The following issues were found
drivers/staging/media/imx/imx-media-fim.c
1 issues
Line: 76
CWE codes:
476
static void update_fim_nominal(struct imx_media_fim *fim,
const struct v4l2_fract *fi)
{
if (fi->denominator == 0) {
dev_dbg(fim->sd->dev, "no frame interval, FIM disabled\n");
fim->enabled = false;
return;
}
Reported by Cppcheck.
drivers/staging/media/ipu3/ipu3-abi.h
1 issues
Line: 1741
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct imgu_abi_isp_stage {
struct imgu_abi_blob_info blob_info;
struct imgu_abi_binary_info binary_info;
char binary_name[IMGU_ABI_MAX_BINARY_NAME];
struct imgu_abi_isp_param_segments mem_initializers;
} __packed;
/***** struct imgu_abi_ddr_address_map and parameter set *****/
Reported by FlawFinder.
drivers/staging/media/ipu3/ipu3-css-fw.c
1 issues
Line: 251
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
r = -ENOMEM;
goto error_out;
}
memcpy(css->binary[i].vaddr, blob, size);
}
return 0;
bad_fw:
Reported by FlawFinder.
drivers/staging/media/ipu3/ipu3-css-fw.h
1 issues
Line: 167
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct imgu_fw_bi_file_h {
char version[64]; /* branch tag + week day + time */
int binary_nr; /* Number of binaries */
unsigned int h_size; /* sizeof(struct imgu_fw_bi_file_h) */
};
struct imgu_fw_header {
Reported by FlawFinder.
drivers/staging/media/meson/vdec/codec_h264.c
1 issues
Line: 248
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(h264->ext_fw_vaddr, data, SIZE_EXT_FW);
sess->priv = h264;
return 0;
}
Reported by FlawFinder.
drivers/video/fbdev/gbefb.c
1 issues
Line: 820
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
struct fb_var_screeninfo *var)
{
memset(fix, 0, sizeof(struct fb_fix_screeninfo));
strcpy(fix->id, "SGI GBE");
fix->smem_start = (unsigned long) gbe_mem;
fix->smem_len = gbe_mem_size;
fix->type = FB_TYPE_PACKED_PIXELS;
fix->type_aux = 0;
fix->accel = FB_ACCEL_NONE;
Reported by FlawFinder.
drivers/staging/media/meson/vdec/esparser.c
1 issues
Line: 268
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!eos_vaddr)
return -ENOMEM;
memcpy(eos_vaddr, data, len);
ret = esparser_write_data(core, eos_paddr, len);
dma_free_coherent(dev, len + SEARCH_PATTERN_LEN,
eos_vaddr, eos_paddr);
return ret;
Reported by FlawFinder.
drivers/staging/media/meson/vdec/vdec_1.c
1 issues
Line: 55
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto release_firmware;
}
memcpy(mc_addr, fw->data, MC_SIZE);
amvdec_write_dos(core, MPSR, 0);
amvdec_write_dos(core, CPSR, 0);
amvdec_clear_dos_bits(core, MDEC_PIC_DC_CTRL, BIT(31));
Reported by FlawFinder.
drivers/staging/media/meson/vdec/vdec_hevc.c
1 issues
Line: 57
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto release_firmware;
}
memcpy(mc_addr, fw->data, MC_SIZE);
amvdec_write_dos(core, HEVC_MPSR, 0);
amvdec_write_dos(core, HEVC_CPSR, 0);
amvdec_write_dos(core, HEVC_IMEM_DMA_ADR, mc_addr_map);
Reported by FlawFinder.
drivers/staging/media/omap4iss/iss_ipipe.c
1 issues
Line: 228
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case IPIPE_PAD_SOURCE_VP:
format = __ipipe_get_format(ipipe, sd_state, IPIPE_PAD_SINK,
which);
memcpy(fmt, format, sizeof(*fmt));
fmt->code = MEDIA_BUS_FMT_UYVY8_1X16;
fmt->width = clamp_t(u32, width, 32, fmt->width);
fmt->height = clamp_t(u32, height, 32, fmt->height);
fmt->colorspace = V4L2_COLORSPACE_JPEG;
Reported by FlawFinder.