The following issues were found

net/compat.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 335 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
/* Argument list sizes for compat_sys_socketcall */
#define AL(x) ((x) * sizeof(u32))
static unsigned char nas[21] = {
	AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
	AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
	AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
	AL(4), AL(5), AL(4)
};

Reported by FlawFinder.

net/core/bpf_sk_storage.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 408 Column: 6 CWE codes: 126 

              		t = btf_type_by_id(btf_vmlinux, btf_id);
		tname = btf_name_by_offset(btf_vmlinux, t->name_off);
		return !!strncmp(tname, "bpf_sk_storage",
				 strlen("bpf_sk_storage"));
	default:
		return false;
	}

	return false;

Reported by FlawFinder.

include/sound/seq_oss.h
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 39 Column: 8 CWE codes: 362 

               */
struct snd_seq_oss_callback {
	struct module *owner;
	int (*open)(struct snd_seq_oss_arg *p, void *closure);
	int (*close)(struct snd_seq_oss_arg *p);
	int (*ioctl)(struct snd_seq_oss_arg *p, unsigned int cmd, unsigned long arg);
	int (*load_patch)(struct snd_seq_oss_arg *p, int format, const char __user *buf, int offs, int count);
	int (*reset)(struct snd_seq_oss_arg *p);
	int (*raw_event)(struct snd_seq_oss_arg *p, unsigned char *data);

Reported by FlawFinder.

net/core/dev_ioctl.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 271 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	case SIOCSIFHWBROADCAST:
		if (ifr->ifr_hwaddr.sa_family != dev->type)
			return -EINVAL;
		memcpy(dev->broadcast, ifr->ifr_hwaddr.sa_data,
		       min(sizeof(ifr->ifr_hwaddr.sa_data),
			   (size_t)dev->addr_len));
		call_netdevice_notifiers(NETDEV_CHANGEADDR, dev);
		return 0;

Reported by FlawFinder.

include/sound/seq_midi_event.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 19 Column: 6 CWE codes: 120 20 

              /* midi status */
struct snd_midi_event {
	int qlen;		/* queue length */
	int read;		/* chars read */
	int type;		/* current event type */
	unsigned char lastcmd;	/* last command (for MIDI state handling) */
	unsigned char nostat;	/* no state flag */
	int bufsize;		/* allocated buffer size */
	unsigned char *buf;	/* input buffer */

Reported by FlawFinder.

include/sound/seq_device.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 19 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct snd_card *card;	/* sound card */
	int device;		/* device number */
	const char *id;		/* driver id */
	char name[80];		/* device name */
	int argsize;		/* size of the argument */
	void *driver_data;	/* private data for driver */
	void *private_data;	/* private data for the caller */
	void (*private_free)(struct snd_seq_device *device);
	struct device dev;

Reported by FlawFinder.

include/sound/sb16_csp.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 47 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct snd_sb_csp {
	struct snd_sb *chip;		/* SB16 DSP */
	int used;		/* usage flag - exclusive */
	char codec_name[16];	/* name of codec */
	unsigned short func_nr;	/* function number */
	unsigned int acc_format;	/* accepted PCM formats */
	int acc_channels;	/* accepted channels */
	int acc_width;		/* accepted sample width */
	int acc_rates;		/* accepted sample rates */

Reported by FlawFinder.

net/core/flow_offload.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 187 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!cookie)
		return NULL;
	cookie->cookie_len = len;
	memcpy(cookie->cookie, data, len);
	return cookie;
}
EXPORT_SYMBOL(flow_action_cookie_create);

void flow_action_cookie_destroy(struct flow_action_cookie *cookie)

Reported by FlawFinder.

net/core/lwt_bpf.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 632 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (ingress)
		skb_postpush_rcsum(skb, iph, len);
	skb_reset_network_header(skb);
	memcpy(skb_network_header(skb), hdr, len);
	bpf_compute_data_pointers(skb);
	skb_clear_hash(skb);

	if (ipv4) {
		skb->protocol = htons(ETH_P_IP);

Reported by FlawFinder.

include/sound/rt5682.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 45 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	unsigned int dmic_delay;
	bool dmic_clk_driving_high;

	const char *dai_clk_names[RT5682_DAI_NUM_CLKS];
};

#endif

Reported by FlawFinder.