The following issues were found

drivers/of/address.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 449 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		pr_debug("not found !\n");
		return 1;
	}
	memcpy(addr, ranges + na, 4 * pna);

 finish:
	of_dump_addr("parent translation for:", addr, pna);
	pr_debug("with offset: %llx\n", offset);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 502 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		pr_debug("Bad cell count for %pOF\n", dev);
		goto bail;
	}
	memcpy(addr, in_addr, na * 4);

	pr_debug("bus is %s (na=%d, ns=%d) on %pOF\n",
	    bus->name, na, ns, parent);
	of_dump_addr("translating address:", addr, na);

Reported by FlawFinder.

drivers/of/device.c
2 issues
Possible null pointer dereference: str
Error

Line: 210 CWE codes: 476 

              
	/* Name & Type */
	/* %p eats all alphanum characters, so %c must be used here */
	csize = snprintf(str, len, "of:N%pOFn%c%s", dev->of_node, 'T',
			 of_node_get_device_type(dev->of_node));
	tsize = csize;
	len -= csize;
	if (str)
		str += csize;

Reported by Cppcheck.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 218 Column: 11 CWE codes: 126 

              		str += csize;

	of_property_for_each_string(dev->of_node, "compatible", p, compat) {
		csize = strlen(compat) + 1;
		tsize += csize;
		if (csize > len)
			continue;

		csize = snprintf(str, len, "C%s", compat);

Reported by FlawFinder.

drivers/of/fdt_address.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 143 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		pr_debug("not found !\n");
		return 1;
	}
	memcpy(addr, ranges + na, 4 * pna);

 finish:
	of_dump_addr("parent translation for:", addr, pna);
	pr_debug("with offset: %llx\n", offset);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 195 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		       fdt_get_name(blob, node_offset, NULL));
		goto bail;
	}
	memcpy(addr, reg, na * 4);

	pr_debug("bus (na=%d, ns=%d) on %s\n",
		 na, ns, fdt_get_name(blob, parent, NULL));
	of_dump_addr("translating address:", addr, na);

Reported by FlawFinder.

drivers/of/of_net.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 54 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	struct property *pp = of_find_property(np, name, NULL);

	if (pp && pp->length == ETH_ALEN && is_valid_ether_addr(pp->value)) {
		memcpy(addr, pp->value, ETH_ALEN);
		return 0;
	}
	return -ENODEV;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 92 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return -EINVAL;
	}

	memcpy(addr, mac, ETH_ALEN);
	kfree(mac);

	return 0;
}

Reported by FlawFinder.

drivers/opp/core.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 850 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	 */
	if (opp_table->sod_supplies) {
		size = sizeof(*old_opp->supplies) * opp_table->regulator_count;
		memcpy(data->old_opp.supplies, old_opp->supplies, size);
		memcpy(data->new_opp.supplies, opp->supplies, size);
		data->regulator_count = opp_table->regulator_count;
	} else {
		data->regulator_count = 0;
	}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 851 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (opp_table->sod_supplies) {
		size = sizeof(*old_opp->supplies) * opp_table->regulator_count;
		memcpy(data->old_opp.supplies, old_opp->supplies, size);
		memcpy(data->new_opp.supplies, opp->supplies, size);
		data->regulator_count = opp_table->regulator_count;
	} else {
		data->regulator_count = 0;
	}

Reported by FlawFinder.

drivers/pci/access.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 44 Column: 18 CWE codes: 120 20 

              	u32 data = 0;							\
	if (PCI_##size##_BAD) return PCIBIOS_BAD_REGISTER_NUMBER;	\
	pci_lock_config(flags);						\
	res = bus->ops->read(bus, devfn, pos, len, &data);		\
	*value = (type)data;						\
	pci_unlock_config(flags);					\
	return res;							\
}

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 228 Column: 23 CWE codes: 120 20 

              	raw_spin_lock_irq(&pci_lock);				\
	if (unlikely(dev->block_cfg_access))				\
		pci_wait_cfg(dev);					\
	ret = dev->bus->ops->read(dev->bus, dev->devfn,			\
					pos, sizeof(type), &data);	\
	raw_spin_unlock_irq(&pci_lock);				\
	*val = (type)data;						\
	return pcibios_err_to_errno(ret);				\
}									\

Reported by FlawFinder.

drivers/pci/controller/pcie-rcar-ep.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 97 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              					   struct platform_device *pdev)
{
	struct rcar_pcie *pcie = &ep->pcie;
	char outbound_name[10];
	struct resource *res;
	unsigned int i = 0;

	ep->num_ob_windows = 0;
	for (i = 0; i < RCAR_PCI_MAX_RESOURCES; i++) {

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 103 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
	ep->num_ob_windows = 0;
	for (i = 0; i < RCAR_PCI_MAX_RESOURCES; i++) {
		sprintf(outbound_name, "memory%u", i);
		res = platform_get_resource_byname(pdev,
						   IORESOURCE_MEM,
						   outbound_name);
		if (!res) {
			dev_err(pcie->dev, "missing outbound window %u\n", i);

Reported by FlawFinder.

drivers/pci/endpoint/functions/pci-epf-ntb.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 1921 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	struct config_group *group = to_config_group(item);		\
	struct epf_ntb *ntb = to_epf_ntb(group);			\
									\
	return sprintf(page, "%d\n", ntb->_name);			\
}

#define EPF_NTB_W(_name)						\
static ssize_t epf_ntb_##_name##_store(struct config_item *item,	\
				       const char *page, size_t len)	\

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 1952 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              									\
	sscanf(#_name, "mw%d", &win_no);				\
									\
	return sprintf(page, "%lld\n", ntb->mws_size[win_no - 1]);	\
}

#define EPF_NTB_MW_W(_name)						\
static ssize_t epf_ntb_##_name##_store(struct config_item *item,	\
				       const char *page, size_t len)	\

Reported by FlawFinder.

drivers/pci/hotplug/cpqphp.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 75 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };

struct smbios_entry_point {
	char anchor[4];
	u8 ep_checksum;
	u8 ep_length;
	u8 major_version;
	u8 minor_version;
	u16 max_size_entry;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 83 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u16 max_size_entry;
	u8 ep_rev;
	u8 reserved[5];
	char int_anchor[5];
	u8 int_checksum;
	u16 st_length;
	u32 st_address;
	u16 number_of_entrys;
	u8 bcd_rev;

Reported by FlawFinder.

drivers/pci/hotplug/ibmphp_hpc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 832 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			list_for_each_entry(pslot, &ibmphp_slot_head,
					    ibm_slot_list) {
				// make a copy of the old status
				memcpy((void *) &myslot, (void *) pslot,
					sizeof(struct slot));
				rc = ibmphp_hpc_readslot(pslot, READ_ALLSTAT, NULL);
				if ((myslot.status != pslot->status)
				    || (myslot.ext_status != pslot->ext_status))
					process_changeinstatus(pslot, &myslot);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1000 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if ((mask & old) != (mask & new)) {
			pslot = ibmphp_get_slot_from_physical_num(i);
			if (pslot) {
				memcpy((void *) &myslot, (void *) pslot, sizeof(struct slot));
				rc = ibmphp_hpc_readslot(pslot, READ_ALLSTAT, NULL);
				debug("%s - call process_changeinstatus for slot[%d]\n", __func__, i);
				process_changeinstatus(pslot, &myslot);
			} else {
				rc = -EINVAL;

Reported by FlawFinder.