The following issues were found
drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c
2 issues
Line: 224
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int gmc_v8_0_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[30];
int err;
DRM_DEBUG("\n");
switch (adev->asic_type) {
Reported by FlawFinder.
Line: 1015
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 vmid = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, VMID);
u32 protections = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS,
PROTECTIONS);
char block[5] = { mc_client >> 24, (mc_client >> 16) & 0xff,
(mc_client >> 8) & 0xff, mc_client & 0xff, 0 };
u32 mc_id;
mc_id = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS,
MEMORY_CLIENT_ID);
Reported by FlawFinder.
drivers/crypto/nx/nx.c
2 issues
Line: 279
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nx_ctx->ap->databytelen/NX_PAGE_SIZE);
if (oiv)
memcpy(oiv, iv, AES_BLOCK_SIZE);
*nbytes = min_t(u64, *nbytes, nx_ctx->ap->databytelen);
nx_outsg = nx_walk_and_build(nx_outsg, max_sg_len, dst,
offset, nbytes);
Reported by FlawFinder.
Line: 688
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* give each context a pointer to global stats and their OF
* properties */
nx_ctx->stats = &nx_driver.stats;
memcpy(nx_ctx->props, nx_driver.of.ap[fc][mode],
sizeof(struct alg_props) * 3);
return 0;
}
Reported by FlawFinder.
drivers/comedi/drivers/jr3_pci.h
2 issues
Line: 731
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct jr3_block {
u32 program_lo[0x4000]; /* 0x00000 - 0x10000 */
struct jr3_sensor sensor; /* 0x10000 - 0x10c00 */
char pad2[0x30000 - 0x00c00]; /* 0x10c00 - 0x40000 */
u32 program_hi[0x8000]; /* 0x40000 - 0x60000 */
u32 reset; /* 0x60000 - 0x60004 */
char pad3[0x20000 - 0x00004]; /* 0x60004 - 0x80000 */
};
Reported by FlawFinder.
Line: 734
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char pad2[0x30000 - 0x00c00]; /* 0x10c00 - 0x40000 */
u32 program_hi[0x8000]; /* 0x40000 - 0x60000 */
u32 reset; /* 0x60000 - 0x60004 */
char pad3[0x20000 - 0x00004]; /* 0x60004 - 0x80000 */
};
Reported by FlawFinder.
drivers/atm/ambassador.h
2 issues
Line: 356
Column: 7
CWE codes:
362
__be32 vc;
__be32 flags;
__be32 rate;
} open;
struct {
__be32 vc;
__be32 rate;
} modify_rate;
struct {
Reported by FlawFinder.
drivers/clk/clk-stm32h7.c
2 issues
Line: 88
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char * const spdifrx_src[] = {
"pll1_q", "pll2_r", "pll3_r", "hsi_ker" };
static const char *spi_src1[5] = {
"pll1_q", "pll2_p", "pll3_p", NULL, "per_ck" };
static const char * const spi_src2[] = {
"pclk2", "pll2_q", "pll3_q", "hsi_ker", "csi_ker", "hse_ck" };
Reported by FlawFinder.
Line: 125
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char * const usart_src2[] = {
"pclk1", "pll2_q", "pll3_q", "hsi_ker", "csi_ker", "lse_ck" };
static const char *sai_src[5] = {
"pll1_q", "pll2_p", "pll3_p", NULL, "per_ck" };
static const char * const adc_src[] = { "pll2_p", "pll3_r", "per_ck" };
/* lptim 2,3,4,5 src */
Reported by FlawFinder.
drivers/char/misc.c
2 issues
Line: 140
Column: 18
CWE codes:
362
err = 0;
replace_fops(file, new_fops);
if (file->f_op->open)
err = file->f_op->open(inode, file);
fail:
mutex_unlock(&misc_mtx);
return err;
}
Reported by FlawFinder.
Line: 141
Column: 21
CWE codes:
362
err = 0;
replace_fops(file, new_fops);
if (file->f_op->open)
err = file->f_op->open(inode, file);
fail:
mutex_unlock(&misc_mtx);
return err;
}
Reported by FlawFinder.
drivers/gpu/drm/drm_file.c
2 issues
Line: 189
Column: 19
CWE codes:
362
drm_prime_init_file_private(&file->prime);
if (dev->driver->open) {
ret = dev->driver->open(dev, file);
if (ret < 0)
goto out_prime_destroy;
}
Reported by FlawFinder.
Line: 190
Column: 22
CWE codes:
362
drm_prime_init_file_private(&file->prime);
if (dev->driver->open) {
ret = dev->driver->open(dev, file);
if (ret < 0)
goto out_prime_destroy;
}
return file;
Reported by FlawFinder.
drivers/crypto/omap-des.c
2 issues
Line: 668
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
return err;
memcpy(ctx->key, key, keylen);
ctx->keylen = keylen;
return 0;
}
Reported by FlawFinder.
Line: 686
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (err)
return err;
memcpy(ctx->key, key, keylen);
ctx->keylen = keylen;
return 0;
}
Reported by FlawFinder.
drivers/clk/clkdev.c
2 issues
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk_lookup_alloc {
struct clk_lookup cl;
char dev_id[MAX_DEV_ID];
char con_id[MAX_CON_ID];
};
static struct clk_lookup * __ref
vclkdev_alloc(struct clk_hw *hw, const char *con_id, const char *dev_fmt,
Reported by FlawFinder.
Line: 153
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk_lookup_alloc {
struct clk_lookup cl;
char dev_id[MAX_DEV_ID];
char con_id[MAX_CON_ID];
};
static struct clk_lookup * __ref
vclkdev_alloc(struct clk_hw *hw, const char *con_id, const char *dev_fmt,
va_list ap)
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/sdma_v2_4.c
2 issues
Line: 134
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sdma_v2_4_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[30];
int err = 0, i;
struct amdgpu_firmware_info *info = NULL;
const struct common_firmware_header *header = NULL;
const struct sdma_firmware_header_v1_0 *hdr;
Reported by FlawFinder.
Line: 878
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring = &adev->sdma.instance[i].ring;
ring->ring_obj = NULL;
ring->use_doorbell = false;
sprintf(ring->name, "sdma%d", i);
r = amdgpu_ring_init(adev, ring, 1024, &adev->sdma.trap_irq,
(i == 0) ? AMDGPU_SDMA_IRQ_INSTANCE0 :
AMDGPU_SDMA_IRQ_INSTANCE1,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
Reported by FlawFinder.