The following issues were found
net/rxrpc/call_object.c
2 issues
Line: 18
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <net/af_rxrpc.h>
#include "ar-internal.h"
const char *const rxrpc_call_states[NR__RXRPC_CALL_STATES] = {
[RXRPC_CALL_UNINITIALISED] = "Uninit ",
[RXRPC_CALL_CLIENT_AWAIT_CONN] = "ClWtConn",
[RXRPC_CALL_CLIENT_SEND_REQUEST] = "ClSndReq",
[RXRPC_CALL_CLIENT_AWAIT_REPLY] = "ClAwtRpl",
[RXRPC_CALL_CLIENT_RECV_REPLY] = "ClRcvRpl",
Reported by FlawFinder.
Line: 33
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[RXRPC_CALL_COMPLETE] = "Complete",
};
const char *const rxrpc_call_completions[NR__RXRPC_CALL_COMPLETIONS] = {
[RXRPC_CALL_SUCCEEDED] = "Complete",
[RXRPC_CALL_REMOTELY_ABORTED] = "RmtAbort",
[RXRPC_CALL_LOCALLY_ABORTED] = "LocAbort",
[RXRPC_CALL_LOCAL_ERROR] = "LocError",
[RXRPC_CALL_NETWORK_ERROR] = "NetError",
Reported by FlawFinder.
sound/soc/sprd/sprd-pcm-dma.h
2 issues
Line: 15
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dma_addr_t dev_phys[SPRD_PCM_CHANNEL_MAX];
u32 datawidth[SPRD_PCM_CHANNEL_MAX];
u32 fragment_len[SPRD_PCM_CHANNEL_MAX];
const char *chan_name[SPRD_PCM_CHANNEL_MAX];
};
struct sprd_compr_playinfo {
int total_time;
int current_time;
Reported by FlawFinder.
Line: 43
Column: 8
CWE codes:
362
};
struct sprd_compr_ops {
int (*open)(int str_id, struct sprd_compr_callback *cb);
int (*close)(int str_id);
int (*start)(int str_id);
int (*stop)(int str_id);
int (*pause)(int str_id);
int (*pause_release)(int str_id);
Reported by FlawFinder.
sound/soc/stm/stm32_spdifrx.c
2 issues
Line: 244
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dma_addr_t phys_addr;
spinlock_t lock; /* Sync enabling lock */
spinlock_t irq_lock; /* Prevent race condition on stream state */
unsigned char cs[SPDIFRX_CS_BYTES_NB];
unsigned char ub[SPDIFRX_UB_BYTES_NB];
int irq;
int refcount;
};
Reported by FlawFinder.
Line: 245
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t lock; /* Sync enabling lock */
spinlock_t irq_lock; /* Prevent race condition on stream state */
unsigned char cs[SPDIFRX_CS_BYTES_NB];
unsigned char ub[SPDIFRX_UB_BYTES_NB];
int irq;
int refcount;
};
static void stm32_spdifrx_dma_complete(void *data)
Reported by FlawFinder.
sound/soc/tegra/tegra30_i2s.h
2 issues
Line: 230
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk *clk_i2s;
enum tegra30_ahub_txcif capture_i2s_cif;
enum tegra30_ahub_rxcif capture_fifo_cif;
char capture_dma_chan[8];
struct snd_dmaengine_dai_dma_data capture_dma_data;
enum tegra30_ahub_rxcif playback_i2s_cif;
enum tegra30_ahub_txcif playback_fifo_cif;
char playback_dma_chan[8];
struct snd_dmaengine_dai_dma_data playback_dma_data;
Reported by FlawFinder.
Line: 234
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_dmaengine_dai_dma_data capture_dma_data;
enum tegra30_ahub_rxcif playback_i2s_cif;
enum tegra30_ahub_txcif playback_fifo_cif;
char playback_dma_chan[8];
struct snd_dmaengine_dai_dma_data playback_dma_data;
struct regmap *regmap;
struct snd_dmaengine_pcm_config dma_config;
};
Reported by FlawFinder.
sound/soc/ti/omap-mcbsp-st.c
2 issues
Line: 247
Column: 13
CWE codes:
134
Suggestion:
Make format string constant
spin_lock_irq(&mcbsp->lock);
for (i = 0; i < st_data->nr_taps; i++)
status += sprintf(&buf[status], (i ? ", %d" : "%d"),
st_data->taps[i]);
if (i)
status += sprintf(&buf[status], "\n");
spin_unlock_irq(&mcbsp->lock);
Reported by FlawFinder.
Line: 250
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
status += sprintf(&buf[status], (i ? ", %d" : "%d"),
st_data->taps[i]);
if (i)
status += sprintf(&buf[status], "\n");
spin_unlock_irq(&mcbsp->lock);
return status;
}
Reported by FlawFinder.
sound/usb/mixer_s1810c.c
2 issues
Line: 479
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
snd_s1810c_line_sw_info(struct snd_kcontrol *kctl,
struct snd_ctl_elem_info *uinfo)
{
static const char *const texts[2] = {
"Preamp On (Mic/Inst)",
"Preamp Off (Line in)"
};
return snd_ctl_enum_info(uinfo, 1, ARRAY_SIZE(texts), texts);
Reported by FlawFinder.
Line: 518
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
snd_s1810c_ab_sw_info(struct snd_kcontrol *kctl,
struct snd_ctl_elem_info *uinfo)
{
static const char *const texts[2] = {
"1/2",
"3/4"
};
return snd_ctl_enum_info(uinfo, 1, ARRAY_SIZE(texts), texts);
Reported by FlawFinder.
net/sched/cls_flower.c
2 issues
Line: 1144
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ERANGE;
}
opt->length = data_len / 4;
memcpy(opt->opt_data, nla_data(data), data_len);
}
if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
opt->opt_class = nla_get_be16(class);
Reported by FlawFinder.
Line: 1722
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const void *psrc = fl_key_get_start(&src->key, src);
void *pdst = fl_key_get_start(&dst->key, src);
memcpy(pdst, psrc, fl_mask_range(src));
dst->range = src->range;
}
static const struct rhashtable_params fl_ht_params = {
.key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
Reported by FlawFinder.
net/sched/cls_bpf.c
2 issues
Line: 552
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nla == NULL)
return -EMSGSIZE;
memcpy(nla_data(nla), prog->bpf_ops, nla_len(nla));
return 0;
}
static int cls_bpf_dump_ebpf_info(const struct cls_bpf_prog *prog,
Reported by FlawFinder.
Line: 573
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (nla == NULL)
return -EMSGSIZE;
memcpy(nla_data(nla), prog->filter->tag, nla_len(nla));
return 0;
}
static int cls_bpf_dump(struct net *net, struct tcf_proto *tp, void *fh,
Reported by FlawFinder.
net/sched/act_pedit.c
2 issues
Line: 230
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p->tcfp_keys = keys;
p->tcfp_nkeys = parm->nkeys;
}
memcpy(p->tcfp_keys, parm->keys, ksize);
p->tcfp_flags = parm->flags;
goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch);
kfree(p->tcfp_keys_ex);
Reported by FlawFinder.
Line: 437
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOBUFS;
spin_lock_bh(&p->tcf_lock);
memcpy(opt->keys, p->tcfp_keys, flex_array_size(opt, keys, p->tcfp_nkeys));
opt->index = p->tcf_index;
opt->nkeys = p->tcfp_nkeys;
opt->flags = p->tcfp_flags;
opt->action = p->tcf_action;
opt->refcnt = refcount_read(&p->tcf_refcnt) - ref;
Reported by FlawFinder.
net/sched/act_ipt.c
2 issues
Line: 294
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
c.bindcnt = atomic_read(&ipt->tcf_bindcnt) - bind;
c.refcnt = refcount_read(&ipt->tcf_refcnt) - ref;
strcpy(t->u.user.name, ipt->tcfi_t->u.kernel.target->name);
if (nla_put(skb, TCA_IPT_TARG, ipt->tcfi_t->u.user.target_size, t) ||
nla_put_u32(skb, TCA_IPT_INDEX, ipt->tcf_index) ||
nla_put_u32(skb, TCA_IPT_HOOK, ipt->tcfi_hook) ||
nla_put(skb, TCA_IPT_CNT, sizeof(struct tc_cnt), &c) ||
Reported by FlawFinder.
Line: 170
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
goto err1;
if (tb[TCA_IPT_TABLE] == NULL ||
nla_strscpy(tname, tb[TCA_IPT_TABLE], IFNAMSIZ) >= IFNAMSIZ)
strcpy(tname, "mangle");
t = kmemdup(td, td->u.target_size, GFP_KERNEL);
if (unlikely(!t))
goto err2;
Reported by FlawFinder.