The following issues were found
drivers/media/platform/vsp1/vsp1_wpf.c
2 issues
Line: 566
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vsp1_rwpf *vsp1_wpf_create(struct vsp1_device *vsp1, unsigned int index)
{
struct vsp1_rwpf *wpf;
char name[6];
int ret;
wpf = devm_kzalloc(vsp1->dev, sizeof(*wpf), GFP_KERNEL);
if (wpf == NULL)
return ERR_PTR(-ENOMEM);
Reported by FlawFinder.
Line: 585
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
wpf->entity.type = VSP1_ENTITY_WPF;
wpf->entity.index = index;
sprintf(name, "wpf.%u", index);
ret = vsp1_entity_init(vsp1, &wpf->entity, name, 2, &wpf_ops,
MEDIA_ENT_F_PROC_VIDEO_PIXEL_FORMATTER);
if (ret < 0)
return ERR_PTR(ret);
Reported by FlawFinder.
drivers/misc/cb710/sgbuf2.c
2 issues
Line: 33
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
do {
len = min(miter->length - miter->consumed, left);
memcpy(addr, miter->addr + miter->consumed, len);
miter->consumed += len;
left -= len;
if (!left)
return data;
addr += len;
Reported by FlawFinder.
Line: 108
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
do {
len = min(miter->length - miter->consumed, left);
memcpy(miter->addr, addr, len);
miter->consumed += len;
left -= len;
if (!left)
return;
addr += len;
Reported by FlawFinder.
drivers/media/platform/vsp1/vsp1_uif.c
2 issues
Line: 246
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vsp1_uif *vsp1_uif_create(struct vsp1_device *vsp1, unsigned int index)
{
struct vsp1_uif *uif;
char name[6];
int ret;
uif = devm_kzalloc(vsp1->dev, sizeof(*uif), GFP_KERNEL);
if (!uif)
return ERR_PTR(-ENOMEM);
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
uif->entity.index = index;
/* The datasheet names the two UIF instances UIF4 and UIF5. */
sprintf(name, "uif.%u", index + 4);
ret = vsp1_entity_init(vsp1, &uif->entity, name, 2, &uif_ops,
MEDIA_ENT_F_PROC_VIDEO_STATISTICS);
if (ret < 0)
return ERR_PTR(ret);
Reported by FlawFinder.
drivers/media/pci/mantis/mantis_uart.c
2 issues
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static struct {
char string[7];
} rates[5] = {
{ "9600" },
{ "19200" },
{ "38400" },
{ "57600" },
Reported by FlawFinder.
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static struct {
char string[5];
} parity[3] = {
{ "NONE" },
{ "ODD" },
{ "EVEN" }
};
Reported by FlawFinder.
drivers/net/can/sja1000/sja1000_isa.c
2 issues
Line: 35
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned long mem[MAXDEV];
static int irq[MAXDEV];
static int clk[MAXDEV];
static unsigned char cdr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff};
static unsigned char ocr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff};
static int indirect[MAXDEV] = {[0 ... (MAXDEV - 1)] = -1};
static spinlock_t indirect_lock[MAXDEV]; /* lock for indirect access mode */
module_param_hw_array(port, ulong, ioport, NULL, 0444);
Reported by FlawFinder.
Line: 36
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int irq[MAXDEV];
static int clk[MAXDEV];
static unsigned char cdr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff};
static unsigned char ocr[MAXDEV] = {[0 ... (MAXDEV - 1)] = 0xff};
static int indirect[MAXDEV] = {[0 ... (MAXDEV - 1)] = -1};
static spinlock_t indirect_lock[MAXDEV]; /* lock for indirect access mode */
module_param_hw_array(port, ulong, ioport, NULL, 0444);
MODULE_PARM_DESC(port, "I/O port number");
Reported by FlawFinder.
drivers/media/usb/dvb-usb/vp7045.c
2 issues
Line: 43
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
if (out != NULL && outlen > 0)
memcpy(&buf[1], out, outlen);
deb_xfer("out buffer: ");
debug_dump(buf, outlen+1, deb_xfer);
Reported by FlawFinder.
Line: 73
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
debug_dump(buf, 12, deb_xfer);
if (in != NULL && inlen > 0)
memcpy(in, &buf[1], inlen);
unlock:
mutex_unlock(&d->usb_mutex);
return ret;
Reported by FlawFinder.
drivers/media/platform/vsp1/vsp1_uds.c
2 issues
Line: 411
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct vsp1_uds *vsp1_uds_create(struct vsp1_device *vsp1, unsigned int index)
{
struct vsp1_uds *uds;
char name[6];
int ret;
uds = devm_kzalloc(vsp1->dev, sizeof(*uds), GFP_KERNEL);
if (uds == NULL)
return ERR_PTR(-ENOMEM);
Reported by FlawFinder.
Line: 422
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
uds->entity.type = VSP1_ENTITY_UDS;
uds->entity.index = index;
sprintf(name, "uds.%u", index);
ret = vsp1_entity_init(vsp1, &uds->entity, name, 2, &uds_ops,
MEDIA_ENT_F_PROC_VIDEO_SCALER);
if (ret < 0)
return ERR_PTR(ret);
Reported by FlawFinder.
drivers/mmc/core/mmc_ops.c
2 issues
Line: 245
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
return err;
memcpy(cxd, cmd.resp, sizeof(u32) * 4);
return 0;
}
/*
Reported by FlawFinder.
Line: 761
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (opcode == MMC_BUS_TEST_W)
memcpy(data_buf, test_buf, len);
mrq.cmd = &cmd;
mrq.data = &data;
cmd.opcode = opcode;
cmd.arg = 0;
Reported by FlawFinder.
drivers/media/usb/em28xx/em28xx-core.c
2 issues
Line: 105
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (len)
memcpy(buf, dev->urb_buf, len);
mutex_unlock(&dev->ctrl_urb_lock);
em28xx_regdbg("(pipe 0x%08x): IN: %02x %02x %02x %02x %02x %02x %02x %02x <<< %*ph\n",
pipe, USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
Reported by FlawFinder.
Line: 158
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
mutex_lock(&dev->ctrl_urb_lock);
memcpy(dev->urb_buf, buf, len);
ret = usb_control_msg(udev, pipe, req,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
0x0000, reg, dev->urb_buf, len, HZ);
mutex_unlock(&dev->ctrl_urb_lock);
Reported by FlawFinder.
include/asm-generic/asm-prototypes.h
2 issues
Line: 11
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern void *__memmove(void *, const void *, __kernel_size_t);
#undef memset
extern void *memset(void *, int, __kernel_size_t);
#undef memcpy
extern void *memcpy(void *, const void *, __kernel_size_t);
#undef memmove
extern void *memmove(void *, const void *, __kernel_size_t);
Reported by FlawFinder.
Line: 12
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#undef memset
extern void *memset(void *, int, __kernel_size_t);
#undef memcpy
extern void *memcpy(void *, const void *, __kernel_size_t);
#undef memmove
extern void *memmove(void *, const void *, __kernel_size_t);
Reported by FlawFinder.