The following issues were found
drivers/gpu/drm/amd/pm/amdgpu_dpm.c
2 issues
Line: 1439
Column: 100
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
return;
if (adev->powerplay.pp_funcs->check_state_equal) {
if (0 != amdgpu_dpm_check_state_equal(adev, adev->pm.dpm.current_ps, adev->pm.dpm.requested_ps, &equal))
equal = false;
}
if (equal)
return;
Reported by FlawFinder.
Line: 1443
Column: 6
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
equal = false;
}
if (equal)
return;
amdgpu_dpm_set_power_state(adev);
amdgpu_dpm_post_set_power_state(adev);
Reported by FlawFinder.
crypto/hmac.c
2 issues
Line: 65
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
keylen = ds;
} else
memcpy(ipad, inkey, keylen);
memset(ipad + keylen, 0, bs - keylen);
memcpy(opad, ipad, bs);
for (i = 0; i < bs; i++) {
Reported by FlawFinder.
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(ipad, inkey, keylen);
memset(ipad + keylen, 0, bs - keylen);
memcpy(opad, ipad, bs);
for (i = 0; i < bs; i++) {
ipad[i] ^= HMAC_IPAD_VALUE;
opad[i] ^= HMAC_OPAD_VALUE;
}
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/inc/amdgpu_dpm.h
2 issues
Line: 331
Column: 54
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
#define amdgpu_dpm_dispatch_task(adev, task_id, user_state) \
((adev)->powerplay.pp_funcs->dispatch_tasks)((adev)->powerplay.pp_handle, (task_id), (user_state))
#define amdgpu_dpm_check_state_equal(adev, cps, rps, equal) \
((adev)->powerplay.pp_funcs->check_state_equal((adev)->powerplay.pp_handle, (cps), (rps), (equal)))
#define amdgpu_dpm_get_vce_clock_state(adev, i) \
((adev)->powerplay.pp_funcs->get_vce_clock_state((adev)->powerplay.pp_handle, (i)))
Reported by FlawFinder.
Line: 332
Column: 94
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
((adev)->powerplay.pp_funcs->dispatch_tasks)((adev)->powerplay.pp_handle, (task_id), (user_state))
#define amdgpu_dpm_check_state_equal(adev, cps, rps, equal) \
((adev)->powerplay.pp_funcs->check_state_equal((adev)->powerplay.pp_handle, (cps), (rps), (equal)))
#define amdgpu_dpm_get_vce_clock_state(adev, i) \
((adev)->powerplay.pp_funcs->get_vce_clock_state((adev)->powerplay.pp_handle, (i)))
#define amdgpu_dpm_get_performance_level(adev) \
Reported by FlawFinder.
drivers/devfreq/devfreq-event.c
2 issues
Line: 447
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!edev || !edev->desc)
return -EINVAL;
return sprintf(buf, "%s\n", edev->desc->name);
}
static DEVICE_ATTR_RO(name);
static ssize_t enable_count_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 459
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!edev || !edev->desc)
return -EINVAL;
return sprintf(buf, "%d\n", edev->enable_count);
}
static DEVICE_ATTR_RO(enable_count);
static struct attribute *devfreq_event_attrs[] = {
&dev_attr_name.attr,
Reported by FlawFinder.
drivers/comedi/drivers/ni_tio.h
2 issues
Line: 106
Column: 17
CWE codes:
120
20
struct comedi_device *dev;
void (*write)(struct ni_gpct *counter, unsigned int value,
enum ni_gpct_register);
unsigned int (*read)(struct ni_gpct *counter, enum ni_gpct_register);
enum ni_gpct_variant variant;
struct ni_gpct *counters;
unsigned int num_counters;
unsigned int num_chips;
unsigned int (*regs)[NITIO_NUM_REGS]; /* [num_chips][NITIO_NUM_REGS] */
Reported by FlawFinder.
Line: 121
Column: 20
CWE codes:
120
20
void (*write)(struct ni_gpct *counter,
unsigned int value,
enum ni_gpct_register),
unsigned int (*read)(struct ni_gpct *counter,
enum ni_gpct_register),
enum ni_gpct_variant,
unsigned int num_counters,
unsigned int counters_per_chip,
const struct ni_route_tables *routing_tables);
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/powerplay/hwmgr/hardwaremanager.c
2 issues
Line: 292
Column: 12
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
int phm_check_states_equal(struct pp_hwmgr *hwmgr,
const struct pp_hw_power_state *pstate1,
const struct pp_hw_power_state *pstate2,
bool *equal)
{
PHM_FUNC_CHECK(hwmgr);
if (hwmgr->hwmgr_func->check_states_equal == NULL)
return -EINVAL;
Reported by FlawFinder.
Line: 299
Column: 72
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
if (hwmgr->hwmgr_func->check_states_equal == NULL)
return -EINVAL;
return hwmgr->hwmgr_func->check_states_equal(hwmgr, pstate1, pstate2, equal);
}
int phm_store_dal_configuration_data(struct pp_hwmgr *hwmgr,
const struct amd_pp_display_configuration *display_config)
{
Reported by FlawFinder.
drivers/devfreq/governor_userspace.c
2 issues
Line: 66
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
data = devfreq->data;
if (data->valid)
err = sprintf(buf, "%lu\n", data->user_frequency);
else
err = sprintf(buf, "undefined\n");
mutex_unlock(&devfreq->lock);
return err;
}
Reported by FlawFinder.
Line: 68
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (data->valid)
err = sprintf(buf, "%lu\n", data->user_frequency);
else
err = sprintf(buf, "undefined\n");
mutex_unlock(&devfreq->lock);
return err;
}
static DEVICE_ATTR_RW(set_freq);
Reported by FlawFinder.
crypto/ghash-generic.c
2 issues
Line: 68
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
gf128mul_free_4k(ctx->gf128);
BUILD_BUG_ON(sizeof(k) != GHASH_BLOCK_SIZE);
memcpy(&k, key, GHASH_BLOCK_SIZE); /* avoid violating alignment rules */
ctx->gf128 = gf128mul_init_4k_lle(&k);
memzero_explicit(&k, GHASH_BLOCK_SIZE);
if (!ctx->gf128)
return -ENOMEM;
Reported by FlawFinder.
Line: 138
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 *buf = dctx->buffer;
ghash_flush(ctx, dctx);
memcpy(dst, buf, GHASH_BLOCK_SIZE);
return 0;
}
static void ghash_exit_tfm(struct crypto_tfm *tfm)
Reported by FlawFinder.
crypto/fcrypt.c
2 issues
Line: 259
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
F_ENCRYPT(X.r, X.l, ctx->sched[0xe]);
F_ENCRYPT(X.l, X.r, ctx->sched[0xf]);
memcpy(dst, &X, sizeof(X));
}
/*
* decryptor
*/
Reported by FlawFinder.
Line: 291
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
F_ENCRYPT(X.l, X.r, ctx->sched[0x1]);
F_ENCRYPT(X.r, X.l, ctx->sched[0x0]);
memcpy(dst, &X, sizeof(X));
}
/*
* Generate a key schedule from key, the least significant bit in each key byte
* is parity and shall be ignored. This leaves 56 significant bits in the key
Reported by FlawFinder.
drivers/ata/libata-zpodd.c
2 issues
Line: 38
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int eject_tray(struct ata_device *dev)
{
struct ata_taskfile tf;
static const char cdb[ATAPI_CDB_LEN] = { GPCMD_START_STOP_UNIT,
0, 0, 0,
0x02, /* LoEj */
0, 0, 0, 0, 0, 0, 0,
};
Reported by FlawFinder.
Line: 59
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int ret;
struct rm_feature_desc *desc;
struct ata_taskfile tf;
static const char cdb[ATAPI_CDB_LEN] = { GPCMD_GET_CONFIGURATION,
2, /* only 1 feature descriptor requested */
0, 3, /* 3, removable medium feature */
0, 0, 0,/* reserved */
0, 16,
0, 0, 0,
Reported by FlawFinder.