The following issues were found
drivers/hid/hid-thrustmaster.c
1 issues
Line: 165
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
b_ep = ep->desc.bEndpointAddress;
for (i = 0; i < ARRAY_SIZE(setup_arr); ++i) {
memcpy(send_buf, setup_arr[i], setup_arr_sizes[i]);
ret = usb_interrupt_msg(usbdev,
usb_sndintpipe(usbdev, b_ep),
send_buf,
setup_arr_sizes[i],
Reported by FlawFinder.
drivers/hid/hid-steelseries.c
1 issues
Line: 266
Column: 12
CWE codes:
126
steelseries_srws1_set_leds(hdev, 0);
name_sz = strlen(hdev->uniq) + 16;
/* 'ALL', for setting all LEDs simultaneously */
led = kzalloc(sizeof(struct led_classdev)+name_sz, GFP_KERNEL);
if (!led) {
hid_err(hdev, "can't allocate memory for LED ALL\n");
Reported by FlawFinder.
drivers/hid/hid-roccat-common.c
1 issues
Line: 37
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
roccat_common2_feature_report(report_id),
0, buf, size, USB_CTRL_SET_TIMEOUT);
memcpy(data, buf, size);
kfree(buf);
return ((len < 0) ? len : ((len != size) ? -EIO : 0));
}
EXPORT_SYMBOL_GPL(roccat_common2_receive);
Reported by FlawFinder.
drivers/gpu/drm/i915/gvt/debugfs.c
1 issues
Line: 160
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
void intel_gvt_debugfs_add_vgpu(struct intel_vgpu *vgpu)
{
char name[16] = "";
snprintf(name, 16, "vgpu%d", vgpu->id);
vgpu->debugfs = debugfs_create_dir(name, vgpu->gvt->debugfs_root);
debugfs_create_bool("active", 0444, vgpu->debugfs, &vgpu->active);
Reported by FlawFinder.
drivers/hid/hid-picolcd_leds.c
1 issues
Line: 100
Column: 19
CWE codes:
126
{
struct device *dev = &data->hdev->dev;
struct led_classdev *led;
size_t name_sz = strlen(dev_name(dev)) + 8;
char *name;
int i, ret = 0;
if (!report)
return -ENODEV;
Reported by FlawFinder.
drivers/gpu/drm/i915/gvt/cmd_parser.c
1 issues
Line: 3060
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bb_start_sva = (unsigned char *)wa_ctx->indirect_ctx.shadow_va +
wa_ctx->indirect_ctx.size;
memcpy(bb_start_sva, per_ctx_start, CACHELINE_BYTES);
return 0;
}
int intel_gvt_scan_and_shadow_wa_ctx(struct intel_shadow_wa_ctx *wa_ctx)
Reported by FlawFinder.
drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c
1 issues
Line: 766
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = -EMSGSIZE;
}
if (datalen)
memcpy(req->response_buf, response->msg + 3, 4 * datalen);
req->response_len = datalen;
WRITE_ONCE(req->status, status);
found = true;
break;
}
Reported by FlawFinder.
drivers/hid/hid-picolcd_debugfs.c
1 issues
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct picolcd_data *data = ((struct seq_file *)f->private_data)->private;
char buf[32];
size_t cnt = min(count, sizeof(buf)-1);
if (copy_from_user(buf, user_buf, cnt))
return -EFAULT;
while (cnt > 0 && (buf[cnt-1] == ' ' || buf[cnt-1] == '\n'))
Reported by FlawFinder.
drivers/hid/hid-lg-g15.c
1 issues
Line: 324
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ssize_t ret;
mutex_lock(&g15->mutex);
ret = sprintf(buf, "#%02x%02x%02x\n",
g15_led->red, g15_led->green, g15_led->blue);
mutex_unlock(&g15->mutex);
return ret;
}
Reported by FlawFinder.
drivers/hid/hid-lenovo.c
1 issues
Line: 866
Column: 19
CWE codes:
126
static int lenovo_register_leds(struct hid_device *hdev)
{
struct lenovo_drvdata *data = hid_get_drvdata(hdev);
size_t name_sz = strlen(dev_name(&hdev->dev)) + 16;
char *name_mute, *name_micm;
int ret;
name_mute = devm_kzalloc(&hdev->dev, name_sz, GFP_KERNEL);
name_micm = devm_kzalloc(&hdev->dev, name_sz, GFP_KERNEL);
Reported by FlawFinder.