The following issues were found
drivers/scsi/isci/port.c
2 issues
Line: 206
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
attached_sas_address |= properties.remote.sas_address.low;
swab64s(&attached_sas_address);
memcpy(&iphy->sas_phy.attached_sas_addr,
&attached_sas_address, sizeof(attached_sas_address));
} else if (iphy->protocol == SAS_PROTOCOL_SSP) {
iphy->sas_phy.oob_mode = SAS_OOB_MODE;
iphy->sas_phy.frame_rcvd_size = sizeof(struct sas_identify_frame);
Reported by FlawFinder.
Line: 213
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iphy->sas_phy.frame_rcvd_size = sizeof(struct sas_identify_frame);
/* Copy the attached SAS address from the IAF */
memcpy(iphy->sas_phy.attached_sas_addr,
iphy->frame_rcvd.iaf.sas_addr, SAS_ADDR_SIZE);
} else {
dev_err(&isci_host->pdev->dev, "%s: unknown target\n", __func__);
success = false;
}
Reported by FlawFinder.
drivers/scsi/isci/task.c
2 issues
Line: 712
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tmf->status = completion_status;
if (tmf->proto == SAS_PROTOCOL_SSP) {
memcpy(tmf->resp.rsp_buf,
ireq->ssp.rsp_buf,
SSP_RESP_IU_MAX_SIZE);
} else if (tmf->proto == SAS_PROTOCOL_SATA) {
memcpy(&tmf->resp.d2h_fis,
&ireq->stp.rsp,
Reported by FlawFinder.
Line: 716
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ireq->ssp.rsp_buf,
SSP_RESP_IU_MAX_SIZE);
} else if (tmf->proto == SAS_PROTOCOL_SATA) {
memcpy(&tmf->resp.d2h_fis,
&ireq->stp.rsp,
sizeof(struct dev_to_host_fis));
}
/* PRINT_TMF( ((struct isci_tmf *)request->task)); */
tmf_complete = tmf->complete;
Reported by FlawFinder.
drivers/scsi/libfc/fc_disc.c
2 issues
Line: 409
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (plen > len)
plen = len;
np = &disc->partial_buf;
memcpy((char *)np + tlen, bp, plen);
/*
* Set bp so that the loop below will advance it to the
* first valid full name element.
*/
Reported by FlawFinder.
Line: 466
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (np != &disc->partial_buf) {
FC_DISC_DBG(disc, "Partial buffer remains "
"for discovery\n");
memcpy(&disc->partial_buf, np, len);
}
disc->buf_len = (unsigned char) len;
}
return error;
}
Reported by FlawFinder.
drivers/scsi/libiscsi_tcp.c
2 issues
Line: 307
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy = min(len - copied, segment->size - segment->copied);
ISCSI_DBG_TCP(tcp_conn->iscsi_conn, "copying %d\n", copy);
memcpy(segment->data + segment->copied, ptr + copied, copy);
copied += copy;
}
return copied;
}
Reported by FlawFinder.
Line: 315
Column: 33
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
inline void
iscsi_tcp_dgst_header(struct ahash_request *hash, const void *hdr,
size_t hdrlen, unsigned char digest[ISCSI_DIGEST_SIZE])
{
struct scatterlist sg;
sg_init_one(&sg, hdr, hdrlen);
ahash_request_set_crypt(hash, &sg, digest, hdrlen);
Reported by FlawFinder.
drivers/scsi/libsas/sas_port.c
2 issues
Line: 126
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock(&port->phy_list_lock);
if (*(u64 *)port->sas_addr == 0
&& port->num_phys == 0) {
memcpy(port->sas_addr, phy->sas_addr,
SAS_ADDR_SIZE);
break;
}
spin_unlock(&port->phy_list_lock);
}
Reported by FlawFinder.
Line: 150
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (*(u64 *)port->attached_sas_addr == 0) {
port->class = phy->class;
memcpy(port->attached_sas_addr, phy->attached_sas_addr,
SAS_ADDR_SIZE);
port->iproto = phy->iproto;
port->tproto = phy->tproto;
port->oob_mode = phy->oob_mode;
port->linkrate = phy->linkrate;
Reported by FlawFinder.
drivers/scsi/libsas/sas_scsi_host.c
2 issues
Line: 86
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hs = DID_ABORT;
break;
case SAM_STAT_CHECK_CONDITION:
memcpy(sc->sense_buffer, ts->buf,
min(SCSI_SENSE_BUFFERSIZE, ts->buf_valid_size));
stat = SAM_STAT_CHECK_CONDITION;
break;
default:
stat = ts->stat;
Reported by FlawFinder.
Line: 149
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
task->ssp_task.retry_count = 1;
int_to_scsilun(cmd->device->lun, &lun);
memcpy(task->ssp_task.LUN, &lun.scsi_lun, 8);
task->ssp_task.task_attr = TASK_ATTR_SIMPLE;
task->ssp_task.cmd = cmd;
task->scatter = scsi_sglist(cmd);
task->num_scatter = scsi_sg_count(cmd);
Reported by FlawFinder.
drivers/power/supply/generic-adc-battery.c
1 issues
Line: 278
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto first_mem_fail;
}
memcpy(properties, gab_props, sizeof(gab_props));
/*
* getting channel from iio and copying the battery properties
* based on the channel supported by consumer device.
*/
Reported by FlawFinder.
drivers/net/wireless/ralink/rt2x00/rt2x00debug.h
1 issues
Line: 30
Column: 11
CWE codes:
120
20
#define RT2X00DEBUGFS_REGISTER_ENTRY(__name, __type) \
struct reg##__name { \
__type (*read)(struct rt2x00_dev *rt2x00dev, \
const unsigned int word); \
void (*write)(struct rt2x00_dev *rt2x00dev, \
const unsigned int word, __type data); \
\
unsigned int flags; \
Reported by FlawFinder.
drivers/power/supply/da9030_battery.c
1 issues
Line: 451
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int da9030_battery_charger_init(struct da9030_charger *charger)
{
char v[5];
int ret;
v[0] = v[1] = charger->thresholds.vbat_low;
v[2] = charger->thresholds.tbat_high;
v[3] = charger->thresholds.tbat_restart;
Reported by FlawFinder.
drivers/power/supply/cpcap-charger.c
1 issues
Line: 825
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int cpcap_charger_init_iio(struct cpcap_charger_ddata *ddata)
{
const char * const names[CPCAP_CHARGER_IIO_NR] = {
"battdetb", "battp", "vbus", "chg_isense", "batti",
};
int error, i;
for (i = 0; i < CPCAP_CHARGER_IIO_NR; i++) {
Reported by FlawFinder.