The following issues were found
drivers/crypto/ccree/cc_buffer_mgr.c
2 issues
Line: 1174
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto unmap_curr_buff;
if (src && mapped_nents == 1 &&
areq_ctx->data_dma_buf_type == CC_DMA_BUF_NULL) {
memcpy(areq_ctx->buff_sg, src,
sizeof(struct scatterlist));
areq_ctx->buff_sg->length = nbytes;
areq_ctx->curr_sg = areq_ctx->buff_sg;
areq_ctx->data_dma_buf_type = CC_DMA_BUF_DLLI;
} else {
Reported by FlawFinder.
Line: 1287
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (mapped_nents == 1 &&
areq_ctx->data_dma_buf_type == CC_DMA_BUF_NULL) {
/* only one entry in the SG and no previous data */
memcpy(areq_ctx->buff_sg, src,
sizeof(struct scatterlist));
areq_ctx->buff_sg->length = update_data_len;
areq_ctx->data_dma_buf_type = CC_DMA_BUF_DLLI;
areq_ctx->curr_sg = areq_ctx->buff_sg;
} else {
Reported by FlawFinder.
drivers/gpu/drm/bridge/adv7511/adv7511_drv.c
2 issues
Line: 586
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (block % 2 == 0)
memcpy(buf, adv7511->edid_buf, len);
else
memcpy(buf, adv7511->edid_buf + 128, len);
return 0;
}
Reported by FlawFinder.
Line: 588
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (block % 2 == 0)
memcpy(buf, adv7511->edid_buf, len);
else
memcpy(buf, adv7511->edid_buf + 128, len);
return 0;
}
/* -----------------------------------------------------------------------------
Reported by FlawFinder.
drivers/firmware/efi/runtime-map.c
2 issues
Line: 123
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return ERR_PTR(-ENOMEM);
}
memcpy(&entry->md, md, sizeof(efi_memory_desc_t));
kobject_init(&entry->kobj, &map_ktype);
entry->kobj.kset = map_kset;
ret = kobject_add(&entry->kobj, NULL, "%d", nr);
if (ret) {
Reported by FlawFinder.
Line: 155
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (sz > bufsz)
sz = bufsz;
memcpy(buf, efi.memmap.map, sz);
return 0;
}
int __init efi_runtime_map_init(struct kobject *efi_kobj)
{
Reported by FlawFinder.
drivers/firmware/efi/runtime-wrappers.c
2 issues
Line: 106
Column: 27
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
void efi_call_virt_check_flags(unsigned long flags, const char *call)
{
unsigned long cur_flags, mismatch;
cur_flags = efi_call_virt_save_flags();
mismatch = flags ^ cur_flags;
if (!WARN_ON_ONCE(mismatch & ARCH_EFI_IRQ_FLAGS_MASK))
Reported by FlawFinder.
Line: 111
Column: 20
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
cur_flags = efi_call_virt_save_flags();
mismatch = flags ^ cur_flags;
if (!WARN_ON_ONCE(mismatch & ARCH_EFI_IRQ_FLAGS_MASK))
return;
add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_NOW_UNRELIABLE);
pr_err_ratelimited(FW_BUG "IRQ flags corrupted (0x%08lx=>0x%08lx) by EFI %s\n",
flags, cur_flags, call);
Reported by FlawFinder.
drivers/clk/uniphier/clk-uniphier.h
2 issues
Line: 26
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct uniphier_clk_cpugear_data {
const char *parent_names[UNIPHIER_CLK_CPUGEAR_MAX_PARENTS];
unsigned int num_parents;
unsigned int regbase;
unsigned int mask;
};
Reported by FlawFinder.
Line: 49
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct uniphier_clk_mux_data {
const char *parent_names[UNIPHIER_CLK_MUX_MAX_PARENTS];
unsigned int num_parents;
unsigned int reg;
unsigned int masks[UNIPHIER_CLK_MUX_MAX_PARENTS];
unsigned int vals[UNIPHIER_CLK_MUX_MAX_PARENTS];
};
Reported by FlawFinder.
drivers/crypto/ccree/cc_driver.h
2 issues
Line: 171
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct cc_alg_template {
char name[CRYPTO_MAX_ALG_NAME];
char driver_name[CRYPTO_MAX_ALG_NAME];
unsigned int blocksize;
union {
struct skcipher_alg skcipher;
struct aead_alg aead;
Reported by FlawFinder.
Line: 172
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cc_alg_template {
char name[CRYPTO_MAX_ALG_NAME];
char driver_name[CRYPTO_MAX_ALG_NAME];
unsigned int blocksize;
union {
struct skcipher_alg skcipher;
struct aead_alg aead;
} template_u;
Reported by FlawFinder.
drivers/crypto/ccree/cc_request_mgr.c
2 issues
Line: 436
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(&bli->creq, cc_req, sizeof(*cc_req));
memcpy(&bli->desc, desc, len * sizeof(*desc));
bli->len = len;
bli->notif = false;
cc_enqueue_backlog(drvdata, bli);
return -EBUSY;
Reported by FlawFinder.
Line: 437
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(&bli->creq, cc_req, sizeof(*cc_req));
memcpy(&bli->desc, desc, len * sizeof(*desc));
bli->len = len;
bli->notif = false;
cc_enqueue_backlog(drvdata, bli);
return -EBUSY;
}
Reported by FlawFinder.
drivers/acpi/pci_link.c
2 issues
Line: 721
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return -ENOMEM;
link->device = device;
strcpy(acpi_device_name(device), ACPI_PCI_LINK_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_PCI_LINK_CLASS);
device->driver_data = link;
mutex_lock(&acpi_link_lock);
result = acpi_pci_link_get_possible(link);
Reported by FlawFinder.
Line: 722
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
link->device = device;
strcpy(acpi_device_name(device), ACPI_PCI_LINK_DEVICE_NAME);
strcpy(acpi_device_class(device), ACPI_PCI_LINK_CLASS);
device->driver_data = link;
mutex_lock(&acpi_link_lock);
result = acpi_pci_link_get_possible(link);
if (result)
Reported by FlawFinder.
drivers/firmware/qcom_scm.c
2 issues
Line: 466
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_err(__scm->dev, "Allocation of metadata buffer failed.\n");
return -ENOMEM;
}
memcpy(mdata_buf, metadata, size);
ret = qcom_scm_clk_enable();
if (ret)
goto free_metadata;
Reported by FlawFinder.
Line: 1053
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GFP_KERNEL);
if (!keybuf)
return -ENOMEM;
memcpy(keybuf, key, key_size);
desc.args[1] = key_phys;
ret = qcom_scm_call(__scm->dev, &desc, NULL);
memzero_explicit(keybuf, key_size);
Reported by FlawFinder.
drivers/acpi/acpica/dbdisply.c
2 issues
Line: 147
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct acpi_namespace_node *node;
union acpi_operand_object *obj_desc;
u32 display = DB_BYTE_DISPLAY;
char buffer[80];
struct acpi_buffer ret_buf;
acpi_status status;
u32 size;
if (!target) {
Reported by FlawFinder.
Line: 736
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 i;
u32 j;
u32 count;
char buffer[80];
struct acpi_buffer ret_buf;
acpi_status status;
ret_buf.length = sizeof(buffer);
ret_buf.pointer = buffer;
Reported by FlawFinder.