The following issues were found
drivers/media/dvb-frontends/dib0070.h
2 issues
Line: 51
Column: 63
CWE codes:
362
#if IS_REACHABLE(CONFIG_DVB_TUNER_DIB0070)
extern struct dvb_frontend *dib0070_attach(struct dvb_frontend *fe, struct i2c_adapter *i2c, struct dib0070_config *cfg);
extern u16 dib0070_wbd_offset(struct dvb_frontend *);
extern void dib0070_ctrl_agc_filter(struct dvb_frontend *, u8 open);
extern u8 dib0070_get_rf_output(struct dvb_frontend *fe);
extern int dib0070_set_rf_output(struct dvb_frontend *fe, u8 no);
#else
static inline struct dvb_frontend *dib0070_attach(struct dvb_frontend *fe, struct i2c_adapter *i2c, struct dib0070_config *cfg)
{
Reported by FlawFinder.
Line: 67
Column: 72
CWE codes:
362
return 0;
}
static inline void dib0070_ctrl_agc_filter(struct dvb_frontend *fe, u8 open)
{
printk(KERN_WARNING "%s: driver disabled by Kconfig\n", __func__);
}
#endif
Reported by FlawFinder.
drivers/net/ethernet/cavium/liquidio/liquidio_image.h
2 issues
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct octeon_firmware_file_header {
__be32 magic;
char version[LIO_MAX_FIRMWARE_VERSION_LEN];
char bootcmd[LIO_MAX_BOOTCMD_LEN];
__be32 num_images;
struct octeon_firmware_desc desc[LIO_MAX_IMAGES];
__be32 pad;
__be32 crc32; /* header checksum */
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct octeon_firmware_file_header {
__be32 magic;
char version[LIO_MAX_FIRMWARE_VERSION_LEN];
char bootcmd[LIO_MAX_BOOTCMD_LEN];
__be32 num_images;
struct octeon_firmware_desc desc[LIO_MAX_IMAGES];
__be32 pad;
__be32 crc32; /* header checksum */
};
Reported by FlawFinder.
drivers/media/i2c/tvp5150.c
2 issues
Line: 507
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2c_vbi_ram_value {
u16 reg;
struct tvp5150_vbi_type type;
unsigned char values[16];
};
/* This struct have the values for each supported VBI Standard
* by
tvp5150_vbi_types should follow the same order as vbi_ram_default
Reported by FlawFinder.
Line: 2104
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
static const char * const tvp5150_test_patterns[2] = {
"Disabled",
"Black screen"
};
static int tvp5150_probe(struct i2c_client *c)
Reported by FlawFinder.
drivers/misc/lis3lv02d/lis3lv02d_i2c.c
2 issues
Line: 74
Column: 8
CWE codes:
120
20
lis3_reg_ctrl(lis3, LIS3_REG_ON);
lis3->read(lis3, WHO_AM_I, ®);
if (reg != lis3->whoami)
printk(KERN_ERR "lis3: power on failure\n");
/* power up the device */
ret = lis3->read(lis3, CTRL_REG1, ®);
Reported by FlawFinder.
Line: 79
Column: 14
CWE codes:
120
20
printk(KERN_ERR "lis3: power on failure\n");
/* power up the device */
ret = lis3->read(lis3, CTRL_REG1, ®);
if (ret < 0)
return ret;
if (lis3->whoami == WAI_3DLH)
reg |= CTRL1_PM0 | CTRL1_Xen | CTRL1_Yen | CTRL1_Zen;
Reported by FlawFinder.
drivers/memory/renesas-rpc-if.c
2 issues
Line: 395
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
smcr |= RPCIF_SMCR_SSLKP;
}
memcpy(data, rpc->buffer + pos, nbytes);
if (nbytes > 4) {
regmap_write(rpc->regmap, RPCIF_SMWDR1,
data[0]);
regmap_write(rpc->regmap, RPCIF_SMWDR0,
data[1]);
Reported by FlawFinder.
Line: 479
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&data[0]);
data[0] >>= 16;
}
memcpy(rpc->buffer + pos, data, nbytes);
pos += nbytes;
}
break;
default:
Reported by FlawFinder.
drivers/media/pci/saa7146/mxb.c
2 issues
Line: 280
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
there are no specs available, so we simply use some init values */
static struct {
int length;
char data[9];
} mxb_saa7740_init[] = {
{ 3, { 0x80, 0x00, 0x00 } },{ 3, { 0x80, 0x89, 0x00 } },
{ 3, { 0x80, 0xb0, 0x0a } },{ 3, { 0x00, 0x00, 0x00 } },
{ 3, { 0x49, 0x00, 0x00 } },{ 3, { 0x4a, 0x00, 0x00 } },
{ 3, { 0x4b, 0x00, 0x00 } },{ 3, { 0x4c, 0x00, 0x00 } },
Reported by FlawFinder.
Line: 454
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DEB_EE("VIDIOC_ENUMINPUT %d\n", i->index);
if (i->index >= MXB_INPUTS)
return -EINVAL;
memcpy(i, &mxb_inputs[i->index], sizeof(struct v4l2_input));
return 0;
}
static int vidioc_g_input(struct file *file, void *fh, unsigned int *i)
{
Reported by FlawFinder.
drivers/media/platform/exynos4-is/fimc-capture.c
2 issues
Line: 325
Column: 25
CWE codes:
362
INIT_LIST_HEAD(&fimc->vid_cap.active_buf_q);
vid_cap->buf_index = 0;
fimc_pipeline_call(ve, open, &ve->vdev.entity, false);
fimc_capture_hw_init(fimc);
clear_bit(ST_CAPT_SUSPENDED, &fimc->state);
for (i = 0; i < vid_cap->reqbufs_count; i++) {
Reported by FlawFinder.
Line: 494
Column: 32
CWE codes:
362
if (v4l2_fh_is_singular_file(file)) {
fimc_md_graph_lock(ve);
ret = fimc_pipeline_call(ve, open, &ve->vdev.entity, true);
if (ret == 0)
ve->vdev.entity.use_count++;
fimc_md_graph_unlock(ve);
Reported by FlawFinder.
drivers/net/ethernet/brocade/bna/bfa_cee.c
2 issues
Line: 75
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
cee->get_attr_status = status;
if (status == BFA_STATUS_OK) {
memcpy(cee->attr, cee->attr_dma.kva,
sizeof(struct bfa_cee_attr));
bfa_cee_format_cee_cfg(cee->attr);
}
cee->get_attr_pending = false;
if (cee->cbfn.get_attr_cbfn)
Reported by FlawFinder.
Line: 95
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
cee->get_stats_status = status;
if (status == BFA_STATUS_OK) {
memcpy(cee->stats, cee->stats_dma.kva,
sizeof(struct bfa_cee_stats));
bfa_cee_stats_swap(cee->stats);
}
cee->get_stats_pending = false;
if (cee->cbfn.get_stats_cbfn)
Reported by FlawFinder.
drivers/net/ethernet/dlink/dl2k.c
2 issues
Line: 24
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mtu[MAX_UNITS];
static int vlan[MAX_UNITS];
static int jumbo[MAX_UNITS];
static char *media[MAX_UNITS];
static int tx_flow=-1;
static int rx_flow=-1;
static int copy_thresh;
static int rx_coalesce=10; /* Rx frame count each interrupt */
static int rx_timeout=200; /* Rx DMA wait time in 640ns increments */
Reported by FlawFinder.
Line: 388
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 9: /* Adapter description */
j = (next - i > 255) ? 255 : next - i;
memcpy (np->name, &(psib[i]), j);
break;
case 4:
case 5:
case 6:
case 7:
Reported by FlawFinder.
drivers/misc/lkdtm/perms.c
2 issues
Line: 54
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
do_nothing();
if (write == CODE_WRITE) {
memcpy(dst, do_nothing, EXEC_SIZE);
flush_icache_range((unsigned long)dst,
(unsigned long)dst + EXEC_SIZE);
}
pr_info("attempting bad execution at %px\n", func);
func();
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr = (unsigned char *)do_overwritten;
pr_info("attempting bad %zu byte write at %px\n", size, ptr);
memcpy((void *)ptr, (unsigned char *)do_nothing, size);
flush_icache_range((unsigned long)ptr, (unsigned long)(ptr + size));
pr_err("FAIL: survived bad write\n");
do_overwritten();
}
Reported by FlawFinder.