Line: 59 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              int touchkit_ps2_detect(struct psmouse *psmouse, bool set_properties)
{
	struct input_dev *dev = psmouse->dev;
	unsigned char param[3];
	int command;

	param[0] = TOUCHKIT_CMD_LENGTH;
	param[1] = TOUCHKIT_CMD_ACTIVE;
	command = TOUCHKIT_SEND_PARMS(2, 3, TOUCHKIT_CMD);

            

Line: 114 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              	if (attr->inverted)
		value = !value;

	return sprintf(buf, "%u\n", value);
}

static ssize_t trackpoint_set_int_attr(struct psmouse *psmouse, void *data,
					const char *buf, size_t count)
{

            

Line: 344 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	audio_enable = intel_de_read(dev_priv, VLV_AUD_PORT_EN_DBG(port));

	if (eld != NULL) {
		memcpy(ppdata->eld, eld, HDMI_MAX_ELD_BYTES);
		ppdata->pipe = pipe;
		ppdata->ls_clock = ls_clock;
		ppdata->dp_output = dp_output;

		/* Unmute the amp for both DP and HDMI */

            

Line: 726 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	}

	for (i = 0; i < HDMI_NUM_TX_CHANNEL; i++) {
		char name[32], label[32];

		snprintf(name, sizeof(name), "hdmi_tx_l%d", i);
		snprintf(label, sizeof(label), "HDMI_TX_L%d", i);

		pll->mmio_qserdes_tx[i] = msm_ioremap(pdev, name, label);

            

Line: 137 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	}

	buf[0] = offset;
	memcpy(&buf[1], data, data_len);
	msgs[0].buf = buf;
	msgs[0].len = data_len + 1;
retry:
	rc = i2c_transfer(hdmi->i2c, msgs, 1);


            

Line: 62 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	enum rmi_sensor_type sensor_type;
	struct input_dev *input;
	struct rmi_function *fn;
	char input_phys[32];
	u8 report_abs;
	u8 report_rel;
	u8 x_mm;
	u8 y_mm;
	enum rmi_reg_state dribble;

            

Line: 157 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #ifdef CONFIG_OF
static void rmi_function_of_probe(struct rmi_function *fn)
{
	char of_name[9];
	struct device_node *node = fn->rmi_dev->xport->dev->of_node;

	snprintf(of_name, sizeof(of_name), "rmi4-f%02x",
		fn->fd.function_number);
	fn->dev.of_node = of_get_child_by_name(node, of_name);

            

Line: 168 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	lba_list = kvmalloc(lba_list_size, GFP_KERNEL);

	if (lba_list)
		memcpy(lba_list, emeta_to_lbas(pblk, emeta_buf), lba_list_size);

	kvfree(emeta_buf);

	return lba_list;
}

            

Line: 266 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			return IRQ_HANDLED;
		}

		memcpy(obs, drvdata->attn_data.data, ob_len);

		drvdata->attn_data.data += ob_len;
		drvdata->attn_data.size -= ob_len;
	} else {
		/* Grab all of the data registers, and check them for data */

            

Line: 1318 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			valid_bytes = drvdata->attn_data.size;
		else
			valid_bytes = f11->sensor.attn_size;
		memcpy(f11->sensor.data_pkt, drvdata->attn_data.data,
			valid_bytes);
		drvdata->attn_data.data += valid_bytes;
		drvdata->attn_data.size -= valid_bytes;
	} else {
		error = rmi_read_block(rmi_dev,