The following issues were found

drivers/gnss/sirf.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 50 Column: 7 CWE codes: 362 

              	bool active;

	struct mutex gdev_mutex;
	bool open;

	struct mutex serdev_mutex;
	int serdev_count;

	wait_queue_head_t power_wait;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 176 Column: 12 CWE codes: 362 

              	}

	mutex_lock(&data->gdev_mutex);
	if (data->open)
		ret = gnss_insert_raw(gdev, buf, count);
	mutex_unlock(&data->gdev_mutex);

	return ret;
}

Reported by FlawFinder.

drivers/gpio/gpio-104-idi-48.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 49 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct gpio_chip chip;
	raw_spinlock_t lock;
	spinlock_t ack_lock;
	unsigned char irq_mask[6];
	unsigned base;
	unsigned char cos_enb;
};

static int idi_48_gpio_get_direction(struct gpio_chip *chip, unsigned offset)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 237 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              }

#define IDI48_NGPIO 48
static const char *idi48_names[IDI48_NGPIO] = {
	"Bit 0 A", "Bit 1 A", "Bit 2 A", "Bit 3 A", "Bit 4 A", "Bit 5 A",
	"Bit 6 A", "Bit 7 A", "Bit 8 A", "Bit 9 A", "Bit 10 A", "Bit 11 A",
	"Bit 12 A", "Bit 13 A", "Bit 14 A", "Bit 15 A",	"Bit 16 A", "Bit 17 A",
	"Bit 18 A", "Bit 19 A", "Bit 20 A", "Bit 21 A", "Bit 22 A", "Bit 23 A",
	"Bit 0 B", "Bit 1 B", "Bit 2 B", "Bit 3 B", "Bit 4 B", "Bit 5 B",

Reported by FlawFinder.

drivers/gpu/drm/arm/display/komeda/komeda_event.c
2 issues
vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 33 Column: 8 CWE codes: 134
Suggestion: Use a constant for the format specification 

              
	va_start(args, fmt);

	num = vsnprintf(str->str + str->len, free_sz, fmt, args);

	va_end(args);

	if (num < free_sz) {
		str->len += num;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 136 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		print_evts |= KOMEDA_INFO_EVENTS;

	if (evts_mask & print_evts) {
		char msg[256];
		struct komeda_str str;
		struct drm_printer p = drm_info_printer(dev->dev);

		str.str = msg;
		str.sz  = sizeof(msg);

Reported by FlawFinder.

drivers/gpio/gpio-aggregator.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 124 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!aggr)
		return -ENOMEM;

	memcpy(aggr->args, buf, count + 1);

	aggr->lookups = kzalloc(struct_size(aggr->lookups, table, 1),
				GFP_KERNEL);
	if (!aggr->lookups) {
		res = -ENOMEM;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 199 Column: 27 CWE codes: 126 

              	if (!str_has_prefix(buf, DRV_NAME "."))
		return -EINVAL;

	error = kstrtouint(buf + strlen(DRV_NAME "."), 10, &id);
	if (error)
		return error;

	mutex_lock(&gpio_aggregator_lock);
	aggr = idr_remove(&gpio_aggregator_idr, id);

Reported by FlawFinder.

drivers/acpi/fan.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 56 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u64 speed;
	u64 noise_level;
	u64 power;
	char name[ACPI_FPS_NAME_LEN];
	struct device_attribute dev_attr;
};

struct acpi_fan_fif {
	u64 revision;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 408 Column: 38 CWE codes: 126 

              		}
	}

	if (!strncmp(pdev->name, "PNP0C0B", strlen("PNP0C0B")))
		name = "Fan";
	else
		name = acpi_device_bid(device);

	cdev = thermal_cooling_device_register(name, device,

Reported by FlawFinder.

drivers/acpi/evged.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 82 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct resource r;
	struct acpi_resource_irq *p = &ares->data.irq;
	struct acpi_resource_extended_irq *pext = &ares->data.extended_irq;
	char ev_name[5];
	u8 trigger;

	if (ares->type == ACPI_RESOURCE_TYPE_END_TAG)
		return AE_OK;

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 104 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
	switch (gsi) {
	case 0 ... 255:
		sprintf(ev_name, "_%c%02X",
			trigger == ACPI_EDGE_SENSITIVE ? 'E' : 'L', gsi);

		if (ACPI_SUCCESS(acpi_get_handle(handle, ev_name, &evt_handle)))
			break;
		fallthrough;

Reported by FlawFinder.

drivers/gpio/gpio-exar.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 32 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct gpio_chip gpio_chip;
	struct regmap *regmap;
	int index;
	char name[20];
	unsigned int first_pin;
};

static unsigned int
exar_offset_to_sel_addr(struct exar_gpio_chip *exar_gpio, unsigned int offset)

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 172 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (ret)
		return ret;

	sprintf(exar_gpio->name, "exar_gpio%d", index);
	exar_gpio->gpio_chip.label = exar_gpio->name;
	exar_gpio->gpio_chip.parent = dev;
	exar_gpio->gpio_chip.direction_output = exar_direction_output;
	exar_gpio->gpio_chip.direction_input = exar_direction_input;
	exar_gpio->gpio_chip.get_direction = exar_get_direction;

Reported by FlawFinder.

drivers/acpi/acpi_extlog.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 98 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	static atomic_t seqno;
	unsigned int curr_seqno;
	char pfx_seq[64];

	if (!pfx) {
		if (estatus->error_severity <= CPER_SEV_CORRECTED)
			pfx = KERN_INFO;
		else

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 150 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (estatus == NULL || (mce->kflags & MCE_HANDLED_CEC))
		return NOTIFY_DONE;

	memcpy(elog_buf, (void *)estatus, ELOG_ENTRY_LEN);
	/* clear record status to enable BIOS to update it again */
	estatus->block_status = 0;

	tmp = (struct acpi_hest_generic_status *)elog_buf;

Reported by FlawFinder.

drivers/acpi/ac.c
2 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 247 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              		return -ENOMEM;

	ac->device = device;
	strcpy(acpi_device_name(device), ACPI_AC_DEVICE_NAME);
	strcpy(acpi_device_class(device), ACPI_AC_CLASS);
	device->driver_data = ac;

	result = acpi_ac_get_state(ac);
	if (result)

Reported by FlawFinder.

strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 248 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              
	ac->device = device;
	strcpy(acpi_device_name(device), ACPI_AC_DEVICE_NAME);
	strcpy(acpi_device_class(device), ACPI_AC_CLASS);
	device->driver_data = ac;

	result = acpi_ac_get_state(ac);
	if (result)
		goto end;

Reported by FlawFinder.

drivers/crypto/keembay/keembay-ocs-aes-core.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 177 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (ret)
		return ret;

	memcpy(tctx->key, in_key, key_len);
	tctx->key_len = key_len;
	tctx->cipher = cipher;

	return 0;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 580 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		}
		/* CBC decrypt case. */
		if (rctx->in_place)
			memcpy(req->iv, rctx->last_ct_blk, iv_size);
		else
			scatterwalk_map_and_copy(req->iv, req->src,
						 req->cryptlen - iv_size,
						 iv_size, 0);
		return 0;

Reported by FlawFinder.