The following issues were found

drivers/pnp/interface.c
2 issues
vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 45 Column: 8 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	if (buffer->stop || buffer->error)
		return 0;
	va_start(args, fmt);
	res = vsnprintf(buffer->curr, buffer->len - buffer->size, fmt, args);
	va_end(args);
	if (buffer->size + res >= buffer->len) {
		buffer->stop = 1;
		return 0;
	}

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 449 Column: 10 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	struct pnp_id *pos = dev->id;

	while (pos) {
		str += sprintf(str, "%s\n", pos->id);
		pos = pos->next;
	}
	return (str - buf);
}
static DEVICE_ATTR_RO(id);

Reported by FlawFinder.

drivers/pnp/pnpbios/rsparser.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 437 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	int len, tag;
	u32 eisa_id;
	char id[8];
	struct pnp_id *dev_id;

	if (!p)
		return NULL;

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 457 Column: 4 CWE codes: 120 

              		switch (tag) {

		case LARGE_TAG_ANSISTR:
			strncpy(dev->name, p + 3,
				len >= PNP_NAME_LEN ? PNP_NAME_LEN - 2 : len);
			dev->name[len >=
				  PNP_NAME_LEN ? PNP_NAME_LEN - 1 : len] = '\0';
			break;

Reported by FlawFinder.

drivers/power/supply/ab8500_fg.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 2433 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
static ssize_t charge_full_show(struct ab8500_fg *di, char *buf)
{
	return sprintf(buf, "%d\n", di->bat_cap.max_mah);
}

static ssize_t charge_full_store(struct ab8500_fg *di, const char *buf,
				 size_t count)
{

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 2452 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
static ssize_t charge_now_show(struct ab8500_fg *di, char *buf)
{
	return sprintf(buf, "%d\n", di->bat_cap.prev_mah);
}

static ssize_t charge_now_store(struct ab8500_fg *di, const char *buf,
				 size_t count)
{

Reported by FlawFinder.

drivers/power/supply/axp288_fuel_gauge.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 171 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int fuel_gauge_read_15bit_word(struct axp288_fg_info *info, int reg)
{
	unsigned char buf[2];
	int ret;

	ret = regmap_bulk_read(info->regmap, reg, buf, 2);
	if (ret < 0) {
		dev_err(&info->pdev->dev, "Error reading reg 0x%02x err: %d\n",

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 193 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int fuel_gauge_read_12bit_word(struct axp288_fg_info *info, int reg)
{
	unsigned char buf[2];
	int ret;

	ret = regmap_bulk_read(info->regmap, reg, buf, 2);
	if (ret < 0) {
		dev_err(&info->pdev->dev, "Error reading reg 0x%02x err: %d\n",

Reported by FlawFinder.

drivers/power/supply/bq24190_charger.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 162 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct power_supply		*charger;
	struct power_supply		*battery;
	struct delayed_work		input_current_limit_work;
	char				model_name[I2C_NAME_SIZE];
	bool				initialized;
	bool				irq_event;
	u16				sys_min;
	u16				iprechg;
	u16				iterm;

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 1729 Column: 2 CWE codes: 120 

              
	bdi->client = client;
	bdi->dev = dev;
	strncpy(bdi->model_name, id->name, I2C_NAME_SIZE);
	mutex_init(&bdi->f_reg_lock);
	bdi->f_reg = 0;
	bdi->ss_reg = BQ24190_REG_SS_VBUS_STAT_MASK; /* impossible state */
	INIT_DELAYED_WORK(&bdi->input_current_limit_work,
			  bq24190_input_current_limit_work);

Reported by FlawFinder.

drivers/power/supply/bq2515x_charger.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 184 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct gpio_desc *ac_detect_gpio;
	struct gpio_desc *ce_gpio;

	char model_name[I2C_NAME_SIZE];
	int device_id;
	bool mains_online;

	struct bq2515x_init_data init_data;
};

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 1095 Column: 2 CWE codes: 120 

              
	bq2515x->dev = dev;

	strncpy(bq2515x->model_name, id->name, I2C_NAME_SIZE);

	bq2515x->device_id = id->driver_data;

	switch (bq2515x->device_id) {
	case BQ25150:

Reported by FlawFinder.

drivers/power/supply/bq256xx_charger.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 236 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct work_struct usb_work;
	unsigned long usb_event;

	char model_name[I2C_NAME_SIZE];

	struct bq256xx_init_data init_data;
	const struct bq256xx_chip_info *chip_info;
	struct bq256xx_state state;
	int watchdog_timer;

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 1638 Column: 2 CWE codes: 120 

              
	mutex_init(&bq->lock);

	strncpy(bq->model_name, id->name, I2C_NAME_SIZE);

	bq->regmap = devm_regmap_init_i2c(client,
					bq->chip_info->bq256xx_regmap_config);

	if (IS_ERR(bq->regmap)) {

Reported by FlawFinder.

drivers/power/supply/bq25980_charger.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 99 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct mutex lock;
	struct regmap *regmap;

	char model_name[I2C_NAME_SIZE];

	struct bq25980_init_data init_data;
	const struct bq25980_chip_info *chip_info;
	struct bq25980_state state;
	int watchdog_timer;

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 1226 Column: 2 CWE codes: 120 

              
	mutex_init(&bq->lock);

	strncpy(bq->model_name, id->name, I2C_NAME_SIZE);
	bq->chip_info = &bq25980_chip_info_tbl[id->driver_data];

	bq->regmap = devm_regmap_init_i2c(client,
					  bq->chip_info->regmap_config);
	if (IS_ERR(bq->regmap)) {

Reported by FlawFinder.

drivers/power/supply/isp1704_charger.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 55 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct work_struct		work;

	/* properties */
	char			model[8];
	unsigned		present:1;
	unsigned		online:1;
	unsigned		current_max;
};

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 370 Column: 4 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              
	for (i = 0; i < ARRAY_SIZE(isp170x_id); i++) {
		if (product == isp170x_id[i]) {
			sprintf(isp->model, "isp%x", product);
			return product;
		}
	}

	dev_err(isp->dev, "product id %x not matching known ids", product);

Reported by FlawFinder.

drivers/power/supply/pmu_battery.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 20 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct power_supply *bat;
	struct power_supply_desc bat_desc;
	struct pmu_battery_info *pbi;
	char name[16];
	int propval;
} *pbats[PMU_MAX_BATTERIES];

#define to_pmu_battery_dev(x) power_supply_get_drvdata(x)

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 168 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              		if (!pbat)
			break;

		sprintf(pbat->name, "PMU_battery_%d", i);
		pbat->bat_desc.name = pbat->name;
		pbat->bat_desc.properties = pmu_bat_props;
		pbat->bat_desc.num_properties = ARRAY_SIZE(pmu_bat_props);
		pbat->bat_desc.get_property = pmu_bat_get_property;
		pbat->pbi = &pmu_batteries[i];

Reported by FlawFinder.