The following issues were found
drivers/net/wireless/ti/wlcore/tx.c
1 issues
Line: 429
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
total_len = wlcore_calc_packet_alignment(wl, skb->len);
memcpy(wl->aggr_buf + buf_offset, skb->data, skb->len);
memset(wl->aggr_buf + buf_offset + skb->len, 0, total_len - skb->len);
/* Revert side effects in the dummy packet skb, so it can be reused */
if (is_dummy)
skb_pull(skb, sizeof(struct wl1271_tx_hw_descr));
Reported by FlawFinder.
drivers/scsi/cxlflash/ocxl_hw.c
1 issues
Line: 1226
Column: 14
CWE codes:
120
20
/* Patch the file ops that are not defined */
if (fops) {
PATCH_FOPS(poll);
PATCH_FOPS(read);
PATCH_FOPS(release);
PATCH_FOPS(mmap);
} else /* Use default ops */
fops = (struct file_operations *)&ocxl_afu_fops;
Reported by FlawFinder.
drivers/net/wireless/ti/wlcore/sysfs.c
1 issues
Line: 119
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Seeking is not supported - old logs are not kept. Disregard pos. */
len = min_t(size_t, count, wl->fwlog_size);
wl->fwlog_size -= len;
memcpy(buffer, wl->fwlog, len);
/* Make room for new messages */
memmove(wl->fwlog, wl->fwlog + len, wl->fwlog_size);
mutex_unlock(&wl->mutex);
Reported by FlawFinder.
drivers/scsi/cxlflash/superpipe.c
1 issues
Line: 2100
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device *dev = &cfg->dev->dev;
struct afu *afu = cfg->afu;
struct dk_cxlflash_hdr *hdr;
char buf[sizeof(union cxlflash_ioctls)];
size_t size = 0;
bool known_ioctl = false;
int idx;
int rc = 0;
struct Scsi_Host *shost = sdev->host;
Reported by FlawFinder.
drivers/net/wireless/ti/wlcore/io.h
1 issues
Line: 73
Column: 20
CWE codes:
120
20
addr != HW_ACCESS_ELP_CTRL_REG)))
return -EIO;
ret = wl->if_ops->read(wl->dev, addr, buf, len, fixed);
if (ret && wl->state != WLCORE_STATE_OFF)
set_bit(WL1271_FLAG_IO_FAILED, &wl->flags);
return ret;
}
Reported by FlawFinder.
drivers/net/wireless/ti/wlcore/io.c
1 issues
Line: 129
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int ret;
/* copy partition info */
memcpy(&wl->curr_part, p, sizeof(*p));
wl1271_debug(DEBUG_IO, "mem_start %08X mem_size %08X",
p->mem.start, p->mem.size);
wl1271_debug(DEBUG_IO, "reg_start %08X reg_size %08X",
p->reg.start, p->reg.size);
Reported by FlawFinder.
drivers/net/wireless/ti/wl18xx/wl18xx.h
1 issues
Line: 161
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define WL18XX_PHY_VERSION_MAX_LEN 20
struct wl18xx_static_data_priv {
char phy_version[WL18XX_PHY_VERSION_MAX_LEN];
};
struct wl18xx_clk_cfg {
u32 n;
u32 m;
Reported by FlawFinder.
drivers/net/wireless/ti/wl18xx/scan.c
1 issues
Line: 94
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (req->n_ssids) {
cmd->ssid_len = req->ssids[0].ssid_len;
memcpy(cmd->ssid, req->ssids[0].ssid, cmd->ssid_len);
}
/* TODO: per-band ies? */
if (cmd->active[0]) {
u8 band = NL80211_BAND_2GHZ;
Reported by FlawFinder.
drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info.c
1 issues
Line: 58
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
dram->size = len;
memcpy(dram->block, data, len);
return 0;
}
void iwl_pcie_ctxt_info_free_paging(struct iwl_trans *trans)
Reported by FlawFinder.
drivers/net/wireless/ti/wl18xx/cmd.c
1 issues
Line: 147
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
cmd->group_id = cpu_to_le32(group_id);
memcpy(cmd->key, key, key_len);
ret = wl1271_cmd_send(wl, CMD_SMART_CONFIG_SET_GROUP_KEY, cmd,
sizeof(*cmd), 0);
if (ret < 0) {
wl1271_error("failed to send smart config set group key cmd");
Reported by FlawFinder.