The following issues were found
drivers/gpu/drm/rockchip/cdn-dp-core.c
2 issues
Line: 567
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
video->v_sync_polarity = !!(mode->flags & DRM_MODE_FLAG_NVSYNC);
video->h_sync_polarity = !!(mode->flags & DRM_MODE_FLAG_NHSYNC);
memcpy(&dp->mode, adjusted, sizeof(*mode));
}
static bool cdn_dp_check_link_status(struct cdn_dp_device *dp)
{
u8 link_status[DP_LINK_STATUS_SIZE];
Reported by FlawFinder.
Line: 846
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
struct cdn_dp_device *dp = dev_get_drvdata(dev);
memcpy(buf, dp->connector.eld, min(sizeof(dp->connector.eld), len));
return 0;
}
static const struct hdmi_codec_ops audio_codec_ops = {
Reported by FlawFinder.
drivers/gpu/drm/sti/sti_gdp.c
2 issues
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct gdp_format_to_str {
int format;
char name[20];
} gdp_format_to_str[] = {
GDP2STR(RGB565),
GDP2STR(RGB888),
GDP2STR(RGB888_32),
GDP2STR(XBGR8888),
Reported by FlawFinder.
Line: 807
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
top_field->gam_gdp_size = src_h << 16 | src_w;
/* Same content and chained together */
memcpy(btm_field, top_field, sizeof(*btm_field));
top_field->gam_gdp_nvn = list->btm_field_paddr;
btm_field->gam_gdp_nvn = list->top_field_paddr;
/* Interlaced mode */
if (mode->flags & DRM_MODE_FLAG_INTERLACE)
Reported by FlawFinder.
drivers/gpu/drm/sti/sti_hdmi.c
2 issues
Line: 943
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
DRM_DEBUG_DRIVER("\n");
/* Copy the drm display mode in the connector local structure */
memcpy(&hdmi->mode, mode, sizeof(struct drm_display_mode));
/* Update clock framerate according to the selected mode */
ret = clk_set_rate(hdmi->clk_pix, mode->clock * 1000);
if (ret < 0) {
DRM_ERROR("Cannot set rate (%dHz) for hdmi_pix clk\n",
Reported by FlawFinder.
Line: 1221
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct drm_connector *connector = hdmi->drm_connector;
DRM_DEBUG_DRIVER("\n");
memcpy(buf, connector->eld, min(sizeof(connector->eld), len));
return 0;
}
static const struct hdmi_codec_ops audio_codec_ops = {
Reported by FlawFinder.
drivers/gpu/drm/sti/sti_plane.h
2 issues
Line: 58
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int curr_field_counter;
unsigned int last_field_counter;
ktime_t last_timestamp;
char fps_str[FPS_LENGTH];
char fips_str[FPS_LENGTH];
};
/**
* STI plane structure
Reported by FlawFinder.
Line: 59
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int last_field_counter;
ktime_t last_timestamp;
char fps_str[FPS_LENGTH];
char fips_str[FPS_LENGTH];
};
/**
* STI plane structure
*
Reported by FlawFinder.
drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
2 issues
Line: 896
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!bounce)
return -ENOMEM;
memcpy(bounce, msg->tx_buf, msg->tx_len);
len += msg->tx_len;
crc = sun6i_dsi_crc_compute(bounce, msg->tx_len);
memcpy((u8 *)bounce + msg->tx_len, &crc, sizeof(crc));
len += sizeof(crc);
Reported by FlawFinder.
Line: 900
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len += msg->tx_len;
crc = sun6i_dsi_crc_compute(bounce, msg->tx_len);
memcpy((u8 *)bounce + msg->tx_len, &crc, sizeof(crc));
len += sizeof(crc);
regmap_bulk_write(dsi->regs, SUN6I_DSI_CMD_TX_REG(1), bounce, DIV_ROUND_UP(len, 4));
regmap_write(dsi->regs, SUN6I_DSI_CMD_CTL_REG, len + 4 - 1);
kfree(bounce);
Reported by FlawFinder.
drivers/gpu/drm/tiny/repaper.c
2 issues
Line: 141
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ndelay(80);
ret = spi_sync_transfer(spi, tr, 2);
if (rx && !ret)
memcpy(rx, rxbuf, len);
out_free:
kfree(headerbuf);
kfree(txbuf);
kfree(rxbuf);
Reported by FlawFinder.
Line: 608
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
epd->partial = true;
}
memcpy(epd->current_frame, buf, fb->width * fb->height / 8);
/*
* An extra frame write is needed if pixels are set in the bottom line,
* or else grey lines rises up from the pixels
*/
Reported by FlawFinder.
drivers/gpu/drm/ttm/ttm_bo_vm.c
2 issues
Line: 490
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ptr = (uint8_t *)ttm_kmap_obj_virtual(&map, &is_iomem) + offset;
WARN_ON_ONCE(is_iomem);
if (write)
memcpy(ptr, buf, bytes);
else
memcpy(buf, ptr, bytes);
ttm_bo_kunmap(&map);
page++;
Reported by FlawFinder.
Line: 492
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (write)
memcpy(ptr, buf, bytes);
else
memcpy(buf, ptr, bytes);
ttm_bo_kunmap(&map);
page++;
buf += bytes;
bytes_left -= bytes;
Reported by FlawFinder.
drivers/gpu/drm/vboxvideo/vbox_mode.c
2 issues
Line: 379
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t line_size = (width + 7) / 8;
u32 i, j;
memcpy(dst + mask_size, src, width * height * 4);
for (i = 0; i < height; ++i)
for (j = 0; j < width; ++j)
if (((u32 *)src)[i * width + j] > 0xf0000000)
dst[i * line_size + j / 8] |= (0x80 >> (j % 8));
}
Reported by FlawFinder.
Line: 644
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int height)
{
enum { EDID_SIZE = 128 };
unsigned char edid[EDID_SIZE] = {
0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, /* header */
0x58, 0x58, /* manufacturer (VBX) */
0x00, 0x00, /* product code */
0x00, 0x00, 0x00, 0x00, /* serial number goes here */
0x01, /* week of manufacture */
Reported by FlawFinder.
drivers/gpu/drm/vc4/vc4_hdmi.c
2 issues
Line: 1515
};
static const struct snd_dmaengine_pcm_config pcm_conf = {
.chan_names[SNDRV_PCM_STREAM_PLAYBACK] = "audio-rx",
.prepare_slave_config = snd_dmaengine_pcm_prepare_slave_config,
};
static int vc4_hdmi_audio_init(struct vc4_hdmi *vc4_hdmi)
{
Reported by Cppcheck.
Line: 1424
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct vc4_hdmi *vc4_hdmi = snd_component_to_hdmi(component);
struct drm_connector *connector = &vc4_hdmi->connector;
memcpy(ucontrol->value.bytes.data, connector->eld,
sizeof(connector->eld));
return 0;
}
Reported by FlawFinder.
drivers/gpu/drm/virtio/virtgpu_ioctl.c
2 issues
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct virtio_gpu_device *vgdev = dev->dev_private;
struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
char dbgname[TASK_COMM_LEN];
mutex_lock(&vfpriv->context_lock);
if (vfpriv->context_created)
goto out_unlock;
Reported by FlawFinder.
Line: 53
Column: 11
CWE codes:
126
get_task_comm(dbgname, current);
virtio_gpu_cmd_context_create(vgdev, vfpriv->ctx_id,
strlen(dbgname), dbgname);
vfpriv->context_created = true;
out_unlock:
mutex_unlock(&vfpriv->context_lock);
}
Reported by FlawFinder.