The following issues were found
drivers/gpu/drm/bridge/synopsys/dw-mipi-dsi.c
3 issues
Line: 445
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (len) {
if (len < pld_data_bytes) {
word = 0;
memcpy(&word, tx_buf, len);
dsi_write(dsi, DSI_GEN_PLD_DATA, le32_to_cpu(word));
len = 0;
} else {
memcpy(&word, tx_buf, pld_data_bytes);
dsi_write(dsi, DSI_GEN_PLD_DATA, le32_to_cpu(word));
Reported by FlawFinder.
Line: 449
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dsi_write(dsi, DSI_GEN_PLD_DATA, le32_to_cpu(word));
len = 0;
} else {
memcpy(&word, tx_buf, pld_data_bytes);
dsi_write(dsi, DSI_GEN_PLD_DATA, le32_to_cpu(word));
tx_buf += pld_data_bytes;
len -= pld_data_bytes;
}
Reported by FlawFinder.
Line: 466
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
word = 0;
memcpy(&word, packet->header, sizeof(packet->header));
return dw_mipi_dsi_gen_pkt_hdr_write(dsi, le32_to_cpu(word));
}
static int dw_mipi_dsi_read(struct dw_mipi_dsi *dsi,
const struct mipi_dsi_msg *msg)
Reported by FlawFinder.
drivers/dma/dw/core.c
3 issues
Line: 780
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
/* We have to copy data since dws can be temporary storage */
memcpy(&dwc->dws, dws, sizeof(struct dw_dma_slave));
return true;
}
EXPORT_SYMBOL_GPL(dw_dma_filter);
Reported by FlawFinder.
Line: 791
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct dw_dma_chan *dwc = to_dw_dma_chan(chan);
struct dw_dma *dw = to_dw_dma(chan->device);
memcpy(&dwc->dma_sconfig, sconfig, sizeof(*sconfig));
dwc->dma_sconfig.src_maxburst =
clamp(dwc->dma_sconfig.src_maxburst, 0U, dwc->max_burst);
dwc->dma_sconfig.dst_maxburst =
clamp(dwc->dma_sconfig.dst_maxburst, 0U, dwc->max_burst);
Reported by FlawFinder.
Line: 1114
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = -EINVAL;
goto err_pdata;
} else {
memcpy(dw->pdata, chip->pdata, sizeof(*dw->pdata));
/* Reassign the platform data pointer */
pdata = dw->pdata;
}
Reported by FlawFinder.
drivers/crypto/allwinner/sun4i-ss/sun4i-ss.h
3 issues
Line: 151
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct reset_control *reset;
struct device *dev;
struct resource *res;
char buf[4 * SS_RX_MAX];/* buffer for linearize SG src */
char bufo[4 * SS_TX_MAX]; /* buffer for linearize SG dst */
spinlock_t slock; /* control the use of the device */
#ifdef CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG
u32 seed[SS_SEED_LEN / BITS_PER_LONG];
#endif
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device *dev;
struct resource *res;
char buf[4 * SS_RX_MAX];/* buffer for linearize SG src */
char bufo[4 * SS_TX_MAX]; /* buffer for linearize SG dst */
spinlock_t slock; /* control the use of the device */
#ifdef CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG
u32 seed[SS_SEED_LEN / BITS_PER_LONG];
#endif
struct dentry *dbgfs_dir;
Reported by FlawFinder.
Line: 193
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 mode;
u64 byte_count; /* number of bytes "uploaded" to the device */
u32 hash[5]; /* for storing SS_IVx register */
char buf[64];
unsigned int len;
int flags;
};
int sun4i_hash_crainit(struct crypto_tfm *tfm);
Reported by FlawFinder.
drivers/ata/libata-eh.c
3 issues
Line: 2218
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ata_eh_context *ehc = &link->eh_context;
struct ata_queued_cmd *qc;
const char *frozen, *desc;
char tries_buf[6] = "";
int tag, nr_failed = 0;
if (ehc->i.flags & ATA_EHI_QUIET)
return;
Reported by FlawFinder.
Line: 2292
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ata_qc_for_each_raw(ap, qc, tag) {
struct ata_taskfile *cmd = &qc->tf, *res = &qc->result_tf;
char data_buf[20] = "";
char cdb_buf[70] = "";
if (!(qc->flags & ATA_QCFLAG_FAILED) ||
ata_dev_phys_link(qc->dev) != link || !qc->err_mask)
continue;
Reported by FlawFinder.
Line: 2293
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ata_qc_for_each_raw(ap, qc, tag) {
struct ata_taskfile *cmd = &qc->tf, *res = &qc->result_tf;
char data_buf[20] = "";
char cdb_buf[70] = "";
if (!(qc->flags & ATA_QCFLAG_FAILED) ||
ata_dev_phys_link(qc->dev) != link || !qc->err_mask)
continue;
Reported by FlawFinder.
drivers/crypto/hisilicon/sec/sec_drv.c
3 issues
Line: 871
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mutex_unlock(&msg_ring->lock);
return -EAGAIN;
}
memcpy(msg_ring->vaddr + write, msg, sizeof(*msg));
queue->shadow[write] = ctx;
write = (write + 1) % SEC_QUEUE_LEN;
/* Ensure content updated before queue advance */
wmb();
Reported by FlawFinder.
Line: 862
Column: 13
CWE codes:
120
20
{
struct sec_queue_ring_cmd *msg_ring = &queue->ring_cmd;
void __iomem *base = queue->regs;
u32 write, read;
mutex_lock(&msg_ring->lock);
read = readl(base + SEC_Q_RD_PTR_REG);
write = readl(base + SEC_Q_WR_PTR_REG);
if (write == read && atomic_read(&msg_ring->used) == SEC_QUEUE_LEN) {
Reported by FlawFinder.
Line: 867
Column: 15
CWE codes:
120
20
mutex_lock(&msg_ring->lock);
read = readl(base + SEC_Q_RD_PTR_REG);
write = readl(base + SEC_Q_WR_PTR_REG);
if (write == read && atomic_read(&msg_ring->used) == SEC_QUEUE_LEN) {
mutex_unlock(&msg_ring->lock);
return -EAGAIN;
}
memcpy(msg_ring->vaddr + write, msg, sizeof(*msg));
queue->shadow[write] = ctx;
Reported by FlawFinder.
drivers/cpufreq/cpufreq_stats.c
3 issues
Line: 63
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct cpufreq_stats *stats = policy->stats;
if (READ_ONCE(stats->reset_pending))
return sprintf(buf, "%d\n", 0);
else
return sprintf(buf, "%u\n", stats->total_trans);
}
cpufreq_freq_attr_ro(total_trans);
Reported by FlawFinder.
Line: 65
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (READ_ONCE(stats->reset_pending))
return sprintf(buf, "%d\n", 0);
else
return sprintf(buf, "%u\n", stats->total_trans);
}
cpufreq_freq_attr_ro(total_trans);
static ssize_t show_time_in_state(struct cpufreq_policy *policy, char *buf)
{
Reported by FlawFinder.
Line: 95
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
time += local_clock() - stats->last_time;
}
len += sprintf(buf + len, "%u %llu\n", stats->freq_table[i],
nsec_to_clock_t(time));
}
return len;
}
cpufreq_freq_attr_ro(time_in_state);
Reported by FlawFinder.
drivers/dma/fsl-edma.c
3 issues
Line: 199
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (irq < 0)
return -ENXIO;
sprintf(fsl_edma->chans[i].chan_name, "eDMA2-CH%02d", i);
/* The last IRQ is for eDMA err */
if (i == count - 1)
ret = devm_request_irq(&pdev->dev, irq,
fsl_edma_err_handler,
Reported by FlawFinder.
Line: 323
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
for (i = 0; i < fsl_edma->drvdata->dmamuxs; i++) {
char clkname[32];
res = platform_get_resource(pdev, IORESOURCE_MEM, 1 + i);
fsl_edma->muxbase[i] = devm_ioremap_resource(&pdev->dev, res);
if (IS_ERR(fsl_edma->muxbase[i])) {
/* on error: disable all previously enabled clks */
Reported by FlawFinder.
Line: 333
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return PTR_ERR(fsl_edma->muxbase[i]);
}
sprintf(clkname, "dmamux%d", i);
fsl_edma->muxclk[i] = devm_clk_get(&pdev->dev, clkname);
if (IS_ERR(fsl_edma->muxclk[i])) {
dev_err(&pdev->dev, "Missing DMAMUX block clock.\n");
/* on error: disable all previously enabled clks */
fsl_disable_clocks(fsl_edma, i);
Reported by FlawFinder.
drivers/dma/fsl-qdma.c
3 issues
Line: 808
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i;
int cpu;
int ret;
char irq_name[20];
fsl_qdma->error_irq =
platform_get_irq_byname(pdev, "qdma-error");
if (fsl_qdma->error_irq < 0)
return fsl_qdma->error_irq;
Reported by FlawFinder.
Line: 824
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < fsl_qdma->block_number; i++) {
sprintf(irq_name, "qdma-queue%d", i);
fsl_qdma->queue_irq[i] =
platform_get_irq_byname(pdev, irq_name);
if (fsl_qdma->queue_irq[i] < 0)
return fsl_qdma->queue_irq[i];
Reported by FlawFinder.
Line: 1005
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
list_del(&vdesc->node);
fsl_comp = to_fsl_qdma_comp(vdesc);
memcpy(fsl_queue->virt_head++,
fsl_comp->virt_addr, sizeof(struct fsl_qdma_format));
if (fsl_queue->virt_head == fsl_queue->cq + fsl_queue->n_cq)
fsl_queue->virt_head = fsl_queue->cq;
list_add_tail(&fsl_comp->list, &fsl_queue->comp_used);
Reported by FlawFinder.
drivers/block/paride/paride.h
3 issues
Line: 120
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline u16 pi_swab16( char *b, int k)
{ union { u16 u; char t[2]; } r;
r.t[0]=b[2*k+1]; r.t[1]=b[2*k];
return r.u;
}
Reported by FlawFinder.
Line: 128
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline u32 pi_swab32( char *b, int k)
{ union { u32 u; char f[4]; } r;
r.f[0]=b[4*k+1]; r.f[1]=b[4*k];
r.f[2]=b[4*k+3]; r.f[3]=b[4*k+2];
return r.u;
}
Reported by FlawFinder.
Line: 137
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pi_protocol {
char name[8]; /* name for this protocol */
int index; /* index into protocol table */
int max_mode; /* max mode number */
int epp_first; /* modes >= this use 8 ports */
Reported by FlawFinder.
drivers/block/aoe/aoechr.c
3 issues
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct aoe_chardev {
ulong minor;
char name[32];
};
enum { EMFL_VALID = 1 };
struct ErrMsg {
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ulong flags;
struct aoedev *d;
struct sk_buff *skb;
char buf[16];
if (size >= sizeof buf)
return -EINVAL;
buf[sizeof buf - 1] = '\0';
if (copy_from_user(buf, str, size))
Reported by FlawFinder.
Line: 132
Column: 6
CWE codes:
126
char *mp;
ulong flags, n;
n = strlen(msg);
spin_lock_irqsave(&emsgs_lock, flags);
em = emsgs + emsgs_tail_idx;
if ((em->flags & EMFL_VALID)) {
Reported by FlawFinder.