The following issues were found
drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c
2 issues
Line: 135
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int gmc_v7_0_init_microcode(struct amdgpu_device *adev)
{
const char *chip_name;
char fw_name[30];
int err;
DRM_DEBUG("\n");
switch (adev->asic_type) {
Reported by FlawFinder.
Line: 781
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 vmid = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS, VMID);
u32 protections = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS,
PROTECTIONS);
char block[5] = { mc_client >> 24, (mc_client >> 16) & 0xff,
(mc_client >> 8) & 0xff, mc_client & 0xff, 0 };
u32 mc_id;
mc_id = REG_GET_FIELD(status, VM_CONTEXT1_PROTECTION_FAULT_STATUS,
MEMORY_CLIENT_ID);
Reported by FlawFinder.
drivers/gpu/drm/drm_plane_helper.c
2 issues
Line: 126
CWE codes:
908
.crtc_w = drm_rect_width(dst),
.crtc_h = drm_rect_height(dst),
.rotation = rotation,
.visible = *visible,
};
struct drm_crtc_state crtc_state = {
.crtc = crtc,
.enable = crtc->enabled,
.mode = crtc->mode,
Reported by Cppcheck.
Line: 126
CWE codes:
908
.crtc_w = drm_rect_width(dst),
.crtc_h = drm_rect_height(dst),
.rotation = rotation,
.visible = *visible,
};
struct drm_crtc_state crtc_state = {
.crtc = crtc,
.enable = crtc->enabled,
.mode = crtc->mode,
Reported by Cppcheck.
drivers/gpu/drm/drm_scdc_helper.c
2 issues
Line: 111
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg.buf = data;
memcpy(data, &offset, sizeof(offset));
memcpy(data + 1, buffer, size);
err = i2c_transfer(adapter, &msg, 1);
kfree(data);
Reported by FlawFinder.
Line: 112
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
msg.buf = data;
memcpy(data, &offset, sizeof(offset));
memcpy(data + 1, buffer, size);
err = i2c_transfer(adapter, &msg, 1);
kfree(data);
Reported by FlawFinder.
drivers/gpu/drm/drm_sysfs.c
2 issues
Line: 211
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (off + count > size)
count = size - off;
memcpy(buf, edid + off, count);
ret = count;
unlock:
mutex_unlock(&connector->dev->mode_config.mutex);
Reported by FlawFinder.
Line: 361
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct drm_device *dev = connector->dev;
char hotplug_str[] = "HOTPLUG=1", conn_id[21], prop_id[21];
char *envp[4] = { hotplug_str, conn_id, prop_id, NULL };
WARN_ON(!drm_mode_obj_find_prop_id(&connector->base,
property->base.id));
snprintf(conn_id, ARRAY_SIZE(conn_id),
Reported by FlawFinder.
drivers/gpu/drm/etnaviv/etnaviv_dump.c
2 issues
Line: 106
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void etnaviv_core_dump_mem(struct core_dump_iterator *iter, u32 type,
void *ptr, size_t size, u64 iova)
{
memcpy(iter->data, ptr, size);
iter->hdr->iova = cpu_to_le64(iova);
etnaviv_core_dump_header(iter, type, iter->data + size);
}
Reported by FlawFinder.
Line: 220
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vaddr = etnaviv_gem_vmap(&obj->base);
if (vaddr)
memcpy(iter.data, vaddr, obj->base.size);
etnaviv_core_dump_header(&iter, ETDUMP_BUF_BO, iter.data +
obj->base.size);
}
Reported by FlawFinder.
drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c
2 issues
Line: 156
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct etnaviv_iommuv2_context *v2_context = to_v2_context(context);
int i;
memcpy(buf, v2_context->mtlb_cpu, SZ_4K);
buf += SZ_4K;
for (i = 0; i < MMUv2_MAX_STLB_ENTRIES; i++)
if (v2_context->mtlb_cpu[i] & MMUv2_PTE_PRESENT) {
memcpy(buf, v2_context->stlb_cpu[i], SZ_4K);
buf += SZ_4K;
Reported by FlawFinder.
Line: 160
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += SZ_4K;
for (i = 0; i < MMUv2_MAX_STLB_ENTRIES; i++)
if (v2_context->mtlb_cpu[i] & MMUv2_PTE_PRESENT) {
memcpy(buf, v2_context->stlb_cpu[i], SZ_4K);
buf += SZ_4K;
}
}
static void etnaviv_iommuv2_restore_nonsec(struct etnaviv_gpu *gpu,
Reported by FlawFinder.
drivers/gpu/drm/gma500/intel_bios.h
2 issues
Line: 338
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} __packed;
struct aimdb_header {
char signature[16];
char oem_device[20];
u16 aimdb_version;
u16 aimdb_header_size;
u16 aimdb_size;
} __packed;
Reported by FlawFinder.
Line: 339
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct aimdb_header {
char signature[16];
char oem_device[20];
u16 aimdb_version;
u16 aimdb_header_size;
u16 aimdb_size;
} __packed;
Reported by FlawFinder.
drivers/gpu/drm/gma500/oaktrail_crtc.c
2 issues
Line: 387
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!gma_power_begin(dev, true))
return 0;
memcpy(&gma_crtc->saved_mode,
mode,
sizeof(struct drm_display_mode));
memcpy(&gma_crtc->saved_adjusted_mode,
adjusted_mode,
sizeof(struct drm_display_mode));
Reported by FlawFinder.
Line: 390
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&gma_crtc->saved_mode,
mode,
sizeof(struct drm_display_mode));
memcpy(&gma_crtc->saved_adjusted_mode,
adjusted_mode,
sizeof(struct drm_display_mode));
list_for_each_entry(connector, &mode_config->connector_list, head) {
if (!connector->encoder || connector->encoder->crtc != crtc)
Reported by FlawFinder.
drivers/gpu/drm/gud/gud_connector.c
2 issues
Line: 212
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (start + len > ctx->len)
return -1;
memcpy(buf, ctx->buf + start, len);
return 0;
}
static int gud_connector_get_modes(struct drm_connector *connector)
Reported by FlawFinder.
Line: 380
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int gud_connector_add_tv_mode(struct gud_device *gdrm, struct drm_connector *connector)
{
size_t buf_len = GUD_CONNECTOR_TV_MODE_MAX_NUM * GUD_CONNECTOR_TV_MODE_NAME_LEN;
const char *modes[GUD_CONNECTOR_TV_MODE_MAX_NUM];
unsigned int i, num_modes;
char *buf;
int ret;
buf = kmalloc(buf_len, GFP_KERNEL);
Reported by FlawFinder.
drivers/gpu/drm/gud/gud_drv.c
2 issues
Line: 88
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
ret = gud_usb_control_msg(intf, true, GUD_REQ_GET_DESCRIPTOR, 0, buf, sizeof(*desc));
memcpy(desc, buf, sizeof(*desc));
kfree(buf);
if (ret < 0)
return ret;
if (ret != sizeof(*desc))
return -EIO;
Reported by FlawFinder.
Line: 329
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct drm_info_node *node = m->private;
struct gud_device *gdrm = to_gud_device(node->minor->dev);
char buf[10];
string_get_size(gdrm->bulk_len, 1, STRING_UNITS_2, buf, sizeof(buf));
seq_printf(m, "Max buffer size: %s\n", buf);
seq_printf(m, "Number of errors: %u\n", gdrm->stats_num_errors);
Reported by FlawFinder.