The following issues were found

drivers/infiniband/core/uverbs_std_types_device.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 407 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (IS_ERR(gid_attr))
		return PTR_ERR(gid_attr);

	memcpy(&entry.gid, &gid_attr->gid, sizeof(gid_attr->gid));
	entry.gid_index = gid_attr->index;
	entry.port_num = gid_attr->port_num;
	entry.gid_type = gid_attr->gid_type;

	rcu_read_lock();

Reported by FlawFinder.

drivers/isdn/hardware/mISDN/mISDNinfineon.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 96 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct list_head	list;
	struct pci_dev		*pdev;
	const struct inf_cinfo	*ci;
	char			name[MISDN_MAX_IDLEN];
	u32			irq;
	u32			irqcnt;
	struct _iohandle	cfg;
	struct _iohandle	addr;
	struct _ioaddr		isac;

Reported by FlawFinder.

drivers/gpu/host1x/debug.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 18 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct output {
	void (*fn)(void *ctx, const char *str, size_t len, bool cont);
	void *ctx;
	char buf[256];
};

static inline void write_to_seqfile(void *ctx, const char *str, size_t len,
				    bool cont)
{

Reported by FlawFinder.

drivers/gpu/drm/xlnx/zynqmp_dp.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 472 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned int i;

	for (i = 0; i < ZYNQMP_DP_MAX_LANES; i++) {
		char phy_name[16];
		struct phy *phy;

		snprintf(phy_name, sizeof(phy_name), "dp-phy%d", i);
		phy = devm_phy_get(dp->dev, phy_name);

Reported by FlawFinder.

drivers/infiniband/hw/bnxt_re/main.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 726 Column: 3 CWE codes: 126 

              	/* ib device init */
	ibdev->node_type = RDMA_NODE_IB_CA;
	strlcpy(ibdev->node_desc, BNXT_RE_DESC " HCA",
		strlen(BNXT_RE_DESC) + 5);
	ibdev->phys_port_cnt = 1;

	bnxt_qplib_get_guid(rdev->netdev->dev_addr, (u8 *)&ibdev->node_guid);

	ibdev->num_comp_vectors	= rdev->num_msix - 1;

Reported by FlawFinder.

drivers/gpu/drm/xlnx/zynqmp_disp.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1321 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	for (i = 0; i < layer->info->num_channels; i++) {
		struct zynqmp_disp_layer_dma *dma = &layer->dmas[i];
		char dma_channel_name[16];

		snprintf(dma_channel_name, sizeof(dma_channel_name),
			 "%s%u", dma_names[layer->id], i);
		dma->chan = dma_request_chan(disp->dev, dma_channel_name);
		if (IS_ERR(dma->chan)) {

Reported by FlawFinder.

drivers/gpu/drm/gma500/intel_gmbus.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 387 Column: 15 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               */
int gma_intel_setup_gmbus(struct drm_device *dev)
{
	static const char *names[GMBUS_NUM_PORTS] = {
		"disabled",
		"ssc",
		"vga",
		"panel",
		"dpc",

Reported by FlawFinder.

drivers/isdn/hardware/mISDN/mISDNisar.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 798 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              		rim = 1;
		break;
	}
	sprintf(ch->conmsg, "%s %s", dmril[ril], dmrim[rim]);
	pr_debug("%s: pump strsp %s\n", ch->is->name, ch->conmsg);
}

static void
isar_pump_statev_modem(struct isar_ch *ch, u8 devt) {

Reported by FlawFinder.

drivers/infiniband/hw/bnxt_re/qplib_res.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 580 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	u8 mac[ETH_ALEN];

	/* MAC-48 to EUI-64 mapping */
	memcpy(mac, dev_addr, ETH_ALEN);
	guid[0] = mac[0] ^ 2;
	guid[1] = mac[1];
	guid[2] = mac[2];
	guid[3] = 0xff;
	guid[4] = 0xfe;

Reported by FlawFinder.

drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1037 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* Downcast of flags when sending back to user space */
	rep->flags = (uint32_t)srf->metadata.flags;
	rep->format = srf->metadata.format;
	memcpy(rep->mip_levels, srf->metadata.mip_levels,
	       sizeof(srf->metadata.mip_levels));
	user_sizes = (struct drm_vmw_size __user *)(unsigned long)
	    rep->size_addr;

	if (user_sizes)

Reported by FlawFinder.