The following issues were found
drivers/input/touchscreen/cyttsp_core.c
3 issues
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int error;
u8 bl_cmd[sizeof(bl_command)];
memcpy(bl_cmd, bl_command, sizeof(bl_command));
if (ts->bl_keys)
memcpy(&bl_cmd[sizeof(bl_command) - CY_NUM_BL_KEYS],
ts->bl_keys, CY_NUM_BL_KEYS);
error = ttsp_write_block_data(ts, CY_REG_BASE,
Reported by FlawFinder.
Line: 144
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(bl_cmd, bl_command, sizeof(bl_command));
if (ts->bl_keys)
memcpy(&bl_cmd[sizeof(bl_command) - CY_NUM_BL_KEYS],
ts->bl_keys, CY_NUM_BL_KEYS);
error = ttsp_write_block_data(ts, CY_REG_BASE,
sizeof(bl_cmd), bl_cmd);
if (error)
Reported by FlawFinder.
Line: 85
Column: 24
CWE codes:
120
20
int tries;
for (tries = 0; tries < CY_NUM_RETRY; tries++) {
error = ts->bus_ops->read(ts->dev, ts->xfer_buf, command,
length, buf);
if (!error)
return 0;
msleep(CY_DELAY_DFLT);
Reported by FlawFinder.
drivers/hwmon/npcm750-pwm-fan.c
3 issues
Line: 182
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct npcm7xx_cooling_device {
char name[THERMAL_NAME_LENGTH];
struct npcm7xx_pwm_fan_data *data;
struct thermal_cooling_device *tcdev;
int pwm_port;
u8 *cooling_levels;
u8 max_state;
Reported by FlawFinder.
Line: 915
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct npcm7xx_pwm_fan_data *data;
struct resource *res;
struct device *hwmon;
char name[20];
int ret, cnt;
u32 output_freq;
u32 i;
np = dev->of_node;
Reported by FlawFinder.
Line: 973
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (data->fan_irq[i] < 0)
return data->fan_irq[i];
sprintf(name, "NPCM7XX-FAN-MD%d", i);
ret = devm_request_irq(dev, data->fan_irq[i], npcm7xx_fan_isr,
0, name, (void *)data);
if (ret) {
dev_err(dev, "register IRQ fan%d failed\n", i);
return ret;
Reported by FlawFinder.
drivers/infiniband/core/sa_query.c
3 issues
Line: 763
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Construct the family header first */
header = skb_put(skb, NLMSG_ALIGN(sizeof(*header)));
memcpy(header->device_name, dev_name(&query->port->agent->device->dev),
LS_DEVICE_NAME_MAX);
header->port_num = query->port->port_num;
if ((comp_mask & IB_SA_PATH_REC_REVERSIBLE) &&
sa_rec->reversible != 0)
Reported by FlawFinder.
Line: 956
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mad = query->mad_buf->mad;
mad->mad_hdr.method |=
IB_MGMT_METHOD_RESP;
memcpy(mad->data, rec->path_rec,
sizeof(rec->path_rec));
status = 0;
break;
}
}
Reported by FlawFinder.
Line: 1270
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(ah_attr->roce.dmac, sa_path_get_dmac(rec), ETH_ALEN);
} else {
rdma_ah_set_dlid(ah_attr, be32_to_cpu(sa_path_get_dlid(rec)));
if (sa_path_is_opa(rec) &&
rdma_ah_get_dlid(ah_attr) == be16_to_cpu(IB_LID_PERMISSIVE))
rdma_ah_set_make_grd(ah_attr, true);
Reported by FlawFinder.
drivers/hid/hid-lg4ff.c
3 issues
Line: 402
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
.real_tag = real_tag,
.real_name = real_name };
memcpy(wdata, &t_wdata, sizeof(t_wdata));
}
}
static int lg4ff_play(struct input_dev *dev, void *data, struct ff_effect *effect)
{
Reported by FlawFinder.
Line: 874
Column: 6
CWE codes:
126
if (!lbuf)
return -ENOMEM;
i = strlen(lbuf);
if (lbuf[i-1] == '\n') {
if (i == 1) {
kfree(lbuf);
return -EINVAL;
}
Reported by FlawFinder.
Line: 1401
Column: 13
CWE codes:
126
lg4ff_set_leds(hid, 0);
name_sz = strlen(dev_name(&hid->dev)) + 8;
for (j = 0; j < 5; j++) {
led = kzalloc(sizeof(struct led_classdev)+name_sz, GFP_KERNEL);
if (!led) {
hid_err(hid, "can't allocate memory for LED %d\n", j);
Reported by FlawFinder.
drivers/gpu/drm/msm/adreno/adreno_gpu.c
3 issues
Line: 399
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (IS_ERR(ptr))
return ERR_CAST(ptr);
memcpy(ptr, &fw->data[4], fw->size - 4);
msm_gem_put_vaddr(bo);
return bo;
}
Reported by FlawFinder.
Line: 531
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (size) {
state->ring[i].data = kvmalloc(size << 2, GFP_KERNEL);
if (state->ring[i].data) {
memcpy(state->ring[i].data, gpu->rb[i]->start, size << 2);
state->ring[i].data_size = size << 2;
}
}
}
Reported by FlawFinder.
Line: 606
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
void *buf;
size_t buf_itr = 0, buffer_size;
char out[ASCII85_BUFSZ];
long l;
int i;
if (!src || !len)
return NULL;
Reported by FlawFinder.
drivers/platform/chrome/cros_usbpd_notify.c
3 issues
Line: 87
CWE codes:
476
msg->insize = insize;
if (outsize)
memcpy(msg->data, outdata, outsize);
ret = cros_ec_cmd_xfer_status(ec_dev, msg);
if (ret < 0)
goto error;
Reported by Cppcheck.
Line: 87
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->insize = insize;
if (outsize)
memcpy(msg->data, outdata, outsize);
ret = cros_ec_cmd_xfer_status(ec_dev, msg);
if (ret < 0)
goto error;
Reported by FlawFinder.
Line: 94
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto error;
if (insize)
memcpy(indata, msg->data, insize);
error:
kfree(msg);
return ret;
}
Reported by FlawFinder.
drivers/rpmsg/qcom_smd.c
3 issues
Line: 1455
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct qcom_smd_edge *edge = to_smd_edge(dev);
return sprintf(buf, "%s\n", edge->name);
}
static DEVICE_ATTR_RO(rpmsg_name);
static struct attribute *qcom_smd_edge_attrs[] = {
&dev_attr_rpmsg_name.attr,
Reported by FlawFinder.
Line: 1092
Column: 2
CWE codes:
120
/* Assign public information to the rpmsg_device */
rpdev = &qsdev->rpdev;
strncpy(rpdev->id.name, channel->name, RPMSG_NAME_SIZE);
rpdev->src = RPMSG_ADDR_ANY;
rpdev->dst = RPMSG_ADDR_ANY;
rpdev->dev.of_node = qcom_smd_match_channel(edge->of_node, channel->name);
rpdev->dev.parent = &edge->dev;
Reported by FlawFinder.
Line: 1323
Column: 3
CWE codes:
120
spin_unlock_irqrestore(&edge->channels_lock, flags);
strncpy(chinfo.name, channel->name, sizeof(chinfo.name));
chinfo.src = RPMSG_ADDR_ANY;
chinfo.dst = RPMSG_ADDR_ANY;
rpmsg_unregister_device(&edge->dev, &chinfo);
channel->registered = false;
spin_lock_irqsave(&edge->channels_lock, flags);
Reported by FlawFinder.
drivers/nvme/host/multipath.c
3 issues
Line: 58
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!multipath)
return false;
if (!ns->head->disk) {
sprintf(disk_name, "nvme%dn%d", ns->ctrl->subsys->instance,
ns->head->instance);
return true;
}
sprintf(disk_name, "nvme%dc%dn%d", ns->ctrl->subsys->instance,
ns->ctrl->instance, ns->head->instance);
Reported by FlawFinder.
Line: 62
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ns->head->instance);
return true;
}
sprintf(disk_name, "nvme%dc%dn%d", ns->ctrl->subsys->instance,
ns->ctrl->instance, ns->head->instance);
*flags = GENHD_FL_HIDDEN;
return true;
}
Reported by FlawFinder.
Line: 464
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return -ENOMEM;
head->disk->fops = &nvme_ns_head_ops;
head->disk->private_data = head;
sprintf(head->disk->disk_name, "nvme%dn%d",
ctrl->subsys->instance, head->instance);
blk_queue_flag_set(QUEUE_FLAG_NONROT, head->disk->queue);
/* set to a default value of 512 until the disk is validated */
blk_queue_logical_block_size(head->disk->queue, 512);
Reported by FlawFinder.
drivers/scsi/bfa/bfad.c
3 issues
Line: 1171
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i, error = 0;
for (i = 0; i < bfad->nvec; i++) {
sprintf(bfad->msix_tab[i].name, "bfa-%s-%s",
bfad->pci_name,
((bfa_asic_id_cb(bfad->hal_pcidev.device_id)) ?
msix_name_cb[i] : msix_name_ct[i]));
error = request_irq(bfad->msix_tab[i].msix.vector,
Reported by FlawFinder.
Line: 1028
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
list_entry) {
struct fc_vport_identifiers vid;
struct fc_vport *fc_vport;
char pwwn_buf[BFA_STRING_32];
memset(&vid, 0, sizeof(vid));
vid.roles = FC_PORT_ROLE_FCP_INITIATOR;
vid.vport_type = FC_PORTTYPE_NPIV;
vid.disable = false;
Reported by FlawFinder.
Line: 1764
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(*bfi_image, fw->data, fw->size);
*bfi_image_size = fw->size/sizeof(u32);
out:
release_firmware(fw);
}
Reported by FlawFinder.
drivers/scsi/bfa/bfa_port.c
3 issues
Line: 91
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
port->stats_busy = BFA_FALSE;
if (status == BFA_STATUS_OK) {
memcpy(port->stats, port->stats_dma.kva,
sizeof(union bfa_port_stats_u));
bfa_port_stats_swap(port, port->stats);
port->stats->fc.secs_reset = ktime_get_seconds() - port->stats_reset_time;
}
Reported by FlawFinder.
Line: 524
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bfa_trc(cee, 0);
if (status == BFA_STATUS_OK) {
bfa_trc(cee, 0);
memcpy(cee->attr, cee->attr_dma.kva,
sizeof(struct bfa_cee_attr_s));
lldp_cfg->time_to_live = be16_to_cpu(lldp_cfg->time_to_live);
lldp_cfg->enabled_system_cap =
be16_to_cpu(lldp_cfg->enabled_system_cap);
}
Reported by FlawFinder.
Line: 557
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bfa_trc(cee, 0);
if (status == BFA_STATUS_OK) {
bfa_trc(cee, 0);
memcpy(cee->stats, cee->stats_dma.kva,
sizeof(struct bfa_cee_stats_s));
/* swap the cee stats */
buffer = (u32 *)cee->stats;
for (i = 0; i < (sizeof(struct bfa_cee_stats_s) /
sizeof(u32)); i++)
Reported by FlawFinder.