The following issues were found

drivers/staging/most/net/net.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 126 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	*buff++ = PMS_TELID_UNSEGM_MAMAC << 4 | HB(payload_len);
	*buff++ = LB(payload_len);

	memcpy(buff, skb->data + ETH_HLEN, payload_len);
	mbo->buffer_length = mdp_len;
	return 0;
}

static int skb_to_mep(const struct sk_buff *skb, struct mbo *mbo)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 157 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	*buff++ = 0;
	*buff++ = 0;

	memcpy(buff, skb->data, skb->len);
	mbo->buffer_length = mep_len;
	return 0;
}

static int most_nd_set_mac_address(struct net_device *dev, void *p)

Reported by FlawFinder.

drivers/usb/core/ledtrig-usbport.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 90 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              						      struct usbport_trig_port,
						      attr);

	return sprintf(buf, "%d\n", port->observed) + 1;
}

static ssize_t usbport_trig_port_store(struct device *dev,
				       struct device_attribute *attr,
				       const char *buf, size_t size)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 204 Column: 8 CWE codes: 126 

              	port->observed = usbport_trig_port_observed(usbport_data, usb_dev,
						    portnum);

	len = strlen(hub_name) + 8;
	port->port_name = kzalloc(len, GFP_KERNEL);
	if (!port->port_name) {
		err = -ENOMEM;
		goto err_free_port;
	}

Reported by FlawFinder.

drivers/soc/aspeed/aspeed-p2a-ctrl.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 80 Column: 6 CWE codes: 120 20 

              	 * enabled, therefore this needs only to be tracked once per user.
	 * If any user has it open for read, the bridge must stay enabled.
	 */
	u32 read;

	/* Each entry of the array corresponds to a P2A Region.  If the user
	 * opens for read or readwrite, the reference goes up here.  On
	 * release, this array is walked and references adjusted accordingly.
	 */

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 275 Column: 33 CWE codes: 120 20 

              	 */
	mutex_lock(&priv->parent->tracking);

	priv->parent->readers -= priv->read;

	for (i = 0; i < P2A_REGION_COUNT; i++) {
		priv->parent->readerwriters[i] -= priv->readwrite[i];

		if (priv->parent->readerwriters[i] > 0)

Reported by FlawFinder.

drivers/scsi/qla2xxx/qla_nx2.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2976 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (rval)
			goto error_exit;

		memcpy(data_ptr, rdmem_buffer, chunk_size);
		data_ptr += chunk_size;
		read_size += chunk_size;
	}

	*d_ptr = (uint32_t *)data_ptr;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 3804 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!p_cache)
		return QLA_FUNCTION_FAILED;

	memcpy(p_cache, buf, length);
	p_src = p_cache;
	dword_count = length / sizeof(uint32_t);
	/* Since the offset and legth are sector aligned, it will be always
	 * multiple of burst_iter_count (64)
	 */

Reported by FlawFinder.

drivers/staging/most/video/video.c
2 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 261 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	if (f->index)
		return -EINVAL;

	strcpy(f->description, "MPEG");
	f->type = V4L2_BUF_TYPE_VIDEO_CAPTURE;
	f->flags = V4L2_FMT_FLAG_COMPRESSED;
	f->pixelformat = V4L2_PIX_FMT_MPEG;

	return 0;

Reported by FlawFinder.

strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 309 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	if (input->index >= V4L2_CMP_MAX_INPUT)
		return -EINVAL;

	strcpy(input->name, "MOST Video");
	input->type |= V4L2_INPUT_TYPE_CAMERA;
	input->audioset = 0;

	input->std = mdev->vdev->tvnorms;

Reported by FlawFinder.

drivers/scsi/qla2xxx/qla_dfs.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 108 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              void
qla2x00_dfs_create_rport(scsi_qla_host_t *vha, struct fc_port *fp)
{
	char wwn[32];

#define QLA_CREATE_RPORT_FIELD_ATTR(_attr)			\
	debugfs_create_file(#_attr, 0400, fp->dfs_rport_dir,	\
		fp, &qla_dfs_rport_field_##_attr##_fops)

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 117 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	if (!vha->dfs_rport_root || fp->dfs_rport_dir)
		return;

	sprintf(wwn, "pn-%016llx", wwn_to_u64(fp->port_name));
	fp->dfs_rport_dir = debugfs_create_dir(wwn, vha->dfs_rport_root);
	if (!fp->dfs_rport_dir)
		return;
	if (NVME_TARGET(vha->hw, fp))
		debugfs_create_file("dev_loss_tmo", 0600, fp->dfs_rport_dir,

Reported by FlawFinder.

drivers/video/fbdev/omap2/omapfb/dss/hdmi4_core.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 362 Column: 24 CWE codes: 126 

              #define DUMPCOREAV(r) seq_printf(s, "%-35s %08x\n", #r,\
		hdmi_read_reg(hdmi_av_base(core), r))
#define DUMPCOREAV2(i, r) seq_printf(s, "%s[%d]%*s %08x\n", #r, i, \
		(i < 10) ? 32 - (int)strlen(#r) : 31 - (int)strlen(#r), " ", \
		hdmi_read_reg(hdmi_av_base(core), CORE_REG(i, r)))

	DUMPCORE(HDMI_CORE_SYS_VND_IDL);
	DUMPCORE(HDMI_CORE_SYS_DEV_IDL);
	DUMPCORE(HDMI_CORE_SYS_DEV_IDH);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 362 Column: 47 CWE codes: 126 

              #define DUMPCOREAV(r) seq_printf(s, "%-35s %08x\n", #r,\
		hdmi_read_reg(hdmi_av_base(core), r))
#define DUMPCOREAV2(i, r) seq_printf(s, "%s[%d]%*s %08x\n", #r, i, \
		(i < 10) ? 32 - (int)strlen(#r) : 31 - (int)strlen(#r), " ", \
		hdmi_read_reg(hdmi_av_base(core), CORE_REG(i, r)))

	DUMPCORE(HDMI_CORE_SYS_VND_IDL);
	DUMPCORE(HDMI_CORE_SYS_DEV_IDL);
	DUMPCORE(HDMI_CORE_SYS_DEV_IDH);

Reported by FlawFinder.

drivers/video/fbdev/matrox/g450_pll.c
2 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 404 Column: 24 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              					pci_write_config_dword(minfo->pcidev, PCI_OPTION_REG, opt | 0x20);
				}
			}
			pi = &minfo->limits.system;
			ci = &minfo->cache.system;
			break;
		case M_VIDEO_PLL:
			{
				u_int8_t tmp;

Reported by FlawFinder.

system - This causes a new program to execute and is difficult to use safely
Security

Line: 405 Column: 23 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              				}
			}
			pi = &minfo->limits.system;
			ci = &minfo->cache.system;
			break;
		case M_VIDEO_PLL:
			{
				u_int8_t tmp;
				unsigned int mnp;

Reported by FlawFinder.

drivers/staging/media/av7110/av7110_hw.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1128 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		break;
	case OSD_Text:
	{
		char textbuf[240];

		if (strncpy_from_user(textbuf, dc->data, 240) < 0) {
			ret = -EFAULT;
			break;
		}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 744 Column: 15 CWE codes: 126 

              {
	int i, ret;
	unsigned long start;
	int length = strlen(buf) + 1;
	u16 cbuf[5] = { (COMTYPE_OSD << 8) + DText, 3, win, x, y };

	if (mutex_lock_interruptible(&av7110->dcomlock))
		return -ERESTARTSYS;

Reported by FlawFinder.

drivers/soc/renesas/rcar-sysc.c
2 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 411 Column: 3 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              			goto out_put;
		}

		strcpy(pd->name, area->name);
		pd->genpd.name = pd->name;
		pd->ch.chan_offs = area->chan_offs;
		pd->ch.chan_bit = area->chan_bit;
		pd->ch.isr_bit = area->isr_bit;
		pd->flags = area->flags;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 405 Column: 30 CWE codes: 126 

              			continue;
		}

		pd = kzalloc(sizeof(*pd) + strlen(area->name) + 1, GFP_KERNEL);
		if (!pd) {
			error = -ENOMEM;
			goto out_put;
		}

Reported by FlawFinder.