The following issues were found
drivers/acpi/acpica/acglobal.h
5 issues
Line: 158
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Other miscellaneous, declared and initialized in utglobal */
extern const char *acpi_gbl_sleep_state_names[ACPI_S_STATE_COUNT];
extern const char *acpi_gbl_lowest_dstate_names[ACPI_NUM_sx_w_METHODS];
extern const char *acpi_gbl_highest_dstate_names[ACPI_NUM_sx_d_METHODS];
extern const char *acpi_gbl_region_types[ACPI_NUM_PREDEFINED_REGIONS];
extern const char acpi_gbl_lower_hex_digits[];
extern const char acpi_gbl_upper_hex_digits[];
Reported by FlawFinder.
Line: 159
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Other miscellaneous, declared and initialized in utglobal */
extern const char *acpi_gbl_sleep_state_names[ACPI_S_STATE_COUNT];
extern const char *acpi_gbl_lowest_dstate_names[ACPI_NUM_sx_w_METHODS];
extern const char *acpi_gbl_highest_dstate_names[ACPI_NUM_sx_d_METHODS];
extern const char *acpi_gbl_region_types[ACPI_NUM_PREDEFINED_REGIONS];
extern const char acpi_gbl_lower_hex_digits[];
extern const char acpi_gbl_upper_hex_digits[];
extern const struct acpi_opcode_info acpi_gbl_aml_op_info[AML_NUM_OPCODES];
Reported by FlawFinder.
Line: 160
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern const char *acpi_gbl_sleep_state_names[ACPI_S_STATE_COUNT];
extern const char *acpi_gbl_lowest_dstate_names[ACPI_NUM_sx_w_METHODS];
extern const char *acpi_gbl_highest_dstate_names[ACPI_NUM_sx_d_METHODS];
extern const char *acpi_gbl_region_types[ACPI_NUM_PREDEFINED_REGIONS];
extern const char acpi_gbl_lower_hex_digits[];
extern const char acpi_gbl_upper_hex_digits[];
extern const struct acpi_opcode_info acpi_gbl_aml_op_info[AML_NUM_OPCODES];
Reported by FlawFinder.
Line: 161
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern const char *acpi_gbl_sleep_state_names[ACPI_S_STATE_COUNT];
extern const char *acpi_gbl_lowest_dstate_names[ACPI_NUM_sx_w_METHODS];
extern const char *acpi_gbl_highest_dstate_names[ACPI_NUM_sx_d_METHODS];
extern const char *acpi_gbl_region_types[ACPI_NUM_PREDEFINED_REGIONS];
extern const char acpi_gbl_lower_hex_digits[];
extern const char acpi_gbl_upper_hex_digits[];
extern const struct acpi_opcode_info acpi_gbl_aml_op_info[AML_NUM_OPCODES];
/* Lists for tracking memory allocations (debug only) */
Reported by FlawFinder.
Line: 311
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ACPI_GLOBAL(struct acpi_namespace_node *, acpi_gbl_db_scope_node);
ACPI_GLOBAL(u8, acpi_gbl_db_terminate_loop);
ACPI_GLOBAL(u8, acpi_gbl_db_threads_terminated);
ACPI_GLOBAL(char *, acpi_gbl_db_args[ACPI_DEBUGGER_MAX_ARGS]);
ACPI_GLOBAL(acpi_object_type, acpi_gbl_db_arg_types[ACPI_DEBUGGER_MAX_ARGS]);
/* These buffers should all be the same size */
ACPI_GLOBAL(char, acpi_gbl_db_parsed_buf[ACPI_DB_LINE_BUFFER_SIZE]);
Reported by FlawFinder.
drivers/crypto/bcm/spu.c
5 issues
Line: 704
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hash_parms->alg) {
/* Write the authentication key material if present */
if (hash_parms->key_len) {
memcpy(ptr, hash_parms->key_buf, hash_parms->key_len);
ptr += hash_parms->key_len;
buf_len += hash_parms->key_len;
sctx_words += hash_parms->key_len / 4;
}
Reported by FlawFinder.
Line: 738
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the encryption keys in the SAD entry */
if (cipher_parms->alg) {
if (cipher_parms->key_len) {
memcpy(ptr, cipher_parms->key_buf,
cipher_parms->key_len);
ptr += cipher_parms->key_len;
buf_len += cipher_parms->key_len;
sctx_words += cipher_parms->key_len / 4;
}
Reported by FlawFinder.
Line: 754
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ecf_bits |= SCTX_IV;
/* cipher iv provided so put it in here */
memcpy(ptr, cipher_parms->iv_buf, cipher_parms->iv_len);
ptr += cipher_parms->iv_len;
buf_len += cipher_parms->iv_len;
sctx_words += cipher_parms->iv_len / 4;
}
Reported by FlawFinder.
Line: 888
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy the encryption keys in the SAD entry */
if (cipher_parms->alg && cipher_parms->key_len)
memcpy(spuh + 1, cipher_parms->key_buf, cipher_parms->key_len);
/* write in the total sctx length now that we know it */
protocol_bits |= sctx_words;
/* Endian adjust the SCTX */
Reported by FlawFinder.
Line: 970
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cipher_parms->alg && cipher_parms->iv_buf && cipher_parms->iv_len)
/* cipher iv provided so put it in here */
memcpy(bdesc_ptr - cipher_parms->iv_len, cipher_parms->iv_buf,
cipher_parms->iv_len);
spuh->sa.cipher_flags = cpu_to_be32(cipher_bits);
/* === create the BDESC section === */
Reported by FlawFinder.
drivers/gpu/drm/bridge/analogix/anx7625.c
5 issues
Line: 814
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (g_edid_break)
break;
memcpy(&pedid_blocks_buf[offset],
pblock_buf,
MAX_DPCD_BUFFER_SIZE);
}
break;
Reported by FlawFinder.
Line: 832
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
segments_edid_read(ctx, count / 2,
pblock_buf, offset);
memcpy(&pedid_blocks_buf[edid_pos],
pblock_buf,
MAX_DPCD_BUFFER_SIZE);
offset = offset + 0x10;
}
Reported by FlawFinder.
Line: 850
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
segments_edid_read(ctx, count / 2,
pblock_buf, offset);
memcpy(&pedid_blocks_buf[edid_pos],
pblock_buf,
MAX_DPCD_BUFFER_SIZE);
offset = offset + 0x10;
}
Reported by FlawFinder.
Line: 1251
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (ctx->slimport_edid_p.edid_block_num > 0) {
memcpy(edid, ctx->slimport_edid_p.edid_raw_data,
FOUR_BLOCK_SIZE);
return (struct edid *)edid;
}
pm_runtime_get_sync(dev);
Reported by FlawFinder.
Line: 1268
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p_edid->edid_block_num = edid_num;
memcpy(edid, ctx->slimport_edid_p.edid_raw_data, FOUR_BLOCK_SIZE);
return (struct edid *)edid;
}
static enum drm_connector_status anx7625_sink_detect(struct anx7625_data *ctx)
{
Reported by FlawFinder.
drivers/acpi/acpi_video.c
5 issues
Line: 1171
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (!data)
return -ENOMEM;
strcpy(acpi_device_name(device), ACPI_VIDEO_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_VIDEO_CLASS);
device->driver_data = data;
data->device_id = device_id;
data->video = video;
Reported by FlawFinder.
Line: 1172
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -ENOMEM;
strcpy(acpi_device_name(device), ACPI_VIDEO_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_VIDEO_CLASS);
device->driver_data = data;
data->device_id = device_id;
data->video = video;
data->dev = device;
Reported by FlawFinder.
Line: 2068
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
video->device = device;
strcpy(acpi_device_name(device), ACPI_VIDEO_BUS_NAME);
strcpy(acpi_device_class(device), ACPI_VIDEO_CLASS);
device->driver_data = video;
acpi_video_bus_find_cap(video);
error = acpi_video_bus_check(video);
Reported by FlawFinder.
Line: 2069
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
video->device = device;
strcpy(acpi_device_name(device), ACPI_VIDEO_BUS_NAME);
strcpy(acpi_device_class(device), ACPI_VIDEO_CLASS);
device->driver_data = video;
acpi_video_bus_find_cap(video);
error = acpi_video_bus_check(video);
if (error)
Reported by FlawFinder.
Line: 173
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mutex device_list_lock; /* protects video_device_list */
struct list_head entry;
struct input_dev *input;
char phys[32]; /* for input device */
struct notifier_block pm_nb;
};
struct acpi_video_device_flags {
u8 crt:1;
Reported by FlawFinder.
drivers/crypto/amcc/crypto4xx_core.c
5 issues
Line: 495
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct dynamic_sa_ctl *sa = (struct dynamic_sa_ctl *) ctx->sa_in;
if (sa->sa_command_0.bf.hash_alg == SA_HASH_ALG_SHA1) {
memcpy(dst, pd_uinfo->sr_va->save_digest,
SA_HASH_ALG_SHA1_DIGEST_SIZE);
}
}
static void crypto4xx_ret_sg_desc(struct crypto4xx_device *dev,
Reported by FlawFinder.
Line: 819
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pd_uinfo->async_req = req;
if (iv_len)
memcpy(pd_uinfo->sr_va->save_iv, iv, iv_len);
sa = pd_uinfo->sa_va;
memcpy(sa, req_sa, sa_len * 4);
sa->sa_command_1.bf.hash_crypto_offset = (assoclen >> 2);
Reported by FlawFinder.
Line: 822
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pd_uinfo->sr_va->save_iv, iv, iv_len);
sa = pd_uinfo->sa_va;
memcpy(sa, req_sa, sa_len * 4);
sa->sa_command_1.bf.hash_crypto_offset = (assoclen >> 2);
offset_to_sr_ptr = get_dynamic_sa_offset_state_ptr_field(sa);
*(u32 *)((unsigned long)sa + offset_to_sr_ptr) = pd_uinfo->sr_pa;
Reported by FlawFinder.
Line: 1151
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ETIMEDOUT;
if ((max - curr) >= 8) {
memcpy(data, &val, 8);
data += 8;
curr += 8;
} else {
/* copy only remaining bytes */
memcpy(data, &val, max - curr);
Reported by FlawFinder.
Line: 1156
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
curr += 8;
} else {
/* copy only remaining bytes */
memcpy(data, &val, max - curr);
break;
}
} while (curr < max);
return curr;
Reported by FlawFinder.
drivers/fsi/fsi-sbefifo.c
5 issues
Line: 145
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int pack = 0;
#define FFDC_LSIZE 60
static char ffdc_line[FFDC_LSIZE];
char *p = ffdc_line;
while (ffdc_sz) {
u32 w0, w1, w2, i;
if (ffdc_sz < 3) {
Reported by FlawFinder.
Line: 182
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < w0; i++) {
if ((i & 3) == 0) {
p = ffdc_line;
p += sprintf(p, "| %04x:", i << 4);
}
p += sprintf(p, " %08x", be32_to_cpu(*(ffdc++)));
ffdc_sz--;
if ((i & 3) == 3 || i == (w0 - 1)) {
while ((i & 3) < 3) {
Reported by FlawFinder.
Line: 184
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
p = ffdc_line;
p += sprintf(p, "| %04x:", i << 4);
}
p += sprintf(p, " %08x", be32_to_cpu(*(ffdc++)));
ffdc_sz--;
if ((i & 3) == 3 || i == (w0 - 1)) {
while ((i & 3) < 3) {
p += sprintf(p, " ");
i++;
Reported by FlawFinder.
Line: 188
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ffdc_sz--;
if ((i & 3) == 3 || i == (w0 - 1)) {
while ((i & 3) < 3) {
p += sprintf(p, " ");
i++;
}
dev_warn(dev, "%s |\n", ffdc_line);
}
}
Reported by FlawFinder.
Line: 938
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sbefifo *sbefifo;
struct device_node *np;
struct platform_device *child;
char child_name[32];
int rc, didx, child_idx = 0;
dev_dbg(dev, "Found sbefifo device\n");
sbefifo = kzalloc(sizeof(*sbefifo), GFP_KERNEL);
Reported by FlawFinder.
drivers/gpio/gpiolib-of.c
5 issues
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int of_gpio_get_count(struct device *dev, const char *con_id)
{
int ret;
char propname[32];
unsigned int i;
ret = of_gpio_spi_cs_get_count(dev, con_id);
if (ret > 0)
return ret;
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct gpio_desc *of_find_spi_gpio(struct device *dev, const char *con_id,
enum of_gpio_flags *of_flags)
{
char prop_name[32]; /* 32 is max size of property name */
struct device_node *np = dev->of_node;
struct gpio_desc *desc;
/*
* Hopefully the compiler stubs the rest of the function if this
Reported by FlawFinder.
Line: 495
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gpio_desc *of_find_gpio(struct device *dev, const char *con_id,
unsigned int idx, unsigned long *flags)
{
char prop_name[32]; /* 32 is max size of property name */
enum of_gpio_flags of_flags;
struct gpio_desc *desc;
unsigned int i;
/* Try GPIO property "foo-gpios" and "foo-gpio" */
Reported by FlawFinder.
Line: 954
Column: 9
CWE codes:
126
of_property_read_string_index(np,
group_names_propname,
index, &name);
if (strlen(name)) {
pr_err("%pOF: Group name of numeric GPIO ranges must be the empty string.\n",
np);
break;
}
}
Reported by FlawFinder.
Line: 988
Column: 9
CWE codes:
126
if (ret)
break;
if (!strlen(name)) {
pr_err("%pOF: Group name of GPIO group range cannot be the empty string.\n",
np);
break;
}
Reported by FlawFinder.
drivers/ata/pata_legacy.c
5 issues
Line: 358
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__le32 pad;
if (rw == READ) {
pad = cpu_to_le32(ioread32(ap->ioaddr.data_addr));
memcpy(buf + buflen - slop, &pad, slop);
} else {
memcpy(&pad, buf + buflen - slop, slop);
iowrite32(le32_to_cpu(pad), ap->ioaddr.data_addr);
}
buflen += 4 - slop;
Reported by FlawFinder.
Line: 360
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pad = cpu_to_le32(ioread32(ap->ioaddr.data_addr));
memcpy(buf + buflen - slop, &pad, slop);
} else {
memcpy(&pad, buf + buflen - slop, slop);
iowrite32(le32_to_cpu(pad), ap->ioaddr.data_addr);
}
buflen += 4 - slop;
}
local_irq_restore(flags);
Reported by FlawFinder.
Line: 747
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(slop)) {
__le32 pad;
if (rw == WRITE) {
memcpy(&pad, buf + buflen - slop, slop);
iowrite32(le32_to_cpu(pad), ap->ioaddr.data_addr);
} else {
pad = cpu_to_le32(ioread32(ap->ioaddr.data_addr));
memcpy(buf + buflen - slop, &pad, slop);
}
Reported by FlawFinder.
Line: 751
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
iowrite32(le32_to_cpu(pad), ap->ioaddr.data_addr);
} else {
pad = cpu_to_le32(ioread32(ap->ioaddr.data_addr));
memcpy(buf + buflen - slop, &pad, slop);
}
}
return (buflen + 3) & ~3;
} else
return ata_sff_data_xfer(qc, buf, buflen, rw);
Reported by FlawFinder.
Line: 1090
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static __init void probe_opti_vlb(void)
{
/* If an OPTI 82C46X is present find out where the channels are */
static const char *optis[4] = {
"3/463MV", "5MV",
"5MVA", "5MVB"
};
u8 chans = 1;
u8 ctrl = (opti_syscfg(0x30) & 0xC0) >> 6;
Reported by FlawFinder.
drivers/clk/davinci/pll.c
5 issues
Line: 372
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void __iomem *base,
struct regmap *cfgchip)
{
char prediv_name[MAX_NAME_SIZE];
char pllout_name[MAX_NAME_SIZE];
char postdiv_name[MAX_NAME_SIZE];
char pllen_name[MAX_NAME_SIZE];
struct clk_init_data init;
struct davinci_pll_clk *pllout;
Reported by FlawFinder.
Line: 373
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct regmap *cfgchip)
{
char prediv_name[MAX_NAME_SIZE];
char pllout_name[MAX_NAME_SIZE];
char postdiv_name[MAX_NAME_SIZE];
char pllen_name[MAX_NAME_SIZE];
struct clk_init_data init;
struct davinci_pll_clk *pllout;
struct davinci_pllen_clk *pllen;
Reported by FlawFinder.
Line: 374
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char prediv_name[MAX_NAME_SIZE];
char pllout_name[MAX_NAME_SIZE];
char postdiv_name[MAX_NAME_SIZE];
char pllen_name[MAX_NAME_SIZE];
struct clk_init_data init;
struct davinci_pll_clk *pllout;
struct davinci_pllen_clk *pllen;
struct clk *oscin_clk = NULL;
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char prediv_name[MAX_NAME_SIZE];
char pllout_name[MAX_NAME_SIZE];
char postdiv_name[MAX_NAME_SIZE];
char pllen_name[MAX_NAME_SIZE];
struct clk_init_data init;
struct davinci_pll_clk *pllout;
struct davinci_pllen_clk *pllen;
struct clk *oscin_clk = NULL;
struct clk *prediv_clk = NULL;
Reported by FlawFinder.
Line: 813
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
child = of_get_child_by_name(node, "auxclk");
if (of_device_is_available(child)) {
char child_name[MAX_NAME_SIZE];
snprintf(child_name, MAX_NAME_SIZE, "%s_auxclk", info->name);
clk = davinci_pll_auxclk_register(dev, child_name, base);
if (IS_ERR(clk))
Reported by FlawFinder.
drivers/clk/at91/sama7g5.c
5 issues
Line: 301
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static const struct {
const char *n;
const char *ep[4];
int ep_chg_id;
u8 ep_count;
u8 ep_mux_table[4];
u8 id;
u8 c;
Reported by FlawFinder.
Line: 464
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static const struct {
const char *n;
const char *pp[8];
const char pp_mux_table[8];
struct clk_range r;
int pp_chg_id;
u8 pp_count;
u8 id;
Reported by FlawFinder.
Line: 465
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const struct {
const char *n;
const char *pp[8];
const char pp_mux_table[8];
struct clk_range r;
int pp_chg_id;
u8 pp_count;
u8 id;
} sama7g5_gck[] = {
Reported by FlawFinder.
Line: 877
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char *td_slck_name, *md_slck_name, *mainxtal_name;
struct pmc_data *sama7g5_pmc;
const char *parent_names[10];
void **alloc_mem = NULL;
int alloc_mem_size = 0;
struct regmap *regmap;
struct clk_hw *hw;
bool bypass;
Reported by FlawFinder.
Line: 1047
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
parent_names[7] = "audiopll_divpmcck";
parent_names[8] = "ethpll_divpmcck";
for (i = 0; i < 8; i++) {
char name[6];
snprintf(name, sizeof(name), "prog%d", i);
hw = at91_clk_register_programmable(regmap, name, parent_names,
9, i,
Reported by FlawFinder.