The following issues were found
include/sound/seq_midi_emul.h
2 issues
Line: 35
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char midi_program; /* Instrument number */
short midi_pitchbend; /* Pitch bend amount */
unsigned char control[128]; /* Current value of all controls */
unsigned char note[128]; /* Current status for all notes */
short gm_rpn_pitch_bend_range; /* Pitch bend range */
short gm_rpn_fine_tuning; /* Master fine tuning */
short gm_rpn_coarse_tuning; /* Master coarse tuning */
Reported by FlawFinder.
Line: 36
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
short midi_pitchbend; /* Pitch bend amount */
unsigned char control[128]; /* Current value of all controls */
unsigned char note[128]; /* Current status for all notes */
short gm_rpn_pitch_bend_range; /* Pitch bend range */
short gm_rpn_fine_tuning; /* Master fine tuning */
short gm_rpn_coarse_tuning; /* Master coarse tuning */
Reported by FlawFinder.
net/802/garp.c
2 issues
Line: 193
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attr->state = GARP_APPLICANT_VO;
attr->type = type;
attr->dlen = len;
memcpy(attr->data, data, len);
rb_link_node(&attr->node, parent, p);
rb_insert_color(&attr->node, &app->gid);
return attr;
}
Reported by FlawFinder.
Line: 315
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ga = __skb_put(app->pdu, len);
ga->len = len;
ga->event = event;
memcpy(ga->data, attr->data, attr->dlen);
return 0;
queue:
garp_pdu_queue(app);
goto again;
Reported by FlawFinder.
net/netfilter/ipvs/ip_vs_core.c
2 issues
Line: 92
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *ip_vs_proto_name(unsigned int proto)
{
static char buf[20];
switch (proto) {
case IPPROTO_IP:
return "IP";
case IPPROTO_UDP:
Reported by FlawFinder.
Line: 110
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return "ICMPv6";
#endif
default:
sprintf(buf, "IP_%u", proto);
return buf;
}
}
void ip_vs_init_hash_table(struct list_head *table, int rows)
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_recent.h
2 issues
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 hit_count;
__u8 check_set;
__u8 invert;
char name[XT_RECENT_NAME_LEN];
__u8 side;
};
struct xt_recent_mtinfo_v1 {
__u32 seconds;
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 hit_count;
__u8 check_set;
__u8 invert;
char name[XT_RECENT_NAME_LEN];
__u8 side;
union nf_inet_addr mask;
};
#endif /* _LINUX_NETFILTER_XT_RECENT_H */
Reported by FlawFinder.
include/linux/sunrpc/xprt.h
2 issues
Line: 288
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct net *xprt_net;
const char *servername;
const char *address_strings[RPC_DISPLAY_MAX];
#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
struct dentry *debugfs; /* debugfs directory */
atomic_t inject_disconnect;
#endif
struct rcu_head rcu;
Reported by FlawFinder.
Line: 339
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ident; /* XPRT_TRANSPORT identifier */
struct rpc_xprt * (*setup)(struct xprt_create *);
struct module *owner;
char name[32];
const char * netid[];
};
/*
* Generic internal transport functions
Reported by FlawFinder.
net/netfilter/ipvs/ip_vs_pe_sip.c
2 issues
Line: 19
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
size_t max_len = 64;
size_t len = min3(max_len, callid_len, buf_len - *idx - 1);
memcpy(buf + *idx, callid, len);
buf[*idx+len] = '\0';
*idx += len + 1;
return buf + *idx - len;
}
Reported by FlawFinder.
Line: 143
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int ip_vs_sip_show_pe_data(const struct ip_vs_conn *cp, char *buf)
{
memcpy(buf, cp->pe_data, cp->pe_data_len);
return cp->pe_data_len;
}
static struct ip_vs_conn *
ip_vs_sip_conn_out(struct ip_vs_service *svc,
Reported by FlawFinder.
net/netfilter/xt_nat.c
2 issues
Line: 97
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
ctinfo == IP_CT_RELATED_REPLY)));
memcpy(&range, range_v1, sizeof(*range_v1));
memset(&range.base_proto, 0, sizeof(range.base_proto));
return nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
}
Reported by FlawFinder.
Line: 115
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WARN_ON(!(ct != NULL &&
(ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)));
memcpy(&range, range_v1, sizeof(*range_v1));
memset(&range.base_proto, 0, sizeof(range.base_proto));
return nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
}
Reported by FlawFinder.
net/802/psnap.c
2 issues
Line: 84
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static int snap_request(struct datalink_proto *dl,
struct sk_buff *skb, u8 *dest)
{
memcpy(skb_push(skb, 5), dl->type, 5);
llc_build_and_send_ui_pkt(snap_sap, skb, dest, snap_sap->laddr.lsap);
return 0;
}
/*
Reported by FlawFinder.
Line: 137
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
proto = kmalloc(sizeof(*proto), GFP_ATOMIC);
if (proto) {
memcpy(proto->type, desc, 5);
proto->rcvfunc = rcvfunc;
proto->header_length = 5 + 3; /* snap + 802.2 */
proto->request = snap_request;
list_add_rcu(&proto->node, &snap_list);
}
Reported by FlawFinder.
include/uapi/linux/i2o-dev.h
2 issues
Line: 108
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2o_evt_info {
struct i2o_evt_id id;
unsigned char evt_data[I2O_EVT_DATA_SIZE];
unsigned int data_size;
};
struct i2o_evt_get {
struct i2o_evt_info info;
Reported by FlawFinder.
Line: 243
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 max_inbound_frames;
__u32 cur_inbound_frames;
__u32 max_outbound_frames;
char product_id[24];
__u32 expected_lct_size;
__u32 iop_capabilities;
__u32 desired_mem_size;
__u32 current_mem_size;
__u32 current_mem_base;
Reported by FlawFinder.
include/uapi/linux/netfilter/xt_rateest.h
2 issues
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct xt_rateest_match_info {
char name1[IFNAMSIZ];
char name2[IFNAMSIZ];
__u16 flags;
__u16 mode;
__u32 bps1;
__u32 pps1;
Reported by FlawFinder.
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xt_rateest_match_info {
char name1[IFNAMSIZ];
char name2[IFNAMSIZ];
__u16 flags;
__u16 mode;
__u32 bps1;
__u32 pps1;
__u32 bps2;
Reported by FlawFinder.