The following issues were found
drivers/bus/mhi/core/main.c
2 issues
Line: 203
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
if (buf_info->dir == DMA_TO_DEVICE)
memcpy(buf, buf_info->v_addr, buf_info->len);
buf_info->bb_addr = buf;
return 0;
}
Reported by FlawFinder.
Line: 221
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct mhi_buf_info *buf_info)
{
if (buf_info->dir == DMA_FROM_DEVICE)
memcpy(buf_info->v_addr, buf_info->bb_addr, buf_info->len);
mhi_free_coherent(mhi_cntrl, buf_info->len, buf_info->bb_addr,
buf_info->p_addr);
}
Reported by FlawFinder.
drivers/dma/sh/rcar-dmac.c
2 issues
Line: 1766
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct platform_device *pdev = to_platform_device(dmac->dev);
struct dma_chan *chan = &rchan->chan;
char pdev_irqname[5];
char *irqname;
int ret;
rchan->mid_rid = -EINVAL;
Reported by FlawFinder.
Line: 1781
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
INIT_LIST_HEAD(&rchan->desc.wait);
/* Request the channel interrupt. */
sprintf(pdev_irqname, "ch%u", rchan->index);
rchan->irq = platform_get_irq_byname(pdev, pdev_irqname);
if (rchan->irq < 0)
return -ENODEV;
irqname = devm_kasprintf(dmac->dev, GFP_KERNEL, "%s:%u",
Reported by FlawFinder.
drivers/dma/sh/usb-dmac.c
2 issues
Line: 712
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int index)
{
struct platform_device *pdev = to_platform_device(dmac->dev);
char pdev_irqname[5];
char *irqname;
int ret;
uchan->index = index;
uchan->iomem = dmac->iomem + USB_DMAC_CHAN_OFFSET(index);
Reported by FlawFinder.
Line: 720
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
uchan->iomem = dmac->iomem + USB_DMAC_CHAN_OFFSET(index);
/* Request the channel interrupt. */
sprintf(pdev_irqname, "ch%u", index);
uchan->irq = platform_get_irq_byname(pdev, pdev_irqname);
if (uchan->irq < 0)
return -ENODEV;
irqname = devm_kasprintf(dmac->dev, GFP_KERNEL, "%s:%u",
Reported by FlawFinder.
drivers/char/xillybus/xillybus_class.c
2 issues
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *private_data;
struct cdev *cdev;
char name[UNITNAMELEN];
int major;
int lowest_minor;
int num_nodes;
};
Reported by FlawFinder.
Line: 52
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rc;
dev_t mdev;
int i;
char devname[48];
struct device *device;
size_t namelen;
struct xilly_unit *unit, *u;
Reported by FlawFinder.
drivers/dma/st_fdma.h
2 issues
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct st_fdma_driverdata {
u32 id;
char name[NAME_SZ];
};
struct st_fdma_desc {
struct virt_dma_desc vdesc;
struct st_fdma_chan *fchan;
Reported by FlawFinder.
Line: 145
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long dreq_mask;
u32 nr_channels;
char fw_name[FW_NAME_SIZE];
};
/* Peripheral Registers*/
#define FDMA_CMD_STA_OFST 0xFC0
Reported by FlawFinder.
drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h
2 issues
Line: 144
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @trng: The CE_ALG_XXX value for the TRNG
*/
struct ce_variant {
char alg_cipher[CE_ID_CIPHER_MAX];
char alg_hash[CE_ID_HASH_MAX];
u32 op_mode[CE_ID_OP_MAX];
bool cipher_t_dlen_in_bytes;
bool hash_t_dlen_in_bits;
bool prng_t_dlen_in_bytes;
Reported by FlawFinder.
Line: 145
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct ce_variant {
char alg_cipher[CE_ID_CIPHER_MAX];
char alg_hash[CE_ID_HASH_MAX];
u32 op_mode[CE_ID_OP_MAX];
bool cipher_t_dlen_in_bytes;
bool hash_t_dlen_in_bits;
bool prng_t_dlen_in_bytes;
bool trng_t_dlen_in_bytes;
Reported by FlawFinder.
drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c
2 issues
Line: 152
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
scatterwalk_map_and_copy(backup_iv, areq->src, offset,
ivsize, 0);
}
memcpy(rctx->biv, areq->iv, ivsize);
rctx->p_iv = dma_map_single(ss->dev, rctx->biv, rctx->ivlen,
DMA_TO_DEVICE);
if (dma_mapping_error(ss->dev, rctx->p_iv)) {
dev_err(ss->dev, "Cannot DMA MAP IV\n");
err = -ENOMEM;
Reported by FlawFinder.
Line: 253
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rctx->biv) {
offset = areq->cryptlen - ivsize;
if (rctx->op_dir & SS_DECRYPTION) {
memcpy(areq->iv, backup_iv, ivsize);
kfree_sensitive(backup_iv);
} else {
scatterwalk_map_and_copy(areq->iv, areq->dst, offset,
ivsize, 0);
}
Reported by FlawFinder.
drivers/gpu/drm/amd/pm/powerplay/smumgr/vega10_smumgr.c
2 issues
Line: 65
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
amdgpu_asic_invalidate_hdp(adev, NULL);
memcpy(table, priv->smu_tables.entry[table_id].table,
priv->smu_tables.entry[table_id].size);
return 0;
}
Reported by FlawFinder.
Line: 90
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
PP_ASSERT_WITH_CODE(priv->smu_tables.entry[table_id].size != 0,
"Invalid SMU Table Length!", return -EINVAL);
memcpy(priv->smu_tables.entry[table_id].table, table,
priv->smu_tables.entry[table_id].size);
amdgpu_asic_flush_hdp(adev, NULL);
smum_send_msg_to_smc_with_parameter(hwmgr,
Reported by FlawFinder.
drivers/crypto/allwinner/sun8i-ss/sun8i-ss.h
2 issues
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @ss_clks: list of clock needed by this variant
*/
struct ss_variant {
char alg_cipher[SS_ID_CIPHER_MAX];
char alg_hash[SS_ID_HASH_MAX];
u32 op_mode[SS_ID_OP_MAX];
struct ss_clock ss_clks[SS_MAX_CLOCKS];
};
Reported by FlawFinder.
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct ss_variant {
char alg_cipher[SS_ID_CIPHER_MAX];
char alg_hash[SS_ID_HASH_MAX];
u32 op_mode[SS_ID_OP_MAX];
struct ss_clock ss_clks[SS_MAX_CLOCKS];
};
struct sginfo {
Reported by FlawFinder.
drivers/dma/tegra20-apb-dma.c
2 issues
Line: 183
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* tegra_dma_channel: Channel specific information */
struct tegra_dma_channel {
struct dma_chan dma_chan;
char name[12];
bool config_init;
unsigned int id;
void __iomem *chan_addr;
spinlock_t lock;
bool busy;
Reported by FlawFinder.
Line: 345
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EBUSY;
}
memcpy(&tdc->dma_sconfig, sconfig, sizeof(*sconfig));
if (tdc->slave_id == TEGRA_APBDMA_SLAVE_ID_INVALID &&
sconfig->device_fc) {
if (sconfig->slave_id > TEGRA_APBDMA_CSR_REQ_SEL_MASK)
return -EINVAL;
tdc->slave_id = sconfig->slave_id;
Reported by FlawFinder.