The following issues were found
drivers/crypto/rockchip/rk3288_crypto_ahash.c
3 issues
Line: 26
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (rk_digest_size) {
case SHA1_DIGEST_SIZE:
memcpy(req->result, sha1_zero_message_hash, rk_digest_size);
break;
case SHA256_DIGEST_SIZE:
memcpy(req->result, sha256_zero_message_hash, rk_digest_size);
break;
case MD5_DIGEST_SIZE:
Reported by FlawFinder.
Line: 29
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(req->result, sha1_zero_message_hash, rk_digest_size);
break;
case SHA256_DIGEST_SIZE:
memcpy(req->result, sha256_zero_message_hash, rk_digest_size);
break;
case MD5_DIGEST_SIZE:
memcpy(req->result, md5_zero_message_hash, rk_digest_size);
break;
default:
Reported by FlawFinder.
Line: 32
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(req->result, sha256_zero_message_hash, rk_digest_size);
break;
case MD5_DIGEST_SIZE:
memcpy(req->result, md5_zero_message_hash, rk_digest_size);
break;
default:
return -EINVAL;
}
Reported by FlawFinder.
drivers/crypto/rockchip/rk3288_crypto_skcipher.c
3 issues
Line: 258
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* And update the IV buffer to contain the next IV for decryption mode.
*/
if (ctx->mode & RK_CRYPTO_DEC) {
memcpy(ctx->iv, src_last_blk, ivsize);
sg_pcopy_to_buffer(dev->first, dev->src_nents, req->iv,
ivsize, dev->total - ivsize);
}
err = dev->load_data(dev, dev->sg_src, dev->sg_dst);
Reported by FlawFinder.
Line: 303
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Update the IV buffer to contain the next IV for encryption mode. */
if (!(ctx->mode & RK_CRYPTO_DEC)) {
if (dev->aligned) {
memcpy(req->iv, sg_virt(dev->sg_dst) +
dev->sg_dst->length - ivsize, ivsize);
} else {
memcpy(req->iv, dev->addr_vir +
dev->count - ivsize, ivsize);
}
Reported by FlawFinder.
Line: 306
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(req->iv, sg_virt(dev->sg_dst) +
dev->sg_dst->length - ivsize, ivsize);
} else {
memcpy(req->iv, dev->addr_vir +
dev->count - ivsize, ivsize);
}
}
}
Reported by FlawFinder.
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c
3 issues
Line: 432
};
static const struct dcn_mpc_registers mpc_regs = {
MPC_COMMON_REG_LIST_DCN1_0(0),
MPC_COMMON_REG_LIST_DCN1_0(1),
MPC_COMMON_REG_LIST_DCN1_0(2),
MPC_COMMON_REG_LIST_DCN1_0(3),
MPC_OUT_MUX_COMMON_REG_LIST_DCN1_0(0),
MPC_OUT_MUX_COMMON_REG_LIST_DCN1_0(1),
Reported by Cppcheck.
Line: 1534
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
dml_init_instance(&dc->dml, &dcn1_0_soc, &dcn1_0_ip, DML_PROJECT_RAVEN1);
memcpy(dc->dcn_ip, &dcn10_ip_defaults, sizeof(dcn10_ip_defaults));
memcpy(dc->dcn_soc, &dcn10_soc_defaults, sizeof(dcn10_soc_defaults));
/* Other architectures we build for build this with soft-float */
dcn10_resource_construct_fp(dc);
Reported by FlawFinder.
Line: 1535
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dml_init_instance(&dc->dml, &dcn1_0_soc, &dcn1_0_ip, DML_PROJECT_RAVEN1);
memcpy(dc->dcn_ip, &dcn10_ip_defaults, sizeof(dcn10_ip_defaults));
memcpy(dc->dcn_soc, &dcn10_soc_defaults, sizeof(dcn10_soc_defaults));
/* Other architectures we build for build this with soft-float */
dcn10_resource_construct_fp(dc);
pool->base.pp_smu = dcn10_pp_smu_create(ctx);
Reported by FlawFinder.
drivers/firmware/meson/meson_sm.c
3 issues
Line: 170
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = bsize;
if (buffer)
memcpy(buffer, fw->sm_shmem_out_base, size);
return ret;
}
EXPORT_SYMBOL(meson_sm_call_read);
Reported by FlawFinder.
Line: 206
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!fw->chip->cmd_shmem_in_base)
return -EINVAL;
memcpy(fw->sm_shmem_in_base, buffer, size);
if (meson_sm_call(fw, cmd_index, &written, arg0, arg1, arg2, arg3, arg4) < 0)
return -EINVAL;
if (!written)
Reported by FlawFinder.
Line: 261
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return ret;
}
ret = sprintf(buf, "%12phN\n", &id_buf[SM_CHIP_ID_OFFSET]);
kfree(id_buf);
return ret;
}
Reported by FlawFinder.
drivers/gpu/drm/drm_cache.c
3 issues
Line: 222
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned long len)
{
if (!dst->is_iomem && !src->is_iomem) {
memcpy(dst->vaddr, src->vaddr, len);
} else if (!src->is_iomem) {
dma_buf_map_memcpy_to(dst, src->vaddr, len);
} else if (!dst->is_iomem) {
memcpy_fromio(dst->vaddr, src->vaddr_iomem, len);
} else {
Reported by FlawFinder.
Line: 233
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* bounce buffer like this is significantly faster than
* resorting to ioreadxx() + iowritexx().
*/
char bounce[MEMCPY_BOUNCE_SIZE];
void __iomem *_src = src->vaddr_iomem;
void __iomem *_dst = dst->vaddr_iomem;
while (len >= MEMCPY_BOUNCE_SIZE) {
memcpy_fromio(bounce, _src, MEMCPY_BOUNCE_SIZE);
Reported by FlawFinder.
Line: 293
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void __drm_memcpy_from_wc(void *dst, const void *src, unsigned long len)
{
if (unlikely(((unsigned long)dst | (unsigned long)src | len) & 15))
memcpy(dst, src, len);
else if (likely(len))
__memcpy_ntdqa(dst, src, len >> 4);
}
/**
Reported by FlawFinder.
drivers/crypto/ccp/ccp-crypto-aes-cmac.c
3 issues
Line: 47
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Update result area if supplied */
if (req->result && rctx->final)
memcpy(req->result, rctx->iv, digest_size);
e_free:
sg_free_table(&rctx->data_sg);
return ret;
Reported by FlawFinder.
Line: 234
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(state.buf, rctx->buf, sizeof(state.buf));
/* 'out' may not be aligned so memcpy from local variable */
memcpy(out, &state, sizeof(state));
return 0;
}
static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
Reported by FlawFinder.
Line: 328
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Save the supplied key */
memset(ctx->u.aes.key, 0, sizeof(ctx->u.aes.key));
memcpy(ctx->u.aes.key, key, key_len);
ctx->u.aes.key_len = key_len;
sg_init_one(&ctx->u.aes.key_sg, ctx->u.aes.key, key_len);
return ret;
}
Reported by FlawFinder.
drivers/acpi/acpica/dbexec.c
3 issues
Line: 390
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
memset(&acpi_gbl_db_method_info, 0, sizeof(struct acpi_db_method_info));
strcpy(name_string, name);
acpi_ut_strupr(name_string);
/* Subcommand to Execute all predefined names in the namespace */
if (!strncmp(name_string, "PREDEF", 6)) {
Reported by FlawFinder.
Line: 378
Column: 27
CWE codes:
126
return;
}
if ((flags & EX_ALL) && (strlen(name) > 4)) {
acpi_os_printf("Input name (%s) must be a 4-char NameSeg\n",
name);
return;
}
Reported by FlawFinder.
Line: 384
Column: 30
CWE codes:
126
return;
}
name_string = ACPI_ALLOCATE(strlen(name) + 1);
if (!name_string) {
return;
}
memset(&acpi_gbl_db_method_info, 0, sizeof(struct acpi_db_method_info));
Reported by FlawFinder.
drivers/char/tlclk.c
3 issues
Line: 289
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret_val = ((inb(TLCLK_REG1) & 0x08) >> 3);
spin_unlock_irqrestore(&event_lock, flags);
return sprintf(buf, "0x%lX\n", ret_val);
}
static DEVICE_ATTR(current_ref, S_IRUGO, show_current_ref, NULL);
Reported by FlawFinder.
Line: 305
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret_val = inb(TLCLK_REG5);
spin_unlock_irqrestore(&event_lock, flags);
return sprintf(buf, "0x%lX\n", ret_val);
}
static DEVICE_ATTR(telclock_version, S_IRUGO,
show_telclock_version, NULL);
Reported by FlawFinder.
Line: 321
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ret_val = (inb(TLCLK_REG2) & 0xf0);
spin_unlock_irqrestore(&event_lock, flags);
return sprintf(buf, "0x%lX\n", ret_val);
}
static DEVICE_ATTR(alarms, S_IRUGO, show_alarms, NULL);
static ssize_t store_received_ref_clk3a(struct device *d,
Reported by FlawFinder.
drivers/acpi/acpica/rsxface.c
3 issues
Line: 141
return_ACPI_STATUS(status);
}
ACPI_EXPORT_SYMBOL(acpi_get_irq_routing_table)
/*******************************************************************************
*
* FUNCTION: acpi_get_current_resources
*
Reported by Cppcheck.
Line: 365
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Simple copy for 64 bit source */
memcpy(out, &resource->data,
sizeof(struct acpi_resource_address64));
break;
default:
Reported by FlawFinder.
Line: 480
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Found the correct resource, copy and return it */
memcpy(buffer->pointer, resource, resource->length);
buffer->length = resource->length;
/* Found the desired descriptor, terminate resource walk */
info->status = AE_OK;
Reported by FlawFinder.
drivers/edac/dmc520_edac.c
3 issues
Line: 369
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool is_ce)
{
struct dmc520_edac *pvt = mci->pvt_info;
char message[DMC520_MSG_BUF_SIZE];
struct ecc_error_info info;
u32 cnt;
dmc520_get_dram_ecc_error_info(pvt, is_ce, &info);
Reported by FlawFinder.
Line: 532
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pvt->reg_base = reg_base;
spin_lock_init(&pvt->error_lock);
memcpy(pvt->irqs, irqs, sizeof(irqs));
memcpy(pvt->masks, masks, sizeof(masks));
platform_set_drvdata(pdev, mci);
mci->pdev = dev;
Reported by FlawFinder.
Line: 533
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pvt->reg_base = reg_base;
spin_lock_init(&pvt->error_lock);
memcpy(pvt->irqs, irqs, sizeof(irqs));
memcpy(pvt->masks, masks, sizeof(masks));
platform_set_drvdata(pdev, mci);
mci->pdev = dev;
mci->mtype_cap = MEM_FLAG_DDR3 | MEM_FLAG_DDR4;
Reported by FlawFinder.