Codekhana

drivers/input/serio/hyperv-keyboard.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 125 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			break;
		}

		memcpy(&kbd_dev->protocol_resp, msg,
			sizeof(struct synth_kbd_protocol_response));
		complete(&kbd_dev->wait_event);
		break;

	case SYNTH_KBD_EVENT:

Reported by FlawFinder.

drivers/gpu/drm/msm/dsi/phy/dsi_phy.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 827 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              void msm_dsi_phy_get_shared_timings(struct msm_dsi_phy *phy,
			struct msm_dsi_phy_shared_timings *shared_timings)
{
	memcpy(shared_timings, &phy->timing.shared_timings,
	       sizeof(*shared_timings));
}

void msm_dsi_phy_set_usecase(struct msm_dsi_phy *phy,
			     enum msm_dsi_phy_usecase uc)

Reported by FlawFinder.

drivers/gpu/drm/msm/dsi/dsi.h

1 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 38 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
/* Regulators for DSI devices */
struct dsi_reg_entry {
	char name[32];
	int enable_load;
	int disable_load;
};

struct dsi_reg_config {

Reported by FlawFinder.

drivers/input/serio/libps2.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 245 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return -EINVAL;
	}

	memcpy(send_param, param, send);

	serio_pause_rx(ps2dev->serio);

	ps2dev->flags = command == PS2_CMD_GETID ? PS2_FLAG_WAITID : 0;
	ps2dev->cmdcnt = receive;

Reported by FlawFinder.

drivers/macintosh/adb.c

1 issues

Dangerous assignment - the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.

Error

Line: 449 CWE codes: 562

              	if (flags & ADBREQ_SYNC) {
		WARN_ON(done);
		req->done = adb_sync_req_done;
		req->arg = &comp;
		init_completion(&comp);
	}

	rc = adb_controller->send_request(req, 0);

Reported by Cppcheck.

drivers/gpu/drm/msm/dp/dp_parser.h

1 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 92 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
/* Regulators for DP devices */
struct dp_reg_entry {
	char name[32];
	int enable_load;
	int disable_load;
};

struct dp_regulator_cfg {

Reported by FlawFinder.

drivers/gpu/drm/msm/dp/dp_parser.c

1 issues

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)

Security

Line: 106 Column: 40 CWE codes: 126

              static inline bool dp_parser_check_prefix(const char *clk_prefix,
						const char *clk_name)
{
	return !strncmp(clk_prefix, clk_name, strlen(clk_prefix));
}

static int dp_parser_init_clk_data(struct dp_parser *parser)
{
	int num_clk, i, rc;

Reported by FlawFinder.

drivers/gpu/drm/msm/dp/dp_catalog.h

1 issues

read - Check buffer boundaries if used in a loop including recursive loops

Security

Line: 82 Column: 68 CWE codes: 120 20

              u32 dp_catalog_aux_read_data(struct dp_catalog *dp_catalog);
int dp_catalog_aux_write_data(struct dp_catalog *dp_catalog);
int dp_catalog_aux_write_trans(struct dp_catalog *dp_catalog);
int dp_catalog_aux_clear_trans(struct dp_catalog *dp_catalog, bool read);
int dp_catalog_aux_clear_hw_interrupts(struct dp_catalog *dp_catalog);
void dp_catalog_aux_reset(struct dp_catalog *dp_catalog);
void dp_catalog_aux_enable(struct dp_catalog *dp_catalog, bool enable);
void dp_catalog_aux_update_cfg(struct dp_catalog *dp_catalog);
u32 dp_catalog_aux_get_irq(struct dp_catalog *dp_catalog);

Reported by FlawFinder.

drivers/input/sparse-keymap.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 124 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              				ke->index =
					sparse_keymap_get_key_index(dev, key);
			ke->len = sizeof(key->code);
			memcpy(ke->scancode, &key->code, sizeof(key->code));
			return 0;
		}
	}

	return -EINVAL;

Reported by FlawFinder.

drivers/gpu/drm/msm/dp/dp_audio.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 486 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return -ENODEV;
	}

	memcpy(buf, dp_display->connector->eld,
		min(sizeof(dp_display->connector->eld), len));

	return 0;
}

Reported by FlawFinder.

Modal title

The following issues were found

drivers/input/serio/hyperv-keyboard.c

1 issues

drivers/gpu/drm/msm/dsi/phy/dsi_phy.c

1 issues

drivers/gpu/drm/msm/dsi/dsi.h

1 issues

drivers/input/serio/libps2.c

1 issues

drivers/macintosh/adb.c

1 issues

drivers/gpu/drm/msm/dp/dp_parser.h

1 issues

drivers/gpu/drm/msm/dp/dp_parser.c

1 issues

drivers/gpu/drm/msm/dp/dp_catalog.h

1 issues

drivers/input/sparse-keymap.c

1 issues

drivers/gpu/drm/msm/dp/dp_audio.c

1 issues