The following issues were found
drivers/hid/hid-elo.c
1 issues
Line: 31
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct elo_priv {
struct usb_device *usbdev;
struct delayed_work work;
unsigned char buffer[ELO_SMARTSET_PACKET_SIZE];
};
static struct workqueue_struct *wq;
static bool use_fw_quirk = true;
module_param(use_fw_quirk, bool, S_IRUGO);
Reported by FlawFinder.
drivers/gpu/drm/gma500/oaktrail_hdmi_i2c.c
1 issues
Line: 186
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset = i2c_dev->buf_offset;
for (i = 0; i < 0x10; i++) {
temp = HDMI_READ(HDMI_HI2CRDB0 + (i * 4));
memcpy(buf + (offset + i * 4), &temp, 4);
}
i2c_dev->buf_offset += (0x10 * 4);
/* clearing read buffer full intr */
temp = HDMI_READ(HDMI_HISR);
Reported by FlawFinder.
drivers/greybus/manifest.c
1 issues
Line: 288
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
i = 0;
list_for_each_entry_safe(desc, next, &list, links) {
desc_cport = desc->data;
memcpy(&bundle->cport_desc[i++], desc_cport,
sizeof(*desc_cport));
/* Release the cport descriptor */
release_manifest_descriptor(desc);
}
Reported by FlawFinder.
drivers/isdn/hardware/mISDN/isar.h
1 issues
Line: 44
Column: 9
CWE codes:
362
int (*ctrl)(void *, u32, u_long);
void (*release)(struct isar_hw *);
int (*init)(struct isar_hw *);
int (*open)(struct isar_hw *, struct channel_req *);
int (*firmware)(struct isar_hw *, const u8 *, int);
unsigned long Flags;
int version;
u8 bstat;
u8 iis;
Reported by FlawFinder.
drivers/greybus/hd.c
1 issues
Line: 38
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct gb_host_device *hd = to_gb_host_device(dev);
return sprintf(buf, "%d\n", hd->bus_id);
}
static DEVICE_ATTR_RO(bus_id);
static struct attribute *bus_attrs[] = {
&dev_attr_bus_id.attr,
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/uvd_v5_0.c
1 issues
Line: 118
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return r;
ring = &adev->uvd.inst->ring;
sprintf(ring->name, "uvd");
r = amdgpu_ring_init(adev, ring, 512, &adev->uvd.inst->irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/vce_v2_0.c
1 issues
Line: 435
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < adev->vce.num_rings; i++) {
ring = &adev->vce.ring[i];
sprintf(ring->name, "vce%d", i);
r = amdgpu_ring_init(adev, ring, 512, &adev->vce.irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
}
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/vce_v3_0.c
1 issues
Line: 444
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < adev->vce.num_rings; i++) {
ring = &adev->vce.ring[i];
sprintf(ring->name, "vce%d", i);
r = amdgpu_ring_init(adev, ring, 512, &adev->vce.irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
}
Reported by FlawFinder.
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
1 issues
Line: 1916
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
amdkfd_ioctl_t *func;
const struct amdkfd_ioctl_desc *ioctl = NULL;
unsigned int nr = _IOC_NR(cmd);
char stack_kdata[128];
char *kdata = NULL;
unsigned int usize, asize;
int retcode = -EINVAL;
if (nr >= AMDKFD_CORE_IOCTL_COUNT)
Reported by FlawFinder.
crypto/rsa-pkcs1pad.c
1 issues
Line: 415
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
req_ctx->in_buf[ps_end] = 0x00;
if (digest_info)
memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,
digest_info->size);
pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
ctx->key_size - 1 - req->src_len, req->src);
Reported by FlawFinder.