The following issues were found
drivers/acpi/acpica/dbnames.c
3 issues
Line: 355
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
acpi_status acpi_db_find_name_in_namespace(char *name_arg)
{
char acpi_name[5] = "____";
char *acpi_name_ptr = acpi_name;
if (strlen(name_arg) > ACPI_NAMESEG_SIZE) {
acpi_os_printf("Name must be no longer than 4 characters\n");
return (AE_OK);
Reported by FlawFinder.
Line: 406
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const union acpi_predefined_info *predefined;
const union acpi_predefined_info *package = NULL;
char *pathname;
char string_buffer[48];
predefined = acpi_ut_match_predefined_method(node->name.ascii);
if (!predefined) {
return (AE_OK);
}
Reported by FlawFinder.
Line: 358
Column: 6
CWE codes:
126
char acpi_name[5] = "____";
char *acpi_name_ptr = acpi_name;
if (strlen(name_arg) > ACPI_NAMESEG_SIZE) {
acpi_os_printf("Name must be no longer than 4 characters\n");
return (AE_OK);
}
/* Pad out name with underscores as necessary to create a 4-char name */
Reported by FlawFinder.
drivers/crypto/qat/qat_common/adf_cfg_user.h
3 issues
Line: 10
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "adf_cfg_strings.h"
struct adf_user_cfg_key_val {
char key[ADF_CFG_MAX_KEY_LEN_IN_BYTES];
char val[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
union {
struct adf_user_cfg_key_val *next;
__u64 padding3;
};
Reported by FlawFinder.
Line: 11
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct adf_user_cfg_key_val {
char key[ADF_CFG_MAX_KEY_LEN_IN_BYTES];
char val[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
union {
struct adf_user_cfg_key_val *next;
__u64 padding3;
};
enum adf_cfg_val_type type;
Reported by FlawFinder.
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __packed;
struct adf_user_cfg_section {
char name[ADF_CFG_MAX_SECTION_LEN_IN_BYTES];
union {
struct adf_user_cfg_key_val *params;
__u64 padding1;
};
union {
Reported by FlawFinder.
crypto/async_tx/async_raid6_recov.c
3 issues
Line: 162
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int p_off, q_off, a_off, b_off;
struct page *srcs[2];
unsigned int src_offs[2];
unsigned char coef[2];
enum async_tx_flags flags = submit->flags;
dma_async_tx_callback cb_fn = submit->cb_fn;
void *cb_param = submit->cb_param;
void *scribble = submit->scribble;
Reported by FlawFinder.
Line: 212
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int p_off, q_off, g_off, dp_off, dq_off;
struct page *srcs[2];
unsigned int src_offs[2];
unsigned char coef[2];
enum async_tx_flags flags = submit->flags;
dma_async_tx_callback cb_fn = submit->cb_fn;
void *cb_param = submit->cb_param;
void *scribble = submit->scribble;
int good_srcs, good, i;
Reported by FlawFinder.
Line: 303
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int p_off, q_off, dp_off, dq_off;
struct page *srcs[2];
unsigned int src_offs[2];
unsigned char coef[2];
enum async_tx_flags flags = submit->flags;
dma_async_tx_callback cb_fn = submit->cb_fn;
void *cb_param = submit->cb_param;
void *scribble = submit->scribble;
Reported by FlawFinder.
drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
3 issues
Line: 185
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 1 byte event + 1 byte space + 8 bytes seq num +
* 1 byte \n + 1 byte \0 = 12
*/
char fifo_in[12];
int len;
unsigned int event;
if (list_empty(&dev->smi_clients))
return;
Reported by FlawFinder.
Line: 218
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 1 byte : + 16 byte thermal_interupt_counter + 1 byte \n +
* 1 byte \0 = 29
*/
char fifo_in[29];
int len;
if (list_empty(&dev->smi_clients))
return;
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* 1 byte event + 1 byte space + 25 bytes msg + 1 byte \n +
* 1 byte \0 = 29
*/
char fifo_in[29];
int len;
if (list_empty(&dev->smi_clients))
return;
Reported by FlawFinder.
drivers/crypto/keembay/keembay-ocs-hcu-core.c
3 issues
Line: 732
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ocs_hcu_rctx *rctx = ahash_request_ctx(req);
/* Intermediate data is always stored and applied per request. */
memcpy(out, rctx, sizeof(*rctx));
return 0;
}
static int kmb_ocs_hcu_import(struct ahash_request *req, const void *in)
Reported by FlawFinder.
Line: 742
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct ocs_hcu_rctx *rctx = ahash_request_ctx(req);
/* Intermediate data is always stored and applied per request. */
memcpy(rctx, in, sizeof(*rctx));
return 0;
}
static int kmb_ocs_hcu_setkey(struct crypto_ahash *tfm, const u8 *key,
Reported by FlawFinder.
Line: 768
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* - If key is longer, we hash it.
*/
if (keylen <= blk_sz) {
memcpy(ctx->key, key, keylen);
ctx->key_len = keylen;
return 0;
}
switch (digestsize) {
Reported by FlawFinder.
drivers/crypto/cavium/nitrox/nitrox_main.c
3 issues
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct ucode {
u8 id;
char version[VERSION_LEN - 1];
__be32 code_size;
u8 raz[12];
u64 code[];
};
Reported by FlawFinder.
Line: 144
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ucode_data = ucode->code;
/* copy the firmware version */
memcpy(&ndev->hw.fw_name[0][0], ucode->version, (VERSION_LEN - 2));
ndev->hw.fw_name[0][VERSION_LEN - 1] = '\0';
/* Load SE Firmware on UCD Block 0 */
write_to_ucd_unit(ndev, ucode_size, ucode_data, 0);
Reported by FlawFinder.
Line: 195
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ucode_data = ucode->code;
/* copy the firmware version */
memcpy(&ndev->hw.fw_name[1][0], ucode->version, (VERSION_LEN - 2));
ndev->hw.fw_name[1][VERSION_LEN - 1] = '\0';
/* Load AE Firmware on UCD Block 2 */
write_to_ucd_unit(ndev, ucode_size, ucode_data, 2);
Reported by FlawFinder.
drivers/clk/clk-cdce925.c
3 issues
Line: 643
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk_cdce925_chip *data;
struct device_node *node = client->dev.of_node;
const char *parent_name;
const char *pll_clk_name[MAX_NUMBER_OF_PLLS] = {NULL,};
struct clk_init_data init;
u32 value;
int i;
int err;
struct device_node *np_output;
Reported by FlawFinder.
Line: 649
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
int err;
struct device_node *np_output;
char child_name[6];
struct regmap_config config = {
.name = "configuration0",
.reg_bits = 8,
.val_bits = 8,
.cache_type = REGCACHE_RBTREE,
Reported by FlawFinder.
Line: 717
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
dev_err(&client->dev, "Failed register PLL %d\n", i);
goto error;
}
sprintf(child_name, "PLL%d", i+1);
np_output = of_get_child_by_name(node, child_name);
if (!np_output)
continue;
if (!of_property_read_u32(np_output,
"clock-frequency", &value)) {
Reported by FlawFinder.
crypto/rmd160.c
3 issues
Line: 283
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Enough space in buffer? If so copy and we're done */
if (avail > len) {
memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail),
data, len);
goto out;
}
memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail),
Reported by FlawFinder.
Line: 288
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy((char *)rctx->buffer + (sizeof(rctx->buffer) - avail),
data, avail);
rmd160_transform(rctx->state, rctx->buffer);
data += avail;
len -= avail;
Reported by FlawFinder.
Line: 302
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len -= sizeof(rctx->buffer);
}
memcpy(rctx->buffer, data, len);
out:
return 0;
}
Reported by FlawFinder.
drivers/acpi/processor_perflib.c
3 issues
Line: 224
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
result = -EFAULT;
goto end;
}
memcpy(&pr->performance->control_register, obj.buffer.pointer,
sizeof(struct acpi_pct_register));
/*
* status_register
*/
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto end;
}
memcpy(&pr->performance->status_register, obj.buffer.pointer,
sizeof(struct acpi_pct_register));
end:
kfree(buffer.pointer);
Reported by FlawFinder.
Line: 368
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*
* Copy this valid entry over last_invalid entry
*/
memcpy(&(pr->performance->states[last_invalid]),
px, sizeof(struct acpi_processor_px));
++last_invalid;
}
}
}
Reported by FlawFinder.
drivers/gpio/gpio-ws16c48.c
3 issues
Line: 45
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct ws16c48_gpio {
struct gpio_chip chip;
unsigned char io_state[6];
unsigned char out_state[6];
raw_spinlock_t lock;
unsigned long irq_mask;
unsigned long flow_mask;
unsigned base;
Reported by FlawFinder.
Line: 46
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ws16c48_gpio {
struct gpio_chip chip;
unsigned char io_state[6];
unsigned char out_state[6];
raw_spinlock_t lock;
unsigned long irq_mask;
unsigned long flow_mask;
unsigned base;
};
Reported by FlawFinder.
Line: 353
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
#define WS16C48_NGPIO 48
static const char *ws16c48_names[WS16C48_NGPIO] = {
"Port 0 Bit 0", "Port 0 Bit 1", "Port 0 Bit 2", "Port 0 Bit 3",
"Port 0 Bit 4", "Port 0 Bit 5", "Port 0 Bit 6", "Port 0 Bit 7",
"Port 1 Bit 0", "Port 1 Bit 1", "Port 1 Bit 2", "Port 1 Bit 3",
"Port 1 Bit 4", "Port 1 Bit 5", "Port 1 Bit 6", "Port 1 Bit 7",
"Port 2 Bit 0", "Port 2 Bit 1", "Port 2 Bit 2", "Port 2 Bit 3",
Reported by FlawFinder.