The following issues were found

arch/arm/include/uapi/asm/stat.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 59 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               */
struct stat64 {
	unsigned long long	st_dev;
	unsigned char   __pad0[4];

#define STAT64_HAS_BROKEN_ST_INO	1
	unsigned long	__st_ino;
	unsigned int	st_mode;
	unsigned int	st_nlink;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 70 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned long	st_gid;

	unsigned long long	st_rdev;
	unsigned char   __pad3[4];

	long long	st_size;
	unsigned long	st_blksize;
	unsigned long long st_blocks;	/* Number 512-byte blocks allocated. */

Reported by FlawFinder.

arch/arm/kernel/atags_parse.c
2 issues
Comparing pointers that point to different objects
Error

Line: 148 CWE codes: 570 

              	extern struct tagtable __tagtable_begin, __tagtable_end;
	struct tagtable *t;

	for (t = &__tagtable_begin; t < &__tagtable_end; t++)
		if (tag->hdr.tag == t->tag) {
			t->parse(tag);
			break;
		}

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 33 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
#include "atags.h"

static char default_command_line[COMMAND_LINE_SIZE] __initdata = CONFIG_CMDLINE;

#ifndef MEM_SIZE
#define MEM_SIZE	(16*1024*1024)
#endif

Reported by FlawFinder.

arch/arm/kernel/atags_proc.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 26 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };

#define BOOT_PARAMS_SIZE 1536
static char __initdata atags_copy[BOOT_PARAMS_SIZE];

void __init save_atags(const struct tag *tags)
{
	memcpy(atags_copy, tags, sizeof(atags_copy));
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 62 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto nomem;

	b->size = size;
	memcpy(b->data, atags_copy, size);

	tags_entry = proc_create_data("atags", 0400, NULL, &atags_proc_ops, b);
	if (!tags_entry)
		goto nomem;

Reported by FlawFinder.

arch/arm/kernel/devtree.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 241 Column: 12 CWE codes: 126 

              		prop = of_get_flat_dt_prop(dt_root, "compatible", &size);
		while (size > 0) {
			early_print("'%s' ", prop);
			size -= strlen(prop) + 1;
			prop += strlen(prop) + 1;
		}
		early_print("]\n\n");

		dump_machine_table(); /* does not return */

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 242 Column: 12 CWE codes: 126 

              		while (size > 0) {
			early_print("'%s' ", prop);
			size -= strlen(prop) + 1;
			prop += strlen(prop) + 1;
		}
		early_print("]\n\n");

		dump_machine_table(); /* does not return */
	}

Reported by FlawFinder.

arch/arm/kernel/early_printk.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static void early_write(const char *s, unsigned n)
{
	char buf[128];
	while (n) {
		unsigned l = min(n, sizeof(buf)-1);
		memcpy(buf, s, l);
		buf[l] = 0;
		s += l;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 20 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	char buf[128];
	while (n) {
		unsigned l = min(n, sizeof(buf)-1);
		memcpy(buf, s, l);
		buf[l] = 0;
		s += l;
		n -= l;
		printascii(buf);
	}

Reported by FlawFinder.

arch/arm/kernel/head-inflate-data.c
2 issues
Subtracting pointers that point to different objects
Error

Line: 49 CWE codes: 570 

              
	strm->workspace = &state;
	strm->next_in = in;
	strm->avail_in = _edata_loc - __data_loc;  /* upper bound */
	strm->next_out = _sdata;
	strm->avail_out = _edata_loc - __data_loc;
	zlib_inflateInit2(strm, -MAX_WBITS);
	WS(strm)->inflate_state.wsize = 0;
	WS(strm)->inflate_state.window = NULL;

Reported by Cppcheck.

Subtracting pointers that point to different objects
Error

Line: 51 CWE codes: 570 

              	strm->next_in = in;
	strm->avail_in = _edata_loc - __data_loc;  /* upper bound */
	strm->next_out = _sdata;
	strm->avail_out = _edata_loc - __data_loc;
	zlib_inflateInit2(strm, -MAX_WBITS);
	WS(strm)->inflate_state.wsize = 0;
	WS(strm)->inflate_state.window = NULL;
	rc = zlib_inflate(strm, Z_FINISH);
	if (rc == Z_OK || rc == Z_STREAM_END)

Reported by Cppcheck.

arch/arm/kernel/kgdb.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 57 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return NULL;

	if (dbg_reg_def[regno].offset != -1)
		memcpy(mem, (void *)regs + dbg_reg_def[regno].offset,
		       dbg_reg_def[regno].size);
	else
		memset(mem, 0, dbg_reg_def[regno].size);
	return dbg_reg_def[regno].name;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 70 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return -EINVAL;

	if (dbg_reg_def[regno].offset != -1)
		memcpy((void *)regs + dbg_reg_def[regno].offset, mem,
		       dbg_reg_def[regno].size);
	return 0;
}

void

Reported by FlawFinder.

arch/arm/kernel/vdso.c
2 issues
Subtracting pointers that point to different objects
Error

Line: 192 CWE codes: 570 

              		return -ENOEXEC;
	}

	text_pages = (vdso_end - vdso_start) >> PAGE_SHIFT;

	/* Allocate the VDSO text pagelist */
	vdso_text_pagelist = kcalloc(text_pages, sizeof(struct page *),
				     GFP_KERNEL);
	if (vdso_text_pagelist == NULL)

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 134 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned int i;

	for (i = 0; i < (lib->dynsymsize / sizeof(Elf32_Sym)); i++) {
		char name[MAX_SYMNAME], *c;

		if (lib->dynsym[i].st_name == 0)
			continue;
		strlcpy(name, lib->dynstr + lib->dynsym[i].st_name,
			MAX_SYMNAME);

Reported by FlawFinder.

arch/arm/lib/uaccess_with_memcpy.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 96 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	int atomic;

	if (uaccess_kernel()) {
		memcpy((void *)to, from, n);
		return 0;
	}

	/* the mmap semaphore is taken only if not in an atomic context */
	atomic = faulthandler_disabled();

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 124 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			tocopy = n;

		ua_flags = uaccess_save_and_enable();
		memcpy((void *)to, from, tocopy);
		uaccess_restore(ua_flags);
		to += tocopy;
		from += tocopy;
		n -= tocopy;

Reported by FlawFinder.

arch/arm/mach-davinci/board-mityomapl138.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 52 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u32	fpga_type;
	u32	spare;
	u32	serialnumber;
	char	partnum[32];
};

static struct factory_config factory_config;

#ifdef CONFIG_CPU_FREQ

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 107 Column: 9 CWE codes: 126 

              		 * for a match.
		 */
		if (!strncmp(partnum, mityomapl138_pn_info[i].part_no,
			     strlen(mityomapl138_pn_info[i].part_no))) {
			da850_max_speed = mityomapl138_pn_info[i].max_freq;
			break;
		}
	}

Reported by FlawFinder.