The following issues were found
sound/pci/asihpi/hpicmn.c
2 issues
Line: 501
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tocopy = sizeof(phr->u.cu.chars8.
sz_data);
memcpy(phr->u.cu.chars8.sz_data,
&pad_string[offset], tocopy);
phr->u.cu.chars8.remaining_chars =
pad_string_len - offset - tocopy;
}
Reported by FlawFinder.
Line: 488
Column: 22
CWE codes:
126
/* Ensure null terminator */
pad_string[field_size - 1] = 0;
pad_string_len = strlen(pad_string) + 1;
if (offset > pad_string_len) {
phr->error =
HPI_ERROR_INVALID_CONTROL_VALUE;
break;
Reported by FlawFinder.
sound/pci/asihpi/hpidspcd.c
2 issues
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct firmware *firmware;
struct pci_dev *dev = os_data;
struct code_header header;
char fw_name[20];
short err_ret = HPI_ERROR_DSP_FILE_NOT_FOUND;
int err;
sprintf(fw_name, "asihpi/dsp%04x.bin", adapter);
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
short err_ret = HPI_ERROR_DSP_FILE_NOT_FOUND;
int err;
sprintf(fw_name, "asihpi/dsp%04x.bin", adapter);
err = request_firmware(&firmware, fw_name, &dev->dev);
if (err || !firmware) {
dev_err(&dev->dev, "%d, request_firmware failed for %s\n",
Reported by FlawFinder.
sound/pci/au88x0/au88x0_eq.c
2 issues
Line: 653
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eqlzr_t *eq = &(vortex->eq);
/* Set EQ BiQuad filter coeficients */
memcpy(&(eq->coefset), &asEqCoefsNormal, sizeof(auxxEqCoeffSet_t));
/* Set EQ Band gain levels and dump into hardware registers. */
vortex_Eqlzr_SetAllBands(vortex, eq_gains_normal, eq->this10 * 2);
}
static int vortex_Eqlzr_GetAllPeaks(vortex_t * vortex, u16 * peaks, int *count)
Reported by FlawFinder.
Line: 855
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* EQ band gain labels. */
static const char * const EqBandLabels[10] = {
"EQ0 31Hz\0",
"EQ1 63Hz\0",
"EQ2 125Hz\0",
"EQ3 250Hz\0",
"EQ4 500Hz\0",
Reported by FlawFinder.
net/vmw_vsock/vmci_transport_notify.c
2 issues
Line: 117
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vsk = vsock_sk(sk);
PKT_FIELD(vsk, peer_waiting_read) = true;
memcpy(&PKT_FIELD(vsk, peer_waiting_read_info), &pkt->u.wait,
sizeof(PKT_FIELD(vsk, peer_waiting_read_info)));
if (vmci_transport_notify_waiting_read(vsk)) {
bool sent;
Reported by FlawFinder.
Line: 147
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vsk = vsock_sk(sk);
PKT_FIELD(vsk, peer_waiting_write) = true;
memcpy(&PKT_FIELD(vsk, peer_waiting_write_info), &pkt->u.wait,
sizeof(PKT_FIELD(vsk, peer_waiting_write_info)));
if (vmci_transport_notify_waiting_write(vsk)) {
bool sent;
Reported by FlawFinder.
sound/pci/ctxfi/ctamixer.h
2 issues
Line: 25
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Define the descriptor of a summation node resource */
struct sum {
struct rsc rsc; /* Basic resource info */
unsigned char idx[8];
};
/* Define sum resource request description info */
struct sum_desc {
unsigned int msr;
Reported by FlawFinder.
Line: 54
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct amixer {
struct rsc rsc; /* Basic resource info */
unsigned char idx[8];
struct rsc *input; /* pointer to a resource acting as source */
struct sum *sum; /* Put amixer output to this summation node */
const struct amixer_rsc_ops *ops; /* AMixer specific operations */
};
Reported by FlawFinder.
sound/pci/echoaudio/layla24_dsp.c
2 issues
Line: 318
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Load the desired ASIC */
if (load_asic_generic(chip, DSP_FNC_LOAD_LAYLA24_EXTERNAL_ASIC,
asic) < 0) {
memcpy(chip->comm_page->monitors, monitors,
MONITOR_ARRAY_SIZE);
kfree(monitors);
return -EIO;
}
chip->asic_code = asic;
Reported by FlawFinder.
Line: 324
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
}
chip->asic_code = asic;
memcpy(chip->comm_page->monitors, monitors, MONITOR_ARRAY_SIZE);
kfree(monitors);
}
return 0;
}
Reported by FlawFinder.
sound/pci/emu10k1/emu10k1.c
2 issues
Line: 28
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
static int extin[SNDRV_CARDS];
static int extout[SNDRV_CARDS];
static int seq_ports[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = 4};
static int max_synth_voices[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS - 1)] = 64};
Reported by FlawFinder.
Line: 172
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} else {
struct snd_emu10k1_synth_arg *arg;
arg = SNDRV_SEQ_DEVICE_ARGPTR(wave);
strcpy(wave->name, "Emu-10k1 Synth");
arg->hwptr = emu;
arg->index = 1;
arg->seq_ports = seq_ports[dev];
arg->max_voices = max_synth_voices[dev];
}
Reported by FlawFinder.
net/tipc/trace.h
2 issues
Line: 258
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TP_fast_assign(
__assign_str(header, header);
memcpy(__entry->name, tipc_link_name(l), TIPC_MAX_LINK_NAME);
tipc_link_dump(l, dqueues, __get_str(buf));
),
TP_printk("<%s> %s\n%s", __entry->name, __get_str(header),
__get_str(buf))
Reported by FlawFinder.
Line: 298
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
),
TP_fast_assign(
memcpy(__entry->name, tipc_link_name(r), TIPC_MAX_LINK_NAME);
__entry->from = f;
__entry->to = t;
__entry->len = skb_queue_len(tq);
__entry->fseqno = __entry->len ?
msg_seqno(buf_msg(skb_peek(tq))) : 0;
Reported by FlawFinder.
net/tipc/subscr.c
2 issues
Line: 156
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sub->net = net;
sub->conid = conid;
sub->inactive = false;
memcpy(&sub->evt.s, s, sizeof(*s));
sub->s.seq.type = tipc_sub_read(s, seq.type);
sub->s.seq.lower = lower;
sub->s.seq.upper = upper;
sub->s.filter = filter;
sub->s.timeout = tipc_sub_read(s, timeout);
Reported by FlawFinder.
Line: 162
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sub->s.seq.upper = upper;
sub->s.filter = filter;
sub->s.timeout = tipc_sub_read(s, timeout);
memcpy(sub->s.usr_handle, s->usr_handle, 8);
spin_lock_init(&sub->lock);
kref_init(&sub->kref);
if (!tipc_nametbl_subscribe(sub)) {
kfree(sub);
return NULL;
Reported by FlawFinder.
net/tipc/msg.c
2 issues
Line: 650
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*skb = tipc_buf_acquire(hlen + dlen, GFP_ATOMIC);
if (!*skb)
goto exit;
memcpy((*skb)->data, _skb->data, msg_hdr_sz(_hdr));
memcpy((*skb)->data + hlen, msg_data(_hdr), dlen);
/* Build reverse header in new buffer */
hdr = buf_msg(*skb);
msg_set_hdr_sz(hdr, hlen);
Reported by FlawFinder.
Line: 651
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!*skb)
goto exit;
memcpy((*skb)->data, _skb->data, msg_hdr_sz(_hdr));
memcpy((*skb)->data + hlen, msg_data(_hdr), dlen);
/* Build reverse header in new buffer */
hdr = buf_msg(*skb);
msg_set_hdr_sz(hdr, hlen);
msg_set_errcode(hdr, err);
Reported by FlawFinder.