The following issues were found
drivers/input/joystick/iforce/iforce-main.c
2 issues
Line: 82
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void iforce_set_gain(struct input_dev *dev, u16 gain)
{
struct iforce *iforce = input_get_drvdata(dev);
unsigned char data[3];
data[0] = gain >> 9;
iforce_send_packet(iforce, FF_CMD_GAIN, data);
}
Reported by FlawFinder.
Line: 91
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void iforce_set_autocenter(struct input_dev *dev, u16 magnitude)
{
struct iforce *iforce = input_get_drvdata(dev);
unsigned char data[3];
data[0] = 0x03;
data[1] = magnitude >> 9;
iforce_send_packet(iforce, FF_CMD_AUTOCENTER, data);
Reported by FlawFinder.
drivers/input/joystick/iforce/iforce-serio.c
2 issues
Line: 95
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (iforce_serio->cmd_response[0] != id)
return -EIO;
memcpy(response_data, iforce_serio->cmd_response,
iforce_serio->cmd_response_len);
*response_len = iforce_serio->cmd_response_len;
return 0;
}
Reported by FlawFinder.
Line: 167
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Handle command completion */
if (iforce_serio->expect_packet == iforce_serio->id) {
iforce_serio->expect_packet = 0;
memcpy(iforce_serio->cmd_response,
iforce_serio->data_in, IFORCE_MAX_LENGTH);
iforce_serio->cmd_response_len = iforce_serio->len;
/* Signal that command is done */
wake_up(&iforce->wait);
Reported by FlawFinder.
drivers/input/joystick/spaceball.c
2 issues
Line: 57
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct input_dev *dev;
int idx;
int escape;
unsigned char data[SPACEBALL_MAX_LENGTH];
char phys[32];
};
/*
* spaceball_process_packet() decodes packets the driver receives from the
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int idx;
int escape;
unsigned char data[SPACEBALL_MAX_LENGTH];
char phys[32];
};
/*
* spaceball_process_packet() decodes packets the driver receives from the
* SpaceBall.
Reported by FlawFinder.
drivers/input/joystick/spaceorb.c
2 issues
Line: 44
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct spaceorb {
struct input_dev *dev;
int idx;
unsigned char data[SPACEORB_MAX_LENGTH];
char phys[32];
};
static unsigned char spaceorb_xor[] = "SpaceWare";
Reported by FlawFinder.
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct input_dev *dev;
int idx;
unsigned char data[SPACEORB_MAX_LENGTH];
char phys[32];
};
static unsigned char spaceorb_xor[] = "SpaceWare";
static unsigned char *spaceorb_errors[] = { "EEPROM storing 0 failed", "Receive queue overflow", "Transmit queue timeout",
Reported by FlawFinder.
drivers/input/joystick/stinger.c
2 issues
Line: 39
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct stinger {
struct input_dev *dev;
int idx;
unsigned char data[STINGER_MAX_LENGTH];
char phys[32];
};
/*
* stinger_process_packet() decodes packets the driver receives from the
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct input_dev *dev;
int idx;
unsigned char data[STINGER_MAX_LENGTH];
char phys[32];
};
/*
* stinger_process_packet() decodes packets the driver receives from the
* Stinger. It updates the data accordingly.
Reported by FlawFinder.
drivers/input/joystick/turbografx.c
2 issues
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pardevice *pd;
struct timer_list timer;
struct input_dev *dev[TGFX_MAX_DEVICES];
char name[TGFX_MAX_DEVICES][64];
char phys[TGFX_MAX_DEVICES][32];
int sticks;
int used;
int parportno;
struct mutex sem;
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct timer_list timer;
struct input_dev *dev[TGFX_MAX_DEVICES];
char name[TGFX_MAX_DEVICES][64];
char phys[TGFX_MAX_DEVICES][32];
int sticks;
int used;
int parportno;
struct mutex sem;
} *tgfx_base[TGFX_MAX_PORTS];
Reported by FlawFinder.
drivers/input/joystick/twidjoy.c
2 issues
Line: 81
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct twidjoy {
struct input_dev *dev;
int idx;
unsigned char data[TWIDJOY_MAX_LENGTH];
char phys[32];
};
/*
* twidjoy_process_packet() decodes packets the driver receives from the
Reported by FlawFinder.
Line: 82
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct input_dev *dev;
int idx;
unsigned char data[TWIDJOY_MAX_LENGTH];
char phys[32];
};
/*
* twidjoy_process_packet() decodes packets the driver receives from the
* Twiddler. It updates the data accordingly.
Reported by FlawFinder.
drivers/input/joystick/warrior.c
2 issues
Line: 39
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct warrior {
struct input_dev *dev;
int idx, len;
unsigned char data[WARRIOR_MAX_LENGTH];
char phys[32];
};
/*
* warrior_process_packet() decodes packets the driver receives from the
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct input_dev *dev;
int idx, len;
unsigned char data[WARRIOR_MAX_LENGTH];
char phys[32];
};
/*
* warrior_process_packet() decodes packets the driver receives from the
* Warrior. It updates the data accordingly.
Reported by FlawFinder.
drivers/input/joystick/zhenhua.c
2 issues
Line: 59
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct zhenhua {
struct input_dev *dev;
int idx;
unsigned char data[ZHENHUA_MAX_LENGTH];
char phys[32];
};
/*
* zhenhua_process_packet() decodes packets the driver receives from the
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct input_dev *dev;
int idx;
unsigned char data[ZHENHUA_MAX_LENGTH];
char phys[32];
};
/*
* zhenhua_process_packet() decodes packets the driver receives from the
* RC transmitter. It updates the data accordingly.
Reported by FlawFinder.
drivers/input/keyboard/adp5588-keys.c
2 issues
Line: 49
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct adp5588_gpi_map *gpimap;
unsigned short gpimapsize;
#ifdef CONFIG_GPIOLIB
unsigned char gpiomap[ADP5588_MAXGPIO];
bool export_gpio;
struct gpio_chip gc;
struct mutex gpio_lock; /* Protect cached dir, dat_out */
u8 dat_out[3];
u8 dir[3];
Reported by FlawFinder.
Line: 535
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
input->keycodemax = pdata->keymapsize;
input->keycode = kpad->keycode;
memcpy(kpad->keycode, pdata->keymap,
pdata->keymapsize * input->keycodesize);
kpad->gpimap = pdata->gpimap;
kpad->gpimapsize = pdata->gpimapsize;
Reported by FlawFinder.