The following issues were found
arch/m68k/sun3/prom/console.c
2 issues
Line: 70
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned long flags;
int st_p;
char propb[64];
char *p;
switch(prom_vers) {
case PROM_V0:
case PROM_V2:
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned long flags;
int st_p;
char propb[64];
char *p;
int propl;
switch(prom_vers) {
case PROM_V0:
Reported by FlawFinder.
arch/microblaze/include/asm/page.h
2 issues
Line: 53
Column: 32
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
typedef unsigned long pte_basic_t;
#define PTE_FMT "%.8lx"
# define copy_page(to, from) memcpy((to), (from), PAGE_SIZE)
# define clear_page(pgaddr) memset((pgaddr), 0, PAGE_SIZE)
# define clear_user_page(pgaddr, vaddr, page) memset((pgaddr), 0, PAGE_SIZE)
# define copy_user_page(vto, vfrom, vaddr, topg) \
memcpy((vto), (vfrom), PAGE_SIZE)
Reported by FlawFinder.
Line: 58
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
# define clear_user_page(pgaddr, vaddr, page) memset((pgaddr), 0, PAGE_SIZE)
# define copy_user_page(vto, vfrom, vaddr, topg) \
memcpy((vto), (vfrom), PAGE_SIZE)
/*
* These are used to make use of C type-checking..
*/
typedef struct page *pgtable_t;
Reported by FlawFinder.
arch/microblaze/kernel/cpu/mb.c
2 issues
Line: 37
Column: 19
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Denormalised to get the fpga family string */
for (i = 0; family_string_lookup[i].s != NULL; i++) {
if (cpuinfo.fpga_family_code == family_string_lookup[i].k) {
fpga_family = (char *)family_string_lookup[i].s;
break;
}
}
/* Denormalised to get the hw version string */
Reported by FlawFinder.
Line: 45
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Denormalised to get the hw version string */
for (i = 0; cpu_ver_lookup[i].s != NULL; i++) {
if (cpuinfo.ver_code == cpu_ver_lookup[i].k) {
cpu_ver = (char *)cpu_ver_lookup[i].s;
break;
}
}
seq_printf(m,
Reported by FlawFinder.
arch/microblaze/lib/memmove.c
2 issues
Line: 45
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Use memcpy when source is higher than dest */
if (v_dst <= v_src)
return memcpy(v_dst, v_src, c);
/* copy backwards, from end to beginning */
src += c;
dst += c;
Reported by FlawFinder.
Line: 70
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Use memcpy when source is higher than dest */
if (v_dst <= v_src)
return memcpy(v_dst, v_src, c);
/* The following code tries to optimize the copy by using unsigned
* alignment. This will work fine if both source and destination are
* aligned on the same boundary. However, if they are aligned on
* different boundaries shifts will be necessary. This might result in
Reported by FlawFinder.
arch/mips/alchemy/common/dbdma.c
2 issues
Line: 226
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
p = find_dbdev_id(~0);
if (NULL != p) {
memcpy(p, dev, sizeof(dbdev_tab_t));
p->dev_id = DSCR_DEV2CUSTOM_ID(new_id, dev->dev_id);
ret = p->dev_id;
new_id++;
#if 0
printk(KERN_DEBUG "add_device: id:%x flags:%x padd:%x\n",
Reported by FlawFinder.
Line: 1057
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dbdev_tab)
return -ENOMEM;
memcpy(dbdev_tab, idtable, 32 * sizeof(dbdev_tab_t));
for (ret = 32; ret < DBDEV_TAB_SIZE; ret++)
dbdev_tab[ret].dev_id = ~0;
dbdma_gptr->ddma_config = 0;
dbdma_gptr->ddma_throttle = 0;
Reported by FlawFinder.
arch/mips/alchemy/common/prom.c
2 issues
Line: 67
Column: 10
CWE codes:
126
*/
char **env = prom_envp;
int i = strlen(envname);
int yamon = (*env && strchr(*env, '=') == NULL);
while (*env) {
if (yamon) {
if (strcmp(envname, *env++) == 0)
Reported by FlawFinder.
Line: 139
Column: 18
CWE codes:
126
if (!ethaddr_str)
return -1;
ethaddr_str += strlen("ethaddr=");
}
str2eaddr(ethernet_addr, ethaddr_str);
return 0;
Reported by FlawFinder.
arch/mips/bcm47xx/prom.c
2 issues
Line: 48
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
__init void bcm47xx_set_system_type(u16 chip_id)
{
snprintf(bcm47xx_system_type, sizeof(bcm47xx_system_type),
(chip_id > 0x9999) ? "Broadcom BCM%d" :
"Broadcom BCM%04X",
chip_id);
}
Reported by FlawFinder.
Line: 39
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include <bcm47xx.h>
#include <bcm47xx_board.h>
static char bcm47xx_system_type[20] = "Broadcom BCM47XX";
const char *get_system_type(void)
{
return bcm47xx_system_type;
}
Reported by FlawFinder.
arch/mips/bcm63xx/dev-enet.c
2 issues
Line: 247
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* copy given platform data */
dpd = pdev->dev.platform_data;
memcpy(dpd, pd, sizeof(*pd));
/* adjust them in case internal phy is used */
if (dpd->use_internal_phy) {
/* internal phy only exists for enet0 */
Reported by FlawFinder.
Line: 310
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!enetsw_res[2].start)
enetsw_res[2].start = -1;
memcpy(bcm63xx_enetsw_device.dev.platform_data, pd, sizeof(*pd));
if (BCMCPU_IS_6328())
enetsw_pd.num_ports = ENETSW_PORTS_6328;
else if (BCMCPU_IS_6362() || BCMCPU_IS_6368())
enetsw_pd.num_ports = ENETSW_PORTS_6368;
Reported by FlawFinder.
arch/mips/crypto/chacha-glue.c
2 issues
Line: 75
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
hchacha_block(state, subctx.key, ctx->nrounds);
subctx.nrounds = ctx->nrounds;
memcpy(&real_iv[0], req->iv + 24, 8);
memcpy(&real_iv[8], req->iv + 16, 8);
return chacha_mips_stream_xor(req, &subctx, real_iv);
}
static struct skcipher_alg algs[] = {
Reported by FlawFinder.
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
subctx.nrounds = ctx->nrounds;
memcpy(&real_iv[0], req->iv + 24, 8);
memcpy(&real_iv[8], req->iv + 16, 8);
return chacha_mips_stream_xor(req, &subctx, real_iv);
}
static struct skcipher_alg algs[] = {
{
Reported by FlawFinder.
arch/mips/dec/prom/cmdline.c
2 issues
Line: 32
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
start_arg = 2;
for (i = start_arg; i < argc; i++) {
arg = (void *)(long)(argv[i]);
strcat(arcs_cmdline, arg);
if (i < (argc - 1))
strcat(arcs_cmdline, " ");
}
#ifdef PROM_DEBUG
Reported by FlawFinder.
Line: 34
Column: 4
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
arg = (void *)(long)(argv[i]);
strcat(arcs_cmdline, arg);
if (i < (argc - 1))
strcat(arcs_cmdline, " ");
}
#ifdef PROM_DEBUG
printk("arcs_cmdline: %s\n", &(arcs_cmdline[0]));
#endif
Reported by FlawFinder.