The following issues were found
include/media/drv-intf/saa7146_vv.h
2 issues
Line: 175
Column: 7
CWE codes:
362
struct saa7146_use_ops {
void (*init)(struct saa7146_dev *, struct saa7146_vv *);
int(*open)(struct saa7146_dev *, struct file *);
void (*release)(struct saa7146_dev *, struct file *);
void (*irq_done)(struct saa7146_dev *, unsigned long status);
ssize_t (*read)(struct file *, char __user *, size_t, loff_t *);
};
Reported by FlawFinder.
Line: 178
Column: 12
CWE codes:
120
20
int(*open)(struct saa7146_dev *, struct file *);
void (*release)(struct saa7146_dev *, struct file *);
void (*irq_done)(struct saa7146_dev *, unsigned long status);
ssize_t (*read)(struct file *, char __user *, size_t, loff_t *);
};
/* from saa7146_fops.c */
int saa7146_register_device(struct video_device *vid, struct saa7146_dev *dev, char *name, int type);
int saa7146_unregister_device(struct video_device *vid, struct saa7146_dev *dev);
Reported by FlawFinder.
include/sound/soc.h
2 issues
Line: 881
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *driver_name;
const char *components;
#ifdef CONFIG_DMI
char dmi_longname[80];
#endif /* CONFIG_DMI */
char topology_shortname[32];
struct device *dev;
struct snd_card *snd_card;
Reported by FlawFinder.
Line: 883
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef CONFIG_DMI
char dmi_longname[80];
#endif /* CONFIG_DMI */
char topology_shortname[32];
struct device *dev;
struct snd_card *snd_card;
struct module *owner;
Reported by FlawFinder.
net/mptcp/crypto_test.c
2 issues
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void mptcp_crypto_test_basic(struct kunit *test)
{
char hmac[32], hmac_hex[65];
u32 nonce1, nonce2;
u64 key1, key2;
u8 msg[8];
int i, j;
Reported by FlawFinder.
Line: 53
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mptcp_crypto_hmac_sha(key1, key2, msg, 8, hmac);
for (j = 0; j < 32; ++j)
sprintf(&hmac_hex[j << 1], "%02x", hmac[j] & 0xff);
hmac_hex[64] = 0;
KUNIT_EXPECT_STREQ(test, &hmac_hex[0], tests[i].result);
}
}
Reported by FlawFinder.
include/media/drv-intf/saa7146.h
2 issues
Line: 91
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct saa7146_extension
{
char name[32]; /* name of the device */
#define SAA7146_USE_I2C_IRQ 0x1
#define SAA7146_I2C_SHORT_DELAY 0x2
int flags;
/* pairs of subvendor and subdevice ids for
Reported by FlawFinder.
Line: 132
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 revision; /* chip revision; needed for bug-workarounds*/
/* pci-device & irq stuff*/
char name[32];
struct pci_dev *pci;
u32 int_todo;
spinlock_t int_slock;
/* extension handling */
Reported by FlawFinder.
include/uapi/linux/if_ether.h
2 issues
Line: 166
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if __UAPI_DEF_ETHHDR
struct ethhdr {
unsigned char h_dest[ETH_ALEN]; /* destination eth addr */
unsigned char h_source[ETH_ALEN]; /* source ether addr */
__be16 h_proto; /* packet type ID field */
} __attribute__((packed));
#endif
Reported by FlawFinder.
Line: 167
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if __UAPI_DEF_ETHHDR
struct ethhdr {
unsigned char h_dest[ETH_ALEN]; /* destination eth addr */
unsigned char h_source[ETH_ALEN]; /* source ether addr */
__be16 h_proto; /* packet type ID field */
} __attribute__((packed));
#endif
Reported by FlawFinder.
net/ceph/pagelist.c
2 issues
Line: 80
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t bit = pl->room;
int ret;
memcpy(pl->mapped_tail + (pl->length & ~PAGE_MASK),
buf, bit);
pl->length += bit;
pl->room -= bit;
buf += bit;
len -= bit;
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(pl->mapped_tail + (pl->length & ~PAGE_MASK), buf, len);
pl->length += len;
pl->room -= len;
return 0;
}
EXPORT_SYMBOL(ceph_pagelist_append);
Reported by FlawFinder.
net/mptcp/sockopt.c
2 issues
Line: 593
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
if (ret == 0)
strcpy(msk->ca_name, name);
release_sock(sk);
return ret;
}
Reported by FlawFinder.
Line: 561
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct mptcp_subflow_context *subflow;
struct sock *sk = (struct sock *)msk;
char name[TCP_CA_NAME_MAX];
bool cap_net_admin;
int ret;
if (optlen < 1)
return -EINVAL;
Reported by FlawFinder.
net/ceph/pagevec.c
2 issues
Line: 98
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (left > 0) {
size_t l = min_t(size_t, PAGE_SIZE-po, left);
memcpy(page_address(pages[i]) + po, data, l);
data += l;
left -= l;
po += l;
if (po == PAGE_SIZE) {
po = 0;
Reported by FlawFinder.
Line: 121
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (left > 0) {
size_t l = min_t(size_t, PAGE_SIZE-po, left);
memcpy(data, page_address(pages[i]) + po, l);
data += l;
left -= l;
po += l;
if (po == PAGE_SIZE) {
po = 0;
Reported by FlawFinder.
net/ncsi/internal.h
2 issues
Line: 241
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ncsi_package {
unsigned char id; /* NCSI 3-bits package ID */
unsigned char uuid[16]; /* UUID */
struct ncsi_dev_priv *ndp; /* NCSI device */
spinlock_t lock; /* Protect the package */
unsigned int channel_num; /* Number of channels */
struct list_head channels; /* List of channels */
struct list_head node; /* Form list of packages */
Reported by FlawFinder.
Line: 351
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short payload; /* Command packet payload length */
unsigned int req_flags; /* NCSI request properties */
union {
unsigned char bytes[16]; /* Command packet specific data */
unsigned short words[8];
unsigned int dwords[4];
};
unsigned char *data; /* NCSI OEM data */
struct genl_info *info; /* Netlink information */
Reported by FlawFinder.
net/ncsi/ncsi-cmd.c
2 issues
Line: 224
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len += nca->payload;
cmd = skb_put_zero(skb, len);
memcpy(&cmd->mfr_id, nca->data, nca->payload);
ncsi_cmd_build_header(&cmd->cmd.common, nca);
return 0;
}
Reported by FlawFinder.
Line: 378
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* address as source address
*/
if (nca->ndp->gma_flag == 1)
memcpy(eh->h_source, nca->ndp->ndev.dev->dev_addr, ETH_ALEN);
else
eth_broadcast_addr(eh->h_source);
/* Start the timer for the request that might not have
* corresponding response. Given NCSI is an internal
Reported by FlawFinder.