The following issues were found
tools/perf/builtin-top.c
10 issues
Line: 153
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (err == 0) {
top->sym_filter_entry = he;
} else {
char msg[BUFSIZ];
symbol__strerror_disassemble(&he->ms, err, msg, sizeof(msg));
pr_err("Couldn't annotate %s: %s\n", sym->name, msg);
}
pthread_mutex_unlock(¬es->lock);
Reported by FlawFinder.
Line: 318
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void perf_top__print_sym_table(struct perf_top *top)
{
char bf[160];
int printed = 0;
const int win_width = top->winsize.ws_col - 1;
struct evsel *evsel = top->sym_evsel;
struct hists *hists = evsel__hists(evsel);
Reported by FlawFinder.
Line: 812
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!machine->kptr_restrict_warned && !top->vmlinux_warned &&
__map__is_kernel(al.map) && map__has_symbols(al.map)) {
if (symbol_conf.vmlinux_name) {
char serr[256];
dso__strerror_load(al.map->dso, serr, sizeof(serr));
ui__warning("The %s file can't be used: %s\n%s",
symbol_conf.vmlinux_name, serr, msg);
} else {
ui__warning("A vmlinux file was not found.\n%s",
Reported by FlawFinder.
Line: 1011
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int perf_top__start_counters(struct perf_top *top)
{
char msg[BUFSIZ];
struct evsel *counter;
struct evlist *evlist = top->evlist;
struct record_opts *opts = &top->record_opts;
if (perf_top__overwrite_check(top)) {
Reported by FlawFinder.
Line: 1283
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (perf_hpp_list.socket) {
ret = perf_env__read_cpu_topology_map(&perf_env);
if (ret < 0) {
char errbuf[BUFSIZ];
const char *err = str_error_r(-ret, errbuf, sizeof(errbuf));
ui__error("Could not read the CPU topology map: %s\n", err);
return ret;
}
Reported by FlawFinder.
Line: 1415
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cmd_top(int argc, const char **argv)
{
char errbuf[BUFSIZ];
struct perf_top top = {
.count_filter = 5,
.delay_secs = 2,
.record_opts = {
.mmap_pages = UINT_MAX,
Reported by FlawFinder.
Line: 695
Column: 3
CWE codes:
120
20
/* trash return*/
clearerr(stdin);
if (poll(&stdin_poll, 1, 0) > 0)
getc(stdin);
while (!done) {
perf_top__print_sym_table(top);
/*
* Either timeout expired or we got an EINTR due to SIGWINCH,
Reported by FlawFinder.
Line: 1099
Column: 4
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
struct ordered_events *out, *in = top->qe.in;
if (!in->nr_events) {
usleep(100);
continue;
}
out = rotate_queues(top);
Reported by FlawFinder.
tools/testing/selftests/powerpc/nx-gzip/gunz_test.c
10 issues
Line: 331
CWE codes:
775
outf = fopen(w, "w");
if (outf == NULL) {
perror(w);
return -1;
}
}
/* Decode the gzip header */
c = GETINPC(inpf); expect = 0x1f; /* ID1 */
Reported by Cppcheck.
Line: 325
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* Make a new file name to write to. Ignoring '.gz' */
wp = (NULL != (wp = strrchr(argv[1], '/'))) ? (wp+1) : argv[1];
strcpy(w, wp);
strcat(w, ".nx.gunzip");
outf = fopen(w, "w");
if (outf == NULL) {
perror(w);
Reported by FlawFinder.
Line: 278
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FILE *outf = NULL;
int c, expect, i, cc, rc = 0;
char gzfname[FNAME_MAX];
/* Queuing, file ops, byte counting */
char *fifo_in, *fifo_out;
int used_in, cur_in, used_out, cur_out, read_sz, n;
int first_free, last_free, first_used, last_used;
Reported by FlawFinder.
Line: 314
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
inpf = stdin;
outf = stdout;
} else if (argc == 2) {
char w[1024];
char *wp;
inpf = fopen(argv[1], "r");
if (inpf == NULL) {
perror(argv[1]);
Reported by FlawFinder.
Line: 317
Column: 10
CWE codes:
362
char w[1024];
char *wp;
inpf = fopen(argv[1], "r");
if (inpf == NULL) {
perror(argv[1]);
return -1;
}
Reported by FlawFinder.
Line: 326
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
/* Make a new file name to write to. Ignoring '.gz' */
wp = (NULL != (wp = strrchr(argv[1], '/'))) ? (wp+1) : argv[1];
strcpy(w, wp);
strcat(w, ".nx.gunzip");
outf = fopen(w, "w");
if (outf == NULL) {
perror(w);
return -1;
Reported by FlawFinder.
Line: 328
Column: 10
CWE codes:
362
strcpy(w, wp);
strcat(w, ".nx.gunzip");
outf = fopen(w, "w");
if (outf == NULL) {
perror(w);
return -1;
}
}
Reported by FlawFinder.
Line: 359
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* sample code.
*/
for (i = 0; i < 6; i++) {
char tmp[10];
tmp[i] = GETINPC(inpf);
if (tmp[i] == EOF)
goto err3;
fprintf(stderr, "%02x ", tmp[i]);
Reported by FlawFinder.
Line: 948
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} else {
/* Compare checksums and exit */
int i;
unsigned char tail[8];
uint32_t cksum, isize;
for (i = 0; i < 8; i++)
tail[i] = fifo_in[(cur_in + i) % fifo_in_len];
fprintf(stderr, "computed checksum %08x isize %08x\n",
Reported by FlawFinder.
Line: 68
Column: 20
CWE codes:
120
20
#define NX_MIN(X, Y) (((X) < (Y))?(X):(Y))
#define NX_MAX(X, Y) (((X) > (Y))?(X):(Y))
#define GETINPC(X) fgetc(X)
#define FNAME_MAX 1024
/* fifo queue management */
#define fifo_used_bytes(used) (used)
#define fifo_free_bytes(used, len) ((len)-(used))
Reported by FlawFinder.
tools/testing/selftests/bpf/test_progs.c
10 issues
Line: 345
Column: 7
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
char *line = NULL;
size_t len = 0;
fp = popen("readelf -n ./urandom_read | grep 'Build ID'", "r");
if (fp == NULL)
return -1;
if (getline(&line, &len, fp) == -1)
goto err;
Reported by FlawFinder.
Line: 478
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
if (env.verbosity < VERBOSE_VERY && level == LIBBPF_DEBUG)
return 0;
vfprintf(stdout, format, args);
return 0;
}
static void free_str_set(const struct str_set *set)
{
Reported by FlawFinder.
Line: 745
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
libbpf_set_print(libbpf_print_fn);
srand(time(NULL));
env.jit_enabled = is_jit_enabled();
env.nr_cpus = libbpf_num_possible_cpus();
if (env.nr_cpus < 0) {
fprintf(stderr, "Failed to get number of CPUs: %d!\n",
Reported by FlawFinder.
Line: 130
Column: 23
CWE codes:
362
static void save_netns(void)
{
env.saved_netns_fd = open("/proc/self/ns/net", O_RDONLY);
if (env.saved_netns_fd == -1) {
perror("open(/proc/self/ns/net)");
exit(EXIT_ERR_SETUP_INFRA);
}
}
Reported by FlawFinder.
Line: 264
Column: 14
CWE codes:
362
bool enabled = false;
int sysctl_fd;
sysctl_fd = open(jit_sysctl, 0, O_RDONLY);
if (sysctl_fd != -1) {
char tmpc;
if (read(sysctl_fd, &tmpc, sizeof(tmpc)) == 1)
enabled = (tmpc != '0');
Reported by FlawFinder.
Line: 279
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int compare_map_keys(int map1_fd, int map2_fd)
{
__u32 key, next_key;
char val_buf[PERF_MAX_STACK_DEPTH *
sizeof(struct bpf_stack_build_id)];
int err;
err = bpf_map_get_next_key(map1_fd, NULL, &key);
if (err)
Reported by FlawFinder.
Line: 355
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > size)
len = size;
memcpy(build_id, line, len);
build_id[len] = '\0';
free(line);
return 0;
err:
fclose(fp);
Reported by FlawFinder.
Line: 409
Column: 7
CWE codes:
362
if (env.verbosity > VERBOSE_NONE)
fprintf(stdout, "Loading bpf_testmod.ko...\n");
fd = open("bpf_testmod.ko", O_RDONLY);
if (fd < 0) {
fprintf(env.stderr, "Can't find bpf_testmod.ko kernel module: %d\n", -errno);
return -ENOENT;
}
if (finit_module(fd, "", 0)) {
Reported by FlawFinder.
Line: 43
Column: 5
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
* is always called. Usleep is frequently used in selftests as a way to
* trigger kprobe and tracepoints.
*/
int usleep(useconds_t usec)
{
struct timespec ts = {
.tv_sec = usec / 1000000,
.tv_nsec = (usec % 1000000) * 1000,
};
Reported by FlawFinder.
tools/testing/selftests/cgroup/test_core.c
10 issues
Line: 23
Column: 7
CWE codes:
362
int fd;
char *pos = buf;
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0)
return -1;
while (size > 0) {
ssize_t ret = read(fd, pos, size);
Reported by FlawFinder.
Line: 80
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = KSFT_FAIL;
char *cg_test = NULL;
int child_pid;
char buf[PAGE_SIZE];
cg_test = cg_name(root, "cg_test");
if (!cg_test)
goto cleanup;
Reported by FlawFinder.
Line: 600
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int g, i, n_iterations = 1000;
char **grps = arg;
char lines[3][PATH_MAX];
for (g = 1; g < 3; ++g)
snprintf(lines[g], sizeof(lines[g]), "0::%s", grps[g] + strlen(grps[0]));
for (i = 0; i < n_iterations; ++i) {
Reported by FlawFinder.
Line: 622
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret = KSFT_FAIL;
char *dom = NULL;
char line[PATH_MAX];
char *grps[3] = { (char *)root, NULL, NULL };
pthread_t thr;
void *retval;
dom = cg_name(root, "cg_dom");
Reported by FlawFinder.
Line: 623
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret = KSFT_FAIL;
char *dom = NULL;
char line[PATH_MAX];
char *grps[3] = { (char *)root, NULL, NULL };
pthread_t thr;
void *retval;
dom = cg_name(root, "cg_dom");
grps[1] = cg_name(root, "cg_dom/cg_src");
Reported by FlawFinder.
Line: 697
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char *argv[])
{
char root[PATH_MAX];
int i, ret = EXIT_SUCCESS;
if (cg_find_unified_root(root, sizeof(root)))
ksft_exit_skip("cgroup v2 isn't mounted\n");
Reported by FlawFinder.
Line: 110
Column: 4
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
goto cleanup;
if (buf[0] == '\0')
break;
usleep(1000);
}
if (rmdir(cg_test))
goto cleanup;
Reported by FlawFinder.
Line: 603
Column: 59
CWE codes:
126
char lines[3][PATH_MAX];
for (g = 1; g < 3; ++g)
snprintf(lines[g], sizeof(lines[g]), "0::%s", grps[g] + strlen(grps[0]));
for (i = 0; i < n_iterations; ++i) {
cg_enter_current_thread(grps[(i % 2) + 1]);
if (proc_read_strstr(0, 1, "cgroup", lines[(i % 2) + 1]))
Reported by FlawFinder.
Line: 657
Column: 50
CWE codes:
126
if (retval)
goto cleanup;
snprintf(line, sizeof(line), "0::%s", grps[1] + strlen(grps[0]));
if (proc_read_strstr(0, 1, "cgroup", line))
goto cleanup;
ret = KSFT_PASS;
Reported by FlawFinder.
tools/perf/util/intel-pt.c
10 issues
Line: 3607
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
for (i = start; i <= finish; i++)
fprintf(stdout, intel_pt_info_fmts[i], arr[i]);
}
static void intel_pt_print_info_str(const char *name, const char *str)
{
if (!dump_trace)
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u64 last_br_insn_cnt;
u64 last_br_cyc_cnt;
unsigned int cbr_seen;
char insn[INTEL_PT_INSN_BUF_SZ];
};
static void intel_pt_dump(struct intel_pt *pt __maybe_unused,
unsigned char *buf, size_t len)
{
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct intel_pt_pkt packet;
size_t pos = 0;
int ret, pkt_len, i;
char desc[INTEL_PT_PKT_DESC_MAX];
const char *color = PERF_COLOR_BLUE;
enum intel_pt_pkt_ctx ctx = INTEL_PT_NO_CTX;
color_fprintf(stdout, color,
". ... Intel Processor Trace data: size %zu bytes\n",
Reported by FlawFinder.
Line: 511
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum intel_pt_insn_branch branch;
int length;
int32_t rel;
char insn[INTEL_PT_INSN_BUF_SZ];
};
static int intel_pt_config_div(const char *var, const char *value, void *data)
{
int *d = data;
Reported by FlawFinder.
Line: 597
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->branch = intel_pt_insn->branch;
e->length = intel_pt_insn->length;
e->rel = intel_pt_insn->rel;
memcpy(e->insn, intel_pt_insn->buf, INTEL_PT_INSN_BUF_SZ);
err = auxtrace_cache__add(c, offset, &e->entry);
if (err)
auxtrace_cache__free_entry(c, e);
Reported by FlawFinder.
Line: 690
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct machine *machine = ptq->pt->machine;
struct thread *thread;
struct addr_location al;
unsigned char buf[INTEL_PT_INSN_BUF_SZ];
ssize_t len;
int x86_64;
u8 cpumode;
u64 offset, start_offset, start_ip;
u64 insn_cnt = 0;
Reported by FlawFinder.
Line: 745
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
intel_pt_insn->branch = e->branch;
intel_pt_insn->length = e->length;
intel_pt_insn->rel = e->rel;
memcpy(intel_pt_insn->buf, e->insn,
INTEL_PT_INSN_BUF_SZ);
intel_pt_log_insn_no_data(intel_pt_insn, *ip);
return 0;
}
}
Reported by FlawFinder.
Line: 1331
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ptq->state->flags & INTEL_PT_IN_TX)
ptq->flags |= PERF_IP_FLAG_IN_TX;
ptq->insn_len = ptq->state->insn_len;
memcpy(ptq->insn, ptq->state->insn, INTEL_PT_INSN_BUF_SZ);
}
if (ptq->state->type & INTEL_PT_TRACE_BEGIN)
ptq->flags |= PERF_IP_FLAG_TRACE_BEGIN;
if (ptq->state->type & INTEL_PT_TRACE_END)
Reported by FlawFinder.
Line: 1480
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sample->tid = ptq->tid;
sample->cpu = ptq->cpu;
sample->insn_len = ptq->insn_len;
memcpy(sample->insn, ptq->insn, INTEL_PT_INSN_BUF_SZ);
}
static void intel_pt_prep_b_sample(struct intel_pt *pt,
struct intel_pt_queue *ptq,
union perf_event *event,
Reported by FlawFinder.
Line: 2119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pid_t pid, pid_t tid, u64 ip, u64 timestamp)
{
union perf_event event;
char msg[MAX_AUXTRACE_ERROR_MSG];
int err;
if (pt->synth_opts.error_minus_flags) {
if (code == INTEL_PT_ERR_OVR &&
pt->synth_opts.error_minus_flags & AUXTRACE_ERR_FLG_OVERFLOW)
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/sk_assign.c
10 issues
Line: 39
Column: 17
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return false;
/* Configure necessary links, routes */
if (CHECK_FAIL(system("ip link set dev lo up")))
return false;
if (CHECK_FAIL(system("ip route add local default dev lo")))
return false;
if (CHECK_FAIL(system("ip -6 route add local default dev lo")))
return false;
Reported by FlawFinder.
Line: 41
Column: 17
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
/* Configure necessary links, routes */
if (CHECK_FAIL(system("ip link set dev lo up")))
return false;
if (CHECK_FAIL(system("ip route add local default dev lo")))
return false;
if (CHECK_FAIL(system("ip -6 route add local default dev lo")))
return false;
/* Load qdisc, BPF program */
Reported by FlawFinder.
Line: 43
Column: 17
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return false;
if (CHECK_FAIL(system("ip route add local default dev lo")))
return false;
if (CHECK_FAIL(system("ip -6 route add local default dev lo")))
return false;
/* Load qdisc, BPF program */
if (CHECK_FAIL(system("tc qdisc add dev lo clsact")))
return false;
Reported by FlawFinder.
Line: 47
Column: 17
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return false;
/* Load qdisc, BPF program */
if (CHECK_FAIL(system("tc qdisc add dev lo clsact")))
return false;
sprintf(tc_cmd, "%s %s %s %s", "tc filter add dev lo ingress bpf",
"direct-action object-file ./test_sk_assign.o",
"section classifier/sk_assign_test",
(env.verbosity < VERBOSE_VERY) ? " 2>/dev/null" : "verbose");
Reported by FlawFinder.
Line: 49
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* Load qdisc, BPF program */
if (CHECK_FAIL(system("tc qdisc add dev lo clsact")))
return false;
sprintf(tc_cmd, "%s %s %s %s", "tc filter add dev lo ingress bpf",
"direct-action object-file ./test_sk_assign.o",
"section classifier/sk_assign_test",
(env.verbosity < VERBOSE_VERY) ? " 2>/dev/null" : "verbose");
if (CHECK(system(tc_cmd), "BPF load failed;",
"run with -vv for more info\n"))
Reported by FlawFinder.
Line: 53
Column: 12
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
"direct-action object-file ./test_sk_assign.o",
"section classifier/sk_assign_test",
(env.verbosity < VERBOSE_VERY) ? " 2>/dev/null" : "verbose");
if (CHECK(system(tc_cmd), "BPF load failed;",
"run with -vv for more info\n"))
return false;
return true;
}
Reported by FlawFinder.
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool
configure_stack(void)
{
char tc_cmd[BUFSIZ];
/* Move to a new networking namespace */
if (CHECK_FAIL(unshare(CLONE_NEWNET)))
return false;
Reported by FlawFinder.
Line: 133
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rcv_msg(int srv_client, int type)
{
struct sockaddr_storage ss;
char buf[BUFSIZ];
socklen_t slen;
if (type == SOCK_STREAM)
return read(srv_client, &buf, sizeof(buf));
else
Reported by FlawFinder.
Line: 273
Column: 13
CWE codes:
362
int self_net;
int i;
self_net = open(NS_SELF, O_RDONLY);
if (CHECK_FAIL(self_net < 0)) {
perror("Unable to open "NS_SELF);
return;
}
Reported by FlawFinder.
Line: 137
Column: 10
CWE codes:
120
20
socklen_t slen;
if (type == SOCK_STREAM)
return read(srv_client, &buf, sizeof(buf));
else
return recvfrom(srv_client, &buf, sizeof(buf), 0,
(struct sockaddr *)&ss, &slen);
}
Reported by FlawFinder.
tools/testing/selftests/cgroup/test_memcontrol.c
10 issues
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char *parent, *child, *parent2 = NULL, *child2 = NULL;
int ret = KSFT_FAIL;
char buf[PAGE_SIZE];
/* Create two nested cgroups with the memory controller enabled */
parent = cg_name(root, "memcg_test_0");
child = cg_name(root, "memcg_test_0/memcg_test_1");
if (!parent || !child)
Reported by FlawFinder.
Line: 267
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int test_memcg_min(const char *root)
{
int ret = KSFT_FAIL;
char *parent[3] = {NULL};
char *children[4] = {NULL};
long c[4];
int i, attempts;
int fd;
Reported by FlawFinder.
Line: 268
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret = KSFT_FAIL;
char *parent[3] = {NULL};
char *children[4] = {NULL};
long c[4];
int i, attempts;
int fd;
fd = get_temp_fd();
Reported by FlawFinder.
Line: 423
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int test_memcg_low(const char *root)
{
int ret = KSFT_FAIL;
char *parent[3] = {NULL};
char *children[4] = {NULL};
long low, oom;
long c[4];
int i;
int fd;
Reported by FlawFinder.
Line: 424
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret = KSFT_FAIL;
char *parent[3] = {NULL};
char *children[4] = {NULL};
long low, oom;
long c[4];
int i;
int fd;
Reported by FlawFinder.
Line: 882
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char server[] = "localhost";
struct addrinfo *ai;
char servport[6];
int retries = 0x10; /* nice round number */
int sk, ret;
snprintf(servport, sizeof(servport), "%hd", port);
ret = getaddrinfo(server, servport, NULL, &ai);
Reported by FlawFinder.
Line: 1195
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char **argv)
{
char root[PATH_MAX];
int i, ret = EXIT_SUCCESS;
if (cg_find_unified_root(root, sizeof(root)))
ksft_exit_skip("cgroup v2 isn't mounted\n");
Reported by FlawFinder.
Line: 235
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
if (cg_read_strcmp(cgroup, "cgroup.procs", "") == 0)
return 0;
usleep(100000);
}
return -1;
}
/*
Reported by FlawFinder.
Line: 904
Column: 7
CWE codes:
120
20
uint8_t buf[0x100000];
long current, sock;
if (read(sk, buf, sizeof(buf)) <= 0)
goto close_sk;
current = cg_read_long(cgroup, "memory.current");
sock = cg_read_key_long(cgroup, "memory.stat", "sock ");
Reported by FlawFinder.
tools/hv/hv_vss_daemon.c
10 issues
Line: 78
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
snprintf(buffer, PATH_MAX, "%s/loop", blkname);
if (!access(buffer, R_OK | X_OK)) {
ret = true;
goto free_buffer;
} else if (errno != ENOENT) {
syslog(LOG_ERR, "Can't access: %s; error:%d %s!",
buffer, errno, strerror(errno));
Reported by FlawFinder.
Line: 226
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
{0, 0, 0, 0 }
};
while ((opt = getopt_long(argc, argv, "hn", long_options,
&long_index)) != -1) {
switch (opt) {
case 'n':
daemonize = 0;
break;
Reported by FlawFinder.
Line: 36
Column: 16
CWE codes:
362
/* Don't use syslog() in the function since that can cause write to disk */
static int vss_do_freeze(char *dir, unsigned int cmd)
{
int ret, fd = open(dir, O_RDONLY);
if (fd < 0)
return 1;
ret = ioctl(fd, cmd, 0);
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FILE *mounts;
struct mntent *ent;
struct stat sb;
char errdir[1024] = {0};
char blkdir[23]; /* /sys/dev/block/XXX:XXX */
unsigned int cmd;
int error = 0, root_seen = 0, save_errno = 0;
switch (operation) {
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct mntent *ent;
struct stat sb;
char errdir[1024] = {0};
char blkdir[23]; /* /sys/dev/block/XXX:XXX */
unsigned int cmd;
int error = 0, root_seen = 0, save_errno = 0;
switch (operation) {
case VSS_OP_FREEZE:
Reported by FlawFinder.
Line: 146
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
syslog(LOG_ERR, "Can't stat: %s; error:%d %s!",
ent->mnt_fsname, errno, strerror(errno));
} else {
sprintf(blkdir, "/sys/dev/block/%d:%d",
major(sb.st_rdev), minor(sb.st_rdev));
if (is_dev_loop(blkdir))
continue;
}
if (hasmntopt(ent, MNTOPT_RO) != NULL)
Reported by FlawFinder.
Line: 259
Column: 11
CWE codes:
362
}
in_handshake = 1;
vss_fd = open("/dev/vmbus/hv_vss", O_RDWR);
if (vss_fd < 0) {
syslog(LOG_ERR, "open /dev/vmbus/hv_vss failed; error: %d %s",
errno, strerror(errno));
exit(EXIT_FAILURE);
}
Reported by FlawFinder.
Line: 140
Column: 39
CWE codes:
126
return -1;
while ((ent = getmntent(mounts))) {
if (strncmp(ent->mnt_fsname, match, strlen(match)))
continue;
if (stat(ent->mnt_fsname, &sb)) {
syslog(LOG_ERR, "Can't stat: %s; error:%d %s!",
ent->mnt_fsname, errno, strerror(errno));
} else {
Reported by FlawFinder.
Line: 185
Column: 3
CWE codes:
120
err:
save_errno = errno;
if (ent) {
strncpy(errdir, ent->mnt_dir, sizeof(errdir)-1);
endmntent(mounts);
}
vss_operate(VSS_OP_THAW);
fs_frozen = false;
/* Call syslog after we thaw all filesystems */
Reported by FlawFinder.
Line: 294
Column: 9
CWE codes:
120
20
continue;
}
len = read(vss_fd, vss_msg, sizeof(struct hv_vss_msg));
if (in_handshake) {
if (len != sizeof(kernel_modver)) {
syslog(LOG_ERR, "invalid version negotiation");
exit(EXIT_FAILURE);
Reported by FlawFinder.
tools/bpf/bpftool/tracelog.c
10 issues
Line: 53
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return false;
}
strcpy(mnt, mntpt);
return true;
}
static bool get_tracefs_pipe(char *mnt)
{
Reported by FlawFinder.
Line: 83
Column: 9
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
/* Allow room for NULL terminating byte and pipe file name */
snprintf(format, sizeof(format), "%%*s %%%zds %%99s %%*s %%*d %%*d\\n",
PATH_MAX - strlen(pipe_name) - 1);
while (fscanf(fp, format, mnt, type) == 2)
if (strcmp(type, fstype) == 0) {
found = true;
break;
}
fclose(fp);
Reported by FlawFinder.
Line: 103
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
* find it, it is likely that debugfs is not mounted. Let's give one
* attempt at mounting just tracefs at /sys/kernel/tracing.
*/
strcpy(mnt, known_mnts[1]);
if (mount_tracefs(mnt))
return false;
exit_found:
strcat(mnt, pipe_name);
Reported by FlawFinder.
Line: 108
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return false;
exit_found:
strcat(mnt, pipe_name);
return true;
}
static void exit_tracelog(int signum)
{
Reported by FlawFinder.
Line: 67
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
const char *pipe_name = "/trace_pipe";
const char *fstype = "tracefs";
char type[100], format[32];
const char * const *ptr;
bool found = false;
FILE *fp;
for (ptr = known_mnts; ptr < known_mnts + ARRAY_SIZE(known_mnts); ptr++)
Reported by FlawFinder.
Line: 76
Column: 7
CWE codes:
362
if (find_tracefs_mnt_single(TRACEFS_MAGIC, mnt, *ptr))
goto exit_found;
fp = fopen("/proc/mounts", "r");
if (!fp)
return false;
/* Allow room for NULL terminating byte and pipe file name */
snprintf(format, sizeof(format), "%%*s %%%zds %%99s %%*s %%*d %%*d\\n",
Reported by FlawFinder.
Line: 130
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct sigaction act = {
.sa_handler = exit_tracelog
};
char trace_pipe[PATH_MAX];
size_t buff_len = 0;
if (json_output)
jsonw_start_array(json_wtr);
Reported by FlawFinder.
Line: 139
Column: 18
CWE codes:
362
if (!get_tracefs_pipe(trace_pipe))
return -1;
trace_pipe_fd = fopen(trace_pipe, "r");
if (!trace_pipe_fd) {
p_err("could not open trace pipe: %s", strerror(errno));
return -1;
}
Reported by FlawFinder.
Line: 47
Column: 12
CWE codes:
126
if (validate_tracefs_mnt(mntpt, magic))
return false;
src_len = strlen(mntpt);
if (src_len + 1 >= PATH_MAX) {
p_err("tracefs mount point name too long");
return false;
}
Reported by FlawFinder.
Line: 82
Column: 15
CWE codes:
126
/* Allow room for NULL terminating byte and pipe file name */
snprintf(format, sizeof(format), "%%*s %%%zds %%99s %%*s %%*d %%*d\\n",
PATH_MAX - strlen(pipe_name) - 1);
while (fscanf(fp, format, mnt, type) == 2)
if (strcmp(type, fstype) == 0) {
found = true;
break;
}
Reported by FlawFinder.
sound/pci/ymfpci/ymfpci_main.c
10 issues
Line: 402
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
case SNDRV_PCM_TRIGGER_STOP:
if (substream->pcm == chip->pcm && !ypcm->use_441_slot) {
kctl = chip->pcm_mixer[substream->number].ctl;
kctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
}
fallthrough;
case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
case SNDRV_PCM_TRIGGER_SUSPEND:
chip->ctrl_playback[ypcm->voices[0]->number + 1] = 0;
Reported by FlawFinder.
Line: 679
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (substream->pcm == chip->pcm && !ypcm->use_441_slot) {
kctl = chip->pcm_mixer[substream->number].ctl;
kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(chip->card, SNDRV_CTL_EVENT_MASK_INFO, &kctl->id);
}
return 0;
}
Reported by FlawFinder.
Line: 976
Column: 29
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
chip->spdif_opened++;
spin_unlock_irq(&chip->reg_lock);
chip->spdif_pcm_ctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(chip->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &chip->spdif_pcm_ctl->id);
return 0;
}
Reported by FlawFinder.
Line: 1076
Column: 29
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
snd_ymfpci_readw(chip, YDSXGR_SPDIFOUTCTRL) & ~2);
snd_ymfpci_writew(chip, YDSXGR_SPDIFOUTSTATUS, chip->spdif_bits);
spin_unlock_irq(&chip->reg_lock);
chip->spdif_pcm_ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
snd_ctl_notify(chip->card, SNDRV_CTL_EVENT_MASK_VALUE |
SNDRV_CTL_EVENT_MASK_INFO, &chip->spdif_pcm_ctl->id);
return snd_ymfpci_playback_close_1(substream);
}
Reported by FlawFinder.
Line: 1175
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
/* global setup */
pcm->info_flags = 0;
sprintf(pcm->name, "YMFPCI - %s",
chip->device_id == PCI_DEVICE_ID_YAMAHA_754 ? "Direct Recording" : "AC'97");
chip->pcm2 = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV,
&chip->pci->dev, 64*1024, 256*1024);
Reported by FlawFinder.
Line: 1142
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* global setup */
pcm->info_flags = 0;
strcpy(pcm->name, "YMFPCI");
chip->pcm = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV,
&chip->pci->dev, 64*1024, 256*1024);
Reported by FlawFinder.
Line: 1209
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* global setup */
pcm->info_flags = 0;
strcpy(pcm->name, "YMFPCI - IEC958");
chip->pcm_spdif = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV,
&chip->pci->dev, 64*1024, 256*1024);
Reported by FlawFinder.
Line: 1250
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* global setup */
pcm->info_flags = 0;
strcpy(pcm->name, "YMFPCI - Rear PCM");
chip->pcm_4ch = pcm;
snd_pcm_set_managed_buffer_all(pcm, SNDRV_DMA_TYPE_DEV,
&chip->pci->dev, 64*1024, 256*1024);
Reported by FlawFinder.
Line: 1385
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int snd_ymfpci_drec_source_info(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_info *info)
{
static const char *const texts[3] = {"AC'97", "IEC958", "ZV Port"};
return snd_ctl_enum_info(info, 1, 3, texts);
}
static int snd_ymfpci_drec_source_get(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *value)
Reported by FlawFinder.
Line: 1956
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
tid.subdevice = 0;
err = snd_timer_new(chip->card, "YMFPCI", &tid, &timer);
if (err >= 0) {
strcpy(timer->name, "YMFPCI timer");
timer->private_data = chip;
timer->hw = snd_ymfpci_timer_hw;
}
chip->timer = timer;
return err;
Reported by FlawFinder.