The following issues were found

drivers/usb/gadget/udc/mv_udc.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 231 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct list_head	queue;
	struct mv_dqh		*dqh;
	u32			direction;
	char			name[14];
	unsigned		stopped:1,
				wedge:1,
				ep_type:2,
				ep_num:8;
};

Reported by FlawFinder.

drivers/usb/gadget/udc/omap_udc.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 144 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct list_head		queue;
	unsigned long			irqs;
	struct list_head		iso;
	char				name[14];
	u16				maxpacket;
	u8				bEndpointAddress;
	u8				bmAttributes;
	unsigned			double_buf:1;
	unsigned			stopped:1;

Reported by FlawFinder.

drivers/usb/gadget/udc/r8a66597-udc.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1838 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int r8a66597_probe(struct platform_device *pdev)
{
	struct device *dev = &pdev->dev;
	char clk_name[8];
	struct resource *ires;
	int irq;
	void __iomem *reg = NULL;
	struct r8a66597 *r8a66597 = NULL;
	int ret = 0;

Reported by FlawFinder.

drivers/usb/gadget/udc/s3c-hsudc.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 107 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               */
struct s3c_hsudc_ep {
	struct usb_ep ep;
	char name[20];
	struct s3c_hsudc *dev;
	struct list_head queue;
	u8 stopped;
	u8 wedge;
	u8 bEndpointAddress;

Reported by FlawFinder.

drivers/usb/gadget/usbstring.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 58 Column: 40 CWE codes: 126 

              		return -EINVAL;

	/* string descriptors have length, tag, then UTF16-LE text */
	len = min((size_t)USB_MAX_STRING_LEN, strlen(s->s));
	len = utf8s_to_utf16s(s->s, len, UTF16_LITTLE_ENDIAN,
			(wchar_t *) &buf[2], USB_MAX_STRING_LEN);
	if (len < 0)
		return -EINVAL;
	buf [0] = (len + 1) * 2;

Reported by FlawFinder.

drivers/usb/host/fhci-hub.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 269 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		}
		break;
	case GetHubDescriptor:
		memcpy(buf, root_hub_des, sizeof(root_hub_des));
		break;
	case GetHubStatus:
		hub_status = (struct usb_hub_status *)buf;
		hub_status->wHubStatus =
		    cpu_to_le16(fhci->vroot_hub->hub.wHubStatus);

Reported by FlawFinder.

drivers/usb/host/fhci-sched.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 54 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	td->status = pkt->status;
	if (td->type == FHCI_TA_IN && td_pkt->info & PKT_DUMMY_PACKET) {
		if ((td->data + td->actual_len) && trans_len)
			memcpy(td->data + td->actual_len, pkt->data,
			       trans_len);
		cq_put(&usb->ep0->dummy_packets_Q, pkt->data);
	}

	recycle_frame(usb, pkt);

Reported by FlawFinder.

drivers/scsi/lpfc/lpfc_sli4.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 493 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct lpfc_hba_eq_hdl {
	uint32_t idx;
	uint16_t irq;
	char handler_name[LPFC_SLI4_HANDLER_NAME_SZ];
	struct lpfc_hba *phba;
	struct lpfc_queue *eq;
	struct cpumask aff_mask;
};

Reported by FlawFinder.

drivers/usb/host/isp1362.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 424 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u16			blk_size;	/* PTD buffer block size for ATL and INTL */
	u8			buf_count;
	u8			buf_avail;
	char			name[16];

	/* for statistical tracking */
	u8			stat_maxptds;	/* Max # of ptds seen simultaneously in fifo */
	u8			ptd_count;	/* number of ptds submitted to this queue */
};

Reported by FlawFinder.

drivers/scsi/snic/vnic_dev.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 647 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	do {
		csum = 0;
		memcpy(&vdev->notify_copy, vdev->notify,
			sizeof(struct vnic_devcmd_notify));
		words = (u32 *)&vdev->notify_copy;
		for (i = 1; i < nwords; i++)
			csum += words[i];
	} while (csum != words[0]);

Reported by FlawFinder.