The following issues were found
drivers/scsi/dpti.h
2 issues
Line: 213
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 initialized;
u8 in_use; /* is the management node open*/
char name[32];
char detail[55];
void __iomem *base_addr_virt;
void __iomem *msg_addr_virt;
ulong base_addr_phys;
Reported by FlawFinder.
Line: 214
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 in_use; /* is the management node open*/
char name[32];
char detail[55];
void __iomem *base_addr_virt;
void __iomem *msg_addr_virt;
ulong base_addr_phys;
void __iomem *post_port;
Reported by FlawFinder.
drivers/scsi/elx/efct/efct_driver.c
2 issues
Line: 101
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efct->efcport = efc;
memcpy(&efc->tt, tt, sizeof(*tt));
efc->base = efct;
efc->pci = efct->pci;
efc->def_wwnn = efct_get_wwnn(&efct->hw);
efc->def_wwpn = efct_get_wwpn(&efct->hw);
Reported by FlawFinder.
Line: 274
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
xfer_size = bytes_left;
memcpy(dma.virt, buf + offset, xfer_size);
if (bytes_left == xfer_size)
last = 1;
efct_hw_firmware_write(&efct->hw, &dma, xfer_size, offset,
Reported by FlawFinder.
drivers/scsi/elx/efct/efct_unsol.c
2 issues
Line: 12
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define frame_printf(efct, hdr, fmt, ...) \
do { \
char s_id_text[16]; \
efc_node_fcid_display(ntoh24((hdr)->fh_s_id), \
s_id_text, sizeof(s_id_text)); \
efc_log_debug(efct, "[%06x.%s] %02x/%04x/%04x: " fmt, \
ntoh24((hdr)->fh_d_id), s_id_text, \
(hdr)->fh_r_ctl, be16_to_cpu((hdr)->fh_ox_id), \
Reported by FlawFinder.
Line: 287
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy the payload in */
memcpy(ctx->payload.virt, payload, payload_len);
/* Send */
rc = efct_hw_send_frame(&efct->hw, (void *)&hdr, FC_SOF_N3,
FC_EOF_T, &ctx->payload, ctx,
efct_sframe_common_send_cb, ctx);
Reported by FlawFinder.
drivers/scsi/elx/libefc/efc_node.c
2 issues
Line: 187
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buffer_length > dma->size)
buffer_length = dma->size;
memcpy(dma->virt, buffer, buffer_length);
dma->len = buffer_length;
}
int
efc_node_attach(struct efc_node *node)
Reported by FlawFinder.
Line: 250
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
u32 port_id = node->rnode.fc_id;
struct efc_nport *nport = node->nport;
char portid_display[16];
efc_node_fcid_display(port_id, portid_display, sizeof(portid_display));
snprintf(node->display_name, sizeof(node->display_name), "%s.%s",
nport->display_name, portid_display);
Reported by FlawFinder.
drivers/scsi/esas2r/esas2r_init.c
2 issues
Line: 305
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
"%s-bit PCI addressing enabled\n", dma64 ? "64" : "32");
esas2r_adapters[index] = a;
sprintf(a->name, ESAS2R_DRVR_NAME "_%02d", index);
esas2r_debug("new adapter %p, name %s", a, a->name);
spin_lock_init(&a->request_lock);
spin_lock_init(&a->fw_event_lock);
mutex_init(&a->fm_api_mutex);
mutex_init(&a->fs_api_mutex);
Reported by FlawFinder.
Line: 1321
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (a->fw_version == 0)
a->fw_rev[0] = 0;
else
sprintf(a->fw_rev, "%1d.%02d",
(int)LOBYTE(HIWORD(a->fw_version)),
(int)HIBYTE(HIWORD(a->fw_version)));
esas2r_hdebug("firmware revision: %s", a->fw_rev);
Reported by FlawFinder.
drivers/scsi/esp_scsi.c
2 issues
Line: 1921
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scsi_esp_cmd(esp, ESP_CMD_TI);
} else {
/* Use DMA. */
memcpy(esp->command_block,
esp->msg_out,
esp->msg_out_len);
esp->ops->send_dma_cmd(esp,
esp->command_block_dma,
Reported by FlawFinder.
Line: 2002
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
break;
case ESP_EVENT_CMD_START:
memcpy(esp->command_block, esp->cmd_bytes_ptr,
esp->cmd_bytes_left);
esp_send_dma_cmd(esp, esp->cmd_bytes_left, 16, ESP_CMD_TI);
esp_event(esp, ESP_EVENT_CMD_DONE);
esp->flags |= ESP_FLAG_QUICKIRQ_CHECK;
break;
Reported by FlawFinder.
drivers/scsi/fnic/fnic.h
2 issues
Line: 184
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct fnic_msix_entry {
int requested;
char devname[IFNAMSIZ + 11];
irqreturn_t (*isr)(int, void *);
void *devid;
};
enum fnic_state {
Reported by FlawFinder.
Line: 228
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long stats_time; /* time of stats update */
unsigned long stats_reset_time; /* time of stats reset */
struct vnic_nic_cfg *nic_cfg;
char name[IFNAMSIZ];
struct timer_list notify_timer; /* used for MSI interrupts */
unsigned int fnic_max_tag_id;
unsigned int err_intr_offset;
unsigned int link_intr_offset;
Reported by FlawFinder.
drivers/scsi/fnic/fnic_main.c
2 issues
Line: 872
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
fc_host_maxframe_size(lp->host) = lp->mfs;
fc_host_dev_loss_tmo(lp->host) = fnic->config.port_down_timeout / 1000;
sprintf(fc_host_symbolic_name(lp->host),
DRV_NAME " v" DRV_VERSION " over %s", fnic->name);
spin_lock_irqsave(&fnic_list_lock, flags);
list_add_tail(&fnic->list, &fnic_list);
spin_unlock_irqrestore(&fnic_list_lock, flags);
Reported by FlawFinder.
Line: 687
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err_out_dev_close;
}
/* set data_src for point-to-point mode and to keep it non-zero */
memcpy(fnic->data_src_addr, fnic->ctlr.ctl_src_addr, ETH_ALEN);
/* Get vNIC configuration */
err = fnic_get_vnic_config(fnic);
if (err) {
shost_printk(KERN_ERR, fnic->lport->host,
Reported by FlawFinder.
drivers/scsi/gvp11.c
2 issues
Line: 112
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dir_in) {
/* copy to bounce buffer for a write */
memcpy(wh->dma_bounce_buffer, cmd->SCp.ptr,
cmd->SCp.this_residual);
}
}
/* setup dma direction */
Reported by FlawFinder.
Line: 161
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy from a bounce buffer, if necessary */
if (status && wh->dma_bounce_buffer) {
if (wh->dma_dir && SCpnt)
memcpy(SCpnt->SCp.ptr, wh->dma_bounce_buffer,
SCpnt->SCp.this_residual);
if (wh->dma_buffer_pool == BUF_SCSI_ALLOCED)
kfree(wh->dma_bounce_buffer);
else
Reported by FlawFinder.
drivers/scsi/isci/host.c
2 issues
Line: 2536
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *frame_buffer)
{
/* XXX type safety? */
memcpy(response_buffer, frame_header, sizeof(u32));
memcpy(response_buffer + sizeof(u32),
frame_buffer,
sizeof(struct dev_to_host_fis) - sizeof(u32));
}
Reported by FlawFinder.
Line: 2538
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* XXX type safety? */
memcpy(response_buffer, frame_header, sizeof(u32));
memcpy(response_buffer + sizeof(u32),
frame_buffer,
sizeof(struct dev_to_host_fis) - sizeof(u32));
}
void sci_controller_release_frame(struct isci_host *ihost, u32 frame_index)
Reported by FlawFinder.