The following issues were found

arch/powerpc/kvm/powerpc.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 219 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			shared &= PAGE_MASK;
			shared |= vcpu->arch.magic_page_pa & 0xf000;
			new_shared = (void*)shared;
			memcpy(new_shared, old_shared, 0x1000);
			vcpu->arch.shared = new_shared;
		}
#endif

		r2 = KVM_MAGIC_FEAT_SR | KVM_MAGIC_FEAT_MAS0_TO_SPRG7;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 356 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	    !(kvmppc_get_msr(vcpu) & MSR_PR)) {
		void *magic = vcpu->arch.shared;
		magic += pte.eaddr & 0xfff;
		memcpy(magic, ptr, size);
		return EMULATE_DONE;
	}

	if (kvm_write_guest(vcpu->kvm, pte.raddr, ptr, size))
		return EMULATE_DO_MMIO;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 402 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	    !(kvmppc_get_msr(vcpu) & MSR_PR)) {
		void *magic = vcpu->arch.shared;
		magic += pte.eaddr & 0xfff;
		memcpy(ptr, magic, size);
		return EMULATE_DONE;
	}

	vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
	rc = kvm_read_guest(vcpu->kvm, pte.raddr, ptr, size);

Reported by FlawFinder.

arch/powerpc/platforms/pseries/scanlog.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 68 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	for (;;) {
		wait_time = 500;	/* default wait if no data */
		spin_lock(&rtas_data_buf_lock);
		memcpy(rtas_data_buf, data, RTAS_DATA_BUF_SIZE);
		status = rtas_call(ibm_scan_log_dump, 2, 1, NULL,
				   (u32) __pa(rtas_data_buf), (u32) count);
		memcpy(data, rtas_data_buf, RTAS_DATA_BUF_SIZE);
		spin_unlock(&rtas_data_buf_lock);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 71 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		memcpy(rtas_data_buf, data, RTAS_DATA_BUF_SIZE);
		status = rtas_call(ibm_scan_log_dump, 2, 1, NULL,
				   (u32) __pa(rtas_data_buf), (u32) count);
		memcpy(data, rtas_data_buf, RTAS_DATA_BUF_SIZE);
		spin_unlock(&rtas_data_buf_lock);

		pr_debug("scanlog: status=%d, data[0]=%x, data[1]=%x, " \
			 "data[2]=%x\n", status, data[0], data[1], data[2]);
		switch (status) {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 112 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static ssize_t scanlog_write(struct file * file, const char __user * buf,
			     size_t count, loff_t *ppos)
{
	char stkbuf[20];
	int status;

	if (count > 19) count = 19;
	if (copy_from_user (stkbuf, buf, count)) {
		return -EFAULT;

Reported by FlawFinder.

arch/um/drivers/mconsole_kern.h
3 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 33 Column: 3 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	if(current >= size) \
		str = NULL; \
	if(str != NULL){ \
		strcpy(str, chunk); \
		str += strlen(chunk); \
	} \
	if(end) \
		current++; \
} while(0)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 29 Column: 13 CWE codes: 126 

              
#define CONFIG_CHUNK(str, size, current, chunk, end) \
do { \
	current += strlen(chunk); \
	if(current >= size) \
		str = NULL; \
	if(str != NULL){ \
		strcpy(str, chunk); \
		str += strlen(chunk); \

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 34 Column: 10 CWE codes: 126 

              		str = NULL; \
	if(str != NULL){ \
		strcpy(str, chunk); \
		str += strlen(chunk); \
	} \
	if(end) \
		current++; \
} while(0)

Reported by FlawFinder.

arch/powerpc/platforms/powermac/pfunc_core.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 814 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct device_node *actor = of_node_get(target);
	struct pmf_device *dev;
	struct pmf_function *func, *result = NULL;
	char fname[64];
	const u32 *prop;
	u32 ph;

	/*
	 * Look for a "platform-*" function reference. If we can't find

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 685 Column: 19 CWE codes: 126 

              {
	struct property *pp;
#define PP_PREFIX "platform-do-"
	const int plen = strlen(PP_PREFIX);
	int count = 0;

	for (pp = dev->node->properties; pp != 0; pp = pp->next) {
		const char *name;
		if (strncmp(pp->name, PP_PREFIX, plen) != 0)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 693 Column: 7 CWE codes: 126 

              		if (strncmp(pp->name, PP_PREFIX, plen) != 0)
			continue;
		name = pp->name + plen;
		if (strlen(name) && pp->length >= 12)
			count += pmf_add_function_prop(dev, driverdata, name,
						       pp->value, pp->length);
	}
	return count;
}

Reported by FlawFinder.

arch/x86/pci/pcbios.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 70 Column: 12 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		unsigned char revision;		/* Revision level, 0 */
		unsigned char length;		/* Length in paragraphs should be 01 */
		unsigned char checksum;		/* All bytes must add up to zero */
		unsigned char reserved[5]; 	/* Must be zero */
	} fields;
	char chars[16];
};

/*

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 72 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		unsigned char checksum;		/* All bytes must add up to zero */
		unsigned char reserved[5]; 	/* Must be zero */
	} fields;
	char chars[16];
};

/*
 * Physical address of the service directory.  I don't know if we're
 * allowed to have more than one of these or not, so just in case

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 396 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			memset(rt, 0, sizeof(struct irq_routing_table));
			rt->size = opt.size + sizeof(struct irq_routing_table);
			rt->exclusive_irqs = map;
			memcpy(rt->slots, (void *) page, opt.size);
			printk(KERN_INFO "PCI: Using BIOS Interrupt Routing Table\n");
		}
	}
	free_page(page);
	return rt;

Reported by FlawFinder.

arch/microblaze/lib/memcpy.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 36 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
#ifdef __HAVE_ARCH_MEMCPY
#ifndef CONFIG_OPT_LIB_FUNCTION
void *memcpy(void *v_dst, const void *v_src, __kernel_size_t c)
{
	const char *src = v_src;
	char *dst = v_dst;

	/* Simple, byte oriented memcpy. */

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 48 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	return v_dst;
}
#else /* CONFIG_OPT_LIB_FUNCTION */
void *memcpy(void *v_dst, const void *v_src, __kernel_size_t c)
{
	const char *src = v_src;
	char *dst = v_dst;

	/* The following code tries to optimize the copy by using unsigned

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 192 Column: 15 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	return v_dst;
}
#endif /* CONFIG_OPT_LIB_FUNCTION */
EXPORT_SYMBOL(memcpy);
#endif /* __HAVE_ARCH_MEMCPY */

Reported by FlawFinder.

arch/x86/xen/setup.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 692 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		len = min(dest_len, src_len);
		to = early_memremap(dest - dest_off, dest_len + dest_off);
		from = early_memremap(src - src_off, src_len + src_off);
		memcpy(to, from, len);
		early_memunmap(to, dest_len + dest_off);
		early_memunmap(from, src_len + src_off);
		n -= len;
		dest += len;
		src += len;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 979 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}
#endif

	memcpy(boot_command_line, xen_start_info->cmd_line,
	       MAX_GUEST_CMDLINE > COMMAND_LINE_SIZE ?
	       COMMAND_LINE_SIZE : MAX_GUEST_CMDLINE);

	/* Set up idle, making sure it calls safe_halt() pvop */
	disable_cpuidle();

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 88 Column: 27 CWE codes: 126 

              	arg = strstr(xen_start_info->cmd_line, "xen_512gb_limit=");
	if (!arg)
		val = true;
	else if (strtobool(arg + strlen("xen_512gb_limit="), &val))
		return;

	xen_512gb_limit = val;
}

Reported by FlawFinder.

arch/microblaze/pci/pci-common.c
3 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1106 Column: 14 CWE codes: 120 20 

              					    devfn, offset, value);	\
}

EARLY_PCI_OP(read, byte, u8 *)
EARLY_PCI_OP(read, word, u16 *)
EARLY_PCI_OP(read, dword, u32 *)
EARLY_PCI_OP(write, byte, u8)
EARLY_PCI_OP(write, word, u16)
EARLY_PCI_OP(write, dword, u32)

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1107 Column: 14 CWE codes: 120 20 

              }

EARLY_PCI_OP(read, byte, u8 *)
EARLY_PCI_OP(read, word, u16 *)
EARLY_PCI_OP(read, dword, u32 *)
EARLY_PCI_OP(write, byte, u8)
EARLY_PCI_OP(write, word, u16)
EARLY_PCI_OP(write, dword, u32)

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1108 Column: 14 CWE codes: 120 20 

              
EARLY_PCI_OP(read, byte, u8 *)
EARLY_PCI_OP(read, word, u16 *)
EARLY_PCI_OP(read, dword, u32 *)
EARLY_PCI_OP(write, byte, u8)
EARLY_PCI_OP(write, word, u16)
EARLY_PCI_OP(write, dword, u32)

int early_find_capability(struct pci_controller *hose, int bus, int devfn,

Reported by FlawFinder.

arch/x86/um/ldt.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 171 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				goto out_unlock;
			}
			if (i == 0) {
				memcpy(ldt->u.pages[0], &entry0,
				       sizeof(entry0));
				memcpy(ldt->u.pages[0]+1, ldt->u.entries+1,
				       sizeof(entry0)*(LDT_DIRECT_ENTRIES-1));
			}
			ldt->entry_count = (i + 1) * LDT_ENTRIES_PER_PAGE;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 173 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			if (i == 0) {
				memcpy(ldt->u.pages[0], &entry0,
				       sizeof(entry0));
				memcpy(ldt->u.pages[0]+1, ldt->u.entries+1,
				       sizeof(entry0)*(LDT_DIRECT_ENTRIES-1));
			}
			ldt->entry_count = (i + 1) * LDT_ENTRIES_PER_PAGE;
		}
	}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 349 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			}
			new_mm->arch.ldt.u.pages[i] =
				(struct ldt_entry *) page;
			memcpy(new_mm->arch.ldt.u.pages[i],
			       from_mm->arch.ldt.u.pages[i], PAGE_SIZE);
		}
	}
	new_mm->arch.ldt.entry_count = from_mm->arch.ldt.entry_count;
	mutex_unlock(&from_mm->arch.ldt.lock);

Reported by FlawFinder.

arch/m68k/sun3/prom/printf.c
3 issues
vsprintf - Potential format string problem
Security

Line: 34 Column: 6 CWE codes: 134
Suggestion: Make format string constant 

              
#ifdef CONFIG_KGDB
	ppbuf[0] = 'O';
	i = vsprintf(ppbuf + 1, fmt, args) + 1;
#else
	i = vsprintf(ppbuf, fmt, args);
#endif

	bptr = ppbuf;

Reported by FlawFinder.

vsprintf - Potential format string problem
Security

Line: 36 Column: 6 CWE codes: 134
Suggestion: Make format string constant 

              	ppbuf[0] = 'O';
	i = vsprintf(ppbuf + 1, fmt, args) + 1;
#else
	i = vsprintf(ppbuf, fmt, args);
#endif

	bptr = ppbuf;

#ifdef CONFIG_KGDB

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 21 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              extern int kgdb_initialized;
#endif

static char ppbuf[1024];

void
prom_printf(char *fmt, ...)
{
	va_list args;

Reported by FlawFinder.