The following issues were found
drivers/hwtracing/coresight/coresight-tmc-etr.c
1 issues
Line: 1471
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
bytes = min(bytes, (long)(PAGE_SIZE - pg_offset));
memcpy(dst_pages[pg_idx] + pg_offset, src_buf, bytes);
to_copy -= bytes;
/* Move destination pointers */
pg_offset += bytes;
Reported by FlawFinder.
drivers/gpu/drm/i915/intel_runtime_pm.c
1 issues
Line: 278
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_irq(&rpm->debug.lock);
dbg.count = rpm->debug.count;
if (dbg.count <= alloc) {
memcpy(dbg.owners,
rpm->debug.owners,
dbg.count * sizeof(*s));
}
dbg.last_acquire = rpm->debug.last_acquire;
dbg.last_release = rpm->debug.last_release;
Reported by FlawFinder.
drivers/i3c/master/mipi-i3c-hci/pio.c
1 issues
Line: 442
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* treat last word specially because of partial word issues */
chunk -= 1;
memcpy(xfer->data, from, chunk * 4);
xfer->data_left -= chunk * 4;
from += chunk;
count -= chunk;
last_word = (count == 1) ? from_last : *from++;
Reported by FlawFinder.
drivers/i3c/master/svc-i3c-master.c
1 issues
Line: 1081
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
buf[0] = ccc->id;
memcpy(&buf[1], ccc->dests[0].payload.data, ccc->dests[0].payload.len);
xfer->type = SVC_I3C_MCTRL_TYPE_I3C;
cmd = &xfer->cmds[0];
cmd->addr = ccc->dests[0].addr;
Reported by FlawFinder.
drivers/hwtracing/coresight/coresight-tmc-etf.c
1 issues
Line: 62
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
read_data = readl_relaxed(drvdata->base + TMC_RRD);
if (read_data == 0xFFFFFFFF)
break;
memcpy(bufp, &read_data, 4);
bufp += 4;
drvdata->len += 4;
}
if (lost)
Reported by FlawFinder.
drivers/iio/accel/bma400_spi.c
1 issues
Line: 42
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* > For a basic read operation two bytes have to be read and the first
* > has to be dropped and the second byte must be interpreted.
*/
memcpy(val, result + 1, val_size);
return 0;
}
static int bma400_regmap_spi_write(void *context, const void *data,
Reported by FlawFinder.
drivers/hwtracing/coresight/coresight-sysfs.c
1 issues
Line: 22
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct coresight_device *csdev = to_coresight_device(dev);
return sprintf(buf, "%d\n", csdev->nr_links);
}
static DEVICE_ATTR_RO(nr_links);
static struct attribute *coresight_conns_attrs[] = {
&dev_attr_nr_links.attr,
Reported by FlawFinder.
drivers/iio/accel/bmc150-accel-i2c.c
1 issues
Line: 134
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct bmc150_accel_data *data = iio_priv(i2c_get_clientdata(client));
struct acpi_device *adev = ACPI_COMPANION(&client->dev);
char dev_name[16];
struct i2c_board_info board_info = {
.type = "bmc150_accel",
.dev_name = dev_name,
.fwnode = client->dev.fwnode,
};
Reported by FlawFinder.
drivers/iommu/amd/iommu.c
1 issues
Line: 825
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy command to buffer */
tail = iommu->cmd_buf_tail;
target = iommu->cmd_buf + tail;
memcpy(target, cmd, sizeof(*cmd));
tail = (tail + sizeof(*cmd)) % CMD_BUFFER_SIZE;
iommu->cmd_buf_tail = tail;
/* Tell the IOMMU about it */
Reported by FlawFinder.
drivers/iio/accel/fxls8962af-core.c
1 issues
Line: 715
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
j = 0;
for_each_set_bit(bit, indio_dev->active_scan_mask,
indio_dev->masklength) {
memcpy(&data->scan.channels[j++], &buffer[i * 3 + bit],
sizeof(data->scan.channels[0]));
}
iio_push_to_buffers_with_timestamp(indio_dev, &data->scan,
tstamp);
Reported by FlawFinder.