The following issues were found
drivers/dma-buf/dma-buf.c
1 issues
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *dmabuffs_dname(struct dentry *dentry, char *buffer, int buflen)
{
struct dma_buf *dmabuf;
char name[DMA_BUF_NAME_LEN];
size_t ret = 0;
dmabuf = dentry->d_fsdata;
spin_lock(&dmabuf->name_lock);
if (dmabuf->name)
Reported by FlawFinder.
drivers/dma-buf/dma-heap.c
1 issues
Line: 128
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static long dma_heap_ioctl(struct file *file, unsigned int ucmd,
unsigned long arg)
{
char stack_kdata[128];
char *kdata = stack_kdata;
unsigned int kcmd;
unsigned int in_size, out_size, drv_size, ksize;
int nr = _IOC_NR(ucmd);
int ret = 0;
Reported by FlawFinder.
drivers/gpu/drm/bridge/nxp-ptn3460.c
1 issues
Line: 75
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char val)
{
int ret;
char buf[2];
buf[0] = addr;
buf[1] = val;
ret = i2c_master_send(ptn_bridge->client, buf, ARRAY_SIZE(buf));
Reported by FlawFinder.
drivers/dma-buf/sync_debug.h
1 issues
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct sync_timeline {
struct kref kref;
char name[32];
/* protected by lock */
u64 context;
int value;
Reported by FlawFinder.
drivers/acpi/acpica/nsxfeval.c
1 issues
Line: 141
return_ACPI_STATUS(status);
}
ACPI_EXPORT_SYMBOL(acpi_evaluate_object_typed)
/*******************************************************************************
*
* FUNCTION: acpi_evaluate_object
*
Reported by Cppcheck.
drivers/dma/at_hdmac.c
1 issues
Line: 1386
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!chan->private)
return -EINVAL;
memcpy(&atchan->dma_sconfig, sconfig, sizeof(*sconfig));
convert_burst(&atchan->dma_sconfig.src_maxburst);
convert_burst(&atchan->dma_sconfig.dst_maxburst);
return 0;
Reported by FlawFinder.
drivers/dma/bcm2835-dma.c
1 issues
Line: 888
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int irq[BCM2835_DMA_MAX_DMA_CHAN_SUPPORTED + 1];
int irq_flags;
uint32_t chans_available;
char chan_name[BCM2835_DMA_CHAN_NAME_SIZE];
if (!pdev->dev.dma_mask)
pdev->dev.dma_mask = &pdev->dev.coherent_dma_mask;
rc = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(32));
Reported by FlawFinder.
drivers/gpu/drm/bridge/sii902x.c
1 issues
Line: 698
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_lock(&sii902x->mutex);
memcpy(buf, sii902x->connector.eld,
min(sizeof(sii902x->connector.eld), len));
mutex_unlock(&sii902x->mutex);
return 0;
Reported by FlawFinder.
drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c
1 issues
Line: 944
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct axi_dma_chan *chan = dchan_to_axi_dma_chan(dchan);
memcpy(&chan->config, config, sizeof(*config));
return 0;
}
static void axi_chan_dump_lli(struct axi_dma_chan *chan,
Reported by FlawFinder.
drivers/dma/dw-edma/dw-edma-core.c
1 issues
Line: 206
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct dw_edma_chan *chan = dchan2dw_edma_chan(dchan);
memcpy(&chan->config, config, sizeof(*config));
chan->configured = true;
return 0;
}
Reported by FlawFinder.