The following issues were found

drivers/net/wireless/intersil/orinoco/hw.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 49 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              				    struct net_device *dev,
				    int mc_count, int promisc);
int orinoco_hw_get_essid(struct orinoco_private *priv, int *active,
			 char buf[IW_ESSID_MAX_SIZE + 1]);
int orinoco_hw_get_freq(struct orinoco_private *priv);
int orinoco_hw_get_bitratelist(struct orinoco_private *priv,
			       int *numrates, s32 *rates, int max);
int orinoco_hw_trigger_scan(struct orinoco_private *priv,
			    const struct cfg80211_ssid *ssid);

Reported by FlawFinder.

drivers/scsi/isci/init.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 442 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	    (sci_parms->no_outbound_task_timeout == 0))
		return SCI_FAILURE_INVALID_PARAMETER_VALUE;

	memcpy(&ihost->user_parameters, sci_parms, sizeof(*sci_parms));

	return SCI_SUCCESS;
}

static void sci_oem_defaults(struct isci_host *ihost)

Reported by FlawFinder.

drivers/scsi/aacraid/src.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1096 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	u32 status[5];
	int rc = 1;
	int state = 0;
	char *state_str[7] = {
		"GET_ADAPTER_PROPERTIES Failed",
		"GET_ADAPTER_PROPERTIES timeout",
		"SOFT_RESET not supported",
		"DROP_IO Failed",
		"DROP_IO timeout",

Reported by FlawFinder.

drivers/phy/allwinner/phy-sun4i-usb.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 748 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	for (i = 0; i < data->cfg->num_phys; i++) {
		struct sun4i_usb_phy *phy = data->phys + i;
		char name[16];

		if (data->cfg->missing_phys & BIT(i))
			continue;

		snprintf(name, sizeof(name), "usb%d_vbus", i);

Reported by FlawFinder.

drivers/perf/arm-ccn.c
1 issues
Array 'arm_ccn_pmu_events[51]' accessed at index 9998, which is out of bounds.
Error

Line: 788 CWE codes: 788 

              	/* Validate event ID vs available for the type */
	for (i = 0, valid = 0; i < ARRAY_SIZE(arm_ccn_pmu_events) && !valid;
			i++) {
		struct arm_ccn_pmu_event *e = &arm_ccn_pmu_events[i];
		u32 port = CCN_CONFIG_PORT(event->attr.config);
		u32 vc = CCN_CONFIG_VC(event->attr.config);

		if (!arm_ccn_pmu_type_eq(type, e->type))
			continue;

Reported by Cppcheck.

drivers/net/wireless/mediatek/mt76/mt7915/testmode.c
1 issues
syntax error: { . band
Error

Line: 32 

              	{ .band[0] = MT_##_reg(0, _idx), .band[1] = MT_##_reg(1, _idx) }

static const struct reg_band reg_backup_list[] = {
	REG_BAND_IDX(AGG_PCR0, 0),
	REG_BAND_IDX(AGG_PCR0, 1),
	REG_BAND_IDX(AGG_AWSCR0, 0),
	REG_BAND_IDX(AGG_AWSCR0, 1),
	REG_BAND_IDX(AGG_AWSCR0, 2),
	REG_BAND_IDX(AGG_AWSCR0, 3),

Reported by Cppcheck.

drivers/scsi/aha1740.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 387 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	else if (*cmd == WRITE_10 || *cmd == WRITE_6)
		direction = 0;

	memcpy(host->ecb[ecbno].cdb, cmd, SCpnt->cmd_len);

	SCpnt->host_scribble = dma_alloc_coherent (&host->edev->dev,
						   sizeof (struct aha1740_sg),
						   &sg_dma, GFP_ATOMIC);
	if(SCpnt->host_scribble == NULL) {

Reported by FlawFinder.

drivers/net/wireless/intersil/orinoco/fw.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 44 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               * Make sure LE decoding macros are used
 */
struct orinoco_fw_header {
	char hdr_vers[6];       /* ASCII string for header version */
	__le16 headersize;      /* Total length of header */
	__le32 entry_point;     /* NIC entry point */
	__le32 blocks;          /* Number of blocks to program */
	__le32 block_offset;    /* Offset of block data from eof header */
	__le32 pdr_offset;      /* Offset to PDR data from eof header */

Reported by FlawFinder.

drivers/pcmcia/yenta_socket.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 193 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		unsigned char val;
		if (!(i & 7)) {
			if (i & 8) {
				memcpy(buf + offset, " -", 2);
				offset += 2;
			} else
				offset += scnprintf(buf + offset, PAGE_SIZE - offset, "\n%02x:", i);
		}
		val = exca_readb(socket, i);

Reported by FlawFinder.

drivers/pcmcia/pcmcia_cis.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 357 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	*get->buf = kzalloc(tuple->TupleDataLen, GFP_KERNEL);
	if (*get->buf) {
		get->len = tuple->TupleDataLen;
		memcpy(*get->buf, tuple->TupleData, tuple->TupleDataLen);
	} else
		dev_dbg(&p_dev->dev, "do_get_tuple: out of memory\n");
	return 0;
}

Reported by FlawFinder.