The following issues were found
drivers/net/wireless/ath/ath9k/eeprom_9287.c
2 issues
Line: 597
CWE codes:
786
if (CMP_CTL || CMP_NO_CTL) {
rep = &(pEepData->ctlData[i]);
pRdEdgesPower =
rep->ctlEdges[ar5416_get_ntxchains(tx_chainmask) - 1];
twiceMinEdgePower = ath9k_hw_get_max_edge_power(freq,
pRdEdgesPower,
IS_CHAN_2GHZ(chan),
AR5416_NUM_BAND_EDGES);
Reported by Cppcheck.
Line: 597
CWE codes:
788
if (CMP_CTL || CMP_NO_CTL) {
rep = &(pEepData->ctlData[i]);
pRdEdgesPower =
rep->ctlEdges[ar5416_get_ntxchains(tx_chainmask) - 1];
twiceMinEdgePower = ath9k_hw_get_max_edge_power(freq,
pRdEdgesPower,
IS_CHAN_2GHZ(chan),
AR5416_NUM_BAND_EDGES);
Reported by Cppcheck.
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.h
2 issues
Line: 80
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define HCLGE_DBG_MAX_DFX_MSG_LEN 60
struct hclge_dbg_dfx_message {
int flag;
char message[HCLGE_DBG_MAX_DFX_MSG_LEN];
};
#define HCLGE_DBG_MAC_REG_TYPE_LEN 32
struct hclge_dbg_reg_type_info {
enum hnae3_dbg_cmd cmd;
Reported by FlawFinder.
Line: 748
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define HCLGE_BILLION_NANO_SECONDS 1000000000
struct hclge_dbg_item {
char name[HCLGE_DBG_ITEM_NAME_LEN];
u16 interval; /* blank numbers after the item */
};
struct hclge_dbg_vlan_cfg {
u16 pvid;
Reported by FlawFinder.
drivers/net/wireless/ath/ath9k/hw.h
2 issues
Line: 123
#define SM(_v, _f) (((_v) << _f##_S) & _f)
#define MS(_v, _f) (((_v) & _f) >> _f##_S)
#define REG_RMW_FIELD(_a, _r, _f, _v) \
REG_RMW(_a, _r, (((_v) << _f##_S) & _f), (_f))
#define REG_READ_FIELD(_a, _r, _f) \
(((REG_READ(_a, _r) & _f) >> _f##_S))
#define REG_SET_BIT(_a, _r, _f) \
REG_RMW(_a, _r, (_f), 0)
Reported by Cppcheck.
Line: 83
Column: 17
CWE codes:
120
20
(_ah)->reg_ops.write((_ah), (_val), (_reg))
#define REG_READ(_ah, _reg) \
(_ah)->reg_ops.read((_ah), (_reg))
#define REG_READ_MULTI(_ah, _addr, _val, _cnt) \
(_ah)->reg_ops.multi_read((_ah), (_addr), (_val), (_cnt))
#define REG_RMW(_ah, _reg, _set, _clr) \
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/mvm/tt.c
2 issues
Line: 729
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void iwl_mvm_thermal_zone_register(struct iwl_mvm *mvm)
{
int i, ret;
char name[16];
static atomic_t counter = ATOMIC_INIT(0);
if (!iwl_mvm_is_tt_in_fw(mvm)) {
mvm->tz_device.tzone = NULL;
Reported by FlawFinder.
Line: 740
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
BUILD_BUG_ON(ARRAY_SIZE(name) >= THERMAL_NAME_LENGTH);
sprintf(name, "iwlwifi_%u", atomic_inc_return(&counter) & 0xFF);
mvm->tz_device.tzone = thermal_zone_device_register(name,
IWL_MAX_DTS_TRIPS,
IWL_WRITABLE_TRIPS_MSK,
mvm, &tzone_ops,
NULL, 0, 0);
Reported by FlawFinder.
drivers/net/wireless/ath/carl9170/fwdesc.h
2 issues
Line: 136
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct carl9170fw_motd_desc {
struct carl9170fw_desc_head head;
__le32 fw_year_month_day;
char desc[CARL9170FW_MOTD_STRING_LEN];
char release[CARL9170FW_MOTD_RELEASE_LEN];
} __packed;
#define CARL9170FW_MOTD_DESC_SIZE \
(sizeof(struct carl9170fw_motd_desc))
Reported by FlawFinder.
Line: 137
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct carl9170fw_desc_head head;
__le32 fw_year_month_day;
char desc[CARL9170FW_MOTD_STRING_LEN];
char release[CARL9170FW_MOTD_RELEASE_LEN];
} __packed;
#define CARL9170FW_MOTD_DESC_SIZE \
(sizeof(struct carl9170fw_motd_desc))
#define CARL9170FW_FIX_DESC_MIN_VER 1
Reported by FlawFinder.
drivers/net/wireless/ath/carl9170/mac.c
2 issues
Line: 483
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key.user = cpu_to_le16(id);
key.keyId = cpu_to_le16(keyidx);
key.type = cpu_to_le16(ktype);
memcpy(&key.macAddr, mac, ETH_ALEN);
if (keydata)
memcpy(&key.key, keydata, keylen);
return carl9170_exec_cmd(ar, CARL9170_CMD_EKEY,
sizeof(key), (u8 *)&key, 0, NULL);
Reported by FlawFinder.
Line: 485
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key.type = cpu_to_le16(ktype);
memcpy(&key.macAddr, mac, ETH_ALEN);
if (keydata)
memcpy(&key.key, keydata, keylen);
return carl9170_exec_cmd(ar, CARL9170_CMD_EKEY,
sizeof(key), (u8 *)&key, 0, NULL);
}
Reported by FlawFinder.
drivers/net/wireless/ath/carl9170/usb.c
2 issues
Line: 668
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ar->cmd.hdr.cmd = cmd;
/* writing multiple regs fills this buffer already */
if (plen && payload != (u8 *)(ar->cmd.data))
memcpy(ar->cmd.data, payload, plen);
spin_lock_bh(&ar->cmd_lock);
ar->readbuf = (u8 *)out;
ar->readlen = outlen;
spin_unlock_bh(&ar->cmd_lock);
Reported by FlawFinder.
Line: 826
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (len) {
transfer = min_t(unsigned int, len, 4096u);
memcpy(buf, data, transfer);
err = usb_control_msg(ar->udev, usb_sndctrlpipe(ar->udev, 0),
0x30 /* FW DL */, 0x40 | USB_DIR_OUT,
addr >> 8, 0, buf, transfer, 100);
Reported by FlawFinder.
drivers/net/wireless/ath/regd.c
2 issues
Line: 535
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ath_is_world_regd(&common->reg_world_copy))
break;
memcpy(reg, &common->reg_world_copy,
sizeof(struct ath_regulatory));
break;
case NL80211_REGDOM_SET_BY_DRIVER:
break;
case NL80211_REGDOM_SET_BY_USER:
Reported by FlawFinder.
Line: 772
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return r;
if (ath_is_world_regd(reg))
memcpy(&common->reg_world_copy, reg,
sizeof(struct ath_regulatory));
ath_regd_init_wiphy(reg, wiphy, reg_notifier);
return 0;
Reported by FlawFinder.
drivers/net/ethernet/hisilicon/hns3/hns3_trace.h
2 issues
Line: 86
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->ntu = ring->next_to_use;
__entry->ntc = ring->next_to_clean;
__entry->desc_dma = ring->desc_dma_addr,
memcpy(__entry->desc, &ring->desc[cur_ntu],
sizeof(struct hns3_desc));
__assign_str(devname, ring->tqp->handle->kinfo.netdev->name);
),
TP_printk(
Reported by FlawFinder.
Line: 119
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->ntc = ring->next_to_clean;
__entry->desc_dma = ring->desc_dma_addr;
__entry->buf_dma = ring->desc_cb[ring->next_to_clean].dma;
memcpy(__entry->desc, &ring->desc[ring->next_to_clean],
sizeof(struct hns3_desc));
__assign_str(devname, ring->tqp->handle->kinfo.netdev->name);
),
TP_printk(
Reported by FlawFinder.
drivers/net/wireless/ath/wil6210/trace.h
2 issues
Line: 76
Column: 16
CWE codes:
134
Suggestion:
Use a constant for the format specification
__dynamic_array(char, msg, WIL6210_MSG_MAX)
),
TP_fast_assign(
WARN_ON_ONCE(vsnprintf(__get_dynamic_array(msg),
WIL6210_MSG_MAX,
vaf->fmt,
*vaf->va) >= WIL6210_MSG_MAX);
),
TP_printk("%s", __get_str(msg))
Reported by FlawFinder.
Line: 47
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->command_id = le16_to_cpu(wmi->command_id);
__entry->fw_timestamp = le32_to_cpu(wmi->fw_timestamp);
__entry->buf_len = buf_len;
memcpy(__get_dynamic_array(buf), buf, buf_len);
),
TP_printk(
"MID %d id 0x%04x len %d timestamp %d",
__entry->mid, __entry->command_id, __entry->buf_len,
Reported by FlawFinder.