The following issues were found

drivers/net/ethernet/atheros/alx/ethtool.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 297 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	alx_update_hw_stats(hw);
	BUILD_BUG_ON(sizeof(hw->stats) - offsetof(struct alx_hw_stats, rx_ok) <
		     ALX_NUM_STATS * sizeof(u64));
	memcpy(data, &hw->stats.rx_ok, ALX_NUM_STATS * sizeof(u64));

	spin_unlock(&alx->stats_lock);
}

static void alx_get_strings(struct net_device *netdev, u32 stringset, u8 *buf)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 306 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              {
	switch (stringset) {
	case ETH_SS_STATS:
		memcpy(buf, &alx_gstrings_stats, sizeof(alx_gstrings_stats));
		break;
	default:
		WARN_ON(1);
		break;
	}

Reported by FlawFinder.

drivers/net/ethernet/dec/tulip/de2104x.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 344 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };
MODULE_DEVICE_TABLE(pci, de_pci_tbl);

static const char * const media_name[DE_MAX_MEDIA] = {
	"10baseT auto",
	"BNC",
	"AUI",
	"10baseT-HD",
	"10baseT-FD"

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1667 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if ((eeprom->offset != 0) || (eeprom->magic != 0) ||
	    (eeprom->len != DE_EEPROM_SIZE))
		return -EINVAL;
	memcpy(data, de->ee_data, eeprom->len);

	return 0;
}

static int de_nway_reset(struct net_device *dev)

Reported by FlawFinder.

drivers/media/dvb-frontends/mt312.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 106 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	buf[0] = reg;
	memcpy(&buf[1], src, count);

	msg.addr = state->config->demod_address;
	msg.flags = 0;
	msg.buf = buf;
	msg.len = count + 1;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 796 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto error;

	/* create dvb_frontend */
	memcpy(&state->frontend.ops, &mt312_ops,
		sizeof(struct dvb_frontend_ops));
	state->frontend.demodulator_priv = state;

	switch (state->id) {
	case ID_VP310:

Reported by FlawFinder.

drivers/mtd/nand/raw/hisi504_nand.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 377 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              {
	struct hinfc_host *host = nand_get_controller_data(chip);

	memcpy(host->buffer + host->offset, buf, len);
	host->offset += len;
}

static void hisi_nfc_read_buf(struct nand_chip *chip, uint8_t *buf, int len)
{

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 385 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              {
	struct hinfc_host *host = nand_get_controller_data(chip);

	memcpy(buf, host->buffer + host->offset, len);
	host->offset += len;
}

static void set_addr(struct mtd_info *mtd, int column, int page_addr)
{

Reported by FlawFinder.

drivers/mtd/nand/raw/lpc32xx_mlc.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 494 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	if (use_dma && !dma_mapped)
		memcpy(buf, dma_buf, mtd->writesize);

	return 0;
}

static int lpc32xx_write_page_lowlevel(struct nand_chip *chip,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 512 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	if (use_dma && (void *)buf >= high_memory) {
		dma_buf = host->dma_buf;
		memcpy(dma_buf, buf, mtd->writesize);
	}

	nand_prog_page_begin_op(chip, page, 0, NULL, 0);

	for (i = 0; i < host->mlcsubpages; i++) {

Reported by FlawFinder.

drivers/net/ethernet/chelsio/cxgb/cphy.h
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 45 Column: 9 CWE codes: 120 20 

              
struct mdio_ops {
	void (*init)(adapter_t *adapter, const struct board_info *bi);
	int  (*read)(struct net_device *dev, int phy_addr, int mmd_addr,
		     u16 reg_addr);
	int  (*write)(struct net_device *dev, int phy_addr, int mmd_addr,
		      u16 reg_addr, u16 val);
	unsigned mode_support;
};

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 150 Column: 35 CWE codes: 120 20 

              		phy->mdio.prtad = phy_addr;
		phy->mdio.mmds = phy_ops->mmds;
		phy->mdio.mode_support = mdio_ops->mode_support;
		phy->mdio.mdio_read = mdio_ops->read;
		phy->mdio.mdio_write = mdio_ops->write;
	}
	phy->mdio.dev = dev;
}

Reported by FlawFinder.

drivers/net/ethernet/atheros/atl1e/atl1e_ethtool.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 237 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		}
	}

	memcpy(bytes, (u8 *)eeprom_buff + (eeprom->offset & 3),
			eeprom->len);
	kfree(eeprom_buff);

	return ret_val;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 290 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	/* Device's eeprom is always little-endian, word addressable */
	memcpy(ptr, bytes, eeprom->len);

	for (i = 0; i < last_dword - first_dword + 1; i++) {
		if (!atl1e_write_eeprom(hw, ((first_dword + i) * 4),
				  eeprom_buff[i])) {
			ret_val = -EIO;

Reported by FlawFinder.

drivers/net/ethernet/atheros/atl1e/atl1e_hw.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 90 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	*(u16 *) &eth_addr[0] = swab16(*(u16 *)&addr[1]);

	if (is_valid_ether_addr(eth_addr)) {
		memcpy(hw->perm_mac_addr, eth_addr, ETH_ALEN);
		return 0;
	}

	return AT_ERR_EEPROM;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 145 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	err = atl1e_get_permanent_address(hw);
	if (err)
		return AT_ERR_EEPROM;
	memcpy(hw->mac_addr, hw->perm_mac_addr, sizeof(hw->perm_mac_addr));
	return 0;
}

/*
 * atl1e_hash_mc_addr

Reported by FlawFinder.

drivers/media/v4l2-core/v4l2-mem2mem.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 1027 Column: 8 CWE codes: 126 

              		entity->info.dev.major = VIDEO_MAJOR;
		entity->info.dev.minor = vdev->minor;
	}
	len = strlen(vdev->name) + 2 + strlen(m2m_entity_name[type]);
	name = kmalloc(len, GFP_KERNEL);
	if (!name)
		return -ENOMEM;
	snprintf(name, len, "%s-%s", vdev->name, m2m_entity_name[type]);
	entity->name = name;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 1027 Column: 33 CWE codes: 126 

              		entity->info.dev.major = VIDEO_MAJOR;
		entity->info.dev.minor = vdev->minor;
	}
	len = strlen(vdev->name) + 2 + strlen(m2m_entity_name[type]);
	name = kmalloc(len, GFP_KERNEL);
	if (!name)
		return -ENOMEM;
	snprintf(name, len, "%s-%s", vdev->name, m2m_entity_name[type]);
	entity->name = name;

Reported by FlawFinder.

drivers/misc/ibmasm/r_heartbeat.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 24 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #pragma pack(1)
static struct {
	struct dot_command_header	header;
	unsigned char			command[3];
} rhb_dot_cmd = {
	.header = {
		.type =		sp_read,
		.command_size = 3,
		.data_size =	0,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 59 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return -ENOMEM;

	while (times_failed < 3) {
		memcpy(cmd->buffer, (void *)&rhb_dot_cmd, sizeof rhb_dot_cmd);
		cmd->status = IBMASM_CMD_PENDING;
		ibmasm_exec_command(sp, cmd);
		ibmasm_wait_for_response(cmd, IBMASM_CMD_TIMEOUT_NORMAL);

		if (cmd->status != IBMASM_CMD_COMPLETE)

Reported by FlawFinder.