The following issues were found
drivers/net/ethernet/apm/xgene-v2/main.c
2 issues
Line: 42
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!device_get_mac_address(dev, ndev->dev_addr, ETH_ALEN))
eth_hw_addr_random(ndev);
memcpy(ndev->perm_addr, ndev->dev_addr, ndev->addr_len);
phy_mode = device_get_phy_mode(dev);
if (phy_mode < 0) {
dev_err(dev, "Unable to get phy-connection-type\n");
return phy_mode;
Reported by FlawFinder.
Line: 201
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_kfree_skb_any(skb);
return NETDEV_TX_OK;
}
memcpy(pkt_buf, skb->data, len);
addr_hi = GET_BITS(NEXT_DESC_ADDRH, le64_to_cpu(raw_desc->m1));
addr_lo = GET_BITS(NEXT_DESC_ADDRL, le64_to_cpu(raw_desc->m1));
raw_desc->m1 = cpu_to_le64(SET_BITS(NEXT_DESC_ADDRL, addr_lo) |
SET_BITS(NEXT_DESC_ADDRH, addr_hi) |
Reported by FlawFinder.
drivers/media/common/siano/smsir.h
2 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ir_t {
struct rc_dev *dev;
char name[40];
char phys[32];
char *rc_codes;
u32 timeout;
Reported by FlawFinder.
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ir_t {
struct rc_dev *dev;
char name[40];
char phys[32];
char *rc_codes;
u32 timeout;
u32 controller;
Reported by FlawFinder.
drivers/mtd/mtdswap.c
2 issues
Line: 167
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MTDSWAP_MBD_TO_MTDSWAP(dev) ((struct mtdswap_dev *)dev->priv)
static char partitions[128] = "";
module_param_string(partitions, partitions, sizeof(partitions), 0444);
MODULE_PARM_DESC(partitions, "MTD partition numbers to use as swap "
"partitions=\"1,3,5\"");
static unsigned int spare_eblocks = 10;
Reported by FlawFinder.
Line: 1072
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hd->info.last_page = d->mbd_dev->size - 1;
hd->info.nr_badpages = 0;
memcpy(buf + PAGE_SIZE - 10, "SWAPSPACE2", 10);
return 0;
}
static int mtdswap_readsect(struct mtd_blktrans_dev *dev,
Reported by FlawFinder.
drivers/mfd/menelaus.c
2 issues
Line: 889
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int menelaus_read_time(struct device *dev, struct rtc_time *t)
{
struct i2c_msg msg[2];
char regs[7];
int status;
/* block read date and time registers */
regs[0] = MENELAUS_RTC_SEC;
Reported by FlawFinder.
Line: 944
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int menelaus_read_alarm(struct device *dev, struct rtc_wkalrm *w)
{
struct i2c_msg msg[2];
char regs[6];
int status;
/* block read alarm registers */
regs[0] = MENELAUS_RTC_AL_SEC;
Reported by FlawFinder.
drivers/media/pci/cx23885/cx23885-alsa.c
2 issues
Line: 567
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strscpy(card->driver, "CX23885", sizeof(card->driver));
sprintf(card->shortname, "Conexant CX23885");
sprintf(card->longname, "%s at %s", card->shortname, dev->name);
err = snd_card_register(card);
if (err < 0)
goto error;
Reported by FlawFinder.
Line: 566
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto error;
strscpy(card->driver, "CX23885", sizeof(card->driver));
sprintf(card->shortname, "Conexant CX23885");
sprintf(card->longname, "%s at %s", card->shortname, dev->name);
err = snd_card_register(card);
if (err < 0)
goto error;
Reported by FlawFinder.
drivers/media/dvb-frontends/nxt200x.c
2 issues
Line: 98
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
buf2[0] = reg;
memcpy(&buf2[1], buf, len);
if ((err = i2c_transfer (state->i2c, &msg, 1)) != 1) {
pr_warn("%s: i2c write error (addr 0x%02x, err == %i)\n",
__func__, state->config->demod_address, err);
return -EREMOTEIO;
Reported by FlawFinder.
Line: 1175
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* create dvb_frontend */
memcpy(&state->frontend.ops, &nxt200x_ops, sizeof(struct dvb_frontend_ops));
state->frontend.demodulator_priv = state;
return &state->frontend;
error:
kfree(state);
Reported by FlawFinder.
drivers/media/pci/saa7164/saa7164.h
2 issues
Line: 196
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct saa7164_histogram {
char name[32];
struct saa7164_histogram_bucket counter1[64];
};
struct saa7164_user_buffer {
struct list_head list;
Reported by FlawFinder.
Line: 440
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nr;
int hwrevision;
u32 board;
char name[16];
/* firmware status */
struct saa7164_fw_status fw_status;
u32 firmwareloaded;
Reported by FlawFinder.
drivers/mfd/mt6360-core.c
2 issues
Line: 445
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(val, buf + MT6360_CRC_PREDATA_OFFSET, val_size);
out:
kfree(buf);
return (ret < 0) ? ret : 0;
}
Reported by FlawFinder.
Line: 476
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0] = I2C_ADDR_XLATE_8BIT(i2c->addr, I2C_SMBUS_WRITE);
buf[1] = reg_addr;
memcpy(buf + MT6360_CRC_PREDATA_OFFSET, val + MT6360_REGMAP_REG_BYTE_SIZE, write_size);
if (crc_needed) {
buf[val_size] = crc8(ddata->crc8_tbl, buf, val_size, 0);
write_size += (MT6360_CRC_CRC8_SIZE + MT6360_CRC_DUMMY_BYTE_SIZE);
}
Reported by FlawFinder.
drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c
2 issues
Line: 1344
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
OPCODE_TID(req) = htonl(MK_OPCODE_TID(CPL_ACT_OPEN_REQ, qid_filterid));
req->local_port = cpu_to_be16(f->fs.val.lport);
req->peer_port = cpu_to_be16(f->fs.val.fport);
memcpy(&req->local_ip, f->fs.val.lip, 4);
memcpy(&req->peer_ip, f->fs.val.fip, 4);
req->opt0 = cpu_to_be64(NAGLE_V(f->fs.newvlan == VLAN_REMOVE ||
f->fs.newvlan == VLAN_REWRITE) |
DELACK_V(f->fs.hitcnts) |
L2T_IDX_V(f->l2t ? f->l2t->idx : 0) |
Reported by FlawFinder.
Line: 1345
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req->local_port = cpu_to_be16(f->fs.val.lport);
req->peer_port = cpu_to_be16(f->fs.val.fport);
memcpy(&req->local_ip, f->fs.val.lip, 4);
memcpy(&req->peer_ip, f->fs.val.fip, 4);
req->opt0 = cpu_to_be64(NAGLE_V(f->fs.newvlan == VLAN_REMOVE ||
f->fs.newvlan == VLAN_REWRITE) |
DELACK_V(f->fs.hitcnts) |
L2T_IDX_V(f->l2t ? f->l2t->idx : 0) |
SMAC_SEL_V((cxgb4_port_viid(f->dev) &
Reported by FlawFinder.
drivers/net/ethernet/aquantia/atlantic/aq_filters.c
2 issues
Line: 697
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_exit;
}
memcpy(&aq_rx_fltr->aq_fsp, fsp, sizeof(*fsp));
err = aq_update_table_filters(aq_nic, aq_rx_fltr, fsp->location, NULL);
if (unlikely(err))
goto err_free;
Reported by FlawFinder.
Line: 756
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(!rule || fsp->location != rule->aq_fsp.location))
return -EINVAL;
memcpy(fsp, &rule->aq_fsp, sizeof(*fsp));
return 0;
}
int aq_get_rxnfc_all_rules(struct aq_nic_s *aq_nic, struct ethtool_rxnfc *cmd,
Reported by FlawFinder.