The following issues were found
sound/firewire/dice/dice-alesis.c
2 issues
Line: 36
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data = be32_to_cpu(reg);
if (data == 4 || data == 6) {
memcpy(dice->tx_pcm_chs, alesis_io14_tx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT *
sizeof(unsigned int));
} else {
memcpy(dice->tx_pcm_chs, alesis_io26_tx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT *
Reported by FlawFinder.
Line: 40
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT *
sizeof(unsigned int));
} else {
memcpy(dice->tx_pcm_chs, alesis_io26_tx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT *
sizeof(unsigned int));
}
for (i = 0; i < SND_DICE_RATE_MODE_COUNT; ++i)
Reported by FlawFinder.
sound/firewire/dice/dice-mytek.c
2 issues
Line: 35
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev = &stereo_192_dsd_dac;
memcpy(dice->tx_pcm_chs, dev->tx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
memcpy(dice->rx_pcm_chs, dev->rx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
for (i = 0; i < MAX_STREAMS; ++i) {
Reported by FlawFinder.
Line: 37
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dice->tx_pcm_chs, dev->tx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
memcpy(dice->rx_pcm_chs, dev->rx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
for (i = 0; i < MAX_STREAMS; ++i) {
dice->tx_midi_ports[i] = 0;
dice->rx_midi_ports[i] = 0;
Reported by FlawFinder.
sound/firewire/dice/dice-presonus.c
2 issues
Line: 51
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i == ARRAY_SIZE(entries))
return -ENODEV;
memcpy(dice->tx_pcm_chs, entry->spec->tx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
memcpy(dice->rx_pcm_chs, entry->spec->rx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
if (entry->spec->has_midi) {
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dice->tx_pcm_chs, entry->spec->tx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
memcpy(dice->rx_pcm_chs, entry->spec->rx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
if (entry->spec->has_midi) {
dice->tx_midi_ports[0] = 1;
dice->rx_midi_ports[0] = 1;
Reported by FlawFinder.
sound/firewire/dice/dice-tcelectronic.c
2 issues
Line: 93
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i == ARRAY_SIZE(entries))
return -ENODEV;
memcpy(dice->tx_pcm_chs, entry->spec->tx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
memcpy(dice->rx_pcm_chs, entry->spec->rx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
if (entry->spec->has_midi) {
Reported by FlawFinder.
Line: 95
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dice->tx_pcm_chs, entry->spec->tx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
memcpy(dice->rx_pcm_chs, entry->spec->rx_pcm_chs,
MAX_STREAMS * SND_DICE_RATE_MODE_COUNT * sizeof(unsigned int));
if (entry->spec->has_midi) {
dice->tx_midi_ports[0] = 1;
dice->rx_midi_ports[0] = 1;
Reported by FlawFinder.
sound/firewire/fireworks/fireworks.h
2 issues
Line: 128
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 guid_lo;
u32 type;
u32 version;
char vendor_name[HWINFO_NAME_SIZE_BYTES];
char model_name[HWINFO_NAME_SIZE_BYTES];
u32 supported_clocks;
u32 amdtp_rx_pcm_channels;
u32 amdtp_tx_pcm_channels;
u32 phys_out;
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 type;
u32 version;
char vendor_name[HWINFO_NAME_SIZE_BYTES];
char model_name[HWINFO_NAME_SIZE_BYTES];
u32 supported_clocks;
u32 amdtp_rx_pcm_channels;
u32 amdtp_tx_pcm_channels;
u32 phys_out;
u32 phys_in;
Reported by FlawFinder.
sound/firewire/fireworks/fireworks_command.c
2 issues
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
header->status = 0;
/* fill transaction command parameters */
memcpy(header->params, params, param_bytes);
err = snd_efw_transaction_run(efw->unit, buf, cmd_bytes,
buf, buf_bytes);
if (err < 0)
goto end;
Reported by FlawFinder.
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
resp_bytes = min_t(unsigned int, resp_bytes,
be32_to_cpu(header->length) * sizeof(__be32) -
sizeof(struct snd_efw_transaction));
memcpy((void *)resp, &buf[6], resp_bytes);
end:
kfree(buf);
return err;
}
Reported by FlawFinder.
sound/firewire/fireworks/fireworks_transaction.c
2 issues
Line: 146
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(unsigned int)(efw->push_ptr - efw->resp_buf);
till_end = min_t(unsigned int, length, till_end);
memcpy(efw->push_ptr, data, till_end);
efw->push_ptr += till_end;
if (efw->push_ptr >= efw->resp_buf + snd_efw_resp_buf_size)
efw->push_ptr -= snd_efw_resp_buf_size;
Reported by FlawFinder.
Line: 217
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((t->state == STATE_PENDING) && (t->seqnum == seqnum)) {
t->state = STATE_COMPLETE;
t->size = min_t(unsigned int, length, t->size);
memcpy(t->buf, data, t->size);
wake_up(&t->wait);
*rcode = RCODE_COMPLETE;
}
}
spin_unlock_irqrestore(&transaction_queues_lock, flags);
Reported by FlawFinder.
samples/bpf/tcp_basertt_kern.c
2 issues
Line: 24
#define DEBUG 1
SEC("sockops")
int bpf_basertt(struct bpf_sock_ops *skops)
{
char cong[20];
char nv[] = "nv";
int rv = 0, n;
Reported by Cppcheck.
Line: 27
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SEC("sockops")
int bpf_basertt(struct bpf_sock_ops *skops)
{
char cong[20];
char nv[] = "nv";
int rv = 0, n;
int op;
op = (int) skops->op;
Reported by FlawFinder.
sound/i2c/other/ak4xxx-adda.c
2 issues
Line: 128
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Used for AK4524/AK4620 input/ouput attenuation, AK4528, and
* AK5365 input attenuation
*/
static const unsigned char vol_cvt_datt[128] = {
0x00, 0x01, 0x01, 0x02, 0x02, 0x03, 0x03, 0x04,
0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x06, 0x06,
0x06, 0x07, 0x07, 0x08, 0x08, 0x08, 0x09, 0x0a,
0x0a, 0x0b, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x0f,
0x10, 0x10, 0x11, 0x12, 0x12, 0x13, 0x13, 0x14,
Reported by FlawFinder.
Line: 454
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_akm4xxx_deemphasis_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[4] = {
"44.1kHz", "Off", "48kHz", "32kHz",
};
return snd_ctl_enum_info(uinfo, 1, 4, texts);
}
Reported by FlawFinder.
samples/bpf/tc_l2_redirect_user.c
2 issues
Line: 32
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int ret = -1;
int opt;
while ((opt = getopt(argc, argv, "F:U:i:")) != -1) {
switch (opt) {
/* General args */
case 'U':
pinned_file = optarg;
break;
Reported by FlawFinder.
Line: 39
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
pinned_file = optarg;
break;
case 'i':
ifindex = atoi(optarg);
break;
default:
usage();
goto out;
}
Reported by FlawFinder.