The following issues were found
drivers/media/pci/cx25821/cx25821-core.c
2 issues
Line: 301
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int cx25821_risc_decode(u32 risc)
{
static const char * const instr[16] = {
[RISC_SYNC >> 28] = "sync",
[RISC_WRITE >> 28] = "write",
[RISC_WRITEC >> 28] = "writec",
[RISC_READ >> 28] = "read",
[RISC_READC >> 28] = "readc",
Reported by FlawFinder.
Line: 858
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_init(&dev->lock);
dev->nr = ++cx25821_devcount;
sprintf(dev->name, "cx25821[%d]", dev->nr);
if (dev->nr >= ARRAY_SIZE(card)) {
CX25821_INFO("dev->nr >= %zd", ARRAY_SIZE(card));
return -ENODEV;
}
Reported by FlawFinder.
drivers/net/ethernet/altera/altera_tse_main.c
2 issues
Line: 699
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
char phy_id_fmt[MII_BUS_ID_SIZE + 3];
if (priv->phy_addr != POLL_PHY) {
snprintf(phy_id_fmt, MII_BUS_ID_SIZE + 3, PHY_ID_FMT,
priv->mdio->id, priv->phy_addr);
netdev_dbg(dev, "trying to attach to %s\n", phy_id_fmt);
phydev = phy_connect(dev, phy_id_fmt, &altera_tse_adjust_link,
Reported by FlawFinder.
Line: 696
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct altera_tse_private *priv = netdev_priv(dev);
struct phy_device *phydev = NULL;
char phy_id_fmt[MII_BUS_ID_SIZE + 3];
if (priv->phy_addr != POLL_PHY) {
snprintf(phy_id_fmt, MII_BUS_ID_SIZE + 3, PHY_ID_FMT,
priv->mdio->id, priv->phy_addr);
Reported by FlawFinder.
drivers/media/pci/cx23885/netup-eeprom.c
2 issues
Line: 21
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int netup_eeprom_read(struct i2c_adapter *i2c_adap, u8 addr)
{
int ret;
unsigned char buf[2];
/* Read from EEPROM */
struct i2c_msg msg[] = {
{
.addr = EEPROM_I2C_ADDR,
Reported by FlawFinder.
Line: 55
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int netup_eeprom_write(struct i2c_adapter *i2c_adap, u8 addr, u8 data)
{
int ret;
unsigned char bufw[2];
/* Write into EEPROM */
struct i2c_msg msg[] = {
{
.addr = EEPROM_I2C_ADDR,
Reported by FlawFinder.
drivers/net/ethernet/amazon/ena/ena_eth_com.c
2 issues
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EFAULT;
}
memcpy(bounce_buffer + header_offset, header_src, header_len);
return 0;
}
static void *get_sq_desc_llq(struct ena_com_io_sq *io_sq)
Reported by FlawFinder.
Line: 341
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ena_com_meta_desc_changed(io_sq, ena_tx_ctx)) {
*have_meta = true;
/* Cache the meta desc */
memcpy(&io_sq->cached_tx_meta, ena_meta,
sizeof(struct ena_com_tx_meta));
return ena_com_create_meta(io_sq, ena_meta);
}
*have_meta = false;
Reported by FlawFinder.
drivers/mtd/inftlmount.c
2 issues
Line: 104
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* This is the first we've seen.
* Copy the media header structure into place.
*/
memcpy(mh, buf, sizeof(struct INFTLMediaHeader));
/* Read the spare media header at offset 4096 */
mtd_read(mtd, block * inftl->EraseSize + 4096, SECTORSIZE,
&retlen, buf);
if (retlen != SECTORSIZE) {
Reported by FlawFinder.
Line: 306
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i;
for (i = 0; i < n; i++) {
if (c != ((unsigned char *)a)[i])
return 1;
}
return 0;
}
Reported by FlawFinder.
drivers/net/ethernet/amazon/ena/ena_netdev.c
2 issues
Line: 4386
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
adapter->eni_stats_supported = false;
memcpy(adapter->netdev->perm_addr, adapter->mac_addr, netdev->addr_len);
netif_carrier_off(netdev);
rc = register_netdev(netdev);
if (rc) {
Reported by FlawFinder.
Line: 3172
Column: 2
CWE codes:
120
strlcpy(host_info->kernel_ver_str, utsname()->version,
sizeof(host_info->kernel_ver_str) - 1);
host_info->os_dist = 0;
strncpy(host_info->os_dist_str, utsname()->release,
sizeof(host_info->os_dist_str) - 1);
host_info->driver_version =
(DRV_MODULE_GEN_MAJOR) |
(DRV_MODULE_GEN_MINOR << ENA_ADMIN_HOST_INFO_MINOR_SHIFT) |
(DRV_MODULE_GEN_SUBMINOR << ENA_ADMIN_HOST_INFO_SUB_MINOR_SHIFT) |
Reported by FlawFinder.
drivers/net/ethernet/amazon/ena/ena_netdev.h
2 issues
Line: 128
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cpu;
u32 vector;
cpumask_t affinity_hint_mask;
char name[ENA_IRQNAME_SIZE];
};
struct ena_napi {
u8 first_interrupt ____cacheline_aligned;
u8 interrupts_masked;
Reported by FlawFinder.
Line: 354
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long keep_alive_timeout;
unsigned long missing_tx_completion_to;
char name[ENA_NAME_MAX_LEN];
unsigned long flags;
/* TX */
struct ena_ring tx_ring[ENA_MAX_NUM_IO_QUEUES]
____cacheline_aligned_in_smp;
Reported by FlawFinder.
drivers/net/ethernet/dlink/dl2k.h
2 issues
Line: 348
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Ioctl custom data */
struct ioctl_data {
char signature[10];
int cmd;
int len;
char *data;
};
Reported by FlawFinder.
Line: 397
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long cur_tx, old_tx;
struct timer_list timer;
int wake_polarity;
char name[256]; /* net device description */
u8 duplex_polarity;
u16 mcast_filter[4];
u16 advertising; /* NWay media advertisement */
u16 negotiate; /* Negotiated media */
int phy_addr; /* PHY addresses. */
Reported by FlawFinder.
drivers/media/dvb-frontends/sp887x.c
2 issues
Line: 180
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0] = 0xcf;
buf[1] = 0x0a;
memcpy(&buf[2], mem + i, c);
if ((err = i2c_writebytes (state, buf, c+2)) < 0) {
printk ("failed.\n");
printk ("%s: i2c error (err == %i)\n", __func__, err);
return err;
Reported by FlawFinder.
Line: 585
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sp887x_readreg(state, 0x0200) < 0) goto error;
/* create dvb_frontend */
memcpy(&state->frontend.ops, &sp887x_ops, sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
return &state->frontend;
error:
kfree(state);
Reported by FlawFinder.
drivers/mtd/maps/amd76xrom.c
2 issues
Line: 204
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(((unsigned long)(window->virt)) + offset);
map->map.size = 0xffffffffUL - map_top + 1UL;
/* Set the name of the map to the address I am trying */
sprintf(map->map_name, "%s @%08Lx",
MOD_NAME, (unsigned long long)map->map.phys);
/* There is no generic VPP support */
for(map->map.bankwidth = 32; map->map.bankwidth;
map->map.bankwidth >>= 1)
Reported by FlawFinder.
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct map_info map;
struct mtd_info *mtd;
struct resource rsrc;
char map_name[sizeof(MOD_NAME) + 2 + ADDRESS_NAME_LEN];
};
/* The 2 bits controlling the window size are often set to allow reading
* the BIOS, but too small to allow writing, since the lock registers are
* 4MiB lower in the address space than the data.
Reported by FlawFinder.