The following issues were found

drivers/net/wireless/ti/wl12xx/scan.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 140 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	if (wl->scan.ssid_len) {
		cmd->params.ssid_len = wl->scan.ssid_len;
		memcpy(cmd->params.ssid, wl->scan.ssid, wl->scan.ssid_len);
	}

	memcpy(cmd->addr, vif->addr, ETH_ALEN);

	ret = wl12xx_cmd_build_probe_req(wl, wlvif,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 143 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		memcpy(cmd->params.ssid, wl->scan.ssid, wl->scan.ssid_len);
	}

	memcpy(cmd->addr, vif->addr, ETH_ALEN);

	ret = wl12xx_cmd_build_probe_req(wl, wlvif,
					 cmd->params.role_id, band,
					 wl->scan.ssid, wl->scan.ssid_len,
					 wl->scan.req->ie,

Reported by FlawFinder.

drivers/net/wireless/ti/wlcore/debugfs.h
2 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 87 Column: 10 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	wl1271_debugfs_update_stats(wl);				\
									\
	for (i = 0; i < len && pos < sizeof(buf); i++)			\
		pos += snprintf(buf + pos, sizeof(buf) - pos,		\
			 "[%d] = %d\n", i, stats->sub.name[i]);		\
									\
	return wl1271_format_buffer(userbuf, count, ppos, "%s", buf);	\
}									\
									\

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 80 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {									\
	struct wl1271 *wl = file->private_data;				\
	struct struct_type *stats = wl->stats.fw_stats;			\
	char buf[DEBUGFS_FORMAT_BUFFER_SIZE] = "";			\
	int pos = 0;							\
	int i;								\
									\
	wl1271_debugfs_update_stats(wl);				\
									\

Reported by FlawFinder.

drivers/net/wwan/iosm/iosm_ipc_mux_codec.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 75 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	cmdh->transaction_id = cpu_to_le32(ipc_mux->tx_transaction_id++);

	if (param)
		memcpy(&cmdh->param, param, param_size);

	skb_put(acb->skb, le16_to_cpu(cmdh->cmd_len));

	return cmdh;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 720 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		}

		/* Add buffer (without head padding to next pending transfer) */
		memcpy(adb->buf + offset + pad_len, src_skb->data,
		       src_skb->len);

		adb->adgh->signature = cpu_to_le32(MUX_SIG_ADGH);
		adb->adgh->if_id = session_id;
		adb->adgh->length =

Reported by FlawFinder.

drivers/nfc/s3fwrn5/firmware.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 67 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct s3fwrn5_fw_image {
	const struct firmware *fw;

	char date[13];
	u32 version;
	const void *sig;
	u32 sig_size;
	const void *image;
	u32 image_sectors;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 80 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct s3fwrn5_fw_info {
	struct nci_dev *ndev;
	struct s3fwrn5_fw_image fw;
	char fw_name[NFC_FIRMWARE_NAME_MAXSIZE + 1];

	const void *sig;
	u32 sig_size;
	u32 sector_size;
	u32 base_addr;

Reported by FlawFinder.

drivers/nfc/st-nci/i2c.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 135 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	skb_reserve(*skb, ST_NCI_I2C_MIN_SIZE);
	skb_put(*skb, ST_NCI_I2C_MIN_SIZE);
	memcpy((*skb)->data, buf, ST_NCI_I2C_MIN_SIZE);

	if (!len)
		return 0;

	r = i2c_master_recv(client, buf, len);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 147 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}

	skb_put(*skb, len);
	memcpy((*skb)->data + ST_NCI_I2C_MIN_SIZE, buf, len);

	return 0;
}

/*

Reported by FlawFinder.

drivers/ntb/hw/idt/ntb_hw_idt.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1133 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	unsigned char peer_cnt;
	struct idt_ntb_peer peers[IDT_MAX_NR_PEERS];
	char port_idx_map[IDT_MAX_NR_PORTS];
	char part_idx_map[IDT_MAX_NR_PARTS];

	spinlock_t mtbl_lock;

	unsigned char mw_cnt;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1134 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned char peer_cnt;
	struct idt_ntb_peer peers[IDT_MAX_NR_PEERS];
	char port_idx_map[IDT_MAX_NR_PORTS];
	char part_idx_map[IDT_MAX_NR_PARTS];

	spinlock_t mtbl_lock;

	unsigned char mw_cnt;
	struct idt_mw_cfg *mws;

Reported by FlawFinder.

drivers/nvme/host/lightnvm.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 525 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto out;
	}

	memcpy(blks, bb_tbl->blk, geo->num_chk * geo->num_pln);
out:
	kfree(bb_tbl);
	return ret;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 970 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	geo->mdts = ns->ctrl->max_hw_sectors;

	dev->q = q;
	memcpy(dev->name, disk_name, DISK_NAME_LEN);
	dev->ops = &nvme_nvm_dev_ops;
	dev->private_data = ns;
	ns->ndev = dev;

	return nvm_register(dev);

Reported by FlawFinder.

drivers/nvme/target/rdma.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 1965 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              		struct rdma_cm_id *req_cm_id = rsp->queue->cm_id;
		struct sockaddr *addr = (void *)&req_cm_id->route.addr.src_addr;

		sprintf(traddr, "%pISc", addr);
	} else {
		memcpy(traddr, nport->disc_addr.traddr, NVMF_TRADDR_SIZE);
	}
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1967 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
		sprintf(traddr, "%pISc", addr);
	} else {
		memcpy(traddr, nport->disc_addr.traddr, NVMF_TRADDR_SIZE);
	}
}

static u8 nvmet_rdma_get_mdts(const struct nvmet_ctrl *ctrl)
{

Reported by FlawFinder.

drivers/nvme/target/trace.h
2 issues
strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 56 Column: 2 CWE codes: 120 

              		return;
	}

	strncpy(name, req->ns->device_path,
		min_t(size_t, DISK_NAME_LEN, strlen(req->ns->device_path)));
}
#endif

TRACE_EVENT(nvmet_req_init,

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 57 Column: 32 CWE codes: 126 

              	}

	strncpy(name, req->ns->device_path,
		min_t(size_t, DISK_NAME_LEN, strlen(req->ns->device_path)));
}
#endif

TRACE_EVENT(nvmet_req_init,
	TP_PROTO(struct nvmet_req *req, struct nvme_command *cmd),

Reported by FlawFinder.

drivers/nvmem/jz4780-efuse.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 78 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		size_t start = offset & ~(JZ_EFU_READ_SIZE - 1);
		size_t chunk = min(bytes, (start + JZ_EFU_READ_SIZE)
				    - offset);
		char buf[JZ_EFU_READ_SIZE];
		unsigned int tmp;
		u32 ctrl;
		int ret;

		ctrl = (start << EFUCTRL_ADDR_SHIFT)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 108 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		if (ret < 0)
			return ret;

		memcpy(val, &buf[offset - start], chunk);

		val += chunk;
		offset += chunk;
		bytes -= chunk;
	}

Reported by FlawFinder.