The following issues were found
drivers/media/usb/pwc/pwc.h
2 issues
Line: 246
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char vmirror; /* for ToUCaM series */
char power_save; /* Do powersaving for this cam */
unsigned char cmd_buf[13];
unsigned char *ctrl_buf;
struct urb *urbs[MAX_ISO_BUFS];
/*
Reported by FlawFinder.
Line: 280
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_USB_PWC_INPUT_EVDEV
struct input_dev *button_dev; /* webcam snapshot button input */
char button_phys[64];
#endif
/* controls */
struct v4l2_ctrl_handler ctrl_handler;
u16 saturation_fmt;
Reported by FlawFinder.
drivers/media/platform/ti-vpe/cal-video.c
2 issues
Line: 31
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Print Four-character-code (FOURCC) */
static char *fourcc_to_str(u32 fmt)
{
static char code[5];
code[0] = (unsigned char)(fmt & 0xff);
code[1] = (unsigned char)((fmt >> 8) & 0xff);
code[2] = (unsigned char)((fmt >> 16) & 0xff);
code[3] = (unsigned char)((fmt >> 24) & 0xff);
Reported by FlawFinder.
Line: 347
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -EINVAL;
inp->type = V4L2_INPUT_TYPE_CAMERA;
sprintf(inp->name, "Camera %u", inp->index);
return 0;
}
static int cal_g_input(struct file *file, void *priv, unsigned int *i)
{
Reported by FlawFinder.
drivers/net/ethernet/8390/axnet_cs.c
2 issues
Line: 380
Column: 12
CWE codes:
362
{
struct net_device *dev = link->priv;
if (link->open)
netif_device_detach(dev);
return 0;
}
Reported by FlawFinder.
Line: 391
Column: 12
CWE codes:
362
struct net_device *dev = link->priv;
struct axnet_dev *info = PRIV(dev);
if (link->open) {
if (info->active_low == 1)
pcmcia_write_config_byte(link, CISREG_CCSR, 0x04);
axnet_reset_8390(dev);
AX88190_init(dev, 1);
Reported by FlawFinder.
drivers/media/pci/cx88/cx88-dvb.c
2 issues
Line: 192
Column: 61
CWE codes:
362
return ret;
}
static void cx88_dvb_gate_ctrl(struct cx88_core *core, int open)
{
struct vb2_dvb_frontends *f;
struct vb2_dvb_frontend *fe;
if (!core->dvbdev)
Reported by FlawFinder.
Line: 211
Column: 57
CWE codes:
362
fe = vb2_dvb_get_frontend(f, f->gate);
if (fe && fe->dvb.frontend && fe->dvb.frontend->ops.i2c_gate_ctrl)
fe->dvb.frontend->ops.i2c_gate_ctrl(fe->dvb.frontend, open);
}
/* ------------------------------------------------------------------ */
static int dvico_fusionhdtv_demod_init(struct dvb_frontend *fe)
Reported by FlawFinder.
drivers/net/ethernet/8390/lib8390.c
2 issues
Line: 310
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ei_device *ei_local = netdev_priv(dev);
int send_length = skb->len, output_page;
unsigned long flags;
char buf[ETH_ZLEN];
char *data = skb->data;
if (skb->len < ETH_ZLEN) {
memset(buf, 0, ETH_ZLEN); /* more efficient than doing just the needed bits */
memcpy(buf, data, skb->len);
Reported by FlawFinder.
Line: 315
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (skb->len < ETH_ZLEN) {
memset(buf, 0, ETH_ZLEN); /* more efficient than doing just the needed bits */
memcpy(buf, data, skb->len);
send_length = ETH_ZLEN;
data = buf;
}
/* Mask interrupts from the ethercard.
Reported by FlawFinder.
drivers/md/raid5.h
2 issues
Line: 624
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* two caches.
*/
int active_name;
char cache_name[2][32];
struct kmem_cache *slab_cache; /* for allocating stripes */
struct mutex cache_size_mutex; /* Protect changes to cache size */
int seq_flush, seq_write;
int quiesce;
Reported by FlawFinder.
Line: 265
Column: 24
CWE codes:
120
20
struct bio_vec vec, rvec;
struct page *page, *orig_page;
unsigned int offset; /* offset of the page */
struct bio *toread, *read, *towrite, *written;
sector_t sector; /* sector of this page */
unsigned long flags;
u32 log_checksum;
unsigned short write_hint;
} dev[1]; /* allocated with extra space depending of RAID geometry */
Reported by FlawFinder.
drivers/media/pci/cx88/cx88-core.c
2 issues
Line: 385
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int cx88_risc_decode(u32 risc)
{
static const char * const instr[16] = {
[RISC_SYNC >> 28] = "sync",
[RISC_WRITE >> 28] = "write",
[RISC_WRITEC >> 28] = "writec",
[RISC_READ >> 28] = "read",
[RISC_READC >> 28] = "readc",
Reported by FlawFinder.
Line: 474
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
EXPORT_SYMBOL(cx88_sram_channel_dump);
static const char *cx88_pci_irqs[32] = {
"vid", "aud", "ts", "vip", "hst", "5", "6", "tm1",
"src_dma", "dst_dma", "risc_rd_err", "risc_wr_err",
"brdg_err", "src_dma_err", "dst_dma_err", "ipb_dma_err",
"i2c", "i2c_rack", "ir_smp", "gpio0", "gpio1"
};
Reported by FlawFinder.
drivers/net/ethernet/8390/ne2k-pci.c
2 issues
Line: 230
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct net_device *dev;
int i;
unsigned char SA_prom[32];
int start_page, stop_page;
int irq, reg0, chip_idx = ent->driver_data;
static unsigned int fnd_cnt;
long ioaddr;
int flags = pci_clone_list[chip_idx].flags;
Reported by FlawFinder.
Line: 393
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->ethtool_ops = &ne2k_pci_ethtool_ops;
NS8390_init(dev, 0);
memcpy(dev->dev_addr, SA_prom, dev->addr_len);
i = register_netdev(dev);
if (i)
goto err_out_free_netdev;
Reported by FlawFinder.
drivers/net/ethernet/8390/pcnet_cs.c
2 issues
Line: 656
Column: 12
CWE codes:
362
{
struct net_device *dev = link->priv;
if (link->open)
netif_device_detach(dev);
return 0;
}
Reported by FlawFinder.
Line: 666
Column: 12
CWE codes:
362
{
struct net_device *dev = link->priv;
if (link->open) {
pcnet_reset_8390(dev);
NS8390_init(dev, 1);
netif_device_attach(dev);
}
Reported by FlawFinder.
drivers/net/ethernet/8390/smc-ultra.c
2 issues
Line: 175
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!dev)
return ERR_PTR(-ENOMEM);
sprintf(dev->name, "eth%d", unit);
netdev_boot_setup_check(dev);
err = do_ultra_probe(dev);
if (err)
goto out;
Reported by FlawFinder.
Line: 364
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dev->irq = pnp_irq(idev, 0);
netdev_info(dev,
"smc-ultra.c: ISAPnP reports %s at i/o %#lx, irq %d.\n",
(char *) ultra_device_ids[i].driver_data,
dev->base_addr, dev->irq);
if (ultra_probe1(dev, dev->base_addr) != 0) { /* Shouldn't happen. */
netdev_err(dev,
"smc-ultra.c: Probe of ISAPnP card at %#lx failed.\n",
dev->base_addr);
Reported by FlawFinder.