Line: 44 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return NULL;
	}
	sun->sun_family = AF_UNIX;
	memcpy(sun->sun_path, name, len);
	return sun;
}

static int connect_to_switch(struct daemon_data *pri)
{

            

Line: 106 Column: 6 CWE codes: 120 20

              		goto out_free;
	}

	n = read(pri->control, sun, sizeof(*sun));
	if (n != sizeof(*sun)) {
		printk(UM_KERN_ERR "daemon_open : read of data socket failed, "
		       "err = %d\n", -errno);
		err = -ENOTCONN;
		goto out_free;

            

Line: 138 Column: 7 CWE codes: 126

              
	if (!strcmp(pri->sock_type, "unix"))
		pri->ctl_addr = new_addr(pri->ctl_sock,
					 strlen(pri->ctl_sock) + 1);
	name.zero = 0;
	name.pid = os_getpid();
	gettimeofday(&tv, NULL);
	name.usecs = tv.tv_usec;
	pri->local_addr = new_addr(&name, sizeof(name));

            

Line: 133

               * set, reset or clear a bit in the fp status register
 */
.macro	fp_set_sr	bit
	bset	#(\bit&7),(FPD_FPSR+3-(\bit/8),FPDATA)
.endm

.macro	fp_clr_sr	bit
	bclr	#(\bit&7),(FPD_FPSR+3-(\bit/8),FPDATA)
.endm

            

Line: 133

               * set, reset or clear a bit in the fp status register
 */
.macro	fp_set_sr	bit
	bset	#(\bit&7),(FPD_FPSR+3-(\bit/8),FPDATA)
.endm

.macro	fp_clr_sr	bit
	bclr	#(\bit&7),(FPD_FPSR+3-(\bit/8),FPDATA)
.endm

            

Line: 133

               * set, reset or clear a bit in the fp status register
 */
.macro	fp_set_sr	bit
	bset	#(\bit&7),(FPD_FPSR+3-(\bit/8),FPDATA)
.endm

.macro	fp_clr_sr	bit
	bclr	#(\bit&7),(FPD_FPSR+3-(\bit/8),FPDATA)
.endm

            

Line: 88 Column: 17 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

               */
int spufs_handle_class1(struct spu_context *ctx)
{
	u64 ea, dsisr, access;
	unsigned long flags;
	vm_fault_t flt = 0;
	int ret;

	/*

            

Line: 121 Column: 2 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              	spu_release(ctx);

	access = (_PAGE_PRESENT | _PAGE_READ);
	access |= (dsisr & MFC_DSISR_ACCESS_PUT) ? _PAGE_WRITE : 0UL;
	local_irq_save(flags);
	ret = hash_page(ea, access, 0x300, dsisr);
	local_irq_restore(flags);

	/* hashing failed, so try the actual fault handler */

            

Line: 123 Column: 22 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              	access = (_PAGE_PRESENT | _PAGE_READ);
	access |= (dsisr & MFC_DSISR_ACCESS_PUT) ? _PAGE_WRITE : 0UL;
	local_irq_save(flags);
	ret = hash_page(ea, access, 0x300, dsisr);
	local_irq_restore(flags);

	/* hashing failed, so try the actual fault handler */
	if (ret)
		ret = copro_handle_mm_fault(current->mm, ea, dsisr, &flt);

            

Line: 33 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	u8 hcs_mac_addr[ETH_ALEN] = { 0x00, 0x10, 0x18, 0xff, 0xff, 0xff };

	/* extract nvram data */
	memcpy(&nvram, addr, BCM963XX_NVRAM_V5_SIZE);

	/* check checksum before using data */
	if (bcm963xx_nvram_checksum(&nvram, &expected_crc, &crc))
		pr_warn("nvram checksum failed, contents may be invalid (expected %08x, got %08x)\n",
			expected_crc, crc);

            

Line: 45 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	 * pool.
	 */
	if (BCMCPU_IS_3368()) {
		memcpy(nvram.mac_addr_base, hcs_mac_addr, ETH_ALEN);
		nvram.mac_addr_count = 2;
	}
}

u8 *bcm63xx_nvram_get_name(void)

            

Line: 66 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return -ENODEV;
	}

	memcpy(mac, nvram.mac_addr_base, ETH_ALEN);
	oui = mac + ETH_ALEN/2 - 1;
	count = mac_addr_used;

	while (count--) {
		u8 *p = mac + ETH_ALEN - 1;

            

Line: 799 Column: 51 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              }
#endif /* CONFIG_HAVE_ARCH_SOFT_DIRTY */

static inline bool check_pte_access(unsigned long access, unsigned long ptev)
{
	/*
	 * This check for _PAGE_RWX and _PAGE_PRESENT bits
	 */
	if (access & ~ptev)

            

Line: 804 Column: 6 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              	/*
	 * This check for _PAGE_RWX and _PAGE_PRESENT bits
	 */
	if (access & ~ptev)
		return false;
	/*
	 * This check for access to privilege space
	 */
	if ((access & _PAGE_PRIVILEGED) != (ptev & _PAGE_PRIVILEGED))

            

Line: 809 Column: 7 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              	/*
	 * This check for access to privilege space
	 */
	if ((access & _PAGE_PRIVILEGED) != (ptev & _PAGE_PRIVILEGED))
		return false;

	return true;
}
/*

            

Line: 26 Column: 6 CWE codes: 120 20

              {
	int n;

	n = read(fd, c_out, sizeof(*c_out));
	if (n > 0)
		return n;
	else if (n == 0)
		return -EIO;
	else if (errno == EAGAIN)

            

Line: 200 Column: 10 CWE codes: 120 20

              	 * kernel semaphores. We don't use SysV semaphores because they are
	 * persistent.
	 */
	count = read(pipe_fd, &c, sizeof(c));
	if (count != sizeof(c))
		printk(UM_KERN_ERR "winch_thread : failed to read "
		       "synchronization byte, err = %d\n", errno);

	while(1) {

            

Line: 249 Column: 6 CWE codes: 120 20

              	}

	*fd_out = fds[0];
	n = read(fds[0], &c, sizeof(c));
	if (n != sizeof(c)) {
		printk(UM_KERN_ERR "winch_tramp : failed to read "
		       "synchronization byte\n");
		printk(UM_KERN_ERR "read failed, err = %d\n", errno);
		printk(UM_KERN_ERR "fd %d will not support SIGWINCH\n", fd);

            

Line: 49 Column: 1 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              EXPORT_SYMBOL(memory_start);
EXPORT_SYMBOL(memory_end);

char __initdata command_line[COMMAND_LINE_SIZE];

/* machine dependent timer functions */
void (*mach_sched_init)(void) __initdata = NULL;
int (*mach_hwclk) (int, struct rtc_time*);


            

Line: 152 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	/* Keep a copy of command line */
	*cmdline_p = &command_line[0];
	memcpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
	boot_command_line[COMMAND_LINE_SIZE-1] = 0;

	/*
	 * Give all the memory to the bootmap allocator, tell it to put the
	 * boot mem_map at the start of memory.

            

Line: 95 Column: 2 CWE codes: 120

              	config_BSP(&command_line[0], sizeof(command_line));

#if defined(CONFIG_BOOTPARAM)
	strncpy(&command_line[0], CONFIG_BOOTPARAM_STRING, sizeof(command_line));
	command_line[sizeof(command_line) - 1] = 0;
#endif /* CONFIG_BOOTPARAM */

	process_uboot_commandline(&command_line[0], sizeof(command_line));


            

Line: 95 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              static void __init axs10x_early_init(void)
{
	int mb_rev;
	char mb[32];

	/* Determine motherboard version */
	if (ioread32((void __iomem *) CREG_MB_CONFIG) & (1 << 28))
		mb_rev = 3;	/* HT-3 (rev3.0) */
	else

            

Line: 382 Column: 1 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              /*
 * For the VDK OS-kit, to get the offset to pid and command fields
 */
char coware_swa_pid_offset[TASK_PID];
char coware_swa_comm_offset[TASK_COMM];

#endif	/* CONFIG_AXS103 */

            

Line: 383 Column: 1 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               * For the VDK OS-kit, to get the offset to pid and command fields
 */
char coware_swa_pid_offset[TASK_PID];
char coware_swa_comm_offset[TASK_COMM];

#endif	/* CONFIG_AXS103 */

            

Line: 12 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #include <asm/asm.h>
#include <linux/bitops.h>

extern const char * const x86_cap_flags[NCAPINTS*32];
extern const char * const x86_power_flags[32];
#define X86_CAP_FMT "%s"
#define x86_cap_flag(flag) x86_cap_flags[flag]

/*

            

Line: 13 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #include <linux/bitops.h>

extern const char * const x86_cap_flags[NCAPINTS*32];
extern const char * const x86_power_flags[32];
#define X86_CAP_FMT "%s"
#define x86_cap_flag(flag) x86_cap_flags[flag]

/*
 * In order to save room, we index into this array by doing

            

Line: 21 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               * In order to save room, we index into this array by doing
 * X86_BUG_<name> - NCAPINTS*32.
 */
extern const char * const x86_bug_flags[NBUGINTS*32];

#define test_cpu_cap(c, bit)						\
	 test_bit(bit, (unsigned long *)((c)->x86_capability))

/*

            

Line: 19 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
#define FILE_FCOUNT(f) (((struct seq_file *)((f)->private_data))->private)

static const char *const mtrr_strings[MTRR_NUM_TYPES] =
{
	"uncachable",		/* 0 */
	"write-combining",	/* 1 */
	"?",			/* 2 */
	"?",			/* 3 */

            

Line: 100 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	unsigned long reg;
	unsigned long long base, size;
	char *ptr;
	char line[LINE_SIZE];
	int length;
	size_t linelen;

	memset(line, 0, LINE_SIZE);


            

Line: 111 Column: 12 CWE codes: 126

              	if (length < 0)
		return length;

	linelen = strlen(line);
	ptr = line + linelen - 1;
	if (linelen && *ptr == '\n')
		*ptr = '\0';

	if (!strncmp(line, "disable=", 8)) {