The following issues were found
drivers/clk/qcom/krait-cc.c
2 issues
Line: 81
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.ops = &krait_div2_clk_ops,
.flags = CLK_SET_RATE_PARENT,
};
const char *p_names[1];
struct clk *clk;
div = devm_kzalloc(dev, sizeof(*div), GFP_KERNEL);
if (!div)
return -ENOMEM;
Reported by FlawFinder.
Line: 174
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret;
struct krait_mux_clk *mux;
const char *p_names[3];
struct clk_init_data init = {
.parent_names = p_names,
.num_parents = ARRAY_SIZE(p_names),
.ops = &krait_mux_clk_ops,
.flags = CLK_SET_RATE_PARENT,
Reported by FlawFinder.
drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c
2 issues
Line: 64
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mode_lib->vba.soc = mode_lib->soc;
mode_lib->vba.ip = mode_lib->ip;
memcpy(mode_lib->vba.cache_pipes, pipes, sizeof(*pipes) * num_pipes);
mode_lib->vba.cache_num_pipes = num_pipes;
if (need_recalculate && pipes[0].clks_cfg.dppclk_mhz != 0)
mode_lib->funcs.recalculate(mode_lib);
else {
Reported by FlawFinder.
Line: 765
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(display_e2e_pipe_params_st) * num_pipes) != 0) {
mode_lib->vba.soc = mode_lib->soc;
mode_lib->vba.ip = mode_lib->ip;
memcpy(mode_lib->vba.cache_pipes, pipes, sizeof(*pipes) * num_pipes);
mode_lib->vba.cache_num_pipes = num_pipes;
mode_lib->funcs.recalculate(mode_lib);
}
}
Reported by FlawFinder.
drivers/gpu/drm/amd/display/dc/dsc/rc_calc_dpi.c
2 issues
Line: 54
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
to->first_line_bpg_offset = from->first_line_bpg_offset;
to->second_line_bpg_offset = from->second_line_bpg_offset;
to->initial_offset = from->initial_offset;
memcpy(&to->rc_buf_thresh, &from->rc_buf_thresh, sizeof(from->rc_buf_thresh));
memcpy(&to->rc_range_params, &from->rc_range_params, sizeof(from->rc_range_params));
to->rc_model_size = from->rc_model_size;
to->flatness_min_qp = from->flatness_min_qp;
to->flatness_max_qp = from->flatness_max_qp;
to->initial_scale_value = from->initial_scale_value;
Reported by FlawFinder.
Line: 55
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
to->second_line_bpg_offset = from->second_line_bpg_offset;
to->initial_offset = from->initial_offset;
memcpy(&to->rc_buf_thresh, &from->rc_buf_thresh, sizeof(from->rc_buf_thresh));
memcpy(&to->rc_range_params, &from->rc_range_params, sizeof(from->rc_range_params));
to->rc_model_size = from->rc_model_size;
to->flatness_min_qp = from->flatness_min_qp;
to->flatness_max_qp = from->flatness_max_qp;
to->initial_scale_value = from->initial_scale_value;
to->scale_decrement_interval = from->scale_decrement_interval;
Reported by FlawFinder.
drivers/crypto/virtio/virtio_crypto_algs.c
2 issues
Line: 447
CWE codes:
758
AES_BLOCK_SIZE, 0);
sg_init_one(&iv_sg, iv, ivsize);
sgs[num_out++] = &iv_sg;
vc_sym_req->iv = iv;
/* Source data */
for (sg = req->src; src_nents; sg = sg_next(sg), src_nents--)
sgs[num_out++] = sg;
Reported by Cppcheck.
Line: 440
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
err = -ENOMEM;
goto free;
}
memcpy(iv, req->iv, ivsize);
if (!vc_sym_req->encrypt)
scatterwalk_map_and_copy(req->iv, req->src,
req->cryptlen - AES_BLOCK_SIZE,
AES_BLOCK_SIZE, 0);
Reported by FlawFinder.
drivers/char/hw_random/cctrng.c
2 issues
Line: 232
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cnt_w = CIRC_CNT_TO_END(drvdata->circ.head,
drvdata->circ.tail, CCTRNG_DATA_BUF_WORDS);
size = min((cnt_w<<2), max);
memcpy(data, &(buf[drvdata->circ.tail]), size);
copied = size;
circ_idx_inc(&drvdata->circ.tail, size);
/* copy rest of data in data buffer */
left = max - copied;
if (left > 0) {
Reported by FlawFinder.
Line: 241
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cnt_w = CIRC_CNT(drvdata->circ.head,
drvdata->circ.tail, CCTRNG_DATA_BUF_WORDS);
size = min((cnt_w<<2), left);
memcpy(data, &(buf[drvdata->circ.tail]), size);
copied += size;
circ_idx_inc(&drvdata->circ.tail, size);
}
spin_unlock(&drvdata->read_lock);
Reported by FlawFinder.
crypto/michael_mic.c
2 issues
Line: 68
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int flen = 4 - mctx->pending_len;
if (flen > len)
flen = len;
memcpy((u8 *)&mctx->pending + mctx->pending_len, data, flen);
mctx->pending_len += flen;
data += flen;
len -= flen;
if (mctx->pending_len < 4)
Reported by FlawFinder.
Line: 90
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > 0) {
mctx->pending_len = len;
memcpy(&mctx->pending, data, len);
}
return 0;
}
Reported by FlawFinder.
drivers/cxl/core.c
2 issues
Line: 252
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
device_lock(&port->dev);
list_for_each_entry(dport, &port->dports, list) {
char link_name[CXL_TARGET_STRLEN];
if (snprintf(link_name, CXL_TARGET_STRLEN, "dport%d",
dport->port_id) >= CXL_TARGET_STRLEN)
continue;
sysfs_remove_link(&port->dev.kobj, link_name);
Reported by FlawFinder.
Line: 415
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cxl_add_dport(struct cxl_port *port, struct device *dport_dev, int port_id,
resource_size_t component_reg_phys)
{
char link_name[CXL_TARGET_STRLEN];
struct cxl_dport *dport;
int rc;
if (snprintf(link_name, CXL_TARGET_STRLEN, "dport%d", port_id) >=
CXL_TARGET_STRLEN)
Reported by FlawFinder.
drivers/bluetooth/hci_bcm.c
2 issues
Line: 608
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
btbcm_read_pcm_int_params(hu->hdev, ¶ms);
memcpy(¶ms, bcm->dev->pcm_int_params, 5);
btbcm_write_pcm_int_params(hu->hdev, ¶ms);
}
err = btbcm_finalize(hu->hdev, &fw_load_done);
if (err)
Reported by FlawFinder.
Line: 702
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bt_dev_dbg(hu->hdev, "hu %p skb %p", hu, skb);
/* Prepend skb with frame type */
memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
skb_queue_tail(&bcm->txq, skb);
return 0;
}
Reported by FlawFinder.
crypto/keywrap.c
2 issues
Line: 142
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
/* Place the IV into block A */
memcpy(&block.A, req->iv, SEMIBSIZE);
/*
* src scatterlist is read-only. dst scatterlist is r/w. During the
* first loop, src points to req->src and dst to req->dst. For any
* subsequent round, the code operates on req->dst only.
Reported by FlawFinder.
Line: 257
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* establish the IV for the caller to pick up */
memcpy(req->iv, &block.A, SEMIBSIZE);
memzero_explicit(&block, sizeof(struct crypto_kw_block));
return 0;
}
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/powerplay/smumgr/vega12_smumgr.c
2 issues
Line: 73
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
amdgpu_asic_invalidate_hdp(adev, NULL);
memcpy(table, priv->smu_tables.entry[table_id].table,
priv->smu_tables.entry[table_id].size);
return 0;
}
Reported by FlawFinder.
Line: 98
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
PP_ASSERT_WITH_CODE(priv->smu_tables.entry[table_id].size != 0,
"Invalid SMU Table Length!", return -EINVAL);
memcpy(priv->smu_tables.entry[table_id].table, table,
priv->smu_tables.entry[table_id].size);
amdgpu_asic_flush_hdp(adev, NULL);
PP_ASSERT_WITH_CODE(smum_send_msg_to_smc_with_parameter(hwmgr,
Reported by FlawFinder.