The following issues were found

drivers/iommu/msm_iommu_hw-8xxx.h
1 issues
failed to expand 'SET_RPUE', Invalid ## usage when expanding 'SET_GLOBAL_FIELD'.
Error

Line: 28 

              #define GET_CONTEXT_FIELD(b, c, r, F)	\
	GET_FIELD(((b) + (r) + ((c) << CTX_SHIFT)), F##_MASK, F##_SHIFT)

#define SET_GLOBAL_FIELD(b, r, F, v) \
	SET_FIELD(((b) + (r)), F##_MASK, F##_SHIFT, (v))
#define SET_CONTEXT_FIELD(b, c, r, F, v)	\
	SET_FIELD(((b) + (r) + ((c) << CTX_SHIFT)), F##_MASK, F##_SHIFT, (v))

#define GET_FIELD(addr, mask, shift)  ((readl(addr) >> (shift)) & (mask))

Reported by Cppcheck.

drivers/iio/afe/iio-rescale.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 359 Column: 37 CWE codes: 120 20 

              			struct iio_chan_spec_ext_info *ext_info =
				&rescale->ext_info[i];

			if (source->channel->ext_info[i].read)
				ext_info->read = rescale_read_ext_info;
			if (source->channel->ext_info[i].write)
				ext_info->write = rescale_write_ext_info;
			ext_info->private = i;
		}

Reported by FlawFinder.

drivers/iommu/mtk_iommu.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 60 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	unsigned int				iova_region_nr;
	const struct mtk_iommu_iova_region	*iova_region;
	unsigned char       larbid_remap[MTK_LARB_COM_MAX][MTK_LARB_SUBCOM_MAX];
};

struct mtk_iommu_domain;

struct mtk_iommu_data {

Reported by FlawFinder.

drivers/iio/buffer/industrialio-buffer-dmaengine.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 139 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	struct dmaengine_buffer *dmaengine_buffer =
		iio_buffer_to_dmaengine_buffer(buffer);

	return sprintf(buf, "%zu\n", dmaengine_buffer->align);
}

static IIO_DEVICE_ATTR(length_align_bytes, 0444,
		       iio_dmaengine_buffer_get_length_align, NULL, 0);

Reported by FlawFinder.

drivers/iio/chemical/atlas-ezo-sensor.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 108 Column: 24 CWE codes: 126 

              	if (!ptr)
		return;

	memmove(ptr, ptr + 1, strlen(ptr));
}

static int atlas_ezo_read_raw(struct iio_dev *indio_dev,
			  struct iio_chan_spec const *chan,
			  int *val, int *val2, long mask)

Reported by FlawFinder.

drivers/iio/chemical/bme680_spi.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 71 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	int ret;
	u8 buf[2];

	memcpy(buf, data, 2);

	ret = bme680_regmap_spi_select_page(ctx, buf[0]);
	if (ret)
		return ret;

Reported by FlawFinder.

drivers/iio/chemical/pms7003.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 243 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	num = min(size, (size_t)(frame->expected_length - frame->length));
	memcpy(frame->data + frame->length, buf, num);
	frame->length += num;

	if (frame->length == frame->expected_length) {
		if (pms7003_frame_is_okay(frame))
			complete(&state->frame_ready);

Reported by FlawFinder.

drivers/hwmon/w83l785ts.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 117 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              {
	struct sensor_device_attribute *attr = to_sensor_dev_attr(devattr);
	struct w83l785ts_data *data = w83l785ts_update_device(dev);
	return sprintf(buf, "%d\n", TEMP_FROM_REG(data->temp[attr->index]));
}

static SENSOR_DEVICE_ATTR(temp1_input, S_IRUGO, show_temp, NULL, 0);
static SENSOR_DEVICE_ATTR(temp1_max, S_IRUGO, show_temp, NULL, 1);

Reported by FlawFinder.

drivers/iio/chemical/scd30_i2c.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 69 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int scd30_i2c_command(struct scd30_state *state, enum scd30_cmd cmd, u16 arg,
			     void *response, int size)
{
	char buf[SCD30_I2C_MAX_BUF_SIZE];
	char *rsp = response;
	int i, ret;
	char crc;

	put_unaligned_be16(scd30_i2c_cmd_lookup_tbl[cmd], buf);

Reported by FlawFinder.

drivers/hwmon/tmp513.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 679 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	ret = device_property_read_u32_array(dev, "ti,nfactor", nfactor,
					    (data->id == tmp513) ? 3 : 2);
	if (ret >= 0)
		memcpy(data->nfactor, nfactor, (data->id == tmp513) ? 3 : 2);

	// Check if shunt value is compatible with pga-gain
	if (data->shunt_uohms > data->pga_gain * 40 * 1000 * 1000) {
		dev_err(dev, "shunt-resistor: %u too big for pga_gain: %u\n",
			data->shunt_uohms, data->pga_gain);

Reported by FlawFinder.