The following issues were found

drivers/usb/storage/karma.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 103 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	usb_stor_dbg(us, "sending command %04x\n", cmd);
	memset(us->iobuf, 0, RIO_SEND_LEN);
	memcpy(us->iobuf, RIO_PREFIX, RIO_PREFIX_LEN);
	us->iobuf[5] = cmd;
	us->iobuf[6] = seq;

	timeout = jiffies + msecs_to_jiffies(6000);
	for (;;) {

Reported by FlawFinder.

drivers/scsi/qla2xxx/qla_target.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 866 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int state;
	struct work_struct work;
	/* Sense buffer that will be mapped into outgoing status */
	unsigned char sense_buffer[TRANSPORT_SENSE_BUFFER];

	spinlock_t cmd_lock;
	/* to save extra sess dereferences */
	unsigned int conf_compl_supported:1;
	unsigned int sg_mapped:1;

Reported by FlawFinder.

drivers/usb/storage/scsiglue.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 32 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              extern void usb_stor_host_template_init(struct scsi_host_template *sht,
					const char *name, struct module *owner);

extern unsigned char usb_stor_sense_invalidCDB[18];

#endif

Reported by FlawFinder.

drivers/scsi/qla2xxx/qla_nx.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2688 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		/* Go with burst-write. */
		if (optrom && (liter + OPTROM_BURST_DWORDS) <= dwords) {
			/* Copy data to DMA'ble buffer. */
			memcpy(optrom, dwptr, OPTROM_BURST_SIZE);

			ret = qla2x00_load_ram(vha, optrom_dma,
			    (ha->flash_data_off | faddr),
			    OPTROM_BURST_DWORDS);
			if (ret != QLA_SUCCESS) {

Reported by FlawFinder.

drivers/scsi/qla2xxx/qla_devtbl.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 7 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              /*
 * Adapter model names and descriptions.
 */
static char *qla2x00_model_name[QLA_MODEL_NAMES*2] = {
	"QLA2340",	"133MHz PCI-X to 2Gb FC, Single Channel",	/* 0x100 */
	"QLA2342",	"133MHz PCI-X to 2Gb FC, Dual Channel",		/* 0x101 */
	"QLA2344",	"133MHz PCI-X to 2Gb FC, Quad Channel",		/* 0x102 */
	"QCP2342",	"cPCI to 2Gb FC, Dual Channel",			/* 0x103 */
	"QSB2340",	"SBUS to 2Gb FC, Single Channel",		/* 0x104 */

Reported by FlawFinder.

drivers/usb/storage/usb.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 125 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	/* SCSI interfaces */
	struct scsi_cmnd	*srb;		 /* current srb		*/
	unsigned int		tag;		 /* current dCBWTag	*/
	char			scsi_name[32];	 /* scsi_host name	*/

	/* control and bulk communications data */
	struct urb		*current_urb;	 /* USB requests	 */
	struct usb_ctrlrequest	*cr;		 /* control requests	 */
	struct usb_sg_request	current_sg;	 /* scatter-gather req.  */

Reported by FlawFinder.

drivers/usb/typec/bus.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 301 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              {
	struct typec_altmode *alt = to_typec_altmode(dev);

	return sprintf(buf, "%s\n", alt->desc ? alt->desc : "");
}
static DEVICE_ATTR_RO(description);

static struct attribute *typec_attrs[] = {
	&dev_attr_description.attr,

Reported by FlawFinder.

drivers/usb/typec/bus.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 19 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	enum typec_port_data		roles;

	struct attribute		*attrs[5];
	char				group_name[8];
	struct attribute_group		group;
	const struct attribute_group	*groups[2];

	struct altmode			*partner;
	struct altmode			*plug[2];

Reported by FlawFinder.

drivers/video/fbdev/omap2/omapfb/omapfb-main.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 2540 Column: 18 CWE codes: 126 

              		goto cleanup;
	}

	if (def_mode && strlen(def_mode) > 0) {
		if (omapfb_parse_def_modes(fbdev))
			dev_warn(&pdev->dev, "cannot parse default modes\n");
	} else if (def_display && def_display->driver->set_timings &&
			def_display->driver->check_timings) {
		struct omap_video_timings t;

Reported by FlawFinder.

drivers/usb/typec/ucsi/ucsi.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 49 Column: 8 CWE codes: 120 20 

               * return immediately after sending the data to the PPM.
 */
struct ucsi_operations {
	int (*read)(struct ucsi *ucsi, unsigned int offset,
		    void *val, size_t val_len);
	int (*sync_write)(struct ucsi *ucsi, unsigned int offset,
			  const void *val, size_t val_len);
	int (*async_write)(struct ucsi *ucsi, unsigned int offset,
			   const void *val, size_t val_len);

Reported by FlawFinder.