The following issues were found
drivers/gpu/drm/amd/amdgpu/sdma_v3_0.c
2 issues
Line: 271
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sdma_v3_0_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[30];
int err = 0, i;
struct amdgpu_firmware_info *info = NULL;
const struct common_firmware_header *header = NULL;
const struct sdma_firmware_header_v1_0 *hdr;
Reported by FlawFinder.
Line: 1162
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->use_pollmem = true;
}
sprintf(ring->name, "sdma%d", i);
r = amdgpu_ring_init(adev, ring, 1024, &adev->sdma.trap_irq,
(i == 0) ? AMDGPU_SDMA_IRQ_INSTANCE0 :
AMDGPU_SDMA_IRQ_INSTANCE1,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
Reported by FlawFinder.
crypto/asymmetric_keys/x509_public_key.c
2 issues
Line: 214
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
desc = kmalloc(sulen + 2 + srlen * 2 + 1, GFP_KERNEL);
if (!desc)
goto error_free_cert;
p = memcpy(desc, cert->subject, sulen);
p += sulen;
*p++ = ':';
*p++ = ' ';
p = bin2hex(p, q, srlen);
*p = 0;
Reported by FlawFinder.
Line: 201
Column: 10
CWE codes:
126
goto error_free_cert;
/* Propose a description */
sulen = strlen(cert->subject);
if (cert->raw_skid) {
srlen = cert->raw_skid_size;
q = cert->raw_skid;
} else {
srlen = cert->raw_serial_size;
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/sdma_v5_0.c
2 issues
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sdma_v5_0_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[30];
int err = 0, i;
struct amdgpu_firmware_info *info = NULL;
const struct common_firmware_header *header = NULL;
const struct sdma_firmware_header_v1_0 *hdr;
Reported by FlawFinder.
Line: 1299
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
(adev->doorbell_index.sdma_engine[0] << 1) //get DWORD offset
: (adev->doorbell_index.sdma_engine[1] << 1); // get DWORD offset
sprintf(ring->name, "sdma%d", i);
r = amdgpu_ring_init(adev, ring, 1024, &adev->sdma.trap_irq,
(i == 0) ? AMDGPU_SDMA_IRQ_INSTANCE0 :
AMDGPU_SDMA_IRQ_INSTANCE1,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
Reported by FlawFinder.
drivers/ata/pata_octeon_cf.c
2 issues
Line: 369
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rw == READ) {
align_buf[0] = cpu_to_le16(ioread16(data_addr));
memcpy(buffer, align_buf, 1);
} else {
memcpy(align_buf, buffer, 1);
iowrite16(le16_to_cpu(align_buf[0]), data_addr);
}
words++;
Reported by FlawFinder.
Line: 371
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
align_buf[0] = cpu_to_le16(ioread16(data_addr));
memcpy(buffer, align_buf, 1);
} else {
memcpy(align_buf, buffer, 1);
iowrite16(le16_to_cpu(align_buf[0]), data_addr);
}
words++;
}
return buflen;
Reported by FlawFinder.
drivers/char/mwave/mwavepub.h
2 issues
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short uart_enable;
short component_count;
unsigned long component_list[7];
char mwave_os_name[16];
char bios_task_name[16];
} MW_ABILITIES, *pMW_ABILITIES;
typedef struct _MW_READWRITE {
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
short component_count;
unsigned long component_list[7];
char mwave_os_name[16];
char bios_task_name[16];
} MW_ABILITIES, *pMW_ABILITIES;
typedef struct _MW_READWRITE {
unsigned short usDspAddress; /* The dsp address */
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c
2 issues
Line: 422
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
ring = &adev->uvd.inst->ring;
sprintf(ring->name, "uvd");
r = amdgpu_ring_init(adev, ring, 512, &adev->uvd.inst->irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
Line: 435
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (uvd_v6_0_enc_support(adev)) {
for (i = 0; i < adev->uvd.num_enc_rings; ++i) {
ring = &adev->uvd.inst->ring_enc[i];
sprintf(ring->name, "uvd_enc%d", i);
r = amdgpu_ring_init(adev, ring, 512,
&adev->uvd.inst->irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
drivers/clk/imx/clk-imx8qxp-lpcg.c
2 issues
Line: 181
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int imx_lpcg_parse_clks_from_dt(struct platform_device *pdev,
struct device_node *np)
{
const char *output_names[IMX_LPCG_MAX_CLKS];
const char *parent_names[IMX_LPCG_MAX_CLKS];
unsigned int bit_offset[IMX_LPCG_MAX_CLKS];
struct clk_hw_onecell_data *clk_data;
struct clk_hw **clk_hws;
struct resource *res;
Reported by FlawFinder.
Line: 182
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct device_node *np)
{
const char *output_names[IMX_LPCG_MAX_CLKS];
const char *parent_names[IMX_LPCG_MAX_CLKS];
unsigned int bit_offset[IMX_LPCG_MAX_CLKS];
struct clk_hw_onecell_data *clk_data;
struct clk_hw **clk_hws;
struct resource *res;
void __iomem *base;
Reported by FlawFinder.
drivers/char/mwave/tp3780i.c
2 issues
Line: 497
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Fill out Mwave OS and BIOS task names */
memcpy(pAbilities->mwave_os_name, TP_ABILITIES_MWAVEOS_NAME,
sizeof(TP_ABILITIES_MWAVEOS_NAME));
memcpy(pAbilities->bios_task_name, TP_ABILITIES_BIOSTASK_NAME,
sizeof(TP_ABILITIES_BIOSTASK_NAME));
PRINTK_1(TRACE_TP3780I,
Reported by FlawFinder.
Line: 499
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(pAbilities->mwave_os_name, TP_ABILITIES_MWAVEOS_NAME,
sizeof(TP_ABILITIES_MWAVEOS_NAME));
memcpy(pAbilities->bios_task_name, TP_ABILITIES_BIOSTASK_NAME,
sizeof(TP_ABILITIES_BIOSTASK_NAME));
PRINTK_1(TRACE_TP3780I,
"tp3780i::tp3780I_QueryAbilities exit retval=SUCCESSFUL\n");
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/vce_v4_0.c
2 issues
Line: 321
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
~VCE_STATUS__JOB_BUSY_MASK, 0);
/* add end packet */
memcpy((void *)init_table, &end, sizeof(struct mmsch_v1_0_cmd_end));
table_size += sizeof(struct mmsch_v1_0_cmd_end) / 4;
header->vce_table_size = table_size;
}
return vce_v4_0_mmsch_start(adev, &adev->virt.mm_table);
Reported by FlawFinder.
Line: 467
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < adev->vce.num_rings; i++) {
ring = &adev->vce.ring[i];
sprintf(ring->name, "vce%d", i);
if (amdgpu_sriov_vf(adev)) {
/* DOORBELL only works under SRIOV */
ring->use_doorbell = true;
/* currently only use the first encoding ring for sriov,
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/vcn_v1_0.c
2 issues
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return r;
ring = &adev->vcn.inst->ring_dec;
sprintf(ring->name, "vcn_dec");
r = amdgpu_ring_init(adev, ring, 512, &adev->vcn.inst->irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
Reported by FlawFinder.
Line: 149
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < adev->vcn.num_enc_rings; ++i) {
ring = &adev->vcn.inst->ring_enc[i];
sprintf(ring->name, "vcn_enc%d", i);
r = amdgpu_ring_init(adev, ring, 512, &adev->vcn.inst->irq, 0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
return r;
}
Reported by FlawFinder.