The following issues were found

drivers/staging/fbtft/fb_ili9320.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 27 Column: 16 CWE codes: 120 20 

              	u8 rxbuf[8] = {0, };

	write_reg(par, 0x0000);
	par->fbtftops.read(par, rxbuf, 4);
	return (rxbuf[2] << 8) | rxbuf[3];
}

static int init_display(struct fbtft_par *par)
{

Reported by FlawFinder.

drivers/staging/fbtft/fb_agm1264k-fl.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 39 Column: 21 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define DIFFUSING_MATRIX_WIDTH	2
#define DIFFUSING_MATRIX_HEIGHT	2

static const signed char
diffusing_matrix[DIFFUSING_MATRIX_WIDTH][DIFFUSING_MATRIX_HEIGHT] = {
	{-1, 3},
	{3, 2},
};

Reported by FlawFinder.

drivers/staging/emxx_udc/emxx_udc.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 547 Column: 12 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              /* USB register access structure */
union usb_reg_access {
	struct {
		unsigned char	DATA[4];
	} byte;
	unsigned int		dw;
};

/*-------------------------------------------------------------------------*/

Reported by FlawFinder.

drivers/staging/rtl8192u/ieee80211/dot11d.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 95 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	UPDATE_CIE_SRC(dev, pTaddr);

	dot11d_info->country_ie_len = CoutryIeLen;
	memcpy(dot11d_info->country_ie_buf, pCoutryIe, CoutryIeLen);
	dot11d_info->state = DOT11D_STATE_LEARNED;
}
EXPORT_SYMBOL(dot11d_update_country_ie);

u8 dot11d_get_max_tx_pwr_in_dbm(struct ieee80211_device *dev, u8 Channel)

Reported by FlawFinder.

drivers/staging/rtl8192u/ieee80211/ieee80211_crypt.h
1 issues
crypt - The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment
Security

Line: 84 Column: 39 CWE codes: 327
Suggestion: Use a different algorithm, such as SHA-256, with a larger, non-repeating salt 

              void ieee80211_crypt_deinit_entries(struct ieee80211_device *ieee, int force);
void ieee80211_crypt_deinit_handler(struct timer_list *t);
void ieee80211_crypt_delayed_deinit(struct ieee80211_device *ieee,
				    struct ieee80211_crypt_data **crypt);

#endif

Reported by FlawFinder.

drivers/ssb/pcmcia.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 608 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return -EINVAL;
	if (tuple->TupleData[1] != ETH_ALEN)
		return -EINVAL;
	memcpy(sprom->il0mac, &tuple->TupleData[2], ETH_ALEN);
	return 0;
};

static int ssb_pcmcia_do_get_invariants(struct pcmcia_device *p_dev,
					tuple_t *tuple,

Reported by FlawFinder.

drivers/ssb/host_soc.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 179 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              int ssb_host_soc_get_invariants(struct ssb_bus *bus,
				struct ssb_init_invariants *iv)
{
	char buf[20];
	int len, err;

	/* Fill boardinfo structure */
	memset(&iv->boardinfo, 0, sizeof(struct ssb_boardinfo));

Reported by FlawFinder.

drivers/ssb/driver_chipcommon_pmu.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 324 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	if (bus->bustype == SSB_BUSTYPE_SSB) {
#ifdef CONFIG_BCM47XX
		char buf[20];
		if (bcm47xx_nvram_getenv("xtalfreq", buf, sizeof(buf)) >= 0)
			crystalfreq = simple_strtoul(buf, NULL, 0);
#endif
	}

Reported by FlawFinder.

drivers/staging/rtl8192u/r8192U.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 472 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		unsigned char page;
		unsigned char length;
	} head;
	unsigned char buf[0xff];
} rtl_reg_debug;

typedef struct _rt_9x_tx_rate_history {
	u32             cck[4];
	u32             ofdm[8];

Reported by FlawFinder.

drivers/staging/rtl8712/ieee80211.h
1 issues
crypt - The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment
Security

Line: 95 Column: 5 CWE codes: 327
Suggestion: Use a different algorithm, such as SHA-256, with a larger, non-repeating salt 

              			u8 seq[8]; /* sequence counter (set: RX, get: TX) */
			u16 key_len;
			u8 key[0];
		} crypt;
	} u;
};

#define MIN_FRAG_THRESHOLD     256U
#define	MAX_FRAG_THRESHOLD     2346U

Reported by FlawFinder.