The following issues were found
drivers/net/ethernet/intel/e1000/e1000_hw.h
2 issues
Line: 537
Column: 4
CWE codes:
120
20
struct {
/* one buffer for protocol header(s), three data buffers */
__le64 buffer_addr[MAX_PS_BUFFERS];
} read;
struct {
struct {
__le32 mrq; /* Multiple Rx Queues */
union {
__le32 rss; /* RSS Hash */
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/qmi.c
2 issues
Line: 266
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req->end = 1;
}
memcpy(req->data, temp, req->data_len);
ret = qmi_txn_init(&qmi->qmi_hdl, &txn,
wlfw_bdf_download_resp_msg_v01_ei,
&resp);
if (ret < 0)
Reported by FlawFinder.
Line: 477
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
req->shadow_reg_len = config->num_shadow_reg_cfg;
memcpy(req->shadow_reg, config->shadow_reg_cfg,
sizeof(struct wlfw_shadow_reg_cfg_s_v01) * req->shadow_reg_len);
ret = qmi_send_request(&qmi->qmi_hdl, NULL, &txn,
QMI_WLFW_WLAN_CFG_REQ_V01,
WLFW_WLAN_CFG_REQ_MSG_V01_MAX_MSG_LEN,
Reported by FlawFinder.
drivers/net/wireless/ath/ath10k/qmi.h
2 issues
Line: 104
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ath10k_qmi_chip_info chip_info;
struct ath10k_qmi_board_info board_info;
struct ath10k_qmi_soc_info soc_info;
char fw_build_id[MAX_BUILD_ID_LEN + 1];
u32 fw_version;
bool fw_ready;
char fw_build_timestamp[MAX_TIMESTAMP_LEN + 1];
struct ath10k_qmi_cal_data cal_data[MAX_NUM_CAL_V01];
bool msa_fixed_perm;
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char fw_build_id[MAX_BUILD_ID_LEN + 1];
u32 fw_version;
bool fw_ready;
char fw_build_timestamp[MAX_TIMESTAMP_LEN + 1];
struct ath10k_qmi_cal_data cal_data[MAX_NUM_CAL_V01];
bool msa_fixed_perm;
enum ath10k_qmi_state state;
};
Reported by FlawFinder.
drivers/net/ethernet/huawei/hinic/hinic_rx.c
2 issues
Line: 338
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pkt_offset = nic_dev->lb_test_rx_idx * lb_len;
frag_len = (int)skb_headlen(skb);
memcpy(lb_buf + pkt_offset, skb->data, frag_len);
pkt_offset += frag_len;
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
frag_data = skb_frag_address(&skb_shinfo(skb)->frags[i]);
frag_len = (int)skb_frag_size(&skb_shinfo(skb)->frags[i]);
memcpy((lb_buf + pkt_offset), frag_data, frag_len);
Reported by FlawFinder.
Line: 343
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
frag_data = skb_frag_address(&skb_shinfo(skb)->frags[i]);
frag_len = (int)skb_frag_size(&skb_shinfo(skb)->frags[i]);
memcpy((lb_buf + pkt_offset), frag_data, frag_len);
pkt_offset += frag_len;
}
nic_dev->lb_test_rx_idx++;
}
Reported by FlawFinder.
drivers/net/ethernet/huawei/hinic/hinic_port.h
2 issues
Line: 132
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 func_idx;
u16 vlan_id;
u16 rsvd1;
unsigned char mac[ETH_ALEN];
};
struct hinic_port_mtu_cmd {
u8 status;
u8 version;
Reported by FlawFinder.
Line: 449
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct hinic_stats {
char name[ETH_GSTRING_LEN];
u32 size;
int offset;
};
struct hinic_vport_stats {
Reported by FlawFinder.
drivers/net/wireless/ath/ath11k/dp.h
2 issues
Line: 1607
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr_h16 = swab16(addr_h16);
}
memcpy(addr, &addr_l32, 4);
memcpy(addr + 4, &addr_h16, ETH_ALEN - 4);
}
int ath11k_dp_service_srng(struct ath11k_base *ab,
struct ath11k_ext_irq_grp *irq_grp,
Reported by FlawFinder.
Line: 1608
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(addr, &addr_l32, 4);
memcpy(addr + 4, &addr_h16, ETH_ALEN - 4);
}
int ath11k_dp_service_srng(struct ath11k_base *ab,
struct ath11k_ext_irq_grp *irq_grp,
int budget);
Reported by FlawFinder.
drivers/net/ethernet/huawei/hinic/hinic_hw_wq.c
2 issues
Line: 713
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wqebb_addr = WQ_PAGE_ADDR(wq, idx) +
WQE_PAGE_OFF(wq, idx);
memcpy(shadow_addr, wqebb_addr, wq->wqebb_size);
shadow_addr += wq->wqebb_size;
}
}
Reported by FlawFinder.
Line: 730
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
wqebb_addr = WQ_PAGE_ADDR(wq, idx) +
WQE_PAGE_OFF(wq, idx);
memcpy(wqebb_addr, shadow_addr, wq->wqebb_size);
shadow_addr += wq->wqebb_size;
}
}
/**
Reported by FlawFinder.
drivers/net/wireless/ath/ath11k/dp_tx.c
2 issues
Line: 548
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while ((ATH11K_TX_COMPL_NEXT(tx_ring->tx_status_head) !=
tx_ring->tx_status_tail) &&
(desc = ath11k_hal_srng_dst_get_next_entry(ab, status_ring))) {
memcpy(&tx_ring->tx_status[tx_ring->tx_status_head],
desc, sizeof(struct hal_wbm_release_ring));
tx_ring->tx_status_head =
ATH11K_TX_COMPL_NEXT(tx_ring->tx_status_head);
}
Reported by FlawFinder.
Line: 640
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dp_cmd)
return -ENOMEM;
memcpy(&dp_cmd->data, rx_tid, sizeof(struct dp_rx_tid));
dp_cmd->cmd_num = cmd_num;
dp_cmd->handler = cb;
spin_lock_bh(&dp->reo_cmd_lock);
list_add_tail(&dp_cmd->list, &dp->reo_cmd_list);
Reported by FlawFinder.
drivers/net/wireless/ath/ath5k/led.c
2 issues
Line: 169
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifndef CONFIG_ATH5K_AHB
struct pci_dev *pdev = ah->pdev;
#endif
char name[ATH5K_LED_MAX_NAME_LEN + 1];
const struct pci_device_id *match;
if (!ah->pdev)
return 0;
Reported by FlawFinder.
Line: 132
Column: 2
CWE codes:
120
int err;
led->ah = ah;
strncpy(led->name, name, sizeof(led->name));
led->name[sizeof(led->name)-1] = 0;
led->led_dev.name = led->name;
led->led_dev.default_trigger = trigger;
led->led_dev.brightness_set = ath5k_led_brightness_set;
Reported by FlawFinder.
drivers/net/wireless/ath/ath5k/mac80211-ops.c
2 issues
Line: 263
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (changes & BSS_CHANGED_BSSID) {
/* Cache for later use during resets */
memcpy(common->curbssid, bss_conf->bssid, ETH_ALEN);
common->curaid = 0;
ath5k_hw_set_bssid(ah);
}
if (changes & BSS_CHANGED_BEACON_INT)
Reported by FlawFinder.
Line: 670
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(cc, 0, sizeof(*cc));
spin_unlock_bh(&common->cc_lock);
memcpy(survey, &ah->survey, sizeof(*survey));
survey->channel = conf->chandef.chan;
survey->noise = ah->ah_noise_floor;
survey->filled = SURVEY_INFO_NOISE_DBM |
SURVEY_INFO_IN_USE |
Reported by FlawFinder.