The following issues were found
drivers/clk/at91/sama5d2.c
2 issues
Line: 150
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk_range range = CLK_RANGE(0, 0);
const char *slck_name, *mainxtal_name;
struct pmc_data *sama5d2_pmc;
const char *parent_names[6];
struct regmap *regmap, *regmap_sfr;
struct clk_hw *hw;
int i;
bool bypass;
Reported by FlawFinder.
Line: 277
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
parent_names[4] = "masterck_div";
parent_names[5] = "audiopll_pmcck";
for (i = 0; i < 3; i++) {
char name[6];
snprintf(name, sizeof(name), "prog%d", i);
hw = at91_clk_register_programmable(regmap, name,
parent_names, 6, i,
Reported by FlawFinder.
drivers/clk/at91/sama5d3.c
2 issues
Line: 109
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char *slck_name, *mainxtal_name;
struct pmc_data *sama5d3_pmc;
const char *parent_names[5];
struct regmap *regmap;
struct clk_hw *hw;
int i;
bool bypass;
Reported by FlawFinder.
Line: 209
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
parent_names[3] = "utmick";
parent_names[4] = "masterck_div";
for (i = 0; i < 3; i++) {
char name[6];
snprintf(name, sizeof(name), "prog%d", i);
hw = at91_clk_register_programmable(regmap, name,
parent_names, 5, i,
Reported by FlawFinder.
drivers/gpu/drm/drm_managed.c
2 issues
Line: 227
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = strlen(s) + 1;
buf = drmm_kmalloc(dev, size, gfp);
if (buf)
memcpy(buf, s, size);
return buf;
}
EXPORT_SYMBOL_GPL(drmm_kstrdup);
/**
Reported by FlawFinder.
Line: 224
Column: 9
CWE codes:
126
if (!s)
return NULL;
size = strlen(s) + 1;
buf = drmm_kmalloc(dev, size, gfp);
if (buf)
memcpy(buf, s, size);
return buf;
}
Reported by FlawFinder.
drivers/firmware/efi/fdtparams.c
2 issues
Line: 32
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
static __initconst const struct {
const char path[17];
const char params[PARAMCOUNT][26];
} dt_params[] = {
{
#ifdef CONFIG_XEN // <-------17------>
.path = "/hypervisor/uefi",
Reported by FlawFinder.
Line: 33
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static __initconst const struct {
const char path[17];
const char params[PARAMCOUNT][26];
} dt_params[] = {
{
#ifdef CONFIG_XEN // <-------17------>
.path = "/hypervisor/uefi",
.params = {
Reported by FlawFinder.
drivers/clk/ti/clkt_dflt.c
2 issues
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct clk_omap_reg *other_reg,
u8 *other_bit)
{
memcpy(other_reg, &clk->enable_reg, sizeof(*other_reg));
/*
* Convert CM_ICLKEN* <-> CM_FCLKEN*. This conversion assumes
* it's just a matter of XORing the bits.
*/
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct clk_omap_reg *idlest_reg, u8 *idlest_bit,
u8 *idlest_val)
{
memcpy(idlest_reg, &clk->enable_reg, sizeof(*idlest_reg));
idlest_reg->offset &= ~0xf0;
idlest_reg->offset |= 0x20;
*idlest_bit = clk->enable_bit;
Reported by FlawFinder.
drivers/clk/at91/sama5d4.c
2 issues
Line: 124
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk_range range = CLK_RANGE(0, 0);
const char *slck_name, *mainxtal_name;
struct pmc_data *sama5d4_pmc;
const char *parent_names[5];
struct regmap *regmap;
struct clk_hw *hw;
int i;
bool bypass;
Reported by FlawFinder.
Line: 232
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
parent_names[3] = "utmick";
parent_names[4] = "masterck_div";
for (i = 0; i < 3; i++) {
char name[6];
snprintf(name, sizeof(name), "prog%d", i);
hw = at91_clk_register_programmable(regmap, name,
parent_names, 5, i,
Reported by FlawFinder.
drivers/crypto/ccp/ccp-dev.h
2 issues
Line: 344
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ccp_vdata *vdata;
unsigned int ord;
char name[MAX_CCP_NAME_LEN];
char rngname[MAX_CCP_NAME_LEN];
struct device *dev;
struct sp_device *sp;
Reported by FlawFinder.
Line: 345
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ccp_vdata *vdata;
unsigned int ord;
char name[MAX_CCP_NAME_LEN];
char rngname[MAX_CCP_NAME_LEN];
struct device *dev;
struct sp_device *sp;
/* Bus specific device information
Reported by FlawFinder.
drivers/firmware/efi/libstub/fdt.c
2 issues
Line: 89
Column: 29
CWE codes:
126
}
}
if (cmdline_ptr != NULL && strlen(cmdline_ptr) > 0) {
status = fdt_setprop(fdt, node, "bootargs", cmdline_ptr,
strlen(cmdline_ptr) + 1);
if (status)
goto fdt_set_fail;
}
Reported by FlawFinder.
Line: 91
Column: 10
CWE codes:
126
if (cmdline_ptr != NULL && strlen(cmdline_ptr) > 0) {
status = fdt_setprop(fdt, node, "bootargs", cmdline_ptr,
strlen(cmdline_ptr) + 1);
if (status)
goto fdt_set_fail;
}
/* Set initrd address/end in device tree, if present */
Reported by FlawFinder.
drivers/firmware/efi/libstub/string.c
2 issues
Line: 24
Column: 7
CWE codes:
126
{
size_t l1, l2;
l2 = strlen(s2);
if (!l2)
return (char *)s1;
l1 = strlen(s1);
while (l1 >= l2) {
l1--;
Reported by FlawFinder.
Line: 27
Column: 7
CWE codes:
126
l2 = strlen(s2);
if (!l2)
return (char *)s1;
l1 = strlen(s1);
while (l1 >= l2) {
l1--;
if (!memcmp(s1, s2, l2))
return (char *)s1;
s1++;
Reported by FlawFinder.
drivers/crypto/ccp/tee-dev.c
2 issues
Line: 301
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd->cmd_id = cmd_id;
cmd->cmd_state = TEE_CMD_STATE_INIT;
memset(&cmd->buf[0], 0, sizeof(cmd->buf));
memcpy(&cmd->buf[0], buf, len);
/* Indicate driver is waiting for response */
cmd->flag = CMD_WAITING_FOR_RESPONSE;
/* Update local copy of write pointer */
Reported by FlawFinder.
Line: 378
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ret;
}
memcpy(buf, &resp->buf[0], len);
*status = resp->status;
resp->flag = CMD_RESPONSE_COPIED;
return 0;
Reported by FlawFinder.