The following issues were found
drivers/media/platform/ti-vpe/vpdma.c
1 issues
Line: 1093
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto rel_fw;
}
memcpy(fw_dma_buf.addr, f->data, f->size);
vpdma_map_desc_buf(vpdma, &fw_dma_buf);
write_reg(vpdma, VPDMA_LIST_ADDR, (u32) fw_dma_buf.dma_addr);
Reported by FlawFinder.
drivers/media/platform/ti-vpe/cal-camerarx.c
1 issues
Line: 512
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int cal_camerarx_parse_dt(struct cal_camerarx *phy)
{
struct v4l2_fwnode_endpoint *endpoint = &phy->endpoint;
char data_lanes[V4L2_FWNODE_CSI2_MAX_DATA_LANES * 2];
struct device_node *ep_node;
unsigned int i;
int ret;
/*
Reported by FlawFinder.
drivers/media/dvb-frontends/as102_fe.c
1 issues
Line: 461
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
state->elna_cfg = elna_cfg;
/* init frontend callback ops */
memcpy(&fe->ops, &as102_fe_ops, sizeof(struct dvb_frontend_ops));
strscpy(fe->ops.info.name, name, sizeof(fe->ops.info.name));
return fe;
}
Reported by FlawFinder.
drivers/media/platform/stm32/stm32-dcmi.c
1 issues
Line: 1668
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(dcmi->sd_formats, sd_fmts,
num_fmts * sizeof(struct dcmi_format *));
dcmi->sd_format = dcmi->sd_formats[0];
return 0;
}
Reported by FlawFinder.
drivers/media/usb/go7007/go7007-v4l2.c
1 issues
Line: 824
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case V4L2_CID_DETECT_MD_REGION_GRID:
mt = go->modet_map;
for (y = 0; y < go->height / 16; y++, mt += go->width / 16)
memcpy(mt, ctrl->p_new.p_u8 + y * (720 / 16), go->width / 16);
break;
default:
return -EINVAL;
}
return 0;
Reported by FlawFinder.
drivers/media/dvb-frontends/af9013.c
1 issues
Line: 1301
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0] = (reg >> 8) & 0xff;
buf[1] = (reg >> 0) & 0xff;
buf[2] = cmd;
memcpy(&buf[3], val, len);
if (lock)
i2c_lock_bus(client->adapter, I2C_LOCK_SEGMENT);
ret = __i2c_transfer(client->adapter, msg, 1);
if (lock)
Reported by FlawFinder.
drivers/media/usb/gspca/conex.c
1 issues
Line: 109
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gspca_dbg(gspca_dev, D_USBO, "reg write [%02x] = %02x..\n",
index, *buffer);
memcpy(gspca_dev->usb_buf, buffer, len);
usb_control_msg(dev,
usb_sndctrlpipe(dev, 0),
0,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
0,
Reported by FlawFinder.
drivers/media/usb/gspca/etoms.c
1 issues
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gspca_dbg(gspca_dev, D_USBO, "reg write [%02x] = %02x..\n",
index, *buffer);
memcpy(gspca_dev->usb_buf, buffer, len);
usb_control_msg(dev,
usb_sndctrlpipe(dev, 0),
0,
USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_INTERFACE,
0, index, gspca_dev->usb_buf, len, 500);
Reported by FlawFinder.
drivers/media/usb/gspca/finepix.c
1 issues
Line: 57
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{0xd3, 0, 0, 0, 0, 0, 0, 0x01, 0, 0, 0, 0}, /* fr req */
};
memcpy(gspca_dev->usb_buf, order_values[order], 12);
return usb_control_msg(gspca_dev->dev,
usb_sndctrlpipe(gspca_dev->dev, 0),
USB_REQ_GET_STATUS,
USB_DIR_OUT | USB_TYPE_CLASS |
USB_RECIP_INTERFACE, 0, 0, gspca_dev->usb_buf,
Reported by FlawFinder.
drivers/media/usb/gspca/gspca.c
1 issues
Line: 436
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
*/
memcpy(gspca_dev->image + gspca_dev->image_len,
data, len);
gspca_dev->image_len += len;
}
}
gspca_dev->last_packet_type = packet_type;
Reported by FlawFinder.