Line: 494 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	} else {
		pipe = usb_sndctrlpipe(udev, 0); /* write_out */
		reqtype =  RTL871X_VENQT_WRITE;
		memcpy(pIo_buf, pdata, len);
	}
	status = usb_control_msg(udev, pipe, request, reqtype, value, index,
				 pIo_buf, len, HZ / 2);
	if (status > 0) {  /* Success this control transfer. */
		if (requesttype == 0x01) {

            

Line: 503 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			/* For Control read transfer, we have to copy the read
			 * data from pIo_buf to pdata.
			 */
			memcpy(pdata, pIo_buf,  status);
		}
	}
	kfree(palloc_buf);
	return status;
}

            

Line: 393 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	}

	/* get permanent network address */
	memcpy(priv->permanent_net_addr, init_rsp->net_addr, 6);
	ether_addr_copy(priv->current_net_addr, priv->permanent_net_addr);

	/* if exist SW network address, use it */
	dev_dbg(&priv->usb->dev, "Network address = %pM\n",
		priv->current_net_addr);

            

Line: 931 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              {
	struct vnt_private *priv = hw->priv;

	memcpy(stats, &priv->low_stats, sizeof(*stats));

	return 0;
}

static u64 vnt_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)

            

Line: 133 Column: 48 CWE codes: 134
Suggestion: Use a constant for the format specification

              /*
 * Write formatted output to sized buffer
 */
#define rtw_sprintf(buf, size, format, arg...)	snprintf(buf, size, format, ##arg)

#endif

            

Line: 118 Column: 6 CWE codes: 120 20

              
struct rtw_cbuf {
	u32 write;
	u32 read;
	u32 size;
	void *bufs[0];
};

bool rtw_cbuf_full(struct rtw_cbuf *cbuf);

            

Line: 38 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
#define FONT_DATA ((unsigned char *)font_vga_8x16.data)

static unsigned char *font_data[MAX_NR_CONSOLES];

static struct newport_regs *npregs;
static unsigned long newport_addr;

static int logo_active;

            

Line: 525 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	p = new_data;
	for (i = 0; i < op->charcount; i++) {
		memcpy(p, data, h);
		data += 32;
		p += h;
	}

	/* check if font is already used by other console */

            

Line: 115 Column: 9 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              
	_snd_pcm_hw_params_any(params);
	_snd_pcm_hw_param_set(params, SNDRV_PCM_HW_PARAM_ACCESS,
			snd->access, 0);
	_snd_pcm_hw_param_set(params, SNDRV_PCM_HW_PARAM_FORMAT,
			snd->format, 0);
	_snd_pcm_hw_param_set(params, SNDRV_PCM_HW_PARAM_CHANNELS,
			snd->channels, 0);
	_snd_pcm_hw_param_set(params, SNDRV_PCM_HW_PARAM_RATE,

            

Line: 144 Column: 8 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              
	INFO(snd->card,
		"Hardware params: access %x, format %x, channels %d, rate %d\n",
		snd->access, snd->format, snd->channels, snd->rate);

	return 0;
}

/*

            

Line: 425 Column: 3 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)

              	info->par = par;

	if (name) {
		strcpy(fix->id, "OFfb ");
		strncat(fix->id, name, sizeof(fix->id) - sizeof("OFfb "));
		fix->id[sizeof(fix->id) - 1] = '\0';
	} else
		snprintf(fix->id, sizeof(fix->id), "OFfb %pOFn", dp);


            

Line: 426 Column: 3 CWE codes: 120
Suggestion: Consider strcat_s, strlcat, snprintf, or automatically resizing strings

              
	if (name) {
		strcpy(fix->id, "OFfb ");
		strncat(fix->id, name, sizeof(fix->id) - sizeof("OFfb "));
		fix->id[sizeof(fix->id) - 1] = '\0';
	} else
		snprintf(fix->id, sizeof(fix->id), "OFfb %pOFn", dp);



            

Line: 700 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)

              	fb_info.flags		= FBINFO_DEFAULT | FBINFO_HWACCEL_YPAN;
	fb_info.pseudo_palette	= current_par.pseudo_palette;

	strcpy(fb_info.fix.id, "Acorn");
	fb_info.fix.type	= FB_TYPE_PACKED_PIXELS;
	fb_info.fix.type_aux	= 0;
	fb_info.fix.xpanstep	= 0;
	fb_info.fix.ypanstep	= 1;
	fb_info.fix.ywrapstep	= 1;

            

Line: 899 Column: 13 CWE codes: 126

              		for (optp = opt_table; optp->name; optp++) {
			int optlen;

			optlen = strlen(optp->name);

			if (strncmp(opt, optp->name, optlen) == 0 &&
			    opt[optlen] == ':') {
				optp->parse(opt + optlen + 1);
				break;

            

Line: 414 Column: 6 CWE codes: 134
Suggestion: Use a constant for the format specification

              		return;

	va_start(args, fmt);
	i = vsnprintf(*buf, *size, fmt, args);
	va_end(args);

	if (i >= *size) {
		(*buf)[*size - 1] = '\0';
		*buf += *size;

            

Line: 449 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	int period;

	for (period = 0; period < periods_in_map; period++) {
		char tmp[64];
		char *buf = tmp;
		size_t buf_size = sizeof(tmp);
		int period_start = period * bits_per_period;
		int period_end = period_start + bits_per_period;
		int start = 0;

            

Line: 286 Column: 3 CWE codes: 120
Suggestion: Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)

              	 *	Let there be consoles..
	 */
	if (DIO_SECID(fb_regs) == DIO_ID2_TOPCAT)
		strcat(fb_info.fix.id, "Topcat");
	else
		strcat(fb_info.fix.id, "Catseye");
	fb_info.fbops = &hpfb_ops;
	fb_info.flags = FBINFO_DEFAULT;
	fb_info.var   = hpfb_defined;

            

Line: 288 Column: 3 CWE codes: 120
Suggestion: Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)

              	if (DIO_SECID(fb_regs) == DIO_ID2_TOPCAT)
		strcat(fb_info.fix.id, "Topcat");
	else
		strcat(fb_info.fix.id, "Catseye");
	fb_info.fbops = &hpfb_ops;
	fb_info.flags = FBINFO_DEFAULT;
	fb_info.var   = hpfb_defined;
	fb_info.screen_base = (char *)fb_start;


            

Line: 398 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (tspi->is_packed) {
		unsigned len = tspi->curr_dma_words * tspi->bytes_per_word;

		memcpy(tspi->tx_dma_buf, t->tx_buf + tspi->cur_pos, len);
		tspi->cur_tx_pos += tspi->curr_dma_words * tspi->bytes_per_word;
	} else {
		unsigned int i;
		unsigned int count;
		u8 *tx_buf = (u8 *)t->tx_buf + tspi->cur_tx_pos;

            

Line: 437 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (tspi->is_packed) {
		unsigned len = tspi->curr_dma_words * tspi->bytes_per_word;

		memcpy(t->rx_buf + tspi->cur_rx_pos, tspi->rx_dma_buf, len);
		tspi->cur_rx_pos += tspi->curr_dma_words * tspi->bytes_per_word;
	} else {
		unsigned int i;
		unsigned int count;
		unsigned char *rx_buf = t->rx_buf + tspi->cur_rx_pos;