The following issues were found

drivers/media/usb/gspca/w996Xcf.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 65 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return;

	value = *data++;
	memcpy(sd->gspca_dev.usb_buf, data, 6);

	/* Avoid things going to fast for the bridge with a xhci host */
	udelay(150);
	ret = usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 0,
			      USB_TYPE_VENDOR | USB_DIR_OUT | USB_RECIP_DEVICE,

Reported by FlawFinder.

drivers/media/usb/hdpvr/hdpvr.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 115 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	/* I2C lock */
	struct mutex		i2c_mutex;
	/* I2C message buffer space */
	char			i2c_buf[HDPVR_I2C_MAX_SIZE];

	/* For passing data to ir-kbd-i2c */
	struct IR_i2c_init_data	ir_i2c_init_data;

	/* usb control transfer buffer and lock */

Reported by FlawFinder.

drivers/media/platform/sti/delta/delta-mjpeg-hdr.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 89 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			    unsigned int *data_offset)
{
	struct delta_dev *delta = pctx->dev;
	unsigned char str[200];

	unsigned int ret = 0;
	unsigned int offset = 0;
	unsigned int soi = 0;

Reported by FlawFinder.

drivers/media/usb/pvrusb2/pvrusb2-debugifc.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 110 Column: 7 CWE codes: 126 

              {
	unsigned int kl;
	if (!keyword) return 0;
	kl = strlen(keyword);
	if (kl != count) return 0;
	return !memcmp(buf,keyword,kl);
}

Reported by FlawFinder.

drivers/media/usb/pvrusb2/pvrusb2-dvb.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 366 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (adap->fe[1]) {
		adap->fe[1]->id = 1;
		adap->fe[1]->tuner_priv = adap->fe[0]->tuner_priv;
		memcpy(&adap->fe[1]->ops.tuner_ops,
		       &adap->fe[0]->ops.tuner_ops,
		       sizeof(struct dvb_tuner_ops));

		if (dvb_register_frontend(&adap->dvb_adap, adap->fe[1])) {
			pvr2_trace(PVR2_TRACE_ERROR_LEGS,

Reported by FlawFinder.

drivers/media/usb/pvrusb2/pvrusb2-dvb.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 35 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned int		stream_run:1;

	wait_queue_head_t	buffer_wait_data;
	char			*buffer_storage[PVR2_DVB_BUFFER_COUNT];
};

struct pvr2_dvb_props {
	int (*frontend_attach) (struct pvr2_dvb_adapter *);
	int (*tuner_attach) (struct pvr2_dvb_adapter *);

Reported by FlawFinder.

drivers/media/platform/sti/delta/delta-mjpeg-dec.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 28 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	/* decoded output frame */
	struct delta_frame *out_frame;

	unsigned char str[3000];
};

#define to_ctx(ctx) ((struct delta_mjpeg_ctx *)(ctx)->priv)

static char *ipc_open_param_str(struct jpeg_video_decode_init_params_t *p,

Reported by FlawFinder.

drivers/net/ethernet/cavium/liquidio/request_manager.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 303 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	cmdsize = ((iq->iqcmd_64B) ? 64 : 32);
	iqptr = iq->base_addr + (cmdsize * iq->host_write_index);

	memcpy(iqptr, cmd, cmdsize);
}

static inline struct iq_post_status
__post_command2(struct octeon_instr_queue *iq, u8 *cmd)
{

Reported by FlawFinder.

drivers/media/usb/pvrusb2/pvrusb2-io.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 305 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			nb = kmalloc_array(scnt, sizeof(*nb), GFP_KERNEL);
			if (!nb) return -ENOMEM;
			if (sp->buffer_slot_count) {
				memcpy(nb, sp->buffers,
				       sp->buffer_slot_count * sizeof(*nb));
				kfree(sp->buffers);
			}
			sp->buffers = nb;
			sp->buffer_slot_count = scnt;

Reported by FlawFinder.

drivers/media/platform/sti/delta/delta-debug.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 59 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct delta_dev *delta = ctx->dev;
	struct delta_streaminfo *s = &ctx->streaminfo;
	unsigned char str[100] = "";

	if (!(ctx->flags & DELTA_FLAG_STREAMINFO))
		return;

	dev_dbg(delta->dev, "%s %s, %d frames decoded, %d frames output, %d frames dropped, %d stream errors, %d decode errors",

Reported by FlawFinder.