The following issues were found
drivers/media/usb/dvb-usb-v2/mxl111sf-tuner.c
2 issues
Line: 458
static const struct dvb_tuner_ops mxl111sf_tuner_tuner_ops = {
.info = {
.name = "MaxLinear MxL111SF",
#if 0
.frequency_min_hz = ,
.frequency_max_hz = ,
.frequency_step_hz = ,
#endif
},
Reported by Cppcheck.
Line: 492
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
state->mxl_state = mxl_state;
state->cfg = cfg;
memcpy(&fe->ops.tuner_ops, &mxl111sf_tuner_tuner_ops,
sizeof(struct dvb_tuner_ops));
fe->tuner_priv = state;
return fe;
}
Reported by FlawFinder.
drivers/media/usb/dvb-usb-v2/mxl111sf.c
2 issues
Line: 71
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(state->rcvbuf, 0, rlen);
state->sndbuf[0] = cmd;
memcpy(&state->sndbuf[1], wbuf, wlen);
ret = (wo) ? dvb_usbv2_generic_write(d, state->sndbuf, 1+wlen) :
dvb_usbv2_generic_rw(d, state->sndbuf, 1+wlen, state->rcvbuf,
rlen);
Reported by FlawFinder.
Line: 78
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rlen);
if (rbuf)
memcpy(rbuf, state->rcvbuf, rlen);
mutex_unlock(&state->msg_lock);
mxl_fail(ret);
Reported by FlawFinder.
drivers/misc/sgi-xp/xpc_uv.c
2 issues
Line: 1460
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUG_ON(msg_slot->hdr.size != 0);
memcpy(msg_slot, msg, msg->hdr.size);
xpc_put_fifo_entry_uv(&ch_uv->recv_msg_list, &msg_slot->hdr.u.next);
if (ch->flags & XPC_C_CONNECTEDCALLOUT_MADE) {
/*
Reported by FlawFinder.
Line: 1583
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->hdr.ch_number = ch->number;
msg->hdr.size = msg_size;
msg->hdr.msg_slot_number = msg_slot->msg_slot_number;
memcpy(&msg->payload, payload, payload_size);
ret = xpc_send_gru_msg(ch->sn.uv.cached_notify_gru_mq_desc, msg,
msg_size);
if (ret == xpSuccess)
goto out_1;
Reported by FlawFinder.
drivers/media/usb/dvb-usb-v2/usb_urb.c
2 issues
Line: 297
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_dbg(&stream->udev->dev, "%s: re-alloc urbs\n", __func__);
usb_urb_free_urbs(stream);
memcpy(&stream->props, props, sizeof(*props));
if (props->type == USB_BULK)
return usb_urb_alloc_bulk_urbs(stream);
else if (props->type == USB_ISOC)
return usb_urb_alloc_isoc_urbs(stream);
Reported by FlawFinder.
Line: 314
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!stream || !props)
return -EINVAL;
memcpy(&stream->props, props, sizeof(*props));
if (!stream->complete) {
dev_err(&stream->udev->dev,
"%s: there is no data callback - this doesn't make sense\n",
KBUILD_MODNAME);
Reported by FlawFinder.
drivers/media/usb/dvb-usb-v2/zd1301.c
2 issues
Line: 34
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock(&d->usb_mutex);
memcpy(&dev->buf, wbuf, wlen);
dev_dbg(&intf->dev, ">>> %*ph\n", wlen, dev->buf);
ret = usb_bulk_msg(d->udev, usb_sndbulkpipe(d->udev, 0x04), dev->buf,
wlen, &actual_length, 1000);
Reported by FlawFinder.
Line: 77
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"<<< %*ph\n", actual_length, dev->buf);
}
memcpy(rbuf, dev->buf, rlen);
}
err_mutex_unlock:
mutex_unlock(&d->usb_mutex);
return ret;
Reported by FlawFinder.
drivers/media/usb/gspca/pac7311.c
2 issues
Line: 159
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (gspca_dev->usb_err < 0)
return;
memcpy(gspca_dev->usb_buf, buffer, len);
ret = usb_control_msg(gspca_dev->dev,
usb_sndctrlpipe(gspca_dev->dev, 0),
0, /* request */
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
0, /* value */
Reported by FlawFinder.
Line: 539
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void pac_start_frame(struct gspca_dev *gspca_dev,
__u16 lines, __u16 samples_per_line)
{
unsigned char tmpbuf[4];
gspca_frame_add(gspca_dev, FIRST_PACKET,
pac_jpeg_header1, sizeof(pac_jpeg_header1));
tmpbuf[0] = lines >> 8;
Reported by FlawFinder.
drivers/media/usb/dvb-usb/af9005.c
2 issues
Line: 42
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct af9005_device_state {
u8 sequence;
int led_state;
unsigned char data[256];
};
static int af9005_generic_read_write(struct dvb_usb_device *d, u16 reg,
int readwrite, int type, u8 * values, int len)
{
Reported by FlawFinder.
Line: 732
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0] = (u8) (FW_BULKOUT_SIZE & 0xff);
buf[1] = (u8) ((FW_BULKOUT_SIZE >> 8) & 0xff);
for (i = 0; i < packets; i++) {
memcpy(&buf[2], fw->data + i * FW_BULKOUT_SIZE,
FW_BULKOUT_SIZE);
deb_fw(">>> ");
debug_dump(buf, FW_BULKOUT_SIZE + 2, deb_fw);
ret = usb_bulk_msg(udev,
usb_sndbulkpipe(udev, 0x02),
Reported by FlawFinder.
drivers/media/platform/davinci/ccdc_hw_device.h
2 issues
Line: 21
Column: 8
CWE codes:
362
*/
struct ccdc_hw_ops {
/* Pointer to initialize function to initialize ccdc device */
int (*open) (struct device *dev);
/* Pointer to deinitialize function */
int (*close) (struct device *dev);
/* set ccdc base address */
void (*set_ccdc_base)(void *base, int size);
/* Pointer to function to enable or disable ccdc */
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ccdc_hw_device {
/* ccdc device name */
char name[32];
/* module owner */
struct module *owner;
/* hw ops */
struct ccdc_hw_ops hw_ops;
};
Reported by FlawFinder.
drivers/media/i2c/adv748x/adv748x-hdmi.c
2 issues
Line: 483
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (edid->start_block + edid->blocks > hdmi->edid.blocks)
edid->blocks = hdmi->edid.blocks - edid->start_block;
memcpy(edid->edid, hdmi->edid.edid + edid->start_block * 128,
edid->blocks * 128);
return 0;
}
Reported by FlawFinder.
Line: 546
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -E2BIG;
}
memcpy(hdmi->edid.edid, edid->edid, 128 * edid->blocks);
hdmi->edid.blocks = edid->blocks;
hdmi->edid.present = true;
hdmi->aspect_ratio = v4l2_calc_aspect_ratio(edid->edid[0x15],
edid->edid[0x16]);
Reported by FlawFinder.
drivers/media/usb/dvb-usb/cinergyT2-fe.c
2 issues
Line: 129
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dvb_frontend fe;
struct dvb_usb_device *d;
unsigned char data[64];
struct mutex data_mutex;
struct dvbt_get_status_msg status;
};
Reported by FlawFinder.
Line: 277
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
s->d = d;
memcpy(&s->fe.ops, &cinergyt2_fe_ops, sizeof(struct dvb_frontend_ops));
s->fe.demodulator_priv = s;
mutex_init(&s->data_mutex);
return &s->fe;
}
Reported by FlawFinder.