The following issues were found
drivers/clk/clk-qoriq.c
4 issues
Line: 923
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char name[32];
int i, j;
snprintf(name, sizeof(name), fmt, idx);
for (i = 0, j = 0; i < NUM_MUX_PARENTS; i++) {
unsigned long rate;
hwc->clksel_to_parent[i] = -1;
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clockgen_pll_div {
struct clk *clk;
char name[32];
};
struct clockgen_pll {
struct clockgen_pll_div div[MAX_PLL_DIV];
};
Reported by FlawFinder.
Line: 919
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk_init_data init = {};
struct clk *clk;
const struct clockgen_pll_div *div;
const char *parent_names[NUM_MUX_PARENTS];
char name[32];
int i, j;
snprintf(name, sizeof(name), fmt, idx);
Reported by FlawFinder.
Line: 920
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk *clk;
const struct clockgen_pll_div *div;
const char *parent_names[NUM_MUX_PARENTS];
char name[32];
int i, j;
snprintf(name, sizeof(name), fmt, idx);
for (i = 0, j = 0; i < NUM_MUX_PARENTS; i++) {
Reported by FlawFinder.
drivers/clk/ti/clk.c
4 issues
Line: 150
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
compat_mode = ti_clk_get_features()->flags & TI_CLK_CLKCTRL_COMPAT;
for (c = oclks; c->node_name != NULL; c++) {
strcpy(buf, c->node_name);
ptr = buf;
for (i = 0; i < 2; i++)
tags[i] = NULL;
num_args = 0;
while (*ptr) {
Reported by FlawFinder.
Line: 137
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_node *node, *parent;
struct clk *clk;
struct of_phandle_args clkspec;
char buf[64];
char *ptr;
char *tags[2];
int i;
int num_args;
int ret;
Reported by FlawFinder.
Line: 139
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct of_phandle_args clkspec;
char buf[64];
char *ptr;
char *tags[2];
int i;
int num_args;
int ret;
static bool clkctrl_nodes_missing;
static bool has_clkctrl_data;
Reported by FlawFinder.
Line: 431
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
void __init ti_clk_setup_features(struct ti_clk_features *features)
{
memcpy(&ti_clk_features, features, sizeof(*features));
}
/**
* ti_clk_get_features - get clock driver features flags
*
Reported by FlawFinder.
drivers/clk/ti/clkctrl.c
4 issues
Line: 311
CWE codes:
562
goto cleanup;
}
clk_hw->init = &init;
init.parent_names = parents;
init.num_parents = num_parents;
init.ops = ops;
init.flags = 0;
Reported by Cppcheck.
Line: 634
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
provider->clkdm_name[strlen(provider->clkdm_name) - 7] = 0;
}
strcat(provider->clkdm_name, "clkdm");
/* Replace any dash from the clkdm name with underscore */
c = provider->clkdm_name;
while (*c) {
Reported by FlawFinder.
Line: 619
Column: 24
CWE codes:
126
* Create default clkdm name, replace _cm from end of parent
* node name with _clkdm
*/
provider->clkdm_name[strlen(provider->clkdm_name) - 2] = 0;
} else {
provider->clkdm_name = kasprintf(GFP_KERNEL, "%pOFn", node);
if (!provider->clkdm_name) {
kfree(provider);
return;
Reported by FlawFinder.
Line: 631
Column: 24
CWE codes:
126
* Create default clkdm name, replace _clkctrl from end of
* node name with _clkdm
*/
provider->clkdm_name[strlen(provider->clkdm_name) - 7] = 0;
}
strcat(provider->clkdm_name, "clkdm");
/* Replace any dash from the clkdm name with underscore */
Reported by FlawFinder.
drivers/clk/versatile/icst.c
4 issues
Line: 22
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* Divisors for each OD setting.
*/
const unsigned char icst307_s2div[8] = { 10, 2, 8, 4, 5, 7, 3, 6 };
const unsigned char icst525_s2div[8] = { 10, 2, 8, 4, 5, 7, 9, 6 };
EXPORT_SYMBOL(icst307_s2div);
EXPORT_SYMBOL(icst525_s2div);
unsigned long icst_hz(const struct icst_params *p, struct icst_vco vco)
Reported by FlawFinder.
Line: 23
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Divisors for each OD setting.
*/
const unsigned char icst307_s2div[8] = { 10, 2, 8, 4, 5, 7, 3, 6 };
const unsigned char icst525_s2div[8] = { 10, 2, 8, 4, 5, 7, 9, 6 };
EXPORT_SYMBOL(icst307_s2div);
EXPORT_SYMBOL(icst525_s2div);
unsigned long icst_hz(const struct icst_params *p, struct icst_vco vco)
{
Reported by FlawFinder.
Line: 41
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*
* Ascending divisor S values.
*/
const unsigned char icst307_idx2s[8] = { 1, 6, 3, 4, 7, 5, 2, 0 };
const unsigned char icst525_idx2s[8] = { 1, 3, 4, 7, 5, 2, 6, 0 };
EXPORT_SYMBOL(icst307_idx2s);
EXPORT_SYMBOL(icst525_idx2s);
struct icst_vco
Reported by FlawFinder.
Line: 42
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Ascending divisor S values.
*/
const unsigned char icst307_idx2s[8] = { 1, 6, 3, 4, 7, 5, 2, 0 };
const unsigned char icst525_idx2s[8] = { 1, 3, 4, 7, 5, 2, 6, 0 };
EXPORT_SYMBOL(icst307_idx2s);
EXPORT_SYMBOL(icst525_idx2s);
struct icst_vco
icst_hz_to_vco(const struct icst_params *p, unsigned long freq)
Reported by FlawFinder.
drivers/clocksource/acpi_pm.c
4 issues
Line: 151
Column: 31
CWE codes:
120
20
unsigned long count, delta;
mach_prepare_counter();
value1 = clocksource_acpi_pm.read(&clocksource_acpi_pm);
mach_countup(&count);
value2 = clocksource_acpi_pm.read(&clocksource_acpi_pm);
delta = (value2 - value1) & ACPI_PM_MASK;
/* Check that the PMTMR delta is within 5% of what we expect */
Reported by FlawFinder.
Line: 153
Column: 31
CWE codes:
120
20
mach_prepare_counter();
value1 = clocksource_acpi_pm.read(&clocksource_acpi_pm);
mach_countup(&count);
value2 = clocksource_acpi_pm.read(&clocksource_acpi_pm);
delta = (value2 - value1) & ACPI_PM_MASK;
/* Check that the PMTMR delta is within 5% of what we expect */
if (delta < (PMTMR_EXPECTED_RATE * 19) / 20 ||
delta > (PMTMR_EXPECTED_RATE * 21) / 20) {
Reported by FlawFinder.
Line: 186
Column: 32
CWE codes:
120
20
/* "verify" this timing source: */
for (j = 0; j < ACPI_PM_MONOTONICITY_CHECKS; j++) {
udelay(100 * j);
value1 = clocksource_acpi_pm.read(&clocksource_acpi_pm);
for (i = 0; i < ACPI_PM_READ_CHECKS; i++) {
value2 = clocksource_acpi_pm.read(&clocksource_acpi_pm);
if (value2 == value1)
continue;
if (value2 > value1)
Reported by FlawFinder.
Line: 188
Column: 33
CWE codes:
120
20
udelay(100 * j);
value1 = clocksource_acpi_pm.read(&clocksource_acpi_pm);
for (i = 0; i < ACPI_PM_READ_CHECKS; i++) {
value2 = clocksource_acpi_pm.read(&clocksource_acpi_pm);
if (value2 == value1)
continue;
if (value2 > value1)
break;
if ((value2 < value1) && ((value2) < 0xFFF))
Reported by FlawFinder.
drivers/comedi/comedi_buf.c
4 issues
Line: 216
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *b = bm->page_list[pg].virt_addr + pgoff;
if (write)
memcpy(b, buf, l);
else
memcpy(buf, b, l);
buf += l;
done += l;
pg++;
Reported by FlawFinder.
Line: 218
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (write)
memcpy(b, buf, l);
else
memcpy(buf, b, l);
buf += l;
done += l;
pg++;
pgoff = 0;
}
Reported by FlawFinder.
Line: 572
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
block_size = num_bytes;
memcpy(async->prealloc_buf + write_ptr, data, block_size);
data += block_size;
num_bytes -= block_size;
write_ptr = 0;
Reported by FlawFinder.
Line: 598
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
else
block_size = nbytes;
memcpy(dest, src, block_size);
nbytes -= block_size;
dest += block_size;
read_ptr = 0;
}
}
Reported by FlawFinder.
drivers/crypto/amcc/crypto4xx_alg.c
4 issues
Line: 165
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sa->sa_contents.w = SA_AES_CONTENTS | (keylen << 2);
sa->sa_command_1.bf.key_len = keylen >> 3;
memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4);
sa = ctx->sa_out;
sa->sa_command_0.bf.dir = DIR_OUTBOUND;
/*
* SA_OPCODE_ENCRYPT is the same value as SA_OPCODE_DECRYPT.
* it's the DIR_(IN|OUT)BOUND that matters
Reported by FlawFinder.
Line: 421
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
crypto4xx_memcpy_to_le32(get_dynamic_sa_key_field(sa), key, keylen);
memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4);
sa = (struct dynamic_sa_ctl *) ctx->sa_out;
set_dynamic_sa_command_0(sa, SA_SAVE_HASH, SA_NOT_SAVE_IV,
SA_LOAD_HASH_FROM_SA, SA_LOAD_IV_FROM_STATE,
SA_NO_HEADER_PROC, SA_HASH_ALG_CBC_MAC,
Reported by FlawFinder.
Line: 457
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (crypto4xx_aead_need_fallback(req, len, true, decrypt))
return crypto4xx_aead_fallback(req, ctx, decrypt);
memcpy(tmp_sa, decrypt ? ctx->sa_in : ctx->sa_out, ctx->sa_len * 4);
sa->sa_command_0.bf.digest_len = crypto_aead_authsize(aead) >> 2;
if (req->iv[0] == 1) {
/* CRYPTO_MODE_AES_ICM */
sa->sa_command_1.bf.crypto_mode9_8 = 1;
Reported by FlawFinder.
Line: 576
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto err;
}
memcpy(ctx->sa_out, ctx->sa_in, ctx->sa_len * 4);
sa = (struct dynamic_sa_ctl *) ctx->sa_out;
sa->sa_command_0.bf.dir = DIR_OUTBOUND;
sa->sa_command_0.bf.opcode = SA_OPCODE_ENCRYPT_HASH;
return 0;
Reported by FlawFinder.
drivers/crypto/cavium/nitrox/nitrox_aead.c
4 issues
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy enc key to context */
memset(&fctx->crypto, 0, sizeof(fctx->crypto));
memcpy(fctx->crypto.u.key, key, keylen);
return 0;
}
static int nitrox_aead_setauthsize(struct crypto_aead *aead,
Reported by FlawFinder.
Line: 225
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!nitrox_aes_gcm_assoclen_supported(areq->assoclen))
return -EINVAL;
memcpy(fctx->crypto.iv, areq->iv, GCM_AES_SALT_SIZE);
rctx->cryptlen = areq->cryptlen;
rctx->assoclen = areq->assoclen;
rctx->srclen = areq->assoclen + areq->cryptlen;
rctx->dstlen = rctx->srclen + aead->authsize;
Reported by FlawFinder.
Line: 259
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!nitrox_aes_gcm_assoclen_supported(areq->assoclen))
return -EINVAL;
memcpy(fctx->crypto.iv, areq->iv, GCM_AES_SALT_SIZE);
rctx->cryptlen = areq->cryptlen - aead->authsize;
rctx->assoclen = areq->assoclen;
rctx->srclen = areq->cryptlen + areq->assoclen;
rctx->dstlen = rctx->srclen - aead->authsize;
Reported by FlawFinder.
Line: 374
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(fctx->crypto.iv, key + keylen, GCM_AES_SALT_SIZE);
return 0;
}
static int nitrox_rfc4106_setauthsize(struct crypto_aead *aead,
unsigned int authsize)
Reported by FlawFinder.
drivers/crypto/cavium/nitrox/nitrox_skcipher.c
4 issues
Line: 100
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scatterwalk_map_and_copy(skreq->iv, skreq->src, start,
ivsize, 0);
} else {
memcpy(skreq->iv, nkreq->iv_out, ivsize);
kfree(nkreq->iv_out);
}
}
nitrox_skcipher_callback(arg, err);
Reported by FlawFinder.
Line: 192
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
flags->w0.iv_source = IV_FROM_DPTR;
flags->f = cpu_to_be64(*(u64 *)&flags->w0);
/* copy the key to context */
memcpy(fctx->crypto.u.key, key, keylen);
return 0;
}
static int nitrox_aes_setkey(struct crypto_skcipher *cipher, const u8 *key,
Reported by FlawFinder.
Line: 357
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fctx = nctx->u.fctx;
/* copy KEY2 */
memcpy(fctx->auth.u.key2, (key + keylen), keylen);
return nitrox_skcipher_setkey(cipher, aes_keylen, key, keylen);
}
static int nitrox_aes_ctr_rfc3686_setkey(struct crypto_skcipher *cipher,
Reported by FlawFinder.
Line: 375
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fctx = nctx->u.fctx;
memcpy(fctx->crypto.iv, key + (keylen - CTR_RFC3686_NONCE_SIZE),
CTR_RFC3686_NONCE_SIZE);
keylen -= CTR_RFC3686_NONCE_SIZE;
aes_keylen = flexi_aes_keylen(keylen);
Reported by FlawFinder.
drivers/crypto/cavium/zip/zip_crypto.c
4 issues
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
zip_ops->input_len = slen;
zip_ops->output_len = *dlen;
memcpy(zip_ops->input, src, slen);
ret = zip_deflate(zip_ops, zip_state, zip);
if (!ret) {
*dlen = zip_ops->output_len;
Reported by FlawFinder.
Line: 152
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ret) {
*dlen = zip_ops->output_len;
memcpy(dst, zip_ops->output, *dlen);
}
kfree(zip_state);
return ret;
}
Reported by FlawFinder.
Line: 179
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
zip_ops = &zip_ctx->zip_decomp;
memcpy(zip_ops->input, src, slen);
/* Work around for a bug in zlib which needs an extra bytes sometimes */
if (zip_ops->ccode != 3) /* Not LZS Encoding */
zip_ops->input[slen++] = 0;
Reported by FlawFinder.
Line: 192
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ret) {
*dlen = zip_ops->output_len;
memcpy(dst, zip_ops->output, *dlen);
}
kfree(zip_state);
return ret;
}
Reported by FlawFinder.