The following issues were found
drivers/net/ethernet/broadcom/bgmac.h
2 issues
Line: 486
Column: 8
CWE codes:
120
20
bool loopback;
u32 (*read)(struct bgmac *bgmac, u16 offset);
void (*write)(struct bgmac *bgmac, u16 offset, u32 value);
u32 (*idm_read)(struct bgmac *bgmac, u16 offset);
void (*idm_write)(struct bgmac *bgmac, u16 offset, u32 value);
bool (*clk_enabled)(struct bgmac *bgmac);
void (*clk_enable)(struct bgmac *bgmac, u32 flags);
Reported by FlawFinder.
Line: 513
Column: 16
CWE codes:
120
20
static inline u32 bgmac_read(struct bgmac *bgmac, u16 offset)
{
return bgmac->read(bgmac, offset);
}
static inline void bgmac_write(struct bgmac *bgmac, u16 offset, u32 value)
{
bgmac->write(bgmac, offset, value);
Reported by FlawFinder.
drivers/media/dvb-frontends/lgdt330x.c
2 issues
Line: 880
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Create dvb_frontend */
switch (state->config.demod_chip) {
case LGDT3302:
memcpy(&state->frontend.ops, &lgdt3302_ops,
sizeof(struct dvb_frontend_ops));
break;
case LGDT3303:
memcpy(&state->frontend.ops, &lgdt3303_ops,
sizeof(struct dvb_frontend_ops));
Reported by FlawFinder.
Line: 884
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct dvb_frontend_ops));
break;
case LGDT3303:
memcpy(&state->frontend.ops, &lgdt3303_ops,
sizeof(struct dvb_frontend_ops));
break;
default:
goto error;
}
Reported by FlawFinder.
drivers/net/ethernet/broadcom/bnx2.h
2 issues
Line: 6725
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
irq_handler_t handler;
unsigned int vector;
u8 requested;
char name[IFNAMSIZ + 2];
};
struct bnx2_tx_ring_info {
u32 tx_prod_bseq;
u16 tx_prod;
Reported by FlawFinder.
Line: 6973
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 shmem_base;
char fw_version[32];
int pm_cap;
int pcix_cap;
const struct flash_spec *flash_info;
Reported by FlawFinder.
drivers/mtd/nand/raw/nand_onfi.c
2 issues
Line: 153
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct onfi_params *onfi;
bool use_datain = false;
int onfi_version = 0;
char id[4];
int i, ret, val;
u16 crc;
memorg = nanddev_get_memorg(&chip->base);
Reported by FlawFinder.
Line: 323
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (le16_to_cpu(p->features) & ONFI_FEATURE_NV_DDR)
onfi->nvddr_timing_modes = le16_to_cpu(p->nvddr_timing_modes);
onfi->vendor_revision = le16_to_cpu(p->vendor_revision);
memcpy(onfi->vendor, p->vendor, sizeof(p->vendor));
chip->parameters.onfi = onfi;
/* Identification done, free the full ONFI parameter page and exit */
kfree(pbuf);
Reported by FlawFinder.
drivers/media/dvb-frontends/lgdt3305.c
2 issues
Line: 1115
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (config->demod_chip) {
case LGDT3304:
memcpy(&state->frontend.ops, &lgdt3304_ops,
sizeof(struct dvb_frontend_ops));
break;
case LGDT3305:
memcpy(&state->frontend.ops, &lgdt3305_ops,
sizeof(struct dvb_frontend_ops));
Reported by FlawFinder.
Line: 1119
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(struct dvb_frontend_ops));
break;
case LGDT3305:
memcpy(&state->frontend.ops, &lgdt3305_ops,
sizeof(struct dvb_frontend_ops));
break;
default:
goto fail;
}
Reported by FlawFinder.
drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.h
2 issues
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int kctx_len;
unsigned int authsize;
__be32 key_ctx_hdr;
char salt[MAX_SALT];
char key[2 * AES_MAX_KEY_SIZE];
};
#endif /* __CHCR_IPSEC_H__ */
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int authsize;
__be32 key_ctx_hdr;
char salt[MAX_SALT];
char key[2 * AES_MAX_KEY_SIZE];
};
#endif /* __CHCR_IPSEC_H__ */
Reported by FlawFinder.
drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c
2 issues
Line: 1970
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DP(BNX2X_MSG_DCB, "GET-PERM-ADDR\n");
/* first the HW mac address */
memcpy(perm_addr, netdev->dev_addr, netdev->addr_len);
if (CNIC_LOADED(bp))
/* second SAN address */
memcpy(perm_addr+netdev->addr_len, bp->fip_mac,
netdev->addr_len);
Reported by FlawFinder.
Line: 1974
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (CNIC_LOADED(bp))
/* second SAN address */
memcpy(perm_addr+netdev->addr_len, bp->fip_mac,
netdev->addr_len);
}
static void bnx2x_dcbnl_set_pg_tccfg_tx(struct net_device *netdev, int prio,
u8 prio_type, u8 pgid, u8 bw_pct,
Reported by FlawFinder.
drivers/media/pci/saa7164/saa7164-encoder.c
2 issues
Line: 388
CWE codes:
908
else
BUG();
fe = tsport->dvb.frontend;
if (fe && fe->ops.tuner_ops.set_analog_params)
fe->ops.tuner_ops.set_analog_params(fe, ¶ms);
else
printk(KERN_ERR "%s() No analog tuner, aborting\n", __func__);
Reported by Cppcheck.
Line: 493
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
strscpy(cap->driver, dev->name, sizeof(cap->driver));
strscpy(cap->card, saa7164_boards[dev->board].name,
sizeof(cap->card));
sprintf(cap->bus_info, "PCI:%s", pci_name(dev->pci));
cap->capabilities = V4L2_CAP_VIDEO_CAPTURE | V4L2_CAP_READWRITE |
V4L2_CAP_TUNER | V4L2_CAP_VBI_CAPTURE |
V4L2_CAP_DEVICE_CAPS;
return 0;
}
Reported by FlawFinder.
drivers/net/ethernet/broadcom/bnx2x/bnx2x_init.h
2 issues
Line: 570
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 e2; /* 57712 */
u32 e3; /* 578xx */
} reg_mask; /* Register mask (all valid bits) */
char name[8]; /* Block's longest name is 7 characters long
* (name + suffix)
*/
} bnx2x_blocks_parity_data[] = {
/* bit 19 masked */
/* REG_WR(bp, PXP_REG_PXP_PRTY_MASK, 0x80000); */
Reported by FlawFinder.
Line: 92
Column: 18
CWE codes:
120
20
union init_op {
struct op_read read;
struct op_write write;
struct op_arr_write arr_wr;
struct op_zero zero;
struct raw_op raw;
struct op_if_mode if_mode;
Reported by FlawFinder.
drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c
2 issues
Line: 8265
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bnx2x *bp = params->bp;
u32 val, cmd;
u32 fw_resp, fw_cmd_param;
char vendor_name[SFP_EEPROM_VENDOR_NAME_SIZE+1];
char vendor_pn[SFP_EEPROM_PART_NO_SIZE+1];
phy->flags &= ~FLAGS_SFP_NOT_APPROVED;
val = REG_RD(bp, params->shmem_base +
offsetof(struct shmem_region, dev_info.
port_feature_config[params->port].config));
Reported by FlawFinder.
Line: 8266
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 val, cmd;
u32 fw_resp, fw_cmd_param;
char vendor_name[SFP_EEPROM_VENDOR_NAME_SIZE+1];
char vendor_pn[SFP_EEPROM_PART_NO_SIZE+1];
phy->flags &= ~FLAGS_SFP_NOT_APPROVED;
val = REG_RD(bp, params->shmem_base +
offsetof(struct shmem_region, dev_info.
port_feature_config[params->port].config));
if ((val & PORT_FEAT_CFG_OPT_MDL_ENFRCMNT_MASK) ==
Reported by FlawFinder.