The following issues were found

drivers/mmc/host/mmci.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1471 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		 */
		if (unlikely(count & 0x3)) {
			if (count < 4) {
				unsigned char buf[4];
				ioread32_rep(base + MMCIFIFO, buf, 1);
				memcpy(ptr, buf, count);
			} else {
				ioread32_rep(base + MMCIFIFO, ptr, count >> 2);
				count &= ~0x3;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1473 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			if (count < 4) {
				unsigned char buf[4];
				ioread32_rep(base + MMCIFIFO, buf, 1);
				memcpy(ptr, buf, count);
			} else {
				ioread32_rep(base + MMCIFIFO, ptr, count >> 2);
				count &= ~0x3;
			}
		} else {

Reported by FlawFinder.

drivers/mmc/host/mtk-sd.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1049 Column: 7 CWE codes: 120 20 

              static void msdc_start_data(struct msdc_host *host, struct mmc_request *mrq,
			    struct mmc_command *cmd, struct mmc_data *data)
{
	bool read;

	WARN_ON(host->data);
	host->data = data;
	read = data->flags & MMC_DATA_READ;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1061 Column: 41 CWE codes: 120 20 

              	sdr_set_field(host->base + MSDC_DMA_CTRL, MSDC_DMA_CTRL_START, 1);
	dev_dbg(host->dev, "DMA start\n");
	dev_dbg(host->dev, "%s: cmd=%d DMA data: %d blocks; read=%d\n",
			__func__, cmd->opcode, data->blocks, read);
}

static int msdc_auto_cmd_done(struct msdc_host *host, int events,
		struct mmc_command *cmd)
{

Reported by FlawFinder.

drivers/net/can/usb/peak_usb/pcan_usb_fd.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 513 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (rx_msg_flags & PUCAN_MSG_RTR)
		cfd->can_id |= CAN_RTR_FLAG;
	else
		memcpy(cfd->data, rm->d, cfd->len);

	netdev->stats.rx_packets++;
	netdev->stats.rx_bytes += cfd->len;

	peak_usb_netif_rx(skb, &usb_if->time_ref, le32_to_cpu(rm->ts_low));

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 783 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	tx_msg->flags = cpu_to_le16(tx_msg_flags);
	tx_msg->channel_dlc = PUCAN_MSG_CHANNEL_DLC(dev->ctrl_idx, dlc);
	memcpy(tx_msg->d, cfd->data, cfd->len);

	/* add null size message to tag the end (messages are 32-bits aligned)
	 */
	tx_msg = (struct pucan_tx_msg *)(obuf + tx_msg_size);

Reported by FlawFinder.

drivers/net/can/usb/peak_usb/pcan_usb_pro.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 146 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		*pc++ = va_arg(ap, int);
		*(__le32 *)pc = cpu_to_le32(va_arg(ap, u32));
		pc += 4;
		memcpy(pc, va_arg(ap, int *), i);
		pc += i;
		break;

	case PCAN_USBPRO_SETBTR:
	case PCAN_USBPRO_GETDEVID:

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 542 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (rx->flags & PCAN_USBPRO_RTR)
		can_frame->can_id |= CAN_RTR_FLAG;
	else
		memcpy(can_frame->data, rx->data, can_frame->len);

	hwts = skb_hwtstamps(skb);
	peak_usb_get_ts_time(&usb_if->time_ref, le32_to_cpu(rx->ts32),
			     &hwts->hwtstamp);

Reported by FlawFinder.

drivers/media/dvb-frontends/tda10071.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 227 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	cmd.args[4] = 2;
	cmd.args[5] = 0;
	cmd.args[6] = diseqc_cmd->msg_len;
	memcpy(&cmd.args[7], diseqc_cmd->msg, diseqc_cmd->msg_len);
	cmd.len = 7 + diseqc_cmd->msg_len;
	ret = tda10071_cmd_execute(dev, &cmd);
	if (ret)
		goto error;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1208 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	/* create dvb_frontend */
	memcpy(&dev->fe.ops, &tda10071_ops, sizeof(struct dvb_frontend_ops));
	dev->fe.demodulator_priv = dev;
	i2c_set_clientdata(client, dev);

	/* setup callbacks */
	pdata->get_dvb_frontend = tda10071_get_dvb_frontend;

Reported by FlawFinder.

drivers/mmc/host/mvsdio.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 400 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				u16 val[2] = {0, 0};
				val[0] = mvsd_read(MVSD_FIFO);
				val[1] = mvsd_read(MVSD_FIFO);
				memcpy(p, ((void *)&val) + 4 - s, s);
				s = 0;
				intr_status = mvsd_read(MVSD_NOR_INTR_STATUS);
			}
			if (s == 0) {
				host->intr_en &=

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 439 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (s < 4) {
			if (s && (intr_status & MVSD_NOR_TX_AVAIL)) {
				u16 val[2] = {0, 0};
				memcpy(((void *)&val) + 4 - s, p, s);
				mvsd_write(MVSD_FIFO, val[0]);
				mvsd_write(MVSD_FIFO, val[1]);
				s = 0;
				intr_status = mvsd_read(MVSD_NOR_INTR_STATUS);
			}

Reported by FlawFinder.

drivers/mmc/host/mxcmmc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 553 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (stat)
			return stat;
		tmp = cpu_to_le32(mxcmci_readl(host, MMC_REG_BUFFER_ACCESS));
		memcpy(b, &tmp, bytes);
	}

	return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 580 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (stat)
			return stat;

		memcpy(&tmp, b, bytes);
		mxcmci_writel(host, cpu_to_le32(tmp), MMC_REG_BUFFER_ACCESS);
	}

	return mxcmci_poll_status(host, STATUS_BUF_WRITE_RDY);
}

Reported by FlawFinder.

drivers/mmc/host/mxs-mmc.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 360 Column: 39 CWE codes: 120 20 

              
	struct mxs_ssp *ssp = &host->ssp;

	u32 ignore_crc, get_resp, long_resp, read;
	u32 ctrl0, cmd0, cmd1, val;

	ignore_crc = (mmc_resp_type(cmd) & MMC_RSP_CRC) ?
			0 : BM_SSP_CTRL0_IGNORE_CRC;
	get_resp = (mmc_resp_type(cmd) & MMC_RSP_PRESENT) ?

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 382 Column: 28 CWE codes: 120 20 

              
	ctrl0 = BF_SSP(host->bus_width, CTRL0_BUS_WIDTH) |
		ignore_crc | get_resp | long_resp |
		BM_SSP_CTRL0_DATA_XFER | read |
		BM_SSP_CTRL0_WAIT_FOR_IRQ |
		BM_SSP_CTRL0_ENABLE;

	cmd0 = BF_SSP(cmd->opcode, CMD0_CMD);

Reported by FlawFinder.

drivers/media/usb/uvc/uvc_debugfs.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 24 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct uvc_debugfs_buffer {
	size_t count;
	char data[UVC_DEBUGFS_BUF_SIZE];
};

static int uvc_debugfs_stats_open(struct inode *inode, struct file *file)
{
	struct uvc_streaming *stream = inode->i_private;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 76 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              void uvc_debugfs_init_stream(struct uvc_streaming *stream)
{
	struct usb_device *udev = stream->dev->udev;
	char dir_name[33];

	if (uvc_debugfs_root_dir == NULL)
		return;

	snprintf(dir_name, sizeof(dir_name), "%u-%u-%u", udev->bus->busnum,

Reported by FlawFinder.

drivers/misc/echo/echo.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 256 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
void oslec_snapshot(struct oslec_state *ec)
{
	memcpy(ec->snapshot, ec->fir_taps16[0], ec->taps * sizeof(int16_t));
}
EXPORT_SYMBOL_GPL(oslec_snapshot);

/* Dual Path Echo Canceller */

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 442 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			 * samples
			 */
			ec->adapt = 1;
			memcpy(ec->fir_taps16[0], ec->fir_taps16[1],
			       ec->taps * sizeof(int16_t));
		} else
			ec->cond_met++;
	} else
		ec->cond_met = 0;

Reported by FlawFinder.