The following issues were found
drivers/gpu/drm/drm_dp_dual_mode_helper.c
6 issues
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg.buf = data;
memcpy(data, &offset, 1);
memcpy(data + 1, buffer, size);
ret = i2c_transfer(adapter, &msg, 1);
kfree(data);
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg.buf = data;
memcpy(data, &offset, 1);
memcpy(data + 1, buffer, size);
ret = i2c_transfer(adapter, &msg, 1);
kfree(data);
Reported by FlawFinder.
Line: 139
Column: 35
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
EXPORT_SYMBOL(drm_dp_dual_mode_write);
static bool is_hdmi_adaptor(const char hdmi_id[DP_DUAL_MODE_HDMI_ID_LEN])
{
static const char dp_dual_mode_hdmi_id[DP_DUAL_MODE_HDMI_ID_LEN] =
"DP-HDMI ADAPTOR\x04";
return memcmp(hdmi_id, dp_dual_mode_hdmi_id,
Reported by FlawFinder.
Line: 141
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool is_hdmi_adaptor(const char hdmi_id[DP_DUAL_MODE_HDMI_ID_LEN])
{
static const char dp_dual_mode_hdmi_id[DP_DUAL_MODE_HDMI_ID_LEN] =
"DP-HDMI ADAPTOR\x04";
return memcmp(hdmi_id, dp_dual_mode_hdmi_id,
sizeof(dp_dual_mode_hdmi_id)) == 0;
}
Reported by FlawFinder.
Line: 159
Column: 37
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
DP_DUAL_MODE_REV_TYPE2);
}
static bool is_lspcon_adaptor(const char hdmi_id[DP_DUAL_MODE_HDMI_ID_LEN],
const uint8_t adaptor_id)
{
return is_hdmi_adaptor(hdmi_id) &&
(adaptor_id == (DP_DUAL_MODE_TYPE_TYPE2 |
DP_DUAL_MODE_TYPE_HAS_DPCD));
Reported by FlawFinder.
Line: 186
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum drm_dp_dual_mode_type drm_dp_dual_mode_detect(const struct drm_device *dev,
struct i2c_adapter *adapter)
{
char hdmi_id[DP_DUAL_MODE_HDMI_ID_LEN] = {};
uint8_t adaptor_id = 0x00;
ssize_t ret;
/*
* Let's see if the adaptor is there the by reading the
Reported by FlawFinder.
crypto/cryptd.c
6 issues
Line: 716
Column: 10
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
static void cryptd_aead_crypt(struct aead_request *req,
struct crypto_aead *child,
int err,
int (*crypt)(struct aead_request *req))
{
struct cryptd_aead_request_ctx *rctx;
struct cryptd_aead_ctx *ctx;
crypto_completion_t compl;
struct crypto_aead *tfm;
Reported by FlawFinder.
Line: 732
Column: 8
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
if (unlikely(err == -EINPROGRESS))
goto out;
aead_request_set_tfm(req, child);
err = crypt( req );
out:
ctx = crypto_aead_ctx(tfm);
refcnt = refcount_read(&ctx->refcnt);
Reported by FlawFinder.
Line: 218
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
alg->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
return -ENAMETOOLONG;
memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
inst->alg.cra_priority = alg->cra_priority + 50;
inst->alg.cra_blocksize = alg->cra_blocksize;
inst->alg.cra_alignmask = alg->cra_alignmask;
Reported by FlawFinder.
Line: 907
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
struct cryptd_skcipher_ctx *ctx;
struct crypto_skcipher *tfm;
if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME,
"cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
Reported by FlawFinder.
Line: 959
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cryptd_ahash *cryptd_alloc_ahash(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
struct cryptd_hash_ctx *ctx;
struct crypto_ahash *tfm;
if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME,
"cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
Reported by FlawFinder.
Line: 1016
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cryptd_aead *cryptd_alloc_aead(const char *alg_name,
u32 type, u32 mask)
{
char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
struct cryptd_aead_ctx *ctx;
struct crypto_aead *tfm;
if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME,
"cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
Reported by FlawFinder.
drivers/ata/libata-transport.c
6 issues
Line: 106
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
\
for (i = 0; i < ARRAY_SIZE(table); i++) { \
if (table[i].value & table_key) { \
len += sprintf(buf + len, "%s%s", \
prefix, table[i].name); \
prefix = ", "; \
} \
} \
len += sprintf(buf + len, "\n"); \
Reported by FlawFinder.
Line: 124
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
\
for (i = 0; i < ARRAY_SIZE(table); i++) { \
if (table[i].value == table_key) { \
len += sprintf(buf + len, "%s", \
table[i].name); \
break; \
} \
} \
len += sprintf(buf + len, "\n"); \
Reported by FlawFinder.
Line: 337
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{ \
struct ata_link *link = transport_class_to_link(dev); \
\
return sprintf(buf, "%s\n", sata_spd_string(format(link->field))); \
}
#define ata_link_linkspeed_attr(field, format) \
ata_link_show_linkspeed(field, format) \
static DEVICE_ATTR(field, S_IRUGO, show_ata_link_##field, NULL)
Reported by FlawFinder.
Line: 504
Column: 18
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
u32 rem;
seconds = div_u64_rem(ent->timestamp, HZ, &rem);
arg->written += sprintf(arg->buf + arg->written,
"[%5llu.%09lu]", seconds,
rem * NSEC_PER_SEC / HZ);
arg->written += get_ata_err_names(ent->err_mask,
arg->buf + arg->written);
return 0;
Reported by FlawFinder.
Line: 111
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
prefix = ", "; \
} \
} \
len += sprintf(buf + len, "\n"); \
return len; \
}
#define ata_bitfield_name_search(title, table) \
static ssize_t \
Reported by FlawFinder.
Line: 129
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break; \
} \
} \
len += sprintf(buf + len, "\n"); \
return len; \
}
static struct {
u32 value;
Reported by FlawFinder.
drivers/block/rnbd/rnbd-srv.c
6 issues
Line: 30
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DEFAULT_DEV_SEARCH_PATH "/"
static char dev_search_path[PATH_MAX] = DEFAULT_DEV_SEARCH_PATH;
static int dev_search_path_set(const char *val, const struct kernel_param *kp)
{
const char *p = strrchr(val, '\n') ? : val + strlen(val);
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int create_sess(struct rtrs_srv *rtrs)
{
struct rnbd_srv_session *srv_sess;
char sessname[NAME_MAX];
int err;
err = rtrs_srv_get_sess_name(rtrs, sessname, sizeof(sessname));
if (err) {
pr_err("rtrs_srv_get_sess_name(%s): %d\n", sessname, err);
Reported by FlawFinder.
Line: 34
Column: 47
CWE codes:
126
static int dev_search_path_set(const char *val, const struct kernel_param *kp)
{
const char *p = strrchr(val, '\n') ? : val + strlen(val);
if (strlen(val) >= sizeof(dev_search_path))
return -EINVAL;
snprintf(dev_search_path, sizeof(dev_search_path), "%.*s",
Reported by FlawFinder.
Line: 36
Column: 6
CWE codes:
126
{
const char *p = strrchr(val, '\n') ? : val + strlen(val);
if (strlen(val) >= sizeof(dev_search_path))
return -EINVAL;
snprintf(dev_search_path, sizeof(dev_search_path), "%.*s",
(int)(p - val), val);
Reported by FlawFinder.
Line: 719
Column: 7
CWE codes:
126
if (srv_sess_dev)
goto fill_response;
if ((strlen(dev_search_path) + strlen(open_msg->dev_name))
>= PATH_MAX) {
pr_err("Opening device for session %s failed, device path too long. '%s/%s' is longer than PATH_MAX (%d)\n",
srv_sess->sessname, dev_search_path, open_msg->dev_name,
PATH_MAX);
ret = -EINVAL;
Reported by FlawFinder.
Line: 719
Column: 33
CWE codes:
126
if (srv_sess_dev)
goto fill_response;
if ((strlen(dev_search_path) + strlen(open_msg->dev_name))
>= PATH_MAX) {
pr_err("Opening device for session %s failed, device path too long. '%s/%s' is longer than PATH_MAX (%d)\n",
srv_sess->sessname, dev_search_path, open_msg->dev_name,
PATH_MAX);
ret = -EINVAL;
Reported by FlawFinder.
drivers/block/drbd/drbd_nl.c
6 issues
Line: 362
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(char[20]) { }, /* address family */
(char[60]) { }, /* address */
NULL };
char mb[14];
char *argv[] = {drbd_usermode_helper, cmd, mb, NULL };
struct drbd_connection *connection = first_peer_device(device)->connection;
struct sib_info sib;
int ret;
Reported by FlawFinder.
Line: 881
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
size = (size >> 10) + !!(size & (1<<9));
base++;
}
sprintf(buf, "%u %cB", (unsigned)size, units[base]);
return buf;
}
/* there is still a theoretical deadlock when called from receiver
Reported by FlawFinder.
Line: 2385
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static enum drbd_ret_code
alloc_crypto(struct crypto *crypto, struct net_conf *new_net_conf)
{
char hmac_name[CRYPTO_MAX_ALG_NAME];
enum drbd_ret_code rv;
rv = alloc_shash(&crypto->csums_tfm, new_net_conf->csums_alg,
ERR_CSUMS_ALG);
if (rv != NO_ERROR)
Reported by FlawFinder.
Line: 2662
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
connection->verify_tfm = crypto.verify_tfm;
connection->my_addr_len = nla_len(adm_ctx.my_addr);
memcpy(&connection->my_addr, nla_data(adm_ctx.my_addr), connection->my_addr_len);
connection->peer_addr_len = nla_len(adm_ctx.peer_addr);
memcpy(&connection->peer_addr, nla_data(adm_ctx.peer_addr), connection->peer_addr_len);
idr_for_each_entry(&connection->peer_devices, peer_device, i) {
peer_devices++;
Reported by FlawFinder.
Line: 2664
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
connection->my_addr_len = nla_len(adm_ctx.my_addr);
memcpy(&connection->my_addr, nla_data(adm_ctx.my_addr), connection->my_addr_len);
connection->peer_addr_len = nla_len(adm_ctx.peer_addr);
memcpy(&connection->peer_addr, nla_data(adm_ctx.peer_addr), connection->peer_addr_len);
idr_for_each_entry(&connection->peer_devices, peer_device, i) {
peer_devices++;
}
Reported by FlawFinder.
Line: 4831
Column: 36
CWE codes:
126
int err;
strlcpy(helper_info.helper_name, name, sizeof(helper_info.helper_name));
helper_info.helper_name_len = min(strlen(name), sizeof(helper_info.helper_name));
helper_info.helper_status = status;
skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
err = -ENOMEM;
if (!skb)
Reported by FlawFinder.
drivers/gpio/gpio-lpc32xx.c
6 issues
Line: 83
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* GPIO names
*/
static const char *gpio_p0_names[LPC32XX_GPIO_P0_MAX] = {
"p0.0", "p0.1", "p0.2", "p0.3",
"p0.4", "p0.5", "p0.6", "p0.7"
};
static const char *gpio_p1_names[LPC32XX_GPIO_P1_MAX] = {
Reported by FlawFinder.
Line: 88
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"p0.4", "p0.5", "p0.6", "p0.7"
};
static const char *gpio_p1_names[LPC32XX_GPIO_P1_MAX] = {
"p1.0", "p1.1", "p1.2", "p1.3",
"p1.4", "p1.5", "p1.6", "p1.7",
"p1.8", "p1.9", "p1.10", "p1.11",
"p1.12", "p1.13", "p1.14", "p1.15",
"p1.16", "p1.17", "p1.18", "p1.19",
Reported by FlawFinder.
Line: 97
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"p1.20", "p1.21", "p1.22", "p1.23",
};
static const char *gpio_p2_names[LPC32XX_GPIO_P2_MAX] = {
"p2.0", "p2.1", "p2.2", "p2.3",
"p2.4", "p2.5", "p2.6", "p2.7",
"p2.8", "p2.9", "p2.10", "p2.11",
"p2.12"
};
Reported by FlawFinder.
Line: 104
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"p2.12"
};
static const char *gpio_p3_names[LPC32XX_GPIO_P3_MAX] = {
"gpio00", "gpio01", "gpio02", "gpio03",
"gpio04", "gpio05"
};
static const char *gpi_p3_names[LPC32XX_GPI_P3_MAX] = {
Reported by FlawFinder.
Line: 109
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"gpio04", "gpio05"
};
static const char *gpi_p3_names[LPC32XX_GPI_P3_MAX] = {
"gpi00", "gpi01", "gpi02", "gpi03",
"gpi04", "gpi05", "gpi06", "gpi07",
"gpi08", "gpi09", NULL, NULL,
NULL, NULL, NULL, "gpi15",
"gpi16", "gpi17", "gpi18", "gpi19",
Reported by FlawFinder.
Line: 120
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"gpi28"
};
static const char *gpo_p3_names[LPC32XX_GPO_P3_MAX] = {
"gpo00", "gpo01", "gpo02", "gpo03",
"gpo04", "gpo05", "gpo06", "gpo07",
"gpo08", "gpo09", "gpo10", "gpo11",
"gpo12", "gpo13", "gpo14", "gpo15",
"gpo16", "gpo17", "gpo18", "gpo19",
Reported by FlawFinder.
drivers/accessibility/speakup/varhandlers.c
6 issues
Line: 241
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
else
cp = buf;
if (!var_data->u.n.out_str)
sprintf(cp, var_data->u.n.synth_fmt, (int)val);
else
sprintf(cp, var_data->u.n.synth_fmt,
var_data->u.n.out_str[val]);
synth_printf("%s", cp);
return 0;
Reported by FlawFinder.
Line: 243
Column: 3
CWE codes:
134
Suggestion:
Make format string constant
if (!var_data->u.n.out_str)
sprintf(cp, var_data->u.n.synth_fmt, (int)val);
else
sprintf(cp, var_data->u.n.synth_fmt,
var_data->u.n.out_str[val]);
synth_printf("%s", cp);
return 0;
}
Reported by FlawFinder.
Line: 263
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!var->p_val)
var->p_val = var_data->u.s.default_val;
if (var->p_val != var_data->u.s.default_val)
strcpy((char *)var->p_val, var_data->u.s.default_val);
return -ERESTART;
} else if (var->p_val) {
strcpy((char *)var->p_val, page);
} else {
return -E2BIG;
Reported by FlawFinder.
Line: 266
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy((char *)var->p_val, var_data->u.s.default_val);
return -ERESTART;
} else if (var->p_val) {
strcpy((char *)var->p_val, page);
} else {
return -E2BIG;
}
return 0;
}
Reported by FlawFinder.
Line: 92
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void speakup_register_var(struct var_t *var)
{
static char nothing[2] = "\0";
int i;
struct st_var_header *p_header;
BUG_ON(!var || var->var_id < 0 || var->var_id >= MAXVARS);
if (!var_ptrs[0]) {
Reported by FlawFinder.
Line: 184
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int val;
int *p_val = var->p_val;
char buf[32];
char *cp;
struct var_t *var_data = var->data;
if (!var_data)
return -ENODATA;
Reported by FlawFinder.
drivers/gpio/gpiolib-acpi.c
6 issues
Line: 392
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pin = agpio->pin_table[0];
if (pin <= 255) {
char ev_name[5];
sprintf(ev_name, "_%c%02hhX",
agpio->triggering == ACPI_EDGE_SENSITIVE ? 'E' : 'L',
pin);
if (ACPI_SUCCESS(acpi_get_handle(handle, ev_name, &evt_handle)))
handler = acpi_gpio_irq_handler;
Reported by FlawFinder.
Line: 393
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (pin <= 255) {
char ev_name[5];
sprintf(ev_name, "_%c%02hhX",
agpio->triggering == ACPI_EDGE_SENSITIVE ? 'E' : 'L',
pin);
if (ACPI_SUCCESS(acpi_get_handle(handle, ev_name, &evt_handle)))
handler = acpi_gpio_irq_handler;
}
Reported by FlawFinder.
Line: 913
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct acpi_device *adev = ACPI_COMPANION(dev);
struct acpi_gpio_info info;
struct gpio_desc *desc;
char propname[32];
int i;
/* Try first from _DSD */
for (i = 0; i < ARRAY_SIZE(gpio_suffixes); i++) {
if (con_id) {
Reported by FlawFinder.
Line: 1035
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (info.gpioint && idx++ == index) {
unsigned long lflags = GPIO_LOOKUP_FLAGS_DEFAULT;
enum gpiod_flags dflags = GPIOD_ASIS;
char label[32];
int irq;
if (IS_ERR(desc))
return PTR_ERR(desc);
Reported by FlawFinder.
Line: 1402
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct acpi_gpio_mapping *gm;
int count = -ENOENT;
int ret;
char propname[32];
unsigned int i;
/* Try first from _DSD */
for (i = 0; i < ARRAY_SIZE(gpio_suffixes); i++) {
if (con_id)
Reported by FlawFinder.
Line: 334
Column: 14
CWE codes:
126
goto err;
len = pin_str - controller;
if (len == strlen(controller_in) &&
strncmp(controller, controller_in, len) == 0) {
pin = simple_strtoul(pin_str + 1, &endp, 10);
if (*endp != 0 && *endp != ',')
goto err;
Reported by FlawFinder.
drivers/gpu/drm/drm_connector.c
6 issues
Line: 1988
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int drm_connector_set_tile_property(struct drm_connector *connector)
{
struct drm_device *dev = connector->dev;
char tile[256];
int ret;
if (!connector->has_tile) {
ret = drm_property_replace_global_blob(dev,
&connector->tile_blob_ptr,
Reported by FlawFinder.
Line: 2592
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* tile group or NULL if not found.
*/
struct drm_tile_group *drm_mode_get_tile_group(struct drm_device *dev,
const char topology[8])
{
struct drm_tile_group *tg;
int id;
mutex_lock(&dev->mode_config.idr_mutex);
Reported by FlawFinder.
Line: 2623
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* new tile group or NULL.
*/
struct drm_tile_group *drm_mode_create_tile_group(struct drm_device *dev,
const char topology[8])
{
struct drm_tile_group *tg;
int ret;
tg = kzalloc(sizeof(*tg), GFP_KERNEL);
Reported by FlawFinder.
Line: 2633
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
kref_init(&tg->refcount);
memcpy(tg->group_data, topology, 8);
tg->dev = dev;
mutex_lock(&dev->mode_config.idr_mutex);
ret = idr_alloc(&dev->mode_config.tile_idr, tg, 1, 0, GFP_KERNEL);
if (ret >= 0) {
Reported by FlawFinder.
Line: 1964
Column: 13
CWE codes:
126
ret = drm_property_replace_global_blob(dev,
&connector->path_blob_ptr,
strlen(path) + 1,
path,
&connector->base,
dev->mode_config.path_property);
return ret;
}
Reported by FlawFinder.
Line: 2009
Column: 13
CWE codes:
126
ret = drm_property_replace_global_blob(dev,
&connector->tile_blob_ptr,
strlen(tile) + 1,
tile,
&connector->base,
dev->mode_config.tile_property);
return ret;
}
Reported by FlawFinder.
drivers/gpu/drm/amd/display/modules/power/power_helpers.c
6 issues
Line: 40
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 0 1 2 3 4 5 6 7 8 9 10 11 12
* 100 98.0 94.1 94.1 85.1 80.3 75.3 69.4 60.0 57.6 50.2 49.8 40.0 %
*/
static const unsigned char min_reduction_table[13] = {
0xff, 0xfa, 0xf0, 0xf0, 0xd9, 0xcd, 0xc0, 0xb1, 0x99, 0x93, 0x80, 0x82, 0x66};
/* Possible Max Reduction configs from least aggressive to most aggressive
* 0 1 2 3 4 5 6 7 8 9 10 11 12
* 96.1 89.8 85.1 80.3 69.4 64.7 64.7 50.2 39.6 30.2 30.2 30.2 19.6 %
Reported by FlawFinder.
Line: 47
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 0 1 2 3 4 5 6 7 8 9 10 11 12
* 96.1 89.8 85.1 80.3 69.4 64.7 64.7 50.2 39.6 30.2 30.2 30.2 19.6 %
*/
static const unsigned char max_reduction_table[13] = {
0xf5, 0xe5, 0xd9, 0xcd, 0xb1, 0xa5, 0xa5, 0x80, 0x65, 0x4d, 0x4d, 0x4d, 0x32};
/* Possible ABM 2.2 Min Reduction configs from least aggressive to most aggressive
* 0 1 2 3 4 5 6 7 8 9 10 11 12
* 100 100 100 100 100 100 100 100 100 92.2 83.1 75.3 75.3 %
Reported by FlawFinder.
Line: 54
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 0 1 2 3 4 5 6 7 8 9 10 11 12
* 100 100 100 100 100 100 100 100 100 92.2 83.1 75.3 75.3 %
*/
static const unsigned char min_reduction_table_v_2_2[13] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xeb, 0xd4, 0xc0, 0xc0};
/* Possible ABM 2.2 Max Reduction configs from least aggressive to most aggressive
* 0 1 2 3 4 5 6 7 8 9 10 11 12
* 96.1 89.8 74.9 69.4 64.7 52.2 48.6 39.6 30.2 25.1 19.6 12.5 12.5 %
Reported by FlawFinder.
Line: 61
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 0 1 2 3 4 5 6 7 8 9 10 11 12
* 96.1 89.8 74.9 69.4 64.7 52.2 48.6 39.6 30.2 25.1 19.6 12.5 12.5 %
*/
static const unsigned char max_reduction_table_v_2_2[13] = {
0xf5, 0xe5, 0xbf, 0xb1, 0xa5, 0x85, 0x7c, 0x65, 0x4d, 0x40, 0x32, 0x20, 0x20};
/* Predefined ABM configuration sets. We may have different configuration sets
* in order to satisfy different power/quality requirements.
*/
Reported by FlawFinder.
Line: 67
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Predefined ABM configuration sets. We may have different configuration sets
* in order to satisfy different power/quality requirements.
*/
static const unsigned char abm_config[abm_defines_max_config][abm_defines_max_level] = {
/* ABM Level 1, ABM Level 2, ABM Level 3, ABM Level 4 */
{ 2, 5, 7, 8 }, /* Default - Medium aggressiveness */
{ 2, 5, 8, 11 }, /* Alt #1 - Increased aggressiveness */
{ 0, 2, 4, 8 }, /* Alt #2 - Minimal aggressiveness */
{ 3, 6, 10, 12 }, /* Alt #3 - Super aggressiveness */
Reported by FlawFinder.
Line: 746
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool dmcu_load_iram(struct dmcu *dmcu,
struct dmcu_iram_parameters params)
{
unsigned char ram_table[IRAM_SIZE];
bool result = false;
if (dmcu == NULL)
return false;
Reported by FlawFinder.