The following issues were found
drivers/tee/optee/call.c
1 issues
Line: 241
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
OPTEE_MSG_ATTR_META;
msg_arg->params[1].attr = OPTEE_MSG_ATTR_TYPE_VALUE_INPUT |
OPTEE_MSG_ATTR_META;
memcpy(&msg_arg->params[0].u.value, arg->uuid, sizeof(arg->uuid));
msg_arg->params[1].u.value.c = arg->clnt_login;
rc = tee_session_calc_client_uuid(&client_uuid, arg->clnt_login,
arg->clnt_uuid);
if (rc)
Reported by FlawFinder.
drivers/tee/optee/supp.c
1 issues
Line: 285
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*func = req->func;
*num_params = req->num_params + num_meta;
memcpy(param + num_meta, req->param,
sizeof(struct tee_param) * req->num_params);
return 0;
}
Reported by FlawFinder.
drivers/video/fbdev/matrox/matroxfb_g450.c
1 issues
Line: 157
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
i = p->id;
*p = disctrl;
p->id = i;
sprintf(p->name, "Ctrl #%08X", i);
return 0;
}
return -EINVAL;
}
Reported by FlawFinder.
drivers/tee/tee_private.h
1 issues
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @pool: shared memory pool
*/
struct tee_device {
char name[TEE_MAX_DEV_NAME_LEN];
const struct tee_desc *desc;
int id;
unsigned int flags;
struct device dev;
Reported by FlawFinder.
drivers/thermal/gov_user_space.c
1 issues
Line: 27
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int notify_user_space(struct thermal_zone_device *tz, int trip)
{
char *thermal_prop[5];
int i;
mutex_lock(&tz->lock);
thermal_prop[0] = kasprintf(GFP_KERNEL, "NAME=%s", tz->type);
thermal_prop[1] = kasprintf(GFP_KERNEL, "TEMP=%d", tz->temperature);
Reported by FlawFinder.
drivers/soc/renesas/renesas-soc.c
1 issues
Line: 17
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct renesas_family {
const char name[16];
u32 reg; /* CCCR or PRR, if not in DT */
};
static const struct renesas_family fam_rcar_gen1 __initconst __maybe_unused = {
.name = "R-Car Gen1",
Reported by FlawFinder.
drivers/video/fbdev/matrox/matroxfb_maven.c
1 issues
Line: 1049
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
i = p->id;
*p = disctrl;
p->id = i;
sprintf(p->name, "Ctrl #%08X", i);
return 0;
}
return -EINVAL;
}
Reported by FlawFinder.
drivers/thermal/intel/intel_bxt_pmic_thermal.c
1 issues
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct thermal_irq_map {
char handle[20];
int num_trips;
const struct trip_config_map *trip_config;
};
struct pmic_thermal_data {
Reported by FlawFinder.
drivers/thermal/intel/intel_soc_dts_iosf.c
1 issues
Line: 287
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool notification_support, int trip_cnt,
int read_only_trip_cnt)
{
char name[10];
unsigned long trip;
int trip_count = 0;
int trip_mask = 0;
int writable_trip_cnt = 0;
unsigned long ptps;
Reported by FlawFinder.
drivers/thermal/intel/therm_throt.c
1 issues
Line: 146
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
\
preempt_disable(); /* CPU hotplug */ \
if (cpu_online(cpu)) { \
ret = sprintf(buf, "%lu\n", \
per_cpu(thermal_state, cpu).event.name); \
} else \
ret = 0; \
preempt_enable(); \
\
Reported by FlawFinder.