The following issues were found

drivers/leds/leds-lp55xx-common.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 168 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int max_channel = cfg->max_channel;
	struct mc_subled *mc_led_info;
	struct led_classdev *led_cdev;
	char name[32];
	int i, j = 0;
	int ret;

	if (chan >= max_channel) {
		dev_err(dev, "invalid channel: %d / %d\n", chan, max_channel);

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 279 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	struct lp55xx_led *led = i2c_get_clientdata(to_i2c_client(dev));
	struct lp55xx_chip *chip = led->chip;

	return sprintf(buf, "%d\n", chip->engine_idx);
}

static ssize_t select_engine_store(struct device *dev,
			     struct device_attribute *attr,
			     const char *buf, size_t len)

Reported by FlawFinder.

drivers/leds/leds-lp8501.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 209 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	u8 pattern[LP8501_PROGRAM_LENGTH] = {0};
	unsigned cmd;
	char c[3];
	int update_size;
	int nrchars;
	int offset = 0;
	int ret;
	int i;

Reported by FlawFinder.

sscanf - It's unclear if the %s limit in the format string is small enough
Security

Line: 223 Column: 9 CWE codes: 120
Suggestion: Check that the limit is sufficiently small, or use a different input function 

              	i = 0;
	while ((offset < size - 1) && (i < LP8501_PROGRAM_LENGTH)) {
		/* separate sscanfs because length is working only for %s */
		ret = sscanf(data + offset, "%2s%n ", c, &nrchars);
		if (ret != 1)
			goto err;

		ret = sscanf(c, "%2x", &cmd);
		if (ret != 1)

Reported by FlawFinder.

drivers/leds/trigger/ledtrig-pattern.c
2 issues
Possible null pointer dereference: buf
Error

Line: 253 CWE codes: 476 

              	unsigned int i;

	for (i = 0; i < count; i += 2) {
		data->patterns[data->npatterns].brightness = buf[i];
		data->patterns[data->npatterns].delta_t = buf[i + 1];
		data->npatterns++;
	}

	return 0;

Reported by Cppcheck.

Possible null pointer dereference: buf
Error

Line: 254 CWE codes: 476 

              
	for (i = 0; i < count; i += 2) {
		data->patterns[data->npatterns].brightness = buf[i];
		data->patterns[data->npatterns].delta_t = buf[i + 1];
		data->npatterns++;
	}

	return 0;
}

Reported by Cppcheck.

drivers/leds/trigger/ledtrig-timer.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 23 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              {
	struct led_classdev *led_cdev = led_trigger_get_led(dev);

	return sprintf(buf, "%lu\n", led_cdev->blink_delay_on);
}

static ssize_t led_delay_on_store(struct device *dev,
		struct device_attribute *attr, const char *buf, size_t size)
{

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 48 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              {
	struct led_classdev *led_cdev = led_trigger_get_led(dev);

	return sprintf(buf, "%lu\n", led_cdev->blink_delay_off);
}

static ssize_t led_delay_off_store(struct device *dev,
		struct device_attribute *attr, const char *buf, size_t size)
{

Reported by FlawFinder.

drivers/lightnvm/core.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 208 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto err_ch;

	/* Inherit device geometry from parent */
	memcpy(&tgt_dev->geo, &dev->geo, sizeof(struct nvm_geo));

	/* Target device only owns a portion of the physical device */
	tgt_dev->geo.num_ch = num_ch;
	tgt_dev->geo.num_lun = (lun_balanced) ? prev_num_lun : -1;
	tgt_dev->geo.all_luns = num_lun;

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 1261 Column: 3 CWE codes: 120 

              		tgt->version[0] = tt->version[0];
		tgt->version[1] = tt->version[1];
		tgt->version[2] = tt->version[2];
		strncpy(tgt->tgtname, tt->name, NVM_TTYPE_NAME_MAX);

		tgt_iter++;
	}

	info->tgtsize = tgt_iter;

Reported by FlawFinder.

drivers/lightnvm/pblk-rb.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 331 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				  struct pblk_w_ctx w_ctx,
				  struct pblk_rb_entry *entry)
{
	memcpy(entry->data, data, rb->seg_size);

	entry->w_ctx.lba = w_ctx.lba;
	entry->w_ctx.ppa = w_ctx.ppa;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 677 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto out;
	}
	data = bio_data(bio);
	memcpy(data, entry->data, rb->seg_size);

out:
	spin_unlock(&rb->w_lock);
	return ret;
}

Reported by FlawFinder.

drivers/macintosh/adb-iop.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 127 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
			if (req->reply_expected) {
				req->reply_len = amsg->count + 1;
				memcpy(req->reply, &amsg->cmd, req->reply_len);
			}

			req_done = true;
		}
		break;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 176 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* amsg.data immediately follows amsg.cmd, effectively making
	 * &amsg.cmd a pointer to the beginning of a full ADB packet.
	 */
	memcpy(&amsg.cmd, req->data + 1, req->nbytes - 1);

	req->sent = 1;
	adb_iop_state = sending;

	/* Now send it. The IOP manager will call adb_iop_complete

Reported by FlawFinder.

drivers/macintosh/macio-adb.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 23 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct preg {
	unsigned char r;
	char pad[15];
};

struct adb_regs {
	struct preg intr;
	struct preg data[9];

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 205 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	int i, n, err;
	struct adb_request *req = NULL;
	unsigned char ibuf[16];
	int ibuf_len = 0;
	int complete = 0;
	int autopoll = 0;
	int handled = 0;

Reported by FlawFinder.

drivers/macintosh/therm_windtunnel.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 101 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              static ssize_t
show_cpu_temperature( struct device *dev, struct device_attribute *attr, char *buf )
{
	return sprintf(buf, "%d.%d\n", x.temp>>8, (x.temp & 255)*10/256 );
}

static ssize_t
show_case_temperature( struct device *dev, struct device_attribute *attr, char *buf )
{

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 107 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              static ssize_t
show_case_temperature( struct device *dev, struct device_attribute *attr, char *buf )
{
	return sprintf(buf, "%d.%d\n", x.casetemp>>8, (x.casetemp & 255)*10/256 );
}

static DEVICE_ATTR(cpu_temperature, S_IRUGO, show_cpu_temperature, NULL );
static DEVICE_ATTR(case_temperature, S_IRUGO, show_case_temperature, NULL );

Reported by FlawFinder.

drivers/macintosh/via-pmu-led.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 99 Column: 34 CWE codes: 126 

              		of_node_put(dt);
		return -ENODEV;
	}
	if (strncmp(model, "PowerBook", strlen("PowerBook")) != 0 &&
	    strncmp(model, "iBook", strlen("iBook")) != 0 &&
	    strcmp(model, "PowerMac7,2") != 0 &&
	    strcmp(model, "PowerMac7,3") != 0) {
		of_node_put(dt);
		/* ignore */

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 100 Column: 30 CWE codes: 126 

              		return -ENODEV;
	}
	if (strncmp(model, "PowerBook", strlen("PowerBook")) != 0 &&
	    strncmp(model, "iBook", strlen("iBook")) != 0 &&
	    strcmp(model, "PowerMac7,2") != 0 &&
	    strcmp(model, "PowerMac7,3") != 0) {
		of_node_put(dt);
		/* ignore */
		return -ENODEV;

Reported by FlawFinder.