The following issues were found

sound/soc/intel/catpt/ipc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 38 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!ipc->rx.data)
		return -ENOMEM;

	memcpy(&ipc->config, config, sizeof(*config));
	ipc->ready = true;

	return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 118 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		reply->header = ipc->rx.header;

		if (!ret && reply->data)
			memcpy(reply->data, ipc->rx.data, reply->size);
	}

	return ret;
}

Reported by FlawFinder.

sound/soc/intel/catpt/messages.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 87 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	/* re-arrange the input: account for flex array 'entries' */
	memcpy(payload, &input, sizeof(input));
	memmove(payload + off + arrsz, payload + off, sizeof(input) - off);
	memcpy(payload + off, modules, arrsz);

	request.header = msg.val;
	request.size = size;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 89 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* re-arrange the input: account for flex array 'entries' */
	memcpy(payload, &input, sizeof(input));
	memmove(payload + off + arrsz, payload + off, sizeof(input) - off);
	memcpy(payload + off, modules, arrsz);

	request.header = msg.val;
	request.size = size;
	request.data = payload;
	reply.size = sizeof(*sinfo);

Reported by FlawFinder.

sound/soc/intel/catpt/sysfs.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 38 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              {
	struct catpt_dev *cdev = dev_get_drvdata(dev);

	return sprintf(buf, "%s\n", cdev->ipc.config.fw_info);
}
static DEVICE_ATTR_RO(fw_info);

static struct attribute *catpt_attrs[] = {
	&dev_attr_fw_version.attr,

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 28 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (ret)
		return CATPT_IPC_ERROR(ret);

	return sprintf(buf, "%d.%d.%d.%d\n", version.type, version.major,
		       version.minor, version.build);
}
static DEVICE_ATTR_RO(fw_version);

static ssize_t fw_info_show(struct device *dev,

Reported by FlawFinder.

sound/soc/intel/common/sst-dsp.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 64 Column: 18 CWE codes: 120 20 

              	u32 val;

	spin_lock_irqsave(&sst->spinlock, flags);
	val = sst->ops->read(sst->addr.shim, offset);
	spin_unlock_irqrestore(&sst->spinlock, flags);

	return val;
}
EXPORT_SYMBOL_GPL(sst_dsp_shim_read);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 79 Column: 19 CWE codes: 120 20 

              
u32 sst_dsp_shim_read_unlocked(struct sst_dsp *sst, u32 offset)
{
	return sst->ops->read(sst->addr.shim, offset);
}
EXPORT_SYMBOL_GPL(sst_dsp_shim_read_unlocked);

int sst_dsp_shim_update_bits_unlocked(struct sst_dsp *sst, u32 offset,
				u32 mask, u32 value)

Reported by FlawFinder.

sound/soc/intel/skylake/bxt-sst.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 70 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		}

		dma_id = stream_tag - 1;
		memcpy(dmab.area, stripped_fw.data, stripped_fw.size);

		ctx->dsp_ops.trigger(ctx->dev, true, stream_tag);
		ret = skl_sst_ipc_load_library(&skl->ipc, dma_id, i, true);
		if (ret < 0)
			dev_err(ctx->dev, "IPC Load Lib for %s fail: %d\n",

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 107 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	ctx->dsp_ops.stream_tag = stream_tag;
	memcpy(ctx->dmab.area, fwdata, fwsize);

	/* Step 1: Power up core 0 and core1 */
	ret = skl_dsp_core_power_up(ctx, SKL_DSP_CORE0_MASK |
				SKL_DSP_CORE_MASK(1));
	if (ret < 0) {

Reported by FlawFinder.

sound/soc/intel/skylake/skl-ssp-clk.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 150 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return -ENOMEM;

	/* copy blob */
	memcpy(i2s_config, sp_cfg->caps, sp_cfg->size);

	/* copy additional dma controls information */
	memcpy(i2s_config + sp_cfg->size, data, size);

	node_id = ((SKL_DMA_I2S_LINK_INPUT_CLASS << 8) | (vbus_id << 4));

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 153 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	memcpy(i2s_config, sp_cfg->caps, sp_cfg->size);

	/* copy additional dma controls information */
	memcpy(i2s_config + sp_cfg->size, data, size);

	node_id = ((SKL_DMA_I2S_LINK_INPUT_CLASS << 8) | (vbus_id << 4));
	ret = skl_dsp_set_dma_control(skl, (u32 *)i2s_config,
					i2s_config_size, node_id);
	kfree(i2s_config);

Reported by FlawFinder.

sound/soc/intel/skylake/skl-sst-cldma.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 204 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (ctx->cl_dev.dma_buffer_offset + size > ctx->cl_dev.bufsize) {
		unsigned int size_b = ctx->cl_dev.bufsize -
					ctx->cl_dev.dma_buffer_offset;
		memcpy(ctx->cl_dev.dmab_data.area + ctx->cl_dev.dma_buffer_offset,
			curr_pos, size_b);
		size -= size_b;
		curr_pos += size_b;
		ctx->cl_dev.dma_buffer_offset = 0;
	}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 211 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		ctx->cl_dev.dma_buffer_offset = 0;
	}

	memcpy(ctx->cl_dev.dmab_data.area + ctx->cl_dev.dma_buffer_offset,
			curr_pos, size);

	if (ctx->cl_dev.curr_spib_pos == ctx->cl_dev.bufsize)
		ctx->cl_dev.dma_buffer_offset = 0;
	else

Reported by FlawFinder.

net/sched/sch_ets.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 126 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	qopt.parent = sch->parent;
	qopt.replace_params.bands = q->nbands;
	qopt.replace_params.qstats = &sch->qstats;
	memcpy(&qopt.replace_params.priomap,
	       q->prio2band, sizeof(q->prio2band));

	for (i = 0; i < q->nbands; i++)
		q_sum += q->classes[i].quantum;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 664 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	q->nbands = nbands;
	q->nstrict = nstrict;
	memcpy(q->prio2band, priomap, sizeof(priomap));

	for (i = q->nbands; i < oldbands; i++)
		qdisc_tree_flush_backlog(q->classes[i].qdisc);

	for (i = 0; i < q->nbands; i++)

Reported by FlawFinder.

sound/soc/qcom/qdsp6/q6adm.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 325 Column: 35 CWE codes: 362 

              			     int port_id, int path, int topology,
			     int channel_mode, int bit_width, int rate)
{
	struct q6adm_cmd_device_open_v5 *open;
	int afe_port = q6afe_get_port_id(port_id);
	struct apr_pkt *pkt;
	void *p;
	int ret, pkt_size;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 331 Column: 36 CWE codes: 362 

              	void *p;
	int ret, pkt_size;

	pkt_size = APR_HDR_SIZE + sizeof(*open);
	p = kzalloc(pkt_size, GFP_KERNEL);
	if (!p)
		return -ENOMEM;

	pkt = p;

Reported by FlawFinder.

sound/soc/sh/fsi.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 1844 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	};

	for (i = 0; i < ARRAY_SIZE(of_parse_property); i++) {
		sprintf(prop, "%s,%s", name, of_parse_property[i].name);
		if (of_get_property(np, prop, NULL))
			flags |= of_parse_property[i].val;
	}
	info->flags = flags;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1832 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			 struct device *dev)
{
	int i;
	char prop[128];
	unsigned long flags = 0;
	struct {
		char *name;
		unsigned int val;
	} of_parse_property[] = {

Reported by FlawFinder.