The following issues were found
drivers/acpi/pci_root.c
3 issues
Line: 570
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
root->device = device;
root->segment = segment & 0xFFFF;
strcpy(acpi_device_name(device), ACPI_PCI_ROOT_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_PCI_ROOT_CLASS);
device->driver_data = root;
if (hotadd && dmar_device_add(handle)) {
result = -ENXIO;
Reported by FlawFinder.
Line: 571
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
root->device = device;
root->segment = segment & 0xFFFF;
strcpy(acpi_device_name(device), ACPI_PCI_ROOT_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_PCI_ROOT_CLASS);
device->driver_data = root;
if (hotadd && dmar_device_add(handle)) {
result = -ENXIO;
goto end;
Reported by FlawFinder.
Line: 149
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void decode_osc_bits(struct acpi_pci_root *root, char *msg, u32 word,
struct pci_osc_bit_struct *table, int size)
{
char buf[80];
int i, len = 0;
struct pci_osc_bit_struct *entry;
buf[0] = '\0';
for (i = 0, entry = table; i < size; i++, entry++)
Reported by FlawFinder.
drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c
3 issues
Line: 2765
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (psr_configuration.bits.ENABLE) {
unsigned char dpcdbuf[3] = {0};
union psr_error_status psr_error_status;
union psr_sink_psr_status psr_sink_psr_status;
dm_helpers_dp_read_dpcd(
link->ctx,
Reported by FlawFinder.
Line: 2841
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union phy_test_pattern dpcd_test_pattern;
union lane_adjust dpcd_lane_adjustment[2];
unsigned char dpcd_post_cursor_2_adjustment = 0;
unsigned char test_pattern_buffer[
(DP_TEST_80BIT_CUSTOM_PATTERN_79_72 -
DP_TEST_80BIT_CUSTOM_PATTERN_7_0)+1] = {0};
unsigned int test_pattern_size = 0;
enum dp_test_pattern test_pattern;
struct dc_link_training_settings link_settings;
Reported by FlawFinder.
Line: 4302
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pipe_ctx *pipe_ctx = NULL;
unsigned int lane;
unsigned int i;
unsigned char link_qual_pattern[LANE_COUNT_DP_MAX] = {0};
union dpcd_training_pattern training_pattern;
enum dpcd_phy_test_patterns pattern;
memset(&training_pattern, 0, sizeof(training_pattern));
Reported by FlawFinder.
drivers/clk/pxa/clk-pxa25x.c
3 issues
Line: 47
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
/* Crystal Frequency to Memory Frequency Multiplier (L) */
static unsigned char L_clk_mult[32] = { 0, 27, 32, 36, 40, 45, 0, };
/* Memory Frequency to Run Mode Frequency Multiplier (M) */
static unsigned char M_clk_mult[4] = { 0, 1, 2, 4 };
/* Run Mode Frequency to Turbo Mode Frequency Multiplier (N) */
Reported by FlawFinder.
Line: 50
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned char L_clk_mult[32] = { 0, 27, 32, 36, 40, 45, 0, };
/* Memory Frequency to Run Mode Frequency Multiplier (M) */
static unsigned char M_clk_mult[4] = { 0, 1, 2, 4 };
/* Run Mode Frequency to Turbo Mode Frequency Multiplier (N) */
/* Note: we store the value N * 2 here. */
static unsigned char N2_clk_mult[8] = { 0, 0, 2, 3, 4, 0, 6, 0 };
Reported by FlawFinder.
Line: 54
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Run Mode Frequency to Turbo Mode Frequency Multiplier (N) */
/* Note: we store the value N * 2 here. */
static unsigned char N2_clk_mult[8] = { 0, 0, 2, 3, 4, 0, 6, 0 };
static const char * const get_freq_khz[] = {
"core", "run", "cpll", "memory"
};
Reported by FlawFinder.
drivers/acpi/acpica/tbxface.c
3 issues
Line: 17
#include "actables.h"
#define _COMPONENT ACPI_TABLES
ACPI_MODULE_NAME("tbxface")
/*******************************************************************************
*
* FUNCTION: acpi_allocate_root_table
*
Reported by Cppcheck.
Line: 256
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return (AE_NO_MEMORY);
}
memcpy(out_table_header, header,
sizeof(struct acpi_table_header));
acpi_os_unmap_memory(header,
sizeof(struct
acpi_table_header));
} else {
Reported by FlawFinder.
Line: 265
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return (AE_NOT_FOUND);
}
} else {
memcpy(out_table_header,
acpi_gbl_root_table_list.tables[i].pointer,
sizeof(struct acpi_table_header));
}
return (AE_OK);
}
Reported by FlawFinder.
drivers/crypto/qce/common.c
3 issues
Line: 189
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto go_proc;
if (rctx->first_blk)
memcpy(auth, rctx->digest, digestsize);
else
qce_cpu_to_be32p_array(auth, rctx->digest, digestsize);
iv_words = (IS_SHA1(rctx->flags) || IS_SHA1_HMAC(rctx->flags)) ? 5 : 8;
qce_write_array(qce, REG_AUTH_IV0, (u32 *)auth, iv_words);
Reported by FlawFinder.
Line: 477
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Write default authentication iv */
if (IS_SHA1_HMAC(rctx->flags)) {
auth_ivsize = SHA1_DIGEST_SIZE;
memcpy(authiv, std_iv_sha1, auth_ivsize);
} else if (IS_SHA256_HMAC(rctx->flags)) {
auth_ivsize = SHA256_DIGEST_SIZE;
memcpy(authiv, std_iv_sha256, auth_ivsize);
}
authiv_words = auth_ivsize / sizeof(u32);
Reported by FlawFinder.
Line: 480
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(authiv, std_iv_sha1, auth_ivsize);
} else if (IS_SHA256_HMAC(rctx->flags)) {
auth_ivsize = SHA256_DIGEST_SIZE;
memcpy(authiv, std_iv_sha256, auth_ivsize);
}
authiv_words = auth_ivsize / sizeof(u32);
qce_write_array(qce, REG_AUTH_IV0, (u32 *)authiv, authiv_words);
} else if (IS_CCM(rctx->flags)) {
/* Write nonce for CCM algorithms */
Reported by FlawFinder.
drivers/atm/fore200e.h
3 issues
Line: 840
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum fore200e_state state; /* device state */
char name[16]; /* device name */
struct device *dev;
int irq; /* irq number */
unsigned long phys_base; /* physical base address */
void __iomem * virt_base; /* virtual base address */
Reported by FlawFinder.
Line: 846
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long phys_base; /* physical base address */
void __iomem * virt_base; /* virtual base address */
unsigned char esi[ ESI_LEN ]; /* end system identifier */
struct cp_monitor __iomem * cp_monitor; /* i960 monitor address */
struct cp_queues __iomem * cp_queues; /* cp resident queues */
struct host_cmdq host_cmdq; /* host resident cmd queue */
struct host_txq host_txq; /* host resident tx queue */
Reported by FlawFinder.
Line: 806
Column: 28
CWE codes:
120
20
int descr_alignment; /* tpd/rpd/rbd DMA alignment requirement */
int buffer_alignment; /* rx buffers DMA alignment requirement */
int status_alignment; /* status words DMA alignment requirement */
u32 (*read)(volatile u32 __iomem *);
void (*write)(u32, volatile u32 __iomem *);
int (*configure)(struct fore200e*);
int (*map)(struct fore200e*);
void (*reset)(struct fore200e*);
int (*prom_read)(struct fore200e*, struct prom_data*);
Reported by FlawFinder.
drivers/crypto/allwinner/sun8i-ce/sun8i-ce-prng.c
3 issues
Line: 51
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ctx->seed)
return -ENOMEM;
memcpy(ctx->seed, seed, slen);
ctx->slen = slen;
return 0;
}
Reported by FlawFinder.
Line: 157
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dma_unmap_single(ce->dev, dma_iv, ctx->slen, DMA_TO_DEVICE);
if (!err) {
memcpy(dst, d, dlen);
memcpy(ctx->seed, d + dlen, ctx->slen);
}
memzero_explicit(d, todo);
err_iv:
kfree(d);
Reported by FlawFinder.
Line: 158
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!err) {
memcpy(dst, d, dlen);
memcpy(ctx->seed, d + dlen, ctx->slen);
}
memzero_explicit(d, todo);
err_iv:
kfree(d);
err_mem:
Reported by FlawFinder.
drivers/edac/synopsys_edac.c
3 issues
Line: 1008
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct mem_ctl_info *mci = to_mci(dev);
struct synps_edac_priv *priv = mci->pvt_info;
return sprintf(data, "Data Poisoning: %s\n\r",
(((readl(priv->baseaddr + ECC_CFG1_OFST)) & 0x3) == 0x3)
? ("Correctable Error") : ("UnCorrectable Error"));
}
static ssize_t inject_data_poison_store(struct device *dev,
Reported by FlawFinder.
Line: 320
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct synps_edac_priv {
void __iomem *baseaddr;
char message[SYNPS_EDAC_MSG_SIZE];
struct synps_ecc_status stat;
const struct synps_platform_data *p_data;
u32 ce_cnt;
u32 ue_cnt;
#ifdef CONFIG_EDAC_DEBUG
Reported by FlawFinder.
Line: 979
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct mem_ctl_info *mci = to_mci(dev);
struct synps_edac_priv *priv = mci->pvt_info;
return sprintf(data, "Poison0 Addr: 0x%08x\n\rPoison1 Addr: 0x%08x\n\r"
"Error injection Address: 0x%lx\n\r",
readl(priv->baseaddr + ECC_POISON0_OFST),
readl(priv->baseaddr + ECC_POISON1_OFST),
priv->poison_addr);
}
Reported by FlawFinder.
drivers/acpi/dock.c
3 issues
Line: 284
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void dock_event(struct dock_station *ds, u32 event, int num)
{
struct device *dev = &ds->dock_device->dev;
char event_string[13];
char *envp[] = { event_string, NULL };
struct dock_dependent_device *dd;
if (num == UNDOCK_EVENT)
sprintf(event_string, "EVENT=undock");
Reported by FlawFinder.
Line: 289
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct dock_dependent_device *dd;
if (num == UNDOCK_EVENT)
sprintf(event_string, "EVENT=undock");
else
sprintf(event_string, "EVENT=dock");
/*
* Indicate that the status of the dock station has
Reported by FlawFinder.
Line: 291
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (num == UNDOCK_EVENT)
sprintf(event_string, "EVENT=undock");
else
sprintf(event_string, "EVENT=dock");
/*
* Indicate that the status of the dock station has
* changed.
*/
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
3 issues
Line: 198
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
size = min(sizeof(output), size);
memcpy(&output, info->buffer.pointer, size);
valid_bits = output.flags & output.valid_flags;
kfree(info);
}
Reported by FlawFinder.
Line: 277
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
size = min(sizeof(output), size);
memcpy(&output, info->buffer.pointer, size);
/* TODO: check version? */
printk("ATPX version %u, functions 0x%08x\n",
output.version, output.function_bits);
Reported by FlawFinder.
Line: 608
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static bool amdgpu_atpx_detect(void)
{
char acpi_method_name[255] = { 0 };
struct acpi_buffer buffer = {sizeof(acpi_method_name), acpi_method_name};
struct pci_dev *pdev = NULL;
bool has_atpx = false;
int vga_count = 0;
bool d3_supported = false;
Reported by FlawFinder.