The following issues were found
sound/soc/intel/atom/sst-mfld-platform.h
2 issues
Line: 98
Column: 8
CWE codes:
362
struct compress_sst_ops {
const char *name;
int (*open)(struct device *dev,
struct snd_sst_params *str_params, struct sst_compress_cb *cb);
int (*stream_start)(struct device *dev, unsigned int str_id);
int (*stream_drop)(struct device *dev, unsigned int str_id);
int (*stream_drain)(struct device *dev, unsigned int str_id);
int (*stream_partial_drain)(struct device *dev, unsigned int str_id);
Reported by FlawFinder.
Line: 120
Column: 8
CWE codes:
362
};
struct sst_ops {
int (*open)(struct device *dev, struct snd_sst_params *str_param);
int (*stream_init)(struct device *dev, struct pcm_stream_info *str_info);
int (*stream_start)(struct device *dev, int str_id);
int (*stream_drop)(struct device *dev, int str_id);
int (*stream_pause)(struct device *dev, int str_id);
int (*stream_pause_release)(struct device *dev, int str_id);
Reported by FlawFinder.
sound/soc/intel/atom/sst/sst.c
2 issues
Line: 245
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ctx->fw_version.type == 0 && ctx->fw_version.major == 0 &&
ctx->fw_version.minor == 0 && ctx->fw_version.build == 0)
return sprintf(buf, "FW not yet loaded\n");
else
return sprintf(buf, "v%02x.%02x.%02x.%02x\n",
ctx->fw_version.type, ctx->fw_version.major,
ctx->fw_version.minor, ctx->fw_version.build);
Reported by FlawFinder.
Line: 247
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ctx->fw_version.minor == 0 && ctx->fw_version.build == 0)
return sprintf(buf, "FW not yet loaded\n");
else
return sprintf(buf, "v%02x.%02x.%02x.%02x\n",
ctx->fw_version.type, ctx->fw_version.major,
ctx->fw_version.minor, ctx->fw_version.build);
}
Reported by FlawFinder.
sound/soc/intel/atom/sst/sst_loader.c
2 issues
Line: 269
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy32_toio((void __iomem *)listnode->dstn,
listnode->src, listnode->size);
else
memcpy(listnode->dstn, listnode->src, listnode->size);
}
}
void sst_memcpy_free_resources(struct intel_sst_drv *sst_drv_ctx)
{
Reported by FlawFinder.
Line: 297
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
dev_dbg(sst->dev, "copied fw to %p", sst->fw_in_mem);
dev_dbg(sst->dev, "phys: %lx", (unsigned long)virt_to_phys(sst->fw_in_mem));
memcpy(sst->fw_in_mem, fw->data, fw->size);
retval = sst_parse_fw_memcpy(sst, fw->size, &sst->memcpy_list);
if (retval) {
dev_err(sst->dev, "Failed to parse fw\n");
kfree(sst->fw_in_mem);
sst->fw_in_mem = NULL;
Reported by FlawFinder.
sound/soc/intel/atom/sst/sst_pvt.c
2 issues
Line: 259
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->mrfld_header.p.header_low_payload);
if (fill_dsp) {
sst_fill_header_dsp(&dsp_hdr, cmd_id, pipe_id, mbox_data_len);
memcpy(msg->mailbox_data, &dsp_hdr, sizeof(dsp_hdr));
if (mbox_data_len) {
memcpy(msg->mailbox_data + sizeof(dsp_hdr),
mbox_data, mbox_data_len);
}
}
Reported by FlawFinder.
Line: 261
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sst_fill_header_dsp(&dsp_hdr, cmd_id, pipe_id, mbox_data_len);
memcpy(msg->mailbox_data, &dsp_hdr, sizeof(dsp_hdr));
if (mbox_data_len) {
memcpy(msg->mailbox_data + sizeof(dsp_hdr),
mbox_data, mbox_data_len);
}
}
if (sync)
Reported by FlawFinder.
sound/soc/intel/boards/broadwell.c
2 issues
Line: 147
Column: 21
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
.startup = broadwell_fe_startup,
};
SND_SOC_DAILINK_DEF(system,
DAILINK_COMP_ARRAY(COMP_CPU("System Pin")));
SND_SOC_DAILINK_DEF(offload0,
DAILINK_COMP_ARRAY(COMP_CPU("Offload0 Pin")));
Reported by FlawFinder.
Line: 183
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
.ops = &broadwell_fe_ops,
.dpcm_playback = 1,
.dpcm_capture = 1,
SND_SOC_DAILINK_REG(system, dummy, platform),
},
{
.name = "Offload0",
.stream_name = "Offload0 Playback",
.nonatomic = 1,
Reported by FlawFinder.
sound/soc/intel/boards/cht_bsw_rt5672.c
2 issues
Line: 461
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!drv)
return -ENOMEM;
strcpy(drv->codec_name, RT5672_I2C_DEFAULT);
/* find index of codec dai */
for (i = 0; i < ARRAY_SIZE(cht_dailink); i++) {
if (!strcmp(cht_dailink[i].codecs->name, RT5672_I2C_DEFAULT)) {
dai_index = i;
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cht_mc_private {
struct snd_soc_jack headset;
char codec_name[SND_ACPI_I2C_ID_LEN];
struct clk *mclk;
bool use_ssp0;
};
/* Headset jack detection DAPM pins */
Reported by FlawFinder.
sound/soc/intel/boards/cml_rt1011_rt5682.c
2 issues
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct card_private {
char codec_name[SND_ACPI_I2C_ID_LEN];
struct snd_soc_jack headset;
struct list_head hdmi_pcm_list;
bool common_hdmi_codec_drv;
};
Reported by FlawFinder.
Line: 322
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct card_private *ctx = snd_soc_card_get_drvdata(card);
struct snd_soc_component *component = NULL;
char jack_name[NAME_SIZE];
struct hdmi_pcm *pcm;
int ret, i = 0;
if (list_empty(&ctx->hdmi_pcm_list))
return -EINVAL;
Reported by FlawFinder.
sound/soc/intel/boards/haswell.c
2 issues
Line: 80
Column: 21
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
SND_SOC_DAILINK_DEF(dummy,
DAILINK_COMP_ARRAY(COMP_DUMMY()));
SND_SOC_DAILINK_DEF(system,
DAILINK_COMP_ARRAY(COMP_CPU("System Pin")));
SND_SOC_DAILINK_DEF(offload0,
DAILINK_COMP_ARRAY(COMP_CPU("Offload0 Pin")));
Reported by FlawFinder.
Line: 111
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
.trigger = {SND_SOC_DPCM_TRIGGER_POST, SND_SOC_DPCM_TRIGGER_POST},
.dpcm_playback = 1,
.dpcm_capture = 1,
SND_SOC_DAILINK_REG(system, dummy, platform),
},
{
.name = "Offload0",
.stream_name = "Offload0 Playback",
.nonatomic = 1,
Reported by FlawFinder.
net/sched/sch_frag.c
2 issues
Line: 41
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Reconstruct the MAC header. */
skb_push(skb, data->l2_len);
memcpy(skb->data, &data->l2_data, data->l2_len);
skb_postpush_rcsum(skb, skb->data, data->l2_len);
skb_reset_mac_header(skb);
return data->xmit(skb);
}
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data->vlan_tci = 0;
data->vlan_proto = skb->vlan_proto;
data->l2_len = hlen;
memcpy(&data->l2_data, skb->data, hlen);
memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
skb_pull(skb, hlen);
}
Reported by FlawFinder.
sound/soc/intel/boards/skl_hda_dsp_common.c
2 issues
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct skl_hda_private *ctx = snd_soc_card_get_drvdata(card);
struct skl_hda_hdmi_pcm *pcm;
char dai_name[NAME_SIZE];
pcm = devm_kzalloc(card->dev, sizeof(*pcm), GFP_KERNEL);
if (!pcm)
return -ENOMEM;
Reported by FlawFinder.
Line: 142
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct skl_hda_private *ctx = snd_soc_card_get_drvdata(card);
struct snd_soc_component *component = NULL;
struct skl_hda_hdmi_pcm *pcm;
char jack_name[NAME_SIZE];
int err;
if (ctx->common_hdmi_codec_drv)
return skl_hda_hdmi_build_controls(card);
Reported by FlawFinder.