The following issues were found
drivers/clk/at91/sam9x60.c
2 issues
Line: 173
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk_range range = CLK_RANGE(0, 0);
const char *td_slck_name, *md_slck_name, *mainxtal_name;
struct pmc_data *sam9x60_pmc;
const char *parent_names[6];
struct clk_hw *main_osc_hw;
struct regmap *regmap;
struct clk_hw *hw;
int i;
Reported by FlawFinder.
Line: 302
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
parent_names[4] = "pllack_divck";
parent_names[5] = "upllck_divck";
for (i = 0; i < 2; i++) {
char name[6];
snprintf(name, sizeof(name), "prog%d", i);
hw = at91_clk_register_programmable(regmap, name,
parent_names, 6, i,
Reported by FlawFinder.
drivers/ata/pata_ixp4xx_cf.c
2 issues
Line: 71
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rw == READ) {
align_buf[0] = readw(mmio);
memcpy(trailing_buf, align_buf, 1);
} else {
memcpy(align_buf, trailing_buf, 1);
writew(align_buf[0], mmio);
}
words++;
Reported by FlawFinder.
Line: 73
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
align_buf[0] = readw(mmio);
memcpy(trailing_buf, align_buf, 1);
} else {
memcpy(align_buf, trailing_buf, 1);
writew(align_buf[0], mmio);
}
words++;
}
Reported by FlawFinder.
drivers/crypto/cavium/zip/zip_device.c
2 issues
Line: 117
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((consumed + 128) == (ZIP_CMD_QBUF_SIZE - 8)) {
zip_dbg("Cmd queue space available for single command");
/* Space for one cmd, pust it and make it circular queue */
memcpy((u8 *)zip_dev->iq[queue].sw_head, (u8 *)instr,
sizeof(union zip_inst_s));
zip_dev->iq[queue].sw_head += 16; /* 16 64_bit words = 128B */
/* Now, point the "Next-Chunk Buffer Ptr" to sw_head */
ncb_ptr = zip_dev->iq[queue].sw_head;
Reported by FlawFinder.
Line: 144
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
zip_dbg("Enough space is available for commands");
/* Push this cmd to cmd queue buffer */
memcpy((u8 *)zip_dev->iq[queue].sw_head, (u8 *)instr,
sizeof(union zip_inst_s));
zip_dev->iq[queue].sw_head += 16; /* 16 64_bit words = 128B */
zip_dev->iq[queue].pend_cnt++;
}
Reported by FlawFinder.
drivers/acpi/acpica/exnames.c
2 issues
Line: 160
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (name_string) {
ACPI_DEBUG_PRINT((ACPI_DB_NAMES,
"Appending NameSeg %s\n", char_buf));
strcat(name_string, char_buf);
} else {
ACPI_DEBUG_PRINT((ACPI_DB_NAMES,
"No Name string - %s\n", char_buf));
}
} else if (index == 0) {
Reported by FlawFinder.
Line: 128
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *aml_address = (void *)*in_aml_address;
acpi_status status = AE_OK;
u32 index;
char char_buf[5];
ACPI_FUNCTION_TRACE(ex_name_segment);
/*
* If first character is a digit, then we know that we aren't looking
Reported by FlawFinder.
drivers/firmware/broadcom/tee_bnxt_fw.c
2 issues
Line: 168
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return PTR_ERR(core_data);
}
memcpy(buf, core_data, nbytes);
rbytes -= nbytes;
buf += nbytes;
offset += nbytes;
}
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENODEV;
/* Open session with Bnxt load Trusted App */
memcpy(sess_arg.uuid, bnxt_device->id.uuid.b, TEE_IOCTL_UUID_LEN);
sess_arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC;
sess_arg.num_params = 0;
ret = tee_client_open_session(pvt_data.ctx, &sess_arg, NULL);
if (ret < 0 || sess_arg.ret != 0) {
Reported by FlawFinder.
drivers/firmware/dmi-id.c
2 issues
Line: 102
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
char *p;
const struct mafield *f;
strcpy(buffer, "dmi");
p = buffer + 3; left = buffer_size - 4;
for (f = fields; f->prefix && left > 0; f++) {
const char *c;
char *t;
Reported by FlawFinder.
Line: 113
Column: 15
CWE codes:
126
if (!c)
continue;
t = kmalloc(strlen(c) + 1, GFP_KERNEL);
if (!t)
break;
ascii_filter(t, c);
l = scnprintf(p, left, ":%s%s", f->prefix, t);
kfree(t);
Reported by FlawFinder.
drivers/acpi/acpica/exfield.c
2 issues
Line: 210
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"PCC FieldRead bits %u\n",
obj_desc->field.bit_length));
memcpy(buffer,
obj_desc->field.region_obj->field.internal_pcc_buffer +
obj_desc->field.base_byte_offset,
(acpi_size)ACPI_ROUND_BITS_UP_TO_BYTES(obj_desc->field.
bit_length));
Reported by FlawFinder.
Line: 329
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data_length =
(acpi_size)ACPI_ROUND_BITS_UP_TO_BYTES(obj_desc->field.
bit_length);
memcpy(obj_desc->field.region_obj->field.internal_pcc_buffer +
obj_desc->field.base_byte_offset,
source_desc->buffer.pointer, data_length);
if ((obj_desc->field.region_obj->region.address ==
PCC_MASTER_SUBSPACE
Reported by FlawFinder.
drivers/crypto/ccp/ccp-crypto-aes-galois.c
2 issues
Line: 51
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ctx->u.aes.mode = CCP_AES_MODE_GCM;
ctx->u.aes.key_len = key_len;
memcpy(ctx->u.aes.key, key, key_len);
sg_init_one(&ctx->u.aes.key_sg, ctx->u.aes.key, key_len);
return 0;
}
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
/* Prepare the IV: 12 bytes + an integer (counter) */
memcpy(rctx->iv, req->iv, GCM_AES_IV_SIZE);
for (i = 0; i < 3; i++)
rctx->iv[i + GCM_AES_IV_SIZE] = 0;
rctx->iv[AES_BLOCK_SIZE - 1] = 1;
/* Set up a scatterlist for the IV */
Reported by FlawFinder.
drivers/gpu/drm/aspeed/aspeed_gfx_drv.c
2 issues
Line: 279
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (rc)
return rc;
return sprintf(buf, "%u\n", (reg >> 16) & 0x3);
}
static DEVICE_ATTR_RW(dac_mux);
static ssize_t
vga_pw_show(struct device *dev, struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 294
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (rc)
return rc;
return sprintf(buf, "%u\n", reg & 1);
}
static DEVICE_ATTR_RO(vga_pw);
static struct attribute *aspeed_sysfs_entries[] = {
&dev_attr_vga_pw.attr,
Reported by FlawFinder.
drivers/acpi/acpica/exconvrt.c
2 issues
Line: 204
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the integer to the buffer, LSB first */
new_buf = return_desc->buffer.pointer;
memcpy(new_buf, &obj_desc->integer.value,
acpi_gbl_integer_byte_width);
break;
case ACPI_TYPE_STRING:
/*
Reported by FlawFinder.
Line: 228
Column: 3
CWE codes:
120
/* Copy the string to the buffer */
new_buf = return_desc->buffer.pointer;
strncpy((char *)new_buf, (char *)obj_desc->string.pointer,
obj_desc->string.length);
break;
default:
Reported by FlawFinder.