The following issues were found
drivers/gpu/drm/amd/pm/powerplay/kv_dpm.c
2 issues
Line: 3238
Column: 11
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
static int kv_check_state_equal(void *handle,
void *current_ps,
void *request_ps,
bool *equal)
{
struct kv_ps *kv_cps;
struct kv_ps *kv_rps;
int i;
struct amdgpu_ps *cps = (struct amdgpu_ps *)current_ps;
Reported by FlawFinder.
Line: 3273
Column: 3
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/* If all performance levels are the same try to use the UVD clocks to break the tie.*/
*equal = ((cps->vclk == rps->vclk) && (cps->dclk == rps->dclk));
*equal &= ((cps->evclk == rps->evclk) && (cps->ecclk == rps->ecclk));
return 0;
}
static int kv_dpm_read_sensor(void *handle, int idx,
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/powerplay/smumgr/ci_smumgr.c
2 issues
Line: 2242
result = ci_program_mem_timing_parameters(hwmgr);
PP_ASSERT_WITH_CODE((result == 0),
"Failed to program memory timing parameters!",
);
return result;
}
Reported by Cppcheck.
Line: 180
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int ci_program_jump_on_start(struct pp_hwmgr *hwmgr)
{
static const unsigned char data[4] = { 0xE0, 0x00, 0x80, 0x40 };
ci_copy_bytes_to_smc(hwmgr, 0x0, data, 4, sizeof(data)+1);
return 0;
}
Reported by FlawFinder.
drivers/comedi/drivers/rtd520.c
2 issues
Line: 359
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int fifosz;
/* 8254 Timer/Counter gate and clock sources */
unsigned char timer_gate_src[3];
unsigned char timer_clk_src[3];
};
/* bit defines for "flags" */
#define SEND_EOS 0x01 /* send End Of Scan events */
Reported by FlawFinder.
Line: 360
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* 8254 Timer/Counter gate and clock sources */
unsigned char timer_gate_src[3];
unsigned char timer_clk_src[3];
};
/* bit defines for "flags" */
#define SEND_EOS 0x01 /* send End Of Scan events */
#define DMA0_ACTIVE 0x02 /* DMA0 is active */
Reported by FlawFinder.
drivers/clk/rockchip/clk-pll.c
2 issues
Line: 857
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rockchip_pll_rate_table *rate_table,
unsigned long flags, u8 clk_pll_flags)
{
const char *pll_parents[3];
struct clk_init_data init;
struct rockchip_clk_pll *pll;
struct clk_mux *pll_mux;
struct clk *pll_clk, *mux_clk;
char pll_name[20];
Reported by FlawFinder.
Line: 862
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rockchip_clk_pll *pll;
struct clk_mux *pll_mux;
struct clk *pll_clk, *mux_clk;
char pll_name[20];
if ((pll_type != pll_rk3328 && num_parents != 2) ||
(pll_type == pll_rk3328 && num_parents != 1)) {
pr_err("%s: needs two parent clocks\n", __func__);
return ERR_PTR(-EINVAL);
Reported by FlawFinder.
drivers/dma-buf/sw_sync.c
2 issues
Line: 51
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct sw_sync_create_fence_data {
__u32 value;
char name[32];
__s32 fence; /* fd of new fence */
};
#define SW_SYNC_IOC_MAGIC 'W'
Reported by FlawFinder.
Line: 296
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sw_sync_debugfs_open(struct inode *inode, struct file *file)
{
struct sync_timeline *obj;
char task_comm[TASK_COMM_LEN];
get_task_comm(task_comm, current);
obj = sync_timeline_create(task_comm);
if (!obj)
Reported by FlawFinder.
drivers/char/tpm/st33zp24/spi.c
2 issues
Line: 121
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
phy->tx_buf[total_length++] = tpm_size;
}
memcpy(&phy->tx_buf[total_length], tpm_data, tpm_size);
total_length += tpm_size;
memset(&phy->tx_buf[total_length], TPM_DUMMY_BYTE, phy->latency);
spi_xfer.len = total_length + phy->latency;
Reported by FlawFinder.
Line: 169
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (tpm_size > 0 && ret == 0) {
ret = phy->rx_buf[total_length + phy->latency - 1];
memcpy(tpm_data, phy->rx_buf + total_length + phy->latency,
tpm_size);
}
return ret;
} /* st33zp24_spi_read8_reg() */
Reported by FlawFinder.
drivers/char/tpm/tpm-interface.c
2 issues
Line: 170
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* transformed, so when we restore the header we also have to
* restore the handles.
*/
memcpy(save, buf, save_size);
for (;;) {
ret = tpm_try_transmit(chip, buf, bufsiz);
if (ret < 0)
break;
Reported by FlawFinder.
Line: 196
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
tpm_msleep(delay_msec);
delay_msec *= 2;
memcpy(buf, save, save_size);
}
return ret;
}
/**
Reported by FlawFinder.
drivers/dma/altera-msgdma.c
2 issues
Line: 466
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct msgdma_device *mdev = to_mdev(dchan);
memcpy(&mdev->slave_cfg, config, sizeof(*config));
return 0;
}
static void msgdma_reset(struct msgdma_device *mdev)
Reported by FlawFinder.
Line: 518
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* sure this control word is written last by single coding it and
* adding some write-barriers here.
*/
memcpy((void __force *)hw_desc, &desc->hw_desc,
sizeof(desc->hw_desc) - sizeof(u32));
/* Write control word last to flush this descriptor into the FIFO */
mdev->idle = false;
wmb();
Reported by FlawFinder.
drivers/ata/sata_promise.c
2 issues
Line: 552
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* append the CDB as the final part */
buf[30] = (((cdb_len >> 1) & 7) << 5) | ATA_REG_DATA | PDC_LAST_REG;
memcpy(buf+31, cdb, cdb_len);
}
/**
* pdc_fill_sg - Fill PCI IDE PRD table
* @qc: Metadata associated with taskfile to be transferred
Reported by FlawFinder.
Line: 675
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned int pdc_port_no_to_ata_no(unsigned int port_no,
int is_sataii_tx4)
{
static const unsigned char sataii_tx4_port_remap[4] = { 3, 1, 0, 2};
return is_sataii_tx4 ? sataii_tx4_port_remap[port_no] : port_no;
}
static unsigned int pdc_sata_nr_ports(const struct ata_port *ap)
{
Reported by FlawFinder.
drivers/char/tpm/tpm1-cmd.c
2 issues
Line: 568
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rc = -EFAULT;
goto out;
}
memcpy(dest, out->rng_data, recd);
dest += recd;
total += recd;
num_bytes -= recd;
Reported by FlawFinder.
Line: 605
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto out;
}
memcpy(res_buf, &buf.data[TPM_HEADER_SIZE], TPM_DIGEST_SIZE);
out:
tpm_buf_destroy(&buf);
return rc;
}
Reported by FlawFinder.