The following issues were found
drivers/net/wireless/broadcom/brcm80211/brcmsmac/dma.c
2 issues
Line: 210
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* dma engine software state */
struct dma_info {
struct dma_pub dma; /* exported structure */
char name[MAXNAMEL]; /* callers name for diag msgs */
struct bcma_device *core;
struct device *dmadev;
/* session information for AMPDU */
Reported by FlawFinder.
Line: 587
Column: 2
CWE codes:
120
rxextheadroom, nrxpost, rxoffset, txregbase, rxregbase);
/* make a private copy of our callers name */
strncpy(di->name, name, MAXNAMEL);
di->name[MAXNAMEL - 1] = '\0';
di->dmadev = core->dma_dev;
/* save tunables */
Reported by FlawFinder.
drivers/net/ethernet/fujitsu/fmvj18x_cs.c
2 issues
Line: 652
Column: 12
CWE codes:
362
{
struct net_device *dev = link->priv;
if (link->open)
netif_device_detach(dev);
return 0;
}
Reported by FlawFinder.
Line: 662
Column: 12
CWE codes:
362
{
struct net_device *dev = link->priv;
if (link->open) {
fjn_reset(dev);
netif_device_attach(dev);
}
return 0;
Reported by FlawFinder.
drivers/net/ethernet/freescale/ucc_geth.c
2 issues
Line: 3208
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!is_valid_ether_addr(addr->sa_data))
return -EADDRNOTAVAIL;
memcpy(dev->dev_addr, addr->sa_data, dev->addr_len);
/*
* If device is not running, we will set mac addr register
* when opening the device.
*/
Reported by FlawFinder.
Line: 3529
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum qe_clock *out)
{
const char *sprop;
char buf[24];
snprintf(buf, sizeof(buf), "%s-clock-name", which);
sprop = of_get_property(np, buf, NULL);
if (sprop) {
*out = qe_clock_source(sprop);
Reported by FlawFinder.
drivers/net/ethernet/freescale/gianfar_ethtool.c
2 issues
Line: 118
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct gfar_private *priv = netdev_priv(dev);
if (priv->device_flags & FSL_GIANFAR_DEV_HAS_RMON)
memcpy(buf, stat_gstrings, GFAR_STATS_LEN * ETH_GSTRING_LEN);
else
memcpy(buf, stat_gstrings,
GFAR_EXTRA_STATS_LEN * ETH_GSTRING_LEN);
}
Reported by FlawFinder.
Line: 120
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (priv->device_flags & FSL_GIANFAR_DEV_HAS_RMON)
memcpy(buf, stat_gstrings, GFAR_STATS_LEN * ETH_GSTRING_LEN);
else
memcpy(buf, stat_gstrings,
GFAR_EXTRA_STATS_LEN * ETH_GSTRING_LEN);
}
/* Fill in an array of 64-bit statistics from various sources.
* This array will be appended to the end of the ethtool_stats
Reported by FlawFinder.
drivers/net/wireless/intel/ipw2x00/ipw2100.h
2 issues
Line: 523
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int tx_power;
u32 beacon_interval;
char nick[IW_ESSID_MAX_SIZE + 1];
struct ipw2100_status_queue status_queue;
struct statistic txq_stat;
struct statistic rxq_stat;
Reported by FlawFinder.
Line: 787
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ipw2100_rx {
union {
unsigned char payload[IPW_RX_NIC_BUFFER_LENGTH];
struct libipw_hdr_4addr header;
u32 status;
struct ipw2100_notification notification;
struct ipw2100_cmd_header command;
} rx_data;
Reported by FlawFinder.
drivers/net/wireless/intel/ipw2x00/ipw2200.h
2 issues
Line: 1955
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 cmd;
u8 len;
__le16 reserved;
char param[124];
} __packed;
struct ipw_cmd_log {
unsigned long jiffies;
int retcode;
Reported by FlawFinder.
Line: 710
Column: 6
CWE codes:
120
20
struct ipw_rx_mem_buffer pool[RX_QUEUE_SIZE + RX_FREE_BUFFERS];
struct ipw_rx_mem_buffer *queue[RX_QUEUE_SIZE];
u32 processed; /* Internal index to last handled Rx packet */
u32 read; /* Shared index to newest available Rx buffer */
u32 write; /* Shared index to oldest written Rx packet */
u32 free_count; /* Number of pre-allocated buffers in rx_free */
/* Each of these lists is used as a FIFO for ipw_rx_mem_buffers */
struct list_head rx_free; /* Own an SKBs */
struct list_head rx_used; /* No SKB allocated */
Reported by FlawFinder.
drivers/net/wireless/intel/iwlegacy/3945-rs.c
2 issues
Line: 818
Column: 6
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
desc +=
sprintf(buff + desc,
"tx packets=%d last rate idx=%d\n"
"rate=0x%X flush time %d\n", lq_sta->tx_packets,
lq_sta->last_txrate_idx, lq_sta->start_rate,
jiffies_to_msecs(lq_sta->flush_time));
for (j = 0; j < RATE_COUNT_3945; j++) {
Reported by FlawFinder.
Line: 825
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
jiffies_to_msecs(lq_sta->flush_time));
for (j = 0; j < RATE_COUNT_3945; j++) {
desc +=
sprintf(buff + desc, "counter=%d success=%d %%=%d\n",
lq_sta->win[j].counter,
lq_sta->win[j].success_counter,
lq_sta->win[j].success_ratio);
}
ret = simple_read_from_buffer(user_buf, count, ppos, buff, desc);
Reported by FlawFinder.
drivers/net/ethernet/freescale/enetc/enetc_pf.h
2 issues
Line: 15
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ENETC_MADDR_HASH_TBL_SZ 64
struct enetc_mac_filter {
union {
char mac_addr[ETH_ALEN];
DECLARE_BITMAP(mac_hash_table, ENETC_MADDR_HASH_TBL_SZ);
};
int mac_addr_cnt;
};
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct enetc_msg_swbd rxmsg[ENETC_MAX_NUM_VFS];
struct work_struct msg_task;
char msg_int_name[ENETC_INT_NAME_MAX];
char vlan_promisc_simap; /* bitmap of SIs in VLAN promisc mode */
DECLARE_BITMAP(vlan_ht_filter, ENETC_VLAN_HT_SIZE);
DECLARE_BITMAP(active_vlans, VLAN_N_VID);
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/dvm/power.c
2 issues
Line: 335
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EIO;
/* scan complete use sleep_power_next, need to be updated */
memcpy(&priv->power_data.sleep_cmd_next, cmd, sizeof(*cmd));
if (test_bit(STATUS_SCANNING, &priv->status) && !force) {
IWL_DEBUG_INFO(priv, "Defer power set mode while scanning\n");
return 0;
}
Reported by FlawFinder.
Line: 357
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"calibration running: %d\n",
priv->chain_noise_data.state);
memcpy(&priv->power_data.sleep_cmd, cmd, sizeof(*cmd));
} else
IWL_ERR(priv, "set power fail, ret = %d\n", ret);
return ret;
}
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/dvm/rs.h
2 issues
Line: 273
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IWL_MAX_MCS_DISPLAY_SIZE 12
struct iwl_rate_mcs_info {
char mbps[IWL_MAX_MCS_DISPLAY_SIZE];
char mcs[IWL_MAX_MCS_DISPLAY_SIZE];
};
/**
* struct iwl_rate_scale_data -- tx success history for one rate
Reported by FlawFinder.
Line: 274
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iwl_rate_mcs_info {
char mbps[IWL_MAX_MCS_DISPLAY_SIZE];
char mcs[IWL_MAX_MCS_DISPLAY_SIZE];
};
/**
* struct iwl_rate_scale_data -- tx success history for one rate
*/
Reported by FlawFinder.