The following issues were found
drivers/char/ds1620.c
1 issues
Line: 79
CWE codes:
908
static inline void netwinder_lock(unsigned long *flags)
{
raw_spin_lock_irqsave(&nw_gpio_lock, *flags);
}
static inline void netwinder_unlock(unsigned long *flags)
{
raw_spin_unlock_irqrestore(&nw_gpio_lock, *flags);
Reported by Cppcheck.
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c
1 issues
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct amdgpu_device *adev = smu->adev;
const char *chip_name;
char fw_name[SMU_FW_NAME_LEN];
int err = 0;
const struct smc_firmware_header_v1_0 *hdr;
const struct common_firmware_header *header;
struct amdgpu_firmware_info *ucode = NULL;
Reported by FlawFinder.
drivers/char/hw_random/exynos-trng.c
1 issues
Line: 67
CWE codes:
908
writel_relaxed(max * 8, trng->mem + EXYNOS_TRNG_FIFO_CTRL);
val = readl_poll_timeout(trng->mem + EXYNOS_TRNG_FIFO_CTRL, val,
val == 0, 200, 1000000);
if (val < 0)
return val;
memcpy_fromio(data, trng->mem + EXYNOS_TRNG_FIFO_0, max);
Reported by Cppcheck.
drivers/char/hw_random/iproc-rng200.c
1 issues
Line: 139
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Buffer can only store partial word */
uint32_t rnd_number = ioread32(priv->base +
RNG_FIFO_DATA_OFFSET);
memcpy(buf, &rnd_number, num_remaining);
buf += num_remaining;
num_remaining = 0;
}
/* Reset the IDLE timeout */
Reported by FlawFinder.
drivers/char/hw_random/omap3-rom-rng.c
1 issues
Line: 126
Column: 18
CWE codes:
120
20
ddata->ops.name = "omap3-rom";
ddata->ops.read = of_device_get_match_data(&pdev->dev);
ddata->ops.quality = 900;
if (!ddata->ops.read) {
dev_err(&pdev->dev, "missing rom code handler\n");
return -ENODEV;
}
dev_set_drvdata(ddata->dev, ddata);
Reported by FlawFinder.
drivers/char/hw_random/pseries-rng.c
1 issues
Line: 26
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_err_ratelimited("H_RANDOM call failed %d\n", rc);
return -EIO;
}
memcpy(data, buffer, 8);
/* The hypervisor interface returns 64 bits */
return 8;
}
Reported by FlawFinder.
drivers/char/hw_random/via-rng.c
1 issues
Line: 89
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int via_rng_data_present(struct hwrng *rng, int wait)
{
char buf[16 + PADLOCK_ALIGNMENT - STACK_ALIGN] __attribute__
((aligned(STACK_ALIGN)));
u32 *via_rng_datum = (u32 *)PTR_ALIGN(&buf[0], PADLOCK_ALIGNMENT);
u32 bytes_out;
int i;
Reported by FlawFinder.
drivers/char/ipmi/ipmb_dev_int.c
1 issues
Line: 215
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!queue_elem)
return;
memcpy(&queue_elem->request, &ipmb_dev->request,
sizeof(struct ipmb_msg));
list_add(&queue_elem->list, &ipmb_dev->request_queue);
atomic_inc(&ipmb_dev->request_queue_len);
wake_up_all(&ipmb_dev->wait_queue);
}
Reported by FlawFinder.
drivers/atm/iphase.h
1 issues
drivers/char/ipmi/ipmi_dmi.c
1 issues
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
type = data[DMI_IPMI_TYPE];
slave_addr = data[DMI_IPMI_SLAVEADDR];
memcpy(&base_addr, data + DMI_IPMI_ADDR, sizeof(unsigned long));
if (!base_addr) {
pr_err("Base address is zero, assuming no IPMI interface\n");
return;
}
if (len >= DMI_IPMI_VER2_LENGTH) {
Reported by FlawFinder.