The following issues were found
drivers/mtd/maps/ck804xrom.c
2 issues
Line: 234
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(((unsigned long)(window->virt)) + offset);
map->map.size = 0xffffffffUL - map_top + 1UL;
/* Set the name of the map to the address I am trying */
sprintf(map->map_name, "%s @%08Lx",
MOD_NAME, (unsigned long long)map->map.phys);
/* There is no generic VPP support */
for(map->map.bankwidth = 32; map->map.bankwidth;
map->map.bankwidth >>= 1)
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct map_info map;
struct mtd_info *mtd;
struct resource rsrc;
char map_name[sizeof(MOD_NAME) + 2 + ADDRESS_NAME_LEN];
};
/*
* The following applies to ck804 only:
* The 2 bits controlling the window size are often set to allow reading
Reported by FlawFinder.
drivers/misc/habanalabs/gaudi/gaudi_hwmgr.c
2 issues
Line: 64
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
gaudi->max_freq_value = value;
return sprintf(buf, "%lu\n", (value / 1000 / 1000));
}
static ssize_t clk_max_freq_mhz_store(struct device *dev,
struct device_attribute *attr, const char *buf, size_t count)
{
Reported by FlawFinder.
Line: 105
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
value = hl_get_frequency(hdev, HL_GAUDI_MME_PLL, true);
return sprintf(buf, "%lu\n", (value / 1000 / 1000));
}
static DEVICE_ATTR_RW(clk_max_freq_mhz);
static DEVICE_ATTR_RO(clk_cur_freq_mhz);
Reported by FlawFinder.
drivers/media/dvb-frontends/si2168.c
2 issues
Line: 16
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void cmd_init(struct si2168_cmd *cmd, const u8 *buf, int wlen, int rlen)
{
memcpy(cmd->args, buf, wlen);
cmd->wlen = wlen;
cmd->rlen = rlen;
}
/* execute firmware command */
Reported by FlawFinder.
Line: 744
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_kfree;
/* create dvb_frontend */
memcpy(&dev->fe.ops, &si2168_ops, sizeof(struct dvb_frontend_ops));
dev->fe.demodulator_priv = client;
*config->i2c_adapter = dev->muxc->adapter[0];
*config->fe = &dev->fe;
dev->ts_mode = config->ts_mode;
dev->ts_clock_inv = config->ts_clock_inv;
Reported by FlawFinder.
drivers/mtd/maps/esb2rom.c
2 issues
Line: 294
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(((unsigned long)(window->virt)) + offset);
map->map.size = 0xffffffffUL - map_top + 1UL;
/* Set the name of the map to the address I am trying */
sprintf(map->map_name, "%s @%08Lx",
MOD_NAME, (unsigned long long)map->map.phys);
/* Firmware hubs only use vpp when being programmed
* in a factory setting. So in-place programming
* needs to use a different method.
Reported by FlawFinder.
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct map_info map;
struct mtd_info *mtd;
struct resource rsrc;
char map_name[sizeof(MOD_NAME) + 2 + ADDRESS_NAME_LEN];
};
static struct esb2rom_window esb2rom_window = {
.maps = LIST_HEAD_INIT(esb2rom_window.maps),
};
Reported by FlawFinder.
drivers/mtd/maps/ichxrom.c
2 issues
Line: 228
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(((unsigned long)(window->virt)) + offset);
map->map.size = 0xffffffffUL - map_top + 1UL;
/* Set the name of the map to the address I am trying */
sprintf(map->map_name, "%s @%08Lx",
MOD_NAME, (unsigned long long)map->map.phys);
/* Firmware hubs only use vpp when being programmed
* in a factory setting. So in-place programming
* needs to use a different method.
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct map_info map;
struct mtd_info *mtd;
struct resource rsrc;
char map_name[sizeof(MOD_NAME) + 2 + ADDRESS_NAME_LEN];
};
static struct ichxrom_window ichxrom_window = {
.maps = LIST_HEAD_INIT(ichxrom_window.maps),
};
Reported by FlawFinder.
drivers/media/pci/cx23885/cx23888-ir.c
2 issues
Line: 686
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct cx23888_ir_state *state = to_state(sd);
mutex_lock(&state->rx_params_lock);
memcpy(p, &state->rx_params, sizeof(struct v4l2_subdev_ir_parameters));
mutex_unlock(&state->rx_params_lock);
return 0;
}
static int cx23888_ir_rx_shutdown(struct v4l2_subdev *sd)
Reported by FlawFinder.
Line: 816
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct cx23888_ir_state *state = to_state(sd);
mutex_lock(&state->tx_params_lock);
memcpy(p, &state->tx_params, sizeof(struct v4l2_subdev_ir_parameters));
mutex_unlock(&state->tx_params_lock);
return 0;
}
static int cx23888_ir_tx_shutdown(struct v4l2_subdev *sd)
Reported by FlawFinder.
drivers/mfd/max8925-i2c.c
2 issues
Line: 37
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline int max8925_write_device(struct i2c_client *i2c,
int reg, int bytes, void *src)
{
unsigned char buf[9];
int ret;
buf[0] = (unsigned char)reg;
memcpy(&buf[1], src, bytes);
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int ret;
buf[0] = (unsigned char)reg;
memcpy(&buf[1], src, bytes);
ret = i2c_master_send(i2c, buf, bytes + 1);
if (ret < 0)
return ret;
return 0;
Reported by FlawFinder.
drivers/media/dvb-frontends/s5h1420.c
2 issues
Line: 852
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m[0].buf = tx_open;
m[0].len = 2;
memcpy(&m[1], msg, sizeof(struct i2c_msg) * num);
return i2c_transfer(state->i2c, m, 1 + num) == 1 + num ? num : -EIO;
}
static const struct i2c_algorithm s5h1420_tuner_i2c_algo = {
Reported by FlawFinder.
Line: 901
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
state->shadow[i] = s5h1420_readreg(state, i);
/* create dvb_frontend */
memcpy(&state->frontend.ops, &s5h1420_ops, sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
/* create tuner i2c adapter */
strscpy(state->tuner_i2c_adapter.name, "S5H1420-PN1010 tuner I2C bus",
sizeof(state->tuner_i2c_adapter.name));
Reported by FlawFinder.
drivers/net/ethernet/amd/pcnet32.c
2 issues
Line: 929
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void pcnet32_get_strings(struct net_device *dev, u32 stringset,
u8 *data)
{
memcpy(data, pcnet32_gstrings_test, sizeof(pcnet32_gstrings_test));
}
static int pcnet32_get_sset_count(struct net_device *dev, int sset)
{
switch (sset) {
Reported by FlawFinder.
Line: 1778
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_cont(" warning: CSR address invalid,\n");
pr_info(" using instead PROM address of");
}
memcpy(dev->dev_addr, promaddr, ETH_ALEN);
}
}
/* if the ethernet address is not valid, force to 00:00:00:00:00:00 */
if (!is_valid_ether_addr(dev->dev_addr))
Reported by FlawFinder.
drivers/media/pci/smipcie/smipcie.h
2 issues
Line: 232
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct smi_rc {
struct smi_dev *dev;
struct rc_dev *rc_dev;
char input_phys[64];
char device_name[64];
u8 irData[256];
int users;
};
Reported by FlawFinder.
Line: 233
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct smi_dev *dev;
struct rc_dev *rc_dev;
char input_phys[64];
char device_name[64];
u8 irData[256];
int users;
};
Reported by FlawFinder.