The following issues were found
drivers/media/usb/cx231xx/cx231xx-cards.c
2 issues
Line: 1415
Column: 28
CWE codes:
362
spin_lock_init(&dev->vbi_mode.slock);
spin_lock_init(&dev->sliced_cc_mode.slock);
init_waitqueue_head(&dev->open);
init_waitqueue_head(&dev->wait_frame);
init_waitqueue_head(&dev->wait_stream);
dev->cx231xx_read_ctrl_reg = cx231xx_read_ctrl_reg;
dev->cx231xx_write_ctrl_reg = cx231xx_write_ctrl_reg;
Reported by FlawFinder.
Line: 1949
Column: 34
CWE codes:
362
resources */
mutex_lock(&dev->lock);
wake_up_interruptible_all(&dev->open);
if (dev->users) {
dev_warn(dev->dev,
"device %s is open! Deregistration and memory deallocation are deferred on close.\n",
video_device_node_name(&dev->vdev));
Reported by FlawFinder.
drivers/media/i2c/ccs/ccs-data.c
2 issues
Line: 297
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!regs->value)
return -ENOMEM;
memcpy(regs->value, data, len);
regs++;
}
addr += len;
payload = data + len;
Reported by FlawFinder.
Line: 769
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!license)
return -ENOMEM;
memcpy(license, payload, size);
*__license = license;
*__license_length = size;
return 0;
Reported by FlawFinder.
drivers/net/arcnet/capmode.c
2 issues
Line: 77
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
pktbuf = (char *)pkt;
pkthdrbuf = (char *)pkthdr;
memcpy(pktbuf, pkthdrbuf, ARC_HDR_SIZE + sizeof(pkt->soft.cap.proto));
memcpy(pktbuf + ARC_HDR_SIZE + sizeof(pkt->soft.cap.proto) + sizeof(int),
pkthdrbuf + ARC_HDR_SIZE + sizeof(pkt->soft.cap.proto),
sizeof(struct archdr) - ARC_HDR_SIZE - sizeof(pkt->soft.cap.proto));
if (length > sizeof(pkt->soft))
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pktbuf = (char *)pkt;
pkthdrbuf = (char *)pkthdr;
memcpy(pktbuf, pkthdrbuf, ARC_HDR_SIZE + sizeof(pkt->soft.cap.proto));
memcpy(pktbuf + ARC_HDR_SIZE + sizeof(pkt->soft.cap.proto) + sizeof(int),
pkthdrbuf + ARC_HDR_SIZE + sizeof(pkt->soft.cap.proto),
sizeof(struct archdr) - ARC_HDR_SIZE - sizeof(pkt->soft.cap.proto));
if (length > sizeof(pkt->soft))
lp->hw.copy_from_card(dev, bufnum, ofs + sizeof(pkt->soft),
Reported by FlawFinder.
drivers/media/usb/tm6000/tm6000-input.c
2 issues
Line: 49
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tm6000_IR {
struct tm6000_core *dev;
struct rc_dev *rc;
char name[32];
char phys[32];
/* poll expernal decoder */
int polling;
struct delayed_work work;
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tm6000_core *dev;
struct rc_dev *rc;
char name[32];
char phys[32];
/* poll expernal decoder */
int polling;
struct delayed_work work;
u8 wait:1;
Reported by FlawFinder.
drivers/net/arcnet/com20020-pci.c
2 issues
Line: 103
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct net_device *net_dev = to_net_dev(dev);
struct arcnet_local *lp = netdev_priv(net_dev);
return sprintf(buf, "%s\n", lp->backplane ? "true" : "false");
}
static DEVICE_ATTR_RO(backplane_mode);
static struct attribute *com20020_state_attrs[] = {
&dev_attr_backplane_mode.attr,
Reported by FlawFinder.
Line: 52
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Module parameters */
static int node;
static char device[9]; /* use eg. device="arc1" to change name */
static int timeout = 3;
static int backplane;
static int clockp;
static int clockm;
Reported by FlawFinder.
drivers/media/usb/cx231xx/cx231xx-vbi.c
2 issues
Line: 145
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Save the last four bytes of the buffer so we can
check the buffer boundary condition next time */
memcpy(dma_q->partial_buf, p_buffer + buffer_size - 4, 4);
bytes_parsed = 0;
}
return rc;
}
Reported by FlawFinder.
Line: 645
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
lencopy = dma_q->bytes_left_in_line > bytes_to_copy ?
bytes_to_copy : dma_q->bytes_left_in_line;
memcpy(startwrite, p_buffer, lencopy);
return 0;
}
u8 cx231xx_is_vbi_buffer_done(struct cx231xx *dev,
Reported by FlawFinder.
drivers/media/rc/iguanair.c
2 issues
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t carrier;
struct send_packet *packet;
char name[64];
char phys[64];
};
#define CMD_NOP 0x00
#define CMD_GET_VERSION 0x01
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct send_packet *packet;
char name[64];
char phys[64];
};
#define CMD_NOP 0x00
#define CMD_GET_VERSION 0x01
#define CMD_GET_BUFSIZE 0x11
Reported by FlawFinder.
drivers/media/platform/sti/hva/hva-debugfs.c
2 issues
Line: 374
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void hva_dbg_ctx_create(struct hva_ctx *ctx)
{
struct hva_dev *hva = ctx->hva_dev;
char name[4] = "";
ctx->dbg.min_duration = UINT_MAX;
ctx->dbg.min_period = UINT_MAX;
ctx->dbg.min_bitrate = UINT_MAX;
Reported by FlawFinder.
Line: 393
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ctx->flags & HVA_FLAG_STREAMINFO)
/* save context before removing */
memcpy(&hva->dbg.last_ctx, ctx, sizeof(*ctx));
debugfs_remove(ctx->dbg.debugfs_entry);
}
Reported by FlawFinder.
drivers/net/arcnet/com20020_cs.c
2 issues
Line: 281
Column: 12
CWE codes:
362
struct com20020_dev *info = link->priv;
struct net_device *dev = info->dev;
if (link->open)
netif_device_detach(dev);
return 0;
}
Reported by FlawFinder.
Line: 292
Column: 12
CWE codes:
362
struct com20020_dev *info = link->priv;
struct net_device *dev = info->dev;
if (link->open) {
int ioaddr = dev->base_addr;
struct arcnet_local *lp = netdev_priv(dev);
arcnet_outb(lp->config | 0x80, ioaddr, COM20020_REG_W_CONFIG);
udelay(5);
Reported by FlawFinder.
drivers/media/radio/si470x/radio-si470x-usb.c
2 issues
Line: 370
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char blocknum;
unsigned short bler; /* rds block errors */
unsigned short rds;
unsigned char tmpbuf[3];
if (urb->status) {
if (urb->status == -ENOENT ||
urb->status == -ECONNRESET ||
urb->status == -ESHUTDOWN) {
Reported by FlawFinder.
Line: 443
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmpbuf[2] |= 0x40; /* corrected error(s) */
/* copy RDS block to internal buffer */
memcpy(&radio->buffer[radio->wr_index], &tmpbuf, 3);
radio->wr_index += 3;
/* wrap write pointer */
if (radio->wr_index >= radio->buf_size)
radio->wr_index = 0;
Reported by FlawFinder.