The following issues were found
drivers/scsi/a100u2w.c
2 issues
Line: 900
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
scb->tag_msg = 0; /* No tag support */
}
memcpy(scb->cdb, cmd->cmnd, scb->cdb_len);
return 0;
}
/**
* inia100_queue_lck - queue command with host
Reported by FlawFinder.
Line: 1040
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (scb->tastat == 2) { /* Check condition */
memcpy((unsigned char *) &cmd->sense_buffer[0],
(unsigned char *) &escb->sglist[0], SENSE_SIZE);
}
cmd->result = scb->tastat | (scb->hastat << 16);
scsi_dma_unmap(cmd);
cmd->scsi_done(cmd); /* Notify system DONE */
Reported by FlawFinder.
drivers/scsi/a2091.c
2 issues
Line: 76
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dir_in) {
/* copy to bounce buffer for a write */
memcpy(wh->dma_bounce_buffer, cmd->SCp.ptr,
cmd->SCp.this_residual);
}
}
/* setup dma direction */
Reported by FlawFinder.
Line: 142
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy from a bounce buffer, if necessary */
if (status && wh->dma_bounce_buffer) {
if (wh->dma_dir)
memcpy(SCpnt->SCp.ptr, wh->dma_bounce_buffer,
SCpnt->SCp.this_residual);
kfree(wh->dma_bounce_buffer);
wh->dma_bounce_buffer = NULL;
wh->dma_bounce_len = 0;
}
Reported by FlawFinder.
drivers/scsi/a3000.c
2 issues
Line: 73
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dir_in) {
/* copy to bounce buffer for a write */
memcpy(wh->dma_bounce_buffer, cmd->SCp.ptr,
cmd->SCp.this_residual);
}
addr = virt_to_bus(wh->dma_bounce_buffer);
}
Reported by FlawFinder.
Line: 152
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (status && wh->dma_bounce_buffer) {
if (SCpnt) {
if (wh->dma_dir && SCpnt)
memcpy(SCpnt->SCp.ptr, wh->dma_bounce_buffer,
SCpnt->SCp.this_residual);
kfree(wh->dma_bounce_buffer);
wh->dma_bounce_buffer = NULL;
wh->dma_bounce_len = 0;
} else {
Reported by FlawFinder.
drivers/scsi/aacraid/commctrl.c
2 issues
Line: 101
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fibptr->hw_fib_va = kfib;
fibptr->hw_fib_pa = daddr;
memset(((char *)kfib) + dev->max_fib_size, 0, size - dev->max_fib_size);
memcpy(kfib, hw_fib, dev->max_fib_size);
}
if (copy_from_user(kfib, arg, size)) {
retval = -EFAULT;
goto cleanup;
Reported by FlawFinder.
Line: 965
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
reply.data_xfer_length = byte_count -
le32_to_cpu(err->residual_count);
reply.sense_data_size = err->sense_response_data_len;
memcpy(reply.sense_data, err->sense_response_buf,
AAC_SENSE_BUFFERSIZE);
}
if (copy_to_user(user_reply, &reply,
sizeof(struct aac_srb_reply))) {
dprintk((KERN_DEBUG"aacraid: Copy to user failed\n"));
Reported by FlawFinder.
drivers/scsi/aacraid/dpcsup.c
2 issues
Line: 296
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dev->sa_firmware) {
fib->hbacmd_size = index; /* store event type */
} else if (aif_fib != NULL) {
memcpy(hw_fib, aif_fib, sizeof(struct hw_fib));
} else {
memcpy(hw_fib, (struct hw_fib *)
(((uintptr_t)(dev->regs.sa)) + index),
sizeof(struct hw_fib));
}
Reported by FlawFinder.
Line: 298
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (aif_fib != NULL) {
memcpy(hw_fib, aif_fib, sizeof(struct hw_fib));
} else {
memcpy(hw_fib, (struct hw_fib *)
(((uintptr_t)(dev->regs.sa)) + index),
sizeof(struct hw_fib));
}
INIT_LIST_HEAD(&fib->fiblink);
fib->type = FSAFS_NTC_FIB_CONTEXT;
Reported by FlawFinder.
drivers/scsi/aacraid/linit.c
2 issues
Line: 563
Column: 10
CWE codes:
134
Suggestion:
Use a constant for the format specification
struct scsi_device *sdev = to_scsi_device(dev);
struct aac_dev *aac = (struct aac_dev *)(sdev->host->hostdata);
if (sdev_channel(sdev) != CONTAINER_CHANNEL)
return snprintf(buf, PAGE_SIZE, sdev->no_uld_attach
? "Hidden\n" :
((aac->jbod && (sdev->type == TYPE_DISK)) ? "JBOD\n" : ""));
return snprintf(buf, PAGE_SIZE, "%s\n",
get_container_type(aac->fsa_dev[sdev_id(sdev)].type));
}
Reported by FlawFinder.
Line: 583
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct scsi_device *sdev = to_scsi_device(dev);
struct aac_dev *aac = (struct aac_dev *)(sdev->host->hostdata);
unsigned char sn[16];
memset(sn, 0, sizeof(sn));
if (sdev_channel(sdev) == CONTAINER_CHANNEL)
memcpy(sn, aac->fsa_dev[sdev_id(sdev)].identifier, sizeof(sn));
Reported by FlawFinder.
drivers/scsi/aha1542.c
2 issues
Line: 386
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* we will still have it in the cdb when we come back
*/
if (ccb[mbo].tarstat == 2)
memcpy(tmp_cmd->sense_buffer, &ccb[mbo].cdb[ccb[mbo].cdblen],
SCSI_SENSE_BUFFERSIZE);
/* is there mail :-) */
Reported by FlawFinder.
Line: 505
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else if (*cmd->cmnd == WRITE_10 || *cmd->cmnd == WRITE_6)
direction = 16;
memcpy(ccb[mbo].cdb, cmd->cmnd, ccb[mbo].cdblen);
ccb[mbo].op = 0; /* SCSI Initiator Command */
any2scsi(ccb[mbo].datalen, bufflen);
if (bufflen)
any2scsi(ccb[mbo].dataptr, acmd->data_buffer_handle);
else
Reported by FlawFinder.
drivers/scsi/aic7xxx/aic7770_osm.c
2 issues
Line: 83
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct eisa_device *edev = to_eisa_device(dev);
u_int eisaBase = edev->base_addr+AHC_EISA_SLOT_OFFSET;
struct ahc_softc *ahc;
char buf[80];
char *name;
int error;
sprintf(buf, "ahc_eisa:%d", eisaBase >> 12);
name = kstrdup(buf, GFP_ATOMIC);
Reported by FlawFinder.
Line: 87
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char *name;
int error;
sprintf(buf, "ahc_eisa:%d", eisaBase >> 12);
name = kstrdup(buf, GFP_ATOMIC);
if (name == NULL)
return (ENOMEM);
ahc = ahc_alloc(&aic7xxx_driver_template, name);
if (ahc == NULL)
Reported by FlawFinder.
drivers/scsi/aic7xxx/aic79xx_osm_pci.c
2 issues
Line: 139
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
ahd_linux_pci_dev_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
{
char buf[80];
struct ahd_softc *ahd;
ahd_dev_softc_t pci;
const struct ahd_pci_identity *entry;
char *name;
int error;
Reported by FlawFinder.
Line: 157
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* set it up for attachment by our
* common detect routine.
*/
sprintf(buf, "ahd_pci:%d:%d:%d",
ahd_get_pci_bus(pci),
ahd_get_pci_slot(pci),
ahd_get_pci_function(pci));
name = kstrdup(buf, GFP_ATOMIC);
if (name == NULL)
Reported by FlawFinder.
drivers/scsi/aic7xxx/aic7xxx_osm_pci.c
2 issues
Line: 181
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
ahc_linux_pci_dev_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
{
char buf[80];
const uint64_t mask_39bit = 0x7FFFFFFFFFULL;
struct ahc_softc *ahc;
ahc_dev_softc_t pci;
const struct ahc_pci_identity *entry;
char *name;
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* set it up for attachment by our
* common detect routine.
*/
sprintf(buf, "ahc_pci:%d:%d:%d",
ahc_get_pci_bus(pci),
ahc_get_pci_slot(pci),
ahc_get_pci_function(pci));
name = kstrdup(buf, GFP_ATOMIC);
if (name == NULL)
Reported by FlawFinder.