Line: 205 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               * is greater than 8 plus 1 (for underscore) plus length of longest type name.
 */
#define MAX_MCATYPE_NAME_LEN	30
static char buf_mcatype[MAX_MCATYPE_NAME_LEN];

static DEFINE_PER_CPU(struct threshold_bank **, threshold_banks);

/*
 * A list of the banks enabled on each logical CPU. Controls which respective

            

Line: 1087 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              #define SHOW_FIELDS(name)						\
static ssize_t show_ ## name(struct threshold_block *b, char *buf)	\
{									\
	return sprintf(buf, "%lu\n", (unsigned long) b->name);		\
}
SHOW_FIELDS(interrupt_enable)
SHOW_FIELDS(threshold_limit)

static ssize_t

            

Line: 1148 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              	if (rdmsr_on_cpu(b->cpu, b->address, &lo, &hi))
		return -ENODEV;

	return sprintf(buf, "%u\n", ((hi & THRESHOLD_MAX) -
				     (THRESHOLD_MAX - b->threshold_limit)));
}

static struct threshold_attr error_count = {
	.attr = {.name = __stringify(error_count), .mode = 0444 },

            

Line: 1455 Column: 57 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               * - 0 if nothing was copied.
 * - -EINVAL if the linear address of the instruction could not be calculated
 */
int insn_fetch_from_user(struct pt_regs *regs, unsigned char buf[MAX_INSN_SIZE])
{
	unsigned long ip;
	int not_copied;

	if (insn_get_effective_ip(regs, &ip))

            

Line: 1483 Column: 66 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               *  - 0 if nothing was copied.
 *  - -EINVAL if the linear address of the instruction could not be calculated.
 */
int insn_fetch_from_user_inatomic(struct pt_regs *regs, unsigned char buf[MAX_INSN_SIZE])
{
	unsigned long ip;
	int not_copied;

	if (insn_get_effective_ip(regs, &ip))

            

Line: 1511 Column: 16 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               * True if instruction was decoded, False otherwise.
 */
bool insn_decode_from_regs(struct insn *insn, struct pt_regs *regs,
			   unsigned char buf[MAX_INSN_SIZE], int buf_size)
{
	int seg_defs;

	insn_init(insn, buf, buf_size, user_64bit_mode(regs));


            

Line: 499 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              }
static inline void memcpy_fromio(void *dst, const volatile void __iomem *src, int count)
{
	memcpy(dst, (void __force *) src, count);
}
static inline void memcpy_toio(volatile void __iomem *dst, const void *src, int count)
{
	memcpy((void __force *) dst, src, count);
}

            

Line: 503 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              }
static inline void memcpy_toio(volatile void __iomem *dst, const void *src, int count)
{
	memcpy((void __force *) dst, src, count);
}

/*
 * The caches on some architectures aren't dma-coherent and have need to
 * handle this in software.  There are three types of operations that

            

Line: 270 Column: 25 CWE codes: 120 20

              		BUG();							\
}									\
									\
static inline type pfx##read##bwlq(const volatile void __iomem *mem)	\
{									\
	volatile type *__mem;						\
	type __val;							\
									\
	__mem = (void *)__swizzle_addr_##bwlq((unsigned long)(mem));	\

            

Line: 55 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              				    struct imc_pmu *pmu_ptr)
{
	static u64 loc, *imc_mode_addr, *imc_cmd_addr;
	char mode[16], cmd[16];
	u32 cb_offset;
	struct imc_mem_info *ptr = pmu_ptr->mem_info;

	imc_debugfs_parent = debugfs_create_dir("imc", powerpc_debugfs_root);


            

Line: 67 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              	while (ptr->vbase != NULL) {
		loc = (u64)(ptr->vbase) + cb_offset;
		imc_mode_addr = (u64 *)(loc + IMC_CNTL_BLK_MODE_OFFSET);
		sprintf(mode, "imc_mode_%d", (u32)(ptr->id));
		imc_debugfs_create_x64(mode, 0600, imc_debugfs_parent,
				       imc_mode_addr);

		imc_cmd_addr = (u64 *)(loc + IMC_CNTL_BLK_CMD_OFFSET);
		sprintf(cmd, "imc_cmd_%d", (u32)(ptr->id));

            

Line: 72 Column: 3 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              				       imc_mode_addr);

		imc_cmd_addr = (u64 *)(loc + IMC_CNTL_BLK_CMD_OFFSET);
		sprintf(cmd, "imc_cmd_%d", (u32)(ptr->id));
		imc_debugfs_create_x64(cmd, 0600, imc_debugfs_parent,
				       imc_cmd_addr);
		ptr++;
	}
}

            

Line: 1 Column: 1

              # -*- coding: utf-8; mode: python -*-

# SPDX-License-Identifier: GPL-2.0

project = 'Linux Media Subsystem Documentation'

# It is possible to run Sphinx in nickpick mode with:
nitpicky = True


            

Line: 5 Column: 1

              
# SPDX-License-Identifier: GPL-2.0

project = 'Linux Media Subsystem Documentation'

# It is possible to run Sphinx in nickpick mode with:
nitpicky = True

# within nit-picking build, do not refer to any intersphinx object

            

Line: 8 Column: 1

              project = 'Linux Media Subsystem Documentation'

# It is possible to run Sphinx in nickpick mode with:
nitpicky = True

# within nit-picking build, do not refer to any intersphinx object
intersphinx_mapping = {}

# In nickpick mode, it will complain about lots of missing references that

            

Line: 207 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)

                      load(START_ADDR, START_ADDR+(4*KERNEL_SIZE), KERNEL_SIZE);

	memset((char*)ZERO_PGE, 0, PAGE_SIZE);
	strcpy((char*)ZERO_PGE, envval);
#ifdef INITRD_IMAGE_SIZE
	((long *)(ZERO_PGE+256))[0] = initrd_start;
	((long *)(ZERO_PGE+256))[1] = INITRD_IMAGE_SIZE;
#endif


            

Line: 113 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              static inline void
load(unsigned long dst, unsigned long src, unsigned long count)
{
	memcpy((void *)dst, (void *)src, count);
}

/*
 * Start the kernel.
 */

            

Line: 149 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	 *    seems rather far-fetched.
	 */
	static long nbytes;
	static char envval[256] __attribute__((aligned(8)));
	static unsigned long initrd_start;

	srm_printk("Linux/AXP bootp loader for Linux " UTS_RELEASE "\n");
	if (INIT_HWRPB->pagesize != 8192) {
		srm_printk("Expected 8kB pages, got %ldkB\n",

            

Line: 26 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

               * Do memcpy with word copies and loop unrolling. This gives the
 * best performance on the OR1200 and MOR1KX archirectures
 */
void *memcpy(void *dest, __const void *src, __kernel_size_t n)
{
	int i = 0;
	unsigned char *d, *s;
	uint32_t *dest_w = (uint32_t *)dest, *src_w = (uint32_t *)src;


            

Line: 102 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

               * Use word copies but no loop unrolling as we cannot assume there
 * will be benefits on the archirecture
 */
void *memcpy(void *dest, __const void *src, __kernel_size_t n)
{
	unsigned char *d = (unsigned char *)dest, *s = (unsigned char *)src;
	uint32_t *dest_w = (uint32_t *)dest, *src_w = (uint32_t *)src;

	/* If both source and dest are word aligned copy words */

            

Line: 125 Column: 15 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              }
#endif

EXPORT_SYMBOL(memcpy);

            

Line: 46 Column: 22 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              	if (!cmdline_ptr)
		return NULL;

	elfcorehdr_strlen = sprintf(cmdline_ptr, "elfcorehdr=0x%lx ",
				    image->elf_load_addr);

	if (elfcorehdr_strlen + cmdline_len > COMMAND_LINE_SIZE) {
		pr_err("Appending elfcorehdr=<addr> exceeds cmdline size\n");
		kfree(cmdline_ptr);

            

Line: 55 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return NULL;
	}

	memcpy(cmdline_ptr + elfcorehdr_strlen, cmdline, cmdline_len);
	// Ensure it's nul terminated
	cmdline_ptr[COMMAND_LINE_SIZE - 1] = '\0';
	return cmdline_ptr;
}


            

Line: 92 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	}

	master_entry = slave_code_buf[0];
	memcpy(slave_code_buf, slave_code, SLAVE_CODE_SIZE);
	slave_code_buf[0] = master_entry;
	ret = kexec_purgatory_get_set_symbol(image, "purgatory_start",
					     slave_code_buf, SLAVE_CODE_SIZE,
					     false);
	kfree(slave_code_buf);

            

Line: 35 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (!op || index >= op->num_resources)
		return -EINVAL;

	memcpy(r, &op->archdata.resource[index], sizeof(*r));
	return 0;
}
EXPORT_SYMBOL_GPL(of_address_to_resource);

void __iomem *of_iomap(struct device_node *node, int index)

            

Line: 127 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return -EINVAL;

	/* Start with the parent range base.  */
	memcpy(result, range + na, pna * 4);

	/* Add in the child address offset.  */
	for (i = 0; i < na; i++)
		result[pna - 1 - i] +=
			(addr[na - 1 - i] -

            

Line: 135 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			(addr[na - 1 - i] -
			 range[na - 1 - i]);

	memcpy(addr, result, pna * 4);

	return 0;
}

unsigned long of_bus_default_get_flags(const u32 *addr, unsigned long flags)

            

Line: 90 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		int i;

		for (i = 0; i < (single_step_data.is_branch ? 2 : 1); i++) {
			memcpy((void *) single_step_data.address[i],
				&single_step_data.opcode[i],
				BREAK_INSTR_SIZE);

			flush_icache_range(single_step_data.address[i],
				single_step_data.address[i] +

            

Line: 104 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
static void place_trap(unsigned long address, void *save)
{
	memcpy(save, (void *) address, BREAK_INSTR_SIZE);
	memcpy((void *) address, &arch_kgdb_ops.gdb_bpt_instr,
		BREAK_INSTR_SIZE);
	flush_icache_range(address, address + BREAK_INSTR_SIZE);
}


            

Line: 105 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              static void place_trap(unsigned long address, void *save)
{
	memcpy(save, (void *) address, BREAK_INSTR_SIZE);
	memcpy((void *) address, &arch_kgdb_ops.gdb_bpt_instr,
		BREAK_INSTR_SIZE);
	flush_icache_range(address, address + BREAK_INSTR_SIZE);
}

static void do_single_step(struct pt_regs *regs)