The following issues were found
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
2 issues
Line: 312
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ring->eop_gpu_addr = kiq->eop_gpu_addr;
ring->no_scheduler = true;
sprintf(ring->name, "kiq_%d.%d.%d", ring->me, ring->pipe, ring->queue);
r = amdgpu_ring_init(adev, ring, 1024, irq, AMDGPU_CP_KIQ_IRQ_DRIVER0,
AMDGPU_RING_PRIO_DEFAULT, NULL);
if (r)
dev_warn(adev->dev, "(%d) failed to init kiq ring\n", r);
Reported by FlawFinder.
Line: 618
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
adev->gfx.ras_if->block = AMDGPU_RAS_BLOCK__GFX;
adev->gfx.ras_if->type = AMDGPU_RAS_ERROR__MULTI_UNCORRECTABLE;
adev->gfx.ras_if->sub_block_index = 0;
strcpy(adev->gfx.ras_if->name, "gfx");
}
fs_info.head = ih_info.head = *adev->gfx.ras_if;
r = amdgpu_ras_late_init(adev, adev->gfx.ras_if,
&fs_info, &ih_info);
if (r)
Reported by FlawFinder.
drivers/atm/atmtcp.c
2 issues
Line: 241
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (*pos) return 0;
if (!dev_data->persist) return sprintf(page,"ephemeral\n");
return sprintf(page,"persistent, %sconnected\n",
dev_data->vcc ? "" : "dis");
}
static void atmtcp_c_close(struct atm_vcc *vcc)
Reported by FlawFinder.
Line: 240
Column: 33
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct atmtcp_dev_data *dev_data = PRIV(dev);
if (*pos) return 0;
if (!dev_data->persist) return sprintf(page,"ephemeral\n");
return sprintf(page,"persistent, %sconnected\n",
dev_data->vcc ? "" : "dis");
}
Reported by FlawFinder.
drivers/acpi/bus.c
2 issues
Line: 793
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct acpi_hardware_id *hwid)
{
int i, msk, byte_shift;
char buf[3];
if (!id->cls)
return false;
/* Apply class-code bitmask, before checking each class-code byte */
Reported by FlawFinder.
Line: 805
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (!msk)
continue;
sprintf(buf, "%02x", (id->cls >> byte_shift) & msk);
if (strncmp(buf, &hwid->id[(i - 1) * 2], 2))
return false;
}
return true;
}
Reported by FlawFinder.
drivers/char/ipmi/kcs_bmc_cdev_ipmi.c
2 issues
Line: 338
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data_avail = priv->data_in_avail;
if (data_avail) {
data_len = priv->data_in_idx;
memcpy(priv->kbuffer, priv->data_in, data_len);
}
spin_unlock_irq(&priv->lock);
if (!data_avail) {
ret = -EAGAIN;
Reported by FlawFinder.
Line: 404
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
priv->phase = KCS_PHASE_READ;
priv->data_out_idx = 1;
priv->data_out_len = count;
memcpy(priv->data_out, priv->kbuffer, count);
kcs_bmc_write_data(priv->client.dev, priv->data_out[0]);
ret = count;
} else {
ret = -EINVAL;
}
Reported by FlawFinder.
drivers/accessibility/braille/braille_console.c
2 issues
Line: 65
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void braille_write(u16 *buf)
{
static u16 lastwrite[WIDTH];
unsigned char data[1 + 1 + 2*WIDTH + 2 + 1], csum = 0, *c;
u16 out;
int i;
if (!braille_co)
return;
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!memcmp(lastwrite, buf, WIDTH * sizeof(*buf)))
return;
memcpy(lastwrite, buf, WIDTH * sizeof(*buf));
#define SOH 1
#define STX 2
#define ETX 2
#define EOT 4
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
2 issues
Line: 426
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct dentry *ent, *root = minor->debugfs_root;
char name[32];
sprintf(name, "amdgpu_ring_%s", ring->name);
ent = debugfs_create_file(name,
S_IFREG | S_IRUGO, root,
ring, &amdgpu_debugfs_ring_fops);
if (!ent)
Reported by FlawFinder.
Line: 424
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(CONFIG_DEBUG_FS)
struct drm_minor *minor = adev_to_drm(adev)->primary;
struct dentry *ent, *root = minor->debugfs_root;
char name[32];
sprintf(name, "amdgpu_ring_%s", ring->name);
ent = debugfs_create_file(name,
S_IFREG | S_IRUGO, root,
Reported by FlawFinder.
drivers/crypto/nx/nx-aes-cbc.c
2 issues
Line: 48
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
csbcpb->cpb.hdr.mode = NX_MODE_AES_CBC;
memcpy(csbcpb->cpb.aes_cbc.key, in_key, key_len);
return 0;
}
static int cbc_aes_nx_crypt(struct skcipher_request *req,
Reported by FlawFinder.
Line: 89
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rc)
goto out;
memcpy(req->iv, csbcpb->cpb.aes_cbc.cv, AES_BLOCK_SIZE);
atomic_inc(&(nx_ctx->stats->aes_ops));
atomic64_add(be32_to_cpu(csbcpb->csb.processed_byte_count),
&(nx_ctx->stats->aes_bytes));
processed += to_process;
Reported by FlawFinder.
drivers/char/lp.c
2 issues
Line: 926
CWE codes:
788
memset(&ppdev_cb, 0, sizeof(ppdev_cb));
ppdev_cb.preempt = lp_preempt;
ppdev_cb.private = &lp_table[nr];
lp_table[nr].dev = parport_register_dev_model(port, "lp",
&ppdev_cb, nr);
if (lp_table[nr].dev == NULL)
return 1;
lp_table[nr].flags |= LP_EXIST;
Reported by Cppcheck.
Line: 877
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* --- initialisation code ------------------------------------- */
static int parport_nr[LP_NO] = { [0 ... LP_NO-1] = LP_PARPORT_UNSPEC };
static char *parport[LP_NO];
static bool reset;
module_param_array(parport, charp, NULL, 0);
module_param(reset, bool, 0);
Reported by FlawFinder.
drivers/comedi/drivers/amplc_dio200.h
2 issues
Line: 33
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *name;
unsigned char mainbar;
unsigned short n_subdevs; /* number of subdevices */
unsigned char sdtype[DIO200_MAX_SUBDEVS]; /* enum dio200_sdtype */
unsigned char sdinfo[DIO200_MAX_SUBDEVS]; /* depends on sdtype */
unsigned int has_int_sce:1; /* has interrupt enable/status reg */
unsigned int has_clk_gat_sce:1; /* has clock/gate selection registers */
unsigned int is_pcie:1; /* has enhanced features */
};
Reported by FlawFinder.
Line: 34
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char mainbar;
unsigned short n_subdevs; /* number of subdevices */
unsigned char sdtype[DIO200_MAX_SUBDEVS]; /* enum dio200_sdtype */
unsigned char sdinfo[DIO200_MAX_SUBDEVS]; /* depends on sdtype */
unsigned int has_int_sce:1; /* has interrupt enable/status reg */
unsigned int has_clk_gat_sce:1; /* has clock/gate selection registers */
unsigned int is_pcie:1; /* has enhanced features */
};
Reported by FlawFinder.
drivers/comedi/drivers/amplc_pci224.c
2 issues
Line: 299
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Used to check all channels set to the same range on PCI224. */
static const unsigned char range_check_pci224[10] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
};
/*
* The ranges for PCI234.
Reported by FlawFinder.
Line: 332
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* Used to check all channels use same LK1 setting on PCI234. */
static const unsigned char range_check_pci234[4] = {
0, 0, 1, 1,
};
/*
* Board descriptions.
Reported by FlawFinder.