The following issues were found

drivers/media/pci/cx88/cx88-mpeg.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 292 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              }
EXPORT_SYMBOL(cx8802_cancel_buffers);

static const char *cx88_mpeg_irqs[32] = {
	"ts_risci1", NULL, NULL, NULL,
	"ts_risci2", NULL, NULL, NULL,
	"ts_oflow",  NULL, NULL, NULL,
	"ts_sync",   NULL, NULL, NULL,
	"opc_err", "par_err", "rip_err", "pci_abort",

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 631 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		drv->resume = cx8802_resume_common;
		drv->request_acquire = cx8802_request_acquire;
		drv->request_release = cx8802_request_release;
		memcpy(driver, drv, sizeof(*driver));

		mutex_lock(&drv->core->lock);
		err = drv->probe(driver);
		if (err == 0) {
			i++;

Reported by FlawFinder.

drivers/media/pci/cx88/cx88-input.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 32 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	int users;

	char name[32];
	char phys[32];

	/* sample from gpio pin 16 */
	u32 sampling;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 33 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int users;

	char name[32];
	char phys[32];

	/* sample from gpio pin 16 */
	u32 sampling;

	/* poll external decoder */

Reported by FlawFinder.

drivers/media/cec/core/cec-pin.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 138 Column: 21 CWE codes: 120 20 

              
static bool cec_pin_read(struct cec_pin *pin)
{
	bool v = pin->ops->read(pin->adap);

	cec_pin_update(pin, v, false);
	return v;
}

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1206 Column: 46 CWE codes: 120 20 

              	seq_printf(file, "state: %s\n", states[pin->state].name);
	seq_printf(file, "tx_bit: %d\n", pin->tx_bit);
	seq_printf(file, "rx_bit: %d\n", pin->rx_bit);
	seq_printf(file, "cec pin: %d\n", pin->ops->read(adap));
	seq_printf(file, "cec pin events dropped: %u\n",
		   pin->work_pin_events_dropped_cnt);
	seq_printf(file, "irq failed: %d\n", pin->enable_irq_failed);
	if (pin->timer_100ms_overruns) {
		seq_printf(file, "timer overruns > 100ms: %u of %u\n",

Reported by FlawFinder.

drivers/most/most_usb.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 110 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct most_channel_config *conf;
	struct most_dci_obj *dci;
	u8 *ep_address;
	char description[MAX_STRING_LEN];
	char suffix[MAX_NUM_ENDPOINTS][MAX_SUFFIX_LEN];
	spinlock_t channel_lock[MAX_NUM_ENDPOINTS]; /* sync channel access */
	bool padding_active[MAX_NUM_ENDPOINTS];
	bool is_channel_healthy[MAX_NUM_ENDPOINTS];
	struct clear_hold_work clear_work[MAX_NUM_ENDPOINTS];

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 111 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct most_dci_obj *dci;
	u8 *ep_address;
	char description[MAX_STRING_LEN];
	char suffix[MAX_NUM_ENDPOINTS][MAX_SUFFIX_LEN];
	spinlock_t channel_lock[MAX_NUM_ENDPOINTS]; /* sync channel access */
	bool padding_active[MAX_NUM_ENDPOINTS];
	bool is_channel_healthy[MAX_NUM_ENDPOINTS];
	struct clear_hold_work clear_work[MAX_NUM_ENDPOINTS];
	struct usb_anchor *busy_urbs;

Reported by FlawFinder.

drivers/media/pci/tw686x/tw686x-core.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 74 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
static int tw686x_dma_mode_get(char *buffer, const struct kernel_param *kp)
{
	return sprintf(buffer, "%s", dma_mode_name(dma_mode));
}

static int tw686x_dma_mode_set(const char *val, const struct kernel_param *kp)
{
	if (!strcasecmp(val, dma_mode_name(TW686X_DMA_MODE_MEMCPY)))

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 251 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              		return -ENOMEM;
	dev->type = pci_id->driver_data;
	dev->dma_mode = dma_mode;
	sprintf(dev->name, "tw%04X", pci_dev->device);

	dev->video_channels = kcalloc(max_channels(dev),
		sizeof(*dev->video_channels), GFP_KERNEL);
	if (!dev->video_channels) {
		err = -ENOMEM;

Reported by FlawFinder.

drivers/net/ethernet/3com/3c574_cs.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 454 Column: 12 CWE codes: 362 

              {
	struct net_device *dev = link->priv;

	if (link->open)
		netif_device_detach(dev);

	return 0;
}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 464 Column: 12 CWE codes: 362 

              {
	struct net_device *dev = link->priv;

	if (link->open) {
		tc574_reset(dev);
		netif_device_attach(dev);
	}

	return 0;

Reported by FlawFinder.

drivers/net/ethernet/3com/3c589_cs.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 343 Column: 12 CWE codes: 362 

              {
	struct net_device *dev = link->priv;

	if (link->open)
		netif_device_detach(dev);

	return 0;
}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 353 Column: 12 CWE codes: 362 

              {
	struct net_device *dev = link->priv;

	if (link->open) {
		tc589_reset(dev);
		netif_device_attach(dev);
	}

	return 0;

Reported by FlawFinder.

drivers/mfd/intel-m10-bmc.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 62 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (ret)
		return ret;

	return sprintf(buf, "0x%x\n", val);
}
static DEVICE_ATTR_RO(bmc_version);

static ssize_t bmcfw_version_show(struct device *dev,
				  struct device_attribute *attr, char *buf)

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 77 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (ret)
		return ret;

	return sprintf(buf, "0x%x\n", val);
}
static DEVICE_ATTR_RO(bmcfw_version);

static ssize_t mac_address_show(struct device *dev,
				struct device_attribute *attr, char *buf)

Reported by FlawFinder.

drivers/mfd/intel_soc_pmic_bxtwc.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 336 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              static ssize_t addr_show(struct device *dev,
			 struct device_attribute *attr, char *buf)
{
	return sprintf(buf, "0x%lx\n", bxtwc_reg_addr);
}

static ssize_t addr_store(struct device *dev,
			  struct device_attribute *attr, const char *buf, size_t count)
{

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 362 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              		return -EIO;
	}

	return sprintf(buf, "0x%02x\n", val);
}

static ssize_t val_store(struct device *dev,
			 struct device_attribute *attr, const char *buf, size_t count)
{

Reported by FlawFinder.

drivers/net/ethernet/8390/8390.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 81 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned long rmem_start;
	unsigned long rmem_end;
	void __iomem *mem;
	unsigned char mcfilter[8];
	unsigned open:1;
	unsigned word16:1;		/* We have the 16-bit (vs 8-bit)
					 * version of the card.
					 */
	unsigned bigendian:1;		/* 16-bit big endian mode. Do NOT

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 82 Column: 11 CWE codes: 362 

              	unsigned long rmem_end;
	void __iomem *mem;
	unsigned char mcfilter[8];
	unsigned open:1;
	unsigned word16:1;		/* We have the 16-bit (vs 8-bit)
					 * version of the card.
					 */
	unsigned bigendian:1;		/* 16-bit big endian mode. Do NOT
					 * set this on random 8390 clones!

Reported by FlawFinder.