Line: 64 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct adreno_rev rev;
	uint32_t revn;
	const char *name;
	const char *fw[ADRENO_FW_MAX];
	uint32_t gmem;
	enum adreno_quirks quirks;
	struct msm_gpu *(*init)(struct drm_device *dev);
	const char *zapfw;
	u32 inactive_period;

            

Line: 69 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              static int eeti_ts_read(struct eeti_ts *eeti)
{
	int len, error;
	char buf[6];

	len = i2c_master_recv(eeti->client, buf, sizeof(buf));
	if (len != sizeof(buf)) {
		error = len < 0 ? len : -EIO;
		dev_err(&eeti->client->dev,

            

Line: 45 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct serio *serio;
	int idx;
	u8 data[EGALAX_FORMAT_MAX_LENGTH];
	char phys[32];
};

static void egalax_process_data(struct egalax *egalax)
{
	struct input_dev *dev = egalax->input;

            

Line: 126 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              {
	struct ektf2127_ts *ts = dev_id;
	struct device *dev = &ts->client->dev;
	char buf[EKTF2127_TOUCH_REPORT_SIZE];
	int ret;

	ret = i2c_master_recv(ts->client, buf, EKTF2127_TOUCH_REPORT_SIZE);
	if (ret != EKTF2127_TOUCH_REPORT_SIZE) {
		dev_err(dev, "Error reading touch data: %d\n", ret);

            

Line: 158 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
		/* All is well, copy over the buffer */
		if (payload && payload_size)
			memcpy(payload, resp.payload,
				min_t(u32, payload_size, sizeof(resp.payload)));

		return 0;
	}
}

            

Line: 1149 Column: 15 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
static const char *a6xx_uche_fault_block(struct msm_gpu *gpu, u32 mid)
{
	static const char *uche_clients[7] = {
		"VFD", "SP", "VSC", "VPC", "HLSQ", "PC", "LRZ",
	};
	u32 val;

	if (mid < 1 || mid > 3)

            

Line: 686 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (!in_range(blk->addr, bo->iova, bo->size))
		return false;

	memcpy(bo->virt + blk->addr - bo->iova, blk->data, blk->size);
	return true;
}

static int a6xx_gmu_fw_load(struct a6xx_gmu *gmu)
{

            

Line: 1646 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	intel_wakeref_t tc_lock_wakeref;
	int tc_link_refcount;
	bool tc_legacy_port:1;
	char tc_port_name[8];
	enum tc_port_mode tc_mode;
	enum phy_fia tc_phy_fia;
	u8 tc_phy_fia_idx;

	/* protects num_hdcp_streams reference count, hdcp_port_data and hdcp_auth_status */

            

Line: 121 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		dev_priv->warp_pipe_phys[where] = pcbase;
		src_size = be16_to_cpu(rec->len);
		dst_size = WARP_UCODE_SIZE(src_size);
		memcpy(vcbase, rec->data, src_size);
		pcbase += dst_size;
		vcbase += dst_size;
		where++;
	}


            

Line: 2119 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		 * (child_dev_size) of the child device config. Accessing the
		 * data must depend on VBT version.
		 */
		memcpy(&devdata->child, child,
		       min_t(size_t, defs->child_dev_size, sizeof(*child)));

		list_add_tail(&devdata->node, &i915->vbt.display_devices);
	}