The following issues were found
drivers/gpu/drm/drm_fb_helper.c
7 issues
Line: 963
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
g = r + crtc->gamma_size;
b = g + crtc->gamma_size;
memcpy(r + cmap->start, cmap->red, cmap->len * sizeof(*r));
memcpy(g + cmap->start, cmap->green, cmap->len * sizeof(*g));
memcpy(b + cmap->start, cmap->blue, cmap->len * sizeof(*b));
ret = crtc->funcs->gamma_set(crtc, r, g, b,
crtc->gamma_size, NULL);
Reported by FlawFinder.
Line: 964
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
b = g + crtc->gamma_size;
memcpy(r + cmap->start, cmap->red, cmap->len * sizeof(*r));
memcpy(g + cmap->start, cmap->green, cmap->len * sizeof(*g));
memcpy(b + cmap->start, cmap->blue, cmap->len * sizeof(*b));
ret = crtc->funcs->gamma_set(crtc, r, g, b,
crtc->gamma_size, NULL);
if (ret)
Reported by FlawFinder.
Line: 965
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(r + cmap->start, cmap->red, cmap->len * sizeof(*r));
memcpy(g + cmap->start, cmap->green, cmap->len * sizeof(*g));
memcpy(b + cmap->start, cmap->blue, cmap->len * sizeof(*b));
ret = crtc->funcs->gamma_set(crtc, r, g, b,
crtc->gamma_size, NULL);
if (ret)
goto out;
Reported by FlawFinder.
Line: 1086
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
g = r + crtc->gamma_size;
b = g + crtc->gamma_size;
memcpy(r + cmap->start, cmap->red, cmap->len * sizeof(*r));
memcpy(g + cmap->start, cmap->green, cmap->len * sizeof(*g));
memcpy(b + cmap->start, cmap->blue, cmap->len * sizeof(*b));
}
out_state:
Reported by FlawFinder.
Line: 1087
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
b = g + crtc->gamma_size;
memcpy(r + cmap->start, cmap->red, cmap->len * sizeof(*r));
memcpy(g + cmap->start, cmap->green, cmap->len * sizeof(*g));
memcpy(b + cmap->start, cmap->blue, cmap->len * sizeof(*b));
}
out_state:
if (ret == -EDEADLK)
Reported by FlawFinder.
Line: 1088
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(r + cmap->start, cmap->red, cmap->len * sizeof(*r));
memcpy(g + cmap->start, cmap->green, cmap->len * sizeof(*g));
memcpy(b + cmap->start, cmap->blue, cmap->len * sizeof(*b));
}
out_state:
if (ret == -EDEADLK)
goto backoff;
Reported by FlawFinder.
Line: 1672
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (ret < 0)
return ret;
strcpy(fb_helper->fb->comm, "[fbcon]");
return 0;
}
static void drm_fb_helper_fill_fix(struct fb_info *info, uint32_t pitch,
uint32_t depth)
Reported by FlawFinder.
drivers/firmware/efi/efi-pstore.c
7 issues
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pstore_record *record)
{
efi_guid_t vendor = LINUX_EFI_CRASH_GUID;
char name[DUMP_NAME_LEN], data_type;
int i;
int cnt;
unsigned int part;
unsigned long size;
u64 time;
Reported by FlawFinder.
Line: 102
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__efivar_entry_get(entry, &entry->var.Attributes,
&entry->var.DataSize, entry->var.Data);
size = entry->var.DataSize;
memcpy(record->buf, entry->var.Data,
(size_t)min_t(unsigned long, EFIVARS_DATA_SIZE_MAX, size));
return size;
}
Reported by FlawFinder.
Line: 249
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int efi_pstore_write(struct pstore_record *record)
{
char name[DUMP_NAME_LEN];
efi_char16_t efi_name[DUMP_NAME_LEN];
efi_guid_t vendor = LINUX_EFI_CRASH_GUID;
int i, ret = 0;
record->id = generic_id(record->time.tv_sec, record->part,
Reported by FlawFinder.
Line: 335
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int efi_pstore_erase(struct pstore_record *record)
{
char name[DUMP_NAME_LEN];
int ret;
snprintf(name, sizeof(name), "dump-type%u-%u-%d-%lld",
record->type, record->part, record->count,
(long long)record->time.tv_sec);
Reported by FlawFinder.
Line: 373
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!entry)
return -ENOMEM;
memcpy(entry->var.VariableName, name, name_size);
entry->var.VendorGuid = vendor;
ret = efivar_entry_add(entry, &efi_pstore_list);
if (ret)
kfree(entry);
Reported by FlawFinder.
Line: 391
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (efivar_entry_find(name, vendor, &efi_pstore_list, false))
return 0;
memcpy(entry->var.VariableName, name, name_size);
memcpy(&(entry->var.VendorGuid), &vendor, sizeof(efi_guid_t));
return 1;
}
Reported by FlawFinder.
Line: 392
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
memcpy(entry->var.VariableName, name, name_size);
memcpy(&(entry->var.VendorGuid), &vendor, sizeof(efi_guid_t));
return 1;
}
static void efi_pstore_update_entries(struct work_struct *work)
Reported by FlawFinder.
drivers/crypto/ux500/hash/hash_core.c
7 issues
Line: 231
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (HASH_OPER_MODE_HASH == ctx->config.oper_mode) {
if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
memcpy(zero_hash, &sha1_zero_message_hash[0],
SHA1_DIGEST_SIZE);
*zero_hash_size = SHA1_DIGEST_SIZE;
*zero_digest = true;
} else if (HASH_ALGO_SHA256 ==
ctx->config.algorithm) {
Reported by FlawFinder.
Line: 237
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*zero_digest = true;
} else if (HASH_ALGO_SHA256 ==
ctx->config.algorithm) {
memcpy(zero_hash, &sha256_zero_message_hash[0],
SHA256_DIGEST_SIZE);
*zero_hash_size = SHA256_DIGEST_SIZE;
*zero_digest = true;
} else {
dev_err(device_data->dev, "%s: Incorrect algorithm!\n",
Reported by FlawFinder.
Line: 250
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (HASH_OPER_MODE_HMAC == ctx->config.oper_mode) {
if (!ctx->keylen) {
if (HASH_ALGO_SHA1 == ctx->config.algorithm) {
memcpy(zero_hash, &zero_message_hmac_sha1[0],
SHA1_DIGEST_SIZE);
*zero_hash_size = SHA1_DIGEST_SIZE;
*zero_digest = true;
} else if (HASH_ALGO_SHA256 == ctx->config.algorithm) {
memcpy(zero_hash, &zero_message_hmac_sha256[0],
Reported by FlawFinder.
Line: 255
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*zero_hash_size = SHA1_DIGEST_SIZE;
*zero_digest = true;
} else if (HASH_ALGO_SHA256 == ctx->config.algorithm) {
memcpy(zero_hash, &zero_message_hmac_sha256[0],
SHA256_DIGEST_SIZE);
*zero_hash_size = SHA256_DIGEST_SIZE;
*zero_digest = true;
} else {
dev_err(device_data->dev, "%s: Incorrect algorithm!\n",
Reported by FlawFinder.
Line: 945
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
hash_get_digest(device_data, digest, ctx->config.algorithm);
memcpy(req->result, digest, ctx->digestsize);
out:
release_hash_device(device_data);
/**
Reported by FlawFinder.
Line: 998
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
&zero_hash_size, &zero_digest);
if (!ret && likely(zero_hash_size == ctx->digestsize) &&
zero_digest) {
memcpy(req->result, &zero_hash[0], ctx->digestsize);
goto out;
} else if (!ret && !zero_digest) {
dev_dbg(device_data->dev,
"%s: HMAC zero msg with key, continue...\n",
__func__);
Reported by FlawFinder.
Line: 1048
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
hash_get_digest(device_data, digest, ctx->config.algorithm);
memcpy(req->result, digest, ctx->digestsize);
out:
release_hash_device(device_data);
/**
Reported by FlawFinder.
drivers/crypto/s5p-sss.c
7 issues
Line: 246
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct samsung_aes_variant {
unsigned int aes_offset;
unsigned int hash_offset;
const char *clk_names[2];
};
struct s5p_aes_reqctx {
unsigned long mode;
};
Reported by FlawFinder.
Line: 833
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!req->result)
return;
memcpy(req->result, ctx->digest, ctx->nregs * HASH_REG_SIZEOF);
}
/**
* s5p_hash_dma_flush() - flush HASH DMA
* @dev: secss device
Reported by FlawFinder.
Line: 1040
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (ctx->bufcnt)
memcpy(buf, ctx->dd->xmit_buf, ctx->bufcnt);
scatterwalk_map_and_copy(buf + ctx->bufcnt, sg, ctx->skip,
new_len, 0);
sg_init_table(ctx->sgl, 1);
sg_set_buf(ctx->sgl, buf, len);
Reported by FlawFinder.
Line: 1246
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (ctx->bufcnt)
memcpy(ctx->dd->xmit_buf, ctx->buffer, ctx->bufcnt);
xmit_len = ctx->total;
if (final) {
hash_later = 0;
} else {
Reported by FlawFinder.
Line: 1701
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
const struct s5p_hash_reqctx *ctx = ahash_request_ctx(req);
memcpy(out, ctx, sizeof(*ctx) + ctx->bufcnt);
return 0;
}
/**
Reported by FlawFinder.
Line: 1718
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct s5p_hash_ctx *tctx = crypto_ahash_ctx(tfm);
const struct s5p_hash_reqctx *ctx_in = in;
memcpy(ctx, in, sizeof(*ctx) + BUFLEN);
if (ctx_in->bufcnt > BUFLEN) {
ctx->error = true;
return -EINVAL;
}
Reported by FlawFinder.
Line: 2056
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
keylen != AES_KEYSIZE_256)
return -EINVAL;
memcpy(ctx->aes_key, key, keylen);
ctx->keylen = keylen;
return 0;
}
Reported by FlawFinder.
drivers/block/sx8.c
7 issues
Line: 1355
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
return PTR_ERR(disk);
port->disk = disk;
sprintf(disk->disk_name, DRV_NAME "/%u",
(unsigned int)host->id * CARM_MAX_PORTS + port_no);
disk->major = host->major;
disk->first_minor = port_no * CARM_MINORS_PER_MAJOR;
disk->minors = CARM_MINORS_PER_MAJOR;
disk->fops = &carm_bd_ops;
Reported by FlawFinder.
Line: 1482
Column: 2
CWE codes:
134
Suggestion:
Make format string constant
host->flags |= FL_DYN_MAJOR;
host->id = carm_host_id;
sprintf(host->name, DRV_NAME "%d", carm_host_id);
rc = register_blkdev(host->major, host->name);
if (rc < 0)
goto err_out_free_majors;
if (host->flags & FL_DYN_MAJOR)
Reported by FlawFinder.
Line: 249
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* attached device characteristics */
u64 capacity;
char name[41];
u16 dev_geom_head;
u16 dev_geom_sect;
u16 dev_geom_cyl;
};
Reported by FlawFinder.
Line: 271
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int major;
int id;
char name[32];
spinlock_t lock;
struct pci_dev *pdev;
unsigned int state;
u32 fw_ver;
Reported by FlawFinder.
Line: 395
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 array_id;
u8 reserved2;
char name[40];
__le32 array_status;
/* device list continues beyond this point? */
} __attribute__((packed));
Reported by FlawFinder.
Line: 841
Column: 2
CWE codes:
120
host->dev_active |= (1 << cur_port);
strncpy(port->name, desc->name, sizeof(port->name));
port->name[sizeof(port->name) - 1] = 0;
slen = strlen(port->name);
while (slen && (port->name[slen - 1] == ' ')) {
port->name[slen - 1] = 0;
slen--;
Reported by FlawFinder.
Line: 843
Column: 9
CWE codes:
126
strncpy(port->name, desc->name, sizeof(port->name));
port->name[sizeof(port->name) - 1] = 0;
slen = strlen(port->name);
while (slen && (port->name[slen - 1] == ' ')) {
port->name[slen - 1] = 0;
slen--;
}
Reported by FlawFinder.
drivers/acpi/thermal.c
7 issues
Line: 1036
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -ENOMEM;
tz->device = device;
strcpy(tz->name, device->pnp.bus_id);
strcpy(acpi_device_name(device), ACPI_THERMAL_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_THERMAL_CLASS);
device->driver_data = tz;
result = acpi_thermal_get_info(tz);
Reported by FlawFinder.
Line: 1037
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
tz->device = device;
strcpy(tz->name, device->pnp.bus_id);
strcpy(acpi_device_name(device), ACPI_THERMAL_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_THERMAL_CLASS);
device->driver_data = tz;
result = acpi_thermal_get_info(tz);
if (result)
Reported by FlawFinder.
Line: 1038
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
tz->device = device;
strcpy(tz->name, device->pnp.bus_id);
strcpy(acpi_device_name(device), ACPI_THERMAL_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_THERMAL_CLASS);
device->driver_data = tz;
result = acpi_thermal_get_info(tz);
if (result)
goto free_memory;
Reported by FlawFinder.
Line: 388
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (memcmp(&tz->trips.passive.devices, &devices,
sizeof(struct acpi_handle_list))) {
memcpy(&tz->trips.passive.devices, &devices,
sizeof(struct acpi_handle_list));
ACPI_THERMAL_TRIPS_EXCEPTION(flag, tz, "device");
}
}
if ((flag & ACPI_TRIPS_PASSIVE) || (flag & ACPI_TRIPS_DEVICES)) {
Reported by FlawFinder.
Line: 400
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Active (optional) */
for (i = 0; i < ACPI_THERMAL_MAX_ACTIVE; i++) {
char name[5] = { '_', 'A', 'C', ('0' + i), '\0' };
valid = tz->trips.active[i].flags.valid;
if (act == -1)
break; /* disable all active trip points */
Reported by FlawFinder.
Line: 451
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (memcmp(&tz->trips.active[i].devices, &devices,
sizeof(struct acpi_handle_list))) {
memcpy(&tz->trips.active[i].devices, &devices,
sizeof(struct acpi_handle_list));
ACPI_THERMAL_TRIPS_EXCEPTION(flag, tz, "device");
}
}
if ((flag & ACPI_TRIPS_ACTIVE) || (flag & ACPI_TRIPS_DEVICES))
Reported by FlawFinder.
Line: 934
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
acpi_evaluate_integer(handle, "_HOT", NULL, &value);
acpi_evaluate_integer(handle, "_PSV", NULL, &value);
for (i = 0; i < ACPI_THERMAL_MAX_ACTIVE; i++) {
char name[5] = { '_', 'A', 'C', ('0' + i), '\0' };
acpi_status status;
status = acpi_evaluate_integer(handle, name, NULL, &value);
if (status == AE_NOT_FOUND)
break;
Reported by FlawFinder.
drivers/crypto/allwinner/sun4i-ss/sun4i-ss-cipher.c
7 issues
Line: 137
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (areq->iv) {
if (mode & SS_DECRYPTION) {
memcpy(areq->iv, backup_iv, ivsize);
kfree_sensitive(backup_iv);
} else {
scatterwalk_map_and_copy(areq->iv, areq->dst, areq->cryptlen - ivsize,
ivsize, 0);
}
Reported by FlawFinder.
Line: 309
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
todo = min(rx_cnt * 4 - ob, ileft);
todo = min_t(size_t, todo, mi.length - oi);
memcpy(ss->buf + ob, mi.addr + oi, todo);
ileft -= todo;
oi += todo;
ob += todo;
if (!(ob % 4)) {
writesl(ss->base + SS_RXFIFO, ss->buf,
Reported by FlawFinder.
Line: 371
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
todo = min_t(size_t,
mo.length - oo, obl - obo);
memcpy(mo.addr + oo, ss->bufo + obo, todo);
oleft -= todo;
obo += todo;
oo += todo;
if (oo == mo.length) {
po += mo.length;
Reported by FlawFinder.
Line: 387
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (areq->iv) {
if (mode & SS_DECRYPTION) {
memcpy(areq->iv, backup_iv, ivsize);
kfree_sensitive(backup_iv);
} else {
scatterwalk_map_and_copy(areq->iv, areq->dst, areq->cryptlen - ivsize,
ivsize, 0);
}
Reported by FlawFinder.
Line: 604
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
}
op->keylen = keylen;
memcpy(op->key, key, keylen);
crypto_skcipher_clear_flags(op->fallback_tfm, CRYPTO_TFM_REQ_MASK);
crypto_skcipher_set_flags(op->fallback_tfm, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
return crypto_skcipher_setkey(op->fallback_tfm, key, keylen);
Reported by FlawFinder.
Line: 624
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
op->keylen = keylen;
memcpy(op->key, key, keylen);
crypto_skcipher_clear_flags(op->fallback_tfm, CRYPTO_TFM_REQ_MASK);
crypto_skcipher_set_flags(op->fallback_tfm, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
return crypto_skcipher_setkey(op->fallback_tfm, key, keylen);
Reported by FlawFinder.
Line: 644
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
op->keylen = keylen;
memcpy(op->key, key, keylen);
crypto_skcipher_clear_flags(op->fallback_tfm, CRYPTO_TFM_REQ_MASK);
crypto_skcipher_set_flags(op->fallback_tfm, tfm->base.crt_flags & CRYPTO_TFM_REQ_MASK);
return crypto_skcipher_setkey(op->fallback_tfm, key, keylen);
Reported by FlawFinder.
drivers/fpga/dfl-fme-main.c
7 issues
Line: 88
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
v = readq(base + FME_HDR_CAP);
return sprintf(buf, "%u\n",
(unsigned int)FIELD_GET(FME_CAP_CACHE_SIZE, v));
}
static DEVICE_ATTR_RO(cache_size);
static ssize_t fabric_version_show(struct device *dev,
Reported by FlawFinder.
Line: 103
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
v = readq(base + FME_HDR_CAP);
return sprintf(buf, "%u\n",
(unsigned int)FIELD_GET(FME_CAP_FABRIC_VERID, v));
}
static DEVICE_ATTR_RO(fabric_version);
static ssize_t socket_id_show(struct device *dev,
Reported by FlawFinder.
Line: 118
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
v = readq(base + FME_HDR_CAP);
return sprintf(buf, "%u\n",
(unsigned int)FIELD_GET(FME_CAP_SOCKET_ID, v));
}
static DEVICE_ATTR_RO(socket_id);
static struct attribute *fme_hdr_attrs[] = {
Reported by FlawFinder.
Line: 288
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
v = readq(feature->ioaddr + FME_THERM_THRESHOLD);
return sprintf(buf, "%u\n",
(unsigned int)FIELD_GET(TEMP_THRESHOLD1_POLICY, v));
}
static DEVICE_ATTR_RO(temp1_max_policy);
Reported by FlawFinder.
Line: 492
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (FIELD_GET(XEON_PWR_EN, v))
xeon_limit = FIELD_GET(XEON_PWR_LIMIT, v);
return sprintf(buf, "%u\n", xeon_limit * 100000);
}
static ssize_t power1_fpga_limit_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 507
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (FIELD_GET(FPGA_PWR_EN, v))
fpga_limit = FIELD_GET(FPGA_PWR_LIMIT, v);
return sprintf(buf, "%u\n", fpga_limit * 100000);
}
static ssize_t power1_ltr_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 518
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
v = readq(feature->ioaddr + FME_PWR_STATUS);
return sprintf(buf, "%u\n",
(unsigned int)FIELD_GET(FME_LATENCY_TOLERANCE, v));
}
static DEVICE_ATTR_RO(power1_xeon_limit);
static DEVICE_ATTR_RO(power1_fpga_limit);
Reported by FlawFinder.
drivers/comedi/drivers/ni_usb6501.c
7 issues
Line: 183
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case READ_PORT:
request_size = sizeof(READ_PORT_REQUEST);
response_size = sizeof(READ_PORT_RESPONSE);
memcpy(tx, READ_PORT_REQUEST, request_size);
tx[14] = val & 0xff;
break;
case WRITE_PORT:
request_size = sizeof(WRITE_PORT_REQUEST);
response_size = sizeof(GENERIC_RESPONSE);
Reported by FlawFinder.
Line: 189
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case WRITE_PORT:
request_size = sizeof(WRITE_PORT_REQUEST);
response_size = sizeof(GENERIC_RESPONSE);
memcpy(tx, WRITE_PORT_REQUEST, request_size);
tx[14] = val & 0xff;
tx[17] = *bitmap;
break;
case SET_PORT_DIR:
request_size = sizeof(SET_PORT_DIR_REQUEST);
Reported by FlawFinder.
Line: 196
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case SET_PORT_DIR:
request_size = sizeof(SET_PORT_DIR_REQUEST);
response_size = sizeof(GENERIC_RESPONSE);
memcpy(tx, SET_PORT_DIR_REQUEST, request_size);
tx[14] = val & 0xff;
tx[15] = (val >> 8) & 0xff;
tx[16] = (val >> 16) & 0xff;
break;
default:
Reported by FlawFinder.
Line: 265
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case START_COUNTER:
request_size = sizeof(START_COUNTER_REQUEST);
response_size = sizeof(GENERIC_RESPONSE);
memcpy(tx, START_COUNTER_REQUEST, request_size);
break;
case STOP_COUNTER:
request_size = sizeof(STOP_COUNTER_REQUEST);
response_size = sizeof(GENERIC_RESPONSE);
memcpy(tx, STOP_COUNTER_REQUEST, request_size);
Reported by FlawFinder.
Line: 270
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case STOP_COUNTER:
request_size = sizeof(STOP_COUNTER_REQUEST);
response_size = sizeof(GENERIC_RESPONSE);
memcpy(tx, STOP_COUNTER_REQUEST, request_size);
break;
case READ_COUNTER:
request_size = sizeof(READ_COUNTER_REQUEST);
response_size = sizeof(READ_COUNTER_RESPONSE);
memcpy(tx, READ_COUNTER_REQUEST, request_size);
Reported by FlawFinder.
Line: 275
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case READ_COUNTER:
request_size = sizeof(READ_COUNTER_REQUEST);
response_size = sizeof(READ_COUNTER_RESPONSE);
memcpy(tx, READ_COUNTER_REQUEST, request_size);
break;
case WRITE_COUNTER:
request_size = sizeof(WRITE_COUNTER_REQUEST);
response_size = sizeof(GENERIC_RESPONSE);
memcpy(tx, WRITE_COUNTER_REQUEST, request_size);
Reported by FlawFinder.
Line: 280
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case WRITE_COUNTER:
request_size = sizeof(WRITE_COUNTER_REQUEST);
response_size = sizeof(GENERIC_RESPONSE);
memcpy(tx, WRITE_COUNTER_REQUEST, request_size);
/* Setup tx packet: bytes 12,13,14,15 hold the */
/* u32 counter value (Big Endian) */
*((__be32 *)&tx[12]) = cpu_to_be32(*val);
break;
default:
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c
7 issues
Line: 135
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct _ATOM_GPIO_I2C_INFO *i2c_info;
uint16_t data_offset, size;
int i, num_indices;
char stmp[32];
if (amdgpu_atom_parse_data_header(ctx, index, &size, NULL, NULL, &data_offset)) {
i2c_info = (struct _ATOM_GPIO_I2C_INFO *)(ctx->bios + data_offset);
num_indices = (size - sizeof(ATOM_COMMON_TABLE_HEADER)) /
Reported by FlawFinder.
Line: 150
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
i2c = amdgpu_atombios_get_bus_rec_for_i2c_gpio(gpio);
if (i2c.valid) {
sprintf(stmp, "0x%x", i2c.i2c_id);
adev->i2c_bus[i] = amdgpu_i2c_create(adev_to_drm(adev), &i2c, stmp);
}
gpio = (ATOM_GPIO_I2C_ASSIGMENT *)
((u8 *)gpio + sizeof(ATOM_GPIO_I2C_ASSIGMENT));
}
Reported by FlawFinder.
Line: 1599
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 align_num_bytes = ALIGN(num_bytes, 4);
if (to_le) {
memcpy(src_tmp, src, num_bytes);
for (i = 0; i < align_num_bytes / 4; i++)
dst_tmp[i] = cpu_to_le32(src_tmp[i]);
memcpy(dst, dst_tmp, align_num_bytes);
} else {
memcpy(src_tmp, src, align_num_bytes);
Reported by FlawFinder.
Line: 1602
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(src_tmp, src, num_bytes);
for (i = 0; i < align_num_bytes / 4; i++)
dst_tmp[i] = cpu_to_le32(src_tmp[i]);
memcpy(dst, dst_tmp, align_num_bytes);
} else {
memcpy(src_tmp, src, align_num_bytes);
for (i = 0; i < align_num_bytes / 4; i++)
dst_tmp[i] = le32_to_cpu(src_tmp[i]);
memcpy(dst, dst_tmp, num_bytes);
Reported by FlawFinder.
Line: 1604
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst_tmp[i] = cpu_to_le32(src_tmp[i]);
memcpy(dst, dst_tmp, align_num_bytes);
} else {
memcpy(src_tmp, src, align_num_bytes);
for (i = 0; i < align_num_bytes / 4; i++)
dst_tmp[i] = le32_to_cpu(src_tmp[i]);
memcpy(dst, dst_tmp, num_bytes);
}
#else
Reported by FlawFinder.
Line: 1607
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(src_tmp, src, align_num_bytes);
for (i = 0; i < align_num_bytes / 4; i++)
dst_tmp[i] = le32_to_cpu(src_tmp[i]);
memcpy(dst, dst_tmp, num_bytes);
}
#else
memcpy(dst, src, num_bytes);
#endif
}
Reported by FlawFinder.
Line: 1610
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(dst, dst_tmp, num_bytes);
}
#else
memcpy(dst, src, num_bytes);
#endif
}
static int amdgpu_atombios_allocate_fb_scratch(struct amdgpu_device *adev)
{
Reported by FlawFinder.