Line: 216 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              {
	int i, rc;
	unsigned char *p = dev->eedata;
	unsigned char bytes[17];

	dev->i2c_client.addr = 0xa0 >> 1;
	dev->eedata_size = 0;

	bytes[16] = '\0';

            

Line: 147 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	unsigned int		hw_ex4_compat:1;
	struct v4l2_m2m_ops	*m2m_ops;
	irqreturn_t		(*jpeg_irq)(int irq, void *priv);
	const char		*clk_names[JPEG_MAX_CLOCKS];
	int			num_clocks;
};

/**
 * struct s5p_jpeg_fmt - driver's internal color format data

            

Line: 36 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
#include "camif-core.h"

static char *camif_clocks[CLK_MAX_NUM] = {
	/* HCLK CAMIF clock */
	[CLK_GATE]	= "camif",
	/* CAMIF / external camera sensor master clock */
	[CLK_CAM]	= "camera",
};

            

Line: 584 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return;

	for (i = 0; i < RCAR_DRIF_MAX_CHANNEL; i++)
		memcpy(vb2_plane_vaddr(&fbuf->vb.vb2_buf, 0) +
		       i * sdr->hwbuf_size, buf[i]->addr, sdr->hwbuf_size);

	fbuf->vb.field = V4L2_FIELD_NONE;
	fbuf->vb.sequence = produced;
	fbuf->vb.vb2_buf.timestamp = ktime_get_ns();

            

Line: 201 Column: 15 CWE codes: 362

              	vma->vm_private_data	= &buf->handler;
	vma->vm_ops		= &vb2_common_vm_ops;

	vma->vm_ops->open(vma);

	pr_debug("%s: mapped dma addr 0x%08lx at 0x%08lx, size %ld\n",
		__func__, (unsigned long)buf->dma_addr, vma->vm_start,
		buf->size);


            

Line: 383 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
		u32 *dst = &frame[part_index * USBTV_CHUNK/2];

		memcpy(dst, src, USBTV_CHUNK/2 * sizeof(*src));
		src += USBTV_CHUNK/2;
	}
}

/* Called for each 256-byte image chunk.

            

Line: 379 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	int stream_count;

	unsigned short lanes;
	unsigned char lane_swap[4];
};

static inline struct rcar_csi2 *sd_to_csi2(struct v4l2_subdev *sd)
{
	return container_of(sd, struct rcar_csi2, subdev);

            

Line: 85 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		maxlen = buf->length - buf->bytesused;
		mem = buf->mem + buf->bytesused;
		nbytes = min(len, maxlen);
		memcpy(mem, data, nbytes);
		buf->bytesused += nbytes;

		if (len > maxlen || buf->bytesused == buf->length) {
			uvc_dbg(stream->dev, FRAME,
				"Frame complete (overflow)\n");

            

Line: 137 CWE codes: 908

              					const struct uvc_control_status *status,
					struct uvc_video_chain **chain)
{
	list_for_each_entry((*chain), &dev->chains, list) {
		struct uvc_entity *entity;
		struct uvc_control *ctrl;

		list_for_each_entry(entity, &(*chain)->entities, chain) {
			if (entity->id != status->bOriginator)

            

Line: 1226 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	case HFI_PROPERTY_PARAM_VENC_HDR10_PQ_SEI: {
		struct hfi_hdr10_pq_sei *in = pdata, *hdr10 = prop_data;

		memcpy(hdr10, in, sizeof(*hdr10));
		pkt->shdr.hdr.size += sizeof(u32) + sizeof(*hdr10);
		break;
	}
	case HFI_PROPERTY_PARAM_VDEC_CONCEAL_COLOR: {
		struct hfi_conceal_color_v4 *color = prop_data;