The following issues were found

drivers/media/i2c/video-i2c.c
2 issues
syntax error
Error

Line: 193 

              	unsigned int n, idx;

	for (n = 0; n < data->chip->num_frame_intervals - 1; n++) {
		if (V4L2_FRACT_COMPARE(data->frame_interval, ==,
				       data->chip->frame_intervals[n]))
			break;
	}

	idx = data->chip->num_frame_intervals - n - 1;

Reported by Cppcheck.

sprintf - Does not check for buffer overflows
Security

Line: 572 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	strscpy(vcap->driver, data->v4l2_dev.name, sizeof(vcap->driver));
	strscpy(vcap->card, data->vdev.name, sizeof(vcap->card));

	sprintf(vcap->bus_info, "I2C:%d-%d", client->adapter->nr, client->addr);

	return 0;
}

static int video_i2c_g_input(struct file *file, void *fh, unsigned int *inp)

Reported by FlawFinder.

drivers/mtd/nand/raw/tmio_nand.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 119 Column: 7 CWE codes: 120 20 

              	unsigned int irq;

	/* for tmio_nand_read_byte */
	u8			read;
	unsigned read_good:1;
};

static inline struct tmio_nand *mtd_to_tmio(struct mtd_info *mtd)
{

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 230 Column: 16 CWE codes: 120 20 

              	unsigned int data;

	if (tmio->read_good--)
		return tmio->read;

	data = tmio_ioread16(tmio->fcr + FCR_DATA);
	tmio->read = data >> 8;
	return data;
}

Reported by FlawFinder.

drivers/media/dvb-frontends/dibx000_common.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 312 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	mst->msg[0].buf = &mst->i2c_write_buffer[0];
	mst->msg[0].len = 4;

	memcpy(&mst->msg[1], msg, sizeof(struct i2c_msg) * num);

	/* close the gate */
	dibx000_i2c_gate_ctrl(mst, &mst->i2c_write_buffer[4], 0, 0);
	mst->msg[num + 1].addr = mst->i2c_addr;
	mst->msg[num + 1].buf = &mst->i2c_write_buffer[4];

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 358 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	mst->msg[0].buf = &mst->i2c_write_buffer[0];
	mst->msg[0].len = 4;

	memcpy(&mst->msg[1], msg, sizeof(struct i2c_msg) * num);

	/* close the gate */
	dibx000_i2c_gate_ctrl(mst, &mst->i2c_write_buffer[4], 0, 0);
	mst->msg[num + 1].addr = mst->i2c_addr;
	mst->msg[num + 1].buf = &mst->i2c_write_buffer[4];

Reported by FlawFinder.

drivers/media/dvb-frontends/dib7000p.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2745 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (st == NULL)
		return NULL;

	memcpy(&st->cfg, cfg, sizeof(struct dib7000p_config));
	st->i2c_adap = i2c_adap;
	st->i2c_addr = i2c_addr;
	st->gpio_val = cfg->gpio_val;
	st->gpio_dir = cfg->gpio_dir;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2759 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	demod = &st->demod;
	demod->demodulator_priv = st;
	memcpy(&st->demod.ops, &dib7000p_ops, sizeof(struct dvb_frontend_ops));
	mutex_init(&st->i2c_buffer_lock);

	dib7000p_write_word(st, 1287, 0x0003);	/* sram lead in, rdy */

	if (dib7000p_identify(st) != 0)

Reported by FlawFinder.

drivers/media/dvb-frontends/dib7000m.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1410 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (st == NULL)
		return NULL;

	memcpy(&st->cfg, cfg, sizeof(struct dib7000m_config));
	st->i2c_adap = i2c_adap;
	st->i2c_addr = i2c_addr;

	demod                   = &st->demod;
	demod->demodulator_priv = st;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1416 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	demod                   = &st->demod;
	demod->demodulator_priv = st;
	memcpy(&st->demod.ops, &dib7000m_ops, sizeof(struct dvb_frontend_ops));
	mutex_init(&st->i2c_buffer_lock);

	st->timf_default = cfg->bw->timf;

	if (dib7000m_identify(st) != 0)

Reported by FlawFinder.

drivers/mtd/nand/raw/vf610_nfc.c
2 issues
syntax error
Error

Line: 473 

              		NAND_OP_PARSER_PAT_ADDR_ELEM(true, 5),
		NAND_OP_PARSER_PAT_CMD_ELEM(true),
		NAND_OP_PARSER_PAT_WAITRDY_ELEM(true),
		NAND_OP_PARSER_PAT_DATA_IN_ELEM(true, PAGE_2K + OOB_MAX)),
	);

/*
 * This function supports Vybrid only (MPC5125 would have full RB and four CS)
 */

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 237 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		for (i = 0; i < len; i += 4) {
			u32 val = swab32(__raw_readl(src + i));

			memcpy(dst + i, &val, min(sizeof(val), len - i));
		}
	} else {
		memcpy_fromio(dst, src, len);
	}
}

Reported by FlawFinder.

drivers/media/dvb-frontends/dib3000mb.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 755 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	/* setup the state */
	state->i2c = i2c;
	memcpy(&state->config,config,sizeof(struct dib3000_config));

	/* check for the correct demod */
	if (rd(DIB3000_REG_MANUFACTOR_ID) != DIB3000_I2C_ID_DIBCOM)
		goto error;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 765 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto error;

	/* create dvb_frontend */
	memcpy(&state->frontend.ops, &dib3000mb_ops, sizeof(struct dvb_frontend_ops));
	state->frontend.demodulator_priv = state;

	/* set the xfer operations */
	xfer_ops->pid_parse = dib3000mb_pid_parse;
	xfer_ops->fifo_ctrl = dib3000mb_fifo_control;

Reported by FlawFinder.

drivers/media/platform/sti/delta/delta-ipc.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 72 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct delta_ipc_header_msg header;
	u32 ipc_buf_size;
	dma_addr_t ipc_buf_paddr;
	char name[32];
	u32 param_size;
	dma_addr_t param_paddr;
};

struct delta_ipc_set_stream_msg {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 182 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	msg.name[sizeof(msg.name) - 1] = 0;

	msg.param_size = param->size;
	memcpy(ctx->ipc_buf->vaddr, param->data, msg.param_size);
	msg.param_paddr = ctx->ipc_buf->paddr;

	/* send it */
	ret = rpmsg_send(rpmsg_device->ept, &msg, sizeof(msg));
	if (ret) {

Reported by FlawFinder.

drivers/net/ethernet/broadcom/bnxt/bnxt_vfr.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 36 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
	bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_CFA_VFR_ALLOC, -1, -1);
	req.vf_id = cpu_to_le16(vf_idx);
	sprintf(req.vfr_name, "vfr%d", vf_idx);

	mutex_lock(&bp->hwrm_cmd_lock);
	rc = _hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT);
	if (!rc) {
		*tx_cfa_action = le16_to_cpu(resp->tx_cfa_action);

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 59 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	int rc;

	bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_CFA_VFR_FREE, -1, -1);
	sprintf(req.vfr_name, "vfr%d", vf_idx);

	rc = hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT);
	if (rc)
		netdev_info(bp->dev, "%s error rc=%d\n", __func__, rc);
	return rc;

Reported by FlawFinder.

drivers/media/dvb-frontends/dib0090.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2628 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto free_mem;

	pr_info("DiB0090: successfully identified\n");
	memcpy(&fe->ops.tuner_ops, &dib0090_ops, sizeof(struct dvb_tuner_ops));

	return fe;
 free_mem:
	kfree(st);
	fe->tuner_priv = NULL;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2655 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto free_mem;

	dprintk("DiB0090 FW: successfully identified\n");
	memcpy(&fe->ops.tuner_ops, &dib0090_fw_ops, sizeof(struct dvb_tuner_ops));

	return fe;
free_mem:
	kfree(st);
	fe->tuner_priv = NULL;

Reported by FlawFinder.