The following issues were found
drivers/input/keyboard/adp5589-keys.c
2 issues
Line: 242
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool is_adp5585;
bool support_row5;
#ifdef CONFIG_GPIOLIB
unsigned char gpiomap[ADP5589_MAXGPIO];
struct gpio_chip gc;
struct mutex gpio_lock; /* Protect cached dir, dat_out */
u8 dat_out[3];
u8 dir[3];
#endif
Reported by FlawFinder.
Line: 897
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
input->keycodemax = pdata->keymapsize;
input->keycode = kpad->keycode;
memcpy(kpad->keycode, pdata->keymap,
pdata->keymapsize * input->keycodesize);
kpad->gpimap = pdata->gpimap;
kpad->gpimapsize = pdata->gpimapsize;
Reported by FlawFinder.
drivers/input/keyboard/imx_keypad.c
2 issues
Line: 214
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Increase the count of number of scans with a stable state.
*/
if (state_changed) {
memcpy(keypad->matrix_unstable_state, matrix_volatile_state,
sizeof(matrix_volatile_state));
keypad->stable_count = 0;
} else
keypad->stable_count++;
Reported by FlawFinder.
Line: 239
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (keypad->stable_count == IMX_KEYPAD_SCANS_FOR_STABILITY) {
imx_keypad_fire_events(keypad, matrix_volatile_state);
memcpy(keypad->matrix_stable_state, matrix_volatile_state,
sizeof(matrix_volatile_state));
}
is_zero_matrix = true;
for (i = 0; i < MAX_MATRIX_KEY_COLS; i++) {
Reported by FlawFinder.
drivers/input/keyboard/pxa27x_keypad.c
2 issues
Line: 214
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const __be32 *prop;
int i, relkey_ret;
unsigned int code, proplen;
const char *rotaryname[2] = {
"marvell,rotary0", "marvell,rotary1"};
const char relkeyname[] = {"marvell,rotary-rel-key"};
struct input_dev *input_dev = keypad->input_dev;
struct device *dev = input_dev->dev.parent;
struct device_node *np = dev->of_node;
Reported by FlawFinder.
Line: 472
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
input_sync(input_dev);
memcpy(keypad->matrix_key_state, new_state, sizeof(new_state));
}
#define DEFAULT_KPREC (0x007f007f)
static inline int rotary_delta(uint32_t kprec)
Reported by FlawFinder.
drivers/input/misc/ad714x.h
2 issues
Line: 51
Column: 20
CWE codes:
120
20
int ad714x_disable(struct ad714x_chip *ad714x);
int ad714x_enable(struct ad714x_chip *ad714x);
struct ad714x_chip *ad714x_probe(struct device *dev, u16 bus_type, int irq,
ad714x_read_t read, ad714x_write_t write);
#endif
Reported by FlawFinder.
drivers/input/misc/hp_sdc_rtc.c
2 issues
Line: 126
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (memcmp(&tm, &tm_last, sizeof(struct rtc_time))) {
if (i++ > 4) return -1;
memcpy(&tm_last, &tm, sizeof(struct rtc_time));
if (hp_sdc_rtc_do_read_bbrtc(&tm)) return -1;
}
memcpy(rtctm, &tm, sizeof(struct rtc_time));
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (hp_sdc_rtc_do_read_bbrtc(&tm)) return -1;
}
memcpy(rtctm, &tm, sizeof(struct rtc_time));
return 0;
}
Reported by FlawFinder.
drivers/input/misc/iqs269a.c
2 issues
Line: 284
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
} __packed;
struct iqs269_flags {
__be16 system;
u8 gesture;
u8 padding;
u8 states[4];
} __packed;
Reported by FlawFinder.
Line: 1214
Column: 24
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
* in the event of an I2C communication error. In this case, the device
* asserts a SHOW_RESET interrupt and all registers must be restored.
*/
if (be16_to_cpu(flags.system) & IQS269_SYS_FLAGS_SHOW_RESET) {
dev_err(&client->dev, "Unexpected device reset\n");
error = iqs269_dev_init(iqs269);
if (error)
dev_err(&client->dev,
Reported by FlawFinder.
drivers/input/mouse/cyapa.h
2 issues
Line: 339
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct regulator *vcc;
struct i2c_client *client;
struct input_dev *input;
char phys[32]; /* Device physical location */
bool irq_wake; /* Irq wake is enabled */
bool smbus;
/* power mode settings */
u8 suspend_power_mode;
Reported by FlawFinder.
Line: 353
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct gen6_interval_setting gen6_interval_setting;
/* Read from query data region. */
char product_id[16];
u8 platform_ver; /* Platform version. */
u8 fw_maj_ver; /* Firmware major version. */
u8 fw_min_ver; /* Firmware minor version. */
u8 btn_capability;
u8 gen;
Reported by FlawFinder.
drivers/input/mouse/focaltech.c
2 issues
Line: 268
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int focaltech_switch_protocol(struct psmouse *psmouse)
{
struct ps2dev *ps2dev = &psmouse->ps2dev;
unsigned char param[3];
param[0] = 0;
if (ps2_command(ps2dev, param, 0x10f8))
return -EIO;
Reported by FlawFinder.
Line: 377
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct ps2dev *ps2dev = &psmouse->ps2dev;
struct focaltech_data *priv = psmouse->private;
char param[3];
if (focaltech_read_register(ps2dev, 2, param))
return -EIO;
/* not sure whether this is 100% correct */
Reported by FlawFinder.
drivers/input/mouse/sermouse.c
2 issues
Line: 32
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sermouse {
struct input_dev *dev;
signed char buf[8];
unsigned char count;
unsigned char type;
unsigned long last;
char phys[32];
};
Reported by FlawFinder.
Line: 36
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char count;
unsigned char type;
unsigned long last;
char phys[32];
};
/*
* sermouse_process_msc() analyzes the incoming MSC/Sun bytestream and
* applies some prediction to the data, resulting in 96 updates per
Reported by FlawFinder.
drivers/input/mouse/synaptics.c
2 issues
Line: 226
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int error;
union {
__be32 be_val;
char buf[4];
} resp = { 0 };
error = synaptics_send_cmd(psmouse, query_cmd, resp.buf + 1);
if (error)
return error;
Reported by FlawFinder.
Line: 1366
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct synaptics_data *priv = psmouse->private;
return sprintf(buf, "%c\n", priv->disable_gesture ? '1' : '0');
}
static ssize_t synaptics_set_disable_gesture(struct psmouse *psmouse,
void *data, const char *buf,
size_t len)
Reported by FlawFinder.