The following issues were found

drivers/usb/misc/emi62.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 143 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
		/* intel hex records are terminated with type 0 element */
		while (rec && (i + be16_to_cpu(rec->len) < FW_LOAD_SIZE)) {
			memcpy(buf + i, rec->data, be16_to_cpu(rec->len));
			i += be16_to_cpu(rec->len);
			rec = ihex_next_binrec(rec);
		}
		err = emi62_writememory(dev, addr, buf, i, ANCHOR_LOAD_FPGA);
		if (err < 0)

Reported by FlawFinder.

drivers/scsi/smartpqi/smartpqi_sas_transport.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 510 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		le32_to_cpu(smp_buf->parameters.response_length));

	job->reply_len = le16_to_cpu(error_info->sense_data_length);
	memcpy(job->reply, error_info->data,
		le16_to_cpu(error_info->sense_data_length));

	return job->reply_payload.payload_len -
		get_unaligned_le32(&error_info->data_in_transferred);
}

Reported by FlawFinder.

drivers/usb/misc/ldusb.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 248 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			actual_buffer = (size_t *)(dev->ring_buffer + dev->ring_head * (sizeof(size_t)+dev->interrupt_in_endpoint_size));
			/* actual_buffer gets urb->actual_length + interrupt_in_buffer */
			*actual_buffer = urb->actual_length;
			memcpy(actual_buffer+1, dev->interrupt_in_buffer, urb->actual_length);
			dev->ring_head = next_ring_head;
			dev_dbg(&dev->intf->dev, "%s: received %d bytes\n",
				__func__, urb->actual_length);
		} else {
			dev_warn(&dev->intf->dev,

Reported by FlawFinder.

drivers/usb/misc/legousbtower.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 684 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (urb->actual_length > 0) {
		spin_lock_irqsave(&dev->read_buffer_lock, flags);
		if (dev->read_buffer_length + urb->actual_length < read_buffer_size) {
			memcpy(dev->read_buffer + dev->read_buffer_length,
			       dev->interrupt_in_buffer,
			       urb->actual_length);
			dev->read_buffer_length += urb->actual_length;
			dev->read_last_arrival = jiffies;
			dev_dbg(&dev->udev->dev, "%s: received %d bytes\n",

Reported by FlawFinder.

drivers/scsi/sim710.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 193 Column: 18 CWE codes: 126 

              		irq_index = inb(io_addr + 0xc88) & 0x07;
	}

	if(irq_index >= strlen(eisa_irqs)) {
		printk("sim710.c: irq nasty\n");
		return -ENODEV;
	}

	irq = eisa_irqs[irq_index];

Reported by FlawFinder.

drivers/scsi/sd_zbc.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 100 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct scsi_device *sdp = sdkp->device;
	const int timeout = sdp->request_queue->rq_timeout;
	struct scsi_sense_hdr sshdr;
	unsigned char cmd[16];
	unsigned int rep_len;
	int result;

	memset(cmd, 0, 16);
	cmd[0] = ZBC_IN;

Reported by FlawFinder.

drivers/video/fbdev/omap2/omapfb/displays/panel-sony-acx565akm.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 446 Column: 17 CWE codes: 126 

              
	for (i = 0; i < ARRAY_SIZE(cabc_modes); i++) {
		const char *mode_str = cabc_modes[i];
		int cmp_len = strlen(mode_str);

		if (count > 0 && buf[count - 1] == '\n')
			count--;
		if (count != cmp_len)
			continue;

Reported by FlawFinder.

drivers/usb/misc/trancevibrator.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 39 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	struct usb_interface *intf = to_usb_interface(dev);
	struct trancevibrator *tv = usb_get_intfdata(intf);

	return sprintf(buf, "%d\n", tv->speed);
}

static ssize_t speed_store(struct device *dev, struct device_attribute *attr,
			 const char *buf, size_t count)
{

Reported by FlawFinder.

drivers/usb/misc/usbtest.c
1 issues
Dangerous assignment - the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.
Error

Line: 469 CWE codes: 562 

              	int			retval = 0;
	unsigned long		expire;

	urb->context = &completion;
	while (retval == 0 && iterations-- > 0) {
		init_completion(&completion);
		if (usb_pipeout(urb->pipe)) {
			simple_fill_buf(urb);
			urb->transfer_flags |= URB_ZERO_PACKET;

Reported by Cppcheck.

drivers/usb/mon/mon_stat.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 24 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct snap {
	int slen;
	char str[STAT_BUF_SIZE];
};

static int mon_stat_open(struct inode *inode, struct file *file)
{
	struct mon_bus *mbus;

Reported by FlawFinder.