The following issues were found

drivers/media/i2c/ov7670.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 545 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct i2c_client *client = v4l2_get_subdevdata(sd);
	struct i2c_msg msg;
	unsigned char data[2] = { reg, value };
	int ret;

	msg.addr = client->addr;
	msg.flags = 0;
	msg.len = 2;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1381 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (hue != 0) {
		int sinth, costh, tmpmatrix[CMATRIX_LEN];

		memcpy(tmpmatrix, matrix, CMATRIX_LEN*sizeof(int));
		sinth = ov7670_sine(hue);
		costh = ov7670_cosine(hue);

		matrix[0] = (matrix[3]*sinth + matrix[0]*costh)/1000;
		matrix[1] = (matrix[4]*sinth + matrix[1]*costh)/1000;

Reported by FlawFinder.

drivers/net/ethernet/chelsio/cxgb/pm3393.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 495 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
static int pm3393_macaddress_get(struct cmac *cmac, u8 mac_addr[6])
{
	memcpy(mac_addr, cmac->instance->mac_addr, ETH_ALEN);
	return 0;
}

static int pm3393_macaddress_set(struct cmac *cmac, u8 ma[6])
{

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 522 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	 */

	/* Store local copy */
	memcpy(cmac->instance->mac_addr, ma, ETH_ALEN);

	lo  = ((u32) ma[1] << 8) | (u32) ma[0];
	mid = ((u32) ma[3] << 8) | (u32) ma[2];
	hi  = ((u32) ma[5] << 8) | (u32) ma[4];

Reported by FlawFinder.

drivers/net/ethernet/dec/tulip/xircom_cb.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 88 Column: 6 CWE codes: 362 

              	struct sk_buff *tx_skb[4];

	void __iomem *ioaddr;
	int open;

	/* transmit_used is the rotating counter that indicates which transmit
	   descriptor has to be used next */
	int transmit_used;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 158 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void print_binary(unsigned int number)
{
	int i,i2;
	char buffer[64];
	memset(buffer,0,64);
	i2=0;
	for (i=31;i>=0;i--) {
		if (number & (1<<i))
			buffer[i2++]='1';

Reported by FlawFinder.

drivers/mtd/ubi/cdev.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 754 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		}

		re->new_name_len = name_len;
		memcpy(re->new_name, name, name_len);
		list_add_tail(&re->list, &rename_list);
		dbg_gen("will rename volume %d from \"%s\" to \"%s\"",
			vol_id, re->desc->vol->name, name);
	}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 702 Column: 7 CWE codes: 126 

              		if (req->ents[i].name_len > UBI_VOL_NAME_MAX)
			return -ENAMETOOLONG;
		req->ents[i].name[req->ents[i].name_len] = '\0';
		n = strlen(req->ents[i].name);
		if (n != req->ents[i].name_len)
			return -EINVAL;
	}

	/* Make sure volume IDs and names are unique */

Reported by FlawFinder.

drivers/media/i2c/ov5648.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 968 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int ov5648_read(struct ov5648_sensor *sensor, u16 address, u8 *value)
{
	unsigned char data[2] = { address >> 8, address & 0xff };
	struct i2c_client *client = sensor->i2c_client;
	int ret;

	ret = i2c_master_send(client, data, sizeof(data));
	if (ret < 0) {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 991 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int ov5648_write(struct ov5648_sensor *sensor, u16 address, u8 value)
{
	unsigned char data[3] = { address >> 8, address & 0xff, value };
	struct i2c_client *client = sensor->i2c_client;
	int ret;

	ret = i2c_master_send(client, data, sizeof(data));
	if (ret < 0) {

Reported by FlawFinder.

drivers/media/i2c/ov2740.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1048 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	mutex_lock(&ov2740->mutex);

	if (nvm->nvm_buffer) {
		memcpy(val, nvm->nvm_buffer + off, count);
		goto exit;
	}

	ret = pm_runtime_resume_and_get(dev);
	if (ret < 0) {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1059 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	ret = ov2740_load_otp_data(nvm);
	if (!ret)
		memcpy(val, nvm->nvm_buffer + off, count);

	pm_runtime_put(dev);
exit:
	mutex_unlock(&ov2740->mutex);
	return ret;

Reported by FlawFinder.

drivers/media/pci/saa7134/saa7134-input.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 296 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			      u32 *scancode, u8 *toggle)
{
	int rc;
	unsigned char data[12];
	u32 gpio;

	struct saa7134_dev *dev = ir->c->adapter->algo_data;

	/* rising SAA7134_GPIO_GPRESCAN reads the status */

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 337 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			    int marker, int code_modulo)
{
	int rc;
	unsigned char b[4];
	unsigned int start = 0,parity = 0,code = 0;

	/* poll IR chip */
	rc = i2c_master_recv(ir->c, b, 4);
	if (rc != 4) {

Reported by FlawFinder.

drivers/media/i2c/imx208.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 298 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	/* OTP data */
	bool otp_read;
	char otp_data[IMX208_OTP_SIZE];
};

static inline struct imx208 *to_imx208(struct v4l2_subdev *_sd)
{
	return container_of(_sd, struct imx208, sd);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 855 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (ret)
		return ret;

	memcpy(buf, &imx208->otp_data[off], count);
	return count;
}

static const BIN_ATTR_RO(otp, IMX208_OTP_SIZE);

Reported by FlawFinder.

drivers/media/common/siano/smscoreapi.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 126 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int				buffer_size;
	int				num_buffers;

	char			devpath[32];
	unsigned long	flags;

	setmode_t		setmode_handler;
	detectmode_t	detectmode_handler;
	sendrequest_t	sendrequest_handler;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 166 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct device *device;
	struct usb_device *usb_device;

	char devpath[32];
	unsigned long device_flags;

	setmode_t setmode_handler;
	detectmode_t detectmode_handler;
	sendrequest_t sendrequest_handler;

Reported by FlawFinder.

drivers/media/i2c/cx25840/cx25840-ir.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 715 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return -ENODEV;

	mutex_lock(&ir_state->rx_params_lock);
	memcpy(p, &ir_state->rx_params,
				      sizeof(struct v4l2_subdev_ir_parameters));
	mutex_unlock(&ir_state->rx_params_lock);
	return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 905 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		return -ENODEV;

	mutex_lock(&ir_state->tx_params_lock);
	memcpy(p, &ir_state->tx_params,
				      sizeof(struct v4l2_subdev_ir_parameters));
	mutex_unlock(&ir_state->tx_params_lock);
	return 0;
}

Reported by FlawFinder.