The following issues were found
sound/pci/hda/hda_auto_parser.c
2 issues
Line: 387
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
!(cond_flags & HDA_PINCFG_NO_LO_FIXUP)) {
if (cfg->speaker_outs) {
cfg->line_outs = cfg->speaker_outs;
memcpy(cfg->line_out_pins, cfg->speaker_pins,
sizeof(cfg->speaker_pins));
cfg->speaker_outs = 0;
memset(cfg->speaker_pins, 0, sizeof(cfg->speaker_pins));
cfg->line_out_type = AUTO_PIN_SPEAKER_OUT;
} else if (cfg->hp_outs) {
Reported by FlawFinder.
Line: 394
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cfg->line_out_type = AUTO_PIN_SPEAKER_OUT;
} else if (cfg->hp_outs) {
cfg->line_outs = cfg->hp_outs;
memcpy(cfg->line_out_pins, cfg->hp_pins,
sizeof(cfg->hp_pins));
cfg->hp_outs = 0;
memset(cfg->hp_pins, 0, sizeof(cfg->hp_pins));
cfg->line_out_type = AUTO_PIN_HP_OUT;
}
Reported by FlawFinder.
net/tipc/eth_media.c
2 issues
Line: 47
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (bufsz < 18) /* 18 = strlen("aa:bb:cc:dd:ee:ff\0") */
return 1;
sprintf(strbuf, "%pM", addr->value);
return 0;
}
/* Convert from media address format to discovery message addr format */
static int tipc_eth_addr2msg(char *msg, struct tipc_media_addr *addr)
Reported by FlawFinder.
Line: 56
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
memset(msg, 0, TIPC_MEDIA_INFO_SIZE);
msg[TIPC_MEDIA_TYPE_OFFSET] = TIPC_MEDIA_TYPE_ETH;
memcpy(msg + TIPC_MEDIA_ADDR_OFFSET, addr->value, ETH_ALEN);
return 0;
}
/* Convert raw mac address format to media addr format */
static int tipc_eth_raw2addr(struct tipc_bearer *b,
Reported by FlawFinder.
net/tipc/core.h
2 issues
Line: 101
Column: 6
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
unsigned long addr_trial_end;
char node_id_string[NODE_ID_STR_LEN];
int net_id;
int random;
bool legacy_addr_format;
/* Node table and node list */
spinlock_t node_list_lock;
struct hlist_head node_htable[NODE_HTABLE_SIZE];
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 node_addr;
u32 trial_addr;
unsigned long addr_trial_end;
char node_id_string[NODE_ID_STR_LEN];
int net_id;
int random;
bool legacy_addr_format;
/* Node table and node list */
Reported by FlawFinder.
sound/pci/hda/patch_cirrus.c
2 issues
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int cs42l42_hp_jack_in:1;
unsigned int cs42l42_mic_jack_in:1;
unsigned int cs42l42_volume_init:1;
char cs42l42_hp_volume[CS42L42_HP_CH];
char cs42l42_hs_mic_volume[CS42L42_HS_MIC_CH];
struct mutex cs8409_i2c_mux;
/* verb exec op override */
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int cs42l42_mic_jack_in:1;
unsigned int cs42l42_volume_init:1;
char cs42l42_hp_volume[CS42L42_HP_CH];
char cs42l42_hs_mic_volume[CS42L42_HS_MIC_CH];
struct mutex cs8409_i2c_mux;
/* verb exec op override */
int (*exec_verb)(struct hdac_device *dev, unsigned int cmd,
Reported by FlawFinder.
sound/pci/ice1712/aureon.c
2 issues
Line: 191
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int aureon_universe_inmux_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[3] =
{"Internal Aux", "Wavetable", "Rear Line-In"};
return snd_ctl_enum_info(uinfo, 1, 3, texts);
}
Reported by FlawFinder.
Line: 1357
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int aureon_oversampling_info(struct snd_kcontrol *k, struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[2] = { "128x", "64x" };
return snd_ctl_enum_info(uinfo, 1, 2, texts);
}
static int aureon_oversampling_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol)
Reported by FlawFinder.
net/sunrpc/xprtrdma/svc_rdma_transport.c
2 issues
Line: 212
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sa = (struct sockaddr *)&newxprt->sc_cm_id->route.addr.dst_addr;
newxprt->sc_xprt.xpt_remotelen = svc_addr_len(sa);
memcpy(&newxprt->sc_xprt.xpt_remote, sa,
newxprt->sc_xprt.xpt_remotelen);
snprintf(newxprt->sc_xprt.xpt_remotebuf,
sizeof(newxprt->sc_xprt.xpt_remotebuf) - 1, "%pISc", sa);
/* The remote port is arbitrary and not under the control of the
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!cma_xprt)
return ERR_PTR(-ENOMEM);
set_bit(XPT_LISTENER, &cma_xprt->sc_xprt.xpt_flags);
strcpy(cma_xprt->sc_xprt.xpt_remotebuf, "listener");
listen_id = rdma_create_id(net, svc_rdma_listen_handler, cma_xprt,
RDMA_PS_TCP, IB_QPT_RC);
if (IS_ERR(listen_id)) {
ret = PTR_ERR(listen_id);
Reported by FlawFinder.
sound/pci/ice1712/ice1712.h
2 issues
Line: 217
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int subvendor; /* PCI[2c-2f] */
unsigned char size; /* size of EEPROM image in bytes */
unsigned char version; /* must be 1 (or 2 for vt1724) */
unsigned char data[32];
unsigned int gpiomask;
unsigned int gpiostate;
unsigned int gpiodir;
};
Reported by FlawFinder.
Line: 272
Column: 10
CWE codes:
362
struct snd_kcontrol *stream_ctl;
struct snd_ice1712_spdif_ops {
void (*open)(struct snd_ice1712 *, struct snd_pcm_substream *);
void (*setup_rate)(struct snd_ice1712 *, int rate);
void (*close)(struct snd_ice1712 *, struct snd_pcm_substream *);
void (*default_get)(struct snd_ice1712 *, struct snd_ctl_elem_value *ucontrol);
int (*default_put)(struct snd_ice1712 *, struct snd_ctl_elem_value *ucontrol);
void (*stream_get)(struct snd_ice1712 *, struct snd_ctl_elem_value *ucontrol);
Reported by FlawFinder.
sound/pci/ice1712/phase.c
2 issues
Line: 73
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Logarithmic volume values for WM8770
* Computed as 20 * Log10(255 / x)
*/
static const unsigned char wm_vol[256] = {
127, 48, 42, 39, 36, 34, 33, 31, 30, 29, 28, 27, 27, 26, 25, 25, 24,
24, 23, 23, 22, 22, 21, 21, 21, 20, 20, 20, 19, 19, 19, 18, 18, 18, 18,
17, 17, 17, 17, 16, 16, 16, 16, 15, 15, 15, 15, 15, 15, 14, 14, 14, 14,
14, 13, 13, 13, 13, 13, 13, 13, 12, 12, 12, 12, 12, 12, 12, 11, 11, 11,
11, 11, 11, 11, 11, 11, 10, 10, 10, 10, 10, 10, 10, 10, 10, 9, 9, 9, 9,
Reported by FlawFinder.
Line: 710
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int phase28_oversampling_info(struct snd_kcontrol *k,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[2] = { "128x", "64x" };
return snd_ctl_enum_info(uinfo, 1, 2, texts);
}
static int phase28_oversampling_get(struct snd_kcontrol *kcontrol,
Reported by FlawFinder.
sound/pci/ice1712/prodigy_hifi.c
2 issues
Line: 507
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int wm_adc_mux_enum_info(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_info *uinfo)
{
static const char * const texts[32] = {
"NULL", WM_AIN1, WM_AIN2, WM_AIN1 "+" WM_AIN2,
WM_AIN3, WM_AIN1 "+" WM_AIN3, WM_AIN2 "+" WM_AIN3,
WM_AIN1 "+" WM_AIN2 "+" WM_AIN3,
WM_AIN4, WM_AIN1 "+" WM_AIN4, WM_AIN2 "+" WM_AIN4,
WM_AIN1 "+" WM_AIN2 "+" WM_AIN4,
Reported by FlawFinder.
Line: 865
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_info_buffer *buffer)
{
struct snd_ice1712 *ice = entry->private_data;
char line[64];
unsigned int reg, val;
mutex_lock(&ice->gpio_mutex);
while (!snd_info_get_line(buffer, line, sizeof(line))) {
if (sscanf(line, "%x %x", ®, &val) != 2)
continue;
Reported by FlawFinder.
net/sunrpc/xprtrdma/rpc_rdma.c
2 issues
Line: 692
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
src = page_address(*ppages);
src += page_base;
len = min_t(unsigned int, PAGE_SIZE - page_base, remaining);
memcpy(dst, src, len);
r_xprt->rx_stats.pullup_copy_count += len;
ppages++;
dst += len;
remaining -= len;
Reported by FlawFinder.
Line: 1079
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
curlen = pagelist_len;
destp = kmap_atomic(ppages[i]);
memcpy(destp + page_base, srcp, curlen);
flush_dcache_page(ppages[i]);
kunmap_atomic(destp);
srcp += curlen;
copy_len -= curlen;
fixup_copy_count += curlen;
Reported by FlawFinder.