The following issues were found

drivers/power/supply/surface_battery.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 122 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct spwr_battery_device {
	struct ssam_device *sdev;

	char name[32];
	struct power_supply *psy;
	struct power_supply_desc psy_desc;

	struct delayed_work update_work;

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 725 Column: 2 CWE codes: 120 

              			      struct ssam_event_registry registry, const char *name)
{
	mutex_init(&bat->lock);
	strncpy(bat->name, name, ARRAY_SIZE(bat->name) - 1);

	bat->sdev = sdev;

	bat->notif.base.priority = 1;
	bat->notif.base.fn = spwr_notify_bat;

Reported by FlawFinder.

drivers/power/supply/surface_charger.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 53 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct spwr_ac_device {
	struct ssam_device *sdev;

	char name[32];
	struct power_supply *psy;
	struct power_supply_desc psy_desc;

	struct ssam_event_notifier notif;

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 178 Column: 2 CWE codes: 120 

              			 struct ssam_event_registry registry, const char *name)
{
	mutex_init(&ac->lock);
	strncpy(ac->name, name, ARRAY_SIZE(ac->name) - 1);

	ac->sdev = sdev;

	ac->notif.base.priority = 1;
	ac->notif.base.fn = spwr_notify_ac;

Reported by FlawFinder.

drivers/powercap/dtpm_cpu.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 183 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct dtpm_cpu *dtpm_cpu;
	struct cpufreq_policy *policy;
	struct em_perf_domain *pd;
	char name[CPUFREQ_NAME_LEN];
	int ret = -ENOMEM;

	policy = cpufreq_cpu_get(cpu);

	if (!policy)

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 213 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	for_each_cpu(cpu, policy->related_cpus)
		per_cpu(dtpm_per_cpu, cpu) = dtpm;

	sprintf(name, "cpu%d", dtpm_cpu->cpu);

	ret = dtpm_register(name, dtpm, __parent);
	if (ret)
		goto out_kfree_dtpm_cpu;

Reported by FlawFinder.

drivers/ps3/ps3-vuart.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 518 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!lb)
		return -ENOMEM;

	memcpy(lb->data, buf, bytes);
	lb->head = lb->data;
	lb->tail = lb->data + bytes;
	lb->dbg_number = ++dbg_number;

	spin_lock_irqsave(&priv->tx_list.lock, flags);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 630 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	list_for_each_entry_safe(lb, n, &priv->rx_list.head, link) {
		bytes_read = min((unsigned int)(lb->tail - lb->head), bytes);

		memcpy(buf, lb->head, bytes_read);
		buf += bytes_read;
		bytes -= bytes_read;
		priv->rx_list.bytes_held -= bytes_read;

		if (bytes_read < lb->tail - lb->head) {

Reported by FlawFinder.

drivers/regulator/aat2870-regulator.c
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 49 Column: 17 CWE codes: 120 20 

              	u8 val;
	int ret;

	ret = aat2870->read(aat2870, ri->voltage_addr, &val);
	if (ret)
		return ret;

	return (val & ri->voltage_mask) >> ri->voltage_shift;
}

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 80 Column: 17 CWE codes: 120 20 

              	u8 val;
	int ret;

	ret = aat2870->read(aat2870, ri->enable_addr, &val);
	if (ret)
		return ret;

	return val & ri->enable_mask ? 1 : 0;
}

Reported by FlawFinder.

drivers/regulator/cros-ec-regulator.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 41 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	msg->insize = insize;

	if (outdata && outsize > 0)
		memcpy(msg->data, outdata, outsize);

	ret = cros_ec_cmd_xfer_status(ec, msg);
	if (ret < 0)
		goto cleanup;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 48 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		goto cleanup;

	if (insize)
		memcpy(indata, msg->data, insize);

cleanup:
	kfree(msg);
	return ret;
}

Reported by FlawFinder.

drivers/regulator/da903x-regulator.c
2 issues
Division by zero.
Error

Line: 391 CWE codes: 369 

              	DA9030_LDO(17, 1800, 3200, 100,   LDO17, 0, 4, RCTL11, 7),
	DA9030_LDO(18, 1800, 3200, 100, LDO1819, 0, 4, RCTL21, 2),
	DA9030_LDO(19, 1800, 3200, 100, LDO1819, 4, 4, RCTL21, 1),
	DA9030_LDO(13, 2100, 2100, 0, INVAL, 0, 0, RCTL11, 3), /* fixed @2.1V */

	/* DA9034 */
	DA9034_DVC(BUCK1, 725, 1500, 25, ADTV2, 5, VCC1, 0, OVER1, 0),
	DA9034_DVC(BUCK2, 725, 1500, 25, CDTV2, 5, VCC1, 2, OVER1, 1),
	DA9034_DVC(LDO2,  725, 1500, 25, SDTV2, 5, VCC1, 4, OVER1, 2),

Reported by Cppcheck.

Division by zero.
Error

Line: 411 CWE codes: 369 

              	DA9034_LDO(13, 1800, 3300, 100, LDO1312, 4, 4, OVER2, 7),
	DA9034_LDO(14, 1800, 3300, 100, LDO1514, 0, 4, OVER3, 0),
	DA9034_LDO(15, 1800, 3300, 100, LDO1514, 4, 4, OVER3, 1),
	DA9034_LDO(5, 3100, 3100, 0, INVAL, 0, 0, OVER3, 7), /* fixed @3.1V */

	/* DA9035 */
	DA9035_DVC(BUCK3, 1800, 2200, 100, 3DTV1, 3, VCC2, 0, OVER3, 3),
};

Reported by Cppcheck.

drivers/regulator/wm831x-dcdc.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 47 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               */

struct wm831x_dcdc {
	char name[WM831X_DCDC_MAX_NAME];
	char supply_name[WM831X_DCDC_MAX_NAME];
	struct regulator_desc desc;
	int base;
	struct wm831x *wm831x;
	struct regulator_dev *regulator;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 48 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct wm831x_dcdc {
	char name[WM831X_DCDC_MAX_NAME];
	char supply_name[WM831X_DCDC_MAX_NAME];
	struct regulator_desc desc;
	int base;
	struct wm831x *wm831x;
	struct regulator_dev *regulator;
	struct gpio_desc *dvs_gpiod;

Reported by FlawFinder.

drivers/regulator/wm831x-ldo.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 33 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define WM831X_ALIVE_LDO_SLEEP_CONTROL 1

struct wm831x_ldo {
	char name[WM831X_LDO_MAX_NAME];
	char supply_name[WM831X_LDO_MAX_NAME];
	struct regulator_desc desc;
	int base;
	struct wm831x *wm831x;
	struct regulator_dev *regulator;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 34 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct wm831x_ldo {
	char name[WM831X_LDO_MAX_NAME];
	char supply_name[WM831X_LDO_MAX_NAME];
	struct regulator_desc desc;
	int base;
	struct wm831x *wm831x;
	struct regulator_dev *regulator;
};

Reported by FlawFinder.

drivers/remoteproc/keystone_remoteproc.c
2 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 389 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	fw_name = devm_kzalloc(dev, name_len, GFP_KERNEL);
	if (!fw_name)
		return -ENOMEM;
	snprintf(fw_name, name_len, template, dsp_id);

	rproc = rproc_alloc(dev, dev_name(dev), &keystone_rproc_ops, fw_name,
			    sizeof(*ksproc));
	if (!rproc)
		return -ENOMEM;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 385 Column: 13 CWE codes: 126 

              	}

	/* construct a custom default fw name - subject to change in future */
	name_len = strlen(template); /* assuming a single digit alias */
	fw_name = devm_kzalloc(dev, name_len, GFP_KERNEL);
	if (!fw_name)
		return -ENOMEM;
	snprintf(fw_name, name_len, template, dsp_id);

Reported by FlawFinder.