The following issues were found
drivers/isdn/hardware/mISDN/mISDNipac.c
2 issues
Line: 128
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
isac->read_fifo(isac->dch.hw, isac->off, ptr, count);
WriteISAC(isac, ISAC_CMDR, 0x80);
if (isac->dch.debug & DEBUG_HW_DFIFO) {
char pfx[MISDN_MAX_IDLEN + 16];
snprintf(pfx, MISDN_MAX_IDLEN + 15, "D-recv %s %d ",
isac->name, count);
print_hex_dump_bytes(pfx, DUMP_PREFIX_OFFSET, ptr, count);
}
Reported by FlawFinder.
Line: 165
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
isac->dch.timer.expires = jiffies + ((DBUSY_TIMER_VALUE * HZ)/1000);
add_timer(&isac->dch.timer);
if (isac->dch.debug & DEBUG_HW_DFIFO) {
char pfx[MISDN_MAX_IDLEN + 16];
snprintf(pfx, MISDN_MAX_IDLEN + 15, "D-send %s %d ",
isac->name, count);
print_hex_dump_bytes(pfx, DUMP_PREFIX_OFFSET, ptr, count);
}
Reported by FlawFinder.
drivers/isdn/hardware/mISDN/w6692.c
2 issues
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct w6692_hw {
struct list_head list;
struct pci_dev *pdev;
char name[MISDN_MAX_IDLEN];
u32 irq;
u32 irqcnt;
u32 addr;
u32 fmask; /* feature mask - bit set per card nr */
int subtype;
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 state;
struct w6692_ch bc[2];
struct dchannel dch;
char log[64];
};
static LIST_HEAD(Cards);
static DEFINE_RWLOCK(card_lock); /* protect Cards */
Reported by FlawFinder.
drivers/isdn/mISDN/dsp_core.c
2 issues
Line: 557
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ret = -EINVAL;
break;
}
if (len > 0 && ((char *)data)[len - 1]) {
printk(KERN_DEBUG "%s: pipeline config string "
"is not NULL terminated!\n", __func__);
ret = -EINVAL;
} else {
dsp->pipeline.inuse = 1;
Reported by FlawFinder.
Line: 1081
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
printk(KERN_WARNING "%s:cannot get module\n",
__func__);
sprintf(ndsp->name, "DSP_C%x(0x%p)",
ndsp->up->st->dev->id + 1, ndsp);
/* set frame size to start */
ndsp->features.hfc_id = -1; /* current PCM id */
ndsp->features.pcm_id = -1; /* current PCM id */
ndsp->pcm_slot_rx = -1; /* current CPM slot */
Reported by FlawFinder.
drivers/isdn/mISDN/dsp_hwec.c
2 issues
Line: 49
Column: 8
CWE codes:
126
if (!arg)
goto _do;
len = strlen(arg);
if (!len)
goto _do;
{
char *dup, *tok, *name, *val;
Reported by FlawFinder.
Line: 62
Column: 9
CWE codes:
126
return;
while ((tok = strsep(&dup, ","))) {
if (!strlen(tok))
continue;
name = strsep(&tok, "=");
val = tok;
if (!val)
Reported by FlawFinder.
drivers/isdn/mISDN/dsp_pipeline.c
2 issues
Line: 45
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*buf = 0;
for (i = 0; i < elem->num_args; i++)
p += sprintf(p, "Name: %s\n%s%s%sDescription: %s\n\n",
elem->args[i].name,
elem->args[i].def ? "Default: " : "",
elem->args[i].def ? elem->args[i].def : "",
elem->args[i].def ? "\n" : "",
elem->args[i].desc);
Reported by FlawFinder.
Line: 210
Column: 8
CWE codes:
126
if (!dup)
return 0;
while ((tok = strsep(&dup, "|"))) {
if (!strlen(tok))
continue;
name = strsep(&tok, "(");
args = strsep(&tok, ")");
if (args && !*args)
args = NULL;
Reported by FlawFinder.
drivers/isdn/mISDN/layer2.c
2 issues
Line: 804
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
header[1] = 0xff; /* tei 127 */
header[i++] = UI;
while ((skb = skb_dequeue(&l2->ui_queue))) {
memcpy(skb_push(skb, i), header, i);
enqueue_ui(l2, skb);
}
}
static void
Reported by FlawFinder.
Line: 1506
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_kfree_skb(l2->windowar[p1]);
}
l2->windowar[p1] = skb;
memcpy(skb_push(nskb, i), header, i);
l2down(l2, PH_DATA_REQ, l2_newid(l2), nskb);
test_and_clear_bit(FLG_ACK_PEND, &l2->flag);
if (!test_and_set_bit(FLG_T200_RUN, &l2->flag)) {
mISDN_FsmDelTimer(&l2->t203, 13);
mISDN_FsmAddTimer(&l2->t200, l2->T200, EV_L2_T200, NULL, 11);
Reported by FlawFinder.
drivers/isdn/mISDN/socket.c
2 issues
Line: 154
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_queue_head(&sk->sk_receive_queue, skb);
return -ENOSPC;
}
memcpy(skb_push(skb, MISDN_HEADER_LEN), mISDN_HEAD_P(skb),
MISDN_HEADER_LEN);
err = skb_copy_datagram_msg(skb, 0, msg, copied);
mISDN_sock_cmsg(sk, msg, skb);
Reported by FlawFinder.
Line: 201
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto done;
}
memcpy(mISDN_HEAD_P(skb), skb->data, MISDN_HEADER_LEN);
skb_pull(skb, MISDN_HEADER_LEN);
if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) {
/* if we have a address, we use it */
DECLARE_SOCKADDR(struct sockaddr_mISDN *, maddr, msg->msg_name);
Reported by FlawFinder.
drivers/leds/led-core.c
2 issues
Line: 28
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
LIST_HEAD(leds_list);
EXPORT_SYMBOL_GPL(leds_list);
const char * const led_colors[LED_COLOR_ID_MAX] = {
[LED_COLOR_ID_WHITE] = "white",
[LED_COLOR_ID_RED] = "red",
[LED_COLOR_ID_GREEN] = "green",
[LED_COLOR_ID_BLUE] = "blue",
[LED_COLOR_ID_AMBER] = "amber",
Reported by FlawFinder.
Line: 446
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
devicename, props.label);
}
} else if (props.function || props.color_present) {
char tmp_buf[LED_MAX_NAME_SIZE];
if (props.func_enum_present) {
snprintf(tmp_buf, LED_MAX_NAME_SIZE, "%s:%s-%d",
props.color_present ? led_colors[props.color] : "",
props.function ?: "", props.func_enum);
Reported by FlawFinder.
drivers/leds/leds-lp3952.c
2 issues
Line: 111
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int lp3952_register_led_classdev(struct lp3952_led_array *priv)
{
int i, acpi_ret, ret = -ENODEV;
static const char *led_name_hdl[LP3952_LED_ALL] = {
"blue2",
"green2",
"red2",
"blue1",
"green1",
Reported by FlawFinder.
Line: 104
Column: 2
CWE codes:
120
if (ret)
return ret;
strncpy(dest, str, LP3952_LABEL_MAX_LEN);
return 0;
}
static int lp3952_register_led_classdev(struct lp3952_led_array *priv)
{
Reported by FlawFinder.
drivers/leds/leds-lp5562.c
2 issues
Line: 217
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[LP55XX_ENGINE_3] = LP5562_REG_PROG_MEM_ENG3,
};
unsigned cmd;
char c[3];
int program_size;
int nrchars;
int offset = 0;
int ret;
int i;
Reported by FlawFinder.
Line: 231
Column: 9
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
i = 0;
while ((offset < size - 1) && (i < LP5562_PROGRAM_LENGTH)) {
/* separate sscanfs because length is working only for %s */
ret = sscanf(data + offset, "%2s%n ", c, &nrchars);
if (ret != 1)
goto err;
ret = sscanf(c, "%2x", &cmd);
if (ret != 1)
Reported by FlawFinder.