The following issues were found
drivers/tty/serdev/serdev-ttyport.c
2 issues
Line: 117
Column: 17
CWE codes:
362
return PTR_ERR(tty);
serport->tty = tty;
if (!tty->ops->open || !tty->ops->close) {
ret = -ENODEV;
goto err_unlock;
}
ret = tty->ops->open(serport->tty, NULL);
Reported by FlawFinder.
Line: 122
Column: 18
CWE codes:
362
goto err_unlock;
}
ret = tty->ops->open(serport->tty, NULL);
if (ret)
goto err_close;
tty_unlock(serport->tty);
Reported by FlawFinder.
drivers/spi/spi-sc18is602.c
2 issues
Line: 83
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Enqueue messages up to the first read or until do_transfer is true.
*/
if (t->tx_buf) {
memcpy(&hw->buffer[hw->tlen], t->tx_buf, len);
hw->tlen += len;
if (t->rx_buf)
do_transfer = true;
else
hw->rindex = hw->tlen - 1;
Reported by FlawFinder.
Line: 123
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
if (ret != rlen)
return -EIO;
memcpy(t->rx_buf, &hw->buffer[hw->rindex], len);
}
hw->tlen = 0;
}
return len;
}
Reported by FlawFinder.
drivers/video/fbdev/core/fb_cmdline.c
2 issues
Line: 20
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <linux/init.h>
#include <linux/fb.h>
static char *video_options[FB_MAX] __read_mostly;
static int ofonly __read_mostly;
const char *fb_mode_option;
EXPORT_SYMBOL_GPL(fb_mode_option);
Reported by FlawFinder.
Line: 39
Column: 17
CWE codes:
126
{
char *opt, *options = NULL;
int retval = 0;
int name_len = strlen(name), i;
if (name_len && ofonly && strncmp(name, "offb", 4))
retval = 1;
if (name_len && !retval) {
Reported by FlawFinder.
drivers/spi/spi-dw-core.c
2 issues
Line: 61
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int dw_spi_debugfs_init(struct dw_spi *dws)
{
char name[32];
snprintf(name, 32, "dw_spi%d", dws->master->bus_num);
dws->debugfs = debugfs_create_dir(name, NULL);
if (!dws->debugfs)
return -ENOMEM;
Reported by FlawFinder.
Line: 522
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out[i] = 0x0;
if (op->data.dir == SPI_MEM_DATA_OUT)
memcpy(&out[i], op->data.buf.out, op->data.nbytes);
dws->n_bytes = 1;
dws->tx = out;
dws->tx_len = len;
if (op->data.dir == SPI_MEM_DATA_IN) {
Reported by FlawFinder.
drivers/usb/gadget/function/f_rndis.c
2 issues
Line: 505
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* return the result */
buf = rndis_get_next_response(rndis->params, &n);
if (buf) {
memcpy(req->buf, buf, n);
req->complete = rndis_response_complete;
req->context = rndis;
rndis_free_response(rndis->params, buf);
value = n;
}
Reported by FlawFinder.
Line: 918
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct f_rndis_opts *opts;
struct usb_os_desc *descs[1];
char *names[1];
struct config_group *rndis_interf_group;
opts = kzalloc(sizeof(*opts), GFP_KERNEL);
if (!opts)
return ERR_PTR(-ENOMEM);
Reported by FlawFinder.
drivers/tty/serial/8250/8250_bcm7271.c
2 issues
Line: 426
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tx_size = CIRC_CNT_TO_END(xmit->head, xmit->tail, UART_XMIT_SIZE);
priv->dma.tx_err = 0;
memcpy(priv->tx_buf, &xmit->buf[xmit->tail], tx_size);
xmit->tail += tx_size;
xmit->tail &= UART_XMIT_SIZE - 1;
p->port.icount.tx += tx_size;
if (uart_circ_chars_pending(xmit) < WAKEUP_CHARS)
Reported by FlawFinder.
Line: 950
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret;
int x;
int dma_irq;
static const char * const reg_names[REGS_MAX] = {
"uart", "dma_rx", "dma_tx", "dma_intr2", "dma_arb"
};
irq = platform_get_resource(pdev, IORESOURCE_IRQ, 0);
if (!irq) {
Reported by FlawFinder.
drivers/staging/rtl8723bs/core/rtw_pwrctrl.c
2 issues
Line: 450
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dvobj_priv *dvobj = adapter_to_dvobj(padapter);
struct pwrctrl_priv *pwrpriv = dvobj_to_pwrctl(dvobj);
int n_assoc_iface = 0;
char buf[32] = {0};
if (hal_btcoex_IsBtControlLps(padapter))
return;
/* Skip lps enter request if number of assocated adapters is not 1 */
Reported by FlawFinder.
Line: 491
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dvobj_priv *dvobj = adapter_to_dvobj(padapter);
struct pwrctrl_priv *pwrpriv = dvobj_to_pwrctl(dvobj);
char buf[32] = {0};
if (hal_btcoex_IsBtControlLps(padapter))
return;
if (pwrpriv->bLeisurePs) {
Reported by FlawFinder.
drivers/tty/serial/8250/8250_pci.c
2 issues
Line: 4148
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Use a copy of the pci_board entry for this;
* avoid changing entries in the table.
*/
memcpy(&tmp, board, sizeof(struct pciserial_board));
board = &tmp;
/*
* We matched one of our class entries. Try to
* determine the parameters of this board.
Reported by FlawFinder.
Line: 4164
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* detect this boards settings with our heuristic,
* then we no longer need this entry.
*/
memcpy(&tmp, &pci_boards[pbn_default],
sizeof(struct pciserial_board));
rc = serial_pci_guess_board(dev, &tmp);
if (rc == 0 && serial_pci_matches(board, &tmp))
moan_device("Redundant entry in serial pci_table.",
dev);
Reported by FlawFinder.
drivers/usb/gadget/function/f_mass_storage.h
2 issues
Line: 9
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "storage_common.h"
struct fsg_module_parameters {
char *file[FSG_MAX_LUNS];
bool ro[FSG_MAX_LUNS];
bool removable[FSG_MAX_LUNS];
bool cdrom[FSG_MAX_LUNS];
bool nofua[FSG_MAX_LUNS];
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char removable;
char cdrom;
char nofua;
char inquiry_string[INQUIRY_STRING_LEN];
};
struct fsg_config {
unsigned nluns;
struct fsg_lun_config luns[FSG_MAX_LUNS];
Reported by FlawFinder.
drivers/video/fbdev/core/modedb.c
2 issues
Line: 22
Column: 50
CWE codes:
126
#undef DEBUG
#define name_matches(v, s, l) \
((v).name && !strncmp((s), (v).name, (l)) && strlen((v).name) == (l))
#define res_matches(v, x, y) \
((v).xres == (x) && (v).yres == (y))
#ifdef DEBUG
#define DPRINTK(fmt, args...) printk("modedb %s: " fmt, __func__ , ## args)
Reported by FlawFinder.
Line: 642
Column: 26
CWE codes:
126
mode_option = fb_mode_option;
if (mode_option) {
const char *name = mode_option;
unsigned int namelen = strlen(name);
int res_specified = 0, bpp_specified = 0, refresh_specified = 0;
unsigned int xres = 0, yres = 0, bpp = default_bpp, refresh = 0;
int yres_specified = 0, cvt = 0, rb = 0;
int interlace_specified = 0, interlace = 0;
int margins = 0;
Reported by FlawFinder.