The following issues were found
sound/soc/codecs/rt711-sdca.c
2 issues
Line: 171
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned int btn_type = 0, offset, idx, val, owner;
int ret;
unsigned char buf[3];
/* get current UMP message owner */
ret = regmap_read(rt711->regmap,
SDW_SDCA_CTL(FUNC_NUM_HID, RT711_SDCA_ENT_HID01, RT711_SDCA_CTL_HIDTX_CURRENT_OWNER, 0),
&owner);
Reported by FlawFinder.
Line: 345
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
container_of(work, struct rt711_sdca_priv, jack_btn_check_work.work);
int btn_type = 0, ret, idx;
unsigned int det_mode, offset, val;
unsigned char buf[3];
ret = regmap_read(rt711->regmap,
SDW_SDCA_CTL(FUNC_NUM_JACK_CODEC, RT711_SDCA_ENT_GE49, RT711_SDCA_CTL_DETECTED_MODE, 0),
&det_mode);
if (ret < 0)
Reported by FlawFinder.
sound/soc/codecs/tas2552.c
2 issues
Line: 58
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
#define TAS2552_NUM_SUPPLIES 3
static const char *tas2552_supply_names[TAS2552_NUM_SUPPLIES] = {
"vbat", /* vbat voltage */
"iovdd", /* I/O Voltage */
"avdd", /* Analog DAC Voltage */
};
Reported by FlawFinder.
Line: 70
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2c_client *tas2552_client;
struct regulator_bulk_data supplies[TAS2552_NUM_SUPPLIES];
struct gpio_desc *enable_gpio;
unsigned char regs[TAS2552_VBAT_DATA];
unsigned int pll_clkin;
int pll_clk_id;
unsigned int pdm_clk;
int pdm_clk_id;
Reported by FlawFinder.
sound/soc/codecs/tscs454.c
2 issues
Line: 334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock(coeff_ram_lock);
memcpy(ucontrol->value.bytes.data,
&coeff_ram[ctl->addr * COEFF_SIZE], params->max);
mutex_unlock(coeff_ram_lock);
return 0;
Reported by FlawFinder.
Line: 436
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*coeff_ram_synced = false;
memcpy(&coeff_ram[ctl->addr * COEFF_SIZE],
ucontrol->value.bytes.data, params->max);
mutex_lock(&tscs454->pll1.lock);
mutex_lock(&tscs454->pll2.lock);
Reported by FlawFinder.
sound/soc/codecs/wcd9335.c
2 issues
Line: 4913
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct device *dev = wcd->dev;
memcpy(wcd->rx_chs, wcd9335_rx_chs, sizeof(wcd9335_rx_chs));
memcpy(wcd->tx_chs, wcd9335_tx_chs, sizeof(wcd9335_tx_chs));
wcd->sido_input_src = SIDO_SOURCE_INTERNAL;
wcd->sido_voltage = SIDO_VOLTAGE_NOMINAL_MV;
Reported by FlawFinder.
Line: 4914
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct device *dev = wcd->dev;
memcpy(wcd->rx_chs, wcd9335_rx_chs, sizeof(wcd9335_rx_chs));
memcpy(wcd->tx_chs, wcd9335_tx_chs, sizeof(wcd9335_tx_chs));
wcd->sido_input_src = SIDO_SOURCE_INTERNAL;
wcd->sido_voltage = SIDO_VOLTAGE_NOMINAL_MV;
return devm_snd_soc_register_component(dev, &wcd9335_component_drv,
Reported by FlawFinder.
sound/soc/codecs/wm2000.c
2 issues
Line: 47
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define WM2000_NUM_SUPPLIES 3
static const char *wm2000_supplies[WM2000_NUM_SUPPLIES] = {
"SPKVDD",
"DBVDD",
"DCVDD",
};
Reported by FlawFinder.
Line: 914
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wm2000->anc_download[0] = 0x80;
wm2000->anc_download[1] = 0x00;
memcpy(wm2000->anc_download + 2, fw->data, fw->size);
wm2000->anc_eng_ena = 1;
wm2000->anc_active = 1;
wm2000->spk_ena = 1;
wm2000->i2c = i2c;
Reported by FlawFinder.
sound/soc/codecs/wm8960.c
2 issues
Line: 228
static const DECLARE_TLV_DB_SCALE(lineinboost_tlv, -1500, 300, 1);
static const SNDRV_CTL_TLVD_DECLARE_DB_RANGE(micboost_tlv,
0, 1, TLV_DB_SCALE_ITEM(0, 1300, 0),
2, 3, TLV_DB_SCALE_ITEM(2000, 900, 0),
);
static const struct snd_kcontrol_new wm8960_snd_controls[] = {
SOC_DOUBLE_R_TLV("Capture Volume", WM8960_LINVOL, WM8960_RINVOL,
0, 63, 0, inpga_tlv),
Reported by Cppcheck.
Line: 1420
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return PTR_ERR(wm8960->regmap);
if (pdata)
memcpy(&wm8960->pdata, pdata, sizeof(struct wm8960_data));
else if (i2c->dev.of_node)
wm8960_set_pdata_from_of(i2c, &wm8960->pdata);
ret = wm8960_reset(wm8960->regmap);
if (ret != 0) {
Reported by FlawFinder.
sound/soc/codecs/wm8962.c
2 issues
Line: 39
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "wm8962.h"
#define WM8962_NUM_SUPPLIES 8
static const char *wm8962_supply_names[WM8962_NUM_SUPPLIES] = {
"DCVDD",
"DBVDD",
"AVDD",
"CPVDD",
"MICVDD",
Reported by FlawFinder.
Line: 3568
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* If platform data was supplied, update the default data in priv */
if (pdata) {
memcpy(&wm8962->pdata, pdata, sizeof(struct wm8962_pdata));
} else if (i2c->dev.of_node) {
ret = wm8962_set_pdata_from_of(i2c, &wm8962->pdata);
if (ret != 0)
return ret;
}
Reported by FlawFinder.
net/sctp/inqueue.c
2 issues
Line: 201
CWE codes:
682
}
chunk->chunk_hdr = ch;
chunk->chunk_end = ((__u8 *)ch) + SCTP_PAD4(ntohs(ch->length));
skb_pull(chunk->skb, sizeof(*ch));
chunk->subh.v = NULL; /* Subheader is no longer valid. */
if (chunk->chunk_end + sizeof(*ch) <= skb_tail_pointer(chunk->skb)) {
/* This is not a singleton */
Reported by Cppcheck.
Line: 201
CWE codes:
476
}
chunk->chunk_hdr = ch;
chunk->chunk_end = ((__u8 *)ch) + SCTP_PAD4(ntohs(ch->length));
skb_pull(chunk->skb, sizeof(*ch));
chunk->subh.v = NULL; /* Subheader is no longer valid. */
if (chunk->chunk_end + sizeof(*ch) <= skb_tail_pointer(chunk->skb)) {
/* This is not a singleton */
Reported by Cppcheck.
sound/soc/fsl/fsl-asoc-card.c
2 issues
Line: 102
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 asrc_rate;
snd_pcm_format_t asrc_format;
u32 dai_fmt;
char name[32];
};
/*
* This dapm route map exists for DPCM link only.
* The other routes shall go through Device Tree.
Reported by FlawFinder.
Line: 607
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Assign a default DAI format, and allow each card to overwrite it */
priv->dai_fmt = DAI_FMT_BASE;
memcpy(priv->dai_link, fsl_asoc_card_dai,
sizeof(struct snd_soc_dai_link) * ARRAY_SIZE(priv->dai_link));
priv->card.dapm_routes = audio_map;
priv->card.num_dapm_routes = ARRAY_SIZE(audio_map);
/* Diversify the card configurations */
Reported by FlawFinder.
net/sctp/diag.c
2 issues
Line: 89
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info = nla_data(attr);
list_for_each_entry_rcu(laddr, address_list, list) {
memcpy(info, &laddr->a, sizeof(laddr->a));
memset(info + sizeof(laddr->a), 0, addrlen - sizeof(laddr->a));
info += addrlen;
}
return 0;
Reported by FlawFinder.
Line: 113
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
info = nla_data(attr);
list_for_each_entry(from, &asoc->peer.transport_addr_list,
transports) {
memcpy(info, &from->ipaddr, sizeof(from->ipaddr));
memset(info + sizeof(from->ipaddr), 0,
addrlen - sizeof(from->ipaddr));
info += addrlen;
}
Reported by FlawFinder.