The following issues were found
drivers/firmware/efi/mokvar-table.c
1 issues
Line: 282
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (count > mokvar_entry->data_size - off)
count = mokvar_entry->data_size - off;
memcpy(buf, mokvar_entry->data + off, count);
return count;
}
/*
* efi_mokvar_sysfs_init() - Map EFI MOK config table and create sysfs
Reported by FlawFinder.
drivers/firmware/efi/rci2-table.c
1 issues
Line: 47
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct bin_attribute *attr, char *buf,
loff_t pos, size_t count)
{
memcpy(buf, attr->private + pos, count);
return count;
}
static BIN_ATTR(rci2, S_IRUSR, raw_table_read, NULL, 0);
Reported by FlawFinder.
drivers/firmware/google/coreboot_table.c
1 issues
Line: 106
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
device->dev.parent = dev;
device->dev.bus = &coreboot_bus_type;
device->dev.release = coreboot_device_release;
memcpy(&device->entry, ptr_entry, entry->size);
ret = device_register(&device->dev);
if (ret) {
put_device(&device->dev);
return ret;
Reported by FlawFinder.
drivers/firmware/google/coreboot_table.h
1 issues
Line: 19
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Coreboot table header structure */
struct coreboot_table_header {
char signature[4];
u32 header_bytes;
u32 header_checksum;
u32 table_bytes;
u32 table_checksum;
u32 table_entries;
Reported by FlawFinder.
drivers/firmware/google/vpd.c
1 issues
Line: 257
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!temp)
return -ENOMEM;
memcpy(&header, temp, sizeof(struct vpd_cbmem));
memunmap(temp);
if (header.magic != VPD_CBMEM_MAGIC)
return -ENODEV;
Reported by FlawFinder.
drivers/firmware/imx/scu-pd.c
1 issues
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define IMX_SCU_PD_NAME_SIZE 20
struct imx_sc_pm_domain {
struct generic_pm_domain pd;
char name[IMX_SCU_PD_NAME_SIZE];
u32 rsrc;
};
struct imx_sc_pd_range {
char *name;
Reported by FlawFinder.
drivers/acpi/acpica/dbfileio.c
1 issues
Line: 59
Column: 24
CWE codes:
362
{
acpi_db_close_debug_file();
acpi_gbl_debug_file = fopen(name, "w+");
if (!acpi_gbl_debug_file) {
acpi_os_printf("Could not open debug file %s\n", name);
return;
}
Reported by FlawFinder.
drivers/acpi/acpica/dbconvert.c
1 issues
Line: 232
Column: 32
CWE codes:
126
object->type = ACPI_TYPE_STRING;
object->string.pointer = string;
object->string.length = (u32)strlen(string);
break;
case ACPI_TYPE_BUFFER:
status = acpi_db_convert_to_buffer(string, object);
Reported by FlawFinder.
drivers/acpi/acpica/acinterp.h
1 issues
Line: 478
Column: 32
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void acpi_ex_integer_to_string(char *dest, u64 value);
void acpi_ex_pci_cls_to_string(char *dest, u8 class_code[3]);
u8 acpi_is_valid_space_id(u8 space_id);
/*
* exregion - default op_region handlers
Reported by FlawFinder.
drivers/acpi/acpica/acapps.h
1 issues
Line: 58
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf ("Usage: %s\nOptions:\n", usage);
#define ACPI_USAGE_TEXT(description) \
printf (description);
#define ACPI_OPTION(name, description) \
printf (" %-20s%s\n", name, description);
/* Check for unexpected exceptions */
Reported by FlawFinder.