The following issues were found

drivers/gpio/gpio-mockup.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 267 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct seq_file *sfile;
	struct gpio_chip *gc;
	int val, cnt;
	char buf[3];

	if (*ppos != 0)
		return 0;

	sfile = file->private_data;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 512 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct platform_device_info pdevinfo;
	struct platform_device *pdev;
	char **line_names = NULL;
	char chip_label[32];
	int prop = 0, base;
	u16 ngpio;

	memset(properties, 0, sizeof(properties));
	memset(&pdevinfo, 0, sizeof(pdevinfo));

Reported by FlawFinder.

drivers/atm/he.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 257 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned int irq;
	void __iomem *membase;

	char prod_id[30];
	char mac_addr[6];
	int media;

	unsigned int vcibits, vpibits;
	unsigned int cells_per_row;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 258 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	void __iomem *membase;

	char prod_id[30];
	char mac_addr[6];
	int media;

	unsigned int vcibits, vpibits;
	unsigned int cells_per_row;
	unsigned int bytes_per_row;

Reported by FlawFinder.

crypto/cts.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 208 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	crypto_xor(d + bsize, d, lastn);

	/* 5. Append the tail (BB - Ln) bytes of Xn to Cn to create En */
	memcpy(d + lastn, d + bsize + lastn, bsize - lastn);
	/* 6. Decrypt En to create Pn-1 */

	scatterwalk_map_and_copy(d, sg, 0, bsize + lastn, 1);
	memzero_explicit(d, sizeof(d));

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 271 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	rctx->offset = offset;

	if (offset <= bsize)
		memcpy(space, req->iv, bsize);
	else
		scatterwalk_map_and_copy(space, req->src, offset - 2 * bsize,
					 bsize, 0);

	skcipher_request_set_crypt(subreq, req->src, req->dst,

Reported by FlawFinder.

drivers/accessibility/speakup/spk_ttyio.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 159 Column: 16 CWE codes: 362 

              	if (IS_ERR(tty))
		return PTR_ERR(tty);

	if (tty->ops->open)
		ret = tty->ops->open(tty, NULL);
	else
		ret = -ENODEV;

	if (ret) {

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 160 Column: 19 CWE codes: 362 

              		return PTR_ERR(tty);

	if (tty->ops->open)
		ret = tty->ops->open(tty, NULL);
	else
		ret = -ENODEV;

	if (ret) {
		tty_unlock(tty);

Reported by FlawFinder.

drivers/gpio/gpiolib.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 3661 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              					 const char *label)
{
	struct gpio_desc *desc;
	char prop_name[32]; /* 32 is max size of property name */
	unsigned int i;

	for (i = 0; i < ARRAY_SIZE(gpio_suffixes); i++) {
		if (con_id)
			snprintf(prop_name, sizeof(prop_name), "%s-%s",

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 4101 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				return ERR_PTR(-ENOMEM);
			}

			memcpy(array, descs,
			       struct_size(descs, desc, descs->ndescs + 1));
			kfree(descs);

			descs = array;
			array_info = (void *)(descs->desc + count);

Reported by FlawFinder.

drivers/gpu/drm/drm_drv.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 1013 Column: 18 CWE codes: 362 

              	}

	replace_fops(filp, new_fops);
	if (filp->f_op->open)
		err = filp->f_op->open(inode, filp);
	else
		err = 0;

out:

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 1014 Column: 21 CWE codes: 362 

              
	replace_fops(filp, new_fops);
	if (filp->f_op->open)
		err = filp->f_op->open(inode, filp);
	else
		err = 0;

out:
	drm_minor_release(minor);

Reported by FlawFinder.

drivers/acpi/ec_sys.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 113 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void acpi_ec_add_debugfs(struct acpi_ec *ec, unsigned int ec_device_count)
{
	struct dentry *dev_dir;
	char name[64];
	umode_t mode = 0400;

	if (ec_device_count == 0)
		acpi_ec_debugfs_dir = debugfs_create_dir("ec", NULL);

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 119 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (ec_device_count == 0)
		acpi_ec_debugfs_dir = debugfs_create_dir("ec", NULL);

	sprintf(name, "ec%u", ec_device_count);
	dev_dir = debugfs_create_dir(name, acpi_ec_debugfs_dir);

	debugfs_create_x32("gpe", 0444, dev_dir, &first_ec->gpe);
	debugfs_create_bool("use_global_lock", 0444, dev_dir,
			    &first_ec->global_lock);

Reported by FlawFinder.

drivers/clocksource/mmio.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 51 Column: 8 CWE codes: 120 20 

               */
int __init clocksource_mmio_init(void __iomem *base, const char *name,
	unsigned long hz, int rating, unsigned bits,
	u64 (*read)(struct clocksource *))
{
	struct clocksource_mmio *cs;

	if (bits > 64 || bits < 16)
		return -EINVAL;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 65 Column: 20 CWE codes: 120 20 

              	cs->reg = base;
	cs->clksrc.name = name;
	cs->clksrc.rating = rating;
	cs->clksrc.read = read;
	cs->clksrc.mask = CLOCKSOURCE_MASK(bits);
	cs->clksrc.flags = CLOCK_SOURCE_IS_CONTINUOUS;

	return clocksource_register_hz(&cs->clksrc, hz);
}

Reported by FlawFinder.

drivers/crypto/marvell/cesa/tdma.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 380 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
		if (to_sram) {
			if (engine->pool)
				memcpy(engine->sram_pool + sram_off + offset,
				       miter.addr, len);
			else
				memcpy_toio(engine->sram + sram_off + offset,
					    miter.addr, len);
		} else {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 387 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              					    miter.addr, len);
		} else {
			if (engine->pool)
				memcpy(miter.addr,
				       engine->sram_pool + sram_off + offset,
				       len);
			else
				memcpy_fromio(miter.addr,
					      engine->sram + sram_off + offset,

Reported by FlawFinder.

drivers/clocksource/sh_mtu2.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 342 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int sh_mtu2_setup_channel(struct sh_mtu2_channel *ch, unsigned int index,
				 struct sh_mtu2_device *mtu)
{
	char name[6];
	int irq;
	int ret;

	ch->mtu = mtu;

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 348 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
	ch->mtu = mtu;

	sprintf(name, "tgi%ua", index);
	irq = platform_get_irq_byname(mtu->pdev, name);
	if (irq < 0) {
		/* Skip channels with no declared interrupt. */
		return 0;
	}

Reported by FlawFinder.