The following issues were found
drivers/gpu/drm/omapdrm/dss/dsi.c
2 issues
Line: 460
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* make a copy and unlock, so that isrs can unregister
* themselves */
memcpy(&dsi->isr_tables_copy, &dsi->isr_tables,
sizeof(dsi->isr_tables));
spin_unlock(&dsi->irq_lock);
dsi_handle_isrs(&dsi->isr_tables_copy, irqstatus, vcstatus, ciostatus);
Reported by FlawFinder.
Line: 4556
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct dss_device *dss = dss_get_device(master);
struct dsi_data *dsi = dev_get_drvdata(dev);
char name[10];
u32 rev;
int r;
dsi->dss = dss;
Reported by FlawFinder.
drivers/gpu/drm/omapdrm/dss/hdmi4_core.c
2 issues
Line: 317
Column: 47
CWE codes:
126
#define DUMPCOREAV(r) seq_printf(s, "%-35s %08x\n", #r,\
hdmi_read_reg(hdmi_av_base(core), r))
#define DUMPCOREAV2(i, r) seq_printf(s, "%s[%d]%*s %08x\n", #r, i, \
(i < 10) ? 32 - (int)strlen(#r) : 31 - (int)strlen(#r), " ", \
hdmi_read_reg(hdmi_av_base(core), CORE_REG(i, r)))
DUMPCORE(HDMI_CORE_SYS_VND_IDL);
DUMPCORE(HDMI_CORE_SYS_DEV_IDL);
DUMPCORE(HDMI_CORE_SYS_DEV_IDH);
Reported by FlawFinder.
Line: 317
Column: 24
CWE codes:
126
#define DUMPCOREAV(r) seq_printf(s, "%-35s %08x\n", #r,\
hdmi_read_reg(hdmi_av_base(core), r))
#define DUMPCOREAV2(i, r) seq_printf(s, "%s[%d]%*s %08x\n", #r, i, \
(i < 10) ? 32 - (int)strlen(#r) : 31 - (int)strlen(#r), " ", \
hdmi_read_reg(hdmi_av_base(core), CORE_REG(i, r)))
DUMPCORE(HDMI_CORE_SYS_VND_IDL);
DUMPCORE(HDMI_CORE_SYS_DEV_IDL);
DUMPCORE(HDMI_CORE_SYS_DEV_IDH);
Reported by FlawFinder.
drivers/gpu/drm/panel/panel-ilitek-ili9322.c
2 issues
Line: 297
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 buf[2];
/* Clear bit 7 to write */
memcpy(buf, data, 2);
buf[0] &= ~0x80;
dev_dbg(dev, "WRITE: %02x %02x\n", buf[0], buf[1]);
return spi_write_then_read(spi, buf, 2, NULL, 0);
}
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 buf[1];
/* Set bit 7 to 1 to read */
memcpy(buf, reg, 1);
dev_dbg(dev, "READ: %02x reg size = %zu, val size = %zu\n",
buf[0], reg_size, val_size);
buf[0] |= 0x80;
return spi_write_then_read(spi, buf, 1, val, 1);
Reported by FlawFinder.
drivers/gpu/drm/panel/panel-olimex-lcd-olinuxino.c
2 issues
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct lcd_olinuxino_info {
char name[32];
u32 width_mm;
u32 height_mm;
u32 bpc;
u32 bus_format;
u32 bus_flag;
Reported by FlawFinder.
Line: 53
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct lcd_olinuxino_eeprom {
u32 header;
u32 id;
char revision[4];
u32 serial;
struct lcd_olinuxino_info info;
u32 num_modes;
u8 reserved[180];
u32 checksum;
Reported by FlawFinder.
drivers/gpu/drm/panel/panel-samsung-s6e3ha2.c
2 issues
Line: 217
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x00, 0x00 }
};
static const unsigned char vint_table[S6E3HA2_VINT_STATUS_MAX] = {
0x18, 0x19, 0x1a, 0x1b, 0x1c,
0x1d, 0x1e, 0x1f, 0x20, 0x21
};
enum s6e3ha2_type {
Reported by FlawFinder.
Line: 439
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
u8 data[S6E3HA2_GAMMA_CMD_CNT + 1] = { 0xca, };
int ret;
memcpy(data + 1, gamma_tbl + index, S6E3HA2_GAMMA_CMD_CNT);
s6e3ha2_call_write_func(ret,
s6e3ha2_dcs_write(ctx, data, ARRAY_SIZE(data)));
s6e3ha2_call_write_func(ret, s6e3ha2_gamma_update(ctx));
bl_dev->props.brightness = brightness;
Reported by FlawFinder.
drivers/gpu/drm/qxl/qxl_cmd.c
2 issues
Line: 146
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
idx = header->prod & (ring->n_elements - 1);
elt = ring->ring->elements + idx * ring->element_size;
memcpy((void *)elt, new_elt, ring->element_size);
header->prod++;
mb();
Reported by FlawFinder.
Line: 177
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
idx = header->cons & (ring->n_elements - 1);
ring_elt = ring->ring->elements + idx * ring->element_size;
memcpy(element, (void *)ring_elt, ring->element_size);
header->cons++;
spin_unlock_irqrestore(&ring->lock, flags);
return true;
Reported by FlawFinder.
drivers/gpu/drm/qxl/qxl_display.c
2 issues
Line: 607
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy_toio(cursor_map.vaddr_iomem + sizeof(cursor),
user_map.vaddr, size);
} else {
memcpy(cursor_map.vaddr,
&cursor, sizeof(cursor));
memcpy(cursor_map.vaddr + sizeof(cursor),
user_map.vaddr, size);
}
Reported by FlawFinder.
Line: 609
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(cursor_map.vaddr,
&cursor, sizeof(cursor));
memcpy(cursor_map.vaddr + sizeof(cursor),
user_map.vaddr, size);
}
qxl_bo_vunmap(user_bo);
qxl_bo_vunmap(cursor_bo);
Reported by FlawFinder.
drivers/gpu/drm/qxl/qxl_image.c
2 issues
Line: 158
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
size = min(size, remain);
memcpy(k_data, i_data, size);
qxl_bo_kunmap_atomic_page(qdev, chunk_bo, ptr);
i_data += size;
remain -= size;
page++;
Reported by FlawFinder.
Line: 180
Column: 6
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr = qxl_bo_kmap_atomic_page(qdev, chunk_bo, page_base);
k_data = ptr + page_offset;
memcpy(k_data, i_data, size);
qxl_bo_kunmap_atomic_page(qdev, chunk_bo, ptr);
remain -= size;
i_data += size;
out_offset += size;
}
Reported by FlawFinder.
drivers/gpu/drm/radeon/cik.c
2 issues
Line: 1973
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t pfp_req_size, me_req_size, ce_req_size,
mec_req_size, rlc_req_size, mc_req_size = 0,
sdma_req_size, smc_req_size = 0, mc2_req_size = 0;
char fw_name[30];
int new_fw = 0;
int err;
int num_fw;
bool new_smc = false;
Reported by FlawFinder.
Line: 5657
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 mc_id;
u32 vmid = (status & FAULT_VMID_MASK) >> FAULT_VMID_SHIFT;
u32 protections = (status & PROTECTIONS_MASK) >> PROTECTIONS_SHIFT;
char block[5] = { mc_client >> 24, (mc_client >> 16) & 0xff,
(mc_client >> 8) & 0xff, mc_client & 0xff, 0 };
if (rdev->family == CHIP_HAWAII)
mc_id = (status & HAWAII_MEMORY_CLIENT_ID_MASK) >> MEMORY_CLIENT_ID_SHIFT;
else
Reported by FlawFinder.
drivers/gpu/drm/radeon/r600.c
2 issues
Line: 2655
r600_cp_stop(rdev);
WREG32(CP_RB_CNTL,
#ifdef __BIG_ENDIAN
BUF_SWAP_32BIT |
#endif
RB_NO_UPDATE | RB_BLKSZ(15) | RB_BUFSZ(3));
/* Reset cp */
Reported by Cppcheck.
Line: 2438
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *rlc_chip_name;
const char *smc_chip_name = "RV770";
size_t pfp_req_size, me_req_size, rlc_req_size, smc_req_size = 0;
char fw_name[30];
int err;
DRM_DEBUG("\n");
switch (rdev->family) {
Reported by FlawFinder.