The following issues were found

drivers/input/misc/cma3000_d0x.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 21 Column: 8 CWE codes: 120 20 

              struct cma3000_bus_ops {
	u16 bustype;
	u8 ctrl_mod;
	int (*read)(struct device *, u8, char *);
	int (*write)(struct device *, u8, u8, char *);
};

struct cma3000_accl_data *cma3000_init(struct device *dev, int irq,
					const struct cma3000_bus_ops *bops);

Reported by FlawFinder.

drivers/input/misc/da9063_onkey.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 41 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct device *dev;
	struct regmap *regmap;
	const struct da906x_chip_config *config;
	char phys[32];
	bool key_power;
};

static const struct da906x_chip_config da9063_regs = {
	/* REGS */

Reported by FlawFinder.

drivers/gpu/drm/i915/display/intel_opregion.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 845 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct intel_opregion *opregion = &dev_priv->opregion;
	struct pci_dev *pdev = to_pci_dev(dev_priv->drm.dev);
	u32 asls, mboxes;
	char buf[sizeof(OPREGION_SIGNATURE)];
	int err = 0;
	void *base;
	const void *vbt;
	u32 vbt_size;

Reported by FlawFinder.

drivers/input/misc/ideapad_slidebar.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 175 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              				  struct device_attribute *attr,
				  char *buf)
{
	return sprintf(buf, "%x\n", slidebar_mode_get());
}

static ssize_t store_slidebar_mode(struct device *dev,
				   struct device_attribute *attr,
				   const char *buf, size_t count)

Reported by FlawFinder.

drivers/gpu/drm/nouveau/include/nvif/push.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 121 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	u32 _s = (s);                                            \
	PUSH_ASSERT(_p->cur + _s <= _p->seg, "segment overrun"); \
	PUSH_ASSERT(_p->cur + _s <= _p->end, "pushbuf overrun"); \
	memcpy(_p->cur, (d), _s << 2);                           \
	_p->cur += _s;                                           \
} while(0)
#endif

#define PUSH_1(X,f,ds,n,o,p,s,mA,dA) do {                             \

Reported by FlawFinder.

drivers/md/bcache/writeback.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 949 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct sectors_dirty_init op;
	struct cache_set *c = d->c;
	struct bch_dirty_init_state *state;
	char name[32];

	/* Just count root keys if no leaf node */
	if (c->root->level == 0) {
		bch_btree_op_init(&op.op, -1);
		op.inode = d->id;

Reported by FlawFinder.

drivers/gpu/drm/nouveau/include/nvif/if0000.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 9 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	__u8  version;
	__u8  pad01[7];
	__u64 device;
	char  name[32];
};

#define NVIF_CLIENT_V0_DEVLIST                                             0x00

struct nvif_client_devlist_v0 {

Reported by FlawFinder.

drivers/gpu/drm/nouveau/include/nvif/cl0002.h
1 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 17 Column: 8 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              #define NV_DMA_V0_ACCESS_RD                                                0x01
#define NV_DMA_V0_ACCESS_WR                                                0x02
#define NV_DMA_V0_ACCESS_RDWR                 (NV_DMA_V0_ACCESS_RD | NV_DMA_V0_ACCESS_WR)
	__u8  access;
	__u8  pad03[5];
	__u64 start;
	__u64 limit;
	/* ... chipset-specific class data */
};

Reported by FlawFinder.

drivers/input/misc/kxtj9.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 299 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	struct i2c_client *client = to_i2c_client(dev);
	struct kxtj9_data *tj9 = i2c_get_clientdata(client);

	return sprintf(buf, "%d\n", tj9->last_poll_interval);
}

/* Allow users to select a new poll interval (in ms) */
static ssize_t kxtj9_set_poll(struct device *dev, struct device_attribute *attr,
						const char *buf, size_t count)

Reported by FlawFinder.

drivers/gpu/drm/nouveau/include/nvfw/ls.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 12 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u32 image_size;
	u32 tools_version;
	u32 app_version;
	char date[64];
	u32 bootloader_start_offset;
	u32 bootloader_size;
	u32 bootloader_imem_offset;
	u32 bootloader_entry_point;
	u32 app_start_offset;

Reported by FlawFinder.