Line: 410 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	struct omap3isp_hist_config *cur_cfg = hist->priv;

	if (!hist->configured || hist_comp_params(hist, user_cfg)) {
		memcpy(cur_cfg, user_cfg, sizeof(*user_cfg));
		if (user_cfg->num_acc_frames == 0)
			user_cfg->num_acc_frames = 1;
		hist->inc_config++;
		hist->update = 1;
		/*

            

Line: 292 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
out:
	if (update || !af->configured) {
		memcpy(cur_cfg, user_cfg, sizeof(*cur_cfg));
		af->inc_config++;
		af->update = 1;
		/*
		 * User might be asked for a bigger buffer than necessary for
		 * this configuration. In order to return the right amount of

            

Line: 875 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		pixelcode = fmt->code;
		format = __csi2_get_format(csi2, sd_state, CSI2_PAD_SINK,
					   which);
		memcpy(fmt, format, sizeof(*fmt));

		/*
		 * Only Allow DPCM decompression, and check that the
		 * pattern is preserved
		 */

            

Line: 678 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		 */
		format = __ccp2_get_format(ccp2, sd_state, CCP2_PAD_SINK,
					   which);
		memcpy(fmt, format, sizeof(*fmt));
		fmt->code = MEDIA_BUS_FMT_SGRBG10_1X10;
		break;
	}

	fmt->field = V4L2_FIELD_NONE;

            

Line: 163 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	unsigned int nbufs;		/* How many are alloc'd */
	int next_buf;			/* Next to consume (dev_lock) */

	char bus_info[32];		/* querycap bus_info */

	/* DMA buffers - vmalloc mode */
#ifdef MCAM_MODE_VMALLOC
	unsigned int dma_buf_size;	/* allocated size */
	void *dma_bufs[MAX_DMA_BUFS];	/* Internal buffer addresses */

            

Line: 779 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			/* save the data */
			pp0dest = &ioc->fc_port_page0[portnum];
			copy_sz = min_t(int, sizeof(FCPortPage0_t), data_sz);
			memcpy(pp0dest, ppage0_alloc, copy_sz);

			/*
			 *	Normalize endianness of structure data,
			 *	by byte-swapping all > 1 byte fields!
			 */

            

Line: 1353 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	HWaddr[5] = a[0];

	dev->addr_len = FC_ALEN;
	memcpy(dev->dev_addr, HWaddr, FC_ALEN);
	memset(dev->broadcast, 0xff, FC_ALEN);

	/* The Tx queue is 127 deep on the 909.
	 * Give ourselves some breathing room.
	 */

            

Line: 472 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		 * Drop the lock during the big copy.  This *should* be safe...
		 */
		spin_unlock_irqrestore(&cam->dev_lock, flags);
		memcpy(vb2_plane_vaddr(&buf->vb_buf.vb2_buf, 0),
				cam->dma_bufs[bufno],
				cam->pix_format.sizeimage);
		mcam_buffer_done(cam, bufno, &buf->vb_buf);
		spin_lock_irqsave(&cam->dev_lock, flags);
	}

            

Line: 692 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		else
			offset = S5PCSIS_PKTDATA_ODD;

		memcpy(pktbuf->data, (u8 __force *)state->regs + offset,
		       pktbuf->len);
		pktbuf->data = NULL;
		rmb();
	}


            

Line: 1086 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              static int fimc_md_get_clocks(struct fimc_md *fmd)
{
	struct device *dev = &fmd->pdev->dev;
	char clk_name[32];
	struct clk *clock;
	int i, ret = 0;

	for (i = 0; i < FIMC_MAX_CAMCLKS; i++)
		fmd->camclk[i].clock = ERR_PTR(-EINVAL);