The following issues were found
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h
2 issues
Line: 177
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct amdgpu_task_info {
char process_name[TASK_COMM_LEN];
char task_name[TASK_COMM_LEN];
pid_t pid;
pid_t tgid;
};
Reported by FlawFinder.
Line: 178
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct amdgpu_task_info {
char process_name[TASK_COMM_LEN];
char task_name[TASK_COMM_LEN];
pid_t pid;
pid_t tgid;
};
/**
Reported by FlawFinder.
crypto/simd.c
2 issues
Line: 212
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct simd_skcipher_alg *simd_skcipher_create(const char *algname,
const char *basename)
{
char drvname[CRYPTO_MAX_ALG_NAME];
if (snprintf(drvname, CRYPTO_MAX_ALG_NAME, "simd-%s", basename) >=
CRYPTO_MAX_ALG_NAME)
return ERR_PTR(-ENAMETOOLONG);
Reported by FlawFinder.
Line: 459
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct simd_aead_alg *simd_aead_create(const char *algname,
const char *basename)
{
char drvname[CRYPTO_MAX_ALG_NAME];
if (snprintf(drvname, CRYPTO_MAX_ALG_NAME, "simd-%s", basename) >=
CRYPTO_MAX_ALG_NAME)
return ERR_PTR(-ENAMETOOLONG);
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/atombios_encoders.c
2 issues
Line: 174
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct backlight_properties props;
struct amdgpu_backlight_privdata *pdata;
struct amdgpu_encoder_atom_dig *dig;
char bl_name[16];
/* Mac laptops with multiple GPUs use the gmux driver for backlight
* so don't register a backlight device
*/
if ((adev->pdev->subsystem_vendor == PCI_VENDOR_ID_APPLE) &&
Reported by FlawFinder.
Line: 2096
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
max((int)EDID_LENGTH, (int)fake_edid_record->ucFakeEDIDLength);
edid = kmalloc(edid_size, GFP_KERNEL);
if (edid) {
memcpy((u8 *)edid, (u8 *)&fake_edid_record->ucFakeEDIDString[0],
fake_edid_record->ucFakeEDIDLength);
if (drm_edid_is_valid(edid)) {
adev->mode_info.bios_hardcoded_edid = edid;
adev->mode_info.bios_hardcoded_edid_size = edid_size;
Reported by FlawFinder.
drivers/comedi/drivers/amplc_pci230.c
2 issues
Line: 492
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned short adcfifothresh; /* ADC FIFO threshold (PCI230+/260+) */
unsigned short adcg; /* ADCG register value */
unsigned char ier; /* Interrupt enable bits */
unsigned char res_owned[NUM_OWNERS]; /* Owned resources */
unsigned int intr_running:1; /* Flag set in interrupt routine */
unsigned int ai_bipolar:1; /* Flag AI range is bipolar */
unsigned int ao_bipolar:1; /* Flag AO range is bipolar */
unsigned int ai_cmd_started:1; /* Flag AI command started */
unsigned int ao_cmd_started:1; /* Flag AO command started */
Reported by FlawFinder.
Line: 523
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
/* PCI230 analogue gain bits for each input range. */
static const unsigned char pci230_ai_gain[7] = { 0, 1, 2, 3, 1, 2, 3 };
/* PCI230 analogue output range table */
static const struct comedi_lrange pci230_ao_range = {
2, {
UNI_RANGE(10),
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/cik_sdma.c
2 issues
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int cik_sdma_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[30];
int err = 0, i;
DRM_DEBUG("\n");
switch (adev->asic_type) {
Reported by FlawFinder.
Line: 984
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
for (i = 0; i < adev->sdma.num_instances; i++) {
ring = &adev->sdma.instance[i].ring;
ring->ring_obj = NULL;
sprintf(ring->name, "sdma%d", i);
r = amdgpu_ring_init(adev, ring, 1024,
&adev->sdma.trap_irq,
(i == 0) ? AMDGPU_SDMA_IRQ_INSTANCE0 :
AMDGPU_SDMA_IRQ_INSTANCE1,
AMDGPU_RING_PRIO_DEFAULT, NULL);
Reported by FlawFinder.
crypto/sha3_generic.c
2 issues
Line: 188
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((sctx->partial + len) > (sctx->rsiz - 1)) {
if (sctx->partial) {
done = -sctx->partial;
memcpy(sctx->buf + sctx->partial, data,
done + sctx->rsiz);
src = sctx->buf;
}
do {
Reported by FlawFinder.
Line: 206
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sctx->partial = 0;
}
memcpy(sctx->buf + sctx->partial, src, len - done);
sctx->partial += (len - done);
return 0;
}
EXPORT_SYMBOL(crypto_sha3_update);
Reported by FlawFinder.
crypto/asymmetric_keys/restrict.c
2 issues
Line: 21
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifndef MODULE
static struct {
struct asymmetric_key_id id;
unsigned char data[10];
} cakey;
static int __init ca_keys_setup(char *str)
{
if (!str) /* default system keyring */
Reported by FlawFinder.
Line: 31
Column: 20
CWE codes:
126
if (strncmp(str, "id:", 3) == 0) {
struct asymmetric_key_id *p = &cakey.id;
size_t hexlen = (strlen(str) - 3) / 2;
int ret;
if (hexlen == 0 || hexlen > sizeof(cakey.data)) {
pr_err("Missing or invalid ca_keys id\n");
return 1;
Reported by FlawFinder.
drivers/comedi/drivers/jr3_pci.c
2 issues
Line: 95
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union jr3_pci_single_range {
struct comedi_lrange l;
char _reserved[offsetof(struct comedi_lrange, range[1])];
};
enum jr3_pci_poll_state {
state_jr3_poll,
state_jr3_init_wait_for_offset,
Reported by FlawFinder.
Line: 646
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct jr3_block __iomem *block = dev->mmio;
struct jr3_sensor __iomem *sensor0 = &block[0].sensor;
char copy[ARRAY_SIZE(sensor0->copyright) + 1];
int i;
for (i = 0; i < ARRAY_SIZE(sensor0->copyright); i++)
copy[i] = (char)(get_u16(&sensor0->copyright[i]) >> 8);
copy[i] = '\0';
Reported by FlawFinder.
drivers/acpi/acpica/utosi.c
2 issues
Line: 215
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* Initialize new info and insert at the head of the global list */
strcpy(interface_info->name, interface_name);
interface_info->flags = ACPI_OSI_DYNAMIC;
interface_info->next = acpi_gbl_supported_interfaces;
acpi_gbl_supported_interfaces = interface_info;
return (AE_OK);
Reported by FlawFinder.
Line: 207
Column: 46
CWE codes:
126
return (AE_NO_MEMORY);
}
interface_info->name = ACPI_ALLOCATE_ZEROED(strlen(interface_name) + 1);
if (!interface_info->name) {
ACPI_FREE(interface_info);
return (AE_NO_MEMORY);
}
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c
2 issues
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int gmc_v6_0_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[30];
int err;
bool is_58_fw = false;
DRM_DEBUG("\n");
Reported by FlawFinder.
Line: 621
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 vmid = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, VMID);
u32 protections = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS,
PROTECTIONS);
char block[5] = { mc_client >> 24, (mc_client >> 16) & 0xff,
(mc_client >> 8) & 0xff, mc_client & 0xff, 0 };
mc_id = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS,
MEMORY_CLIENT_ID);
Reported by FlawFinder.