Line: 166 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
static int ax25_uid_seq_show(struct seq_file *seq, void *v)
{
	char buf[11];

	if (v == SEQ_START_TOKEN)
		seq_printf(seq, "Policy: %d\n", ax25_uid_policy);
	else {
		struct ax25_uid_assoc *pt;

            

Line: 150 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
{
	char path[sizeof("net/ax25/") + IFNAMSIZ];
	int k;
	struct ctl_table *table;

	table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL);
	if (!table)

            

Line: 576 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	skb_buff = skb_put(forw_packet_aggr->skb, packet_len);
	forw_packet_aggr->packet_len = packet_len;
	memcpy(skb_buff, packet_buff, packet_len);

	forw_packet_aggr->own = own_packet;
	forw_packet_aggr->direct_link_flags = BATADV_NO_FLAGS;
	forw_packet_aggr->send_time = send_time;


            

Line: 131 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               */
struct drm_hw_lock {
	__volatile__ unsigned int lock;		/**< lock variable */
	char padding[60];			/**< Pad to cache line */
};

/*
 * DRM_IOCTL_VERSION ioctl argument type.
 *

            

Line: 1615 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return false;

	if (chaddr != buf)
		memcpy(buf, chaddr, BATADV_DHCP_CHADDR_LEN);

	return true;
}

/**

            

Line: 659 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              {
	int ret = -ENOMEM;
	struct kobject *bat_kobj;
	char *uevent_env[4] = { NULL, NULL, NULL, NULL };

	bat_kobj = &bat_priv->soft_iface->dev.kobj;

	uevent_env[0] = kasprintf(GFP_ATOMIC,
				  "%s%s", BATADV_UEV_TYPE_VAR,

            

Line: 813 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              	u8 old_flags = bat_priv->mcast.mla_flags.tvlv_flags;
	char str_old_flags[] = "[.... . ]";

	sprintf(str_old_flags, "[%c%c%c%s%s]",
		(old_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES) ? 'U' : '.',
		(old_flags & BATADV_MCAST_WANT_ALL_IPV4) ? '4' : '.',
		(old_flags & BATADV_MCAST_WANT_ALL_IPV6) ? '6' : '.',
		!(old_flags & BATADV_MCAST_WANT_NO_RTR4) ? "R4" : ". ",
		!(old_flags & BATADV_MCAST_WANT_NO_RTR6) ? "R6" : ". ");

            

Line: 49 Column: 20 CWE codes: 134
Suggestion: Use a constant for the format specification

              	    TP_fast_assign(
		    __assign_str(device, bat_priv->soft_iface->name);
		    __assign_str(driver, KBUILD_MODNAME);
		    WARN_ON_ONCE(vsnprintf(__get_dynamic_array(msg),
					   BATADV_MAX_MSG_LEN,
					   vaf->fmt,
					   *vaf->va) >= BATADV_MAX_MSG_LEN);
	    ),


            

Line: 29 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	unsigned short c_cflag;		/* control mode flags */
	unsigned short c_lflag;		/* local mode flags */
	unsigned char c_line;		/* line discipline */
	unsigned char c_cc[NCC];	/* control characters */
};

/* modem lines */
#define TIOCM_LE	0x001
#define TIOCM_DTR	0x002

            

Line: 644 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              					   ic->i_send_hdrs_dma[pos],
					   sizeof(struct rds_header),
					   DMA_TO_DEVICE);
		memcpy(ic->i_send_hdrs[pos], &rm->m_inc.i_hdr,
		       sizeof(struct rds_header));


		/* Set up the data, if present */
		if (i < work_alloc