The following issues were found

drivers/media/pci/bt8xx/bttv.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 341 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct bttv_sub_driver {
	struct device_driver   drv;
	char                   wanted[20];
	int                    (*probe)(struct bttv_sub_device *sub);
	void                   (*remove)(struct bttv_sub_device *sub);
};
#define to_bttv_sub_drv(x) container_of((x), struct bttv_sub_driver, drv)

Reported by FlawFinder.

drivers/mtd/nand/raw/nand_jedec.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 33 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct jedec_ecc_info *ecc;
	bool use_datain = false;
	int jedec_version = 0;
	char id[5];
	int i, val, ret;
	u16 crc;

	memorg = nanddev_get_memorg(&chip->base);

Reported by FlawFinder.

drivers/mtd/nand/raw/pl35x-nand-controller.c
1 issues
syntax error
Error

Line: 763 

              			       NAND_OP_PARSER_PAT_ADDR_ELEM(false, 7),
			       NAND_OP_PARSER_PAT_DATA_OUT_ELEM(false, 2112),
			       NAND_OP_PARSER_PAT_CMD_ELEM(true),
			       NAND_OP_PARSER_PAT_WAITRDY_ELEM(true)),
	);

static int pl35x_nfc_exec_op(struct nand_chip *chip,
			     const struct nand_operation *op,
			     bool check_only)

Reported by Cppcheck.

drivers/media/pci/bt8xx/bttv-gpio.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 34 Column: 12 CWE codes: 126 

              static int bttv_sub_bus_match(struct device *dev, struct device_driver *drv)
{
	struct bttv_sub_driver *sub = to_bttv_sub_drv(drv);
	int len = strlen(sub->wanted);

	if (0 == strncmp(dev_name(dev), sub->wanted, len))
		return 1;
	return 0;
}

Reported by FlawFinder.

drivers/media/i2c/vpx3220.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 35 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct vpx3220 {
	struct v4l2_subdev sd;
	struct v4l2_ctrl_handler hdl;
	unsigned char reg[255];

	v4l2_std_id norm;
	int input;
	int enable;
};

Reported by FlawFinder.

drivers/mtd/nand/raw/sunxi_nand.c
1 issues
syntax error
Error

Line: 1912 

              			       NAND_OP_PARSER_PAT_ADDR_ELEM(true, 8),
			       NAND_OP_PARSER_PAT_DATA_OUT_ELEM(true, 1024),
			       NAND_OP_PARSER_PAT_CMD_ELEM(true),
			       NAND_OP_PARSER_PAT_WAITRDY_ELEM(true)),
);

static const struct nand_op_parser sunxi_nfc_norb_op_parser = NAND_OP_PARSER(
	NAND_OP_PARSER_PATTERN(sunxi_nfc_exec_subop,
			       NAND_OP_PARSER_PAT_CMD_ELEM(true),

Reported by Cppcheck.

drivers/media/i2c/upd64083.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 178 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* Initially assume that a ghost reduction chip is present */
	state->mode = 0;  /* YCS mode */
	state->ext_y_adc = (1 << 5);
	memcpy(state->regs, upd64083_init, TOT_REGS);
	for (i = 0; i < TOT_REGS; i++)
		upd64083_write(sd, i, state->regs[i]);
	return 0;
}

Reported by FlawFinder.

drivers/md/persistent-data/dm-btree.h
1 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 75 Column: 8 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              	 * overwritten with a new one, the old one has the dec method
	 * called _unless_ the new and old value are deemed equal.
	 */
	int (*equal)(void *context, const void *value1, const void *value2);
};

/*
 * The shape and contents of a btree.
 */

Reported by FlawFinder.

drivers/mtd/parsers/afs.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 44 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u32 loadAddress;	/* Address program should be loaded to   */
	u32 length;		/* Actual size of image                  */
	u32 address;		/* Image is executed from here           */
	char name[16];		/* Null terminated                       */
	u32 headerBase;		/* Flash Address of any stripped header  */
	u32 header_length;	/* Length of header in memory            */
	u32 headerType;		/* AIF, RLF, s-record etc.               */
	u32 checksum;		/* Image checksum (inc. this struct)     */
};

Reported by FlawFinder.

drivers/mtd/parsers/bcm47xxpart.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 74 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               */
static int bcm47xxpart_bootpartition(void)
{
	char buf[4];
	int bootpartition;

	/* Check CFE environment variable */
	if (bcm47xx_nvram_getenv("bootpartition", buf, sizeof(buf)) > 0) {
		if (!kstrtoint(buf, 0, &bootpartition))

Reported by FlawFinder.