Line: 390 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (cx22700_readreg(state, 0x07) < 0) goto error;

	/* create dvb_frontend */
	memcpy(&state->frontend.ops, &cx22700_ops, sizeof(struct dvb_frontend_ops));
	state->frontend.demodulator_priv = state;
	return &state->frontend;

error:
	kfree(state);

            

Line: 21 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              DVB_DEFINE_MOD_OPT_ADAPTER_NR(adapter_nr);

struct dtt200u_state {
	unsigned char data[80];
};

static int dtt200u_power_ctrl(struct dvb_usb_device *d, int onoff)
{
	struct dtt200u_state *st = d->priv;

            

Line: 309 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	unsigned int tx_full;				/* The Tx queue is full. */
	/* MII transceiver section. */
	int mii_cnt;						/* MII device addresses. */
	unsigned char phys[MII_CNT];		/* MII device addresses, but only the first is used */
	u32 mii;
	struct mii_if_info mii_if;
	void __iomem *base_addr;
};


            

Line: 148 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              /*		hx->len -= 2;
		data_offs += 2; */
	}
	memcpy(hx->data,&b[data_offs],hx->len);
	hx->chk = b[hx->len + data_offs];

	*pos += hx->len + 5;

	return *pos;

            

Line: 1466 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              {
	struct oct_vf_stats_ctx *ctx = arg;

	memcpy(ctx->stats, cmd->data, sizeof(struct oct_vf_stats));
	atomic_set(&ctx->status, 1);
}

int cn23xx_get_vf_stats(struct octeon_device *oct, int vfidx,
			struct oct_vf_stats *stats)

            

Line: 61 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (ke->keycode == KEY_UNKNOWN)
		ke->keycode = KEY_RESERVED;
	ke->len = sizeof(keymap[index].scancode);
	memcpy(&ke->scancode, &keymap[index].scancode, ke->len);
	ke->index = index;

	return 0;
}


            

Line: 491 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	/* remote control */
	struct rc_dev *rc_dev;
	struct input_dev *input_dev;
	char rc_phys[64];
	struct delayed_work rc_query_work;
	u32 last_event;
	int last_state;

	struct module *owner;

            

Line: 163 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return 0;

	if (extra) {
		memcpy(radio->buffer, extra, extralen);
		memset(radio->buffer + extralen, 0, 8 - extralen);
		retval = usb_bulk_msg(radio->usbdev, usb_sndintpipe(radio->usbdev, 2),
			radio->buffer, BUFFER_LENGTH, &size, USB_TIMEOUT);
	} else {
		memset(radio->buffer, 0, 8);

            

Line: 316 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	unsigned no_rds_counter = no_rds_start_counter;

	for (;;) {
		char text_buffer[66];
		u8 buf;
		int res;

		msleep_interruptible(sleep_msecs);


            

Line: 396 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              {
	u32 major = 0;

	memcpy((uint8_t *)&oct->pfvf_hsword, cmd->msg.s.params,
	       CN23XX_MAILBOX_MSGPARAM_SIZE);
	if (cmd->recv_len > 1)  {
		major = ((struct lio_version *)(cmd->data))->major;
		major = major << 16;
	}