Codekhana

drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 119 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct dpu_csc_cfg *csc_ptr;

	const struct dpu_sspp_sub_blks *pipe_sblk;
	char pipe_name[DPU_NAME_SIZE];

	/* debugfs related stuff */
	struct dentry *debugfs_root;
	struct dpu_debugfs_regset32 debugfs_src;
	struct dpu_debugfs_regset32 debugfs_scaler;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 1366 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              {
	struct dpu_kms *kms = file->private_data;
	int len;
	char buf[40];

	len = scnprintf(buf, sizeof(buf), "%d\n", !kms->has_danger_ctrl);

	return simple_read_from_buffer(buff, count, ppos, buf, len);
}

Reported by FlawFinder.

drivers/gpu/drm/msm/dp/dp_catalog.c

2 issues

read - Check buffer boundaries if used in a loop including recursive loops

Security

Line: 174 Column: 68 CWE codes: 120 20

              	return 0;
}

int dp_catalog_aux_clear_trans(struct dp_catalog *dp_catalog, bool read)
{
	u32 data;
	struct dp_catalog_private *catalog = container_of(dp_catalog,
				struct dp_catalog_private, dp_catalog);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops

Security

Line: 180 Column: 6 CWE codes: 120 20

              	struct dp_catalog_private *catalog = container_of(dp_catalog,
				struct dp_catalog_private, dp_catalog);

	if (read) {
		data = dp_read_aux(catalog, REG_DP_AUX_TRANS_CTRL);
		data &= ~DP_AUX_TRANS_CTRL_GO;
		dp_write_aux(catalog, REG_DP_AUX_TRANS_CTRL, data);
	} else {
		dp_write_aux(catalog, REG_DP_AUX_TRANS_CTRL, 0);

Reported by FlawFinder.

drivers/gpu/drm/msm/dsi/phy/dsi_phy_10nm.c

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 562 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               */
static int pll_10nm_register(struct dsi_pll_10nm *pll_10nm, struct clk_hw **provided_clocks)
{
	char clk_name[32], parent[32], vco_name[32];
	char parent2[32], parent3[32], parent4[32];
	struct clk_init_data vco_init = {
		.parent_names = (const char *[]){ "xo" },
		.num_parents = 1,
		.name = vco_name,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 563 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              static int pll_10nm_register(struct dsi_pll_10nm *pll_10nm, struct clk_hw **provided_clocks)
{
	char clk_name[32], parent[32], vco_name[32];
	char parent2[32], parent3[32], parent4[32];
	struct clk_init_data vco_init = {
		.parent_names = (const char *[]){ "xo" },
		.num_parents = 1,
		.name = vco_name,
		.flags = CLK_IGNORE_UNUSED,

Reported by FlawFinder.

drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 590 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               */
static int pll_7nm_register(struct dsi_pll_7nm *pll_7nm, struct clk_hw **provided_clocks)
{
	char clk_name[32], parent[32], vco_name[32];
	char parent2[32], parent3[32], parent4[32];
	struct clk_init_data vco_init = {
		.parent_names = (const char *[]){ "bi_tcxo" },
		.num_parents = 1,
		.name = vco_name,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 591 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              static int pll_7nm_register(struct dsi_pll_7nm *pll_7nm, struct clk_hw **provided_clocks)
{
	char clk_name[32], parent[32], vco_name[32];
	char parent2[32], parent3[32], parent4[32];
	struct clk_init_data vco_init = {
		.parent_names = (const char *[]){ "bi_tcxo" },
		.num_parents = 1,
		.name = vco_name,
		.flags = CLK_IGNORE_UNUSED,

Reported by FlawFinder.

drivers/gpu/drm/msm/hdmi/hdmi.c

2 issues

sscanf - The scanf() family's %s operation, without a limit specification, permits buffer overflows

Security

Line: 572 Column: 8 CWE codes: 120 20
Suggestion: Specify a limit to %s, or use a different input function

              			 * prefix. This is mainly to match "hpd-gpios" used
			 * in the upstream bindings.
			 */
			if (sscanf(name, "qcom,hdmi-tx-%s", name3))
				gpiod = devm_gpiod_get_optional(dev, name3, GPIOD_ASIS);
			if (IS_ERR(gpiod))
				return PTR_ERR(gpiod);
			if (!gpiod)
				DBG("failed to get gpio: %s", name);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 565 Column: 4 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              			return PTR_ERR(gpiod);
		if (!gpiod) {
			/* Try a second time, stripping down the name */
			char name3[32];

			/*
			 * Try again after stripping out the "qcom,hdmi-tx"
			 * prefix. This is mainly to match "hpd-gpios" used
			 * in the upstream bindings.

Reported by FlawFinder.

drivers/gpu/drm/nouveau/dispnv04/crtc.c

2 issues

Possible null pointer dereference: drm_fb

Error

Line: 853 CWE codes: 476

              		drm_fb = crtc->primary->fb;
	}

	nvbo = nouveau_gem_object(drm_fb->obj[0]);
	nv_crtc->fb.offset = nvbo->offset;

	if (nv_crtc->lut.depth != drm_fb->format->depth) {
		nv_crtc->lut.depth = drm_fb->format->depth;
		nv_crtc_gamma_load(crtc);

Reported by Cppcheck.

Possible null pointer dereference: drm_fb

Error

Line: 856 CWE codes: 476

              	nvbo = nouveau_gem_object(drm_fb->obj[0]);
	nv_crtc->fb.offset = nvbo->offset;

	if (nv_crtc->lut.depth != drm_fb->format->depth) {
		nv_crtc->lut.depth = drm_fb->format->depth;
		nv_crtc_gamma_load(crtc);
	}

	/* Update the framebuffer format. */

Reported by Cppcheck.

drivers/gpu/drm/nouveau/dispnv50/disp.c

2 issues

There is an unknown macro here somewhere. Configuration is required. If nvif_msec is a macro then please configure it.

Error

Line: 142

              		if (dmac->push->mem.type & NVIF_MEM_VRAM) {
			struct nvif_device *device = dmac->base.device;
			nvif_wr32(&device->object, 0x070000, 0x00000001);
			nvif_msec(device, 2000,
				if (!(nvif_rd32(&device->object, 0x070000) & 0x00000002))
					break;
			);
		}

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 647 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		*enabled = nv_encoder->audio.enabled;
		if (*enabled) {
			ret = drm_eld_size(nv_connector->base.eld);
			memcpy(buf, nv_connector->base.eld,
			       min(max_bytes, ret));
		}
		break;
	}

Reported by FlawFinder.

drivers/gpu/drm/nouveau/include/nvif/cl0080.h

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 42 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	__u8  pad06[2];
	__u64 ram_size;
	__u64 ram_user;
	char  chip[16];
	char  name[64];
};

struct nv_device_info_v1 {
	__u8  version;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 43 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	__u64 ram_size;
	__u64 ram_user;
	char  chip[16];
	char  name[64];
};

struct nv_device_info_v1 {
	__u8  version;
	__u8  count;

Reported by FlawFinder.

drivers/gpu/drm/nouveau/include/nvif/if0001.h

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 35 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	__u8  pad03[5];
	__u32 min;
	__u32 max;
	char  name[32];
	char  unit[16];
};

struct nvif_control_pstate_user_v0 {
	__u8  version;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 36 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	__u32 min;
	__u32 max;
	char  name[32];
	char  unit[16];
};

struct nvif_control_pstate_user_v0 {
	__u8  version;
#define NVIF_CONTROL_PSTATE_USER_V0_STATE_UNKNOWN                          (-1)

Reported by FlawFinder.

drivers/gpu/drm/nouveau/include/nvkm/core/subdev.h

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 20 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct nvkm_device *device;
	enum nvkm_subdev_type type;
	int inst;
	char name[16];
	u32 debug;
	struct list_head head;

	void **pself;
	bool oneinit;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 38 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	void (*intr)(struct nvkm_subdev *);
};

extern const char *nvkm_subdev_type[NVKM_SUBDEV_NR];
int nvkm_subdev_new_(const struct nvkm_subdev_func *, struct nvkm_device *, enum nvkm_subdev_type,
		     int inst, struct nvkm_subdev **);
void nvkm_subdev_ctor(const struct nvkm_subdev_func *, struct nvkm_device *,
		      enum nvkm_subdev_type, int inst, struct nvkm_subdev *);
void nvkm_subdev_disable(struct nvkm_device *, enum nvkm_subdev_type, int inst);

Reported by FlawFinder.

Modal title

The following issues were found

drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c

2 issues

drivers/gpu/drm/msm/dp/dp_catalog.c

2 issues

drivers/gpu/drm/msm/dsi/phy/dsi_phy_10nm.c

2 issues

drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c

2 issues

drivers/gpu/drm/msm/hdmi/hdmi.c

2 issues

drivers/gpu/drm/nouveau/dispnv04/crtc.c

2 issues

drivers/gpu/drm/nouveau/dispnv50/disp.c

2 issues

drivers/gpu/drm/nouveau/include/nvif/cl0080.h

2 issues

drivers/gpu/drm/nouveau/include/nvif/if0001.h

2 issues

drivers/gpu/drm/nouveau/include/nvkm/core/subdev.h

2 issues