The following issues were found

drivers/media/cec/platform/s5p/exynos_hdmi_cecctrl.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 198 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              void s5p_cec_get_rx_buf(struct s5p_cec_dev *cec, u32 size, u8 *buffer)
{
	u32 i = 0;
	char debug[40];

	while (i < size) {
		buffer[i] = readb(cec->reg + S5P_CEC_RX_BUFF0 + (i * 4));
		sprintf(debug + i * 2, "%02x ", buffer[i]);
		i++;

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 202 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
	while (i < size) {
		buffer[i] = readb(cec->reg + S5P_CEC_RX_BUFF0 + (i * 4));
		sprintf(debug + i * 2, "%02x ", buffer[i]);
		i++;
	}
	dev_dbg(cec->dev, "cec-rx: cec size(%d): %s", size, debug);
}

Reported by FlawFinder.

drivers/media/v4l2-core/v4l2-subdev.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 79 Column: 44 CWE codes: 362 

              	}
#endif

	if (sd->internal_ops && sd->internal_ops->open) {
		ret = sd->internal_ops->open(sd, subdev_fh);
		if (ret < 0)
			goto err;
	}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 80 Column: 27 CWE codes: 362 

              #endif

	if (sd->internal_ops && sd->internal_ops->open) {
		ret = sd->internal_ops->open(sd, subdev_fh);
		if (ret < 0)
			goto err;
	}

	return 0;

Reported by FlawFinder.

drivers/net/ethernet/atheros/atlx/atlx.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 72 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!is_valid_ether_addr(addr->sa_data))
		return -EADDRNOTAVAIL;

	memcpy(netdev->dev_addr, addr->sa_data, netdev->addr_len);
	memcpy(adapter->hw.mac_addr, addr->sa_data, netdev->addr_len);

	atlx_set_mac_addr(&adapter->hw);
	return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 73 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return -EADDRNOTAVAIL;

	memcpy(netdev->dev_addr, addr->sa_data, netdev->addr_len);
	memcpy(adapter->hw.mac_addr, addr->sa_data, netdev->addr_len);

	atlx_set_mac_addr(&adapter->hw);
	return 0;
}

Reported by FlawFinder.

drivers/mtd/nand/raw/mxc_nand.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 932 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	n = min(n, len);

	memcpy(host->data_buf + col, buf, n);

	host->buf_start += n;
}

/* Read the data buffer from the NAND Flash. To read the data from NAND

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 951 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	n = min(n, len);

	memcpy(buf, host->data_buf + col, n);

	host->buf_start += n;
}

/* This function is used by upper layer for select and

Reported by FlawFinder.

drivers/mtd/nand/raw/mxic_nand.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 354 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			nbytes = 4;

		if (txbuf)
			memcpy(&data, txbuf + pos, nbytes);

		ret = readl_poll_timeout(nfc->regs + INT_STS, sts,
					 sts & INT_TX_EMPTY, 0, USEC_PER_SEC);
		if (ret)
			return ret;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 377 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		data = readl(nfc->regs + RXD);
		if (rxbuf) {
			data >>= (8 * (4 - nbytes));
			memcpy(rxbuf + pos, &data, nbytes);
		}
		if (readl(nfc->regs + INT_STS) & INT_RX_NOT_EMPTY)
			dev_warn(nfc->dev, "RX FIFO not empty\n");

		pos += nbytes;

Reported by FlawFinder.

drivers/media/pci/bt8xx/bttv-input.c
2 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 188 Column: 22 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              	struct bttv_ir *ir = from_timer(ir, t, timer);
	ktime_t tv;
	u32 gap, rc5, scancode;
	u8 toggle, command, system;

	/* get time */
	tv = ktime_get();

	gap = ktime_to_us(ktime_sub(tv, ir->base_time));

Reported by FlawFinder.

system - This causes a new program to execute and is difficult to use safely
Security

Line: 230 Column: 29 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              		return;
	}

	scancode = RC_SCANCODE_RC5(system, command);
	rc_keydown(ir->dev, RC_PROTO_RC5, scancode, toggle);
	dprintk("scancode %x, toggle %x\n", scancode, toggle);
}

static int bttv_rc5_irq(struct bttv *btv)

Reported by FlawFinder.

drivers/mtd/nand/raw/nand_bbt.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 829 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			/* Preset the buffer with 0xff */
			memset(buf, 0xff, len);
			/* Pattern is located at the begin of first page */
			memcpy(buf, td->pattern, td->len);
		} else {
			/* Calc length */
			len = (size_t)(numblocks >> sft);
			/* Make it page aligned! */
			len = ALIGN(len, mtd->writesize);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 841 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			offs = 0;
			ooboffs = len;
			/* Pattern is located in oob area of first page */
			memcpy(&buf[ooboffs + td->offs], td->pattern, td->len);
		}

		if (td->options & NAND_BBT_VERSION)
			buf[ooboffs + td->veroffs] = td->version[chip];

Reported by FlawFinder.

drivers/media/usb/stk1160/stk1160-video.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 164 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return;
	}

	memcpy(dst, src, lencopy);

	buf->bytesused += lencopy;
	buf->pos += lencopy;
	remain -= lencopy;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 206 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			return;
		}

		memcpy(dst, src, lencopy);
		remain -= lencopy;

		buf->bytesused += lencopy;
		buf->pos += lencopy;
	}

Reported by FlawFinder.

drivers/net/ethernet/broadcom/bgmac-bcma.c
2 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 90 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	char bus_id[MII_BUS_ID_SIZE + 3];

	/* Connect to the PHY */
	snprintf(bus_id, sizeof(bus_id), PHY_ID_FMT, bgmac->mii_bus->id,
		 bgmac->phyaddr);
	phy_dev = phy_connect(bgmac->net_dev, bus_id, bgmac_adjust_link,
			      PHY_INTERFACE_MODE_MII);
	if (IS_ERR(phy_dev)) {
		dev_err(bgmac->dev, "PHY connection failed\n");

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 87 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int bcma_phy_connect(struct bgmac *bgmac)
{
	struct phy_device *phy_dev;
	char bus_id[MII_BUS_ID_SIZE + 3];

	/* Connect to the PHY */
	snprintf(bus_id, sizeof(bus_id), PHY_ID_FMT, bgmac->mii_bus->id,
		 bgmac->phyaddr);
	phy_dev = phy_connect(bgmac->net_dev, bus_id, bgmac_adjust_link,

Reported by FlawFinder.

drivers/net/ethernet/broadcom/bgmac.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 946 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		u8 et_swtype = 0;
		u8 sw_type = BGMAC_CHIPCTL_1_SW_TYPE_EPHY |
			     BGMAC_CHIPCTL_1_IF_TYPE_MII;
		char buf[4];

		if (bcm47xx_nvram_getenv("et_swtype", buf, sizeof(buf)) > 0) {
			if (kstrtou8(buf, 0, &et_swtype))
				dev_err(bgmac->dev, "Failed to parse et_swtype (%s)\n",
					buf);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 969 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		u32 sw_type = BGMAC_CHIPCTL_4_IF_TYPE_MII |
			      BGMAC_CHIPCTL_4_SW_TYPE_EPHY;
		u8 et_swtype = 0;
		char buf[4];

		if (bcm47xx_nvram_getenv("et_swtype", buf, sizeof(buf)) > 0) {
			if (kstrtou8(buf, 0, &et_swtype))
				dev_err(bgmac->dev, "Failed to parse et_swtype (%s)\n",
					buf);

Reported by FlawFinder.