The following issues were found

drivers/media/pci/cx25821/cx25821-video.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 429 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
	strscpy(cap->driver, "cx25821", sizeof(cap->driver));
	strscpy(cap->card, cx25821_boards[dev->board].name, sizeof(cap->card));
	sprintf(cap->bus_info, "PCIe:%s", pci_name(dev->pci));
	cap->capabilities = V4L2_CAP_VIDEO_CAPTURE | V4L2_CAP_VIDEO_OUTPUT |
			    V4L2_CAP_READWRITE | V4L2_CAP_STREAMING |
			    V4L2_CAP_DEVICE_CAPS;
	return 0;
}

Reported by FlawFinder.

drivers/media/pci/cx25821/cx25821-i2c.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 323 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void cx25821_av_clk(struct cx25821_dev *dev, int enable)
{
	/* write 0 to bus 2 addr 0x144 via i2x_xfer() */
	char buffer[3];
	struct i2c_msg msg;
	dprintk(1, "%s(enabled = %d)\n", __func__, enable);

	/* Register 0x144 */
	buffer[0] = 0x01;

Reported by FlawFinder.

drivers/mtd/lpddr/qinfo_probe.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 175 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!retlpddr)
		return NULL;

	memcpy(retlpddr, &lpddr, sizeof(struct lpddr_private));

	retlpddr->numchips = numvirtchips;
	retlpddr->chipshift = retlpddr->qinfo->DevSizeShift -
				__ffs(retlpddr->qinfo->HWPartsNum);

Reported by FlawFinder.

drivers/mtd/maps/dc21285.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 77 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
static void dc21285_copy_from(struct map_info *map, void *to, unsigned long from, ssize_t len)
{
	memcpy(to, (void*)(map->virt + from), len);
}

static void dc21285_write8(struct map_info *map, const map_word d, unsigned long adr)
{
	if (machine_is_netwinder())

Reported by FlawFinder.

drivers/md/dm-log.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 623 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		log_clear_bit(lc, lc->clean_bits, i);

	/* copy clean across to sync */
	memcpy(lc->sync_bits, lc->clean_bits, size);
	lc->sync_count = memweight(lc->clean_bits,
				lc->bitset_uint32_count * sizeof(uint32_t));
	lc->sync_search = 0;

	/* set the correct number of regions in the header */

Reported by FlawFinder.

drivers/mtd/maps/physmap-core.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 550 Column: 22 CWE codes: 120 20 

              		 * implemented. Since map->read() is mandatory checking for its
		 * presence is enough.
		 */
		if (!info->maps[i].read)
			simple_map_init(&info->maps[i]);
#else
		simple_map_init(&info->maps[i]);
#endif

Reported by FlawFinder.

drivers/media/pci/cx23885/cx23885-video.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 637 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	strscpy(cap->driver, "cx23885", sizeof(cap->driver));
	strscpy(cap->card, cx23885_boards[dev->board].name,
		sizeof(cap->card));
	sprintf(cap->bus_info, "PCIe:%s", pci_name(dev->pci));
	cap->capabilities = V4L2_CAP_READWRITE | V4L2_CAP_STREAMING |
			    V4L2_CAP_AUDIO | V4L2_CAP_VBI_CAPTURE |
			    V4L2_CAP_VIDEO_CAPTURE |
			    V4L2_CAP_DEVICE_CAPS;
	switch (dev->board) { /* i2c device tuners */

Reported by FlawFinder.

drivers/mtd/mtdpstore.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 552 Column: 6 CWE codes: 126 

              	if (unlikely(ret))
		return ret;

	if (strlen(info->device) == 0) {
		pr_err("mtd device must be supplied (device name is empty)\n");
		return -EINVAL;
	}
	if (!info->kmsg_size) {
		pr_err("no backend enabled (kmsg_size is 0)\n");

Reported by FlawFinder.

drivers/net/ethernet/chelsio/cxgb4vf/t4vf_common.h
1 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 280 Column: 6 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              	u64 cmd[MBOX_LEN / 8];		/* a Firmware Mailbox Command/Reply */
	u64 timestamp;			/* OS-dependent timestamp */
	u32 seqno;			/* sequence number */
	s16 access;			/* time (ms) to access mailbox */
	s16 execute;			/* time (ms) to execute */
};

struct mbox_cmd_log {
	unsigned int size;		/* number of entries in the log */

Reported by FlawFinder.

drivers/media/pci/cx23885/cimax2.h
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 29 Column: 21 CWE codes: 362 

              extern int netup_ci_slot_ts_ctl(struct dvb_ca_en50221 *en50221, int slot);
extern int netup_ci_slot_status(struct cx23885_dev *dev, u32 pci_status);
extern int netup_poll_ci_slot_status(struct dvb_ca_en50221 *en50221,
						int slot, int open);
extern int netup_ci_init(struct cx23885_tsport *port);
extern void netup_ci_exit(struct cx23885_tsport *port);

#endif

Reported by FlawFinder.