The following issues were found
net/rxrpc/peer_object.c
2 issues
Line: 185
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fl6->flowi6_iif = LOOPBACK_IFINDEX;
fl6->flowi6_scope = RT_SCOPE_UNIVERSE;
fl6->flowi6_proto = IPPROTO_UDP;
memcpy(&fl6->daddr, &peer->srx.transport.sin6.sin6_addr,
sizeof(struct in6_addr));
fl6->fl6_dport = htons(7001);
fl6->fl6_sport = htons(7000);
dst = ip6_route_output(net, NULL, fl6);
if (dst->error) {
Reported by FlawFinder.
Line: 294
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
peer = rxrpc_alloc_peer(local, gfp);
if (peer) {
memcpy(&peer->srx, srx, sizeof(*srx));
rxrpc_init_peer(rx, peer, hash_key);
}
_leave(" = %p", peer);
return peer;
Reported by FlawFinder.
sound/soc/codecs/cx20442.c
2 issues
Line: 157
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct cx20442_priv *cx20442 = snd_soc_component_get_drvdata(component);
int vls, vsp, old, len;
char buf[18];
if (reg >= 1)
return -EINVAL;
/* tty and write pointers required for talking to the modem
Reported by FlawFinder.
Line: 214
Column: 17
CWE codes:
126
/* Line discipline .open() */
static int v253_open(struct tty_struct *tty)
{
int ret, len = strlen(v253_init);
/* Doesn't make sense without write callback */
if (!tty->ops->write)
return -EINVAL;
Reported by FlawFinder.
sound/soc/codecs/hdmi-codec.c
2 issues
Line: 308
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct snd_soc_component *component = snd_kcontrol_chip(kcontrol);
struct hdmi_codec_priv *hcp = snd_soc_component_get_drvdata(component);
memcpy(ucontrol->value.bytes.data, hcp->eld, sizeof(hcp->eld));
return 0;
}
static unsigned long hdmi_codec_spk_mask_from_alloc(int spk_alloc)
Reported by FlawFinder.
Line: 403
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct snd_soc_component *component = snd_kcontrol_chip(kcontrol);
struct hdmi_codec_priv *hcp = snd_soc_component_get_drvdata(component);
memcpy(ucontrol->value.iec958.status, hcp->iec_status,
sizeof(hcp->iec_status));
return 0;
}
Reported by FlawFinder.
sound/soc/codecs/lpass-rx-macro.c
2 issues
Line: 2743
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 coeff[BAND_MAX];
int reg = CDC_RX_SIDETONE_IIR0_IIR_COEF_B1_CTL + 16 * iir_idx;
memcpy(&coeff[0], ucontrol->value.bytes.data, params->max);
/* Mask top bit it is reserved */
/* Updates addr automatically for each B2 write */
snd_soc_component_write(component, reg, (band_idx * BAND_MAX *
sizeof(uint32_t)) & 0x7F);
Reported by FlawFinder.
Line: 2777
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
coeff[3] = get_iir_band_coeff(component, iir_idx, band_idx, 3);
coeff[4] = get_iir_band_coeff(component, iir_idx, band_idx, 4);
memcpy(ucontrol->value.bytes.data, &coeff[0], params->max);
return 0;
}
static int rx_macro_iir_filter_info(struct snd_kcontrol *kcontrol,
Reported by FlawFinder.
sound/soc/codecs/madera.h
2 issues
Line: 185
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern const unsigned int madera_ng_tlv[];
extern const unsigned int madera_mixer_tlv[];
extern const char * const madera_mixer_texts[MADERA_NUM_MIXER_INPUTS];
extern const unsigned int madera_mixer_values[MADERA_NUM_MIXER_INPUTS];
#define MADERA_GAINMUX_CONTROLS(name, base) \
SOC_SINGLE_RANGE_TLV(name " Input Volume", base + 1, \
MADERA_MIXER_VOL_SHIFT, 0x20, 0x50, 0, \
Reported by FlawFinder.
Line: 331
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern const struct snd_kcontrol_new madera_inmux[];
extern const struct snd_kcontrol_new madera_inmode[];
extern const char * const madera_rate_text[MADERA_RATE_ENUM_SIZE];
extern const unsigned int madera_rate_val[MADERA_RATE_ENUM_SIZE];
extern const struct soc_enum madera_sample_rate[];
extern const struct soc_enum madera_isrc_fsl[];
extern const struct soc_enum madera_isrc_fsh[];
Reported by FlawFinder.
sound/soc/codecs/max98088.c
2 issues
Line: 1577
Column: 30
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char **t;
int ret;
struct snd_kcontrol_new controls[] = {
SOC_ENUM_EXT((char *)eq_mode_name[0],
max98088->eq_enum,
max98088_get_eq_enum,
max98088_put_eq_enum),
SOC_ENUM_EXT((char *)eq_mode_name[1],
max98088->eq_enum,
Reported by FlawFinder.
Line: 1581
Column: 30
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
max98088->eq_enum,
max98088_get_eq_enum,
max98088_put_eq_enum),
SOC_ENUM_EXT((char *)eq_mode_name[1],
max98088->eq_enum,
max98088_get_eq_enum,
max98088_put_eq_enum),
};
BUILD_BUG_ON(ARRAY_SIZE(controls) != ARRAY_SIZE(eq_mode_name));
Reported by FlawFinder.
sound/soc/codecs/max98095.c
2 issues
Line: 1731
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret;
struct snd_kcontrol_new controls[] = {
SOC_ENUM_EXT((char *)bq_mode_name[0],
max98095->bq_enum,
max98095_get_bq_enum,
max98095_put_bq_enum),
SOC_ENUM_EXT((char *)bq_mode_name[1],
max98095->bq_enum,
Reported by FlawFinder.
Line: 1735
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
max98095->bq_enum,
max98095_get_bq_enum,
max98095_put_bq_enum),
SOC_ENUM_EXT((char *)bq_mode_name[1],
max98095->bq_enum,
max98095_get_bq_enum,
max98095_put_bq_enum),
};
BUILD_BUG_ON(ARRAY_SIZE(controls) != ARRAY_SIZE(bq_mode_name));
Reported by FlawFinder.
sound/soc/codecs/max98390.c
2 issues
Line: 758
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret;
int param_size, param_start_addr;
char filename[128];
const char *vendor, *product;
struct max98390_priv *max98390 =
snd_soc_component_get_drvdata(component);
const struct firmware *fw;
char *dsm_param;
Reported by FlawFinder.
Line: 772
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
snprintf(filename, sizeof(filename), "dsm_param_%s_%s.bin",
vendor, product);
} else {
sprintf(filename, "dsm_param.bin");
}
ret = request_firmware(&fw, filename, component->dev);
if (ret) {
ret = request_firmware(&fw, "dsm_param.bin", component->dev);
if (ret)
Reported by FlawFinder.
sound/soc/codecs/msm8916-wcd-digital.c
2 issues
Line: 441
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
coeff[3] = get_iir_band_coeff(component, iir_idx, band_idx, 3);
coeff[4] = get_iir_band_coeff(component, iir_idx, band_idx, 4);
memcpy(ucontrol->value.bytes.data, &coeff[0], params->max);
return 0;
}
static void set_iir_band_coeff(struct snd_soc_component *component,
Reported by FlawFinder.
Line: 481
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int band_idx = ctl->band_idx;
u32 coeff[BAND_MAX];
memcpy(&coeff[0], ucontrol->value.bytes.data, params->max);
/* Mask top bit it is reserved */
/* Updates addr automatically for each B2 write */
snd_soc_component_write(component,
(LPASS_CDC_IIR1_COEF_B1_CTL + 64 * iir_idx),
Reported by FlawFinder.
sound/soc/codecs/rt5677-spi.c
2 issues
Line: 438
Column: 38
CWE codes:
120
20
* @len: number of bytes to transfer with the selected command
* Returns the selected command
*/
static u8 rt5677_spi_select_cmd(bool read, u32 align, u32 remain, u32 *len)
{
u8 cmd;
if (align == 4 || remain <= 4) {
cmd = RT5677_SPI_READ_32;
Reported by FlawFinder.
Line: 450
Column: 9
CWE codes:
120
20
*len = (((remain - 1) >> 3) + 1) << 3;
*len = min_t(u32, *len, RT5677_SPI_BURST_LEN);
}
return read ? cmd : cmd + 1;
}
/* Copy dstlen bytes from src to dst, while reversing byte order for each word.
* If srclen < dstlen, zeros are padded.
*/
Reported by FlawFinder.