The following issues were found
drivers/staging/rtl8723bs/os_dep/mlme_linux.c
2 issues
Line: 83
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Backup the btkip_countermeasure information. */
/* When the countermeasure is trigger, the driver have to disconnect with AP for 60 seconds. */
memcpy(&backupPMKIDList[0], &adapter->securitypriv.PMKIDList[0], sizeof(struct rt_pmkid_list) * NUM_PMKID_CACHE);
backupPMKIDIndex = adapter->securitypriv.PMKIDIndex;
backupTKIPCountermeasure = adapter->securitypriv.btkip_countermeasure;
backupTKIPcountermeasure_time = adapter->securitypriv.btkip_countermeasure_time;
/* reset RX BIP packet number */
Reported by FlawFinder.
Line: 95
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Added by Albert 2009/02/18 */
/* Restore the PMK information to securitypriv structure for the following connection. */
memcpy(&adapter->securitypriv.PMKIDList[0], &backupPMKIDList[0], sizeof(struct rt_pmkid_list) * NUM_PMKID_CACHE);
adapter->securitypriv.PMKIDIndex = backupPMKIDIndex;
adapter->securitypriv.btkip_countermeasure = backupTKIPCountermeasure;
adapter->securitypriv.btkip_countermeasure_time = backupTKIPcountermeasure_time;
adapter->securitypriv.ndisauthtype = Ndis802_11AuthModeOpen;
Reported by FlawFinder.
drivers/usb/cdns3/cdns3-trace.h
2 issues
Line: 447
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(TRBS_PER_SEGMENT * 65) + CDNS3_MSG_MAX)
),
TP_fast_assign(
memcpy(__get_dynamic_array(priv_ep), priv_ep,
sizeof(struct cdns3_endpoint));
memcpy(__get_dynamic_array(ring), priv_ep->trb_pool,
TRB_RING_SIZE);
),
Reported by FlawFinder.
Line: 449
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TP_fast_assign(
memcpy(__get_dynamic_array(priv_ep), priv_ep,
sizeof(struct cdns3_endpoint));
memcpy(__get_dynamic_array(ring), priv_ep->trb_pool,
TRB_RING_SIZE);
),
TP_printk("%s",
cdns3_dbg_ring((struct cdns3_endpoint *)__get_str(priv_ep),
Reported by FlawFinder.
drivers/usb/musb/musb_host.c
2 issues
Line: 2569
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
length = urb->actual_length;
memcpy(temp->old_xfer_buffer, temp->data, length);
}
urb->transfer_buffer = temp->old_xfer_buffer;
kfree(temp->kmalloc_ptr);
urb->transfer_flags &= ~URB_ALIGNED_TEMP_BUFFER;
Reported by FlawFinder.
Line: 2606
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
temp->kmalloc_ptr = kmalloc_ptr;
temp->old_xfer_buffer = urb->transfer_buffer;
if (dir == DMA_TO_DEVICE)
memcpy(temp->data, urb->transfer_buffer,
urb->transfer_buffer_length);
urb->transfer_buffer = temp->data;
urb->transfer_flags |= URB_ALIGNED_TEMP_BUFFER;
Reported by FlawFinder.
drivers/staging/rtl8192e/rtl8192e/r8192E_firmware.c
2 issues
Line: 117
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(blob->data, 0, padding);
if (fw->size % 4)
memset(blob->data + padding + fw->size, 0, 4);
memcpy(blob->data + padding, fw->data, fw->size);
blob->size = round_up(fw->size, 4) + padding;
/* Swap endian - firmware is packaged in invalid endiannes*/
for (i = padding; i < blob->size; i += 4) {
Reported by FlawFinder.
Line: 161
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = starting_state; i <= FW_INIT_STEP2_DATA; i++) {
if (rst_opt == OPT_SYSTEM_RESET) {
if (pfirmware->blobs[i].size == 0) {
const char *fw_name[3] = {
RTL8192E_BOOT_IMG_FW,
RTL8192E_MAIN_IMG_FW,
RTL8192E_DATA_IMG_FW
};
int pad = 0;
Reported by FlawFinder.
drivers/ssb/sdio.c
2 issues
Line: 495
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"mac tpl size");
/* fetch the MAC address. */
mac = tuple->data + 2;
memcpy(sprom->il0mac, mac, ETH_ALEN);
memcpy(sprom->et1mac, mac, ETH_ALEN);
break;
default:
break;
}
Reported by FlawFinder.
Line: 496
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* fetch the MAC address. */
mac = tuple->data + 2;
memcpy(sprom->il0mac, mac, ETH_ALEN);
memcpy(sprom->et1mac, mac, ETH_ALEN);
break;
default:
break;
}
break;
Reported by FlawFinder.
drivers/usb/musb/tusb6010_omap.c
2 issues
Line: 551
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* - MAX_DMAREQ number of channels in multichannel mode
*/
if (i == 0 || tusb_dma->multichannel) {
char ch_name[8];
sprintf(ch_name, "dmareq%d", i);
dma_data->chan = dma_request_chan(musb->controller,
ch_name);
if (IS_ERR(dma_data->chan)) {
Reported by FlawFinder.
Line: 553
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (i == 0 || tusb_dma->multichannel) {
char ch_name[8];
sprintf(ch_name, "dmareq%d", i);
dma_data->chan = dma_request_chan(musb->controller,
ch_name);
if (IS_ERR(dma_data->chan)) {
dev_err(musb->controller,
"Failed to request %s\n", ch_name);
Reported by FlawFinder.
drivers/staging/fbtft/fbtft.h
2 issues
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*
*/
struct fbtft_gpio {
char name[FBTFT_GPIO_NAME_SIZE];
struct gpio_desc *gpio;
};
struct fbtft_par;
Reported by FlawFinder.
Line: 62
Column: 8
CWE codes:
120
20
*/
struct fbtft_ops {
int (*write)(struct fbtft_par *par, void *buf, size_t len);
int (*read)(struct fbtft_par *par, void *buf, size_t len);
int (*write_vmem)(struct fbtft_par *par, size_t offset, size_t len);
void (*write_register)(struct fbtft_par *par, int len, ...);
void (*set_addr_win)(struct fbtft_par *par,
int xs, int ys, int xe, int ye);
Reported by FlawFinder.
drivers/soc/samsung/s3c-pm-debug.c
2 issues
Line: 30
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char buff[256];
va_start(va, fmt);
vsnprintf(buff, sizeof(buff), fmt, va);
va_end(va);
printascii(buff);
}
Reported by FlawFinder.
Line: 27
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void s3c_pm_dbg(const char *fmt, ...)
{
va_list va;
char buff[256];
va_start(va, fmt);
vsnprintf(buff, sizeof(buff), fmt, va);
va_end(va);
Reported by FlawFinder.
drivers/usb/phy/phy.c
2 issues
Line: 151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int usb_phy_uevent(struct device *dev, struct kobj_uevent_env *env)
{
struct usb_phy *usb_phy;
char uchger_state[50] = { 0 };
char uchger_type[50] = { 0 };
unsigned long flags;
spin_lock_irqsave(&phy_lock, flags);
usb_phy = __device_to_usb_phy(dev);
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct usb_phy *usb_phy;
char uchger_state[50] = { 0 };
char uchger_type[50] = { 0 };
unsigned long flags;
spin_lock_irqsave(&phy_lock, flags);
usb_phy = __device_to_usb_phy(dev);
spin_unlock_irqrestore(&phy_lock, flags);
Reported by FlawFinder.
drivers/staging/rtl8188eu/core/rtw_sta_mgt.c
2 issues
Line: 180
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
list_del_init(&psta->list);
spin_unlock_bh(&pfree_sta_queue->lock);
_rtw_init_stainfo(psta);
memcpy(psta->hwaddr, hwaddr, ETH_ALEN);
index = wifi_mac_hash(hwaddr);
if (index >= NUM_STA)
return NULL;
phash_list = &pstapriv->sta_hash[index];
Reported by FlawFinder.
Line: 200
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
for (i = 0; i < 16; i++)
memcpy(&psta->sta_recvpriv.rxcache.tid_rxseq[i],
&wRxSeqInitialValue, 2);
init_addba_retry_timer(pstapriv->padapter, psta);
/* for A-MPDU Rx reordering buffer control */
Reported by FlawFinder.