The following issues were found

drivers/tty/serial/sc16is7xx.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 298 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define SC16IS7XX_REG_SHIFT		2

struct sc16is7xx_devtype {
	char	name[10];
	int	nr_gpio;
	int	nr_uart;
};

#define SC16IS7XX_RECONF_MD		(1 << 0)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 328 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #ifdef CONFIG_GPIOLIB
	struct gpio_chip		gpio;
#endif
	unsigned char			buf[SC16IS7XX_FIFO_SIZE];
	struct kthread_worker		kworker;
	struct task_struct		*kworker_task;
	struct mutex			efr_lock;
	struct sc16is7xx_one		p[];
};

Reported by FlawFinder.

drivers/usb/dwc2/debugfs.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 34 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct dwc2_hsotg	*hsotg = s->private;
	unsigned long		flags;
	u32			testmode = 0;
	char			buf[32];

	if (copy_from_user(&buf, ubuf, min_t(size_t, sizeof(buf) - 1, count)))
		return -EFAULT;

	if (!strncmp(buf, "test_j", 6))

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 715 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	print_param(seq, p, g_np_tx_fifo_size);

	for (i = 0; i < MAX_EPS_CHANNELS; i++) {
		char str[32];

		snprintf(str, 32, "g_tx_fifo_size[%d]", i);
		seq_printf(seq, "%-30s: %d\n", str, p->g_tx_fifo_size[i]);
	}

Reported by FlawFinder.

drivers/usb/chipidea/core.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 946 Column: 10 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	struct ci_hdrc *ci = dev_get_drvdata(dev);

	if (ci->role != CI_ROLE_END)
		return sprintf(buf, "%s\n", ci_role(ci)->name);

	return 0;
}

static ssize_t role_store(struct device *dev,

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 965 Column: 9 CWE codes: 126 

              
	for (role = CI_ROLE_HOST; role < CI_ROLE_END; role++)
		if (!strncmp(buf, ci->roles[role]->name,
			     strlen(ci->roles[role]->name)))
			break;

	if (role == CI_ROLE_END || role == ci->role)
		return -EINVAL;

Reported by FlawFinder.

drivers/tty/serial/sccnxp.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 949 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	if (pdata)
		memcpy(&s->pdata, pdata, sizeof(struct sccnxp_pdata));

	if (s->pdata.poll_time_us) {
		dev_info(&pdev->dev, "Using poll mode, resolution %u usecs\n",
			 s->pdata.poll_time_us);
		s->poll = 1;

Reported by FlawFinder.

strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 978 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	s->uart.cons->flags	= CON_PRINTBUFFER;
	s->uart.cons->index	= -1;
	s->uart.cons->data	= s;
	strcpy(s->uart.cons->name, "ttySC");
#endif
	ret = uart_register_driver(&s->uart);
	if (ret) {
		dev_err(&pdev->dev, "Registering UART driver failed\n");
		goto err_out;

Reported by FlawFinder.

drivers/staging/wlan-ng/prism2sta.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1059 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}
	/* issue a join request */
	joinreq.channel = sr->result[0].chid;
	memcpy(joinreq.bssid, sr->result[0].bssid, WLAN_BSSID_LEN);
	result = hfa384x_drvr_setconfig(hw,
					HFA384x_RID_JOINREQUEST,
					&joinreq, HFA384x_RID_JOINREQUEST_LEN);
	if (result) {
		netdev_err(wlandev->netdev, "setconfig(joinreq) failed, result=%d\n",

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1536 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	skb = dev_alloc_skb(sizeof(*inf));
	if (skb) {
		skb_put(skb, sizeof(*inf));
		memcpy(skb->data, inf, sizeof(*inf));
		skb_queue_tail(&hw->authq, skb);
		schedule_work(&hw->link_bh);
	}
}

Reported by FlawFinder.

drivers/spi/spi-zynq-qspi.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 252 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	data = zynq_qspi_read(xqspi, ZYNQ_QSPI_RXD_OFFSET);

	if (xqspi->rxbuf) {
		memcpy(xqspi->rxbuf, ((u8 *)&data) + 4 - size, size);
		xqspi->rxbuf += size;
	}

	xqspi->rx_bytes -= size;
	if (xqspi->rx_bytes < 0)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 275 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	if (xqspi->txbuf) {
		data = 0xffffffff;
		memcpy(&data, xqspi->txbuf, size);
		xqspi->txbuf += size;
	} else {
		data = 0;
	}

Reported by FlawFinder.

drivers/staging/rts5208/rtsx_chip.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2038 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (retval < 0)
			return STATUS_FAIL;

		memcpy(ptr, rtsx_get_cmd_data(chip), 256);
		ptr += 256;
	}

	if (buf_len % 256) {
		rtsx_init_cmd(chip);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 2053 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			return STATUS_FAIL;
	}

	memcpy(ptr, rtsx_get_cmd_data(chip), buf_len % 256);

	return STATUS_SUCCESS;
}

int rtsx_write_ppbuf(struct rtsx_chip *chip, u8 *buf, int buf_len)

Reported by FlawFinder.

drivers/soundwire/mipi_disco.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 34 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct sdw_master_prop *prop = &bus->prop;
	struct fwnode_handle *link;
	char name[32];
	int nval, i;

	device_property_read_u32(bus->dev,
				 "mipi-sdw-sw-interface-revision",
				 &prop->revision);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 170 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u32 bit, i = 0;
	int nval;
	unsigned long addr;
	char name[40];

	addr = ports;
	/* valid ports are 1 to 14 so apply mask */
	addr &= GENMASK(14, 1);

Reported by FlawFinder.

drivers/staging/rtl8723bs/hal/hal_com.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 41 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
void dump_chip_info(struct hal_version	ChipVersion)
{
	char buf[128];
	size_t cnt = 0;

	cnt += scnprintf(buf + cnt, sizeof(buf) - cnt, "Chip Version Info: CHIP_8723B_%s_",
			IS_NORMAL_CHIP(ChipVersion) ? "Normal_Chip" : "Test_Chip");

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 1194 Column: 2 CWE codes: 120 

              	while ((c = In[(*Start)++]) != RightQualifier)
		; /*  find ']' */
	j = (*Start) - 2;
	strncpy((char *)Out, (const char *)(In+i), j-i+1);

	return true;
}

bool isAllSpaceOrTab(u8 *data, u8 size)

Reported by FlawFinder.

drivers/usb/serial/mxuport.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1020 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	do {
		txlen = min_t(size_t, (fw_p->size - fwidx), DOWN_BLOCK_SIZE);

		memcpy(fw_buf, &fw_p->data[fwidx], txlen);
		err = mxuport_send_ctrl_data_urb(serial, RQ_VENDOR_FW_DATA,
						 0, 0, fw_buf, txlen);
		if (err) {
			mxuport_send_ctrl_urb(serial, RQ_VENDOR_STOP_FW_DOWN,
					      0, 0);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1054 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	const struct firmware *fw_p = NULL;
	u32 version;
	int local_ver;
	char buf[32];
	int err;

	/* Load our firmware */
	err = mxuport_send_ctrl_urb(serial, RQ_VENDOR_QUERY_FW_CONFIG, 0, 0);
	if (err) {

Reported by FlawFinder.