The following issues were found
drivers/media/platform/qcom/venus/helpers.c
1 issues
Line: 641
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
if (req)
memcpy(req, &hprop.bufreq[i], sizeof(*req));
ret = 0;
break;
}
return ret;
Reported by FlawFinder.
drivers/media/platform/qcom/venus/core.c
1 issues
Line: 50
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(data, mem_va, mem_size);
memunmap(mem_va);
dev_coredumpv(dev, data, mem_size, GFP_KERNEL);
}
static void venus_event_notify(struct venus_core *core, u32 event)
Reported by FlawFinder.
drivers/media/platform/qcom/camss/camss-vfe.h
1 issues
Line: 135
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 id;
void __iomem *base;
u32 irq;
char irq_name[30];
struct camss_clock *clock;
int nclocks;
struct completion reset_complete;
struct completion halt_complete;
struct mutex power_lock;
Reported by FlawFinder.
drivers/media/platform/qcom/camss/camss-vfe.c
1 issues
Line: 1533
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
for (i = 0; i < vfe->line_num; i++) {
char name[32];
sd = &vfe->line[i].subdev;
pads = vfe->line[i].pads;
video_out = &vfe->line[i].video_out;
Reported by FlawFinder.
drivers/media/v4l2-core/v4l2-device.c
1 issues
Line: 64
Column: 12
CWE codes:
126
atomic_t *instance)
{
int num = atomic_inc_return(instance) - 1;
int len = strlen(basename);
if (basename[len - 1] >= '0' && basename[len - 1] <= '9')
snprintf(v4l2_dev->name, sizeof(v4l2_dev->name),
"%s-%d", basename, num);
else
Reported by FlawFinder.
drivers/media/platform/qcom/camss/camss-ispif.h
1 issues
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __iomem *base;
void __iomem *base_clk_mux;
u32 irq;
char irq_name[30];
struct camss_clock *clock;
int nclocks;
struct camss_clock *clock_for_reset;
int nclocks_for_reset;
struct completion reset_complete[MSM_ISPIF_VFE_NUM];
Reported by FlawFinder.
drivers/media/platform/qcom/camss/camss-csiphy.h
1 issues
Line: 67
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __iomem *base;
void __iomem *base_clk_mux;
u32 irq;
char irq_name[30];
struct camss_clock *clock;
bool *rate_set;
int nclocks;
u32 timer_clk_rate;
struct csiphy_config cfg;
Reported by FlawFinder.
drivers/media/platform/qcom/camss/camss-csid.h
1 issues
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct media_pad pads[MSM_CSID_PADS_NUM];
void __iomem *base;
u32 irq;
char irq_name[30];
struct camss_clock *clock;
int nclocks;
struct regulator *vdda;
struct completion reset_complete;
struct csid_testgen_config testgen;
Reported by FlawFinder.
drivers/memory/tegra/tegra20.c
1 issues
Line: 603
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *fmt,
unsigned int percents_fx)
{
char percents_str[8];
snprintf(percents_str, ARRAY_SIZE(percents_str), "%3u.%02u%%",
percents_fx / MC_FX_FRAC_SCALE, percents_fx % MC_FX_FRAC_SCALE);
seq_printf(s, fmt, percents_str);
Reported by FlawFinder.
drivers/media/platform/omap3isp/ispstat.c
1 issues
Line: 524
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data->ts.tv_sec = data64.ts.tv_sec;
data->ts.tv_usec = data64.ts.tv_usec;
memcpy(&data->buf, &data64.buf, sizeof(*data) - sizeof(data->ts));
return 0;
}
/*
Reported by FlawFinder.