The following issues were found
arch/mips/sgi-ip22/ip22-gio.c
2 issues
Line: 181
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct gio_device *giodev;
giodev = to_gio_device(dev);
return sprintf(buf, "%s", giodev->name);
}
static DEVICE_ATTR_RO(name);
static ssize_t id_show(struct device *dev,
struct device_attribute *attr, char *buf)
Reported by FlawFinder.
Line: 191
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct gio_device *giodev;
giodev = to_gio_device(dev);
return sprintf(buf, "%x", giodev->id.id);
}
static DEVICE_ATTR_RO(id);
static struct attribute *gio_dev_attrs[] = {
&dev_attr_modalias.attr,
Reported by FlawFinder.
arch/mips/sgi-ip22/ip22-setup.c
2 issues
Line: 70
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
static char options[8] __initdata;
char *baud = ArcGetEnvironmentVariable("dbaud");
if (baud)
strcpy(options, baud);
add_preferred_console("ttyS", *(ctype + 1) == '2' ? 1 : 0,
baud ? options : NULL);
} else if (!ctype || *ctype != 'g') {
/* Use ARC if we don't want serial ('d') or graphics ('g'). */
prom_flags |= PROM_FLAG_USE_AS_CONSOLE;
Reported by FlawFinder.
Line: 67
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
cserial = ArcGetEnvironmentVariable("ConsoleOut");
if ((ctype && *ctype == 'd') || (cserial && *cserial == 's')) {
static char options[8] __initdata;
char *baud = ArcGetEnvironmentVariable("dbaud");
if (baud)
strcpy(options, baud);
add_preferred_console("ttyS", *(ctype + 1) == '2' ? 1 : 0,
baud ? options : NULL);
Reported by FlawFinder.
arch/mips/txx9/generic/7segled.c
2 issues
Line: 65
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct device_attribute *attr,
char *buf)
{
memcpy(buf, &txx9_seg7map, sizeof(txx9_seg7map));
return sizeof(txx9_seg7map);
}
static ssize_t map_seg7_store(struct device *dev,
struct device_attribute *attr,
Reported by FlawFinder.
Line: 75
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (size != sizeof(txx9_seg7map))
return -EINVAL;
memcpy(&txx9_seg7map, buf, size);
return size;
}
static DEVICE_ATTR(map_seg7, 0600, map_seg7_show, map_seg7_store);
Reported by FlawFinder.
arch/mips/txx9/generic/setup_tx4927.c
2 issues
Line: 311
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __init tx4927_stop_unused_modules(void)
{
__u64 pcfg, rst = 0, ckd = 0;
char buf[128];
buf[0] = '\0';
local_irq_disable();
pcfg = ____raw_readq(&tx4927_ccfgptr->pcfg);
if (!(pcfg & TX4927_PCFG_SEL2)) {
Reported by FlawFinder.
Line: 319
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (!(pcfg & TX4927_PCFG_SEL2)) {
rst |= TX4927_CLKCTR_ACLRST;
ckd |= TX4927_CLKCTR_ACLCKD;
strcat(buf, " ACLC");
}
if (rst | ckd) {
txx9_set64(&tx4927_ccfgptr->clkctr, rst);
txx9_set64(&tx4927_ccfgptr->clkctr, ckd);
}
Reported by FlawFinder.
arch/mips/vr41xx/common/icu.c
2 issues
Line: 34
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void __iomem *icu1_base;
static void __iomem *icu2_base;
static unsigned char sysint1_assign[16] = {
0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
static unsigned char sysint2_assign[16] = {
2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
#define ICU1_TYPE1_BASE 0x0b000080UL
Reported by FlawFinder.
Line: 36
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static unsigned char sysint1_assign[16] = {
0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
static unsigned char sysint2_assign[16] = {
2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
#define ICU1_TYPE1_BASE 0x0b000080UL
#define ICU2_TYPE1_BASE 0x0b000200UL
Reported by FlawFinder.
arch/nds32/include/asm/syscall.h
2 issues
Line: 132
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
args[0] = regs->orig_r0;
args++;
memcpy(args, ®s->uregs[0] + 1, 5 * sizeof(args[0]));
}
/**
* syscall_set_arguments - change system call parameter value
* @task: task of interest, must be in system call entry tracing
Reported by FlawFinder.
Line: 154
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
regs->orig_r0 = args[0];
args++;
memcpy(®s->uregs[0] + 1, args, 5 * sizeof(args[0]));
}
static inline int
syscall_get_arch(struct task_struct *task)
{
Reported by FlawFinder.
arch/nds32/mm/cacheflush.c
2 issues
Line: 273
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
local_irq_save(flags);
vto = kremap0(vaddr, page_to_phys(page));
dst = (void *)(vto | (vaddr & (PAGE_SIZE - 1)));
memcpy(dst, src, len);
if (vma->vm_flags & VM_EXEC) {
line_size = L1_cache_info[DCACHE].line_size;
start = (unsigned long)dst & ~(line_size - 1);
end =
((unsigned long)dst + len + line_size - 1) & ~(line_size -
Reported by FlawFinder.
Line: 294
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
local_irq_save(flags);
vto = kremap0(vaddr, page_to_phys(page));
src = (void *)(vto | (vaddr & (PAGE_SIZE - 1)));
memcpy(dst, src, len);
kunmap01(vto);
local_irq_restore(flags);
}
void flush_anon_page(struct vm_area_struct *vma,
Reported by FlawFinder.
arch/nios2/kernel/kgdb.c
2 issues
Line: 77
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
if (dbg_reg_def[regno].offset != -1)
memcpy(mem, (void *)regs + dbg_reg_def[regno].offset,
dbg_reg_def[regno].size);
else
memset(mem, 0, dbg_reg_def[regno].size);
return dbg_reg_def[regno].name;
Reported by FlawFinder.
Line: 91
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EINVAL;
if (dbg_reg_def[regno].offset != -1)
memcpy((void *)regs + dbg_reg_def[regno].offset, mem,
dbg_reg_def[regno].size);
return 0;
}
Reported by FlawFinder.
arch/nios2/kernel/setup.c
2 issues
Line: 131
CWE codes:
908
early_init_devtree((void *)dtb_passed);
#ifndef CONFIG_CMDLINE_FORCE
if (cmdline_passed[0])
strlcpy(boot_command_line, cmdline_passed, COMMAND_LINE_SIZE);
#ifdef CONFIG_NIOS2_CMDLINE_IGNORE_DTB
else
strlcpy(boot_command_line, CONFIG_CMDLINE, COMMAND_LINE_SIZE);
#endif
Reported by Cppcheck.
Line: 111
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned r7)
{
unsigned dtb_passed = 0;
char cmdline_passed[COMMAND_LINE_SIZE] __maybe_unused = { 0, };
#if defined(CONFIG_NIOS2_PASS_CMDLINE)
if (r4 == 0x534f494e) { /* r4 is magic NIOS */
#if defined(CONFIG_BLK_DEV_INITRD)
if (r5) { /* initramfs */
Reported by FlawFinder.
arch/nios2/mm/cacheflush.c
2 issues
Line: 258
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *dst, void *src, int len)
{
flush_cache_page(vma, user_vaddr, page_to_pfn(page));
memcpy(dst, src, len);
__flush_dcache((unsigned long)src, (unsigned long)src + len);
if (vma->vm_flags & VM_EXEC)
__flush_icache((unsigned long)src, (unsigned long)src + len);
}
Reported by FlawFinder.
Line: 269
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *dst, void *src, int len)
{
flush_cache_page(vma, user_vaddr, page_to_pfn(page));
memcpy(dst, src, len);
__flush_dcache((unsigned long)dst, (unsigned long)dst + len);
if (vma->vm_flags & VM_EXEC)
__flush_icache((unsigned long)dst, (unsigned long)dst + len);
}
Reported by FlawFinder.