The following issues were found
drivers/net/dsa/microchip/ksz8795.c
2 issues
Line: 128
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct mib_names {
char string[ETH_GSTRING_LEN];
};
static const struct mib_names ksz87xx_mib_names[] = {
{ "rx_hi" },
{ "rx_undersize" },
Reported by FlawFinder.
Line: 992
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
for (i = 0; i < dev->mib_cnt; i++) {
memcpy(buf + i * ETH_GSTRING_LEN,
dev->mib_names[i].string, ETH_GSTRING_LEN);
}
}
static void ksz8_cfg_port_member(struct ksz_device *dev, int port, u8 member)
Reported by FlawFinder.
drivers/net/dsa/microchip/ksz9477.c
2 issues
Line: 27
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const struct {
int index;
char string[ETH_GSTRING_LEN];
} ksz9477_mib_names[TOTAL_SWITCH_COUNTER_NUM] = {
{ 0x00, "rx_hi" },
{ 0x01, "rx_undersize" },
{ 0x02, "rx_fragments" },
{ 0x03, "rx_oversize" },
Reported by FlawFinder.
Line: 385
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
for (i = 0; i < TOTAL_SWITCH_COUNTER_NUM; i++) {
memcpy(buf + i * ETH_GSTRING_LEN, ksz9477_mib_names[i].string,
ETH_GSTRING_LEN);
}
}
static void ksz9477_cfg_port_member(struct ksz_device *dev, int port,
Reported by FlawFinder.
drivers/media/platform/allegro-dvt/allegro-mail.c
2 issues
Line: 19
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *msg_type_name(enum mcu_msg_type type)
{
static char buf[9];
switch (type) {
case MCU_MSG_TYPE_INIT:
return "INIT";
case MCU_MSG_TYPE_CREATE_CHANNEL:
Reported by FlawFinder.
Line: 246
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (version >= MCU_MSG_VERSION_2019_2) {
dst[i++] = msg->blob_mcu_addr;
} else {
memcpy(&dst[i], msg->blob, msg->blob_size);
i += msg->blob_size / sizeof(*dst);
}
if (version >= MCU_MSG_VERSION_2019_2)
dst[i++] = msg->ep1_addr;
Reported by FlawFinder.
drivers/media/platform/qcom/venus/hfi_msgs.c
2 issues
Line: 265
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
smem_tbl_ptr = qcom_smem_get(QCOM_SMEM_HOST_ANY,
SMEM_IMG_VER_TBL, &smem_blk_sz);
if (smem_tbl_ptr && smem_blk_sz >= SMEM_IMG_OFFSET_VENUS + VER_STR_SZ)
memcpy(smem_tbl_ptr + SMEM_IMG_OFFSET_VENUS,
img_ver, VER_STR_SZ);
}
static void hfi_sys_property_info(struct venus_core *core,
struct venus_inst *inst, void *packet)
Reported by FlawFinder.
Line: 367
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return HFI_ERR_SESSION_INVALID_PARAMETER;
while (req_bytes) {
memcpy(&bufreq[idx], buf_req, sizeof(*bufreq));
idx++;
if (idx > HFI_BUFFER_TYPE_MAX)
return HFI_ERR_SESSION_INVALID_PARAMETER;
Reported by FlawFinder.
drivers/media/dvb-frontends/tc90522.c
2 issues
Line: 682
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
p[0] = TC90522_I2C_THRU_REG;
p[1] = msgs[i].addr << 1;
memcpy(p + 2, msgs[i].buf, msgs[i].len);
new_msgs[j].buf = p;
new_msgs[j].len = msgs[i].len + 2;
p += new_msgs[j].len;
}
Reported by FlawFinder.
Line: 800
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&state->cfg, cfg, sizeof(state->cfg));
cfg->fe = state->cfg.fe = &state->fe;
ops = id->driver_data == 0 ? &tc90522_ops_sat : &tc90522_ops_ter;
memcpy(&state->fe.ops, ops, sizeof(*ops));
state->fe.demodulator_priv = state;
adap = &state->tuner_i2c;
adap->owner = THIS_MODULE;
adap->algo = &tc90522_tuner_i2c_algo;
Reported by FlawFinder.
drivers/md/dm-thin-metadata.c
2 issues
Line: 538
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void copy_sm_roots(struct dm_pool_metadata *pmd,
struct thin_disk_superblock *disk)
{
memcpy(&disk->metadata_space_map_root,
&pmd->metadata_space_map_root,
sizeof(pmd->metadata_space_map_root));
memcpy(&disk->data_space_map_root,
&pmd->data_space_map_root,
Reported by FlawFinder.
Line: 542
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&pmd->metadata_space_map_root,
sizeof(pmd->metadata_space_map_root));
memcpy(&disk->data_space_map_root,
&pmd->data_space_map_root,
sizeof(pmd->data_space_map_root));
}
static int __write_initial_superblock(struct dm_pool_metadata *pmd)
Reported by FlawFinder.
drivers/media/dvb-frontends/stv6111.c
2 issues
Line: 334
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u8 d[12];
memcpy(&d[1], &state->reg[reg], len);
d[0] = reg;
return i2c_write(state->i2c, state->adr, d, len + 1);
}
static int write_reg(struct stv *state, u8 reg, u8 val)
Reported by FlawFinder.
Line: 670
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
state->adr = adr;
state->i2c = i2c;
memcpy(&fe->ops.tuner_ops, &tuner_ops, sizeof(struct dvb_tuner_ops));
init_state(state);
if (fe->ops.i2c_gate_ctrl)
gatestat = fe->ops.i2c_gate_ctrl(fe, 1);
if (!gatestat)
Reported by FlawFinder.
drivers/media/platform/sti/hva/hva.h
2 issues
Line: 254
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hva_controls ctrls;
u8 id;
bool aborting;
char name[100];
struct work_struct run_work;
/* mutex protecting this data structure */
struct mutex lock;
u32 flags;
u32 frame_num;
Reported by FlawFinder.
Line: 394
Column: 9
CWE codes:
362
u32 pixelformat;
u32 max_width;
u32 max_height;
int (*open)(struct hva_ctx *ctx);
int (*close)(struct hva_ctx *ctx);
int (*encode)(struct hva_ctx *ctx, struct hva_frame *frame,
struct hva_stream *stream);
};
Reported by FlawFinder.
drivers/media/dvb-frontends/stv6110x.c
2 issues
Line: 75
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
buf[0] = start;
memcpy(&buf[1], data, len);
ret = i2c_transfer(stv6110x->i2c, &msg, 1);
if (ret != 1) {
dprintk(FE_ERROR, 1, "I/O Error");
return -EREMOTEIO;
Reported by FlawFinder.
Line: 340
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
u8 default_regs[] = {0x07, 0x11, 0xdc, 0x85, 0x17, 0x01, 0xe6, 0x1e};
memcpy(stv6110x->regs, default_regs, 8);
}
static void stv6110x_setup_divider(struct stv6110x_state *stv6110x)
{
switch (stv6110x->config->clk_div) {
Reported by FlawFinder.
drivers/net/dsa/mv88e6xxx/smi.h
2 issues
Line: 40
Column: 38
CWE codes:
120
20
static inline int mv88e6xxx_smi_read(struct mv88e6xxx_chip *chip,
int dev, int reg, u16 *data)
{
if (chip->smi_ops && chip->smi_ops->read)
return chip->smi_ops->read(chip, dev, reg, data);
return -EOPNOTSUPP;
}
Reported by FlawFinder.
Line: 41
Column: 25
CWE codes:
120
20
int dev, int reg, u16 *data)
{
if (chip->smi_ops && chip->smi_ops->read)
return chip->smi_ops->read(chip, dev, reg, data);
return -EOPNOTSUPP;
}
static inline int mv88e6xxx_smi_write(struct mv88e6xxx_chip *chip,
Reported by FlawFinder.