The following issues were found
drivers/net/wireless/st/cw1200/wsm.h
1 issues
Line: 622
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 fw_api;
u16 fw_build;
u16 fw_ver;
char fw_label[128];
u32 config[4];
};
/* ******************************************************************** */
/* WSM commands */
Reported by FlawFinder.
drivers/net/wireless/st/cw1200/main.c
1 issues
Line: 171
.ampdu_factor = IEEE80211_HT_MAX_AMPDU_8K,
.ampdu_density = IEEE80211_HT_MPDU_DENSITY_NONE,
.mcs = {
.rx_mask[0] = 0xFF,
.rx_highest = __cpu_to_le16(0x41),
.tx_params = IEEE80211_HT_MCS_TX_DEFINED,
},
},
};
Reported by Cppcheck.
drivers/net/wireless/st/cw1200/fwio.c
1 issues
Line: 211
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tx_size = block_size = min_t(size_t, firmware->size - put,
DOWNLOAD_BLOCK_SIZE);
memcpy(buf, &firmware->data[put], block_size);
if (block_size < DOWNLOAD_BLOCK_SIZE) {
memset(&buf[block_size], 0,
DOWNLOAD_BLOCK_SIZE - block_size);
tx_size = DOWNLOAD_BLOCK_SIZE;
}
Reported by FlawFinder.
drivers/net/wireless/st/cw1200/debug.c
1 issues
Line: 339
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char __user *user_buf, size_t count, loff_t *ppos)
{
struct cw1200_common *priv = file->private_data;
char buf[1];
if (!count)
return -EINVAL;
if (copy_from_user(buf, user_buf, 1))
return -EFAULT;
Reported by FlawFinder.
drivers/net/wireless/rsi/rsi_main.h
1 issues
Line: 373
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct eepromrw_info eeprom;
u32 interrupt_status;
u8 dfs_region;
char country[2];
void *rsi_dev;
struct rsi_host_intf_ops *host_intf_ops;
int (*check_hw_queue_status)(struct rsi_hw *adapter, u8 q_num);
int (*determine_event_timeout)(struct rsi_hw *adapter);
};
Reported by FlawFinder.
drivers/net/wireless/rsi/rsi_91x_main.c
1 issues
Line: 143
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
payload_offset = (extended_desc + FRAME_DESC_SZ);
skb_put(skb, pkt_len);
memcpy((skb->data), (buffer + payload_offset), skb->len);
return skb;
}
/**
Reported by FlawFinder.
drivers/net/wireless/realtek/rtw88/rtw8822c.c
1 issues
Line: 4880
};
static struct rtw_prioq_addrs prioq_addrs_8822c = {
.prio[RTW_DMA_MAPPING_EXTRA] = {
.rsvd = REG_FIFOPAGE_INFO_4, .avail = REG_FIFOPAGE_INFO_4 + 2,
},
.prio[RTW_DMA_MAPPING_LOW] = {
.rsvd = REG_FIFOPAGE_INFO_2, .avail = REG_FIFOPAGE_INFO_2 + 2,
},
Reported by Cppcheck.
drivers/net/wireless/realtek/rtw88/rtw8822b.c
1 issues
Line: 2096
};
static struct rtw_prioq_addrs prioq_addrs_8822b = {
.prio[RTW_DMA_MAPPING_EXTRA] = {
.rsvd = REG_FIFOPAGE_INFO_4, .avail = REG_FIFOPAGE_INFO_4 + 2,
},
.prio[RTW_DMA_MAPPING_LOW] = {
.rsvd = REG_FIFOPAGE_INFO_2, .avail = REG_FIFOPAGE_INFO_2 + 2,
},
Reported by Cppcheck.
drivers/net/wireless/marvell/libertas/ethtool.c
1 issues
Line: 58
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd.len = cpu_to_le16(eeprom->len);
ret = lbs_cmd_with_response(priv, CMD_802_11_EEPROM_ACCESS, &cmd);
if (!ret)
memcpy(bytes, cmd.value, eeprom->len);
out:
return ret;
}
Reported by FlawFinder.
drivers/net/wireless/realtek/rtw88/rtw8821c.c
1 issues
Line: 1542
};
static struct rtw_prioq_addrs prioq_addrs_8821c = {
.prio[RTW_DMA_MAPPING_EXTRA] = {
.rsvd = REG_FIFOPAGE_INFO_4, .avail = REG_FIFOPAGE_INFO_4 + 2,
},
.prio[RTW_DMA_MAPPING_LOW] = {
.rsvd = REG_FIFOPAGE_INFO_2, .avail = REG_FIFOPAGE_INFO_2 + 2,
},
Reported by Cppcheck.