Line: 48 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	u32	mfa;
	struct service_processor *sp = (struct service_processor *)dev_id;
	void __iomem *base_address = sp->base_address;
	char tsbuf[32];

	if (!sp_interrupt_pending(base_address))
		return IRQ_NONE;

	dbg("respond to interrupt at %s\n", get_timestamp(tsbuf));

            

Line: 190 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	u32 state;
	struct crq_server_adapter *adapter;
	spinlock_t lock;
	unsigned char hmc_id[HMC_ID_LEN];
	struct ibmvmc_buffer buffer[MAX_BUF_POOL_SIZE];
	unsigned short queue_outbound_msgs[MAX_BUF_POOL_SIZE];
	int queue_head, queue_tail;
	struct ibmvmc_file_session *file_session;
};

            

Line: 93 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		goto out;
	}

	memcpy(srcbuf, src, srcsize);

	dprintk(DBGLVL_FW, "%s() dlflag = 0x%x\n", __func__, dlflag);
	dprintk(DBGLVL_FW, "%s() dlflag_ack = 0x%x\n", __func__, dlflag_ack);
	dprintk(DBGLVL_FW, "%s() drflag = 0x%x\n", __func__, drflag);
	dprintk(DBGLVL_FW, "%s() drflag_ack = 0x%x\n", __func__, drflag_ack);

            

Line: 310 Column: 6 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
				if (buf->actual_size <= ubuf->actual_size) {

					memcpy(ubuf->data, buf->cpu, ubuf->actual_size);

					if (crc_checking) {
						/* Throw a new checksum on the read buffer */
						ubuf->crc = crc32(0, ubuf->data, ubuf->actual_size);
					}

            

Line: 129 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	buffer[1] = 0xff;
	buffer[2] = 0xff;
	buffer[3] = 0xff;
	memcpy(buffer + 4, fw->data, fw->size);

	txbuf[0] = FPGA_CMD_REFRESH;
	spi_write(spi, txbuf, 4);

	txbuf[0] = FPGA_CMD_WRITE_EN;

            

Line: 382 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	msg_tmp.size = le16_to_cpu((__force __le16)msg_tmp.size);
	msg_tmp.command = le32_to_cpu((__force __le32)msg_tmp.command);
	msg_tmp.controlselector = le16_to_cpu((__force __le16)msg_tmp.controlselector);
	memcpy(msg, &msg_tmp, sizeof(*msg));

	/* No need to update the read positions, because this was a peek */
	/* If the caller specifically want to peek, return */
	if (peekonly) {
		goto peekout;

            

Line: 265 Column: 8 CWE codes: 120 20

              	struct device		*pm_dev; /* for pm_runtime purposes */
	int (*init) (struct lis3lv02d *lis3);
	int (*write) (struct lis3lv02d *lis3, int reg, u8 val);
	int (*read) (struct lis3lv02d *lis3, int reg, u8 *ret);
	int (*blkread) (struct lis3lv02d *lis3, int reg, int len, u8 *ret);
	int (*reg_ctrl) (struct lis3lv02d *lis3, bool state);

	int                     *odrs;     /* Supported output data rates */
	u8			*regs;	   /* Regs to store / restore */

            

Line: 49 Column: 14 CWE codes: 120 20

              	int ret;

	/* power up the device */
	ret = lis3->read(lis3, CTRL_REG1, &reg);
	if (ret < 0)
		return ret;

	reg |= CTRL1_PD0 | CTRL1_Xen | CTRL1_Yen | CTRL1_Zen;
	return lis3->write(lis3, CTRL_REG1, reg);

            

Line: 422 Column: 34 CWE codes: 126

              	/* short circuit if we already found a value. */
	if (args->value != -ESRCH)
		return 0;
	if (strncmp(param, args->param, strlen(args->param)) == 0) {
		bool bool_result;
		int ret;

		ret = kstrtobool(val, &bool_result);
		if (ret == 0)

            

Line: 321 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (i->index >= HEXIUM_INPUTS)
		return -EINVAL;

	memcpy(i, &hexium_inputs[i->index], sizeof(struct v4l2_input));

	DEB_D("v4l2_ioctl: VIDIOC_ENUMINPUT %d\n", i->index);
	return 0;
}