The following issues were found
drivers/gpu/drm/i915/display/intel_lspcon.c
1 issues
Line: 385
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
}
memcpy(&avi_if[1], frame, len);
if (!_lspcon_parade_write_infoframe_blocks(aux, avi_if)) {
DRM_DEBUG_KMS("Failed to write infoframe blocks\n");
return false;
}
Reported by FlawFinder.
drivers/gpu/drm/msm/msm_gpu.c
1 issues
Line: 363
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(state_bo->data, ptr, obj->base.size);
msm_gem_put_vaddr(&obj->base);
}
out:
state->nr_bos++;
}
Reported by FlawFinder.
drivers/input/mouse/lifebook.c
1 issues
Line: 24
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lifebook_data {
struct input_dev *dev2; /* Relative device */
char phys[32];
};
static bool lifebook_present;
static const char *desired_serio_phys;
Reported by FlawFinder.
drivers/input/mouse/logips2pp.c
1 issues
Line: 155
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t ps2pp_attr_show_smartscroll(struct psmouse *psmouse,
void *data, char *buf)
{
return sprintf(buf, "%d\n", psmouse->smartscroll);
}
static ssize_t ps2pp_attr_set_smartscroll(struct psmouse *psmouse, void *data,
const char *buf, size_t count)
{
Reported by FlawFinder.
drivers/gpu/drm/msm/msm_gem.h
1 issues
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct drm_mm_node *vram_node;
char name[32]; /* Identifier to print for the debugfs files */
int active_count;
int pin_count;
};
#define to_msm_bo(x) container_of(x, struct msm_gem_object, base)
Reported by FlawFinder.
drivers/gpu/drm/msm/msm_gem.c
1 issues
Line: 1437
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
va_start(ap, fmt);
vsnprintf(msm_obj->name, sizeof(msm_obj->name), fmt, ap);
va_end(ap);
}
Reported by FlawFinder.
drivers/gpu/drm/msm/msm_fence.h
1 issues
Line: 14
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct msm_fence_context {
struct drm_device *dev;
char name[32];
unsigned context;
/* last_fence == completed_fence --> no pending work */
uint32_t last_fence; /* last assigned fence */
uint32_t completed_fence; /* last completed fence */
wait_queue_head_t event;
Reported by FlawFinder.
drivers/leds/trigger/ledtrig-tty.c
1 issues
Line: 33
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
mutex_lock(&trigger_data->mutex);
if (trigger_data->ttyname)
len = sprintf(buf, "%s\n", trigger_data->ttyname);
mutex_unlock(&trigger_data->mutex);
return len;
}
Reported by FlawFinder.
drivers/md/dm-cache-background-tracker.c
1 issues
Line: 190
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!w)
return -ENOMEM;
memcpy(&w->work, work, sizeof(*work));
if (!__insert_pending(b, w)) {
/*
* There was a race, we'll just ignore this second
* bit of work for the same oblock.
Reported by FlawFinder.
drivers/gpu/drm/msm/msm_fence.c
1 issues
Line: 23
Column: 2
CWE codes:
120
return ERR_PTR(-ENOMEM);
fctx->dev = dev;
strncpy(fctx->name, name, sizeof(fctx->name));
fctx->context = dma_fence_context_alloc(1);
init_waitqueue_head(&fctx->event);
spin_lock_init(&fctx->spinlock);
return fctx;
Reported by FlawFinder.