The following issues were found
include/sound/compress_driver.h
2 issues
Line: 113
Column: 8
CWE codes:
362
* @get_codec_caps: Retrieve capabilities for a specific codec, mandatory
*/
struct snd_compr_ops {
int (*open)(struct snd_compr_stream *stream);
int (*free)(struct snd_compr_stream *stream);
int (*set_params)(struct snd_compr_stream *stream,
struct snd_compr_params *params);
int (*get_params)(struct snd_compr_stream *stream,
struct snd_codec *params);
Reported by FlawFinder.
Line: 161
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool use_pause_in_draining;
#ifdef CONFIG_SND_VERBOSE_PROCFS
/* private: */
char id[64];
struct snd_info_entry *proc_root;
struct snd_info_entry *proc_info_entry;
#endif
};
Reported by FlawFinder.
include/sound/ak4xxx-adda.h
2 issues
Line: 48
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_card *card;
unsigned int num_adcs; /* AK4524 or AK4528 ADCs */
unsigned int num_dacs; /* AK4524 or AK4528 DACs */
unsigned char images[AK4XXX_IMAGE_SIZE]; /* saved register image */
unsigned char volumes[AK4XXX_IMAGE_SIZE]; /* saved volume values */
unsigned long private_value[AK4XXX_MAX_CHIPS]; /* helper for driver */
void *private_data[AK4XXX_MAX_CHIPS]; /* helper for driver */
/* template should fill the following fields */
unsigned int idx_offset; /* control index offset */
Reported by FlawFinder.
Line: 49
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int num_adcs; /* AK4524 or AK4528 ADCs */
unsigned int num_dacs; /* AK4524 or AK4528 DACs */
unsigned char images[AK4XXX_IMAGE_SIZE]; /* saved register image */
unsigned char volumes[AK4XXX_IMAGE_SIZE]; /* saved volume values */
unsigned long private_value[AK4XXX_MAX_CHIPS]; /* helper for driver */
void *private_data[AK4XXX_MAX_CHIPS]; /* helper for driver */
/* template should fill the following fields */
unsigned int idx_offset; /* control index offset */
enum {
Reported by FlawFinder.
include/uapi/linux/acct.h
2 issues
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u16 ac_ahz; /* AHZ */
#endif
__u32 ac_exitcode; /* Exitcode */
char ac_comm[ACCT_COMM + 1]; /* Command Name */
__u8 ac_etime_hi; /* Elapsed Time MSB */
__u16 ac_etime_lo; /* Elapsed Time LSB */
__u32 ac_uid; /* Real User ID */
__u32 ac_gid; /* Real Group ID */
};
Reported by FlawFinder.
Line: 100
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
comp_t ac_minflt; /* Minor Pagefaults */
comp_t ac_majflt; /* Major Pagefaults */
comp_t ac_swaps; /* Number of Swaps */
char ac_comm[ACCT_COMM]; /* Command Name */
};
/*
* accounting flags
*/
Reported by FlawFinder.
kernel/bpf/preload/iterators/iterators.bpf.c
2 issues
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bpf_map {
__u32 id;
char name[16];
__u32 max_entries;
};
struct bpf_iter__bpf_map {
struct bpf_iter_meta *meta;
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bpf_prog_aux {
__u32 id;
char name[16];
const char *attach_func_name;
struct bpf_prog *dst_prog;
struct bpf_func_info *func_info;
struct btf *btf;
};
Reported by FlawFinder.
net/nfc/hci/hcp.c
2 issues
Line: 77
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
firstfrag = false;
packet->message.header = HCP_HEADER(type, instruction);
if (ptr) {
memcpy(packet->message.data, ptr,
data_link_len - 1);
ptr += data_link_len - 1;
}
} else {
memcpy(&packet->message, ptr, data_link_len);
Reported by FlawFinder.
Line: 82
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += data_link_len - 1;
}
} else {
memcpy(&packet->message, ptr, data_link_len);
ptr += data_link_len;
}
/* This is the last fragment, set the cb bit */
if (hci_len == 0)
Reported by FlawFinder.
include/xen/xenbus.h
2 issues
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xenbus_device_id
{
/* .../device/<device_type>/<identifier> */
char devicetype[32]; /* General class of device. */
};
/* A xenbus driver. */
struct xenbus_driver {
const char *name; /* defaults to ids[0].devicetype */
Reported by FlawFinder.
Line: 202
Column: 22
CWE codes:
126
struct work_struct;
#define XENBUS_IS_ERR_READ(str) ({ \
if (!IS_ERR(str) && strlen(str) == 0) { \
kfree(str); \
str = ERR_PTR(-ERANGE); \
} \
IS_ERR(str); \
})
Reported by FlawFinder.
net/netfilter/xt_SECMARK.c
2 issues
Line: 126
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
};
int ret;
memcpy(newinfo.secctx, info->secctx, SECMARK_SECCTX_MAX);
ret = secmark_tg_check(par->table, &newinfo);
info->secid = newinfo.secid;
return ret;
Reported by FlawFinder.
Line: 50
Column: 47
CWE codes:
126
info->secctx[SECMARK_SECCTX_MAX - 1] = '\0';
info->secid = 0;
err = security_secctx_to_secid(info->secctx, strlen(info->secctx),
&info->secid);
if (err) {
if (err == -EINVAL)
pr_info_ratelimited("invalid security context \'%s\'\n",
info->secctx);
Reported by FlawFinder.
net/netfilter/nf_tables_offload.c
2 issues
Line: 175
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (ctx->dep.type) {
case NFT_OFFLOAD_DEP_NETWORK:
WARN_ON(len != sizeof(__u16));
memcpy(&ctx->dep.l3num, data, sizeof(__u16));
break;
case NFT_OFFLOAD_DEP_TRANSPORT:
WARN_ON(len != sizeof(__u8));
memcpy(&ctx->dep.protonum, data, sizeof(__u8));
break;
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case NFT_OFFLOAD_DEP_TRANSPORT:
WARN_ON(len != sizeof(__u8));
memcpy(&ctx->dep.protonum, data, sizeof(__u8));
break;
default:
break;
}
ctx->dep.type = NFT_OFFLOAD_DEP_UNSPEC;
Reported by FlawFinder.
net/atm/pppoatm.c
2 issues
Line: 86
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Header used for LLC Encapsulated PPP (4 bytes) followed by the LCP protocol
* ID (0xC021) used in autodetection
*/
static const unsigned char pppllc[6] = { 0xFE, 0xFE, 0x03, 0xCF, 0xC0, 0x21 };
#define LLC_LEN (4)
static inline struct pppoatm_vcc *atmvcc_to_pvcc(const struct atm_vcc *atmvcc)
{
return (struct pppoatm_vcc *) (atmvcc->user_back);
Reported by FlawFinder.
Line: 337
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
} else if (!pppoatm_may_send(pvcc, skb->truesize))
goto nospace;
memcpy(skb_push(skb, LLC_LEN), pppllc, LLC_LEN);
break;
case e_vc:
if (!pppoatm_may_send(pvcc, skb->truesize))
goto nospace;
break;
Reported by FlawFinder.
net/nfc/llcp_commands.c
2 issues
Line: 101
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tlv[0] = type;
tlv[1] = length;
memcpy(tlv + 2, value, length);
return tlv;
}
struct nfc_llcp_sdp_tlv *nfc_llcp_build_sdres_tlv(u8 tid, u8 sap)
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sdreq->tid = tid;
sdreq->uri = sdreq->tlv + 3;
memcpy(sdreq->uri, uri, uri_len);
sdreq->time = jiffies;
INIT_HLIST_NODE(&sdreq->node);
Reported by FlawFinder.