The following issues were found
drivers/net/wireless/mediatek/mt76/mt76x02_usb_mcu.c
2 issues
Line: 241
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
FIELD_PREP(MT_MCU_MSG_LEN, len) |
MT_MCU_MSG_TYPE_CMD);
memcpy(data, &info, sizeof(info));
memcpy(data + sizeof(info), fw_data, len);
memset(data + sizeof(info) + len, 0, 4);
mt76u_single_wr(&dev->mt76, MT_VEND_WRITE_FCE,
MT_FCE_DMA_ADDR, dst_addr);
Reported by FlawFinder.
Line: 242
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MT_MCU_MSG_TYPE_CMD);
memcpy(data, &info, sizeof(info));
memcpy(data + sizeof(info), fw_data, len);
memset(data + sizeof(info) + len, 0, 4);
mt76u_single_wr(&dev->mt76, MT_VEND_WRITE_FCE,
MT_FCE_DMA_ADDR, dst_addr);
len = roundup(len, 4);
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt76x2/usb_mcu.c
2 issues
Line: 37
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
0x00, 0x09, 0x00,
};
memcpy(usb->data, data, sizeof(data));
mt76u_vendor_request(&dev->mt76, MT_VEND_DEV_MODE,
USB_DIR_OUT | USB_TYPE_CLASS,
0x12, 0, usb->data, sizeof(data));
}
Reported by FlawFinder.
Line: 51
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
0x07, 0x01, 0x00, 0x04
};
memcpy(usb->data, data, sizeof(data));
mt76u_vendor_request(&dev->mt76, MT_VEND_DEV_MODE,
USB_DIR_OUT | USB_TYPE_CLASS,
0x12, 0, usb->data, sizeof(data));
}
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt7915/init.c
2 issues
Line: 57
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return temperature;
/* display in millidegree celcius */
return sprintf(buf, "%u\n", temperature * 1000);
}
static SENSOR_DEVICE_ATTR(temp1_input, 0444, mt7915_thermal_show_temp,
NULL, 0);
Reported by FlawFinder.
Line: 359
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mt7915_eeprom_parse_band_config(phy);
mt7915_init_wiphy(mphy->hw);
memcpy(mphy->macaddr, dev->mt76.eeprom.data + MT_EE_MAC_ADDR2,
ETH_ALEN);
mt76_eeprom_override(mphy);
ret = mt7915_init_tx_queues(phy, MT7915_TXQ_BAND1,
MT7915_TX_RING_SIZE);
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt7921/mac.c
2 issues
Line: 206
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 ltf_size = le32_get_bits(rxv[2], MT_CRXV_HE_LTF_SIZE) + 1;
he = skb_push(skb, sizeof(known));
memcpy(he, &known, sizeof(known));
he->data3 = HE_PREP(DATA3_BSS_COLOR, BSS_COLOR, rxv[14]) |
HE_PREP(DATA3_LDPC_XSYMSEG, LDPC_EXT_SYM, rxv[2]);
he->data5 = HE_PREP(DATA5_PE_DISAMBIG, PE_DISAMBIG, rxv[2]) |
le16_encode_bits(ltf_size,
Reported by FlawFinder.
Line: 1571
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
}
memcpy(data, skb->data, skb->len);
data += skb->len;
dev_kfree_skb(skb);
}
Reported by FlawFinder.
drivers/net/wireless/quantenna/qtnfmac/qlink_util.h
2 issues
Line: 28
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr = skb_put(skb, sizeof(*hdr) + round_up(arr_len, QLINK_ALIGN));
hdr->type = cpu_to_le16(tlv_id);
hdr->len = cpu_to_le16(arr_len);
memcpy(hdr->val, arr, arr_len);
}
static inline void qtnf_cmd_skb_put_tlv_u32(struct sk_buff *skb,
u16 tlv_id, u32 value)
{
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->type = cpu_to_le16(tlv_id);
hdr->len = cpu_to_le16(sizeof(value));
memcpy(hdr->val, &tmp, sizeof(tmp));
}
u16 qlink_iface_type_to_nl_mask(u16 qlink_type);
u8 qlink_chan_width_mask_to_nl(u16 qlink_mask);
void qlink_chandef_q2cfg(struct wiphy *wiphy,
Reported by FlawFinder.
drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
2 issues
Line: 1051
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rt2x00dev->bands[NL80211_BAND_2GHZ].bitrates = rates;
hw->wiphy->bands[NL80211_BAND_2GHZ] =
&rt2x00dev->bands[NL80211_BAND_2GHZ];
memcpy(&rt2x00dev->bands[NL80211_BAND_2GHZ].ht_cap,
&spec->ht, sizeof(spec->ht));
}
/*
* Intitialize 802.11a
Reported by FlawFinder.
Line: 1069
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rt2x00dev->bands[NL80211_BAND_5GHZ].bitrates = &rates[4];
hw->wiphy->bands[NL80211_BAND_5GHZ] =
&rt2x00dev->bands[NL80211_BAND_5GHZ];
memcpy(&rt2x00dev->bands[NL80211_BAND_5GHZ].ht_cap,
&spec->ht, sizeof(spec->ht));
}
return 0;
Reported by FlawFinder.
drivers/net/wireless/ralink/rt2x00/rt2x00mac.c
2 issues
Line: 506
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (crypto.cipher == CIPHER_TKIP)
memcpy_tkip(&crypto, &key->key[0], key->keylen);
else
memcpy(crypto.key, &key->key[0], key->keylen);
/*
* Each BSS has a maximum of 4 shared keys.
* Shared key index values:
* 0) BSS0 key0
* 1) BSS0 key1
Reported by FlawFinder.
Line: 568
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* dot11RTSSuccessCount are updated in interrupt time.
* dot11FCSErrorCount is updated in the link tuner.
*/
memcpy(stats, &rt2x00dev->low_level_stats, sizeof(*stats));
return 0;
}
EXPORT_SYMBOL_GPL(rt2x00mac_get_stats);
Reported by FlawFinder.
drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
2 issues
Line: 589
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* sending BARs and processing the according BlockAck should be
* the exception.
*/
memcpy(bar_entry->ra, bar->ra, sizeof(bar->ra));
memcpy(bar_entry->ta, bar->ta, sizeof(bar->ta));
bar_entry->control = bar->control;
bar_entry->start_seq_num = bar->start_seq_num;
/*
Reported by FlawFinder.
Line: 590
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* the exception.
*/
memcpy(bar_entry->ra, bar->ra, sizeof(bar->ra));
memcpy(bar_entry->ta, bar->ta, sizeof(bar->ta));
bar_entry->control = bar->control;
bar_entry->start_seq_num = bar->start_seq_num;
/*
* Insert BAR into our BAR check list.
Reported by FlawFinder.
drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
2 issues
Line: 98
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (requesttype == USB_VENDOR_REQUEST_OUT)
memcpy(rt2x00dev->csr.cache, buffer, buffer_length);
status = rt2x00usb_vendor_request(rt2x00dev, request, requesttype,
offset, 0, rt2x00dev->csr.cache,
buffer_length, timeout);
Reported by FlawFinder.
Line: 105
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buffer_length, timeout);
if (!status && requesttype == USB_VENDOR_REQUEST_IN)
memcpy(buffer, rt2x00dev->csr.cache, buffer_length);
return status;
}
EXPORT_SYMBOL_GPL(rt2x00usb_vendor_req_buff_lock);
Reported by FlawFinder.
drivers/net/wireless/ralink/rt2x00/rt73usb.c
2 issues
Line: 400
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Send the address and cipher type to the hardware register.
*/
memset(&addr_entry, 0, sizeof(addr_entry));
memcpy(&addr_entry, crypto->address, ETH_ALEN);
addr_entry.cipher = crypto->cipher;
reg = PAIRWISE_TA_ENTRY(key->hw_key_idx);
rt2x00usb_register_multiwrite(rt2x00dev, reg,
&addr_entry, sizeof(addr_entry));
Reported by FlawFinder.
Line: 1680
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Copy descriptor to the skbdesc->desc buffer, making it safe from moving of
* frame data in rt2x00usb.
*/
memcpy(skbdesc->desc, rxd, skbdesc->desc_len);
rxd = (__le32 *)skbdesc->desc;
/*
* It is now safe to read the descriptor on all architectures.
*/
Reported by FlawFinder.