The following issues were found

drivers/media/test-drivers/vivid/vivid-rds-gen.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 34 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	bool			ta;
	bool			tp;
	bool			ms;
	char			psname[8 + 1];
	char			radiotext[64 + 1];
};

void vivid_rds_gen_fill(struct vivid_rds_gen *rds, unsigned freq,
		    bool use_alternate);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 35 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	bool			tp;
	bool			ms;
	char			psname[8 + 1];
	char			radiotext[64 + 1];
};

void vivid_rds_gen_fill(struct vivid_rds_gen *rds, unsigned freq,
		    bool use_alternate);
void vivid_rds_generate(struct vivid_rds_gen *rds);

Reported by FlawFinder.

drivers/media/tuners/tda18250.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 751 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct dvb_frontend *fe = cfg->fe;
	struct tda18250_dev *dev;
	int ret;
	unsigned char chip_id[3];

	/* some registers are always read from HW */
	static const struct regmap_range tda18250_yes_ranges[] = {
		regmap_reg_range(R05_POWER1, R0B_IRQ4),
		regmap_reg_range(R21_IF_AGC, R21_IF_AGC),

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 845 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	fe->tuner_priv = client;
	memcpy(&fe->ops.tuner_ops, &tda18250_ops,
			sizeof(struct dvb_tuner_ops));

	/* put the tuner in standby */
	tda18250_power_control(fe, TDA18250_POWER_STANDBY);

Reported by FlawFinder.

drivers/media/tuners/tda18271-common.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 142 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct tda18271_priv *priv = fe->tuner_priv;
	unsigned char *regs = priv->tda18271_regs;
	unsigned char regdump[TDA18271_NUM_REGS];
	unsigned char buf = 0x00;
	int ret, i;
	struct i2c_msg msg[] = {
		{ .addr = priv->i2c_props.addr, .flags = 0,
		  .buf = &buf, .len = 1 },

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 183 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct tda18271_priv *priv = fe->tuner_priv;
	unsigned char *regs = priv->tda18271_regs;
	unsigned char buf[TDA18271_NUM_REGS + 1];
	struct i2c_msg msg = { .addr = priv->i2c_props.addr, .flags = 0,
			       .buf = buf };
	int i, ret = 1, max;

	BUG_ON((len == 0) || (idx + len > sizeof(buf)));

Reported by FlawFinder.

drivers/media/tuners/tda18271-fe.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1081 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		map->std_cfg.agc_mode + map->std_cfg.std +		\
		map->std_cfg.if_lvl + map->std_cfg.rfagc_top > 0) {	\
		tda_dbg("Using custom std config for %s\n", name);	\
		memcpy(&std->std_cfg, &map->std_cfg,			\
			sizeof(struct tda18271_std_map_item));		\
	} } while (0)

#define tda18271_dump_std_item(std_cfg, name) do {			\
	tda_dbg("(%s) if_freq = %d, agc_mode = %d, std = %d, "		\

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1326 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	mutex_unlock(&tda18271_list_mutex);

	memcpy(&fe->ops.tuner_ops, &tda18271_tuner_ops,
	       sizeof(struct dvb_tuner_ops));

	if (tda18271_debug & (DBG_MAP | DBG_ADV))
		tda18271_dump_std_map(fe);

Reported by FlawFinder.

drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 42 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               * we remain in that state as we cannot control a connection while it's in
 * SYN_SENT; such connections are allowed to establish and are then aborted.
 */
static unsigned char new_state[16] = {
	/* current state:     new state:      action: */
	/* (Invalid)       */ TCP_CLOSE,
	/* TCP_ESTABLISHED */ TCP_FIN_WAIT1 | TCP_ACTION_FIN,
	/* TCP_SYN_SENT    */ TCP_SYN_SENT,
	/* TCP_SYN_RECV    */ TCP_FIN_WAIT1 | TCP_ACTION_FIN,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1202 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		struct ipv6_pinfo *np = inet6_sk(lsk);

		inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
		memcpy(newnp, np, sizeof(struct ipv6_pinfo));
		newsk->sk_v6_daddr = treq->ir_v6_rmt_addr;
		newsk->sk_v6_rcv_saddr = treq->ir_v6_loc_addr;
		inet6_sk(newsk)->saddr = treq->ir_v6_loc_addr;
		newnp->ipv6_fl_list = NULL;
		newnp->pktoptions = NULL;

Reported by FlawFinder.

drivers/media/tuners/tda18271-priv.h
2 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 131 Column: 23 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #define DBG_ADV  8
#define DBG_CAL  16

__attribute__((format(printf, 4, 5)))
void _tda_printk(struct tda18271_priv *state, const char *level,
		 const char *func, const char *fmt, ...);

#define tda_printk(st, lvl, fmt, arg...)			\
	_tda_printk(st, lvl, __func__, fmt, ##arg)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 92 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };

struct tda18271_priv {
	unsigned char tda18271_regs[TDA18271_NUM_REGS];

	struct list_head	hybrid_tuner_instance_list;
	struct tuner_i2c_props	i2c_props;

	enum tda18271_mode mode;

Reported by FlawFinder.

drivers/memory/tegra/tegra210-emc.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 804 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct tegra210_emc_timing {
	u32 revision;
	const char dvfs_ver[60];
	u32 rate;
	u32 min_volt;
	u32 gpu_min_volt;
	const char clock_src[32];
	u32 clk_src_emc;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 808 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u32 rate;
	u32 min_volt;
	u32 gpu_min_volt;
	const char clock_src[32];
	u32 clk_src_emc;
	u32 needs_training;
	u32 training_pattern;
	u32 trained;

Reported by FlawFinder.

drivers/misc/mei/hw-me.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 585 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (rem > 0) {
		u32 reg = 0;

		memcpy(&reg, (const u8 *)data + data_len - rem, rem);
		mei_me_hcbww_write(dev, reg);
	}

	mei_hcsr_set_hig(dev);
	if (!mei_me_hw_is_ready(dev))

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 643 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (buffer_length > 0) {
		u32 reg = mei_me_mecbrw_read(dev);

		memcpy(reg_buf, &reg, buffer_length);
	}

	mei_hcsr_set_hig(dev);
	return 0;
}

Reported by FlawFinder.

drivers/media/test-drivers/vivid/vivid-cec.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 231 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct cec_msg reply;
	u8 dest = cec_msg_destination(msg);
	u8 disp_ctl;
	char osd[14];

	if (cec_msg_is_broadcast(msg))
		dest = adap->log_addrs.log_addr[0];
	cec_msg_init(&reply, dest, cec_msg_initiator(msg));

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 280 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              					 bool is_source)
{
	u32 caps = CEC_CAP_DEFAULTS | CEC_CAP_MONITOR_ALL | CEC_CAP_MONITOR_PIN;
	char name[32];

	snprintf(name, sizeof(name), "vivid-%03d-vid-%s%d",
		 dev->inst, is_source ? "out" : "cap", idx);
	return cec_allocate_adapter(&vivid_cec_adap_ops, dev,
		name, caps, 1);

Reported by FlawFinder.

drivers/media/i2c/ov8865.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1296 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int ov8865_read(struct ov8865_sensor *sensor, u16 address, u8 *value)
{
	unsigned char data[2] = { address >> 8, address & 0xff };
	struct i2c_client *client = sensor->i2c_client;
	int ret;

	ret = i2c_master_send(client, data, sizeof(data));
	if (ret < 0) {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1319 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int ov8865_write(struct ov8865_sensor *sensor, u16 address, u8 value)
{
	unsigned char data[3] = { address >> 8, address & 0xff, value };
	struct i2c_client *client = sensor->i2c_client;
	int ret;

	ret = i2c_master_send(client, data, sizeof(data));
	if (ret < 0) {

Reported by FlawFinder.