The following issues were found
drivers/net/wireless/mediatek/mt76/mt76x02_mmio.c
1 issues
Line: 349
CWE codes:
788
int i;
for (i = 0; i < 4; i++) {
q = dev->mphy.q_tx[i];
if (!q->queued)
continue;
prev_dma_idx = dev->mt76.tx_dma_idx[i];
Reported by Cppcheck.
drivers/net/wireless/mediatek/mt76/mt76x02_eeprom.c
1 issues
Line: 52
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (field + len > dev->mt76.eeprom.size)
return -1;
memcpy(dest, dev->mt76.eeprom.data + field, len);
return 0;
}
EXPORT_SYMBOL_GPL(mt76x02_eeprom_copy);
int mt76x02_get_efuse_data(struct mt76x02_dev *dev, u16 base, void *buf,
Reported by FlawFinder.
drivers/nvmem/sunxi_sid.c
1 issues
Line: 107
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(val, &word, bytes);
return 0;
}
static int sunxi_sid_probe(struct platform_device *pdev)
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/mt76x0/eeprom.c
1 issues
Line: 345
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_info(dev->mt76.dev, "EEPROM ver:%02hhx fae:%02hhx\n",
version, fae);
memcpy(dev->mphy.macaddr, (u8 *)dev->mt76.eeprom.data + MT_EE_MAC_ADDR,
ETH_ALEN);
mt76_eeprom_override(&dev->mphy);
mt76x02_mac_setaddr(dev, dev->mphy.macaddr);
mt76x0_set_chip_cap(dev);
Reported by FlawFinder.
drivers/scsi/libfc/fc_libfc.c
1 issues
Line: 135
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
page_addr = kmap_atomic(sg_page(sg) + (off >> PAGE_SHIFT));
if (crc)
*crc = crc32(*crc, buf, sg_bytes);
memcpy((char *)page_addr + (off & ~PAGE_MASK), buf, sg_bytes);
kunmap_atomic(page_addr);
buf += sg_bytes;
*offset += sg_bytes;
remaining -= sg_bytes;
copy_len += sg_bytes;
Reported by FlawFinder.
drivers/scsi/libfc/fc_lport.c
1 issues
Line: 435
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fp = fc_frame_alloc(lport, len);
if (fp) {
dp = fc_frame_payload_get(fp, len);
memcpy(dp, pp, len);
*((__be32 *)dp) = htonl(ELS_LS_ACC << 24);
fc_fill_reply_hdr(fp, in_fp, FC_RCTL_ELS_REP, 0);
lport->tt.frame_send(lport, fp);
}
fc_frame_free(in_fp);
Reported by FlawFinder.
drivers/nvmem/stm32-romem.c
1 issues
Line: 106
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = min(bytes, (size_t)(4 - skip_bytes));
else
size = min(bytes, (size_t)4);
memcpy(&buf8[j], &val8[skip_bytes], size);
bytes -= size;
j += size;
skip_bytes = 0;
}
Reported by FlawFinder.
drivers/net/wireless/mediatek/mt76/eeprom.c
1 issues
Line: 261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mt76_dev *dev = phy->dev;
struct device_node *np;
const __be32 *val;
char name[16];
u32 mcs_rates = dev->drv->mcs_rates;
u32 ru_rates = ARRAY_SIZE(dest->ru[0]);
char band;
size_t len;
s8 max_power = 0;
Reported by FlawFinder.
drivers/nvmem/sprd-efuse.c
1 issues
Line: 314
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = sprd_efuse_raw_read(efuse, index, &data, blk_double);
if (!ret) {
data >>= blk_offset;
memcpy(val, &data, bytes);
}
clk_disable_unprepare(efuse->clk);
unlock:
Reported by FlawFinder.
drivers/nvmem/sc27xx-efuse.c
1 issues
Line: 197
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ret) {
buf >>= blk_offset;
memcpy(val, &buf, bytes);
}
return ret;
}
Reported by FlawFinder.