The following issues were found
sound/soc/fsl/fsl_easrc.c
2 issues
Line: 1379
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct fsl_asrc *easrc = ctx->asrc;
enum asrc_pair_index index = ctx->index;
char name[8];
/* Example of dma name: ctx0_rx */
sprintf(name, "ctx%c_%cx", index + '0', dir == IN ? 'r' : 't');
return dma_request_slave_channel(&easrc->pdev->dev, name);
Reported by FlawFinder.
Line: 1382
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char name[8];
/* Example of dma name: ctx0_rx */
sprintf(name, "ctx%c_%cx", index + '0', dir == IN ? 'r' : 't');
return dma_request_slave_channel(&easrc->pdev->dev, name);
};
static const unsigned int easrc_rates[] = {
Reported by FlawFinder.
sound/soc/fsl/fsl_micfil.c
2 issues
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk *mclk;
struct snd_dmaengine_dai_dma_data dma_params_rx;
unsigned int dataline;
char name[32];
int irq[MICFIL_IRQ_LINES];
unsigned int mclk_streams;
int quality; /*QUALITY 2-0 bits */
bool slave_mode;
int channel_gain[8];
Reported by FlawFinder.
Line: 650
Column: 2
CWE codes:
120
return -ENOMEM;
micfil->pdev = pdev;
strncpy(micfil->name, np->name, sizeof(micfil->name) - 1);
micfil->soc = of_device_get_match_data(&pdev->dev);
/* ipg_clk is used to control the registers
* ipg_clk_app is used to operate the filter
Reported by FlawFinder.
net/sctp/bind_addr.c
2 issues
Line: 148
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!addr)
return -ENOMEM;
memcpy(&addr->a, new, min_t(size_t, sizeof(*new), new_size));
/* Fix up the port if it has not yet been set.
* Both v4 and v6 have the port at the same offset.
*/
if (!addr->a.v4.sin_port)
Reported by FlawFinder.
Line: 243
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
list_for_each_entry(addr, &bp->address_list, list) {
af = sctp_get_af_specific(addr->a.v4.sin_family);
len = af->to_addr_param(&addr->a, &rawaddr);
memcpy(addrparms.v, &rawaddr, len);
addrparms.v += len;
addrparms_len += len;
}
end_raw:
Reported by FlawFinder.
sound/soc/fsl/imx-es8328.c
2 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device *dev;
struct snd_soc_dai_link dai;
struct snd_soc_card card;
char codec_dai_name[DAI_NAME_SIZE];
char platform_name[DAI_NAME_SIZE];
int jack_gpio;
};
static struct snd_soc_jack_gpio headset_jack_gpios[] = {
Reported by FlawFinder.
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_soc_dai_link dai;
struct snd_soc_card card;
char codec_dai_name[DAI_NAME_SIZE];
char platform_name[DAI_NAME_SIZE];
int jack_gpio;
};
static struct snd_soc_jack_gpio headset_jack_gpios[] = {
{
Reported by FlawFinder.
sound/soc/fsl/imx-pcm-rpmsg.h
2 issues
Line: 414
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct param_r {
unsigned char audioindex;
unsigned char resp;
unsigned char reserved1[1];
unsigned int buffer_offset;
unsigned int reg_addr;
unsigned int reg_data;
unsigned char reserved2[4];
unsigned int buffer_tail;
Reported by FlawFinder.
Line: 418
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int buffer_offset;
unsigned int reg_addr;
unsigned int reg_data;
unsigned char reserved2[4];
unsigned int buffer_tail;
} __packed;
/* Struct of sent message */
struct rpmsg_s_msg {
Reported by FlawFinder.
sound/soc/fsl/imx-sgtl5000.c
2 issues
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct imx_sgtl5000_data {
struct snd_soc_dai_link dai;
struct snd_soc_card card;
char codec_dai_name[DAI_NAME_SIZE];
char platform_name[DAI_NAME_SIZE];
struct clk *codec_clk;
unsigned int clk_frequency;
};
Reported by FlawFinder.
Line: 22
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_soc_dai_link dai;
struct snd_soc_card card;
char codec_dai_name[DAI_NAME_SIZE];
char platform_name[DAI_NAME_SIZE];
struct clk *codec_clk;
unsigned int clk_frequency;
};
static int imx_sgtl5000_dai_init(struct snd_soc_pcm_runtime *rtd)
Reported by FlawFinder.
sound/soc/fsl/p1022_ds.c
2 issues
Line: 73
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int ssi_id; /* 0 = SSI1, 1 = SSI2, etc */
unsigned int dma_id[2]; /* 0 = DMA1, 1 = DMA2, etc */
unsigned int dma_channel_id[2]; /* 0 = ch 0, 1 = ch 1, etc*/
char platform_name[2][DAI_NAME_SIZE]; /* One for each DMA channel */
};
/**
* p1022_ds_machine_probe: initialize the board
*
Reported by FlawFinder.
Line: 253
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* capture. We support codecs that have separate DAIs for both playback
* and capture.
*/
memcpy(&mdata->dai[1], &mdata->dai[0], sizeof(struct snd_soc_dai_link));
/* The DAI names from the codec (snd_soc_dai_driver.name) */
mdata->dai[0].codecs->dai_name = "wm8776-hifi-playback";
mdata->dai[1].codecs->dai_name = "wm8776-hifi-capture";
Reported by FlawFinder.
sound/soc/fsl/p1022_rdk.c
2 issues
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int clk_frequency;
unsigned int dma_id[2]; /* 0 = DMA1, 1 = DMA2, etc */
unsigned int dma_channel_id[2]; /* 0 = ch 0, 1 = ch 1, etc*/
char platform_name[2][DAI_NAME_SIZE]; /* One for each DMA channel */
};
/**
* p1022_rdk_machine_probe: initialize the board
*
Reported by FlawFinder.
Line: 256
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* capture. We support codecs that have separate DAIs for both playback
* and capture.
*/
memcpy(&mdata->dai[1], &mdata->dai[0], sizeof(struct snd_soc_dai_link));
/* The DAI names from the codec (snd_soc_dai_driver.name) */
mdata->dai[0].codecs->dai_name = "wm8960-hifi";
mdata->dai[1].codecs->dai_name = mdata->dai[0].codecs->dai_name;
Reported by FlawFinder.
sound/soc/generic/audio-graph-card.c
2 issues
Line: 280
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct simple_dai_props *dai_props = simple_priv_to_props(priv, li->link);
struct device_node *top = dev->of_node;
struct device_node *ep = li->cpu ? cpu_ep : codec_ep;
char dai_name[64];
int ret;
dev_dbg(dev, "link_of DPCM (%pOF)\n", ep);
if (li->cpu) {
Reported by FlawFinder.
Line: 369
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_soc_dai_link *dai_link = simple_priv_to_link(priv, li->link);
struct snd_soc_dai_link_component *cpus = asoc_link_to_cpu(dai_link, 0);
struct snd_soc_dai_link_component *codecs = asoc_link_to_codec(dai_link, 0);
char dai_name[64];
int ret, is_single_links = 0;
dev_dbg(dev, "link_of (%pOF)\n", cpu_ep);
ret = graph_parse_node(priv, cpu_ep, li, &is_single_links);
Reported by FlawFinder.
net/sched/sch_tbf.c
2 issues
Line: 452
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
q->tokens = q->buffer;
q->ptokens = q->mtu;
memcpy(&q->rate, &rate, sizeof(struct psched_ratecfg));
memcpy(&q->peak, &peak, sizeof(struct psched_ratecfg));
sch_tree_unlock(sch);
err = 0;
Reported by FlawFinder.
Line: 453
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
q->ptokens = q->mtu;
memcpy(&q->rate, &rate, sizeof(struct psched_ratecfg));
memcpy(&q->peak, &peak, sizeof(struct psched_ratecfg));
sch_tree_unlock(sch);
err = 0;
tbf_offload_change(sch);
Reported by FlawFinder.