The following issues were found
drivers/net/ethernet/samsung/sxgbe/sxgbe_ethtool.c
2 issues
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "sxgbe_dma.h"
struct sxgbe_stats {
char stat_string[ETH_GSTRING_LEN];
int sizeof_stat;
int stat_offset;
};
#define SXGBE_STAT(m) \
Reported by FlawFinder.
Line: 202
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < SXGBE_STATS_LEN; i++) {
memcpy(p, sxgbe_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
default:
Reported by FlawFinder.
drivers/net/ethernet/samsung/sxgbe/sxgbe_mdio.c
2 issues
Line: 183
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct phy_device *phy = mdiobus_get_phy(mdio_bus, phy_addr);
if (phy) {
char irq_num[4];
char *irq_str;
/* If an IRQ was provided to be assigned after
* the bus probe, do it here.
*/
if ((mdio_data->irqs == NULL) &&
Reported by FlawFinder.
Line: 210
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
irq_str = "MAC";
break;
default:
sprintf(irq_num, "%d", phy->irq);
irq_str = irq_num;
break;
}
netdev_info(ndev, "PHY ID %08x at %d IRQ %s (%s)%s\n",
phy->phy_id, phy_addr, irq_str,
Reported by FlawFinder.
drivers/net/ethernet/seeq/ether3.c
2 issues
Line: 589
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
do {
unsigned int this_ptr, status;
unsigned char addrs[16];
/*
* read the first 16 bytes from the buffer.
* This contains the status bytes etc and ethernet addresses,
* and we also check the source ethernet address to see if
Reported by FlawFinder.
Line: 115
Column: 54
CWE codes:
120
20
#define ether3_inw(r) ({ unsigned int __v = readw((r)); udelay(1); __v; })
static int
ether3_setbuffer(struct net_device *dev, buffer_rw_t read, int start)
{
int timeout = 1000;
ether3_outw(priv(dev)->regs.config1 | CFG1_LOCBUFMEM, REG_CONFIG1);
ether3_outw(priv(dev)->regs.command | CMD_FIFOWRITE, REG_COMMAND);
Reported by FlawFinder.
drivers/net/ethernet/seeq/sgiseeq.c
2 issues
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sgiseeq_private *sp = netdev_priv(dev);
struct sockaddr *sa = addr;
memcpy(dev->dev_addr, sa->sa_data, dev->addr_len);
spin_lock_irq(&sp->tx_lock);
__sgiseeq_set_mac_address(dev);
spin_unlock_irq(&sp->tx_lock);
Reported by FlawFinder.
Line: 767
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
setup_rx_ring(dev, sp->rx_desc, SEEQ_RX_BUFFERS);
setup_tx_ring(dev, sp->tx_desc, SEEQ_TX_BUFFERS);
memcpy(dev->dev_addr, pd->mac, ETH_ALEN);
#ifdef DEBUG
gpriv = sp;
gdev = dev;
#endif
Reported by FlawFinder.
drivers/net/ethernet/sfc/rx_common.c
2 issues
Line: 999
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req->spec.rem_host[0] = fk.addrs.v4addrs.src;
req->spec.loc_host[0] = fk.addrs.v4addrs.dst;
} else {
memcpy(req->spec.rem_host, &fk.addrs.v6addrs.src,
sizeof(struct in6_addr));
memcpy(req->spec.loc_host, &fk.addrs.v6addrs.dst,
sizeof(struct in6_addr));
}
Reported by FlawFinder.
Line: 1001
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(req->spec.rem_host, &fk.addrs.v6addrs.src,
sizeof(struct in6_addr));
memcpy(req->spec.loc_host, &fk.addrs.v6addrs.dst,
sizeof(struct in6_addr));
}
req->spec.rem_port = fk.ports.src;
req->spec.loc_port = fk.ports.dst;
Reported by FlawFinder.
drivers/net/ethernet/sfc/tx.c
2 issues
Line: 150
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data += block_len;
BUG_ON(copy_buf->used);
BUG_ON(len > sizeof(copy_buf->buf));
memcpy(copy_buf->buf, data, len);
copy_buf->used = len;
}
}
/* Copy to PIO, respecting dword alignment, popping data from copy buffer first.
Reported by FlawFinder.
Line: 167
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int copy_to_buf =
min_t(int, sizeof(copy_buf->buf) - copy_buf->used, len);
memcpy(copy_buf->buf + copy_buf->used, data, copy_to_buf);
copy_buf->used += copy_to_buf;
/* if we didn't fill it up then we're done for now */
if (copy_buf->used < sizeof(copy_buf->buf))
return;
Reported by FlawFinder.
drivers/net/ethernet/sgi/meth.c
2 issues
Line: 97
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static irqreturn_t meth_interrupt(int irq, void *dev_id);
/* global, initialized in ip32-setup.c */
char o2meth_eaddr[8]={0,0,0,0,0,0,0,0};
static inline void load_eaddr(struct net_device *dev)
{
int i;
u64 macaddr;
Reported by FlawFinder.
Line: 839
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev->watchdog_timeo = timeout;
dev->irq = MACE_ETHERNET_IRQ;
dev->base_addr = (unsigned long)&mace->eth;
memcpy(dev->dev_addr, o2meth_eaddr, ETH_ALEN);
priv = netdev_priv(dev);
priv->pdev = pdev;
spin_lock_init(&priv->meth_lock);
SET_NETDEV_DEV(dev, &pdev->dev);
Reported by FlawFinder.
drivers/net/ethernet/sgi/meth.h
2 issues
Line: 63
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}header;
union {
tx_cat_ptr cat_buf[3];
char dt[120];
} data;
} tx_packet;
typedef union rx_status_vector {
volatile struct {
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rx_status_vector status;
u64 pad[3]; /* For whatever reason, there needs to be 4 double-word offset */
u16 pad2;
char buf[METH_RX_BUFF_SIZE-sizeof(rx_status_vector)-3*sizeof(u64)-sizeof(u16)];/* data */
} rx_packet;
#define TX_INFO_RPTR 0x00FF0000
#define TX_INFO_WPTR 0x000000FF
Reported by FlawFinder.
drivers/net/ethernet/silan/sc92031.c
2 issues
Line: 1336
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return err;
}
static const char sc92031_ethtool_stats_strings[SILAN_STATS_NUM][ETH_GSTRING_LEN] = {
"tx_timeout",
"rx_loss",
};
static void sc92031_ethtool_get_strings(struct net_device *dev,
Reported by FlawFinder.
Line: 1345
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 stringset, u8 *data)
{
if (stringset == ETH_SS_STATS)
memcpy(data, sc92031_ethtool_stats_strings,
SILAN_STATS_NUM * ETH_GSTRING_LEN);
}
static int sc92031_ethtool_get_sset_count(struct net_device *dev, int sset)
{
Reported by FlawFinder.
drivers/net/ethernet/smsc/smc9194.c
2 issues
Line: 424
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void smc_setmulticast(int ioaddr, struct net_device *dev)
{
int i;
unsigned char multicast_table[ 8 ];
struct netdev_hw_addr *ha;
/* table for flipping the order of 3 bits */
unsigned char invert3[] = { 0, 4, 2, 6, 1, 5, 3, 7 };
/* start with a table of all zeros: reject all */
Reported by FlawFinder.
Line: 700
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ERR_PTR(-ENODEV);
if (unit >= 0) {
sprintf(dev->name, "eth%d", unit);
netdev_boot_setup_check(dev);
io = dev->base_addr;
irq = dev->irq;
}
Reported by FlawFinder.