The following issues were found
drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c
3 issues
Line: 563
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return r;
ring = &adev->uvd.inst->ring;
sprintf(ring->name, "uvd");
r = amdgpu_ring_init(adev, ring, 512, &adev->uvd.inst->irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
Line: 576
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Retrieval firmware validate key */
ptr = adev->uvd.inst[0].cpu_addr;
ptr += 192 + 16;
memcpy(&ucode_len, ptr, 4);
ptr += ucode_len;
memcpy(&adev->uvd.keyselect, ptr, 4);
r = amdgpu_uvd_entity_init(adev);
Reported by FlawFinder.
Line: 578
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr += 192 + 16;
memcpy(&ucode_len, ptr, 4);
ptr += ucode_len;
memcpy(&adev->uvd.keyselect, ptr, 4);
r = amdgpu_uvd_entity_init(adev);
return r;
}
Reported by FlawFinder.
drivers/atm/zatm.c
3 issues
Line: 89
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define EV 64
static const char *ev[EV];
static unsigned long ev_a[EV],ev_b[EV];
static int ec = 0;
static void EVENT(const char *s,unsigned long a,unsigned long b)
Reported by FlawFinder.
Line: 1158
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int eprom_try_esi(struct atm_dev *dev, unsigned short cmd, int offset,
int swap)
{
unsigned char buf[ZEPROM_SIZE];
struct zatm_dev *zatm_dev;
int i;
zatm_dev = ZATM_DEV(dev);
for (i = 0; i < ZEPROM_SIZE; i += 2) {
Reported by FlawFinder.
Line: 1171
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
eprom_get_byte(zatm_dev,buf+i+1-swap,cmd);
eprom_set(zatm_dev,0,cmd); /* deselect EPROM */
}
memcpy(dev->esi,buf+offset,ESI_LEN);
return memcmp(dev->esi,"\0\0\0\0\0",ESI_LEN); /* assumes ESI_LEN == 6 */
}
static void eprom_get_esi(struct atm_dev *dev)
Reported by FlawFinder.
drivers/bluetooth/btbcm.c
3 issues
Line: 33
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define BCM_FW_NAME_LEN 64
#define BCM_FW_NAME_COUNT_MAX 2
/* For kmalloc-ing the fw-name array instead of putting it on the stack */
typedef char bcm_fw_name[BCM_FW_NAME_LEN];
int btbcm_check_bdaddr(struct hci_dev *hdev)
{
struct hci_rp_read_bd_addr *bda;
struct sk_buff *skb;
Reported by FlawFinder.
Line: 136
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (params)
memcpy(params, skb->data + 1, 5);
kfree_skb(skb);
return 0;
}
Reported by FlawFinder.
Line: 434
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct hci_rp_read_local_version *ver;
const struct bcm_subver_table *bcm_subver_table;
const char *hw_name = NULL;
char postfix[16] = "";
int fw_name_count = 0;
bcm_fw_name *fw_name;
const struct firmware *fw;
int i, err;
Reported by FlawFinder.
drivers/acpi/power.c
3 issues
Line: 953
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
INIT_LIST_HEAD(&resource->list_node);
INIT_LIST_HEAD(&resource->dependents);
resource->name = device->pnp.bus_id;
strcpy(acpi_device_name(device), ACPI_POWER_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_POWER_CLASS);
device->power.state = ACPI_STATE_UNKNOWN;
/* Evaluate the object to get the system level and resource order. */
status = acpi_evaluate_object(handle, NULL, NULL, &buffer);
Reported by FlawFinder.
Line: 954
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
INIT_LIST_HEAD(&resource->dependents);
resource->name = device->pnp.bus_id;
strcpy(acpi_device_name(device), ACPI_POWER_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_POWER_CLASS);
device->power.state = ACPI_STATE_UNKNOWN;
/* Evaluate the object to get the system level and resource order. */
status = acpi_evaluate_object(handle, NULL, NULL, &buffer);
if (ACPI_FAILURE(status))
Reported by FlawFinder.
Line: 902
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct acpi_power_resource *resource;
resource = to_power_resource(to_acpi_device(dev));
return sprintf(buf, "%u\n", !!resource->ref_count);
}
static DEVICE_ATTR_RO(resource_in_use);
static void acpi_power_sysfs_remove(struct acpi_device *device)
{
Reported by FlawFinder.
drivers/bluetooth/btmrvl_debugfs.c
3 issues
Line: 58
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct btmrvl_private *priv = file->private_data;
char buf[16];
int ret;
ret = snprintf(buf, sizeof(buf) - 1, "%d\n",
priv->btmrvl_dev.hscfgcmd);
Reported by FlawFinder.
Line: 99
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct btmrvl_private *priv = file->private_data;
char buf[16];
int ret;
ret = snprintf(buf, sizeof(buf) - 1, "%d\n", priv->btmrvl_dev.pscmd);
return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
Reported by FlawFinder.
Line: 137
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct btmrvl_private *priv = file->private_data;
char buf[16];
int ret;
ret = snprintf(buf, sizeof(buf) - 1, "%d\n", priv->btmrvl_dev.hscmd);
return simple_read_from_buffer(userbuf, count, ppos, buf, ret);
Reported by FlawFinder.
drivers/ata/sata_mv.c
3 issues
Line: 4142
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
clk_prepare_enable(hpriv->clk);
for (port = 0; port < n_ports; port++) {
char port_number[16];
sprintf(port_number, "%d", port);
hpriv->port_clks[port] = clk_get(&pdev->dev, port_number);
if (!IS_ERR(hpriv->port_clks[port]))
clk_prepare_enable(hpriv->port_clks[port]);
Reported by FlawFinder.
Line: 4143
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (port = 0; port < n_ports; port++) {
char port_number[16];
sprintf(port_number, "%d", port);
hpriv->port_clks[port] = clk_get(&pdev->dev, port_number);
if (!IS_ERR(hpriv->port_clks[port]))
clk_prepare_enable(hpriv->port_clks[port]);
sprintf(port_number, "port%d", port);
Reported by FlawFinder.
Line: 4148
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!IS_ERR(hpriv->port_clks[port]))
clk_prepare_enable(hpriv->port_clks[port]);
sprintf(port_number, "port%d", port);
hpriv->port_phys[port] = devm_phy_optional_get(&pdev->dev,
port_number);
if (IS_ERR(hpriv->port_phys[port])) {
rc = PTR_ERR(hpriv->port_phys[port]);
hpriv->port_phys[port] = NULL;
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
3 issues
Line: 169
CWE codes:
908
!low ? &clk_freq : NULL);
if (ret)
return 0;
return clk_freq * 100;
}
static u32 smu_get_sclk(void *handle, bool low)
{
struct smu_context *smu = handle;
Reported by Cppcheck.
Line: 183
CWE codes:
908
!low ? &clk_freq : NULL);
if (ret)
return 0;
return clk_freq * 100;
}
static int smu_dpm_set_vcn_enable_locked(struct smu_context *smu,
bool enable)
{
Reported by Cppcheck.
Line: 511
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto failed;
}
memcpy(smu_table->hardcode_pptable, buf, size);
smu_table->power_play_table = smu_table->hardcode_pptable;
smu_table->power_play_table_size = size;
/*
* Special hw_fini action(for Navi1x, the DPMs disablement will be
Reported by FlawFinder.
drivers/amba/bus.c
3 issues
Line: 88
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ssize_t len;
device_lock(_dev);
len = sprintf(buf, "%s\n", dev->driver_override);
device_unlock(_dev);
return len;
}
static ssize_t driver_override_store(struct device *_dev,
Reported by FlawFinder.
Line: 133
Column: 9
CWE codes:
134
Suggestion:
Make format string constant
struct device_attribute *attr, char *buf) \
{ \
struct amba_device *dev = to_amba_device(_dev); \
return sprintf(buf, fmt, arg); \
} \
static DEVICE_ATTR_RO(name)
amba_attr_func(id, "%08x\n", dev->periphid);
amba_attr_func(irq0, "%u\n", dev->irq[0]);
Reported by FlawFinder.
Line: 114
Column: 6
CWE codes:
126
device_lock(_dev);
old = dev->driver_override;
if (strlen(driver_override)) {
dev->driver_override = driver_override;
} else {
kfree(driver_override);
dev->driver_override = NULL;
}
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c
3 issues
Line: 455
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
continue;
if (!amdgpu_sriov_vf(adev)) {
ring = &adev->uvd.inst[j].ring;
sprintf(ring->name, "uvd_%d", ring->me);
r = amdgpu_ring_init(adev, ring, 512,
&adev->uvd.inst[j].irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
Line: 465
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < adev->uvd.num_enc_rings; ++i) {
ring = &adev->uvd.inst[j].ring_enc[i];
sprintf(ring->name, "uvd_enc_%d.%d", ring->me, i);
if (amdgpu_sriov_vf(adev)) {
ring->use_doorbell = true;
/* currently only use the first enconding ring for
* sriov, so set unused location for other unused rings.
Reported by FlawFinder.
Line: 915
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MMSCH_V1_0_INSERT_DIRECT_POLL(SOC15_REG_OFFSET(UVD, i, mmUVD_STATUS), 0x02, 0x02);
}
/* add end packet */
memcpy((void *)init_table, &end, sizeof(struct mmsch_v1_0_cmd_end));
table_size += sizeof(struct mmsch_v1_0_cmd_end) / 4;
header->uvd_table_size = table_size;
}
return uvd_v7_0_mmsch_start(adev, &adev->virt.mm_table);
Reported by FlawFinder.
drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c
3 issues
Line: 491
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
payload[0] = nlanes;
put_unaligned_be16(udelay, payload + 1);
memcpy(payload + 3, lanes_data, nlanes);
mutex_lock(&mhdp->mbox_mutex);
ret = cdns_mhdp_mailbox_send(mhdp, MB_MODULE_ID_DP_TX,
DPTX_ADJUST_LT,
Reported by FlawFinder.
Line: 1007
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cdns_mhdp_device *mhdp,
union phy_configure_opts *phy_cfg)
{
char vs[8] = "0/0/0/0";
char pe[8] = "0/0/0/0";
unsigned int i;
for (i = 0; i < mhdp->link.num_lanes; i++) {
vs[i * 2] = '0' + phy_cfg->dp.voltage[i];
Reported by FlawFinder.
Line: 1008
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union phy_configure_opts *phy_cfg)
{
char vs[8] = "0/0/0/0";
char pe[8] = "0/0/0/0";
unsigned int i;
for (i = 0; i < mhdp->link.num_lanes; i++) {
vs[i * 2] = '0' + phy_cfg->dp.voltage[i];
pe[i * 2] = '0' + phy_cfg->dp.pre[i];
Reported by FlawFinder.