Line: 306 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	dma_addr_t rx_mapping[RX_DESC_NUM];
	void *rx_desc_base;
	unsigned char *rx_buf_base;
	unsigned char *rx_buf[RX_DESC_NUM];
	unsigned int rx_head;
	unsigned int rx_buf_size;

	dma_addr_t tx_base;
	dma_addr_t tx_mapping[TX_DESC_NUM];

            

Line: 314 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	dma_addr_t tx_mapping[TX_DESC_NUM];
	void *tx_desc_base;
	unsigned char *tx_buf_base;
	unsigned char *tx_buf[RX_DESC_NUM];
	unsigned int tx_head;
	unsigned int tx_buf_size;

	spinlock_t txlock;
	unsigned int tx_len[TX_DESC_NUM];

            

Line: 72 Column: 16 CWE codes: 120 20

              	struct e1000_mbx_info *mbx = &hw->mbx;
	s32 ret_val = -E1000_ERR_MBX;

	if (!mbx->ops.read)
		goto out;

	ret_val = e1000_poll_for_msg(hw);

	/* if ack received read message, otherwise we timed out */

            

Line: 79 Column: 22 CWE codes: 120 20

              
	/* if ack received read message, otherwise we timed out */
	if (!ret_val)
		ret_val = mbx->ops.read(hw, msg, size);
out:
	return ret_val;
}

/**

            

Line: 674 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              {
	struct netdev_private *np = netdev_priv(to_net_dev(dev));

	return sprintf(buf, "%s\n", np->dspcfg_workaround ? "on" : "off");
}

static ssize_t natsemi_set_dspcfg_workaround(struct device *dev,
					     struct device_attribute *attr,
					     const char *buf, size_t count)

            

Line: 2681 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	res = netdev_get_eeprom(dev, eebuf);
	spin_unlock_irq(&np->lock);
	if (!res)
		memcpy(data, eebuf+eeprom->offset, eeprom->len);
	kfree(eebuf);
	return res;
}

static const struct ethtool_ops ethtool_ops = {

            

Line: 879 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	int high_dma_flag;
	int device_enabled_once;

	char name[60];

	/* Timer that handles I/O errors/exceptions */
	struct timer_list alarm_timer;

	/* Space to back up the PCI config space */

            

Line: 950 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	int msi_detected;
	wait_queue_head_t msi_wait;
	struct s2io_msix_entry *s2io_entries;
	char desc[MAX_REQUESTED_MSI_X][25];

	int avail_msix_vectors; /* No. of MSI-X vectors granted by system */

	struct msix_info_st msix_info[0x3f];


            

Line: 217 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	u32     day;
	u32     month;
	u32     year;
	char    date[VXGE_HW_FW_STRLEN];
};

struct vxge_hw_device_version {
	u32     major;
	u32     minor;

            

Line: 224 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	u32     major;
	u32     minor;
	u32     build;
	char    version[VXGE_HW_FW_STRLEN];
};

/**
 * struct vxge_hw_fifo_config - Configuration of fifo.
 * @enable: Is this fifo to be commissioned

            

Line: 353 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification

              	char pf_symbol[64];

	size = array3_size(size, abm->num_bands, NFP_NET_MAX_RX_RINGS);
	snprintf(pf_symbol, sizeof(pf_symbol), name_fmt,
		 abm->pf_id, nfp_abm_has_prio(abm) ? "_per_band" : "");

	return nfp_abm_ctrl_find_rtsym(abm->app->pf, pf_symbol, size);
}


            

Line: 350 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              nfp_abm_ctrl_find_q_rtsym(struct nfp_abm *abm, const char *name_fmt,
			  size_t size)
{
	char pf_symbol[64];

	size = array3_size(size, abm->num_bands, NFP_NET_MAX_RX_RINGS);
	snprintf(pf_symbol, sizeof(pf_symbol), name_fmt,
		 abm->pf_id, nfp_abm_has_prio(abm) ? "_per_band" : "");


            

Line: 250 Column: 4 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              		if (reg3->var_off.mask & BPF_F_INDEX_MASK ||
		    (reg3->var_off.value & BPF_F_INDEX_MASK) !=
		    BPF_F_CURRENT_CPU) {
			char tn_buf[48];

			tnum_strn(tn_buf, sizeof(tn_buf), reg3->var_off);
			pr_vlog(env, "event_output: must use BPF_F_CURRENT_CPU, var_off: %s\n",
				tn_buf);
			return -EOPNOTSUPP;

            

Line: 321 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              		return 0;

	if (!(reg0->type == SCALAR_VALUE && tnum_is_const(reg0->var_off))) {
		char tn_buf[48];

		tnum_strn(tn_buf, sizeof(tn_buf), reg0->var_off);
		pr_vlog(env, "unsupported exit state: %d, var_off: %s\n",
			reg0->type, tn_buf);
		return -EINVAL;

            

Line: 175 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		if (skb->len & 3) {
			__be32 tmp = 0;

			memcpy(&tmp, &data[i], skb->len & 3);
			nn_writel(nn, off, be32_to_cpu(tmp));
			off += 4;
		}

		/* Reserve space if reply is bigger */

            

Line: 312 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			 * be ignored (beyond skb->len).
			 */
			skb_data = (__be32 *)skb->data;
			memcpy(skb_data, &hdr, 4);

			cnt = DIV_ROUND_UP(length, 4);
			for (i = 1 ; i < cnt; i++)
				skb_data[i] = cpu_to_be32(readl(data + i * 4));
		}

            

Line: 323 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	struct flow_match_enc_opts match;

	flow_rule_match_enc_opts(rule, &match);
	memcpy(ext, match.key->data, match.key->len);
	memcpy(msk, match.mask->data, match.mask->len);

	return 0;
}


            

Line: 324 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	flow_rule_match_enc_opts(rule, &match);
	memcpy(ext, match.key->data, match.key->len);
	memcpy(msk, match.mask->data, match.mask->len);

	return 0;
}

static void

            

Line: 324 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return -ENOMEM;

	msg = nfp_flower_cmsg_get_data(skb);
	memcpy(msg, pdata, nfp_flower_cmsg_get_data_len(skb));

	nfp_ctrl_tx(app->ctrl, skb);
	return 0;
}


            

Line: 365 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		return -ENOMEM;
	}

	memcpy(entry->ip_add, add, add_len);
	list_add_tail(&entry->list, route_list);
	spin_unlock_bh(list_lock);

	return 0;
}