The following issues were found
arch/x86/kernel/crash_dump_64.c
1 issues
Line: 37
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EFAULT;
}
} else
memcpy(buf, vaddr + offset, csize);
set_iounmap_nonlazy();
iounmap((void __iomem *)vaddr);
return csize;
}
Reported by FlawFinder.
arch/x86/kernel/devicetree.c
1 issues
Line: 30
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <asm/prom.h>
__initdata u64 initial_dtb;
char __initdata cmd_line[COMMAND_LINE_SIZE];
int __initdata of_ioapic;
void __init early_init_dt_scan_chosen_arch(unsigned long node)
{
Reported by FlawFinder.
arch/arm/mm/flush.c
1 issues
Line: 192
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef CONFIG_SMP
preempt_disable();
#endif
memcpy(dst, src, len);
flush_ptrace_access(vma, page, uaddr, dst, len);
#ifdef CONFIG_SMP
preempt_enable();
#endif
}
Reported by FlawFinder.
arch/alpha/kernel/sys_rawhide.c
1 issues
Line: 227
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
rawhide_map_irq(const struct pci_dev *dev, u8 slot, u8 pin)
{
static char irq_tab[5][5] = {
/*INT INTA INTB INTC INTD */
{ 16+16, 16+16, 16+16, 16+16, 16+16}, /* IdSel 1 SCSI PCI 1 */
{ 16+ 0, 16+ 0, 16+ 1, 16+ 2, 16+ 3}, /* IdSel 2 slot 2 */
{ 16+ 4, 16+ 4, 16+ 5, 16+ 6, 16+ 7}, /* IdSel 3 slot 3 */
{ 16+ 8, 16+ 8, 16+ 9, 16+10, 16+11}, /* IdSel 4 slot 4 */
Reported by FlawFinder.
arch/arm/mm/cache-l2x0.c
1 issues
Line: 685
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct outer_cache_fns *fns)
{
unsigned revision = cache_id & L2X0_CACHE_ID_RTL_MASK;
const char *errata[8];
unsigned n = 0;
if (IS_ENABLED(CONFIG_PL310_ERRATA_588369) &&
revision < L310_CACHE_ID_RTL_R2P0 &&
/* For bcm compatibility */
Reported by FlawFinder.
arch/x86/kernel/fpu/xstate.c
1 issues
Line: 1085
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const void *kbuf, const void __user *ubuf)
{
if (kbuf) {
memcpy(dst, kbuf + offset, size);
} else {
if (copy_from_user(dst, ubuf + offset, size))
return -EFAULT;
}
return 0;
Reported by FlawFinder.
arch/arm/mach-tegra/reset.c
1 issues
Line: 66
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUG_ON(is_enabled);
BUG_ON(tegra_cpu_reset_handler_size > TEGRA_IRAM_RESET_HANDLER_SIZE);
memcpy(iram_base, (void *)__tegra_cpu_reset_handler_start,
tegra_cpu_reset_handler_size);
err = call_firmware_op(set_cpu_boot_addr, 0, reset_address);
switch (err) {
case -ENOSYS:
Reported by FlawFinder.
arch/x86/kernel/head64.c
1 issues
Line: 448
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
cmd_line_ptr = get_cmd_line_ptr();
if (cmd_line_ptr) {
command_line = __va(cmd_line_ptr);
memcpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
}
/*
* The old boot data is no longer needed and won't be reserved,
* freeing up that memory for use by the system. If SME is active,
Reported by FlawFinder.
arch/arm/mach-s3c/simtec-usb.c
1 issues
Line: 88
}
static struct s3c2410_hcd_info usb_simtec_info __initdata = {
.port[0] = {
.flags = S3C_HCDFLG_USED
},
.port[1] = {
.flags = S3C_HCDFLG_USED
},
Reported by Cppcheck.
arch/x86/kernel/i8259.c
1 issues
Line: 232
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.irq_mask_ack = mask_and_ack_8259A,
};
static char irq_trigger[2];
/**
* ELCR registers (0x4d0, 0x4d1) control edge/level of IRQ
*/
static void restore_ELCR(char *trigger)
{
Reported by FlawFinder.