The following issues were found

arch/ia64/include/asm/string.h
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 19 Column: 14 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              #define __HAVE_ARCH_MEMCPY	1 /* see arch/ia64/lib/memcpy.S */

extern __kernel_size_t strlen (const char *);
extern void *memcpy (void *, const void *, __kernel_size_t);
extern void *memset (void *, int, __kernel_size_t);

#endif /* _ASM_IA64_STRING_H */

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 18 Column: 24 CWE codes: 126 

              #define __HAVE_ARCH_MEMSET	1 /* see arch/ia64/lib/memset.S */
#define __HAVE_ARCH_MEMCPY	1 /* see arch/ia64/lib/memcpy.S */

extern __kernel_size_t strlen (const char *);
extern void *memcpy (void *, const void *, __kernel_size_t);
extern void *memset (void *, int, __kernel_size_t);

#endif /* _ASM_IA64_STRING_H */

Reported by FlawFinder.

arch/ia64/kernel/acpi-ext.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 47 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto exit;
	}

	memcpy(base, vendor->byte_data, sizeof(*base));
	memcpy(length, vendor->byte_data + 8, sizeof(*length));

  exit:
	kfree(buffer.pointer);
	return status;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 48 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	memcpy(base, vendor->byte_data, sizeof(*base));
	memcpy(length, vendor->byte_data + 8, sizeof(*length));

  exit:
	kfree(buffer.pointer);
	return status;
}

Reported by FlawFinder.

arch/ia64/kernel/process.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 374 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}
	stack = ((struct switch_stack *) regs) - 1;
	/* copy parent's switch_stack & pt_regs to child: */
	memcpy(child_stack, stack, sizeof(*child_ptregs) + sizeof(*child_stack));

	/* copy the parent's register backing store to the child: */
	rbs_size = stack->ar_bspstore - rbs;
	memcpy((void *) child_rbs, (void *) rbs, rbs_size);
	if (clone_flags & CLONE_SETTLS)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 378 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	/* copy the parent's register backing store to the child: */
	rbs_size = stack->ar_bspstore - rbs;
	memcpy((void *) child_rbs, (void *) rbs, rbs_size);
	if (clone_flags & CLONE_SETTLS)
		child_ptregs->r13 = tls;
	if (user_stack_base) {
		child_ptregs->r12 = user_stack_base + user_stack_size - 16;
		child_ptregs->ar_bspstore = user_stack_base;

Reported by FlawFinder.

arch/ia64/mm/discontig.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 147 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (node != node_cpuid[cpu].nid)
			continue;

		memcpy(__va(cpu_data), src, __per_cpu_end - __per_cpu_start);
		__per_cpu_offset[cpu] = (char *)__va(cpu_data) -
			__per_cpu_start;

		/*
		 * percpu area for cpu0 is moved from the __init area

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 386 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	for_each_node(node) {
		if (pgdat_list[node]) {
			dst = LOCAL_DATA_ADDR(pgdat_list[node])->pg_data_ptrs;
			memcpy(dst, pgdat_list, sizeof(pgdat_list));
		}
	}
}

/**

Reported by FlawFinder.

arch/m68k/apollo/config.c
2 issues
strcat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 249 Column: 9 CWE codes: 120
Suggestion: Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused) 

              {
    strcpy(model, "Apollo ");
    if (apollo_model >= APOLLO_DN3000 && apollo_model <= APOLLO_DN4500)
        strcat(model, apollo_models[apollo_model - APOLLO_DN3000]);
}

#ifdef CONFIG_HEARTBEAT
static int dn_cpuctrl=0xff00;

Reported by FlawFinder.

strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 247 Column: 5 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              
static void dn_get_model(char *model)
{
    strcpy(model, "Apollo ");
    if (apollo_model >= APOLLO_DN3000 && apollo_model <= APOLLO_DN4500)
        strcat(model, apollo_models[apollo_model - APOLLO_DN3000]);
}

#ifdef CONFIG_HEARTBEAT

Reported by FlawFinder.

arch/m68k/atari/ataints.c
2 issues
Signed integer overflow for expression '1<<i'.
Error

Line: 376 CWE codes: 190 

              	if (i == 16)
		return 0;

	free_vme_vec_bitmap |= 1 << i;
	return VME_SOURCE_BASE + i;
}
EXPORT_SYMBOL(atari_register_vme_int);

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 376 CWE codes: 758 

              	if (i == 16)
		return 0;

	free_vme_vec_bitmap |= 1 << i;
	return VME_SOURCE_BASE + i;
}
EXPORT_SYMBOL(atari_register_vme_int);

Reported by Cppcheck.

arch/m68k/coldfire/m5272.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 92 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
#if defined(CONFIG_NETtel) || defined(CONFIG_SCALES)
	/* Copy command line from FLASH to local buffer... */
	memcpy(commandp, (char *) 0xf0004000, size);
	commandp[size-1] = 0;
#elif defined(CONFIG_CANCam)
	/* Copy command line from FLASH to local buffer... */
	memcpy(commandp, (char *) 0xf0010000, size);
	commandp[size-1] = 0;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 96 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	commandp[size-1] = 0;
#elif defined(CONFIG_CANCam)
	/* Copy command line from FLASH to local buffer... */
	memcpy(commandp, (char *) 0xf0010000, size);
	commandp[size-1] = 0;
#endif

	mach_reset = m5272_cpu_reset;
	mach_sched_init = hw_timer_init;

Reported by FlawFinder.

arch/m68k/coldfire/m53xx.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 217 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              {
#if !defined(CONFIG_BOOTPARAM)
	/* Copy command line from FLASH to local buffer... */
	memcpy(commandp, (char *) 0x4000, 4);
	if(strncmp(commandp, "kcl ", 4) == 0){
		memcpy(commandp, (char *) 0x4004, size);
		commandp[size-1] = 0;
	} else {
		memset(commandp, 0, size);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 219 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* Copy command line from FLASH to local buffer... */
	memcpy(commandp, (char *) 0x4000, 4);
	if(strncmp(commandp, "kcl ", 4) == 0){
		memcpy(commandp, (char *) 0x4004, size);
		commandp[size-1] = 0;
	} else {
		memset(commandp, 0, size);
	}
#endif

Reported by FlawFinder.

arch/m68k/include/asm/bvme6000hw.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 14 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define BVME_PIT_BASE	0xffa00000

typedef struct {
	unsigned char
	pad_a[3], pgcr,
	pad_b[3], psrr,
	pad_c[3], paddr,
	pad_d[3], pbddr,
	pad_e[3], pcddr,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 50 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define BVME_RTC_BASE	0xff900000

typedef struct {
	unsigned char
	pad_a[3], msr,
	pad_b[3], t0cr_rtmr,
	pad_c[3], t1cr_omr,
	pad_d[3], pfr_icr0,
	pad_e[3], irr_icr1,

Reported by FlawFinder.

arch/m68k/include/asm/cacheflush_mm.h
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 268 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				     void *dst, void *src, int len)
{
	flush_cache_page(vma, vaddr, page_to_pfn(page));
	memcpy(dst, src, len);
	flush_icache_user_page(vma, page, vaddr, len);
}
static inline void copy_from_user_page(struct vm_area_struct *vma,
				       struct page *page, unsigned long vaddr,
				       void *dst, void *src, int len)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 276 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				       void *dst, void *src, int len)
{
	flush_cache_page(vma, vaddr, page_to_pfn(page));
	memcpy(dst, src, len);
}

#endif /* _M68K_CACHEFLUSH_H */

Reported by FlawFinder.