The following issues were found
drivers/mtd/devices/ms02-nv.c
2 issues
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct ms02nv_private *mp = mtd->priv;
memcpy(buf, mp->uaddr + from, len);
*retlen = len;
return 0;
}
static int ms02nv_write(struct mtd_info *mtd, loff_t to,
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct ms02nv_private *mp = mtd->priv;
memcpy(mp->uaddr + to, buf, len);
*retlen = len;
return 0;
}
Reported by FlawFinder.
drivers/media/usb/gspca/sonixb.c
2 issues
Line: 474
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (gspca_dev->usb_err < 0)
return;
memcpy(gspca_dev->usb_buf, buffer, len);
res = usb_control_msg(gspca_dev->dev,
usb_sndctrlpipe(gspca_dev->dev, 0),
0x08, /* request */
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_INTERFACE,
value,
Reported by FlawFinder.
Line: 1097
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mode = cam->cam_mode[gspca_dev->curr_mode].priv & 0x07;
/* Copy registers 0x01 - 0x19 from the template */
memcpy(®s[0x01], sensor_data[sd->sensor].bridge_init, 0x19);
/* Set the mode */
regs[0x18] |= mode << 4;
/* Set bridge gain to 1.0 */
if (sd->bridge == BRIDGE_103) {
Reported by FlawFinder.
drivers/mtd/devices/mtdram.c
2 issues
Line: 102
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int ram_read(struct mtd_info *mtd, loff_t from, size_t len,
size_t *retlen, u_char *buf)
{
memcpy(buf, mtd->priv + from, len);
*retlen = len;
return 0;
}
static int ram_write(struct mtd_info *mtd, loff_t to, size_t len,
Reported by FlawFinder.
Line: 110
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int ram_write(struct mtd_info *mtd, loff_t to, size_t len,
size_t *retlen, const u_char *buf)
{
memcpy((char *)mtd->priv + to, buf, len);
*retlen = len;
return 0;
}
static void __exit cleanup_mtdram(void)
Reported by FlawFinder.
drivers/mfd/kempld-core.c
2 issues
Line: 19
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/acpi.h>
#define MAX_ID_LEN 4
static char force_device_id[MAX_ID_LEN + 1] = "";
module_param_string(force_device_id, force_device_id,
sizeof(force_device_id), 0);
MODULE_PARM_DESC(force_device_id, "Override detected product");
/*
Reported by FlawFinder.
Line: 468
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count = 0;
list_for_each_entry(rentry, &resource_list, node) {
memcpy(&resources[count], rentry->res,
sizeof(*resources));
count++;
}
ret = platform_device_add_resources(pdev, resources, count);
Reported by FlawFinder.
drivers/net/ethernet/aeroflex/greth.c
2 issues
Line: 427
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bdp = greth->tx_bd_base + greth->tx_next;
dma_addr = greth_read_bd(&bdp->addr);
memcpy((unsigned char *) phys_to_virt(dma_addr), skb->data, skb->len);
dma_sync_single_for_device(greth->dev, dma_addr, skb->len, DMA_TO_DEVICE);
status = GRETH_BD_EN | GRETH_BD_IE | (skb->len & GRETH_BD_LEN);
greth->tx_bufs_length[greth->tx_next] = skb->len & GRETH_BD_LEN;
Reported by FlawFinder.
Line: 1028
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
GRETH_REGSAVE(regs->esa_msb, dev->dev_addr[0] << 8 | dev->dev_addr[1]);
GRETH_REGSAVE(regs->esa_lsb, dev->dev_addr[2] << 24 | dev->dev_addr[3] << 16 |
dev->dev_addr[4] << 8 | dev->dev_addr[5]);
return 0;
Reported by FlawFinder.
drivers/net/ethernet/aeroflex/greth.h
2 issues
Line: 105
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sk_buff *rx_skbuff[GRETH_RXBD_NUM];
struct sk_buff *tx_skbuff[GRETH_TXBD_NUM];
unsigned char *tx_bufs[GRETH_TXBD_NUM];
unsigned char *rx_bufs[GRETH_RXBD_NUM];
u16 tx_bufs_length[GRETH_TXBD_NUM];
u16 tx_next;
u16 tx_last;
Reported by FlawFinder.
Line: 106
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sk_buff *tx_skbuff[GRETH_TXBD_NUM];
unsigned char *tx_bufs[GRETH_TXBD_NUM];
unsigned char *rx_bufs[GRETH_RXBD_NUM];
u16 tx_bufs_length[GRETH_TXBD_NUM];
u16 tx_next;
u16 tx_last;
u16 tx_free; /* only used on 10/100Mbit */
Reported by FlawFinder.
drivers/net/ethernet/agere/et131x.c
2 issues
Line: 2527
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
remainder = frag - thiscopy;
}
memcpy(tx_ring->tx_desc_ring + INDEX10(tx_ring->send_idx),
desc,
sizeof(struct tx_desc) * thiscopy);
add_10bit(&tx_ring->send_idx, thiscopy);
Reported by FlawFinder.
Line: 2540
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (remainder) {
memcpy(tx_ring->tx_desc_ring,
desc + thiscopy,
sizeof(struct tx_desc) * remainder);
add_10bit(&tx_ring->send_idx, remainder);
}
Reported by FlawFinder.
drivers/media/usb/stk1160/stk1160-v4l.c
2 issues
Line: 557
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* S-Video special handling */
if (i->index == STK1160_SVIDEO_INPUT)
sprintf(i->name, "S-Video");
else
sprintf(i->name, "Composite%d", i->index);
i->type = V4L2_INPUT_TYPE_CAMERA;
i->std = dev->vdev.tvnorms;
Reported by FlawFinder.
Line: 559
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (i->index == STK1160_SVIDEO_INPUT)
sprintf(i->name, "S-Video");
else
sprintf(i->name, "Composite%d", i->index);
i->type = V4L2_INPUT_TYPE_CAMERA;
i->std = dev->vdev.tvnorms;
return 0;
}
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb4vf/adapter.h
2 issues
Line: 381
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* queue and interrupt resources */
struct {
unsigned short vec;
char desc[22];
} msix_info[MSIX_ENTRIES];
struct sge sge;
/* Linux network device resources */
struct net_device *port[MAX_NPORTS];
Reported by FlawFinder.
Line: 510
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void t4_os_set_hw_addr(struct adapter *adapter, int pidx,
u8 hw_addr[])
{
memcpy(adapter->port[pidx]->dev_addr, hw_addr, ETH_ALEN);
}
/**
* netdev2pinfo - return the port_info structure associated with a net_device
* @dev: the netdev
Reported by FlawFinder.
drivers/mfd/max77620.c
2 issues
Line: 320
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 param_val;
int tperiod, fps_id;
int ret;
char fps_name[10];
switch (chip->chip_id) {
case MAX20024:
fps_max_period = MAX20024_FPS_PERIOD_MAX_US;
break;
Reported by FlawFinder.
Line: 337
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (fps_id = 0; fps_id < MAX77620_FPS_COUNT; fps_id++) {
sprintf(fps_name, "fps%d", fps_id);
if (of_node_name_eq(fps_np, fps_name))
break;
}
if (fps_id == MAX77620_FPS_COUNT) {
Reported by FlawFinder.