The following issues were found
drivers/staging/rtl8192e/rtl8192e/rtl_cam.c
2 issues
Line: 74
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ieee->swcamtable[EntryNo].bused = true;
ieee->swcamtable[EntryNo].key_index = KeyIndex;
ieee->swcamtable[EntryNo].key_type = KeyType;
memcpy(ieee->swcamtable[EntryNo].macaddr, MacAddr, 6);
ieee->swcamtable[EntryNo].useDK = DefaultKey;
memcpy(ieee->swcamtable[EntryNo].key_buf, (u8 *)KeyContent, 16);
}
}
Reported by FlawFinder.
Line: 76
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ieee->swcamtable[EntryNo].key_type = KeyType;
memcpy(ieee->swcamtable[EntryNo].macaddr, MacAddr, 6);
ieee->swcamtable[EntryNo].useDK = DefaultKey;
memcpy(ieee->swcamtable[EntryNo].key_buf, (u8 *)KeyContent, 16);
}
}
void rtl92e_set_key(struct net_device *dev, u8 EntryNo, u8 KeyIndex,
u16 KeyType, const u8 *MacAddr, u8 DefaultKey,
Reported by FlawFinder.
drivers/soc/fsl/qbman/qman.c
2 issues
Line: 1295
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
qm_out(p, QM_REG_ISDR, isdr);
portal->irq_sources = 0;
qm_out(p, QM_REG_IER, 0);
snprintf(portal->irqname, MAX_IRQNAME, IRQNAME, c->cpu);
qm_out(p, QM_REG_IIR, 1);
if (request_irq(c->irq, portal_isr, 0, portal->irqname, portal)) {
dev_err(c->dev, "request_irq() failed\n");
goto fail_irq;
}
Reported by FlawFinder.
Line: 997
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
spinlock_t cgr_lock;
struct work_struct congestion_work;
struct work_struct mr_work;
char irqname[MAX_IRQNAME];
};
static cpumask_t affine_mask;
static DEFINE_SPINLOCK(affine_mask_lock);
static u16 affine_channels[NR_CPUS];
Reported by FlawFinder.
drivers/soundwire/debugfs.c
2 issues
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void sdw_bus_debugfs_init(struct sdw_bus *bus)
{
char name[16];
if (!sdw_debugfs_root)
return;
/* create the debugfs master-N */
Reported by FlawFinder.
Line: 125
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dentry *master;
struct dentry *d;
char name[32];
master = slave->bus->debugfs;
/* create the debugfs slave-name */
snprintf(name, sizeof(name), "%s", dev_name(&slave->dev));
Reported by FlawFinder.
drivers/staging/greybus/Documentation/firmware/authenticate.c
2 issues
Line: 45
Column: 7
CWE codes:
362
printf("Opening %s authentication device\n", capdev);
fd = open(capdev, O_RDWR);
if (fd < 0) {
printf("Failed to open: %s\n", capdev);
return -1;
}
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Authenticate */
printf("Authenticate module\n");
memcpy(authenticate.uid, uid.uid, 8);
ret = ioctl(fd, CAP_IOC_AUTHENTICATE, &authenticate);
if (ret < 0) {
printf("Failed to authenticate module: %s (%d)\n", capdev, ret);
ret = -1;
Reported by FlawFinder.
drivers/usb/serial/cp210x.c
2 issues
Line: 643
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
port_priv->bInterfaceNumber, dmabuf, bufsize,
USB_CTRL_SET_TIMEOUT);
if (result == bufsize) {
memcpy(buf, dmabuf, bufsize);
result = 0;
} else {
dev_err(&port->dev, "failed get req 0x%x size %d status: %d\n",
req, bufsize, result);
if (result >= 0)
Reported by FlawFinder.
Line: 684
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cp210x_interface_num(serial), dmabuf, bufsize,
USB_CTRL_GET_TIMEOUT);
if (result == bufsize) {
memcpy(buf, dmabuf, bufsize);
result = 0;
} else {
dev_err(&serial->interface->dev,
"failed to get vendor val 0x%04x size %d: %d\n", val,
bufsize, result);
Reported by FlawFinder.
drivers/usb/gadget/udc/tegra-xudc.c
2 issues
Line: 401
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tegra_xudc *xudc;
struct usb_ep usb_ep;
unsigned int index;
char name[8];
struct tegra_xudc_ep_context *context;
#define XUDC_TRANSFER_RING_SIZE 64
struct tegra_xudc_trb *transfer_ring;
Reported by FlawFinder.
Line: 2613
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* the last one once the controller reports a sequence
* number error.
*/
memcpy(&xudc->setup_packet.ctrl_req, ctrl, sizeof(*ctrl));
xudc->setup_packet.seq_num = seq_num;
xudc->queued_setup_packet = true;
} else {
tegra_xudc_handle_ep0_setup_packet(xudc, ctrl, seq_num);
}
Reported by FlawFinder.
drivers/target/tcm_fc/tfc_io.c
2 issues
Line: 146
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
from += offset_in_page(mem_off);
tlen = min(tlen, (size_t)(PAGE_SIZE -
offset_in_page(mem_off)));
memcpy(to, from, tlen);
kunmap_atomic(page_addr);
to += tlen;
}
mem_off += tlen;
Reported by FlawFinder.
Line: 305
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
to += offset_in_page(mem_off);
tlen = min(tlen, (size_t)(PAGE_SIZE -
offset_in_page(mem_off)));
memcpy(to, from, tlen);
kunmap_atomic(page_addr);
from += tlen;
frame_len -= tlen;
mem_off += tlen;
Reported by FlawFinder.
drivers/usb/dwc3/ulpi.c
2 issues
Line: 24
Column: 63
CWE codes:
120
20
#define DWC3_ULPI_BASE_DELAY DIV_ROUND_UP(NSEC_PER_SEC, 60000000L)
static int dwc3_ulpi_busyloop(struct dwc3 *dwc, u8 addr, bool read)
{
unsigned long ns = 5L * DWC3_ULPI_BASE_DELAY;
unsigned int count = 10000;
u32 reg;
Reported by FlawFinder.
Line: 33
Column: 6
CWE codes:
120
20
if (addr >= ULPI_EXT_VENDOR_SPECIFIC)
ns += DWC3_ULPI_BASE_DELAY;
if (read)
ns += DWC3_ULPI_BASE_DELAY;
reg = dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0));
if (reg & DWC3_GUSB2PHYCFG_SUSPHY)
usleep_range(1000, 1200);
Reported by FlawFinder.
drivers/scsi/scsi.c
2 issues
Line: 305
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 page, unsigned len)
{
int result;
unsigned char cmd[16];
if (len < 4)
return -EINVAL;
cmd[0] = INQUIRY;
Reported by FlawFinder.
Line: 486
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int scsi_report_opcode(struct scsi_device *sdev, unsigned char *buffer,
unsigned int len, unsigned char opcode)
{
unsigned char cmd[16];
struct scsi_sense_hdr sshdr;
int result;
if (sdev->no_report_opcodes || sdev->scsi_level < SCSI_SPC_3)
return -EINVAL;
Reported by FlawFinder.
drivers/tee/amdtee/core.c
2 issues
Line: 175
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t *ta_size)
{
const struct firmware *fw;
char fw_name[TA_PATH_MAX];
struct {
u32 lo;
u16 mid;
u16 hi_ver;
u8 seq_n[8];
Reported by FlawFinder.
Line: 213
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto rel_fw;
}
memcpy(*ta, fw->data, fw->size);
rel_fw:
release_firmware(fw);
unlock:
mutex_unlock(&drv_mutex);
return rc;
Reported by FlawFinder.