The following issues were found
drivers/acpi/acpica/exserial.c
2 issues
Line: 17
#include "amlcode.h"
#define _COMPONENT ACPI_EXECUTER
ACPI_MODULE_NAME("exserial")
/*******************************************************************************
*
* FUNCTION: acpi_ex_read_gpio
*
Reported by Cppcheck.
Line: 342
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buffer = buffer_desc->buffer.pointer;
data_length = (buffer_length < source_desc->buffer.length ?
buffer_length : source_desc->buffer.length);
memcpy(buffer, source_desc->buffer.pointer, data_length);
/* Lock entire transaction if requested */
acpi_ex_acquire_global_lock(obj_desc->common_field.field_flags);
Reported by FlawFinder.
drivers/extcon/extcon-usbc-cros-ec.c
2 issues
Line: 81
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg->insize = insize;
if (outsize)
memcpy(msg->data, outdata, outsize);
ret = cros_ec_cmd_xfer_status(info->ec, msg);
if (ret >= 0 && insize)
memcpy(indata, msg->data, insize);
Reported by FlawFinder.
Line: 85
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = cros_ec_cmd_xfer_status(info->ec, msg);
if (ret >= 0 && insize)
memcpy(indata, msg->data, insize);
kfree(msg);
return ret;
}
Reported by FlawFinder.
drivers/firewire/core-cdev.c
2 issues
Line: 546
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (length < rsp->length)
rsp->length = length;
if (rcode == RCODE_COMPLETE)
memcpy(rsp->data, payload, rsp->length);
spin_lock_irqsave(&client->lock, flags);
idr_remove(&client->resource_idr, e->r.resource.handle);
if (client->in_shutdown)
wake_up(&client->tx_flush_wait);
Reported by FlawFinder.
Line: 925
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->interrupt.closure = client->iso_closure;
e->interrupt.cycle = cycle;
e->interrupt.header_length = header_length;
memcpy(e->interrupt.header, header, header_length);
queue_event(client, &e->event, &e->interrupt,
sizeof(e->interrupt) + header_length, NULL, 0);
}
static void iso_mc_callback(struct fw_iso_context *context,
Reported by FlawFinder.
drivers/acpi/acpica/exoparg3.c
2 issues
Line: 17
#include "amlcode.h"
#define _COMPONENT ACPI_EXECUTER
ACPI_MODULE_NAME("exoparg3")
/*!
* Naming convention for AML interpreter execution routines.
*
* The routines that begin execution of AML opcodes are named with a common
Reported by Cppcheck.
Line: 211
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* We have a buffer, copy the portion requested */
memcpy(buffer,
operand[0]->string.pointer + index, length);
}
/* Set the length of the new String/Buffer */
Reported by FlawFinder.
drivers/crypto/cavium/nitrox/nitrox_hal.c
2 issues
Line: 613
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union emu_fuse_map emu_fuse;
union rst_boot rst_boot;
union fus_dat1 fus_dat1;
unsigned char name[IFNAMSIZ * 2] = {};
int i, dead_cores;
u64 offset;
/* get core frequency */
offset = RST_BOOT;
Reported by FlawFinder.
Line: 650
Column: 2
CWE codes:
120
ndev->hw.revision_id);
/* copy partname */
strncpy(ndev->hw.partname, name, sizeof(ndev->hw.partname));
}
void enable_pf2vf_mbox_interrupts(struct nitrox_device *ndev)
{
u64 value = ~0ULL;
Reported by FlawFinder.
drivers/firmware/arm_ffa/bus.c
2 issues
Line: 65
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ffa_device *ffa_dev = to_ffa_dev(dev);
return sprintf(buf, "0x%04x\n", ffa_dev->vm_id);
}
static DEVICE_ATTR_RO(partition_id);
static ssize_t uuid_show(struct device *dev, struct device_attribute *attr,
char *buf)
Reported by FlawFinder.
Line: 74
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct ffa_device *ffa_dev = to_ffa_dev(dev);
return sprintf(buf, "%pUb\n", &ffa_dev->uuid);
}
static DEVICE_ATTR_RO(uuid);
static struct attribute *ffa_device_attributes_attrs[] = {
&dev_attr_partition_id.attr,
Reported by FlawFinder.
drivers/firmware/arm_ffa/driver.c
2 issues
Line: 262
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count = partition_info.a2;
if (buffer && count <= num_partitions)
memcpy(buffer, drv_info->rx_buffer, sizeof(*buffer) * count);
ffa_rx_release();
mutex_unlock(&drv_info->rx_lock);
Reported by FlawFinder.
Line: 563
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (count <= 0)
return -ENOENT;
memcpy(buffer, pbuf, sizeof(*pbuf) * count);
kfree(pbuf);
return 0;
}
static void ffa_mode_32bit_set(struct ffa_device *dev)
Reported by FlawFinder.
drivers/firmware/arm_scmi/base.c
2 issues
Line: 116
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ret = ph->xops->do_xfer(ph, t);
if (!ret)
memcpy(vendor_id, t->rx.buf, size);
ph->xops->xfer_put(ph, t);
return ret;
}
Reported by FlawFinder.
Line: 337
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int id, ret;
u8 *prot_imp;
u32 version;
char name[SCMI_MAX_STR_SIZE];
struct device *dev = ph->dev;
struct scmi_revision_info *rev = scmi_revision_area_get(ph);
ret = ph->xops->version_get(ph, &version);
if (ret)
Reported by FlawFinder.
drivers/gpu/drm/bridge/tc358767.c
2 issues
Line: 308
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u32 auxwdata[DP_AUX_MAX_PAYLOAD_BYTES / sizeof(u32)] = { 0 };
int ret, count = ALIGN(size, sizeof(u32));
memcpy(auxwdata, data, size);
ret = regmap_raw_write(tc->regmap, DP0_AUXWDATA(0), auxwdata, count);
if (ret)
return ret;
Reported by FlawFinder.
Line: 326
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret)
return ret;
memcpy(data, auxrdata, size);
return size;
}
static u32 tc_auxcfg0(struct drm_dp_aux_msg *msg, size_t size)
Reported by FlawFinder.
drivers/ata/pdc_adma.c
2 issues
Line: 362
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* dump out CPB + PRDs for debug */
{
int j, len = 0;
static char obuf[2048];
for (j = 0; j < i; ++j) {
len += sprintf(obuf+len, "%02x ", buf[j]);
if ((j & 7) == 7) {
printk("%s\n", obuf);
len = 0;
Reported by FlawFinder.
Line: 364
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int j, len = 0;
static char obuf[2048];
for (j = 0; j < i; ++j) {
len += sprintf(obuf+len, "%02x ", buf[j]);
if ((j & 7) == 7) {
printk("%s\n", obuf);
len = 0;
}
}
Reported by FlawFinder.