
int ret;
div = devm_kzalloc(dev, sizeof(*div), GFP_KERNEL);
if (!div)
Reported by FlawFinder.
drivers/pinctrl/aspeed/pinctrl-aspeed.c
3 issues
Line: 184
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
found[len] = '\0';
len += delta;
strcat(found, str);
strcat(found, ", ");
funcs++;
}
prios++;
Reported by FlawFinder.
Line: 185
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
len += delta;
strcat(found, str);
strcat(found, ", ");
funcs++;
}
prios++;
}
Reported by FlawFinder.
Line: 171
Column: 19
CWE codes:
126
while ((funcs = *prios)) {
while ((expr = *funcs)) {
const char *str = get(expr);
size_t delta = strlen(str) + 2;
char *expanded;
expanded = krealloc(found, len + delta + 1, GFP_KERNEL);
if (!expanded) {
kfree(found);
Reported by FlawFinder.