The following issues were found
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c
3 issues
Line: 562
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
#ifdef MODULE
if (THIS_MODULE->version != NULL)
strcpy(vf2pf_info->driver_version, THIS_MODULE->version);
else
#endif
strcpy(vf2pf_info->driver_version, "N/A");
vf2pf_info->pf2vf_version_required = 0; // no requirement, guest understands all
Reported by FlawFinder.
Line: 353
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!data)
return;
memcpy(&data->bps[data->count], bps, pages * sizeof(*data->bps));
data->count += pages;
}
static void amdgpu_virt_ras_reserve_bps(struct amdgpu_device *adev)
{
Reported by FlawFinder.
Line: 565
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(vf2pf_info->driver_version, THIS_MODULE->version);
else
#endif
strcpy(vf2pf_info->driver_version, "N/A");
vf2pf_info->pf2vf_version_required = 0; // no requirement, guest understands all
vf2pf_info->driver_cert = 0;
vf2pf_info->os_info.all = 0;
Reported by FlawFinder.
crypto/crypto_null.c
3 issues
Line: 32
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (slen > *dlen)
return -EINVAL;
memcpy(dst, src, slen);
*dlen = slen;
return 0;
}
static int null_init(struct shash_desc *desc)
Reported by FlawFinder.
Line: 73
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void null_crypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
memcpy(dst, src, NULL_BLOCK_SIZE);
}
static int null_skcipher_crypt(struct skcipher_request *req)
{
struct skcipher_walk walk;
Reported by FlawFinder.
Line: 85
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (walk.nbytes) {
if (walk.src.virt.addr != walk.dst.virt.addr)
memcpy(walk.dst.virt.addr, walk.src.virt.addr,
walk.nbytes);
err = skcipher_walk_done(&walk, 0);
}
return err;
Reported by FlawFinder.
drivers/block/drbd/drbd_debugfs.c
3 issues
Line: 774
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void drbd_debugfs_device_add(struct drbd_device *device)
{
struct dentry *vols_dir = device->resource->debugfs_res_volumes;
char minor_buf[8]; /* MINORMASK, MINORBITS == 20; */
char vnr_buf[8]; /* volume number vnr is even 16 bit only; */
char *slink_name = NULL;
struct dentry *dentry;
if (!vols_dir || !drbd_debugfs_minors)
Reported by FlawFinder.
Line: 775
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dentry *vols_dir = device->resource->debugfs_res_volumes;
char minor_buf[8]; /* MINORMASK, MINORBITS == 20; */
char vnr_buf[8]; /* volume number vnr is even 16 bit only; */
char *slink_name = NULL;
struct dentry *dentry;
if (!vols_dir || !drbd_debugfs_minors)
return;
Reported by FlawFinder.
Line: 831
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dentry *conn_dir = peer_device->connection->debugfs_conn;
struct dentry *dentry;
char vnr_buf[8];
snprintf(vnr_buf, sizeof(vnr_buf), "%u", peer_device->device->vnr);
dentry = debugfs_create_dir(vnr_buf, conn_dir);
peer_device->debugfs_peer_dev = dentry;
}
Reported by FlawFinder.
drivers/firmware/efi/efibc.c
3 issues
Line: 44
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
efibc_str_to_str16(name, entry->var.VariableName);
efibc_str_to_str16(value, (efi_char16_t *)entry->var.Data);
memcpy(&entry->var.VendorGuid, &guid, sizeof(guid));
ret = efivar_entry_set_safe(entry->var.VariableName,
entry->var.VendorGuid,
EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
Reported by FlawFinder.
Line: 18
Column: 18
CWE codes:
126
{
size_t i;
for (i = 0; i < strlen(str); i++)
str16[i] = str[i];
str16[i] = '\0';
}
Reported by FlawFinder.
Line: 29
Column: 17
CWE codes:
126
int ret;
efi_guid_t guid = LINUX_EFI_LOADER_ENTRY_GUID;
struct efivar_entry *entry;
size_t size = (strlen(value) + 1) * sizeof(efi_char16_t);
if (size > sizeof(entry->var.Data)) {
pr_err("value is too large (%zu bytes) for '%s' EFI variable\n", size, name);
return -EINVAL;
}
Reported by FlawFinder.
crypto/vmac.c
3 issues
Line: 501
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Nonce is passed as first VMAC_NONCEBYTES bytes of data */
if (dctx->nonce_size < VMAC_NONCEBYTES) {
n = min(len, VMAC_NONCEBYTES - dctx->nonce_size);
memcpy(&dctx->nonce.bytes[dctx->nonce_size], p, n);
dctx->nonce_size += n;
p += n;
len -= n;
}
Reported by FlawFinder.
Line: 509
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dctx->partial_size) {
n = min(len, VMAC_NHBYTES - dctx->partial_size);
memcpy(&dctx->partial[dctx->partial_size], p, n);
dctx->partial_size += n;
p += n;
len -= n;
if (dctx->partial_size == VMAC_NHBYTES) {
vhash_blocks(tctx, dctx, dctx->partial_words, 1);
Reported by FlawFinder.
Line: 528
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (len) {
memcpy(dctx->partial, p, len);
dctx->partial_size = len;
}
return 0;
}
Reported by FlawFinder.
drivers/block/cryptoloop.c
3 issues
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int err = -EINVAL;
int cipher_len;
int mode_len;
char cms[LO_NAME_SIZE]; /* cipher-mode string */
char *mode;
char *cmsp = cms; /* c-m string pointer */
struct crypto_sync_skcipher *tfm;
/* encryption breaks for non sector aligned offsets */
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memmove(cms, mode, mode_len);
cmsp = cms + mode_len;
*cmsp++ = '(';
memcpy(cmsp, info->lo_crypt_name, cipher_len);
cmsp += cipher_len;
*cmsp++ = ')';
*cmsp = 0;
tfm = crypto_alloc_sync_skcipher(cms, 0, 0);
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
120
if (info->lo_offset % LOOP_IV_SECTOR_SIZE)
goto out;
strncpy(cms, info->lo_crypt_name, LO_NAME_SIZE);
cms[LO_NAME_SIZE - 1] = 0;
cipher_len = strcspn(cmsp, "-");
mode = cmsp + cipher_len;
Reported by FlawFinder.
drivers/block/loop.h
3 issues
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct page *raw_page, unsigned raw_off,
struct page *loop_page, unsigned loop_off,
int size, sector_t real_block);
char lo_file_name[LO_NAME_SIZE];
char lo_crypt_name[LO_NAME_SIZE];
char lo_encrypt_key[LO_KEY_SIZE];
int lo_encrypt_key_size;
struct loop_func_table *lo_encryption;
__u32 lo_init[2];
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct page *loop_page, unsigned loop_off,
int size, sector_t real_block);
char lo_file_name[LO_NAME_SIZE];
char lo_crypt_name[LO_NAME_SIZE];
char lo_encrypt_key[LO_KEY_SIZE];
int lo_encrypt_key_size;
struct loop_func_table *lo_encryption;
__u32 lo_init[2];
kuid_t lo_key_owner; /* Who set the key */
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int size, sector_t real_block);
char lo_file_name[LO_NAME_SIZE];
char lo_crypt_name[LO_NAME_SIZE];
char lo_encrypt_key[LO_KEY_SIZE];
int lo_encrypt_key_size;
struct loop_func_table *lo_encryption;
__u32 lo_init[2];
kuid_t lo_key_owner; /* Who set the key */
int (*ioctl)(struct loop_device *, int cmd,
Reported by FlawFinder.
crypto/cmac.c
3 issues
Line: 132
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* checking the data can fill the block */
if ((ctx->len + len) <= bs) {
memcpy(odds + ctx->len, p, len);
ctx->len += len;
return 0;
}
/* filling odds with new data and encrypting it */
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* filling odds with new data and encrypting it */
memcpy(odds + ctx->len, p, bs - ctx->len);
len -= bs - ctx->len;
p += bs - ctx->len;
crypto_xor(prev, odds, bs);
crypto_cipher_encrypt_one(tfm, prev, prev);
Reported by FlawFinder.
Line: 158
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* keeping the surplus of blocksize */
if (len) {
memcpy(odds, p, len);
ctx->len = len;
}
return 0;
}
Reported by FlawFinder.
drivers/acpi/acpica/utxface.c
3 issues
Line: 178
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stats->sci_count = acpi_sci_count;
stats->gpe_count = acpi_gpe_count;
memcpy(stats->fixed_event_count, acpi_fixed_event_count,
sizeof(acpi_fixed_event_count));
/* Other counters */
stats->method_count = acpi_method_count;
Reported by FlawFinder.
Line: 265
Column: 26
CWE codes:
126
/* Parameter validation */
if (!interface_name || (strlen(interface_name) == 0)) {
return (AE_BAD_PARAMETER);
}
status = acpi_os_acquire_mutex(acpi_gbl_osi_mutex, ACPI_WAIT_FOREVER);
if (ACPI_FAILURE(status)) {
Reported by FlawFinder.
Line: 317
Column: 26
CWE codes:
126
/* Parameter validation */
if (!interface_name || (strlen(interface_name) == 0)) {
return (AE_BAD_PARAMETER);
}
status = acpi_os_acquire_mutex(acpi_gbl_osi_mutex, ACPI_WAIT_FOREVER);
if (ACPI_FAILURE(status)) {
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/atombios_dp.c
3 issues
Line: 156
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tx_buf[3] |= BARE_ADDRESS_SIZE << 4;
else
tx_buf[3] |= tx_size << 4;
memcpy(tx_buf + HEADER_SIZE, msg->buffer, msg->size);
ret = amdgpu_atombios_dp_process_aux_ch(chan,
tx_buf, tx_size, NULL, 0, delay, &ack);
if (ret >= 0)
/* Return payload size. */
ret = msg->size;
Reported by FlawFinder.
Line: 358
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = drm_dp_dpcd_read(&amdgpu_connector->ddc_bus->aux, DP_DPCD_REV,
msg, DP_DPCD_SIZE);
if (ret == DP_DPCD_SIZE) {
memcpy(dig_connector->dpcd, msg, DP_DPCD_SIZE);
DRM_DEBUG_KMS("DPCD: %*ph\n", (int)sizeof(dig_connector->dpcd),
dig_connector->dpcd);
amdgpu_atombios_dp_probe_oui(amdgpu_connector);
Reported by FlawFinder.
Line: 752
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dp_info.tp3_supported = false;
}
memcpy(dp_info.dpcd, dig_connector->dpcd, DP_RECEIVER_CAP_SIZE);
dp_info.adev = adev;
dp_info.encoder = encoder;
dp_info.connector = connector;
dp_info.dp_lane_count = dig_connector->dp_lane_count;
dp_info.dp_clock = dig_connector->dp_clock;
Reported by FlawFinder.