Line: 68 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              void
ia_css_config_gamma_table(void)
{
	memcpy(default_gamma_table.data.vamem_2, default_gamma_table_data,
	       sizeof(default_gamma_table_data));
	default_gamma_table.vamem_type   = IA_CSS_VAMEM_TYPE_2;
}

            

Line: 318 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	 * transformation (like the VMEM version), we just copy the data
	 * using a different output width. */
	for (i = 0; i < height; i++) {
		memcpy(host_ptr, isp_stats, host_width * sizeof(*host_ptr));
		isp_stats += isp_width;
		host_ptr += host_width;
	}
}


            

Line: 216 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              		adis_check_status(st);

	val = (s16)(val << shift) >> shift;
	return sprintf(buf, "%d\n", val);
}

static ssize_t adis16240_read_12bit_signed(struct device *dev,
					   struct device_attribute *attr,
					   char *buf)

            

Line: 49 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              void
ia_css_config_xnr_table(void)
{
	memcpy(default_xnr_table.data.vamem_2, default_xnr_table_data,
	       sizeof(default_xnr_table_data));
	default_xnr_table.vamem_type     = IA_CSS_VAMEM_TYPE_2;
}

            

Line: 30 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
#define BUFQ_DUMP_FILE_NAME_PREFIX_SIZE 256

static char prefix[BUFQ_DUMP_FILE_NAME_PREFIX_SIZE] = {0};

/*********************************************************/
/* Global Queue objects used by CSS                      */
/*********************************************************/


            

Line: 82 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              					only valid for RAW bayer frames */
	unsigned char raw_bayer_order;	/* bayer order, only valid
					for RAW bayer frames */
	unsigned char padding[3];	/* Extend to 32 bit multiple */
};

struct ia_css_buffer_sp {
	union {
		ia_css_ptr xmem_addr;

            

Line: 275 CWE codes: 562

              			h.size = (*handle)->size;
			/* release ref to current buffer */
			ia_css_rmgr_refcount_release_vbuf(handle);
			*handle = &h;
		}
		/* get new buffer for needed size */
		if ((*handle)->vptr == 0x0) {
			if (pool->recycle) {
				/* try and pop from pool */

            

Line: 37 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
static void read_bitstream(u8 *bitdata, u8 *buf, int *offset, int rdsize)
{
	memcpy(buf, bitdata + *offset, rdsize);
	*offset += rdsize;
}

static int readinfo_bitstream(u8 *bitdata, u8 *buf, int size, int *offset)
{

            

Line: 259 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)

              	fb_fix.mmio_start = fb_fix.smem_start + FRAMEMASTER_REG;
	fm2fb_reg  = (unsigned char *)(info->screen_base+FRAMEMASTER_REG);

	strcpy(fb_fix.id, is_fm ? "FrameMaster II" : "Rainbow II");

	/* make EBU color bars on display */
	ptr = (unsigned long *)fb_fix.smem_start;
	for (y = 0; y < 576; y++) {
		for (x = 0; x < 96; x++) *ptr++ = 0xffffff;/* white */

            

Line: 26 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
/* This is for the firmware loaded from user space */
struct  sh_css_fw_bi_file_h {
	char version[64];		/* branch tag + week day + time */
	int binary_nr;			/* Number of binaries */
	unsigned int h_size;		/* sizeof(struct sh_css_fw_bi_file_h) */
};

extern struct ia_css_fw_info     sh_css_sp_fw;