The following issues were found
drivers/remoteproc/remoteproc_sysfs.c
3 issues
Line: 145
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (rproc->state == RPROC_ATTACHED)
firmware = "unknown";
return sprintf(buf, "%s\n", firmware);
}
/* Change firmware name via sysfs */
static ssize_t firmware_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 185
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
unsigned int state;
state = rproc->state > RPROC_LAST ? RPROC_LAST : rproc->state;
return sprintf(buf, "%s\n", rproc_state_string[state]);
}
/* Change remote processor state via sysfs */
static ssize_t state_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 229
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct rproc *rproc = to_rproc(dev);
return sprintf(buf, "%s\n", rproc->name);
}
static DEVICE_ATTR_RO(name);
static struct attribute *rproc_attrs[] = {
&dev_attr_coredump.attr,
Reported by FlawFinder.
drivers/nfc/port100.c
3 issues
Line: 1220
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
timeout = cpu_to_le16(_timeout * 10);
memcpy(skb_push(skb, sizeof(__le16)), &timeout, sizeof(__le16));
return port100_send_cmd_async(dev, PORT100_CMD_IN_COMM_RF, skb,
port100_in_comm_rf_complete, cb_arg);
}
Reported by FlawFinder.
Line: 1442
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->mdaa = 1;
hdr->nfca_param[0] = (params->sens_res >> 8) & 0xFF;
hdr->nfca_param[1] = params->sens_res & 0xFF;
memcpy(hdr->nfca_param + 2, params->nfcid1, 3);
hdr->nfca_param[5] = params->sel_res;
memcpy(hdr->nfcf_param, params->nfcid2, 8);
hdr->nfcf_param[16] = (params->sc >> 8) & 0xFF;
hdr->nfcf_param[17] = params->sc & 0xFF;
hdr->recv_timeout = cpu_to_le16(timeout);
Reported by FlawFinder.
Line: 1444
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->nfca_param[1] = params->sens_res & 0xFF;
memcpy(hdr->nfca_param + 2, params->nfcid1, 3);
hdr->nfca_param[5] = params->sel_res;
memcpy(hdr->nfcf_param, params->nfcid2, 8);
hdr->nfcf_param[16] = (params->sc >> 8) & 0xFF;
hdr->nfcf_param[17] = params->sc & 0xFF;
hdr->recv_timeout = cpu_to_le16(timeout);
return port100_send_cmd_async(dev, PORT100_CMD_TG_COMM_RF, skb,
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/vcn_v2_0.c
3 issues
Line: 137
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->use_doorbell = true;
ring->doorbell_index = adev->doorbell_index.vcn.vcn_ring0_1 << 1;
sprintf(ring->name, "vcn_dec");
r = amdgpu_ring_init(adev, ring, 512, &adev->vcn.inst->irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
Line: 168
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->doorbell_index = (adev->doorbell_index.vcn.vcn_ring0_1 << 1) + 2 + i;
else
ring->doorbell_index = (adev->doorbell_index.vcn.vcn_ring0_1 << 1) + 1 + i;
sprintf(ring->name, "vcn_enc%d", i);
r = amdgpu_ring_init(adev, ring, 512, &adev->vcn.inst->irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
}
Reported by FlawFinder.
Line: 1979
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* add end packet */
tmp = sizeof(struct mmsch_v2_0_cmd_end);
memcpy((void *)init_table, &end, tmp);
table_size += (tmp / 4);
header->vcn_table_size = table_size;
}
return vcn_v2_0_start_mmsch(adev, &adev->virt.mm_table);
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c
3 issues
Line: 190
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->doorbell_index = (adev->doorbell_index.vcn.vcn_ring0_1 << 1) +
(amdgpu_sriov_vf(adev) ? 2*j : 8*j);
sprintf(ring->name, "vcn_dec_%d", j);
r = amdgpu_ring_init(adev, ring, 512, &adev->vcn.inst[j].irq,
0, AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
Line: 203
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->doorbell_index = (adev->doorbell_index.vcn.vcn_ring0_1 << 1) +
(amdgpu_sriov_vf(adev) ? (1 + i + 2*j) : (2 + i + 8*j));
sprintf(ring->name, "vcn_enc_%d.%d", j, i);
r = amdgpu_ring_init(adev, ring, 512,
&adev->vcn.inst[j].irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
Line: 1287
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SOC15_REG_OFFSET(VCN, i, mmUVD_RBC_RB_CNTL), tmp);
/* add end packet */
memcpy((void *)init_table, &end, sizeof(struct mmsch_v1_0_cmd_end));
table_size += sizeof(struct mmsch_v1_0_cmd_end) / 4;
init_table += sizeof(struct mmsch_v1_0_cmd_end) / 4;
/* refine header */
header->eng[i].table_size = table_size;
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c
3 issues
Line: 222
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else {
ring->doorbell_index = (adev->doorbell_index.vcn.vcn_ring0_1 << 1) + 8 * i;
}
sprintf(ring->name, "vcn_dec_%d", i);
r = amdgpu_ring_init(adev, ring, 512, &adev->vcn.inst[i].irq, 0,
AMDGPU_RING_PRIO_DEFAULT,
&adev->vcn.inst[i].sched_score);
if (r)
return r;
Reported by FlawFinder.
Line: 243
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else {
ring->doorbell_index = (adev->doorbell_index.vcn.vcn_ring0_1 << 1) + 2 + j + 8 * i;
}
sprintf(ring->name, "vcn_enc_%d.%d", i, j);
r = amdgpu_ring_init(adev, ring, 512, &adev->vcn.inst[i].irq, 0,
AMDGPU_RING_PRIO_DEFAULT,
&adev->vcn.inst[i].sched_score);
if (r)
return r;
Reported by FlawFinder.
Line: 1450
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Update init table header in memory */
size = sizeof(struct mmsch_v3_0_init_header);
table_loc = (uint32_t *)table->cpu_addr;
memcpy((void *)table_loc, &header, size);
/* message MMSCH (in VCN[0]) to initialize this client
* 1, write to mmsch_vf_ctx_addr_lo/hi register with GPU mc addr
* of memory descriptor location
*/
Reported by FlawFinder.
drivers/acpi/acpica/dsobject.c
3 issues
Line: 19
#include "acinterp.h"
#define _COMPONENT ACPI_DISPATCHER
ACPI_MODULE_NAME("dsobject")
/*******************************************************************************
*
* FUNCTION: acpi_ds_build_internal_object
*
Reported by Cppcheck.
Line: 228
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Initialize buffer from the byte_list (if present) */
if (byte_list) {
memcpy(obj_desc->buffer.pointer, byte_list->named.data,
byte_list_length);
}
}
obj_desc->buffer.flags |= AOPOBJ_DATA_VALID;
Reported by FlawFinder.
Line: 450
Column: 34
CWE codes:
126
case ACPI_TYPE_STRING:
obj_desc->string.pointer = op->common.value.string;
obj_desc->string.length = (u32)strlen(op->common.value.string);
/*
* The string is contained in the ACPI table, don't ever try
* to delete it
*/
Reported by FlawFinder.
drivers/crypto/qat/qat_common/adf_admin.c
3 issues
Line: 127
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EAGAIN;
}
memcpy(admin->virt_addr + offset, in, ADF_ADMINMSG_LEN);
ADF_CSR_WR(mailbox, mb_offset, 1);
ret = read_poll_timeout(ADF_CSR_RD, status, status == 0,
ADF_ADMIN_POLL_DELAY_US,
ADF_ADMIN_POLL_TIMEOUT_US, true,
Reported by FlawFinder.
Line: 143
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Response received from admin message, we can now
* make response data available in "out" parameter.
*/
memcpy(out, admin->virt_addr + offset +
ADF_ADMINMSG_LEN, ADF_ADMINMSG_LEN);
}
mutex_unlock(&admin->lock);
return ret;
Reported by FlawFinder.
Line: 253
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(admin->virt_tbl_addr, const_tab, sizeof(const_tab));
hw_data->get_admin_info(&admin_csrs_info);
mailbox_offset = admin_csrs_info.mailbox_offset;
mailbox = csr + mailbox_offset;
adminmsg_u = admin_csrs_info.admin_msg_ur;
Reported by FlawFinder.
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
3 issues
Line: 169
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scatterwalk_map_and_copy(rctx->backup_iv, areq->src,
offset, ivsize, 0);
}
memcpy(rctx->bounce_iv, areq->iv, ivsize);
rctx->addr_iv = dma_map_single(ce->dev, rctx->bounce_iv, rctx->ivlen,
DMA_TO_DEVICE);
if (dma_mapping_error(ce->dev, rctx->addr_iv)) {
dev_err(ce->dev, "Cannot DMA MAP IV\n");
err = -ENOMEM;
Reported by FlawFinder.
Line: 259
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_unmap_single(ce->dev, rctx->addr_iv, rctx->ivlen, DMA_TO_DEVICE);
offset = areq->cryptlen - ivsize;
if (rctx->op_dir & CE_DECRYPTION) {
memcpy(areq->iv, rctx->backup_iv, ivsize);
kfree_sensitive(rctx->backup_iv);
} else {
scatterwalk_map_and_copy(areq->iv, areq->dst, offset,
ivsize, 0);
}
Reported by FlawFinder.
Line: 322
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_unmap_single(ce->dev, rctx->addr_iv, rctx->ivlen, DMA_TO_DEVICE);
offset = areq->cryptlen - ivsize;
if (rctx->op_dir & CE_DECRYPTION) {
memcpy(areq->iv, rctx->backup_iv, ivsize);
kfree_sensitive(rctx->backup_iv);
} else {
scatterwalk_map_and_copy(areq->iv, areq->dst, offset,
ivsize, 0);
}
Reported by FlawFinder.
drivers/crypto/qat/qat_common/adf_cfg.h
3 issues
Line: 14
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "adf_cfg_strings.h"
struct adf_cfg_key_val {
char key[ADF_CFG_MAX_KEY_LEN_IN_BYTES];
char val[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
enum adf_cfg_val_type type;
struct list_head list;
};
Reported by FlawFinder.
Line: 15
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct adf_cfg_key_val {
char key[ADF_CFG_MAX_KEY_LEN_IN_BYTES];
char val[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
enum adf_cfg_val_type type;
struct list_head list;
};
struct adf_cfg_section {
Reported by FlawFinder.
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct adf_cfg_section {
char name[ADF_CFG_MAX_SECTION_LEN_IN_BYTES];
struct list_head list;
struct list_head param_head;
};
struct adf_cfg_device_data {
Reported by FlawFinder.
drivers/clk/bcm/clk-bcm2835.c
3 issues
Line: 324
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* of_clk_get_parent_name(), which will be used in the
* parent_names[] arrays for clock registration.
*/
const char *real_parent_names[ARRAY_SIZE(cprman_parent_names)];
/* Must be last */
struct clk_hw_onecell_data onecell;
};
Reported by FlawFinder.
Line: 1416
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct bcm2835_clock_data *clock_data = data;
struct bcm2835_clock *clock;
struct clk_init_data init;
const char *parents[1 << CM_SRC_BITS];
size_t i;
int ret;
/*
* Replace our strings referencing parent clocks with the
Reported by FlawFinder.
Line: 2265
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (IS_ERR(cprman->regs))
return PTR_ERR(cprman->regs);
memcpy(cprman->real_parent_names, cprman_parent_names,
sizeof(cprman_parent_names));
of_clk_parent_fill(dev->of_node, cprman->real_parent_names,
ARRAY_SIZE(cprman_parent_names));
/*
Reported by FlawFinder.