Line: 1293 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct work_struct rx_urb_wq;

	u8 mac_addr[ETH_ALEN];
	char chip_name[8];
	char chip_vendor[8];
	u8 cck_tx_power_index_A[RTL8XXXU_MAX_CHANNEL_GROUPS];
	u8 cck_tx_power_index_B[RTL8XXXU_MAX_CHANNEL_GROUPS];
	u8 ht40_1s_tx_power_index_A[RTL8XXXU_MAX_CHANNEL_GROUPS];
	u8 ht40_1s_tx_power_index_B[RTL8XXXU_MAX_CHANNEL_GROUPS];

            

Line: 1294 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
	u8 mac_addr[ETH_ALEN];
	char chip_name[8];
	char chip_vendor[8];
	u8 cck_tx_power_index_A[RTL8XXXU_MAX_CHANNEL_GROUPS];
	u8 cck_tx_power_index_B[RTL8XXXU_MAX_CHANNEL_GROUPS];
	u8 ht40_1s_tx_power_index_A[RTL8XXXU_MAX_CHANNEL_GROUPS];
	u8 ht40_1s_tx_power_index_B[RTL8XXXU_MAX_CHANNEL_GROUPS];
	/*

            

Line: 697 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
		uskb = dev_alloc_skb(skb->len + 128);
		if (likely(uskb)) {
			memcpy(IEEE80211_SKB_RXCB(uskb), &rx_status,
			       sizeof(rx_status));
			skb_put_data(uskb, skb->data, skb->len);
			dev_kfree_skb_any(skb);
			ieee80211_rx_irqsafe(hw, uskb);
		} else {

            

Line: 825 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		fc = rtl_get_fc(skb);

		if (!stats.crc && !stats.hwerror && (skb->len > FCS_LEN)) {
			memcpy(IEEE80211_SKB_RXCB(skb), &rx_status,
			       sizeof(rx_status));

			if (is_broadcast_ether_addr(hdr->addr1)) {
				;/*TODO*/
			} else if (is_multicast_ether_addr(hdr->addr1)) {

            

Line: 325 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	param.grouping_bitmap = 0;
	param.mu_tx_en = 0;
	memset(param.sounding_sts, 0, 6);
	memcpy(param.given_gid_tab, conf->mu_group.membership, 8);
	memcpy(param.given_user_pos, conf->mu_group.position, 16);
	rtw_dbg(rtwdev, RTW_DBG_BF, "STA0: gid_valid=0x%x, user_position_l=0x%x, user_position_h=0x%x\n",
		param.given_gid_tab[0], param.given_user_pos[0],
		param.given_user_pos[1]);


            

Line: 326 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	param.mu_tx_en = 0;
	memset(param.sounding_sts, 0, 6);
	memcpy(param.given_gid_tab, conf->mu_group.membership, 8);
	memcpy(param.given_user_pos, conf->mu_group.position, 16);
	rtw_dbg(rtwdev, RTW_DBG_BF, "STA0: gid_valid=0x%x, user_position_l=0x%x, user_position_h=0x%x\n",
		param.given_gid_tab[0], param.given_user_pos[0],
		param.given_user_pos[1]);

	rtw_dbg(rtwdev, RTW_DBG_BF, "STA1: gid_valid=0x%x, user_position_l=0x%x, user_position_h=0x%x\n",

            

Line: 3476 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              {
	struct rtw_chip_info *chip = rtwdev->chip;
	const struct rtw_reg_domain *reg;
	char addr_info[INFO_SIZE];
	int n_addr = 0;
	char val_info[INFO_SIZE];
	int n_val = 0;
	int i;


            

Line: 3478 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	const struct rtw_reg_domain *reg;
	char addr_info[INFO_SIZE];
	int n_addr = 0;
	char val_info[INFO_SIZE];
	int n_val = 0;
	int i;

	for (i = 0; i < chip->coex_info_hw_regs_num; i++) {
		reg = &chip->coex_info_hw_regs[i];

            

Line: 196 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	/* Set bit 0-5 to zero */
	mask_hw[0] &= (~GENMASK(5, 0));

	memcpy(rtw_pattern->mask, mask_hw, RTW_MAX_PATTERN_MASK_SIZE);

	/* To get the wake up pattern from the mask.
	 * We do not count first 12 bits which means
	 * DA[6] and SA[6] in the pattern to match HW design.
	 */

            

Line: 526 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	for (i = 0 ; i < pno_req->channel_cnt; i++) {
		channel = pno_req->channels + i;
		memcpy(channel, nd_config->channels[i], sizeof(*channel));
	}

	pno_req->scan_plan = *nd_config->scan_plans;
	pno_req->inited = true;


            

Line: 480 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	if (mac_bcn->data[tim_offset + 2] == 0)
		bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON);

	memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len);
	skb_put(skb, mac_bcn->len + FRAME_DESC_SZ);

	dev_kfree_skb(mac_bcn);

	return 0;

            

Line: 1060 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	rsi_dbg(INFO_ZONE, "instructions_sz : %d\n", instructions_sz);

	if (*(u16 *)fw_p == RSI_9116_FW_MAGIC_WORD) {
		memcpy(&bootload_ds, fw_p, sizeof(struct bootload_ds));
		fw_p += le16_to_cpu(bootload_ds.offset);
		rsi_dbg(INFO_ZONE, "FW start = %x\n", *(u32 *)fw_p);

		cnt = 0;
		do {

            

Line: 115 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	for (i = 0; i < req->n_ssids; ++i) {
		struct wsm_ssid *dst = &priv->scan.ssids[priv->scan.n_ssids];
		memcpy(&dst->ssid[0], req->ssids[i].ssid, sizeof(dst->ssid));
		dst->length = req->ssids[i].ssid_len;
		++priv->scan.n_ssids;
	}

	mutex_unlock(&priv->conf_mutex);

            

Line: 429 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
			/* Store SSID localy */
			ssids[0].length = ssidie[1];
			memcpy(ssids[0].ssid, &ssidie[2], ssids[0].length);
			scan.num_ssids = 1;

			/* Remove SSID from IE list */
			ssidie[1] = 0;
			memmove(&ssidie[2], nextie, &ies[ies_len] - nextie);

            

Line: 365 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
		/* need to copy the chunk for dma */
		len = CHUNK_SIZE;
		memcpy(buf, p, len);
		wl1251_mem_write(wl, addr, buf, len);

		chunk_num++;
	}


            

Line: 377 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	/* need to copy the chunk for dma */
	len = fw_data_len % CHUNK_SIZE;
	memcpy(buf, p, len);

	wl1251_debug(DEBUG_BOOT, "uploading fw last chunk (%zu B) 0x%p to 0x%x",
		     len, p, addr);
	wl1251_mem_write(wl, addr, buf, len);


            

Line: 25 Column: 14 CWE codes: 120 20

              
static inline u32 wl1251_read32(struct wl1251 *wl, int addr)
{
	wl->if_ops->read(wl, addr, &wl->buffer_32, sizeof(wl->buffer_32));

	return le32_to_cpu(wl->buffer_32);
}

static inline void wl1251_write32(struct wl1251 *wl, int addr, u32 val)

            

Line: 43 Column: 15 CWE codes: 120 20

              	if (wl->if_ops->read_elp)
		wl->if_ops->read_elp(wl, addr, &response);
	else
		wl->if_ops->read(wl, addr, &response, sizeof(u32));

	return response;
}

static inline void wl1251_write_elp(struct wl1251 *wl, int addr, u32 val)

            

Line: 384 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct ieee80211_vif *vif;

	u32 chip_id;
	char fw_ver[21];

	/* Most recently reported noise in dBm */
	s8 noise;
};


            

Line: 248 Column: 9 CWE codes: 120 20

              };

struct wl1251_if_operations {
	void (*read)(struct wl1251 *wl, int addr, void *buf, size_t len);
	void (*write)(struct wl1251 *wl, int addr, void *buf, size_t len);
	void (*read_elp)(struct wl1251 *wl, int addr, u32 *val);
	void (*write_elp)(struct wl1251 *wl, int addr, u32 val);
	int  (*power)(struct wl1251 *wl, bool enable);
	void (*reset)(struct wl1251 *wl);