Line: 42 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               */
int register_adapter_interrupt(struct airq_struct *airq)
{
	char dbf_txt[32];

	if (!airq->handler || airq->isc > MAX_ISC)
		return -EINVAL;
	if (!airq->lsi_ptr) {
		airq->lsi_ptr = kzalloc(1, GFP_KERNEL);

            

Line: 70 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               */
void unregister_adapter_interrupt(struct airq_struct *airq)
{
	char dbf_txt[32];

	if (hlist_unhashed(&airq->list))
		return;
	snprintf(dbf_txt, sizeof(dbf_txt), "urairq:%p", airq);
	CIO_TRACE_EVENT(4, dbf_txt);

            

Line: 250 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	struct subchannel_id schid = get_schid(private);

	private->state = VFIO_CCW_STATE_CP_PROCESSING;
	memcpy(scsw, io_region->scsw_area, sizeof(*scsw));

	if (scsw->cmd.fctl & SCSW_FCTL_START_FUNC) {
		orb = (union orb *)io_region->orb_area;

		/* Don't try to build a cp if transport mode is specified. */

            

Line: 362 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	VFIO_CCW_TRACE_EVENT(6, "IRQ");
	VFIO_CCW_TRACE_EVENT(6, dev_name(&private->sch->dev));

	memcpy(&private->irb, irb, sizeof(*irb));

	queue_work(vfio_ccw_work_q, &private->io_work);

	if (private->completion)
		complete(private->completion);

            

Line: 194 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct {
		struct type6_hdr hdr;
		struct CPRBX cprbx;
		char function_code[2];
		short int rule_length;
		char rule[8];
		short int verb_length;
		short int key_length;
	} __packed *msg;

            

Line: 196 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              		struct CPRBX cprbx;
		char function_code[2];
		short int rule_length;
		char rule[8];
		short int verb_length;
		short int key_length;
	} __packed *msg;
	int rc, i;


            

Line: 36 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              struct error_hdr {
	unsigned char reserved1;	/* 0x00			*/
	unsigned char type;		/* 0x82 or 0x88		*/
	unsigned char reserved2[2];	/* 0x0000		*/
	unsigned char reply_code;	/* reply code		*/
	unsigned char reserved3[3];	/* 0x000000		*/
};

#define TYPE82_RSP_CODE 0x82

            

Line: 38 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	unsigned char type;		/* 0x82 or 0x88		*/
	unsigned char reserved2[2];	/* 0x0000		*/
	unsigned char reply_code;	/* reply code		*/
	unsigned char reserved3[3];	/* 0x000000		*/
};

#define TYPE82_RSP_CODE 0x82
#define TYPE88_RSP_CODE 0x88


            

Line: 73 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification

              	if (!debug_level_enabled(ctcm_dbf[dbf_nix].id, level))
		return;
	va_start(args, fmt);
	vsnprintf(dbf_txt_buf, sizeof(dbf_txt_buf), fmt, args);
	va_end(args);

	debug_text_event(ctcm_dbf[dbf_nix].id, level, dbf_txt_buf);
}


            

Line: 67 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
void ctcm_dbf_longtext(enum ctcm_dbf_names dbf_nix, int level, char *fmt, ...)
{
	char dbf_txt_buf[64];
	va_list args;

	if (!debug_level_enabled(ctcm_dbf[dbf_nix].id, level))
		return;
	va_start(args, fmt);

            

Line: 56 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              };

struct ctcm_dbf_info {
	char name[DEBUG_MAX_NAME_LEN];
	int pages;
	int areas;
	int len;
	int level;
	debug_info_t *id;

            

Line: 72 Column: 10 CWE codes: 126

              
static inline const char *strtail(const char *s, int n)
{
	int l = strlen(s);
	return (l > n) ? s + (l - n) : s;
}

#define CTCM_FUNTAIL strtail((char *)__func__, 16)


            

Line: 67 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	__u32	xid2_sender_id;
	__u8	xid2_flag2;
	__u8	xid2_option;
	char  xid2_resv3[8];
	__u16	xid2_resv4;
	__u8	xid2_dlc_type;
	__u16	xid2_resv5;
	__u8	xid2_mpc_flag;
	__u8	xid2_resv6;

            

Line: 74 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	__u8	xid2_mpc_flag;
	__u8	xid2_resv6;
	__u16	xid2_buf_len;
	char xid2_buffer[255 - (13 * sizeof(__u8) +
				2 * sizeof(__u32) +
				4 * sizeof(__u16) +
				8 * sizeof(char))];
} __attribute__ ((packed));


            

Line: 24 Column: 4 CWE codes: 134
Suggestion: Make format string constant

              #define LCS_DBF_TEXT_(level,name,text...) \
	do { \
		if (debug_level_enabled(lcs_dbf_##name, level)) { \
			sprintf(debug_buffer, text); \
			debug_text_event(lcs_dbf_##name, level, debug_buffer); \
		} \
	} while (0)

/**

            

Line: 312 Column: 21 CWE codes: 120 20

              	__be16 (*lan_type_trans)(struct sk_buff *skb,
					 struct net_device *dev);
	struct ccwgroup_device *gdev;
	struct lcs_channel read;
	struct lcs_channel write;
	struct lcs_buffer *tx_buffer;
	int tx_emitted;
	struct list_head lancmd_waiters;
	int lancmd_timeout;

            

Line: 24 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              }

struct qeth_stats {
	char name[ETH_GSTRING_LEN];
	unsigned int offset;
};

static const struct qeth_stats txq_stats[] = {
	QETH_TXQ_STAT("IO buffers", bufs),

            

Line: 163 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              static void qeth_get_strings(struct net_device *dev, u32 stringset, u8 *data)
{
	struct qeth_card *card = dev->ml_priv;
	char prefix[ETH_GSTRING_LEN] = "";
	unsigned int i;

	switch (stringset) {
	case ETH_SS_STATS:
		qeth_add_stat_strings(&data, prefix, card_stats,

            

Line: 221 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct list_head autosense;		/* Priority cmnd queue */
	struct scsi_cmnd *sensing;		/* Cmnd needing autosense */
	struct scsi_eh_save ses;		/* Cmnd state saved for EH */
	unsigned char busy[8];			/* Index = target, bit = lun */
	unsigned char id_mask;			/* 1 << Host ID */
	unsigned char id_higher_mask;		/* All bits above id_mask */
	unsigned char last_message;		/* Last Message Out */
	unsigned long region_size;		/* Size of address/port range */
	char info[168];				/* Host banner message */

            

Line: 226 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	unsigned char id_higher_mask;		/* All bits above id_mask */
	unsigned char last_message;		/* Last Message Out */
	unsigned long region_size;		/* Size of address/port range */
	char info[168];				/* Host banner message */
};

struct NCR5380_cmd {
	struct list_head list;
};