The following issues were found
drivers/hwmon/fam15h_power.c
4 issues
Line: 121
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* (10^6)/(2^16) = 15625/(2^10)
*/
curr_pwr_watts = (curr_pwr_watts * 15625) >> (10 + running_avg_range);
return sprintf(buf, "%u\n", (unsigned int) curr_pwr_watts);
}
static DEVICE_ATTR_RO(power1_input);
static ssize_t power1_crit_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 130
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct fam15h_power_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%u\n", data->processor_pwr_watts);
}
static DEVICE_ATTR_RO(power1_crit);
static void do_read_registers_on_cu(void *_data)
{
Reported by FlawFinder.
Line: 251
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
avg_acc += jdelta[cu];
}
return sprintf(buf, "%llu\n", (unsigned long long)avg_acc);
}
static DEVICE_ATTR_RO(power1_average);
static ssize_t power1_average_interval_show(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 261
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct fam15h_power_data *data = dev_get_drvdata(dev);
return sprintf(buf, "%lu\n", data->power_period);
}
static ssize_t power1_average_interval_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t count)
Reported by FlawFinder.
drivers/gpu/drm/msm/adreno/a5xx_gpu.c
4 issues
Line: 1130
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (status & A5XX_CP_INT_CP_AHB_ERROR) {
u32 status = gpu_read(gpu, REG_A5XX_CP_AHB_FAULT);
const char *access[16] = { "reserved", "reserved",
"timestamp lo", "timestamp hi", "pfp read", "pfp write",
"", "", "me read", "me write", "", "", "crashdump read",
"crashdump write" };
dev_err_ratelimited(gpu->dev->dev,
Reported by FlawFinder.
Line: 1137
Column: 22
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
dev_err_ratelimited(gpu->dev->dev,
"CP | AHB error | addr=%X access=%s error=%d | status=0x%8.8X\n",
status & 0xFFFFF, access[(status >> 24) & 0xF],
(status & (1 << 31)), status);
}
}
static void a5xx_rbbm_err_irq(struct msm_gpu *gpu, u32 status)
Reported by FlawFinder.
Line: 1130
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (status & A5XX_CP_INT_CP_AHB_ERROR) {
u32 status = gpu_read(gpu, REG_A5XX_CP_AHB_FAULT);
const char *access[16] = { "reserved", "reserved",
"timestamp lo", "timestamp hi", "pfp read", "pfp write",
"", "", "me read", "me write", "", "", "crashdump read",
"crashdump write" };
dev_err_ratelimited(gpu->dev->dev,
Reported by FlawFinder.
Line: 1525
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy the data from the crashdumper to the state */
memcpy(a5xx_state->hlsqregs, dumper.ptr + (256 * SZ_1K),
count * sizeof(u32));
msm_gem_kernel_put(dumper.bo, gpu->aspace, true);
}
Reported by FlawFinder.
drivers/input/touchscreen/goodix.c
4 issues
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gpio_desc *gpiod_rst;
int gpio_count;
int gpio_int_idx;
char id[GOODIX_ID_MAX_LEN + 1];
u16 version;
const char *cfg_name;
bool reset_controller_at_probe;
bool load_cfg_from_disk;
struct completion firmware_loading_complete;
Reported by FlawFinder.
Line: 260
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
addr_buf[0] = reg >> 8;
addr_buf[1] = reg & 0xFF;
memcpy(&addr_buf[2], buf, len);
msg.flags = 0;
msg.addr = client->addr;
msg.buf = addr_buf;
msg.len = len + 2;
Reported by FlawFinder.
Line: 966
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int error;
u8 buf[6];
char id_str[GOODIX_ID_MAX_LEN + 1];
error = goodix_i2c_read(ts->client, GOODIX_REG_ID, buf, sizeof(buf));
if (error) {
dev_err(&ts->client->dev, "read version failed: %d\n", error);
return error;
Reported by FlawFinder.
Line: 974
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return error;
}
memcpy(id_str, buf, GOODIX_ID_MAX_LEN);
id_str[GOODIX_ID_MAX_LEN] = 0;
strscpy(ts->id, id_str, GOODIX_ID_MAX_LEN + 1);
ts->version = get_unaligned_le16(&buf[4]);
Reported by FlawFinder.
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
4 issues
Line: 1363
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gb_cmd.body.cid = cmd->body.cid;
gb_cmd.body.type = cmd->body.type;
memcpy(cmd, &gb_cmd, sizeof(*cmd));
return vmw_cmd_begin_gb_query(dev_priv, sw_context, header);
}
return vmw_cmd_res_check(dev_priv, sw_context, vmw_res_context,
VMW_RES_DIRTY_SET, user_context_converter,
Reported by FlawFinder.
Line: 1430
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gb_cmd.body.mobid = cmd->body.guestResult.gmrId;
gb_cmd.body.offset = cmd->body.guestResult.offset;
memcpy(cmd, &gb_cmd, sizeof(*cmd));
return vmw_cmd_end_gb_query(dev_priv, sw_context, header);
}
ret = vmw_cmd_cid_check(dev_priv, sw_context, header);
if (unlikely(ret != 0))
Reported by FlawFinder.
Line: 1504
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gb_cmd.body.mobid = cmd->body.guestResult.gmrId;
gb_cmd.body.offset = cmd->body.guestResult.offset;
memcpy(cmd, &gb_cmd, sizeof(*cmd));
return vmw_cmd_wait_gb_query(dev_priv, sw_context, header);
}
ret = vmw_cmd_cid_check(dev_priv, sw_context, header);
if (unlikely(ret != 0))
Reported by FlawFinder.
Line: 3904
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
vmw_apply_relocations(sw_context);
memcpy(cmd, kernel_commands, command_size);
vmw_resource_relocations_apply(cmd, &sw_context->res_relocations);
vmw_resource_relocations_free(&sw_context->res_relocations);
vmw_cmd_commit(dev_priv, command_size);
return 0;
Reported by FlawFinder.
drivers/infiniband/hw/mlx4/alias_GUID.c
4 issues
Line: 102
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* cache the guid: */
memcpy(&dev->sriov.demux[port_index].guid_cache[slave_id],
&p_data[i * GUID_REC_SIZE],
GUID_REC_SIZE);
} else
pr_debug("Guid number: %d in block: %d"
" was not updated\n", i, block_num);
Reported by FlawFinder.
Line: 534
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
guid_info_rec.lid = ib_lid_be16(attr.lid);
guid_info_rec.block_num = index;
memcpy(guid_info_rec.guid_info_list, rec_det->all_recs,
GUID_REC_SIZE * NUM_ALIAS_GUID_IN_REC);
comp_mask = IB_SA_GUIDINFO_REC_LID | IB_SA_GUIDINFO_REC_BLOCK_NUM |
rec_det->guid_indexes;
init_completion(&callback_context->done);
Reported by FlawFinder.
Line: 674
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
memcpy(&next_rec->rec_det, rec, sizeof(*rec));
next_rec->port = port;
next_rec->block_num = record_index;
if (*(__be64 *)&rec->all_recs[lowset_time_entry * GUID_REC_SIZE] ==
cpu_to_be64(MLX4_GUID_FOR_DELETE_VAL)) {
Reported by FlawFinder.
Line: 835
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int mlx4_ib_init_alias_guid_service(struct mlx4_ib_dev *dev)
{
char alias_wq_name[15];
int ret = 0;
int i, j;
union ib_gid gid;
if (!mlx4_is_master(dev->dev))
Reported by FlawFinder.
drivers/gpu/drm/mediatek/mtk_hdmi.c
4 issues
Line: 729
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void do_hdmi_hw_aud_set_ncts(struct mtk_hdmi *hdmi, unsigned int n,
unsigned int cts)
{
unsigned char val[NCTS_BYTES];
int i;
mtk_hdmi_write(hdmi, GRL_NCTS, 0);
mtk_hdmi_write(hdmi, GRL_NCTS, 0);
mtk_hdmi_write(hdmi, GRL_NCTS, 0);
Reported by FlawFinder.
Line: 1109
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_dbg(hdmi->dev, "codec:%d, input:%d, channel:%d, fs:%d\n",
param->aud_codec, param->aud_input_type,
param->aud_input_chan_type, param->codec_params.sample_rate);
memcpy(&hdmi->aud_param, param, sizeof(*param));
return mtk_hdmi_aud_output_config(hdmi, &hdmi->mode);
}
static int mtk_hdmi_output_set_display_mode(struct mtk_hdmi *hdmi,
struct drm_display_mode *mode)
Reported by FlawFinder.
Line: 1141
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
}
static const char * const mtk_hdmi_clk_names[MTK_HDMI_CLK_COUNT] = {
[MTK_HDMI_CLK_HDMI_PIXEL] = "pixel",
[MTK_HDMI_CLK_HDMI_PLL] = "pll",
[MTK_HDMI_CLK_AUD_BCLK] = "bclk",
[MTK_HDMI_CLK_AUD_SPDIF] = "spdif",
};
Reported by FlawFinder.
Line: 1638
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct mtk_hdmi *hdmi = dev_get_drvdata(dev);
if (hdmi->enabled)
memcpy(buf, hdmi->curr_conn->eld, min(sizeof(hdmi->curr_conn->eld), len));
else
memset(buf, 0, len);
return 0;
}
Reported by FlawFinder.
drivers/hwmon/max6697.c
4 issues
Line: 265
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
temp = (data->temp[index][MAX6697_TEMP_INPUT] - data->temp_offset) << 3;
temp |= data->temp[index][MAX6697_TEMP_EXT] >> 5;
return sprintf(buf, "%d\n", temp * 125);
}
static ssize_t temp_show(struct device *dev, struct device_attribute *devattr,
char *buf)
{
Reported by FlawFinder.
Line: 282
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
temp = data->temp[nr][index];
temp -= data->temp_offset;
return sprintf(buf, "%d\n", temp * 1000);
}
static ssize_t alarm_show(struct device *dev, struct device_attribute *attr,
char *buf)
{
Reported by FlawFinder.
Line: 297
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (data->chip->alarm_map)
index = data->chip->alarm_map[index];
return sprintf(buf, "%u\n", (data->alarms >> index) & 0x1);
}
static ssize_t temp_store(struct device *dev,
struct device_attribute *devattr, const char *buf,
size_t count)
Reported by FlawFinder.
Line: 388
Column: 25
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
ret = 0;
mutex_unlock(&data->update_lock);
return ret < 0 ? ret : sprintf(buf, "%d\n", max6581_offset_to_millic(ret));
}
static SENSOR_DEVICE_ATTR_RO(temp1_input, temp_input, 0);
static SENSOR_DEVICE_ATTR_2_RW(temp1_max, temp, 0, MAX6697_TEMP_MAX);
static SENSOR_DEVICE_ATTR_2_RW(temp1_crit, temp, 0, MAX6697_TEMP_CRIT);
Reported by FlawFinder.
drivers/gpu/drm/lima/lima_sched.c
4 issues
Line: 352
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(chunk, 0, sizeof(*chunk));
chunk->id = LIMA_DUMP_CHUNK_FRAME;
chunk->size = pipe->frame_size;
memcpy(chunk + 1, task->frame, pipe->frame_size);
dt->num_chunks++;
chunk = (void *)(chunk + 1) + chunk->size;
memset(chunk, 0, sizeof(*chunk));
chunk->id = LIMA_DUMP_CHUNK_PROCESS_NAME;
Reported by FlawFinder.
Line: 359
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(chunk, 0, sizeof(*chunk));
chunk->id = LIMA_DUMP_CHUNK_PROCESS_NAME;
chunk->size = sizeof(ctx->pname);
memcpy(chunk + 1, ctx->pname, sizeof(ctx->pname));
dt->num_chunks++;
pid_chunk = (void *)(chunk + 1) + chunk->size;
memset(pid_chunk, 0, sizeof(*pid_chunk));
pid_chunk->id = LIMA_DUMP_CHUNK_PROCESS_ID;
Reported by FlawFinder.
Line: 387
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(buffer_chunk + 1, data, buffer_chunk->size);
vunmap(data);
} else {
buffer_chunk->size = lima_bo_size(bo);
Reported by FlawFinder.
Line: 399
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(buffer_chunk + 1, map.vaddr, buffer_chunk->size);
drm_gem_shmem_vunmap(&bo->base.base, &map);
}
buffer_chunk = (void *)(buffer_chunk + 1) + buffer_chunk->size;
Reported by FlawFinder.
drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c
4 issues
Line: 194
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (index >= dev->dsr->caps.gid_tbl_len)
return -EINVAL;
memcpy(gid, &dev->sgid_tbl[index], sizeof(union ib_gid));
return 0;
}
/**
Reported by FlawFinder.
Line: 254
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (mask & IB_DEVICE_MODIFY_NODE_DESC) {
spin_lock_irqsave(&to_vdev(ibdev)->desc_lock, flags);
memcpy(ibdev->node_desc, props->node_desc, 64);
spin_unlock_irqrestore(&to_vdev(ibdev)->desc_lock, flags);
}
if (mask & IB_DEVICE_MODIFY_SYS_IMAGE_GUID) {
mutex_lock(&to_vdev(ibdev)->port_mutex);
Reported by FlawFinder.
Line: 539
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ah->av.hop_limit = grh->hop_limit;
ah->av.sl_tclass_flowlabel = (grh->traffic_class << 20) |
grh->flow_label;
memcpy(ah->av.dgid, grh->dgid.raw, 16);
memcpy(ah->av.dmac, ah_attr->roce.dmac, ETH_ALEN);
return 0;
}
Reported by FlawFinder.
Line: 540
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ah->av.sl_tclass_flowlabel = (grh->traffic_class << 20) |
grh->flow_label;
memcpy(ah->av.dgid, grh->dgid.raw, 16);
memcpy(ah->av.dmac, ah_attr->roce.dmac, ETH_ALEN);
return 0;
}
/**
Reported by FlawFinder.
drivers/gpu/drm/tidss/tidss_dispc.h
4 issues
Line: 77
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *common;
const u16 *common_regs;
u32 num_vps;
const char *vp_name[TIDSS_MAX_PORTS]; /* Should match dt reg names */
const char *ovr_name[TIDSS_MAX_PORTS]; /* Should match dt reg names */
const char *vpclk_name[TIDSS_MAX_PORTS]; /* Should match dt clk names */
const enum dispc_vp_bus_type vp_bus_type[TIDSS_MAX_PORTS];
struct tidss_vp_feat vp_feat;
u32 num_planes;
Reported by FlawFinder.
Line: 78
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const u16 *common_regs;
u32 num_vps;
const char *vp_name[TIDSS_MAX_PORTS]; /* Should match dt reg names */
const char *ovr_name[TIDSS_MAX_PORTS]; /* Should match dt reg names */
const char *vpclk_name[TIDSS_MAX_PORTS]; /* Should match dt clk names */
const enum dispc_vp_bus_type vp_bus_type[TIDSS_MAX_PORTS];
struct tidss_vp_feat vp_feat;
u32 num_planes;
const char *vid_name[TIDSS_MAX_PLANES]; /* Should match dt reg names */
Reported by FlawFinder.
Line: 79
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 num_vps;
const char *vp_name[TIDSS_MAX_PORTS]; /* Should match dt reg names */
const char *ovr_name[TIDSS_MAX_PORTS]; /* Should match dt reg names */
const char *vpclk_name[TIDSS_MAX_PORTS]; /* Should match dt clk names */
const enum dispc_vp_bus_type vp_bus_type[TIDSS_MAX_PORTS];
struct tidss_vp_feat vp_feat;
u32 num_planes;
const char *vid_name[TIDSS_MAX_PLANES]; /* Should match dt reg names */
bool vid_lite[TIDSS_MAX_PLANES];
Reported by FlawFinder.
Line: 83
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const enum dispc_vp_bus_type vp_bus_type[TIDSS_MAX_PORTS];
struct tidss_vp_feat vp_feat;
u32 num_planes;
const char *vid_name[TIDSS_MAX_PLANES]; /* Should match dt reg names */
bool vid_lite[TIDSS_MAX_PLANES];
u32 vid_order[TIDSS_MAX_PLANES];
};
extern const struct dispc_features dispc_k2g_feats;
Reported by FlawFinder.