The following issues were found
arch/arm/mach-lpc32xx/pm.c
2 issues
Line: 98
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* needs to run from IRAM as DRAM may no longer be available
* when the PLL is stopped.
*/
memcpy((void *) TEMP_IRAM_AREA, &lpc32xx_sys_suspend,
lpc32xx_sys_suspend_sz);
flush_icache_range((unsigned long)TEMP_IRAM_AREA,
(unsigned long)(TEMP_IRAM_AREA) + lpc32xx_sys_suspend_sz);
/* Transfer to suspend code in IRAM */
Reported by FlawFinder.
Line: 109
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(void) lpc32xx_suspend_ptr();
/* Restore original IRAM contents */
memcpy((void *) TEMP_IRAM_AREA, iram_swap_area,
lpc32xx_sys_suspend_sz);
kfree(iram_swap_area);
return 0;
Reported by FlawFinder.
arch/arm/mach-mvebu/pmsu.c
2 issues
Line: 133
CWE codes:
570
phys_addr_t resume_addr_reg)
{
void __iomem *sram_virt_base;
u32 code_len = mvebu_boot_wa_end - mvebu_boot_wa_start;
mvebu_mbus_del_window(BOOTROM_BASE, BOOTROM_SIZE);
mvebu_mbus_add_window_by_id(crypto_eng_target, crypto_eng_attribute,
SRAM_PHYS_BASE, SZ_64K);
Reported by Cppcheck.
Line: 145
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(sram_virt_base, &mvebu_boot_wa_start, code_len);
/*
* The last word of the code copied in SRAM must contain the
* physical base address of the PMSU register. We
* intentionally store this address in the native endianness
Reported by FlawFinder.
arch/arm/mach-omap1/ams-delta-fiq.c
2 issues
Line: 134
CWE codes:
570
goto out_gpio;
fiqhandler_start = &qwerty_fiqin_start;
fiqhandler_length = &qwerty_fiqin_end - &qwerty_fiqin_start;
pr_info("Installing fiq handler from %p, length 0x%x\n",
fiqhandler_start, fiqhandler_length);
retval = claim_fiq(&fh);
if (retval) {
Reported by Cppcheck.
Line: 46
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct irq_data *irq_data[16];
static unsigned int irq_counter[16];
static const char *pin_name[16] __initconst = {
[AMS_DELTA_GPIO_PIN_KEYBRD_DATA] = "keybrd_data",
[AMS_DELTA_GPIO_PIN_KEYBRD_CLK] = "keybrd_clk",
};
static irqreturn_t deferred_fiq(int irq, void *dev_id)
Reported by FlawFinder.
arch/arm/mach-omap1/board-sx1.c
2 issues
Line: 51
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2c_adapter *adap;
int err;
struct i2c_msg msg[1];
unsigned char data[2];
adap = i2c_get_adapter(0);
if (!adap)
return -ENODEV;
msg->addr = devaddr; /* I2C address of chip */
Reported by FlawFinder.
Line: 75
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct i2c_adapter *adap;
int err;
struct i2c_msg msg[1];
unsigned char data[2];
adap = i2c_get_adapter(0);
if (!adap)
return -ENODEV;
Reported by FlawFinder.
arch/arm/mach-omap2/prminst44xx.c
2 issues
Line: 41
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
void omap_prm_base_init(void)
{
memcpy(&_prm_bases[OMAP4430_PRM_PARTITION], &prm_base,
sizeof(prm_base));
memcpy(&_prm_bases[OMAP4430_PRCM_MPU_PARTITION], &prcm_mpu_base,
sizeof(prcm_mpu_base));
}
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
memcpy(&_prm_bases[OMAP4430_PRM_PARTITION], &prm_base,
sizeof(prm_base));
memcpy(&_prm_bases[OMAP4430_PRCM_MPU_PARTITION], &prcm_mpu_base,
sizeof(prcm_mpu_base));
}
s32 omap4_prmst_get_prm_dev_inst(void)
{
Reported by FlawFinder.
arch/arm/mach-orion5x/ts78xx-setup.c
2 issues
Line: 466
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (ts78xx_fpga.state < 0)
return sprintf(buf, "borked\n");
return sprintf(buf, "%s\n", (ts78xx_fpga.state) ? "online" : "offline");
}
static ssize_t ts78xx_fpga_store(struct kobject *kobj,
struct kobj_attribute *attr, const char *buf, size_t n)
{
Reported by FlawFinder.
Line: 464
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct kobj_attribute *attr, char *buf)
{
if (ts78xx_fpga.state < 0)
return sprintf(buf, "borked\n");
return sprintf(buf, "%s\n", (ts78xx_fpga.state) ? "online" : "offline");
}
static ssize_t ts78xx_fpga_store(struct kobject *kobj,
Reported by FlawFinder.
arch/arm/mach-pxa/am300epd.c
2 issues
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int i;
int err;
char dbname[8];
for (i = 0; i < ARRAY_SIZE(gpios); i++) {
err = gpio_request(gpios[i], gpio_names[i]);
if (err) {
dev_err(&am300_device->dev, "failed requesting "
Reported by FlawFinder.
Line: 124
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* we also need to take care of the hdb bus */
for (i = DB0_GPIO_PIN; i <= DB15_GPIO_PIN; i++) {
sprintf(dbname, "DB%d", i);
err = gpio_request(i, dbname);
if (err) {
dev_err(&am300_device->dev, "failed requesting "
"gpio %d, err=%d\n", i, err);
goto err_req_gpio2;
Reported by FlawFinder.
arch/arm/mach-pxa/sharpsl_pm.c
2 issues
Line: 793
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t battery_percentage_show(struct device *dev, struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", sharpsl_pm.battstat.mainbat_percent);
}
static ssize_t battery_voltage_show(struct device *dev, struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", sharpsl_pm.battstat.mainbat_voltage);
Reported by FlawFinder.
Line: 798
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static ssize_t battery_voltage_show(struct device *dev, struct device_attribute *attr, char *buf)
{
return sprintf(buf, "%d\n", sharpsl_pm.battstat.mainbat_voltage);
}
static DEVICE_ATTR_RO(battery_percentage);
static DEVICE_ATTR_RO(battery_voltage);
Reported by FlawFinder.
arch/arm/mach-rockchip/platsmp.c
2 issues
Line: 168
CWE codes:
570
*/
static int __init rockchip_smp_prepare_sram(struct device_node *node)
{
unsigned int trampoline_sz = &rockchip_secondary_trampoline_end -
&rockchip_secondary_trampoline;
struct resource res;
unsigned int rsize;
int ret;
Reported by Cppcheck.
Line: 192
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rockchip_boot_fn = __pa_symbol(secondary_startup);
/* copy the trampoline to sram, that runs during startup of the core */
memcpy(sram_base_addr, &rockchip_secondary_trampoline, trampoline_sz);
flush_cache_all();
outer_clean_range(0, trampoline_sz);
dsb_sev();
Reported by FlawFinder.
arch/arm/mach-rpc/dma.c
2 issues
Line: 278
CWE codes:
570
if (fdma->dma.dma_mode == DMA_MODE_READ) {
extern unsigned char floppy_fiqin_start, floppy_fiqin_end;
fiqhandler_start = &floppy_fiqin_start;
fiqhandler_length = &floppy_fiqin_end - &floppy_fiqin_start;
} else {
extern unsigned char floppy_fiqout_start, floppy_fiqout_end;
fiqhandler_start = &floppy_fiqout_start;
fiqhandler_length = &floppy_fiqout_end - &floppy_fiqout_start;
}
Reported by Cppcheck.
Line: 282
CWE codes:
570
} else {
extern unsigned char floppy_fiqout_start, floppy_fiqout_end;
fiqhandler_start = &floppy_fiqout_start;
fiqhandler_length = &floppy_fiqout_end - &floppy_fiqout_start;
}
regs.ARM_r9 = fdma->dma.count;
regs.ARM_r10 = (unsigned long)fdma->dma.addr;
regs.ARM_fp = (unsigned long)FLOPPYDMA_BASE;
Reported by Cppcheck.