The following issues were found
net/sunrpc/rpcb_clnt.c
2 issues
Line: 387
CWE codes:
562
if (is_set || !sn->rpcb_is_af_local)
flags = RPC_TASK_SOFTCONN;
msg->rpc_resp = &result;
error = rpc_call_sync(clnt, msg, flags);
if (error < 0)
return error;
Reported by Cppcheck.
Line: 861
Column: 8
CWE codes:
126
__be32 *p;
u32 len;
len = strlen(string);
WARN_ON_ONCE(len > maxstrlen);
if (len > maxstrlen)
/* truncate and hope for the best */
len = maxstrlen;
p = xdr_reserve_space(xdr, 4 + len);
Reported by FlawFinder.
sound/pci/oxygen/xonar_dg.h
2 issues
Line: 29
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dg {
/* shadow copy of the CS4245 register space */
unsigned char cs4245_shadow[17];
/* output select: headphone/speakers */
unsigned char output_sel;
/* volumes for all capture sources */
char input_vol[4][2];
/* input select: mic/fp mic/line/aux */
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* output select: headphone/speakers */
unsigned char output_sel;
/* volumes for all capture sources */
char input_vol[4][2];
/* input select: mic/fp mic/line/aux */
unsigned char input_sel;
};
/* Xonar DG control routines */
Reported by FlawFinder.
sound/pci/pcxhr/pcxhr_hwdep.c
2 issues
Line: 377
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < 5; i++) {
if (!fw_files[fw_set][i])
continue;
sprintf(path, "pcxhr/%s", fw_files[fw_set][i]);
if (request_firmware(&fw_entry, path, &mgr->pci->dev)) {
dev_err(&mgr->pci->dev,
"pcxhr: can't load firmware %s\n",
path);
return -ENOENT;
Reported by FlawFinder.
Line: 368
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[5] = { NULL, "xlxc924.dat",
"dspe924.e56", "dspb924.b56", "dspd222.d56" },
};
char path[32];
const struct firmware *fw_entry;
int i, err;
int fw_set = mgr->fw_file_set;
Reported by FlawFinder.
net/smc/smc.h
2 issues
Line: 267
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__be32 t;
t = cpu_to_be32(host);
memcpy(net, ((u8 *)&t) + 1, 3);
}
/* convert a received 3 byte field into host byte order*/
static inline u32 ntoh24(u8 *net)
{
Reported by FlawFinder.
Line: 275
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
__be32 t = 0;
memcpy(((u8 *)&t) + 1, net, 3);
return be32_to_cpu(t);
}
#ifdef CONFIG_XFRM
static inline bool using_ipsec(struct smc_sock *smc)
Reported by FlawFinder.
sound/pci/vx222/vx222.c
2 issues
Line: 221
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
card->private_data = vx;
vx->core.ibl.size = ibl[dev];
sprintf(card->longname, "%s at 0x%lx & 0x%lx, irq %i",
card->shortname, vx->port[0], vx->port[1], vx->core.irq);
dev_dbg(card->dev, "%s at 0x%lx & 0x%lx, irq %i\n",
card->shortname, vx->port[0], vx->port[1], vx->core.irq);
#ifdef SND_VX_FW_LOADER
Reported by FlawFinder.
Line: 25
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE_PNP; /* Enable this card */
static bool mic[SNDRV_CARDS]; /* microphone */
static int ibl[SNDRV_CARDS]; /* microphone */
module_param_array(index, int, NULL, 0444);
Reported by FlawFinder.
sound/ppc/daca.c
2 issues
Line: 56
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int daca_set_volume(struct pmac_daca *mix)
{
unsigned char data[2];
if (! mix->i2c.client)
return -ENODEV;
if (mix->left_vol > DACA_VOL_MAX)
Reported by FlawFinder.
Line: 264
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/*
* build mixers
*/
strcpy(chip->card->mixername, "PowerMac DACA");
for (i = 0; i < ARRAY_SIZE(daca_mixers); i++) {
err = snd_ctl_add(chip->card, snd_ctl_new1(&daca_mixers[i], chip));
if (err < 0)
return err;
Reported by FlawFinder.
sound/ppc/pmac.c
2 issues
Line: 687
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
pcm->private_data = chip;
pcm->info_flags = SNDRV_PCM_INFO_JOINT_DUPLEX;
strcpy(pcm->name, chip->card->shortname);
chip->pcm = pcm;
chip->formats_ok = SNDRV_PCM_FMTBIT_S16_BE;
if (chip->can_byte_swap)
chip->formats_ok |= SNDRV_PCM_FMTBIT_S16_LE;
Reported by FlawFinder.
Line: 395
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out_le32(&rec->dma->control, (RUN|PAUSE|FLUSH|WAKE) << 16);
if (!emergency_in_use) { /* new problem */
memcpy((void *)emergency_dbdma.cmds, (void *)cp,
sizeof(struct dbdma_cmd));
emergency_in_use = 1;
cp->xfer_status = cpu_to_le16(0);
cp->req_count = cpu_to_le16(rec->period_size);
cp = emergency_dbdma.cmds;
Reported by FlawFinder.
net/sctp/transport.c
2 issues
Line: 47
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
/* Copy in the address. */
peer->af_specific = sctp_get_af_specific(addr->sa.sa_family);
memcpy(&peer->ipaddr, addr, peer->af_specific->sockaddr_len);
memset(&peer->saddr, 0, sizeof(union sctp_addr));
peer->sack_generation = 0;
/* From 6.3.1 RTO Calculation:
Reported by FlawFinder.
Line: 460
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
af->get_dst(transport, saddr, &transport->fl, sctp_opt2sk(opt));
if (saddr)
memcpy(&transport->saddr, saddr, sizeof(union sctp_addr));
else
af->get_saddr(opt, transport, &transport->fl);
sctp_transport_pmtu(transport, sctp_opt2sk(opt));
Reported by FlawFinder.
net/sctp/sysctl.c
2 issues
Line: 377
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ctl_table tbl;
bool changed = false;
char *none = "none";
char tmp[8] = {0};
int ret;
memset(&tbl, 0, sizeof(struct ctl_table));
if (write) {
Reported by FlawFinder.
Line: 387
Column: 16
CWE codes:
126
tbl.maxlen = sizeof(tmp);
} else {
tbl.data = net->sctp.sctp_hmac_alg ? : none;
tbl.maxlen = strlen(tbl.data);
}
ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
if (write && ret == 0) {
#ifdef CONFIG_CRYPTO_MD5
Reported by FlawFinder.
sound/soc/codecs/88pm860x-codec.c
2 issues
Line: 146
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pm860x_det det;
int irq[4];
unsigned char name[4][MAX_NAME_LEN+1];
};
/* -9450dB to 0dB in 150dB steps ( mute instead of -9450dB) */
static const DECLARE_TLV_DB_SCALE(dpga_tlv, -9450, 150, 1);
Reported by FlawFinder.
Line: 1377
Column: 3
CWE codes:
120
return -EINVAL;
}
pm860x->irq[i] = res->start + chip->irq_base;
strncpy(pm860x->name[i], res->name, MAX_NAME_LEN);
}
ret = devm_snd_soc_register_component(&pdev->dev,
&soc_component_dev_pm860x,
pm860x_dai, ARRAY_SIZE(pm860x_dai));
Reported by FlawFinder.