The following issues were found
drivers/hwtracing/coresight/coresight-cti-platform.c
2 issues
Line: 179
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cti_device *cti_dev = &drvdata->ctidev;
struct cti_trig_con *tc = NULL;
int cpuid = 0;
char cpu_name_str[16];
int ret = -ENOMEM;
/* Must have a cpu node */
cpuid = cti_plat_get_cpu_at_node(dev_fwnode(dev));
if (cpuid < 0) {
Reported by FlawFinder.
Line: 348
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cpuid = -1, err = 0;
struct coresight_device *csdev = NULL;
const char *assoc_name = "unknown";
char cpu_name_str[16];
int nr_sigs_in, nr_sigs_out;
/* look to see how many in and out signals we have */
nr_sigs_in = cti_plat_count_sig_elements(fwnode, CTI_DT_TRIGIN_SIGS);
nr_sigs_out = cti_plat_count_sig_elements(fwnode, CTI_DT_TRIGOUT_SIGS);
Reported by FlawFinder.
drivers/hwtracing/coresight/coresight-etb10.c
2 issues
Line: 255
Column: 46
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
u32 ffcr;
struct device *dev = &drvdata->csdev->dev;
struct csdev_access *csa = &drvdata->csdev->access;
CS_UNLOCK(drvdata->base);
ffcr = readl_relaxed(drvdata->base + ETB_FFCR);
/* stop formatter when a stop has completed */
Reported by FlawFinder.
Line: 689
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct etb_drvdata *drvdata = dev_get_drvdata(dev->parent);
unsigned long val = drvdata->trigger_cntr;
return sprintf(buf, "%#lx\n", val);
}
static ssize_t trigger_cntr_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t size)
Reported by FlawFinder.
drivers/hwtracing/coresight/coresight-funnel.c
2 issues
Line: 154
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct funnel_drvdata *drvdata = dev_get_drvdata(dev->parent);
unsigned long val = drvdata->priority;
return sprintf(buf, "%#lx\n", val);
}
static ssize_t priority_store(struct device *dev,
struct device_attribute *attr,
const char *buf, size_t size)
Reported by FlawFinder.
Line: 197
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pm_runtime_put(dev->parent);
return sprintf(buf, "%#x\n", val);
}
static DEVICE_ATTR_RO(funnel_ctrl);
static struct attribute *coresight_funnel_attrs[] = {
&dev_attr_funnel_ctrl.attr,
Reported by FlawFinder.
drivers/hwtracing/coresight/coresight-trbe.c
2 issues
Line: 827
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct trbe_cpudata *cpudata = dev_get_drvdata(dev);
return sprintf(buf, "%llx\n", cpudata->trbe_align);
}
static DEVICE_ATTR_RO(align);
static ssize_t flag_show(struct device *dev, struct device_attribute *attr, char *buf)
{
Reported by FlawFinder.
Line: 835
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct trbe_cpudata *cpudata = dev_get_drvdata(dev);
return sprintf(buf, "%d\n", cpudata->trbe_flag);
}
static DEVICE_ATTR_RO(flag);
static struct attribute *arm_trbe_attrs[] = {
&dev_attr_align.attr,
Reported by FlawFinder.
drivers/i2c/busses/i2c-cros-ec-tunnel.c
2 issues
Line: 99
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i2c_msg->flags & I2C_M_RD) {
msg->addr_flags |= EC_I2C_FLAG_READ;
} else {
memcpy(out_data, i2c_msg->buf, msg->len);
out_data += msg->len;
}
}
return 0;
Reported by FlawFinder.
Line: 166
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct i2c_msg *i2c_msg = &i2c_msgs[i];
if (i2c_msgs[i].flags & I2C_M_RD) {
memcpy(i2c_msg->buf, in_data, i2c_msg->len);
in_data += i2c_msg->len;
}
}
return 0;
Reported by FlawFinder.
drivers/i2c/busses/i2c-dln2.c
2 issues
Line: 91
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tx->mem_addr_len = 0;
tx->mem_addr = 0;
tx->buf_len = cpu_to_le16(data_len);
memcpy(tx->buf, data, data_len);
len = sizeof(*tx) + data_len - DLN2_I2C_MAX_XFER_SIZE;
ret = dln2_transfer_tx(dln2->pdev, DLN2_I2C_WRITE, tx, len);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 135
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (le16_to_cpu(rx->buf_len) != data_len)
return -EPROTO;
memcpy(data, rx->buf, data_len);
return data_len;
}
static int dln2_i2c_xfer(struct i2c_adapter *adapter,
Reported by FlawFinder.
drivers/i2c/busses/i2c-emev2.c
2 issues
Line: 164
Column: 6
CWE codes:
120
20
}
/* Extra setup for read transactions */
if (read) {
/* 8 bit interrupt mode */
em_clear_set_bit(priv, I2C_BIT_WTIM0, I2C_BIT_ACKE0, I2C_OFS_IICC0);
em_clear_set_bit(priv, I2C_BIT_WTIM0, I2C_BIT_WREL0, I2C_OFS_IICC0);
/* Wait for transaction */
Reported by FlawFinder.
Line: 177
Column: 7
CWE codes:
120
20
/* Send / receive data */
for (count = 0; count < msg->len; count++) {
if (read) { /* Read transaction */
msg->buf[count] = readb(priv->base + I2C_OFS_IIC0);
em_clear_set_bit(priv, 0, I2C_BIT_WREL0, I2C_OFS_IICC0);
} else { /* Write transaction */
/* Received NACK */
Reported by FlawFinder.
drivers/i2c/busses/i2c-iop3xx.c
2 issues
Line: 483
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto unmap;
}
memcpy(new_adapter->name, pdev->name, strlen(pdev->name));
new_adapter->owner = THIS_MODULE;
new_adapter->class = I2C_CLASS_HWMON | I2C_CLASS_SPD;
new_adapter->dev.parent = &pdev->dev;
new_adapter->dev.of_node = pdev->dev.of_node;
new_adapter->nr = pdev->id;
Reported by FlawFinder.
Line: 483
Column: 40
CWE codes:
126
goto unmap;
}
memcpy(new_adapter->name, pdev->name, strlen(pdev->name));
new_adapter->owner = THIS_MODULE;
new_adapter->class = I2C_CLASS_HWMON | I2C_CLASS_SPD;
new_adapter->dev.parent = &pdev->dev;
new_adapter->dev.of_node = pdev->dev.of_node;
new_adapter->nr = pdev->id;
Reported by FlawFinder.
drivers/i2c/busses/i2c-mt7621.c
2 issues
Line: 198
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd = (len > 8) ?
SM0CTL1_READ : SM0CTL1_READ_LAST;
} else {
memcpy(data, &pmsg->buf[j], page_len);
iowrite32(data[0], i2c->base + REG_SM0D0_REG);
iowrite32(data[1], i2c->base + REG_SM0D1_REG);
cmd = SM0CTL1_WRITE;
}
Reported by FlawFinder.
Line: 211
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (pmsg->flags & I2C_M_RD) {
data[0] = ioread32(i2c->base + REG_SM0D0_REG);
data[1] = ioread32(i2c->base + REG_SM0D1_REG);
memcpy(&pmsg->buf[j], data, page_len);
} else {
if (!(pmsg->flags & I2C_M_IGNORE_NAK)) {
ret = mtk_i2c_check_ack(i2c,
(1 << page_len)
- 1);
Reported by FlawFinder.
drivers/i2c/busses/i2c-mv64xxx.c
2 issues
Line: 448
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf[0] = readl(drv_data->reg_base + MV64XXX_I2C_REG_RX_DATA_LO);
buf[1] = readl(drv_data->reg_base + MV64XXX_I2C_REG_RX_DATA_HI);
memcpy(msg->buf, buf, msg->len);
}
static int
mv64xxx_i2c_intr_offload(struct mv64xxx_i2c_data *drv_data)
{
Reported by FlawFinder.
Line: 603
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct i2c_msg *msg = drv_data->msgs;
u32 buf[2];
memcpy(buf, msg->buf, msg->len);
writel(buf[0], drv_data->reg_base + MV64XXX_I2C_REG_TX_DATA_LO);
writel(buf[1], drv_data->reg_base + MV64XXX_I2C_REG_TX_DATA_HI);
}
Reported by FlawFinder.