The following issues were found
drivers/tty/serial/cpm_uart/cpm_uart_core.c
2 issues
Line: 1022
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define GDB_BUF_SIZE 512 /* power of 2, please */
static char poll_buf[GDB_BUF_SIZE];
static char *pollp;
static int poll_chars;
static int poll_wait_key(char *obuf, struct uart_cpm_port *pinfo)
{
Reported by FlawFinder.
Line: 1087
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct uart_cpm_port *pinfo =
container_of(port, struct uart_cpm_port, port);
static char ch[2];
ch[0] = (char)c;
cpm_uart_early_write(pinfo, ch, 1, false);
}
Reported by FlawFinder.
drivers/scsi/ufs/ufs_bsg.c
2 issues
Line: 125
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case UPIU_TRANSACTION_UIC_CMD:
memcpy(&uc, &bsg_request->upiu_req.uc, UIC_CMD_SIZE);
ret = ufshcd_send_uic_cmd(hba, &uc);
if (ret)
dev_err(hba->dev,
"send uic cmd: error code %d\n", ret);
Reported by FlawFinder.
Line: 131
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_err(hba->dev,
"send uic cmd: error code %d\n", ret);
memcpy(&bsg_reply->upiu_rsp.uc, &uc, UIC_CMD_SIZE);
break;
default:
ret = -ENOTSUPP;
dev_err(hba->dev, "unsupported msgcode 0x%x\n", msgcode);
Reported by FlawFinder.
drivers/spi/spi-mxic.c
2 issues
Line: 298
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nbytes = 4;
if (txbuf)
memcpy(&data, txbuf + pos, nbytes);
ret = readl_poll_timeout(mxic->regs + INT_STS, sts,
sts & INT_TX_EMPTY, 0, USEC_PER_SEC);
if (ret)
return ret;
Reported by FlawFinder.
Line: 322
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data = readl(mxic->regs + RXD);
data >>= (8 * (4 - nbytes));
memcpy(rxbuf + pos, &data, nbytes);
WARN_ON(readl(mxic->regs + INT_STS) & INT_RX_NOT_EMPTY);
} else {
readl(mxic->regs + RXD);
}
WARN_ON(readl(mxic->regs + INT_STS) & INT_RX_NOT_EMPTY);
Reported by FlawFinder.
drivers/tty/serial/earlycon.c
2 issues
Line: 63
Column: 18
CWE codes:
126
size_t len;
/* scan backwards from end of string for first non-numeral */
for (s = name + strlen(name);
s > name && s[-1] >= '0' && s[-1] <= '9';
s--)
;
if (*s)
earlycon->index = simple_strtoul(s, NULL, 10);
Reported by FlawFinder.
Line: 189
Column: 16
CWE codes:
126
again:
for (match = __earlycon_table; match < __earlycon_table_end; match++) {
size_t len = strlen(match->name);
if (strncmp(buf, match->name, len))
continue;
/* prefer entries with empty compatible */
Reported by FlawFinder.
drivers/spi/spi-s3c64xx.c
2 issues
Line: 1069
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct s3c64xx_spi_info *sci = dev_get_platdata(&pdev->dev);
struct spi_master *master;
int ret, irq;
char clk_name[16];
if (!sci && pdev->dev.of_node) {
sci = s3c64xx_spi_parse_dt(&pdev->dev);
if (IS_ERR(sci))
return PTR_ERR(sci);
Reported by FlawFinder.
Line: 1169
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto err_deref_master;
}
sprintf(clk_name, "spi_busclk%d", sci->src_clk_nr);
sdd->src_clk = devm_clk_get(&pdev->dev, clk_name);
if (IS_ERR(sdd->src_clk)) {
dev_err(&pdev->dev,
"Unable to acquire clock '%s'\n", clk_name);
ret = PTR_ERR(sdd->src_clk);
Reported by FlawFinder.
drivers/usb/gadget/function/f_loopback.c
2 issues
Line: 479
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result;
mutex_lock(&opts->lock);
result = sprintf(page, "%d\n", opts->qlen);
mutex_unlock(&opts->lock);
return result;
}
Reported by FlawFinder.
Line: 517
Column: 11
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int result;
mutex_lock(&opts->lock);
result = sprintf(page, "%d\n", opts->bulk_buflen);
mutex_unlock(&opts->lock);
return result;
}
Reported by FlawFinder.
drivers/staging/media/atomisp/i2c/atomisp-gc2235.c
2 issues
Line: 44
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int err;
struct i2c_msg msg[2];
unsigned char data[6];
if (!client->adapter) {
dev_err(&client->dev, "%s error, no client->adapter\n",
__func__);
return -ENODEV;
Reported by FlawFinder.
Line: 109
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 reg, u8 val)
{
int ret;
unsigned char data[4] = {0};
const u16 len = data_length + sizeof(u8); /* 16-bit address + data */
if (data_length != GC2235_8BIT) {
dev_err(&client->dev,
"%s error, invalid data_length\n", __func__);
Reported by FlawFinder.
drivers/staging/media/atomisp/i2c/atomisp-mt9m114.c
2 issues
Line: 58
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int err;
struct i2c_msg msg[2];
unsigned char data[4];
if (!client->adapter) {
v4l2_err(client, "%s error, no client->adapter\n", __func__);
return -ENODEV;
}
Reported by FlawFinder.
Line: 110
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int num_msg;
struct i2c_msg msg;
unsigned char data[6] = {0};
__be16 *wreg;
int retry = 0;
if (!client->adapter) {
v4l2_err(client, "%s error, no client->adapter\n", __func__);
Reported by FlawFinder.
drivers/staging/media/atomisp/i2c/atomisp-ov2722.c
2 issues
Line: 44
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int err;
struct i2c_msg msg[2];
unsigned char data[6];
if (!client->adapter) {
dev_err(&client->dev, "%s error, no client->adapter\n",
__func__);
return -ENODEV;
Reported by FlawFinder.
Line: 115
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 reg, u16 val)
{
int ret;
unsigned char data[4] = {0};
__be16 *wreg = (__be16 *)data;
const u16 len = data_length + sizeof(u16); /* 16-bit address + data */
if (data_length != OV2722_8BIT && data_length != OV2722_16BIT) {
dev_err(&client->dev,
Reported by FlawFinder.
drivers/staging/nvec/nvec.c
2 issues
Line: 267
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
msg->data[0] = size;
memcpy(msg->data + 1, data, size);
msg->size = size + 1;
spin_lock_irqsave(&nvec->tx_lock, flags);
list_add_tail(&msg->node, &nvec->tx_data);
spin_unlock_irqrestore(&nvec->tx_lock, flags);
Reported by FlawFinder.
Line: 552
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock(&nvec->tx_lock);
if (list_empty(&nvec->tx_data)) {
dev_err(nvec->dev, "empty tx - sending no-op\n");
memcpy(nvec->tx_scratch.data, "\x02\x07\x02", 3);
nvec->tx_scratch.size = 3;
nvec->tx_scratch.pos = 0;
nvec->tx = &nvec->tx_scratch;
list_add_tail(&nvec->tx->node, &nvec->tx_data);
} else {
Reported by FlawFinder.