The following issues were found

drivers/media/usb/gspca/jeilinj.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 61 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };

struct jlj_command {
	unsigned char instruction[2];
	unsigned char ack_wanted;
	unsigned char delay;
};

/* AFAICT these cameras will only do 320x240. */

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 92 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	if (gspca_dev->usb_err < 0)
		return;
	memcpy(gspca_dev->usb_buf, command, 2);
	retval = usb_bulk_msg(gspca_dev->dev,
			usb_sndbulkpipe(gspca_dev->dev, 3),
			gspca_dev->usb_buf, 2, NULL, 500);
	if (retval < 0) {
		pr_err("command write [%02x] error %d\n",

Reported by FlawFinder.

drivers/mmc/host/bcm2835.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1269 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct mmc_host *mmc = mmc_from_priv(host);
	struct device *dev = &host->pdev->dev;
	char pio_limit_string[20];
	int ret;

	if (!mmc->f_max || mmc->f_max > host->max_clk)
		mmc->f_max = host->max_clk;
	mmc->f_min = host->max_clk / SDCDIV_MAX_CDIV;

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 1348 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
	pio_limit_string[0] = '\0';
	if (host->use_dma && (PIO_THRESHOLD > 0))
		sprintf(pio_limit_string, " (>%d)", PIO_THRESHOLD);
	dev_info(dev, "loaded - DMA %s%s\n",
		 host->use_dma ? "enabled" : "disabled", pio_limit_string);

	return 0;
}

Reported by FlawFinder.

drivers/message/fusion/mptspi.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 566 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto out_free;
	}
	err = 0;
	memcpy(pass_pg0, spi_dev_pg0, size);

	mptspi_print_read_nego(hd, starget, le32_to_cpu(spi_dev_pg0->NegotiatedParameters));

 out_free:
	dma_free_coherent(&ioc->pcidev->dev, size, spi_dev_pg0, spi_dev_pg0_dma);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 895 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	cfg.dir = 1;
	cfg.pageAddr = starget->id;

	memcpy(pg1, pass_pg1, size);

	pg1->Header.PageVersion = hdr.PageVersion;
	pg1->Header.PageLength = hdr.PageLength;
	pg1->Header.PageNumber = hdr.PageNumber;
	pg1->Header.PageType = hdr.PageType;

Reported by FlawFinder.

drivers/net/ethernet/chelsio/cxgb/subr.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 619 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	if (t1_eeprom_vpd_get(adapter, &vpd))
		return 1;
	memcpy(mac_addr, vpd.mac_base_address, 5);
	mac_addr[5] = vpd.mac_base_address[5] + index;
	return 0;
}

/*

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1143 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			       adapter->port[i].dev->name);
			goto error;
		}
		memcpy(adapter->port[i].dev->dev_addr, hw_addr, ETH_ALEN);
		init_link_config(&adapter->port[i].link_config, bi);
	}

	get_pci_mode(adapter, &adapter->params.pci);
	t1_interrupts_clear(adapter);

Reported by FlawFinder.

drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 452 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	int ret;
	u32 tmp;
	char tsin_pin_name[MAX_NAME];

	if (!fei || !tsin)
		return -EINVAL;

	dev_dbg(fei->dev, "%s:%d Configuring channel=%p tsin=%d\n"

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1070 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		seg_num, phdr->p_paddr, phdr->p_filesz,
		dst, phdr->p_memsz);

	memcpy((void __force *)dst, (void *)fw->data + phdr->p_offset,
		phdr->p_filesz);

	memset((void __force *)dst + phdr->p_filesz, 0,
		phdr->p_memsz - phdr->p_filesz);
}

Reported by FlawFinder.

drivers/net/can/usb/etas_es58x/es58x_fd.c
2 issues
Uninitialized variable: rx_event_msg
Error

Line: 174 CWE codes: 908 

              	const struct es58x_fd_rx_event_msg *rx_event_msg;
	int ret;

	ret = es58x_check_msg_len(es58x_dev->dev, *rx_event_msg, msg_len);
	if (ret)
		return ret;

	rx_event_msg = &es58x_fd_urb_cmd->rx_event_msg;

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 369 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		tx_can_msg->len = cf->len;
	else
		tx_can_msg->dlc = can_get_cc_dlc(cf, priv->can.ctrlmode);
	memcpy(tx_can_msg->data, cf->data, cf->len);

	/* Calculate new sizes */
	msg_len += es58x_fd_sizeof_rx_tx_msg(*tx_can_msg);
	priv->tx_urb->transfer_buffer_length = es58x_get_urb_cmd_len(es58x_dev,
								     msg_len);

Reported by FlawFinder.

drivers/media/usb/uvc/uvc_ctrl.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1539 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			ret = 0;

		if (rollback || ret < 0)
			memcpy(uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT),
			       uvc_ctrl_data(ctrl, UVC_CTRL_DATA_BACKUP),
			       ctrl->info.size);

		ctrl->dirty = 0;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1689 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	/* Backup the current value in case we need to rollback later. */
	if (!ctrl->dirty) {
		memcpy(uvc_ctrl_data(ctrl, UVC_CTRL_DATA_BACKUP),
		       uvc_ctrl_data(ctrl, UVC_CTRL_DATA_CURRENT),
		       ctrl->info.size);
	}

	mapping->set(mapping, value,

Reported by FlawFinder.

drivers/mmc/host/meson-mx-sdhc-clkc.c
2 issues
Dangerous assignment - the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.
Error

Line: 68 CWE codes: 562 

              	init.parent_data = parents;
	init.num_parents = num_parents;

	hw->init = &init;

	return devm_clk_hw_register(dev, hw);
}

static int meson_mx_sdhc_gate_clk_hw_register(struct device *dev,

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 57 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              					 struct clk_hw *hw)
{
	struct clk_init_data init = { };
	char clk_name[32];

	snprintf(clk_name, sizeof(clk_name), "%s#%s", dev_name(dev),
		 name_suffix);

	init.name = clk_name;

Reported by FlawFinder.

drivers/media/platform/exynos4-is/fimc-lite.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 486 Column: 38 CWE codes: 362 

              
	mutex_lock(&me->graph_obj.mdev->graph_mutex);

	ret = fimc_pipeline_call(&fimc->ve, open, me, true);

	/* Mark video pipeline ending at this video node as in use. */
	if (ret == 0)
		me->use_count++;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 1573 Column: 32 CWE codes: 362 

              		return 0;

	INIT_LIST_HEAD(&fimc->active_buf_q);
	fimc_pipeline_call(&fimc->ve, open,
			   &fimc->ve.vdev.entity, false);
	fimc_lite_hw_init(fimc, atomic_read(&fimc->out_path) == FIMC_IO_ISP);
	clear_bit(ST_FLITE_SUSPENDED, &fimc->state);

	for (i = 0; i < fimc->reqbufs_count; i++) {

Reported by FlawFinder.

drivers/net/ethernet/cisco/enic/enic.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 50 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct enic_msix_entry {
	int requested;
	char devname[IFNAMSIZ + 8];
	irqreturn_t (*isr)(int, void *);
	void *devid;
	cpumask_var_t affinity_mask;
};

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 96 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct enic_port_profile {
	u32 set;
	u8 request;
	char name[PORT_PROFILE_MAX];
	u8 instance_uuid[PORT_UUID_MAX];
	u8 host_uuid[PORT_UUID_MAX];
	u8 vf_mac[ETH_ALEN];
	u8 mac_addr[ETH_ALEN];
};

Reported by FlawFinder.