The following issues were found
drivers/gpu/drm/vkms/vkms_composer.c
2 issues
Line: 95
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
static void x_blend(const u8 *xrgb_src, u8 *xrgb_dst)
{
memcpy(xrgb_dst, xrgb_src, sizeof(u8) * 3);
}
/**
* blend - blend value at vaddr_src with value at vaddr_dst
* @vaddr_dst: destination address
Reported by FlawFinder.
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (WARN_ON(!shmem_obj->vaddr))
return -EINVAL;
memcpy(*vaddr_out, shmem_obj->vaddr, shmem_obj->base.size);
/* If there are other planes besides primary, we consider the active
* planes should be in z-order and compose them associatively:
* ((primary <- overlay) <- cursor)
*/
Reported by FlawFinder.
drivers/gpu/drm/vmwgfx/vmwgfx_blit.c
2 issues
Line: 248
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
void vmw_memcpy(struct vmw_diff_cpy *diff, u8 *dest, const u8 *src, size_t n)
{
memcpy(dest, src, n);
}
/**
* vmw_adjust_rect - Adjust rectangle coordinates for newly found difference
Reported by FlawFinder.
Line: 315
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
byte_len += csize;
vmw_adjust_rect(diff, csize);
}
memcpy(dest, src, byte_len);
}
diff->line_offset += n;
}
/**
Reported by FlawFinder.
drivers/gpu/drm/vmwgfx/vmwgfx_cmd.c
2 issues
Line: 394
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vmw_fifo_mem_write(vmw, SVGA_FIFO_RESERVED, bytes);
mb();
memcpy(fifo_mem + (next_cmd >> 2), buffer, chunk_size);
rest = bytes - chunk_size;
if (rest)
memcpy(fifo_mem + (min >> 2), buffer + (chunk_size >> 2), rest);
}
Reported by FlawFinder.
Line: 397
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(fifo_mem + (next_cmd >> 2), buffer, chunk_size);
rest = bytes - chunk_size;
if (rest)
memcpy(fifo_mem + (min >> 2), buffer + (chunk_size >> 2), rest);
}
static void vmw_fifo_slow_copy(struct vmw_fifo_state *fifo_state,
struct vmw_private *vmw,
uint32_t next_cmd,
Reported by FlawFinder.
drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
2 issues
Line: 243
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(dst_x1 + par->fb_x) * cpp);
while (h-- > 0) {
memcpy(dst_ptr, src_ptr, w*cpp);
dst_ptr += par->set_fb->pitches[0];
src_ptr += info->fix.line_length;
}
clip.x1 = dst_x1;
Reported by FlawFinder.
Line: 687
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/*
* Fixed and var
*/
strcpy(info->fix.id, "svgadrmfb");
info->fix.type = FB_TYPE_PACKED_PIXELS;
info->fix.visual = FB_VISUAL_TRUECOLOR;
info->fix.type_aux = 0;
info->fix.xpanstep = 1; /* doing it in hw */
info->fix.ypanstep = 1; /* doing it in hw */
Reported by FlawFinder.
drivers/gpu/drm/vmwgfx/vmwgfx_so.c
2 issues
Line: 180
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(cmd, &view->cmd, view->cmd_size);
WARN_ON(cmd->body.view_id != view->view_id);
/* Sid may have changed due to surface eviction. */
WARN_ON(view->srf->id == SVGA3D_INVALID_ID);
cmd->body.sid = view->srf->id;
vmw_cmd_commit(res->dev_priv, view->cmd_size);
Reported by FlawFinder.
Line: 374
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
view->committed = false;
INIT_LIST_HEAD(&view->srf_head);
INIT_LIST_HEAD(&view->cotable_head);
memcpy(&view->cmd, cmd, cmd_size);
ret = vmw_resource_init(dev_priv, res, true,
vmw_view_res_free, &vmw_view_func);
if (ret)
goto out_resource_init;
Reported by FlawFinder.
drivers/gpu/drm/zte/zx_hdmi.c
2 issues
Line: 437
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Enable audio input */
hdmi_writeb_mask(hdmi, AUD_EN, AUD_IN_EN, AUD_IN_EN);
memcpy(&frame.audio, cea, sizeof(*cea));
return zx_hdmi_infoframe_trans(hdmi, &frame, FSEL_AUDIO);
}
static int zx_hdmi_audio_mute(struct device *dev, void *data,
Reported by FlawFinder.
Line: 462
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct zx_hdmi *hdmi = dev_get_drvdata(dev);
struct drm_connector *connector = &hdmi->connector;
memcpy(buf, connector->eld, min(sizeof(connector->eld), len));
return 0;
}
static const struct hdmi_codec_ops zx_hdmi_codec_ops = {
Reported by FlawFinder.
drivers/gpu/host1x/debug.c
2 issues
Line: 33
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int len;
va_start(args, fmt);
len = vsnprintf(o->buf, sizeof(o->buf), fmt, args);
va_end(args);
o->fn(o->ctx, o->buf, len, false);
}
Reported by FlawFinder.
Line: 45
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int len;
va_start(args, fmt);
len = vsnprintf(o->buf, sizeof(o->buf), fmt, args);
va_end(args);
o->fn(o->ctx, o->buf, len, true);
}
Reported by FlawFinder.
drivers/greybus/connection.c
2 issues
Line: 28
CWE codes:
908
struct gb_connection *connection;
list_for_each_entry(connection, &hd->connections, hd_links) {
if (connection->intf == intf &&
connection->intf_cport_id == cport_id)
return true;
}
return false;
Reported by Cppcheck.
Line: 61
CWE codes:
908
spin_lock_irqsave(&gb_connections_lock, flags);
list_for_each_entry(connection, &hd->connections, hd_links)
if (connection->hd_cport_id == cport_id) {
gb_connection_get(connection);
goto found;
}
connection = NULL;
found:
Reported by Cppcheck.
drivers/greybus/module.c
2 issues
Line: 54
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct gb_module *module = to_gb_module(dev);
return sprintf(buf, "%u\n", module->module_id);
}
static DEVICE_ATTR_RO(module_id);
static ssize_t num_interfaces_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 63
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct gb_module *module = to_gb_module(dev);
return sprintf(buf, "%zu\n", module->num_interfaces);
}
static DEVICE_ATTR_RO(num_interfaces);
static struct attribute *module_attrs[] = {
&dev_attr_eject.attr,
Reported by FlawFinder.
drivers/hid/hid-bigbenff.c
2 issues
Line: 360
Column: 42
CWE codes:
126
if (error)
goto error_hw_stop;
name_sz = strlen(dev_name(&hid->dev)) + strlen(":red:bigben#") + 1;
for (n = 0; n < NUM_LEDS; n++) {
led = devm_kzalloc(
&hid->dev,
sizeof(struct led_classdev) + name_sz,
Reported by FlawFinder.
Line: 360
Column: 12
CWE codes:
126
if (error)
goto error_hw_stop;
name_sz = strlen(dev_name(&hid->dev)) + strlen(":red:bigben#") + 1;
for (n = 0; n < NUM_LEDS; n++) {
led = devm_kzalloc(
&hid->dev,
sizeof(struct led_classdev) + name_sz,
Reported by FlawFinder.