The following issues were found
drivers/dma/imx-dma.c
1 issues
Line: 712
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct imxdma_channel *imxdmac = to_imxdma_chan(chan);
memcpy(&imxdmac->config, dmaengine_cfg, sizeof(*dmaengine_cfg));
return 0;
}
static enum dma_status imxdma_tx_status(struct dma_chan *chan,
Reported by FlawFinder.
drivers/acpi/acpica/nspredef.c
1 issues
Line: 197
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
union acpi_operand_object *return_object = *return_object_ptr;
acpi_status status = AE_OK;
char type_buffer[96]; /* Room for 10 types */
/* A Namespace node should not get here, but make sure */
if (return_object &&
ACPI_GET_DESCRIPTOR_TYPE(return_object) == ACPI_DESC_TYPE_NAMED) {
Reported by FlawFinder.
drivers/dma/k3dma.c
1 issues
Line: 660
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct k3_dma_chan *c = to_k3_chan(chan);
memcpy(&c->slave_config, cfg, sizeof(*cfg));
return 0;
}
static int k3_dma_config_write(struct dma_chan *chan,
Reported by FlawFinder.
drivers/dma/lgm/lgm-dma.c
1 issues
Line: 197
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ldma_chan {
struct virt_dma_chan vchan;
struct ldma_port *port; /* back pointer */
char name[8]; /* Channel name */
int nr; /* Channel id in hardware */
u32 flags; /* central way or channel based way */
enum ldma_chan_on_off onoff;
dma_addr_t desc_phys;
void *desc_base; /* Virtual address */
Reported by FlawFinder.
drivers/dma/mediatek/mtk-uart-apdma.c
1 issues
Line: 388
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct mtk_chan *c = to_mtk_uart_apdma_chan(chan);
memcpy(&c->cfg, config, sizeof(*config));
return 0;
}
static int mtk_uart_apdma_terminate_all(struct dma_chan *chan)
Reported by FlawFinder.
drivers/dma/mmp_pdma.c
1 issues
Line: 745
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct mmp_pdma_chan *chan = to_mmp_pdma_chan(dchan);
memcpy(&chan->slave_config, cfg, sizeof(*cfg));
return 0;
}
static int mmp_pdma_terminate_all(struct dma_chan *dchan)
{
Reported by FlawFinder.
drivers/dma/mmp_tdma.c
1 issues
Line: 511
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct mmp_tdma_chan *tdmac = to_mmp_tdma_chan(chan);
memcpy(&tdmac->slave_config, dmaengine_cfg, sizeof(*dmaengine_cfg));
return 0;
}
static int mmp_tdma_config_write(struct dma_chan *chan,
Reported by FlawFinder.
drivers/dma/mv_xor_v2.c
1 issues
Line: 323
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the HW descriptor from the SW descriptor to the DESQ */
dest_hw_desc = xor_dev->hw_desq_virt + xor_dev->hw_queue_idx;
memcpy(dest_hw_desc, &sw_desc->hw_desc, xor_dev->desc_size);
xor_dev->npendings++;
xor_dev->hw_queue_idx++;
if (xor_dev->hw_queue_idx >= MV_XOR_V2_DESC_NUM)
xor_dev->hw_queue_idx = 0;
Reported by FlawFinder.
drivers/dma/nbpfaxi.c
1 issues
Line: 207
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tasklet_struct tasklet;
void __iomem *base;
struct nbpf_device *nbpf;
char name[16];
int irq;
dma_addr_t slave_src_addr;
size_t slave_src_width;
size_t slave_src_burst;
dma_addr_t slave_dst_addr;
Reported by FlawFinder.
drivers/dma/owl-dma.c
1 issues
Line: 732
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
config->dst_addr_width == DMA_SLAVE_BUSWIDTH_8_BYTES)
return -EINVAL;
memcpy(&vchan->cfg, config, sizeof(struct dma_slave_config));
return 0;
}
static int owl_dma_pause(struct dma_chan *chan)
Reported by FlawFinder.