Line: 34 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct usbhs_pipe	*pipe;
	spinlock_t		lock;	/* protect the pipe */

	char ep_name[EP_NAME_SIZE];

	struct usbhsg_gpriv *gpriv;
};

struct usbhsg_gpriv {

            

Line: 766 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	init_completion(&hpriv->setup_ack_done);

	/* copy original request */
	memcpy(&req, urb->setup_packet, sizeof(struct usb_ctrlrequest));

	/*
	 * renesas_usbhs can not use original usb address.
	 * see HARDWARE LIMITATION.
	 * modify usb address here to use attached device.

            

Line: 232 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              	struct usb_role_switch *sw = to_role_switch(dev);
	enum usb_role role = usb_role_switch_get_role(sw);

	return sprintf(buf, "%s\n", usb_roles[role]);
}

static ssize_t role_store(struct device *dev, struct device_attribute *attr,
			  const char *buf, size_t size)
{

            

Line: 156 Column: 26 CWE codes: 362

              
		/* only call the device specific open if this
		 * is the first time the port is opened */
		retval = serial->type->open(NULL, port);
		if (retval) {
			dev_err(&port->dev, "could not open USB console port\n");
			goto fail;
		}


            

Line: 39 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	int alloc_ms = jiffies_to_msecs(jiffies - cmd->jiffies_at_alloc);
	int timeout_ms = jiffies_to_msecs(rq->timeout);
	const u8 *const cdb = READ_ONCE(cmd->cmnd);
	char buf[80] = "(?)";

	if (cdb)
		__scsi_format_command(buf, sizeof(buf), cdb, cmd->cmd_len);
	seq_printf(m, ", .cmd=%s, .retries=%d, .result = %#x, .flags=", buf,
		   cmd->retries, cmd->result);

            

Line: 898 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
static int f81534a_ctrl_enable_all_ports(struct usb_interface *intf, bool en)
{
	unsigned char enable[2] = {0};
	int status;

	/*
	 * Enable all available serial ports, define as following:
	 * bit 15	: Reset behavior (when HUB got soft reset)

            

Line: 181 Column: 9 CWE codes: 134
Suggestion: Use a constant for the format specification

              {									\
	struct raid_data *rd = dev_get_drvdata(dev);			\
	code								\
	return snprintf(buf, 20, #fmt "\n", var);			\
}

#define raid_attr_ro_states(attr, states, code)				\
raid_attr_show_internal(attr, %s, name,					\
	const char *name;						\

            

Line: 331 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #define PREV_RES_PTR(wheee)   (((wheee) - 1) & RES_QUEUE_LEN)

struct pti_queue_entry {
	char __opaque[QUEUE_ENTRY_LEN];
};

struct scsi_cmnd;

/* Software state for the driver. */

            

Line: 292 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	 */
	*(u8 *)urb->transfer_buffer = ir_xbof | ir_baud;

	memcpy(urb->transfer_buffer + 1, buf, count);

	urb->transfer_buffer_length = count + 1;
	urb->transfer_flags = URB_ZERO_PACKET;

	ret = usb_submit_urb(urb, GFP_ATOMIC);

            

Line: 505 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		/* Not currently supported */
		tty->termios.c_cflag &= ~CRTSCTS;
	}
	memcpy(cfg, &priv->cfg, sizeof(*cfg));
	spin_unlock_irqrestore(&priv->lock, flags);

	/* now commit changes to device */
	klsi_105_chg_port_settings(port, cfg);
err: