The following issues were found
drivers/gpu/drm/amd/amdgpu/amdgpu.h
4 issues
Line: 164
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern int amdgpu_hw_i2c;
extern int amdgpu_pcie_gen2;
extern int amdgpu_msi;
extern char amdgpu_lockup_timeout[AMDGPU_MAX_TIMEOUT_PARAM_LENGTH];
extern int amdgpu_dpm;
extern int amdgpu_fw_load_type;
extern int amdgpu_aspm;
extern int amdgpu_runtime_pm;
extern uint amdgpu_ip_block_mask;
Reported by FlawFinder.
Line: 1072
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool ucode_sysfs_en;
/* Chip product information */
char product_number[16];
char product_name[32];
char serial[20];
struct amdgpu_autodump autodump;
Reported by FlawFinder.
Line: 1073
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Chip product information */
char product_number[16];
char product_name[32];
char serial[20];
struct amdgpu_autodump autodump;
atomic_t throttling_logging_enabled;
Reported by FlawFinder.
Line: 1074
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Chip product information */
char product_number[16];
char product_name[32];
char serial[20];
struct amdgpu_autodump autodump;
atomic_t throttling_logging_enabled;
struct ratelimit_state throttling_logging_rs;
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_fru_eeprom.c
4 issues
Line: 103
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int amdgpu_fru_get_product_info(struct amdgpu_device *adev)
{
unsigned char buff[34];
int addrptr, size;
int len;
if (!is_fru_eeprom_supported(adev))
return 0;
Reported by FlawFinder.
Line: 154
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len = sizeof(adev->product_name) - 1;
}
/* Start at 2 due to buff using fields 0 and 1 for the address */
memcpy(adev->product_name, &buff[2], len);
adev->product_name[len] = '\0';
addrptr += size + 1;
size = amdgpu_fru_read_eeprom(adev, addrptr, buff);
if (size < 1) {
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DRM_WARN("FRU Product Number is larger than 16 characters. This is likely a mistake");
len = sizeof(adev->product_number) - 1;
}
memcpy(adev->product_number, &buff[2], len);
adev->product_number[len] = '\0';
addrptr += size + 1;
size = amdgpu_fru_read_eeprom(adev, addrptr, buff);
Reported by FlawFinder.
Line: 199
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DRM_WARN("FRU Serial Number is larger than 16 characters. This is likely a mistake");
len = sizeof(adev->serial) - 1;
}
memcpy(adev->serial, &buff[2], len);
adev->serial[len] = '\0';
return 0;
}
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/gfx_v9_4_2.c
4 issues
Line: 436
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (se = 0; se < adev->gfx.config.max_shader_engines; se++) {
for (cu = 0; cu < CU_ID_MAX; cu++) {
memset(str, 0, 256);
size = sprintf(str, "SE[%02d]CU[%02d]: ", se, cu);
for (simd = 0; simd < SIMD_ID_MAX; simd++) {
size += sprintf(str + size, "[");
for (wave = 0; wave < WAVE_ID_MAX; wave++) {
size += sprintf(str + size, "%x", wb_ptr[offset]);
offset++;
Reported by FlawFinder.
Line: 440
Column: 14
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (simd = 0; simd < SIMD_ID_MAX; simd++) {
size += sprintf(str + size, "[");
for (wave = 0; wave < WAVE_ID_MAX; wave++) {
size += sprintf(str + size, "%x", wb_ptr[offset]);
offset++;
}
size += sprintf(str + size, "] ");
}
dev_dbg(adev->dev, "%s\n", str);
Reported by FlawFinder.
Line: 443
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
size += sprintf(str + size, "%x", wb_ptr[offset]);
offset++;
}
size += sprintf(str + size, "] ");
}
dev_dbg(adev->dev, "%s\n", str);
}
}
Reported by FlawFinder.
Line: 438
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
memset(str, 0, 256);
size = sprintf(str, "SE[%02d]CU[%02d]: ", se, cu);
for (simd = 0; simd < SIMD_ID_MAX; simd++) {
size += sprintf(str + size, "[");
for (wave = 0; wave < WAVE_ID_MAX; wave++) {
size += sprintf(str + size, "%x", wb_ptr[offset]);
offset++;
}
size += sprintf(str + size, "] ");
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/mes_v10_1.c
4 issues
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int mes_v10_1_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[30];
int err;
const struct mes_firmware_header_v1_0 *mes_hdr;
struct amdgpu_firmware_info *info;
switch (adev->asic_type) {
Reported by FlawFinder.
Line: 364
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return r;
}
memcpy(adev->mes.ucode_fw_ptr, fw_data, fw_size);
amdgpu_bo_kunmap(adev->mes.ucode_fw_obj);
amdgpu_bo_unreserve(adev->mes.ucode_fw_obj);
return 0;
Reported by FlawFinder.
Line: 396
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return r;
}
memcpy(adev->mes.data_fw_ptr, fw_data, fw_size);
amdgpu_bo_kunmap(adev->mes.data_fw_obj);
amdgpu_bo_unreserve(adev->mes.data_fw_obj);
return 0;
Reported by FlawFinder.
Line: 849
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->doorbell_index = adev->doorbell_index.mes_ring << 1;
ring->eop_gpu_addr = adev->mes.eop_gpu_addr;
ring->no_scheduler = true;
sprintf(ring->name, "mes_%d.%d.%d", ring->me, ring->pipe, ring->queue);
return amdgpu_ring_init(adev, ring, 1024, NULL, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
}
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/mmsch_v3_0.h
4 issues
Line: 96
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
direct_rd_mod_wt.cmd_header.reg_offset = reg; \
direct_rd_mod_wt.mask_value = mask; \
direct_rd_mod_wt.write_data = data; \
memcpy((void *)table_loc, &direct_rd_mod_wt, size); \
table_loc += size_dw; \
table_size += size_dw; \
}
#define MMSCH_V3_0_INSERT_DIRECT_WT(reg, value) { \
Reported by FlawFinder.
Line: 106
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_dw = size / 4; \
direct_wt.cmd_header.reg_offset = reg; \
direct_wt.reg_value = value; \
memcpy((void *)table_loc, &direct_wt, size); \
table_loc += size_dw; \
table_size += size_dw; \
}
#define MMSCH_V3_0_INSERT_DIRECT_POLL(reg, mask, wait) { \
Reported by FlawFinder.
Line: 117
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
direct_poll.cmd_header.reg_offset = reg; \
direct_poll.mask_value = mask; \
direct_poll.wait_value = wait; \
memcpy((void *)table_loc, &direct_poll, size); \
table_loc += size_dw; \
table_size += size_dw; \
}
#define MMSCH_V3_0_INSERT_END() { \
Reported by FlawFinder.
Line: 125
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define MMSCH_V3_0_INSERT_END() { \
size = sizeof(struct mmsch_v3_0_cmd_end); \
size_dw = size / 4; \
memcpy((void *)table_loc, &end, size); \
table_loc += size_dw; \
table_size += size_dw; \
}
#endif
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c
4 issues
Line: 616
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sdma_v4_0_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[30];
int err = 0, i;
struct amdgpu_firmware_info *info = NULL;
const struct common_firmware_header *header = NULL;
DRM_DEBUG("\n");
Reported by FlawFinder.
Line: 672
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
adev->asic_type == CHIP_ALDEBARAN) {
/* Acturus & Aldebaran will leverage the same FW memory
for every SDMA instance */
memcpy((void *)&adev->sdma.instance[i],
(void *)&adev->sdma.instance[0],
sizeof(struct amdgpu_sdma_instance));
}
else {
snprintf(fw_name, sizeof(fw_name), "amdgpu/%s_sdma%d.bin", chip_name, i);
Reported by FlawFinder.
Line: 1973
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* doorbell size is 2 dwords, get DWORD offset */
ring->doorbell_index = adev->doorbell_index.sdma_engine[i] << 1;
sprintf(ring->name, "sdma%d", i);
r = amdgpu_ring_init(adev, ring, 1024, &adev->sdma.trap_irq,
AMDGPU_SDMA_IRQ_INSTANCE0 + i,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
Line: 1991
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->doorbell_index = adev->doorbell_index.sdma_engine[i] << 1;
ring->doorbell_index += 0x400;
sprintf(ring->name, "page%d", i);
r = amdgpu_ring_init(adev, ring, 1024,
&adev->sdma.trap_irq,
AMDGPU_SDMA_IRQ_INSTANCE0 + i,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
Reported by FlawFinder.
drivers/gpu/drm/amd/amdkfd/kfd_process.c
4 issues
Line: 536
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret;
int i;
char stats_dir_filename[MAX_SYSFS_FILENAME_LEN];
if (!p || !p->kobj)
return;
/*
Reported by FlawFinder.
Line: 583
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret = 0;
int i;
char counters_dir_filename[MAX_SYSFS_FILENAME_LEN];
if (!p || !p->kobj)
return;
/*
Reported by FlawFinder.
Line: 1183
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return err;
}
memcpy(qpd->cwsr_kaddr, dev->cwsr_isa, dev->cwsr_isa_size);
qpd->tma_addr = qpd->tba_addr + KFD_CWSR_TMA_OFFSET;
pr_debug("set tba :0x%llx, tma:0x%llx, cwsr_kaddr:%p for pqm.\n",
qpd->tba_addr, qpd->tma_addr, qpd->cwsr_kaddr);
}
Reported by FlawFinder.
Line: 1215
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
qpd->cwsr_kaddr = kaddr;
qpd->tba_addr = qpd->cwsr_base;
memcpy(qpd->cwsr_kaddr, dev->cwsr_isa, dev->cwsr_isa_size);
qpd->tma_addr = qpd->tba_addr + KFD_CWSR_TMA_OFFSET;
pr_debug("set tba :0x%llx, tma:0x%llx, cwsr_kaddr:%p for pqm.\n",
qpd->tba_addr, qpd->tma_addr, qpd->cwsr_kaddr);
Reported by FlawFinder.
drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c
4 issues
Line: 2650
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(struct atom_master_data_table_v2_1 *)(bios_dst +
packed_masterdatatable_offset);
memcpy(bios_dst, bios, OFFSET_TO_ATOM_ROM_HEADER_POINTER);
*((uint16_t *)(bios_dst + OFFSET_TO_ATOM_ROM_HEADER_POINTER)) =
packed_rom_header_offset;
memcpy(bios_dst + packed_rom_header_offset, rom_header,
Reported by FlawFinder.
Line: 2655
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*((uint16_t *)(bios_dst + OFFSET_TO_ATOM_ROM_HEADER_POINTER)) =
packed_rom_header_offset;
memcpy(bios_dst + packed_rom_header_offset, rom_header,
rom_header->table_header.structuresize);
packed_rom_header->masterdatatable_offset = packed_masterdatatable_offset;
memcpy(&packed_master_data_tbl->table_header,
Reported by FlawFinder.
Line: 2660
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
packed_rom_header->masterdatatable_offset = packed_masterdatatable_offset;
memcpy(&packed_master_data_tbl->table_header,
&bp->master_data_tbl->table_header,
sizeof(bp->master_data_tbl->table_header));
data_tbl_list = &bp->master_data_tbl->listOfdatatables;
Reported by FlawFinder.
Line: 2677
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data_tbl_header =
(struct atom_common_table_header *)(bios + data_tbl_offset);
memcpy(bios_dst + packed_data_tbl_offset, data_tbl_header,
data_tbl_header->structuresize);
*((uint16_t *)&packed_master_data_tbl->listOfdatatables + i) =
packed_data_tbl_offset;
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/powerplay/smumgr/vega20_smumgr.c
4 issues
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
amdgpu_asic_invalidate_hdp(adev, NULL);
memcpy(table, priv->smu_tables.entry[table_id].table,
priv->smu_tables.entry[table_id].size);
return 0;
}
Reported by FlawFinder.
Line: 223
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
PP_ASSERT_WITH_CODE(priv->smu_tables.entry[table_id].size != 0,
"Invalid SMU Table Length!", return -EINVAL);
memcpy(priv->smu_tables.entry[table_id].table, table,
priv->smu_tables.entry[table_id].size);
amdgpu_asic_flush_hdp(adev, NULL);
PP_ASSERT_WITH_CODE((ret = smum_send_msg_to_smc_with_parameter(hwmgr,
Reported by FlawFinder.
Line: 256
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct amdgpu_device *adev = hwmgr->adev;
int ret = 0;
memcpy(priv->smu_tables.entry[TABLE_ACTIVITY_MONITOR_COEFF].table, table,
priv->smu_tables.entry[TABLE_ACTIVITY_MONITOR_COEFF].size);
amdgpu_asic_flush_hdp(adev, NULL);
PP_ASSERT_WITH_CODE((ret = smum_send_msg_to_smc_with_parameter(hwmgr,
Reported by FlawFinder.
Line: 311
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
amdgpu_asic_invalidate_hdp(adev, NULL);
memcpy(table, priv->smu_tables.entry[TABLE_ACTIVITY_MONITOR_COEFF].table,
priv->smu_tables.entry[TABLE_ACTIVITY_MONITOR_COEFF].size);
return 0;
}
Reported by FlawFinder.
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c
4 issues
Line: 304
CWE codes:
562
flip_done = input_flip_done;
} else {
init_completion(&temp);
kcrtc->disable_done = &temp;
flip_done = &temp;
}
mdev->funcs->flush(mdev, kcrtc->master->id, 0);
Reported by Cppcheck.
Line: 568
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct komeda_crtc *crtc;
struct komeda_pipeline *master;
char str[16];
int i;
kms->n_crtcs = 0;
for (i = 0; i < mdev->n_pipelines; i++) {
Reported by FlawFinder.
Line: 581
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
crtc->slave = komeda_pipeline_get_slave(master);
if (crtc->slave)
sprintf(str, "pipe-%d", crtc->slave->id);
else
sprintf(str, "None");
DRM_INFO("CRTC-%d: master(pipe-%d) slave(%s).\n",
kms->n_crtcs, master->id, str);
Reported by FlawFinder.
Line: 583
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (crtc->slave)
sprintf(str, "pipe-%d", crtc->slave->id);
else
sprintf(str, "None");
DRM_INFO("CRTC-%d: master(pipe-%d) slave(%s).\n",
kms->n_crtcs, master->id, str);
kms->n_crtcs++;
Reported by FlawFinder.