The following issues were found
drivers/soc/fsl/qe/qe.c
2 issues
Line: 335
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pr_err("QE: unsupported value of fsl,qe-num-snums: %u\n", qe_num_of_snum);
return;
}
memcpy(snums, snum_init, qe_num_of_snum);
}
int qe_get_snum(void)
{
unsigned long flags;
Reported by FlawFinder.
Line: 529
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&qe_firmware_info, 0, sizeof(qe_firmware_info));
strlcpy(qe_firmware_info.id, firmware->id, sizeof(qe_firmware_info.id));
qe_firmware_info.extended_modes = be64_to_cpu(firmware->extended_modes);
memcpy(qe_firmware_info.vtraps, firmware->vtraps,
sizeof(firmware->vtraps));
/* Loop through each microcode. */
for (i = 0; i < firmware->count; i++) {
const struct qe_microcode *ucode = &firmware->microcode[i];
Reported by FlawFinder.
drivers/staging/media/atomisp/i2c/ov5693/atomisp-ov5693.c
2 issues
Line: 132
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int err;
struct i2c_msg msg[2];
unsigned char data[6];
if (!client->adapter) {
dev_err(&client->dev, "%s error, no client->adapter\n",
__func__);
return -ENODEV;
Reported by FlawFinder.
Line: 266
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 reg, u16 val)
{
int ret;
unsigned char data[4] = {0};
__be16 *wreg = (void *)data;
const u16 len = data_length + sizeof(u16); /* 16-bit address + data */
if (data_length != OV5693_8BIT && data_length != OV5693_16BIT) {
dev_err(&client->dev,
Reported by FlawFinder.
drivers/staging/media/atomisp/include/linux/atomisp_platform.h
2 issues
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct intel_v4l2_subdev_id {
char name[17];
enum intel_v4l2_subdev_type type;
enum atomisp_camera_port port;
};
struct intel_v4l2_subdev_i2c_board_info {
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct camera_vcm_control {
char camera_module[CAMERA_MODULE_ID_LEN];
struct camera_vcm_ops *ops;
struct list_head list;
};
struct camera_sensor_platform_data {
Reported by FlawFinder.
drivers/staging/media/atomisp/i2c/atomisp-gc0310.c
2 issues
Line: 43
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int err;
struct i2c_msg msg[2];
unsigned char data[1];
if (!client->adapter) {
dev_err(&client->dev, "%s error, no client->adapter\n",
__func__);
return -ENODEV;
Reported by FlawFinder.
Line: 108
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 reg, u8 val)
{
int ret;
unsigned char data[2] = {0};
u8 *wreg = (u8 *)data;
const u16 len = data_length + sizeof(u8); /* 8-bit address + data */
if (data_length != GC0310_8BIT) {
dev_err(&client->dev,
Reported by FlawFinder.
drivers/tty/serial/max3100.c
2 issues
Line: 580
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct max3100_port *s = container_of(port,
struct max3100_port,
port);
char b[12];
dev_dbg(&s->spi->dev, "%s\n", __func__);
s->conf = MAX3100_RM;
s->baud = s->crystal ? 230400 : 115200;
Reported by FlawFinder.
Line: 595
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
s->parity = 0;
s->rts = 0;
sprintf(b, "max3100-%d", s->minor);
s->workqueue = create_freezable_workqueue(b);
if (!s->workqueue) {
dev_warn(&s->spi->dev, "cannot create workqueue\n");
return -EBUSY;
}
Reported by FlawFinder.
drivers/staging/rtl8723bs/core/rtw_sta_mgt.c
2 issues
Line: 203
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
psta->padapter = pstapriv->padapter;
memcpy(psta->hwaddr, hwaddr, ETH_ALEN);
index = wifi_mac_hash(hwaddr);
if (index >= NUM_STA) {
spin_unlock_bh(&(pstapriv->sta_hash_lock));
Reported by FlawFinder.
Line: 228
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* So, we initialize the tid_rxseq variable as the 0xffff. */
for (i = 0; i < 16; i++)
memcpy(&psta->sta_recvpriv.rxcache.tid_rxseq[i], &wRxSeqInitialValue, 2);
init_addba_retry_timer(pstapriv->padapter, psta);
/* for A-MPDU Rx reordering buffer control */
for (i = 0; i < 16 ; i++) {
Reported by FlawFinder.
drivers/sh/clk/cpg.c
2 issues
Line: 43
Column: 18
CWE codes:
120
20
{
sh_clk_write(sh_clk_read(clk) & ~(1 << clk->enable_bit), clk);
if (clk->status_reg) {
unsigned int (*read)(const void __iomem *addr);
int i;
void __iomem *mapped_status = (phys_addr_t)clk->status_reg -
(phys_addr_t)clk->enable_reg + clk->mapped_reg;
if (clk->flags & CLK_ENABLE_REG_8BIT)
Reported by FlawFinder.
Line: 56
Column: 9
CWE codes:
120
20
read = ioread32;
for (i = 1000;
(read(mapped_status) & (1 << clk->enable_bit)) && i;
i--)
cpu_relax();
if (!i) {
pr_err("cpg: failed to enable %p[%d]\n",
clk->enable_reg, clk->enable_bit);
Reported by FlawFinder.
drivers/spi/spi-pxa2xx.h
2 issues
Line: 50
Column: 8
CWE codes:
120
20
void *rx_end;
u8 n_bytes;
int (*write)(struct driver_data *drv_data);
int (*read)(struct driver_data *drv_data);
irqreturn_t (*transfer_handler)(struct driver_data *drv_data);
void (*cs_control)(u32 command);
void __iomem *lpss_base;
Reported by FlawFinder.
Line: 73
Column: 8
CWE codes:
120
20
u16 lpss_tx_threshold;
int (*write)(struct driver_data *drv_data);
int (*read)(struct driver_data *drv_data);
void (*cs_control)(u32 command);
};
static inline u32 pxa2xx_spi_read(const struct driver_data *drv_data, u32 reg)
Reported by FlawFinder.
drivers/video/fbdev/nvidia/nvidia.c
2 issues
Line: 1140
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fb_videomode_to_var(&nvidiafb_default_var, mode);
nvidiafb_default_var.bits_per_pixel = bpp;
} else if (par->fpWidth && par->fpHeight) {
char buf[16];
memset(buf, 0, 16);
snprintf(buf, 15, "%dx%dMR", par->fpWidth, par->fpHeight);
fb_find_mode(&nvidiafb_default_var, info, buf, specs->modedb,
specs->modedb_len, &modedb, bpp);
Reported by FlawFinder.
Line: 1340
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto err_out_arch;
}
sprintf(nvidiafb_fix.id, "NV%x", (pd->device & 0x0ff0) >> 4);
if (NVCommonSetup(info))
goto err_out_arch;
par->FbAddress = nvidiafb_fix.smem_start;
Reported by FlawFinder.
drivers/soc/ti/omap_prm.c
2 issues
Line: 909
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
reset->prm = prm;
sprintf(buf, "%s_clkdm", prm->data->clkdm_name ? prm->data->clkdm_name :
prm->data->name);
if (!(prm->data->flags & OMAP_PRM_HAS_NO_CLKDM)) {
reset->clkdm = pdata->clkdm_lookup(buf);
if (!reset->clkdm)
Reported by FlawFinder.
Line: 874
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct omap_reset_data *reset;
const struct omap_rst_map *map;
struct ti_prm_platform_data *pdata = dev_get_platdata(&pdev->dev);
char buf[32];
u32 v;
/*
* Check if we have controllable resets. If either rstctrl is non-zero
* or OMAP_PRM_HAS_RSTCTRL flag is set, we have reset control register
Reported by FlawFinder.