Line: 752 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              			"[BTCoex], original/new btRetryIndex=0x%x/ 0x%x\n",
			btdm_8723->bt_retry_index, btdm->bt_retry_index);

		memcpy(btdm_8723, btdm, sizeof(struct btdm_8723));
	}
	/* Here we only consider when Bt Operation
	 * inquiry/paging/pairing is ON
	 * we only need to turn off TDMA
	 */

            

Line: 279 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	rtc_update_alarm(dev, &alrm->time);

	memcpy(&pdata->g_rtc_alarm, &alrm->time, sizeof(struct rtc_time));
	mxc_rtc_irq_enable(dev, RTC_ALM_BIT, alrm->enabled);

	return 0;
}


            

Line: 85 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	tx[0] = MCP795_WRITE;
	tx[1] = addr;
	memcpy(&tx[2], data, count);

	ret = spi_write(spi, tx, 2 + count);

	if (ret)
		dev_err(dev, "Failed to write %d bytes to address %x.\n",

            

Line: 126 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	msleep(MAX6900_IDLE_TIME_AFTER_WRITE);

	memcpy(&i2c_burst_buf[1], buf, MAX6900_BURST_LEN);

	rc = i2c_transfer(client->adapter, burst_msgs, ARRAY_SIZE(burst_msgs));
	if (rc != ARRAY_SIZE(burst_msgs))
		goto write_failed;
	msleep(MAX6900_IDLE_TIME_AFTER_WRITE);

            

Line: 355 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		 * 2 bytes of address, most significant first, followed
		 * by page data bytes
		 */
		memcpy(payload + 2, v + num_written, chunk_size);
		payload[0] = offset >> 8;
		payload[1] = offset;
		msgs[0].len = chunk_size + 2;
		ret = i2c_transfer(priv->nvm_client->adapter,
				   msgs, ARRAY_SIZE(msgs));

            

Line: 44 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              };

/* Channel names for verbose error messages */
static const char * const hid_time_channel_names[TIME_RTC_CHANNEL_MAX] = {
	"year", "month", "day", "hour", "minute", "second",
};

/* Callback handler to send event after all samples are received and captured */
static int hid_time_proc_event(struct hid_sensor_hub_device *hsdev,

            

Line: 57 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              			   unsigned char data)
{
	struct spi_device *spi = to_spi_device(dev);
	unsigned char buf[2];

	/* MSB must be '1' to write */
	buf[0] = address | 0x80;
	buf[1] = data;


            

Line: 43 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              static int write_reg(struct device *dev, int address, unsigned char data)
{
	struct spi_device *spi = to_spi_device(dev);
	unsigned char buf[2];

	buf[0] = address & 0x7f;
	buf[1] = data;

	return spi_write(spi, buf, ARRAY_SIZE(buf));

            

Line: 247 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	/* handle the rtc synchronisation delay */
	if (rtc->rtc_sync && al_secs - tm_secs == 1)
		memcpy(tm, &rtc->alarm_time, sizeof(struct rtc_time));
	else
		rtc->rtc_sync = false;

	return 0;
}

            

Line: 24 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              static bool is_rtc_hctosys(struct rtc_device *rtc)
{
	int size;
	char name[NAME_SIZE];

	size = snprintf(name, NAME_SIZE, "rtc%d", rtc->id);
	if (size >= NAME_SIZE)
		return false;