The following issues were found

drivers/usb/host/uhci-hub.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 410 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		break;
	case GetHubDescriptor:
		retval = min_t(unsigned int, sizeof(root_hub_hub_des), wLength);
		memcpy(buf, root_hub_hub_des, retval);
		if (retval > 2)
			buf[2] = uhci->rh_numports;
		break;
	default:
err:

Reported by FlawFinder.

drivers/usb/host/xhci-mtk-sch.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 70 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static const char *
decode_ep(struct usb_host_endpoint *ep, enum usb_device_speed speed)
{
	static char buf[DBG_BUF_EN];
	struct usb_endpoint_descriptor *epd = &ep->desc;
	unsigned int interval;
	const char *unit;

	interval = usb_decode_interval(epd, speed);

Reported by FlawFinder.

drivers/scsi/snic/snic_io.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 462 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct snic_host_req *req = (struct snic_host_req *) os_buf;
	struct snic_fw_req *fwreq = (struct snic_fw_req *) os_buf;
	struct snic_req_info *rqi = NULL;
	char line[LINE_BUFSZ] = { '\0' };
	char *cmd_str = NULL;

	if (req->hdr.type >= SNIC_RSP_REPORT_TGTS_CMPL)
		rqi = (struct snic_req_info *) fwreq->hdr.init_ctx;
	else

Reported by FlawFinder.

drivers/scsi/snic/snic_disc.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 58 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct list_head list;
	enum snic_tgt_type typ;
	u16 disc_id;
	char *name[SNIC_TGT_NAM_LEN];

	union {
		/*DAS Target specific info */
		/*SAN Target specific info */
		u8 dummmy;

Reported by FlawFinder.

drivers/usb/image/microtek.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 513 Column: 23 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static const u8 mts_read_image_sig[] = { 0x28, 00, 00, 00 };
static const u8 mts_read_image_sig_len = 4;
static const unsigned char mts_direction[256/8] = {
	0x28, 0x81, 0x14, 0x14, 0x20, 0x01, 0x90, 0x77,
	0x0C, 0x20, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

Reported by FlawFinder.

drivers/usb/isp1760/isp1760-core.c
1 issues
syntax error: { . blocks
Error

Line: 127 

               * -  4 blocks @ 8192 bytes
 */
static const struct isp1760_memory_layout isp176x_memory_conf = {
	.blocks[0]		= 32,
	.blocks_size[0]		= 256,
	.blocks[1]		= 20,
	.blocks_size[1]		= 1024,
	.blocks[2]		= 4,
	.blocks_size[2]		= 8192,

Reported by Cppcheck.

drivers/usb/isp1760/isp1760-udc.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 1463 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              			 | ep_num;
		ep->desc = NULL;

		sprintf(ep->name, "ep%u%s", ep_num,
			ep_num ? (is_in ? "in" : "out") : "");

		ep->ep.ops = &isp1760_ep_ops;
		ep->ep.name = ep->name;

Reported by FlawFinder.

drivers/usb/isp1760/isp1760-udc.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 42 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	unsigned int addr;
	unsigned int maxpacket;
	char name[7];

	const struct usb_endpoint_descriptor *desc;

	bool rx_pending;
	bool halted;

Reported by FlawFinder.

drivers/usb/misc/appledisplay.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 210 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct usb_endpoint_descriptor *endpoint;
	int int_in_endpointAddr = 0;
	int retval, brightness;
	char bl_name[20];

	/* set up the endpoint information */
	/* use only the first interrupt-in endpoint */
	retval = usb_find_int_in_endpoint(iface->cur_altsetting, &endpoint);
	if (retval) {

Reported by FlawFinder.

drivers/usb/misc/emi26.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 136 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
		/* intel hex records are terminated with type 0 element */
		while (rec && (i + be16_to_cpu(rec->len) < FW_LOAD_SIZE)) {
			memcpy(buf + i, rec->data, be16_to_cpu(rec->len));
			i += be16_to_cpu(rec->len);
			rec = ihex_next_binrec(rec);
		}
		err = emi26_writememory(dev, addr, buf, i, ANCHOR_LOAD_FPGA);
		if (err < 0)

Reported by FlawFinder.