Line: 147 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	h_eth = (struct ethhdr *)dbg.pkt;

	eth_broadcast_addr(h_eth->h_dest);
	memcpy(&h_eth->h_source, &mac, ETH_ALEN);

	header_size = sizeof(struct ethhdr);

	result = lv1_net_control(GELIC_BUS_ID, GELIC_DEVICE_ID,
				 GELIC_LV1_GET_VLAN_ID,

            

Line: 220 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	
	/* If the console is duplex then copy the COUT parameters to CIN. */
	if (PAGE0->mem_cons.cl_class == CL_DUPLEX)
		memcpy(&PAGE0->mem_kbd, &PAGE0->mem_cons, sizeof(PAGE0->mem_cons));

	/* register the pdc console */
	register_console(&pdc_cons);
}


            

Line: 28 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (!p->ainsn.insn)
		return -ENOMEM;

	memcpy(p->ainsn.insn, p->addr,
		MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
	p->opcode = *p->addr;
	flush_insn_slot(p);
	return 0;
}

            

Line: 120 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
void __init ixp4xx_set_udc_info(struct pxa2xx_udc_mach_info *info)
{
	memcpy(&ixp4xx_udc_info, info, sizeof *info);
}

static struct resource ixp4xx_udc_resources[] = {
	[0] = {
		.start  = 0xc800b000,

            

Line: 345 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	suspend_info = suspend_ocram_base;

	suspend_info->io_count = soc_data->suspend_io_count;
	memcpy(suspend_info->io_state, soc_data->suspend_io_config,
	       sizeof(*suspend_info->io_state) * soc_data->suspend_io_count);

	suspend_info->m4if_base = ioremap(soc_data->m4if_addr, SZ_16K);
	if (!suspend_info->m4if_base) {
		ret = -ENOMEM;

            

Line: 93 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	reloc = (void *)virt;
#endif

	memcpy(virt, dereference_function_descriptor(relocate_new_kernel),
		relocate_new_kernel_size);

	*(unsigned long *)(virt + kexec_cmdline_offset) = arch->cmdline;
	*(unsigned long *)(virt + kexec_initrd_start_offset) = arch->initrd_start;
	*(unsigned long *)(virt + kexec_initrd_end_offset) = arch->initrd_end;

            

Line: 141 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              /* If this changes, userland unwinders that Know Things about our signal
   frame will break.  Do not undertake lightly.  It also implies an ABI
   change wrt the size of siginfo_t, which may cause some pain.  */
extern char compile_time_assert
        [offsetof(struct rt_sigframe, uc.uc_mcontext) == 176 ? 1 : -1];

#define INSN_MOV_R30_R16	0x47fe0410
#define INSN_LDI_R0		0x201f0000
#define INSN_CALLSYS		0x00000083

            

Line: 344 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              dump_elf_task_fp(elf_fpreg_t *dest, struct task_struct *task)
{
	struct switch_stack *sw = (struct switch_stack *)task_pt_regs(task) - 1;
	memcpy(dest, sw->fp, 32 * 8);
	return 1;
}
EXPORT_SYMBOL(dump_elf_task_fp);

/*

            

Line: 422 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
static inline void rwa010_read_ident(void)
{
	unsigned char si[9];
	int i, j;

	WRITE_RWA(3, 0);
	WRITE_RWA(0, 128);


            

Line: 109 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              void
show_cache_info(struct seq_file *m)
{
	char buf[32];

	seq_printf(m, "I-cache\t\t: %ld KB\n", 
		cache_info.ic_size/1024 );
	if (cache_info.dc_loop != 1)
		snprintf(buf, 32, "%lu-way associative", cache_info.dc_loop);