Line: 809 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	tmp = iwl_eeprom_query_addr(eeprom, eeprom_size, EEPROM_MAC_ADDRESS);
	if (!tmp)
		goto err_free;
	memcpy(data->hw_addr, tmp, ETH_ALEN);
	data->n_hw_addrs = iwl_eeprom_query16(eeprom, eeprom_size,
					      EEPROM_NUM_MAC_ADDRESS);

	if (iwl_eeprom_read_calib(eeprom, eeprom_size, data))
		goto err_free;

            

Line: 236 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	int tx_coalesce_usecs;
	struct hrtimer tx_coalesce_timer;

	unsigned char *rx_buf[RX_DESC_NUM];
	dma_addr_t rx_phys[RX_DESC_NUM];
	unsigned int rx_head;
	unsigned int rx_buf_size;
	unsigned int rx_cnt_remaining;


            

Line: 63 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	u64 timestamp;
	bool lost;
	u8 event_id;
	char msg[TRACE_STR_MSG];
};

struct mlx5_fw_tracer {
	struct mlx5_core_dev *dev;
	struct mlx5_nb        nb;

            

Line: 134 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return -ENOMEM;
	mlxsw_sp->counter_pool = pool;
	pool->sub_pools_count = sub_pools_count;
	memcpy(pool->sub_pools, mlxsw_sp_counter_sub_pools,
	       flex_array_size(pool, sub_pools, pool->sub_pools_count));
	spin_lock_init(&pool->counter_pool_lock);
	atomic_set(&pool->active_entries_count, 0);

	err = devlink_resource_size_get(devlink, MLXSW_SP_RESOURCE_COUNTERS,

            

Line: 821 CWE codes: 908

              	skb_push(skb, PRESTERA_DSA_HLEN);
	memmove(skb->data, skb->data + PRESTERA_DSA_HLEN, 2 * ETH_ALEN);

	if (prestera_dsa_build(&dsa, skb->data + 2 * ETH_ALEN) != 0)
		return NET_XMIT_DROP;

	return prestera_sdma_xmit(&port->sw->rxtx->sdma, skb);
}

            

Line: 37 Column: 21 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
#define IXGB_WRITE_FLUSH(a) IXGB_READ_REG(a, STATUS)

#define IXGB_MEMCPY memcpy

#endif /* _IXGB_OSDEP_H_ */

            

Line: 107 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	unsigned int offset = block_index * MLXSW_SP1_AFK_KEY_BLOCK_SIZE;
	char *output_indexed = output + offset;

	memcpy(output_indexed, block, MLXSW_SP1_AFK_KEY_BLOCK_SIZE);
}

static void mlxsw_sp1_afk_clear_block(char *output, int block_index)
{
	unsigned int offset = block_index * MLXSW_SP1_AFK_KEY_BLOCK_SIZE;

            

Line: 38 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              					enum mlxsw_reg_pemrbt_protocol protocol,
					struct mlxsw_sp_acl_ruleset *ruleset)
{
	char pemrbt_pl[MLXSW_REG_PEMRBT_LEN];
	u16 group_id;

	group_id = mlxsw_sp_acl_ruleset_group_id(ruleset);

	mlxsw_reg_pemrbt_pack(pemrbt_pl, protocol, group_id);

            

Line: 57 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	dev_info.db_page_size = adapter->roce_db.size;
	dev_info.db_total_size = adapter->roce_db.total_size;
	dev_info.netdev = adapter->netdev;
	memcpy(dev_info.mac_addr, adapter->netdev->dev_addr, ETH_ALEN);
	dev_info.dev_family = adapter->sli_family;
	if (msix_enabled(adapter)) {
		/* provide all the vectors, so that EQ creation response
		 * can decide which one to use.
		 */

            

Line: 81 Column: 9 CWE codes: 126

              		of_property_read_string_index(root, "compatible", 0, &tmp);

		/* get rid of '/' in the compatible string to be able to find the FW */
		len = strlen(tmp) + 1;
		board_type = devm_kzalloc(dev, len, GFP_KERNEL);
		strscpy(board_type, tmp, len);
		for (i = 0; i < board_type[i]; i++) {
			if (board_type[i] == '/')
				board_type[i] = '-';