The following issues were found
drivers/infiniband/sw/siw/siw_cm.c
2 issues
Line: 613
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EPROTO;
/* Prepare for sending MPA reply */
memcpy(req->key, MPA_KEY_REP, 16);
if (version == MPA_REVISION_2 &&
(req->params.bits & MPA_RR_FLAG_ENHANCED)) {
/*
* MPA version 2 must signal IRD/ORD values and P2P mode
Reported by FlawFinder.
Line: 1469
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cep->mpa.v2_ctrl_req.ird = cep->mpa.v2_ctrl.ird;
cep->mpa.v2_ctrl_req.ord = cep->mpa.v2_ctrl.ord;
}
memcpy(cep->mpa.hdr.key, MPA_KEY_REQ, 16);
rv = siw_send_mpareqrep(cep, params->private_data, pd_len);
/*
* Reset private data.
*/
Reported by FlawFinder.
drivers/infiniband/ulp/ipoib/ipoib_cm.c
2 issues
Line: 46
#include "ipoib.h"
int ipoib_max_conn_qp = 128;
module_param_named(max_nonsrq_conn_qp, ipoib_max_conn_qp, int, 0444);
MODULE_PARM_DESC(max_nonsrq_conn_qp,
"Max number of connected-mode QPs per interface "
"(applied only if shared receive queue is not available)");
Reported by Cppcheck.
Line: 660
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ipoib_cm_dma_unmap_rx(priv, frags, rx_ring[wr_id].mapping);
memcpy(rx_ring[wr_id].mapping, mapping, (frags + 1) * sizeof(*mapping));
ipoib_dbg_data(priv, "received %d bytes, SLID 0x%04x\n",
wc->byte_len, wc->slid);
skb_put_frags(skb, IPOIB_CM_HEAD_SIZE, wc->byte_len, newskb);
Reported by FlawFinder.
drivers/infiniband/ulp/ipoib/ipoib_ethtool.c
2 issues
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "ipoib.h"
struct ipoib_stats {
char stat_string[ETH_GSTRING_LEN];
int stat_offset;
};
#define IPOIB_NETDEV_STAT(m) { \
.stat_string = #m, \
Reported by FlawFinder.
Line: 133
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (stringset) {
case ETH_SS_STATS:
for (i = 0; i < IPOIB_GLOBAL_STATS_LEN; i++) {
memcpy(p, ipoib_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
p += ETH_GSTRING_LEN;
}
break;
default:
Reported by FlawFinder.
drivers/infiniband/ulp/ipoib/ipoib_ib.c
2 issues
Line: 204
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(mapping, priv->rx_ring[wr_id].mapping,
IPOIB_UD_RX_SG * sizeof(*mapping));
/*
* If we can't allocate a new RX buffer, dump
* this packet and reuse the old buffer.
Reported by FlawFinder.
Line: 1138
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!test_bit(IPOIB_FLAG_DEV_ADDR_CTRL, &priv->flags)) {
memcpy(&priv->local_gid, &gid0,
sizeof(priv->local_gid));
memcpy(priv->dev->dev_addr + 4, &gid0,
sizeof(priv->local_gid));
ret = true;
}
}
}
Reported by FlawFinder.
drivers/infiniband/ulp/iser/iser_initiator.c
2 issues
Line: 465
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tx_desc->type = ISCSI_TX_DATAOUT;
tx_desc->cqe.done = iser_dataout_comp;
tx_desc->iser_header.flags = ISER_VER;
memcpy(&tx_desc->iscsi_header, hdr, sizeof(struct iscsi_hdr));
/* build the tx desc */
err = iser_initialize_task_headers(task, tx_desc);
if (err)
goto send_data_out_error;
Reported by FlawFinder.
Line: 531
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ib_dma_sync_single_for_cpu(device->ib_device, desc->req_dma,
task->data_count, DMA_TO_DEVICE);
memcpy(desc->req, task->data, task->data_count);
ib_dma_sync_single_for_device(device->ib_device, desc->req_dma,
task->data_count, DMA_TO_DEVICE);
tx_dsg->addr = desc->req_dma;
Reported by FlawFinder.
drivers/infiniband/ulp/opa_vnic/opa_vnic_ethtool.c
2 issues
Line: 59
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum {NETDEV_STATS, VNIC_STATS};
struct vnic_stats {
char stat_string[ETH_GSTRING_LEN];
struct {
int sizeof_stat;
int stat_offset;
};
};
Reported by FlawFinder.
Line: 167
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
for (i = 0; i < VNIC_STATS_LEN; i++)
memcpy(data + i * ETH_GSTRING_LEN,
vnic_gstrings_stats[i].stat_string,
ETH_GSTRING_LEN);
}
/* ethtool ops */
Reported by FlawFinder.
drivers/infiniband/ulp/opa_vnic/opa_vnic_vema.c
2 issues
Line: 235
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct opa_class_port_info *port_info;
port_info = (struct opa_class_port_info *)rsp_mad->data;
memcpy(port_info, &port->class_port_info, sizeof(*port_info));
port_info->base_version = OPA_MGMT_BASE_VERSION;
port_info->class_version = OPA_EMA_CLASS_VERSION;
/*
* Set capability mask bit indicating agent generates traps,
Reported by FlawFinder.
Line: 647
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rsp->ah = ah;
vema_mad = rsp->mad;
memcpy(vema_mad, mad_wc->recv_buf.mad, IB_MGMT_VENDOR_HDR);
vema_mad->mad_hdr.method = IB_MGMT_METHOD_GET_RESP;
vema_mad->mad_hdr.status = 0;
/* Lock ensures network adapter is not removed */
mutex_lock(&port->lock);
Reported by FlawFinder.
drivers/infiniband/ulp/rtrs/rtrs-clt.h
2 issues
Line: 151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rtrs_clt_stats *stats;
/* cache hca_port and hca_name to display in sysfs */
u8 hca_port;
char hca_name[IB_DEVICE_NAME_MAX];
struct list_head __percpu
*mp_skip_entry;
};
struct rtrs_clt {
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int paths_up;
struct mutex paths_mutex;
struct mutex paths_ev_mutex;
char sessname[NAME_MAX];
u16 port;
unsigned int max_reconnect_attempts;
unsigned int reconnect_delay_sec;
unsigned int max_segments;
void *permits;
Reported by FlawFinder.
drivers/infiniband/ulp/rtrs/rtrs-srv-sysfs.c
2 issues
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct rtrs_srv_sess *sess;
struct rtrs_sess *s;
char str[MAXHOSTNAMELEN];
sess = container_of(kobj, struct rtrs_srv_sess, kobj);
s = &sess->s;
if (!sysfs_streq(buf, "1")) {
rtrs_err(s, "%s: invalid value: '%s'\n",
Reported by FlawFinder.
Line: 262
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct rtrs_srv *srv = sess->srv;
struct rtrs_sess *s = &sess->s;
char str[NAME_MAX];
int err;
struct rtrs_addr path = {
.src = &sess->s.dst_addr,
.dst = &sess->s.src_addr,
};
Reported by FlawFinder.
drivers/input/joystick/grip.c
2 issues
Line: 41
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct grip {
struct gameport *gameport;
struct input_dev *dev[2];
unsigned char mode[2];
int reads;
int bads;
char phys[2][32];
};
Reported by FlawFinder.
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char mode[2];
int reads;
int bads;
char phys[2][32];
};
static int grip_btn_gpp[] = { BTN_START, BTN_SELECT, BTN_TR2, BTN_Y, 0, BTN_TL2, BTN_A, BTN_B, BTN_X, 0, BTN_TL, BTN_TR, -1 };
static int grip_btn_bd[] = { BTN_THUMB, BTN_THUMB2, BTN_TRIGGER, BTN_TOP, BTN_BASE, -1 };
static int grip_btn_xt[] = { BTN_TRIGGER, BTN_THUMB, BTN_A, BTN_B, BTN_C, BTN_X, BTN_Y, BTN_Z, BTN_SELECT, BTN_START, BTN_MODE, -1 };
Reported by FlawFinder.