The following issues were found
include/sound/mixer_oss.h
2 issues
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_mixer_oss {
struct snd_card *card;
char id[16];
char name[32];
struct snd_mixer_oss_slot slots[SNDRV_OSS_MAX_MIXERS]; /* OSS mixer slots */
unsigned int mask_recsrc; /* exclusive recsrc mask */
int (*get_recsrc)(struct snd_mixer_oss_file *fmixer,
unsigned int *active_index);
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_mixer_oss {
struct snd_card *card;
char id[16];
char name[32];
struct snd_mixer_oss_slot slots[SNDRV_OSS_MAX_MIXERS]; /* OSS mixer slots */
unsigned int mask_recsrc; /* exclusive recsrc mask */
int (*get_recsrc)(struct snd_mixer_oss_file *fmixer,
unsigned int *active_index);
int (*put_recsrc)(struct snd_mixer_oss_file *fmixer,
Reported by FlawFinder.
net/netfilter/nf_conntrack_proto_tcp.c
2 issues
Line: 332
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct tcphdr *tcph,
struct ip_ct_tcp_state *state)
{
unsigned char buff[(15 * 4) - sizeof(struct tcphdr)];
const unsigned char *ptr;
int length = (tcph->doff*4) - sizeof(struct tcphdr);
if (!length)
return;
Reported by FlawFinder.
Line: 388
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff,
const struct tcphdr *tcph, __u32 *sack)
{
unsigned char buff[(15 * 4) - sizeof(struct tcphdr)];
const unsigned char *ptr;
int length = (tcph->doff*4) - sizeof(struct tcphdr);
__u32 tmp;
if (!length)
Reported by FlawFinder.
include/uapi/linux/hdlcdrv.h
2 issues
Line: 60
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hdlcdrv_old_channel_state ocs;
unsigned int calibrate;
unsigned char bits;
char modename[128];
char drivername[32];
} data;
};
/* -------------------------------------------------------------------- */
Reported by FlawFinder.
Line: 61
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int calibrate;
unsigned char bits;
char modename[128];
char drivername[32];
} data;
};
/* -------------------------------------------------------------------- */
Reported by FlawFinder.
net/netfilter/nf_flow_table_core.c
2 issues
Line: 118
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (route->tuple[dir].xmit_type) {
case FLOW_OFFLOAD_XMIT_DIRECT:
memcpy(flow_tuple->out.h_dest, route->tuple[dir].out.h_dest,
ETH_ALEN);
memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source,
ETH_ALEN);
flow_tuple->out.ifidx = route->tuple[dir].out.ifindex;
flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex;
Reported by FlawFinder.
Line: 120
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case FLOW_OFFLOAD_XMIT_DIRECT:
memcpy(flow_tuple->out.h_dest, route->tuple[dir].out.h_dest,
ETH_ALEN);
memcpy(flow_tuple->out.h_source, route->tuple[dir].out.h_source,
ETH_ALEN);
flow_tuple->out.ifidx = route->tuple[dir].out.ifindex;
flow_tuple->out.hw_ifidx = route->tuple[dir].out.hw_ifindex;
break;
case FLOW_OFFLOAD_XMIT_XFRM:
Reported by FlawFinder.
include/linux/tty_ldisc.h
2 issues
Line: 183
Column: 8
CWE codes:
362
/*
* The following routines are called from above.
*/
int (*open)(struct tty_struct *);
void (*close)(struct tty_struct *);
void (*flush_buffer)(struct tty_struct *tty);
ssize_t (*read)(struct tty_struct *tty, struct file *file,
unsigned char *buf, size_t nr,
void **cookie, unsigned long offset);
Reported by FlawFinder.
Line: 186
Column: 12
CWE codes:
120
20
int (*open)(struct tty_struct *);
void (*close)(struct tty_struct *);
void (*flush_buffer)(struct tty_struct *tty);
ssize_t (*read)(struct tty_struct *tty, struct file *file,
unsigned char *buf, size_t nr,
void **cookie, unsigned long offset);
ssize_t (*write)(struct tty_struct *tty, struct file *file,
const unsigned char *buf, size_t nr);
int (*ioctl)(struct tty_struct *tty, struct file *file,
Reported by FlawFinder.
include/uapi/linux/atmsap.h
2 issues
Line: 133
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} h310;
struct { /* if l3_proto = ATM_L3_TR9577 */
unsigned char ipi; /* initial protocol id */
unsigned char snap[5];/* IEEE 802.1 SNAP identifier */
/* (only if ipi == NLPID_IEEE802_1_SNAP) */
} tr9577;
} l3;
} __ATM_API_ALIGN;
Reported by FlawFinder.
Line: 144
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char hl_type; /* high layer information type */
unsigned char hl_length; /* length (only if hl_type == ATM_HL_USER || */
/* hl_type == ATM_HL_ISO) */
unsigned char hl_info[ATM_MAX_HLI];/* high layer information */
};
#define ATM_MAX_BLLI 3 /* maximum number of BLLI elements */
Reported by FlawFinder.
net/core/sock_reuseport.c
2 issues
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
more_reuse->bind_inany = reuse->bind_inany;
more_reuse->has_conns = reuse->has_conns;
memcpy(more_reuse->socks, reuse->socks,
reuse->num_socks * sizeof(struct sock *));
memcpy(more_reuse->socks +
(more_reuse->max_socks - more_reuse->num_closed_socks),
reuse->socks + (reuse->max_socks - reuse->num_closed_socks),
reuse->num_closed_socks * sizeof(struct sock *));
Reported by FlawFinder.
Line: 199
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(more_reuse->socks, reuse->socks,
reuse->num_socks * sizeof(struct sock *));
memcpy(more_reuse->socks +
(more_reuse->max_socks - more_reuse->num_closed_socks),
reuse->socks + (reuse->max_socks - reuse->num_closed_socks),
reuse->num_closed_socks * sizeof(struct sock *));
more_reuse->synq_overflow_ts = READ_ONCE(reuse->synq_overflow_ts);
Reported by FlawFinder.
include/sound/i2c.h
2 issues
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_i2c_device {
struct list_head list;
struct snd_i2c_bus *bus; /* I2C bus */
char name[32]; /* some useful device name */
unsigned short flags; /* device flags */
unsigned short addr; /* device address (might be 10-bit) */
unsigned long private_value;
void *private_data;
void (*private_free)(struct snd_i2c_device *device);
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_i2c_bus {
struct snd_card *card; /* card which I2C belongs to */
char name[32]; /* some useful label */
struct mutex lock_mutex;
struct snd_i2c_bus *master; /* master bus when SCK/SCL is shared */
struct list_head buses; /* master: slave buses sharing SCK/SCL, slave: link list */
Reported by FlawFinder.
include/uapi/linux/atmbr2684.h
2 issues
Line: 58
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct atm_newif_br2684 {
atm_backend_t backend_num; /* ATM_BACKEND_BR2684 */
int media; /* BR2684_MEDIA_*, flags in upper bits */
char ifname[IFNAMSIZ];
int mtu;
};
/*
* This structure is used to specify a br2684 interface - either by a
Reported by FlawFinder.
Line: 72
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct br2684_if_spec {
int method; /* BR2684_FIND_* */
union {
char ifname[IFNAMSIZ];
int devnum;
} spec;
};
/*
Reported by FlawFinder.
net/netfilter/xt_CT.c
2 issues
Line: 235
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (info->flags & ~XT_CT_NOTRACK)
return -EINVAL;
memcpy(info_v1.helper, info->helper, sizeof(info->helper));
ret = xt_ct_tg_check(par, &info_v1);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 294
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
.exp_events = info->exp_events,
.ct = info->ct,
};
memcpy(info_v1.helper, info->helper, sizeof(info->helper));
xt_ct_tg_destroy(par, &info_v1);
}
static void xt_ct_tg_destroy_v1(const struct xt_tgdtor_param *par)
Reported by FlawFinder.