The following issues were found

drivers/vfio/vfio_iommu_type1.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2776 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				struct vfio_iommu_type1_info_cap_iova_range,
				header);
	iova_cap->nr_iovas = cap_iovas->nr_iovas;
	memcpy(iova_cap->iova_ranges, cap_iovas->iova_ranges,
	       cap_iovas->nr_iovas * sizeof(*cap_iovas->iova_ranges));
	return 0;
}

static int vfio_iommu_iova_build_caps(struct vfio_iommu *iommu,

Reported by FlawFinder.

drivers/vhost/net.c
1 issues
Dangerous assignment - the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.
Error

Line: 475 CWE codes: 562 

              	if (nvq->batched_xdp == 0)
		goto signal_used;

	msghdr->msg_control = &ctl;
	err = sock->ops->sendmsg(sock, msghdr, 0);
	if (unlikely(err < 0)) {
		vq_err(&nvq->vq, "Fail to batch sending packets\n");
		return;
	}

Reported by Cppcheck.

drivers/scsi/ps3rom.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 96 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		__LINE__, opcode);

	memset(&atapi_cmnd, 0, sizeof(struct lv1_atapi_cmnd_block));
	memcpy(&atapi_cmnd.pkt, cmd->cmnd, 12);
	atapi_cmnd.pktlen = 12;
	atapi_cmnd.block_size = 1; /* transfer size is block_size * blocks */
	atapi_cmnd.blocks = atapi_cmnd.arglen = scsi_bufflen(cmd);
	atapi_cmnd.buffer = dev->bounce_lpar;

Reported by FlawFinder.

drivers/video/backlight/adp5520_bl.c
1 issues
sprintf - Does not check for buffer overflows
Security

Line: 148 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (ret < 0)
		return ret;

	return sprintf(buf, "%u\n", reg_val);
}

static ssize_t adp5520_store(struct device *dev, const char *buf,
			 size_t count, int reg)
{

Reported by FlawFinder.

drivers/video/backlight/ams369fg06.c
1 issues
syntax error: { . gamma_22_table
Error

Line: 151 

              };

static struct ams369fg06_gamma gamma_table = {
	.gamma_22_table[0] = (unsigned int *)&ams369fg06_22_50,
	.gamma_22_table[1] = (unsigned int *)&ams369fg06_22_100,
	.gamma_22_table[2] = (unsigned int *)&ams369fg06_22_150,
	.gamma_22_table[3] = (unsigned int *)&ams369fg06_22_200,
	.gamma_22_table[4] = (unsigned int *)&ams369fg06_22_250,
};

Reported by Cppcheck.

drivers/video/backlight/corgi_lcd.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 91 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int	intensity;
	int	power;
	int	mode;
	char	buf[2];

	struct gpio_desc *backlight_on;
	struct gpio_desc *backlight_cont;

	void (*kick_battery)(void);

Reported by FlawFinder.

drivers/video/backlight/lms283gf05.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 106 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void lms283gf05_toggle(struct spi_device *spi,
				const struct lms283gf05_seq *seq, int sz)
{
	char buf[3];
	int i;

	for (i = 0; i < sz; i++) {
		buf[0] = 0x74;
		buf[1] = 0x00;

Reported by FlawFinder.

drivers/video/backlight/otm3225a.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 163 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			   struct otm3225a_spi_instruction *instruction,
			   unsigned int count)
{
	unsigned char buf[3];

	while (count--) {
		/* address register using index register */
		buf[0] = OTM3225A_INDEX_REG;
		buf[1] = 0x00;

Reported by FlawFinder.

drivers/video/console/sticon.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 217 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	p = (unsigned char *) new_font;
	p += sizeof(*new_font);
	for (i = 0; i < op->charcount; i++) {
		memcpy(p, data, bpc);
		data += pitch*32;
		p += bpc;
	}
	FNTCRC(cooked_font) = crc32(0, new_font, size + sizeof(*new_font));
	sti_font_convert_bytemode(sti, cooked_font);

Reported by FlawFinder.

drivers/video/fbdev/platinumfb.c
1 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 326 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	fb_alloc_cmap(&info->cmap, 256, 0);

	/* Fill fix common fields */
	strcpy(info->fix.id, "platinum");
	info->fix.mmio_start = pinfo->platinum_regs_phys;
	info->fix.mmio_len = 0x1000;
	info->fix.type = FB_TYPE_PACKED_PIXELS;
	info->fix.smem_start = pinfo->frame_buffer_phys + 0x20; /* will be updated later */
	info->fix.smem_len = pinfo->total_vram - 0x20;

Reported by FlawFinder.