The following issues were found
drivers/scsi/esas2r/esas2r_io.c
1 issues
Line: 244
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Copy the last SGE filled in to the first entry of
* the new SGL to make room for the chain entry.
*/
memcpy(sgl->virt_addr, sgc->sge.a64.last, sgelen);
/* Figure out the new curr pointer in the new segment */
sgc->sge.a64.curr =
(struct atto_vda_sge *)((u8 *)sgl->virt_addr +
sgelen);
Reported by FlawFinder.
drivers/net/wireless/realtek/rtw88/rtw8723d.c
1 issues
Line: 2557
};
static const struct rtw_prioq_addrs prioq_addrs_8723d = {
.prio[RTW_DMA_MAPPING_EXTRA] = {
.rsvd = REG_RQPN_NPQ + 2, .avail = REG_RQPN_NPQ + 3,
},
.prio[RTW_DMA_MAPPING_LOW] = {
.rsvd = REG_RQPN + 1, .avail = REG_FIFOPAGE_CTRL_2 + 1,
},
Reported by Cppcheck.
drivers/net/wireless/realtek/rtw88/phy.c
1 issues
Line: 789
CWE codes:
788
}
}
} else {
if (db_invert_table[i][j] - linear >
linear - db_invert_table[i][j - 1]) {
j = j - 1;
}
}
end:
Reported by Cppcheck.
drivers/net/wireless/realtek/rtw88/pci.c
1 issues
Line: 1124
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
skb_pull(new, pkt_offset);
rtw_rx_stats(rtwdev, pkt_stat.vif, new);
memcpy(new->cb, &rx_status, sizeof(rx_status));
ieee80211_rx_napi(rtwdev->hw, NULL, new, napi);
rx_done++;
}
next_rp:
Reported by FlawFinder.
drivers/scsi/esas2r/esas2r_targdb.c
1 issues
Line: 212
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
t->phys_targ_id = dc->curr_phys_id;
t->identifier_len = ident_len;
memcpy(t->identifier, ident, ident_len);
t->flags |= TF_PASS_THRU | TF_USED;
t->target_state = TS_PRESENT;
Reported by FlawFinder.
drivers/net/wireless/realtek/rtw88/main.h
1 issues
Line: 802
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct rtw_regulatory {
char alpha2[2];
u8 chplan;
u8 txpwr_regd;
};
struct rtw_chip_ops {
Reported by FlawFinder.
drivers/scsi/lpfc/lpfc_debugfs.h
1 issues
Line: 334
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void
lpfc_debug_dump_qe(struct lpfc_queue *q, uint32_t idx)
{
char line_buf[LPFC_LBUF_SZ];
int i, esize, qe_word_cnt, len;
uint32_t *pword;
/* sanity checks */
if (!q)
Reported by FlawFinder.
drivers/net/wireless/realtek/rtw88/mac.c
1 issues
Line: 823
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (remain_size) {
memcpy(&remain_data, ptr, remain_size);
rtw_write32(rtwdev, write_addr, le32_to_cpu(remain_data));
}
}
static int
Reported by FlawFinder.
drivers/net/wireless/realtek/rtlwifi/wifi.h
1 issues
Line: 2495
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rtl_debug {
/* add for debug */
struct dentry *debugfs_dir;
char debugfs_name[20];
};
#define MIMO_PS_STATIC 0
#define MIMO_PS_DYNAMIC 1
#define MIMO_PS_NOLIMIT 3
Reported by FlawFinder.
drivers/net/wireless/realtek/rtlwifi/rtl8723be/trx.c
1 issues
Line: 210
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
type = WLAN_FC_GET_TYPE(hdr->frame_control);
praddr = hdr->addr1;
psaddr = ieee80211_get_SA(hdr);
memcpy(pstatus->psaddr, psaddr, ETH_ALEN);
packet_matchbssid = ((IEEE80211_FTYPE_CTL != type) &&
(ether_addr_equal(mac->bssid, (fc & IEEE80211_FCTL_TODS) ?
hdr->addr1 : (fc & IEEE80211_FCTL_FROMDS) ?
hdr->addr2 : hdr->addr3)) &&
Reported by FlawFinder.