The following issues were found
drivers/media/test-drivers/vidtv/vidtv_bridge.c
2 issues
Line: 374
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* TODO: check if the frequencies are at a valid range */
memcpy(cfg.vidtv_valid_dvb_t_freqs,
vidtv_valid_dvb_t_freqs,
sizeof(vidtv_valid_dvb_t_freqs));
memcpy(cfg.vidtv_valid_dvb_c_freqs,
vidtv_valid_dvb_c_freqs,
Reported by FlawFinder.
Line: 378
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vidtv_valid_dvb_t_freqs,
sizeof(vidtv_valid_dvb_t_freqs));
memcpy(cfg.vidtv_valid_dvb_c_freqs,
vidtv_valid_dvb_c_freqs,
sizeof(vidtv_valid_dvb_c_freqs));
/*
* Convert Satellite frequencies from Ku-band in kHZ into S-band
Reported by FlawFinder.
drivers/net/ethernet/cavium/thunder/nic_main.c
2 issues
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* MSI-X */
u8 num_vec;
bool irq_allocated[NIC_PF_MSIX_VECTORS];
char irq_name[NIC_PF_MSIX_VECTORS][20];
};
/* Supported devices */
static const struct pci_device_id nic_id_table[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_CAVIUM, PCI_DEVICE_ID_THUNDER_NIC_PF) },
Reported by FlawFinder.
Line: 1201
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Register mailbox interrupt handler */
for (i = NIC_PF_INTR_ID_MBOX0; i < nic->num_vec; i++) {
sprintf(nic->irq_name[i],
"NICPF Mbox%d", (i - NIC_PF_INTR_ID_MBOX0));
ret = request_irq(pci_irq_vector(nic->pdev, i),
nic_mbx_intr_handler, 0,
nic->irq_name[i], nic);
Reported by FlawFinder.
drivers/net/appletalk/cops.c
2 issues
Line: 227
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ERR_PTR(-ENOMEM);
if (unit >= 0) {
sprintf(dev->name, "lt%d", unit);
netdev_boot_setup_check(dev);
irq = dev->irq;
base_addr = dev->base_addr;
} else {
base_addr = dev->base_addr = io;
Reported by FlawFinder.
Line: 520
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
int ioaddr=dev->base_addr;
int length, i = 0;
strcpy(ifr.ifr_name,"lt0");
/* Get card's firmware code and do some checks on it. */
#ifdef CONFIG_COPS_DAYNA
if(lp->board==DAYNA)
{
Reported by FlawFinder.
drivers/media/test-drivers/vicodec/codec-fwht.c
2 issues
Line: 856
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (end_of_rlco_buf + 1 < *rlco + width * height / 2)
return false;
for (i = 0; i < height; i++) {
memcpy(dst, *rlco, width);
dst += dst_stride;
*rlco += width / 2;
}
return true;
}
Reported by FlawFinder.
Line: 876
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *dstp = dst + j * 8 * dst_stride + i * 8 * dst_step;
if (copies) {
memcpy(cf->de_fwht, copy, sizeof(copy));
if ((stat & PFRAME_BIT) && !is_intra)
add_deltas(cf->de_fwht, refp,
ref_stride, ref_step);
fill_decoder_block(dstp, cf->de_fwht,
dst_stride, dst_step);
Reported by FlawFinder.
drivers/media/usb/cpia2/cpia2.h
2 issues
Line: 404
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* MJPEG Extension */
int APPn; /* Number of APP segment to be written, must be 0..15 */
int APP_len; /* Length of data in JPEG APPn segment */
char APP_data[60]; /* Data in the JPEG APPn segment. */
int COM_len; /* Length of data in JPEG COM segment */
char COM_data[60]; /* Data in JPEG COM segment */
};
Reported by FlawFinder.
Line: 407
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char APP_data[60]; /* Data in the JPEG APPn segment. */
int COM_len; /* Length of data in JPEG COM segment */
char COM_data[60]; /* Data in JPEG COM segment */
};
/* v4l */
int cpia2_register_camera(struct camera_data *cam);
void cpia2_unregister_camera(struct camera_data *cam);
Reported by FlawFinder.
drivers/media/usb/pvrusb2/pvrusb2-ioread.c
2 issues
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pvr2_ioread {
struct pvr2_stream *stream;
char *buffer_storage[BUFFER_COUNT];
char *sync_key_ptr;
unsigned int sync_key_len;
unsigned int sync_buf_offs;
unsigned int sync_state;
unsigned int sync_trashed_count;
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
if (!cp->sync_key_len) return;
memcpy(cp->sync_key_ptr,sync_key_ptr,cp->sync_key_len);
}
static void pvr2_ioread_stop(struct pvr2_ioread *cp)
{
if (!(cp->enabled)) return;
Reported by FlawFinder.
drivers/media/cec/i2c/ch7322.c
2 issues
Line: 402
Column: 30
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
struct device **dev,
const char **port)
{
const struct dmi_system_id *system;
const struct ch7322_conn_match *conn;
*dev = NULL;
*port = NULL;
Reported by FlawFinder.
Line: 409
Column: 7
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
*port = NULL;
system = dmi_first_match(ch7322_dmi_table);
if (!system)
return 0;
for (conn = system->driver_data; conn->dev_name; conn++) {
if (!strcmp(dev_name(&client->dev), conn->dev_name)) {
struct device *d;
Reported by FlawFinder.
drivers/misc/phantom.c
2 issues
Line: 60
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 ctl_reg;
};
static unsigned char phantom_devices[PHANTOM_MAX_MINORS];
static int phantom_status(struct phantom_device *dev, unsigned long newstat)
{
pr_debug("phantom_status %lx %lx\n", dev->status, newstat);
Reported by FlawFinder.
Line: 135
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_debug("phantom: SRS %u regs %x\n", rs.count, rs.mask);
spin_lock_irqsave(&dev->regs_lock, flags);
if (dev->status & PHB_NOT_OH)
memcpy(&dev->oregs, &rs, sizeof(rs));
else {
u32 m = min(rs.count, 8U);
for (i = 0; i < m; i++)
if (rs.mask & BIT(i))
iowrite32(rs.values[i], dev->oaddr + i);
Reported by FlawFinder.
drivers/memstick/host/jmb38x_ms.c
2 issues
Line: 866
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
spin_lock_init(&host->lock);
host->id = cnt;
snprintf(host->host_id, sizeof(host->host_id), DRIVER_NAME ":slot%d",
host->id);
host->irq = jm->pdev->irq;
host->timeout_jiffies = msecs_to_jiffies(1000);
tasklet_init(&host->notify, jmb38x_ms_req_tasklet, (unsigned long)msh);
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t lock;
struct tasklet_struct notify;
int id;
char host_id[32];
int irq;
unsigned int block_pos;
unsigned long timeout_jiffies;
struct timer_list timer;
struct memstick_host *msh;
Reported by FlawFinder.
drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c
2 issues
Line: 250
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iv_loc = (unsigned char *)__skb_push(skb, number_of_ivs *
CIPHER_BLOCK_SIZE);
if (iv_loc)
memcpy(iv_loc, ivs, number_of_ivs * CIPHER_BLOCK_SIZE);
hws->ivsize = number_of_ivs * CIPHER_BLOCK_SIZE;
} else {
/* Send the IVs as sgls */
/* Already accounted IV DSGL for credits */
Reported by FlawFinder.
Line: 264
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = -ENOMEM;
goto out;
}
memcpy(page_address(page), ivs, number_of_ivs *
CIPHER_BLOCK_SIZE);
skb_fill_page_desc(skb, skb_shinfo(skb)->nr_frags, page, 0,
number_of_ivs * CIPHER_BLOCK_SIZE);
hws->ivsize = 0;
}
Reported by FlawFinder.