The following issues were found
sound/soc/sh/rcar/adg.c
2 issues
Line: 634
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, fmt);
vsnprintf(msg, sizeof(msg), fmt, args);
va_end(args);
if (m)
seq_puts(m, msg);
else
Reported by FlawFinder.
Line: 630
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void dbg_msg(struct device *dev, struct seq_file *m,
const char *fmt, ...)
{
char msg[128];
va_list args;
va_start(args, fmt);
vsnprintf(msg, sizeof(msg), fmt, args);
va_end(args);
Reported by FlawFinder.
sound/soc/sh/rcar/core.c
2 issues
Line: 138
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MOD_NAME_SIZE 16
char *rsnd_mod_name(struct rsnd_mod *mod)
{
static char names[MOD_NAME_NUM][MOD_NAME_SIZE];
static int num;
char *name = names[num];
num++;
if (num >= MOD_NAME_NUM)
Reported by FlawFinder.
Line: 1188
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rsnd_node_fixed_index(struct device_node *node, char *name, int idx)
{
char node_name[16];
/*
* rsnd is assuming each device nodes are sequential numbering,
* but some of them are not.
* This function adjusts index for it.
Reported by FlawFinder.
sound/soc/sh/rcar/rsnd.h
2 issues
Line: 500
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
#define RSND_DAI_NAME_SIZE 16
struct rsnd_dai_stream {
char name[RSND_DAI_NAME_SIZE];
struct snd_pcm_substream *substream;
struct rsnd_mod *mod[RSND_MOD_MAX];
struct rsnd_mod *dma;
struct rsnd_dai *rdai;
struct device *dmac_dev; /* for IPMMU */
Reported by FlawFinder.
Line: 536
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rsnd_io_is_working(struct rsnd_dai_stream *io);
struct rsnd_dai {
char name[RSND_DAI_NAME_SIZE];
struct rsnd_dai_stream playback;
struct rsnd_dai_stream capture;
struct rsnd_priv *priv;
struct snd_pcm_hw_constraint_list constraint;
Reported by FlawFinder.
sound/soc/sof/control.c
2 issues
Line: 265
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = data->size + sizeof(*data);
/* copy back to kcontrol */
memcpy(ucontrol->value.bytes.data, data, size);
return 0;
}
int snd_sof_bytes_put(struct snd_kcontrol *kcontrol,
Reported by FlawFinder.
Line: 299
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = data->size + sizeof(*data);
/* copy from kcontrol */
memcpy(data, ucontrol->value.bytes.data, size);
/* notify DSP of byte control updates */
if (pm_runtime_active(scomp->dev))
snd_sof_ipc_set_get_comp_data(scontrol,
SOF_IPC_COMP_SET_DATA,
Reported by FlawFinder.
net/sched/em_canid.c
2 issues
Line: 155
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Fill rules_raw with EFF rules first */
for (i = 0; i < cm->rules_count; i++) {
if (conf[i].can_id & CAN_EFF_FLAG) {
memcpy(cm->rules_raw + cm->eff_rules_count,
&conf[i],
sizeof(struct can_filter));
cm->eff_rules_count++;
}
Reported by FlawFinder.
Line: 166
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* append SFF frame rules */
for (i = 0; i < cm->rules_count; i++) {
if (!(conf[i].can_id & CAN_EFF_FLAG)) {
memcpy(cm->rules_raw
+ cm->eff_rules_count
+ cm->sff_rules_count,
&conf[i], sizeof(struct can_filter));
cm->sff_rules_count++;
Reported by FlawFinder.
sound/soc/sof/intel/hda-ipc.c
2 issues
Line: 96
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reply.error = 0;
reply.hdr.cmd = SOF_IPC_GLB_REPLY;
reply.hdr.size = sizeof(reply);
memcpy(msg->reply_data, &reply, sizeof(reply));
goto out;
}
/* get IPC reply from DSP in the mailbox */
sof_mailbox_read(sdev, sdev->host_box.offset, &reply,
Reported by FlawFinder.
Line: 105
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(reply));
if (reply.error < 0) {
memcpy(msg->reply_data, &reply, sizeof(reply));
ret = reply.error;
} else {
/* reply correct size ? */
if (reply.hdr.size != msg->reply_size &&
/* getter payload is never known upfront */
Reported by FlawFinder.
net/sched/cls_u32.c
2 issues
Line: 831
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Similarly success statistics must be moved as pointers */
new->pcpu_success = n->pcpu_success;
#endif
memcpy(&new->sel, s, struct_size(s, keys, s->nkeys));
if (tcf_exts_init(&new->exts, net, TCA_U32_ACT, TCA_U32_POLICE)) {
kfree(new);
return NULL;
}
Reported by FlawFinder.
Line: 1037
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
#endif
memcpy(&n->sel, s, sel_size);
RCU_INIT_POINTER(n->ht_up, ht);
n->handle = handle;
n->fshift = s->hmask ? ffs(ntohl(s->hmask)) - 1 : 0;
n->flags = flags;
Reported by FlawFinder.
sound/soc/sof/loader.c
2 issues
Line: 73
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!sdev->cc_version)
return -ENOMEM;
memcpy(sdev->cc_version, cc, cc->ext_hdr.hdr.size);
ret = snd_sof_debugfs_buf_item(sdev, sdev->cc_version,
cc->ext_hdr.hdr.size,
"cc_version", 0444);
/* errors are only due to memory allocation, not debugfs */
Reported by FlawFinder.
Line: 157
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct sof_ext_man_fw_version *v =
container_of(hdr, struct sof_ext_man_fw_version, hdr);
memcpy(&sdev->fw_ready.version, &v->version, sizeof(v->version));
sdev->fw_ready.flags = v->flags;
/* log ABI versions and check FW compatibility */
return snd_sof_ipc_valid(sdev);
}
Reported by FlawFinder.
sound/soc/sof/ops.h
2 issues
Line: 282
Column: 21
CWE codes:
120
20
static inline u32 snd_sof_dsp_read(struct snd_sof_dev *sdev, u32 bar,
u32 offset)
{
if (sof_ops(sdev)->read)
return sof_ops(sdev)->read(sdev, sdev->bar[bar] + offset);
dev_err(sdev->dev, "error: %s not defined\n", __func__);
return -ENOTSUPP;
}
Reported by FlawFinder.
Line: 283
Column: 25
CWE codes:
120
20
u32 offset)
{
if (sof_ops(sdev)->read)
return sof_ops(sdev)->read(sdev, sdev->bar[bar] + offset);
dev_err(sdev->dev, "error: %s not defined\n", __func__);
return -ENOTSUPP;
}
Reported by FlawFinder.
sound/soc/sof/sof-audio.c
2 issues
Line: 200
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
dai = swidget->private;
memcpy(comp, &dai->comp_dai,
sizeof(struct sof_ipc_comp_dai));
/* append extended data to the end of the component */
memcpy((u8 *)comp + sizeof(struct sof_ipc_comp_dai),
&swidget->comp_ext, sizeof(swidget->comp_ext));
Reported by FlawFinder.
Line: 204
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct sof_ipc_comp_dai));
/* append extended data to the end of the component */
memcpy((u8 *)comp + sizeof(struct sof_ipc_comp_dai),
&swidget->comp_ext, sizeof(swidget->comp_ext));
ret = sof_ipc_tx_message(sdev->ipc, comp->hdr.cmd,
comp, ipc_size,
&r, sizeof(r));
Reported by FlawFinder.