The following issues were found
drivers/crypto/marvell/octeontx/otx_cptpf_ucode.h
2 issues
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* ucode version in readable format
*/
struct otx_cpt_ucode_ver_num ver_num;/* ucode version number */
char filename[OTX_CPT_UCODE_NAME_LENGTH]; /* ucode filename */
dma_addr_t dma; /* phys address of ucode image */
dma_addr_t align_dma; /* aligned phys address of ucode image */
void *va; /* virt address of ucode image */
void *align_va; /* aligned virt address of ucode image */
u32 size; /* ucode image size */
Reported by FlawFinder.
Line: 143
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Microcode information */
struct otx_cpt_ucode ucode[OTX_CPT_MAX_ETYPES_PER_GRP];
/* sysfs info entry name */
char sysfs_info_name[OTX_CPT_UCODE_NAME_LENGTH];
/* engine group mirroring information */
struct otx_cpt_mirror_info mirror;
int idx; /* engine group index */
bool is_enabled; /*
* is engine group enabled, engine group is enabled
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c
2 issues
Line: 272
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
obj = (union acpi_object *)buffer.pointer;
memcpy(bios+offset, obj->buffer.pointer, obj->buffer.length);
len = obj->buffer.length;
kfree(buffer.pointer);
return len;
}
Reported by FlawFinder.
Line: 173
Column: 4
CWE codes:
126
if ((!AMD_IS_VALID_VBIOS(header)) ||
0 != memcmp((char *)&header[AMD_VBIOS_SIGNATURE_OFFSET],
AMD_VBIOS_SIGNATURE,
strlen(AMD_VBIOS_SIGNATURE)))
return false;
/* valid vbios, go on */
len = AMD_VBIOS_LENGTH(header);
len = ALIGN(len, 4);
Reported by FlawFinder.
drivers/clocksource/timer-qcom.c
2 issues
Line: 140
Column: 25
CWE codes:
120
20
static u64 notrace msm_sched_clock_read(void)
{
return msm_clocksource.read(&msm_clocksource);
}
static unsigned long msm_read_current_timer(void)
{
return msm_clocksource.read(&msm_clocksource);
Reported by FlawFinder.
Line: 145
Column: 25
CWE codes:
120
20
static unsigned long msm_read_current_timer(void)
{
return msm_clocksource.read(&msm_clocksource);
}
static struct delay_timer msm_delay_timer = {
.read_current_timer = msm_read_current_timer,
};
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
2 issues
Line: 271
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (adev->mode_info.bios_hardcoded_edid) {
edid = kmalloc(adev->mode_info.bios_hardcoded_edid_size, GFP_KERNEL);
if (edid) {
memcpy((unsigned char *)edid,
(unsigned char *)adev->mode_info.bios_hardcoded_edid,
adev->mode_info.bios_hardcoded_edid_size);
return edid;
}
}
Reported by FlawFinder.
Line: 620
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (mode->type & DRM_MODE_TYPE_PREFERRED) {
if (mode->hdisplay != native_mode->hdisplay ||
mode->vdisplay != native_mode->vdisplay)
memcpy(native_mode, mode, sizeof(*mode));
}
}
/* Try to get native mode details from EDID if necessary */
if (!native_mode->clock) {
Reported by FlawFinder.
drivers/clocksource/timer-vt8500.c
2 issues
Line: 65
Column: 26
CWE codes:
120
20
struct clock_event_device *evt)
{
int loops = msecs_to_loops(10);
u64 alarm = clocksource.read(&clocksource) + cycles;
while ((readl(regbase + TIMER_AS_VAL) & TIMER_MATCH_W_ACTIVE)
&& --loops)
cpu_relax();
writel((unsigned long)alarm, regbase + TIMER_MATCH_VAL);
Reported by FlawFinder.
Line: 71
Column: 35
CWE codes:
120
20
cpu_relax();
writel((unsigned long)alarm, regbase + TIMER_MATCH_VAL);
if ((signed)(alarm - clocksource.read(&clocksource)) <= MIN_OSCR_DELTA)
return -ETIME;
writel(1, regbase + TIMER_IER_VAL);
return 0;
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
2 issues
Line: 147
Column: 48
CWE codes:
120
20
* allows reading multiple registers in a single call and having
* the returned size reflect that.
*/
static int amdgpu_debugfs_process_reg_op(bool read, struct file *f,
char __user *buf, size_t size, loff_t *pos)
{
struct amdgpu_device *adev = file_inode(f)->i_private;
ssize_t result = 0;
int r;
Reported by FlawFinder.
Line: 226
Column: 7
CWE codes:
120
20
while (size) {
uint32_t value;
if (read) {
value = RREG32(*pos >> 2);
r = put_user(value, (uint32_t *)buf);
} else {
r = get_user(value, (uint32_t *)buf);
if (!r)
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
2 issues
Line: 1836
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int amdgpu_device_parse_gpu_info_fw(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[40];
int err;
const struct gpu_info_firmware_header_v1_0 *hdr;
adev->firmware.gpu_info_fw = NULL;
Reported by FlawFinder.
Line: 2403
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
static void amdgpu_device_fill_reset_magic(struct amdgpu_device *adev)
{
memcpy(adev->reset_magic, adev->gart.ptr, AMDGPU_RESET_MAGIC_NUM);
}
/**
* amdgpu_device_check_vram_lost - check if vram is valid
*
Reported by FlawFinder.
drivers/clocksource/timer-zevio.c
2 issues
Line: 57
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clk *clk;
struct clock_event_device clkevt;
char clocksource_name[64];
char clockevent_name[64];
};
static int zevio_timer_set_event(unsigned long delta,
struct clock_event_device *dev)
Reported by FlawFinder.
Line: 58
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct clock_event_device clkevt;
char clocksource_name[64];
char clockevent_name[64];
};
static int zevio_timer_set_event(unsigned long delta,
struct clock_event_device *dev)
{
Reported by FlawFinder.
drivers/crypto/marvell/octeontx2/otx2_cptpf_mbox.c
2 issues
Line: 25
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (msg == NULL)
return -ENOMEM;
memcpy((uint8_t *)msg + sizeof(struct mbox_msghdr),
(uint8_t *)req + sizeof(struct mbox_msghdr), size);
msg->id = req->id;
msg->pcifunc = req->pcifunc;
msg->sig = req->sig;
msg->ver = req->ver;
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"Forwarding to VF%d failed.\n", vf_id);
return;
}
memcpy((uint8_t *)fwd + sizeof(struct mbox_msghdr),
(uint8_t *)msg + sizeof(struct mbox_msghdr), size);
fwd->id = msg->id;
fwd->pcifunc = msg->pcifunc;
fwd->sig = msg->sig;
fwd->ver = msg->ver;
Reported by FlawFinder.
crypto/async_tx/async_pq.c
2 issues
Line: 199
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
is_dma_pq_aligned_offs(device, offsets, disks, len)) {
struct dma_async_tx_descriptor *tx;
enum dma_ctrl_flags dma_flags = 0;
unsigned char coefs[MAX_DISKS];
int i, j;
/* run the p+q asynchronously */
pr_debug("%s: (async) disks: %d len: %zu\n",
__func__, disks, len);
Reported by FlawFinder.
Line: 305
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dma_chan *chan = pq_val_chan(submit, blocks, disks, len);
struct dma_device *device = chan ? chan->device : NULL;
struct dma_async_tx_descriptor *tx;
unsigned char coefs[MAX_DISKS];
enum dma_ctrl_flags dma_flags = submit->cb_fn ? DMA_PREP_INTERRUPT : 0;
struct dmaengine_unmap_data *unmap = NULL;
BUG_ON(disks < 4 || disks > MAX_DISKS);
Reported by FlawFinder.