Line: 510 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	u16 rx_itr_default;
	u16 tx_itr_default;
	u32 msg_enable;
	char int_name[I40E_INT_NAME_STR_LEN];
	u16 adminq_work_limit; /* num of admin receive queue desc to process */
	unsigned long service_timer_period;
	unsigned long service_timer_previous;
	struct timer_list service_timer;
	struct work_struct service_task;

            

Line: 894 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct irq_affinity_notify affinity_notify;

	struct rcu_head rcu;	/* to avoid race with update stats on free */
	char name[I40E_INT_NAME_STR_LEN];
	bool arm_wb_state;
} ____cacheline_internodealigned_in_smp;

/* lan device */
struct i40e_device {

            

Line: 910 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               **/
static inline char *i40e_nvm_version_str(struct i40e_hw *hw)
{
	static char buf[32];
	u32 full_ver;

	full_ver = hw->nvm.oem_ver;

	if (hw->nvm.eetrack == I40E_OEM_EETRACK_ID) {

            

Line: 1274 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			for (r=rxd, i=used_frags ; i ; r=r->rxd_next, i--){
				n = le32_to_cpu(r->rxd_rbctrl) & RD_LENGTH ;
				DB_RX(6, "cp SMT frame to mb: len = %d", n);
				memcpy(data,r->rxd_virt,n) ;
				data += n ;
			}
			data = smtod(mb,char *) - 1 ;
#endif
			fc = *(char *)mb->sm_data = *data ;

            

Line: 1689 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		if (smc->os.hwm.tx_mb) {
#ifndef	USE_OS_CPY
			DB_TX(3, "copy fragment into MBuf");
			memcpy(smc->os.hwm.tx_data,virt,len) ;
			smc->os.hwm.tx_data += len ;
#endif
			if (frame_status & LAST_FRAG) {
#ifdef	USE_OS_CPY
#ifndef PASS_1ST_TXD_2_TX_COMP

            

Line: 1806 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	int	i ;
	int	frag_count ;
	int	frame_status ;
	SK_LOC_DECL(char far,*virt[3]) ;
	int	frag_len[3] ;
	struct s_smt_tx_queue *queue ;
	struct s_smt_fp_txd volatile *t ;
	u_long	phys ;
	__le32	tbctrl;

            

Line: 184 Column: 3 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)

              	mib->fddiSMTLoVersionId = 2 ;
	memcpy((char *) mib->fddiSMTManufacturerData,man_data,32) ;
	if (level == 0) {
		strcpy(mib->fddiSMTUserData,OEM_USER_DATA) ;
	}
	mib->fddiSMTMIBVersionId = 1 ;
	mib->fddiSMTMac_Ct = NUMMACS ;
	mib->fddiSMTConnectionPolicy = POLICY_MM | POLICY_AA | POLICY_BB ;


            

Line: 152 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              /*
 * manufacturer data
 */
static const char man_data[32] =
/*	 01234567890123456789012345678901	*/
	"xxxSK-NET FDDI SMT 7.3 - V2.8.8" ;

static void smt_init_mib(struct s_smc *smc, int level)
{

            

Line: 182 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	mib->fddiSMTOpVersionId = 2 ;
	mib->fddiSMTHiVersionId = 2 ;
	mib->fddiSMTLoVersionId = 2 ;
	memcpy((char *) mib->fddiSMTManufacturerData,man_data,32) ;
	if (level == 0) {
		strcpy(mib->fddiSMTUserData,OEM_USER_DATA) ;
	}
	mib->fddiSMTMIBVersionId = 1 ;
	mib->fddiSMTMac_Ct = NUMMACS ;

            

Line: 729 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (buff) {
		dma_buff = &hw->aq.asq.r.asq_bi[hw->aq.asq.next_to_use];
		/* copy the user buff into the respective DMA buff */
		memcpy(dma_buff->va, buff, buff_size);
		desc_on_ring->datalen = cpu_to_le16(buff_size);

		/* Update the address values in the desc with the pa value
		 * for respective buffer
		 */

            

Line: 772 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (iavf_asq_done(hw)) {
		*desc = *desc_on_ring;
		if (buff)
			memcpy(buff, dma_buff->va, buff_size);
		retval = le16_to_cpu(desc->retval);
		if (retval != 0) {
			iavf_debug(hw,
				   IAVF_DEBUG_AQ_MESSAGE,
				   "AQTX: Command completed with error 0x%X.\n",

            

Line: 898 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	datalen = le16_to_cpu(desc->datalen);
	e->msg_len = min(datalen, e->buf_len);
	if (e->msg_buf && (e->msg_len != 0))
		memcpy(e->msg_buf, hw->aq.arq.r.arq_bi[desc_idx].va,
		       e->msg_len);

	iavf_debug(hw, IAVF_DEBUG_AQ_MESSAGE, "AQRX: desc and buffer:\n");
	iavf_debug_aq(hw, IAVF_DEBUG_AQ_COMMAND, (void *)desc, e->msg_buf,
		      hw->aq.arq_buf_size);

            

Line: 258 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		goto out;

	skb_reserve(skb, xdp->data - xdp->data_hard_start);
	memcpy(__skb_put(skb, datasize), xdp->data, datasize);
	if (metasize)
		skb_metadata_set(skb, metasize);

out:
	xsk_buff_free(xdp);

            

Line: 210 Column: 12 CWE codes: 120 20

              		}
		*bi = xdp;
		dma = xsk_buff_xdp_get_dma(xdp);
		rx_desc->read.pkt_addr = cpu_to_le64(dma);
		rx_desc->read.hdr_addr = 0;

		rx_desc++;
		bi++;
		ntu++;

            

Line: 211 Column: 12 CWE codes: 120 20

              		*bi = xdp;
		dma = xsk_buff_xdp_get_dma(xdp);
		rx_desc->read.pkt_addr = cpu_to_le64(dma);
		rx_desc->read.hdr_addr = 0;

		rx_desc++;
		bi++;
		ntu++;


            

Line: 543

              		.he_cap = {
			.has_he = true,
			.he_cap_elem = {
				.mac_cap_info[0] =
					IEEE80211_HE_MAC_CAP0_HTC_HE |
					IEEE80211_HE_MAC_CAP0_TWT_REQ,
				.mac_cap_info[1] =
					IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_16US |
					IEEE80211_HE_MAC_CAP1_MULTI_TID_AGG_RX_QOS_8,

            

Line: 808 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return;
	}

	memcpy(iftype_data, iwl_he_capa, sizeof(iwl_he_capa));

	sband->iftype_data = iftype_data;
	sband->n_iftype_data = ARRAY_SIZE(iwl_he_capa);

	for (i = 0; i < sband->n_iftype_data; i++)

            

Line: 998 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		 * Store the MAC address from MAO section.
		 * No byte swapping is required in MAO section
		 */
		memcpy(data->hw_addr, hw_addr, ETH_ALEN);

		/*
		 * Force the use of the OTP MAC address in case of reserved MAC
		 * address in the NVM, or if address is given but invalid.
		 */

            

Line: 180 CWE codes: 562

              		struct {
			u8 hdr[6];
			__be16 type;
		} __packed *shdr = (void *)((u8 *)hdr + hdrlen + pad_len);

		if (unlikely(headlen - hdrlen < sizeof(*shdr) ||
			     !ether_addr_equal(shdr->hdr, rfc1042_header) ||
			     (shdr->type != htons(ETH_P_IP) &&
			      shdr->type != htons(ETH_P_ARP) &&

            

Line: 109 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (!res && !(stats->flag & RX_FLAG_ALLOW_SAME_PN))
		return -1;

	memcpy(ptk_pn->q[queue].pn[tid], pn, IEEE80211_CCMP_PN_LEN);
	stats->flag |= RX_FLAG_PN_VALIDATED;

	return 0;
}


            

Line: 232 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	radiotap->pad = 2;

	/* fill the data now */
	memcpy(radiotap->data, &mvm->cur_aid, sizeof(mvm->cur_aid));
	/* and clear the padding */
	memset(radiotap->data + sizeof(__le16), 0, radiotap->pad);

	rx_status->flag |= RX_FLAG_RADIOTAP_VENDOR_DATA;
}

            

Line: 47 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
static int mlxsw_m_base_mac_get(struct mlxsw_m *mlxsw_m)
{
	char spad_pl[MLXSW_REG_SPAD_LEN] = {0};
	int err;

	err = mlxsw_reg_query(mlxsw_m->core, MLXSW_REG(spad), spad_pl);
	if (err)
		return err;

            

Line: 138 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              mlxsw_m_port_module_info_get(struct mlxsw_m *mlxsw_m, u8 local_port,
			     u8 *p_module, u8 *p_width)
{
	char pmlp_pl[MLXSW_REG_PMLP_LEN];
	int err;

	mlxsw_reg_pmlp_pack(pmlp_pl, local_port);
	err = mlxsw_reg_query(mlxsw_m->core, MLXSW_REG(pmlp), pmlp_pl);
	if (err)

            

Line: 156 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              {
	struct mlxsw_m *mlxsw_m = mlxsw_m_port->mlxsw_m;
	struct net_device *dev = mlxsw_m_port->dev;
	char ppad_pl[MLXSW_REG_PPAD_LEN];
	int err;

	mlxsw_reg_ppad_pack(ppad_pl, false, 0);
	err = mlxsw_reg_query(mlxsw_m->core, MLXSW_REG(ppad), ppad_pl);
	if (err)

            

Line: 407 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return -ENOMEM;

	msgs[0].buf[0] = dev_addr;
	memcpy(&msgs[0].buf[1], buf, len);

	ret = i2c_transfer(sfp->i2c, msgs, ARRAY_SIZE(msgs));

	kfree(msgs[0].buf);


            

Line: 228 Column: 8 CWE codes: 120 20

              
	unsigned int (*get_state)(struct sfp *);
	void (*set_state)(struct sfp *, unsigned int);
	int (*read)(struct sfp *, bool, u8, void *, size_t);
	int (*write)(struct sfp *, bool, u8, void *, size_t);

	struct gpio_desc *gpio[GPIO_MAX];
	int gpio_irq[GPIO_MAX];


            

Line: 452 Column: 14 CWE codes: 120 20

              /* Interface */
static int sfp_read(struct sfp *sfp, bool a2, u8 addr, void *buf, size_t len)
{
	return sfp->read(sfp, a2, addr, buf, len);
}

static int sfp_write(struct sfp *sfp, bool a2, u8 addr, void *buf, size_t len)
{
	return sfp->write(sfp, a2, addr, buf, len);

            

Line: 1167 Column: 2 CWE codes: 120
Suggestion: Consider strcat_s, strlcat, snprintf, or automatically resizing strings

              {
	char debugfs_dir_name[DNAME_INLINE_LEN + 1] = "adf7242-";

	strncat(debugfs_dir_name, dev_name(&lp->spi->dev), DNAME_INLINE_LEN);

	lp->debugfs_root = debugfs_create_dir(debugfs_dir_name, NULL);

	debugfs_create_devm_seqfile(&lp->spi->dev, "status", lp->debugfs_root,
				    adf7242_stats_show);

            

Line: 760 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (changed & IEEE802154_AFILT_IEEEADDR_CHANGED) {
		u8 addr[8], i;

		memcpy(addr, &filt->ieee_addr, 8);

		for (i = 0; i < 8; i++)
			adf7242_write_reg(lp, REG_IEEE_ADDR_0 + i, addr[i]);
	}


            

Line: 1165 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
static void adf7242_debugfs_init(struct adf7242_local *lp)
{
	char debugfs_dir_name[DNAME_INLINE_LEN + 1] = "adf7242-";

	strncat(debugfs_dir_name, dev_name(&lp->spi->dev), DNAME_INLINE_LEN);

	lp->debugfs_root = debugfs_create_dir(debugfs_dir_name, NULL);