The following issues were found
drivers/bluetooth/bluecard_cs.c
2 issues
Line: 369
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int offset)
{
unsigned int iobase;
unsigned char buf[31];
int i, len;
if (!info) {
BT_ERR("Unknown device");
return;
Reported by FlawFinder.
Line: 667
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Prepend skb with frame type */
memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
skb_queue_tail(&(info->txq), skb);
bluecard_write_wakeup(info);
return 0;
Reported by FlawFinder.
drivers/char/tpm/tpm_ibmvtpm.c
2 issues
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
spin_lock(&ibmvtpm->rtce_lock);
memcpy((void *)buf, (void *)ibmvtpm->rtce_buf, len);
memset(ibmvtpm->rtce_buf, 0, len);
ibmvtpm->res_len = 0;
spin_unlock(&ibmvtpm->rtce_lock);
return len;
}
Reported by FlawFinder.
Line: 234
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock(&ibmvtpm->rtce_lock);
ibmvtpm->res_len = 0;
memcpy((void *)ibmvtpm->rtce_buf, (void *)buf, count);
/*
* set the processing flag before the Hcall, since we may get the
* result (interrupt) before even being able to check rc.
*/
Reported by FlawFinder.
drivers/cpufreq/sa1110-cpufreq.c
2 issues
Line: 33
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#undef DEBUG
struct sdram_params {
const char name[20];
u_char rows; /* bits */
u_char cas_latency; /* cycles */
u_char tck; /* clock cycle time (ns) */
u_char trcd; /* activate to r/w (ns) */
u_char trp; /* precharge to activate (ns) */
Reported by FlawFinder.
Line: 334
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return NULL;
}
static char sdram_name[16];
static int __init sa1110_clk_init(void)
{
struct sdram_params *sdram;
const char *name = sdram_name;
Reported by FlawFinder.
drivers/dma/mv_xor.h
2 issues
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int slots_allocated;
struct tasklet_struct irq_tasklet;
int op_in_desc;
char dummy_src[MV_XOR_MIN_BYTE_COUNT];
char dummy_dst[MV_XOR_MIN_BYTE_COUNT];
dma_addr_t dummy_src_addr, dummy_dst_addr;
u32 saved_config_reg, saved_int_mask_reg;
struct mv_xor_device *xordev;
Reported by FlawFinder.
Line: 124
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tasklet_struct irq_tasklet;
int op_in_desc;
char dummy_src[MV_XOR_MIN_BYTE_COUNT];
char dummy_dst[MV_XOR_MIN_BYTE_COUNT];
dma_addr_t dummy_src_addr, dummy_dst_addr;
u32 saved_config_reg, saved_int_mask_reg;
struct mv_xor_device *xordev;
};
Reported by FlawFinder.
drivers/bluetooth/btmtkuart.c
2 issues
Line: 169
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hdr->op = wmt_params->op;
hdr->dlen = cpu_to_le16(wmt_params->dlen + 1);
hdr->flag = wmt_params->flag;
memcpy(wc.data, wmt_params->data, wmt_params->dlen);
set_bit(BTMTKUART_TX_WAIT_VND_EVT, &bdev->tx_state);
err = __hci_cmd_send(hdev, 0xfc6f, hlen, &wc);
if (err < 0) {
Reported by FlawFinder.
Line: 868
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int err, dlen, type = 0;
/* Prepend skb with frame type */
memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
/* Make sure that there is enough rooms for STP header and trailer */
if (unlikely(skb_headroom(skb) < sizeof(*shdr)) ||
(skb_tailroom(skb) < MTK_STP_TLR_SIZE)) {
err = pskb_expand_head(skb, sizeof(*shdr), MTK_STP_TLR_SIZE,
Reported by FlawFinder.
drivers/base/arch_topology.c
2 issues
Line: 424
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init parse_core(struct device_node *core, int package_id,
int core_id)
{
char name[20];
bool leaf = true;
int i = 0;
int cpu;
struct device_node *t;
Reported by FlawFinder.
Line: 470
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int __init parse_cluster(struct device_node *cluster, int depth)
{
char name[20];
bool leaf = true;
bool has_cores = false;
struct device_node *c;
static int package_id __initdata;
int core_id = 0;
Reported by FlawFinder.
drivers/char/tpm/tpm_tis_spi_cr50.c
2 issues
Line: 232
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
int i, len = 0;
char fw_ver[TPM_CR50_MAX_FW_VER_LEN + 1];
char fw_ver_block[4];
/*
* Write anything to TPM_CR50_FW_VER to start from the beginning
* of the version string
Reported by FlawFinder.
Line: 233
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tpm_tis_spi_phy *phy = to_tpm_tis_spi_phy(data);
int i, len = 0;
char fw_ver[TPM_CR50_MAX_FW_VER_LEN + 1];
char fw_ver_block[4];
/*
* Write anything to TPM_CR50_FW_VER to start from the beginning
* of the version string
*/
Reported by FlawFinder.
drivers/clk/samsung/clk-s5pv210-audss.c
2 issues
Line: 67
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i, ret = 0;
struct resource *res;
const char *mout_audss_p[2];
const char *mout_i2s_p[3];
const char *hclk_p;
struct clk_hw **clk_table;
struct clk *hclk, *pll_ref, *pll_in, *cdclk, *sclk_audio;
Reported by FlawFinder.
Line: 68
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, ret = 0;
struct resource *res;
const char *mout_audss_p[2];
const char *mout_i2s_p[3];
const char *hclk_p;
struct clk_hw **clk_table;
struct clk *hclk, *pll_ref, *pll_in, *cdclk, *sclk_audio;
res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
Reported by FlawFinder.
drivers/cpuidle/cpuidle-psci.c
2 issues
Line: 317
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
drv->states[0].exit_latency = 1;
drv->states[0].target_residency = 1;
drv->states[0].power_usage = UINT_MAX;
strcpy(drv->states[0].name, "WFI");
strcpy(drv->states[0].desc, "ARM WFI");
/*
* If no DT idle states are detected (ret == 0) let the driver
* initialization fail accordingly since there is no reason to
Reported by FlawFinder.
Line: 318
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
drv->states[0].target_residency = 1;
drv->states[0].power_usage = UINT_MAX;
strcpy(drv->states[0].name, "WFI");
strcpy(drv->states[0].desc, "ARM WFI");
/*
* If no DT idle states are detected (ret == 0) let the driver
* initialization fail accordingly since there is no reason to
* initialize the idle driver if only wfi is supported, the
Reported by FlawFinder.
drivers/auxdisplay/ht16k33.c
2 issues
Line: 164
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p1 = fbdev->cache + first;
p2 = fbdev->buffer + first;
if (!i2c_smbus_write_i2c_block_data(priv->client, first, len, p2))
memcpy(p1, p2, len);
requeue:
ht16k33_fb_queue(priv);
}
static int ht16k33_initialize(struct ht16k33_priv *priv)
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
input_sync(keypad->dev);
memcpy(keypad->last_key_state, new_state, sizeof(u16) * keypad->cols);
return pressed;
}
static irqreturn_t ht16k33_keypad_irq_thread(int irq, void *dev)
Reported by FlawFinder.