The following issues were found
tools/perf/builtin-mem.c
9 issues
Line: 212
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
fmt = "%5d%s%5d%s0x%016"PRIx64"%s0x016%"PRIx64"%s";
symbol_conf.field_sep = " ";
}
printf(fmt,
sample->pid,
symbol_conf.field_sep,
sample->tid,
symbol_conf.field_sep,
sample->ip,
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
else
fmt = "%5"PRIu64"%s0x%06"PRIx64"%s%s:%s\n";
printf(fmt,
sample->weight,
symbol_conf.field_sep,
sample->data_src,
symbol_conf.field_sep,
al.map ? (al.map->dso ? al.map->dso->long_name : "???") : "???",
Reported by FlawFinder.
Line: 191
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_mem *mem = container_of(tool, struct perf_mem, tool);
struct addr_location al;
const char *fmt, *field_sep;
char str[PAGE_SIZE_NAME_LEN];
if (machine__resolve(machine, &al, sample) < 0) {
fprintf(stderr, "problem processing %d event, skipping it.\n",
event->header.type);
return -1;
Reported by FlawFinder.
Line: 312
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *get_sort_order(struct perf_mem *mem)
{
bool has_extra_options = (mem->phys_addr | mem->data_page_size) ? true : false;
char sort[128];
/*
* there is no weight (cost) associated with stores, so don't print
* the column
*/
Reported by FlawFinder.
Line: 319
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
* the column
*/
if (!(mem->operation & MEM_OPERATION_LOAD)) {
strcpy(sort, "--sort=mem,sym,dso,symbol_daddr,"
"dso_daddr,tlb,locked");
} else if (has_extra_options) {
strcpy(sort, "--sort=local_weight,mem,sym,dso,symbol_daddr,"
"dso_daddr,snoop,tlb,locked,blocked");
} else
Reported by FlawFinder.
Line: 322
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(sort, "--sort=mem,sym,dso,symbol_daddr,"
"dso_daddr,tlb,locked");
} else if (has_extra_options) {
strcpy(sort, "--sort=local_weight,mem,sym,dso,symbol_daddr,"
"dso_daddr,snoop,tlb,locked,blocked");
} else
return NULL;
if (mem->phys_addr)
Reported by FlawFinder.
Line: 328
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return NULL;
if (mem->phys_addr)
strcat(sort, ",phys_daddr");
if (mem->data_page_size)
strcat(sort, ",data_page_size");
return strdup(sort);
Reported by FlawFinder.
Line: 331
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(sort, ",phys_daddr");
if (mem->data_page_size)
strcat(sort, ",data_page_size");
return strdup(sort);
}
static int report_events(int argc, const char **argv, struct perf_mem *mem)
Reported by FlawFinder.
Line: 493
Column: 26
CWE codes:
126
if (!argc || !(strncmp(argv[0], "rec", 3) || mem.operation))
usage_with_options(mem_usage, mem_options);
if (!mem.input_name || !strlen(mem.input_name)) {
if (!fstat(STDIN_FILENO, &st) && S_ISFIFO(st.st_mode))
mem.input_name = "-";
else
mem.input_name = "perf.data";
}
Reported by FlawFinder.
tools/testing/selftests/proc/proc-self-map-files-001.c
9 issues
Line: 32
Column: 6
CWE codes:
362
20
Suggestion:
Reconsider approach
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
}
static void fail(const char *fmt, unsigned long a, unsigned long b)
{
Reported by FlawFinder.
Line: 42
Column: 6
CWE codes:
362
20
Suggestion:
Reconsider approach
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
exit(1);
}
int main(void)
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
}
static void fail(const char *fmt, unsigned long a, unsigned long b)
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
exit(1);
}
Reported by FlawFinder.
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void pass(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void pass(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
}
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void fail(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void fail(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
exit(1);
Reported by FlawFinder.
Line: 54
Column: 7
CWE codes:
362
int fd;
unsigned long a, b;
fd = open("/dev/zero", O_RDONLY);
if (fd == -1)
return 1;
p = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_PRIVATE|MAP_FILE, fd, 0);
if (p == MAP_FAILED)
Reported by FlawFinder.
sound/usb/pcm.c
9 issues
Line: 163
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int init_pitch_v1(struct snd_usb_audio *chip, int ep)
{
struct usb_device *dev = chip->dev;
unsigned char data[1];
int err;
data[0] = 1;
err = snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0), UAC_SET_CUR,
USB_TYPE_CLASS|USB_RECIP_ENDPOINT|USB_DIR_OUT,
Reported by FlawFinder.
Line: 177
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int init_pitch_v2(struct snd_usb_audio *chip, int ep)
{
struct usb_device *dev = chip->dev;
unsigned char data[1];
int err;
data[0] = 1;
err = snd_usb_ctl_msg(dev, usb_sndctrlpipe(dev, 0), UAC2_CS_CUR,
USB_TYPE_CLASS | USB_RECIP_ENDPOINT | USB_DIR_OUT,
Reported by FlawFinder.
Line: 1170
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (oldptr + bytes > subs->buffer_bytes) {
unsigned int bytes1 = subs->buffer_bytes - oldptr;
memcpy(runtime->dma_area + oldptr, cp, bytes1);
memcpy(runtime->dma_area, cp + bytes1, bytes - bytes1);
} else {
memcpy(runtime->dma_area + oldptr, cp, bytes);
}
}
Reported by FlawFinder.
Line: 1171
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int bytes1 = subs->buffer_bytes - oldptr;
memcpy(runtime->dma_area + oldptr, cp, bytes1);
memcpy(runtime->dma_area, cp + bytes1, bytes - bytes1);
} else {
memcpy(runtime->dma_area + oldptr, cp, bytes);
}
}
Reported by FlawFinder.
Line: 1173
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(runtime->dma_area + oldptr, cp, bytes1);
memcpy(runtime->dma_area, cp + bytes1, bytes - bytes1);
} else {
memcpy(runtime->dma_area + oldptr, cp, bytes);
}
}
if (period_elapsed)
snd_pcm_period_elapsed(subs->pcm_substream);
Reported by FlawFinder.
Line: 1276
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* err, the transferred area goes over buffer boundary. */
unsigned int bytes1 = subs->buffer_bytes - subs->hwptr_done;
memcpy(urb->transfer_buffer + offset,
runtime->dma_area + subs->hwptr_done, bytes1);
memcpy(urb->transfer_buffer + offset + bytes1,
runtime->dma_area, bytes - bytes1);
} else {
memcpy(urb->transfer_buffer + offset,
Reported by FlawFinder.
Line: 1278
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(urb->transfer_buffer + offset,
runtime->dma_area + subs->hwptr_done, bytes1);
memcpy(urb->transfer_buffer + offset + bytes1,
runtime->dma_area, bytes - bytes1);
} else {
memcpy(urb->transfer_buffer + offset,
runtime->dma_area + subs->hwptr_done, bytes);
}
Reported by FlawFinder.
Line: 1281
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(urb->transfer_buffer + offset + bytes1,
runtime->dma_area, bytes - bytes1);
} else {
memcpy(urb->transfer_buffer + offset,
runtime->dma_area + subs->hwptr_done, bytes);
}
urb_ctx_queue_advance(subs, urb, bytes);
}
Reported by FlawFinder.
Line: 1304
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
offset += i * sizeof(packet_length);
urb->iso_frame_desc[i].offset = offset;
urb->iso_frame_desc[i].length += sizeof(packet_length);
memcpy(urb->transfer_buffer + offset,
&packet_length, sizeof(packet_length));
copy_to_urb(subs, urb, offset + sizeof(packet_length),
stride, length);
}
/* Adjust transfer size accordingly. */
Reported by FlawFinder.
tools/testing/selftests/proc/proc-self-map-files-002.c
9 issues
Line: 32
Column: 6
CWE codes:
362
20
Suggestion:
Reconsider approach
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
}
static void fail(const char *fmt, unsigned long a, unsigned long b)
{
Reported by FlawFinder.
Line: 42
Column: 6
CWE codes:
362
20
Suggestion:
Reconsider approach
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
exit(1);
}
int main(void)
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
}
static void fail(const char *fmt, unsigned long a, unsigned long b)
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
exit(1);
}
Reported by FlawFinder.
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void pass(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void pass(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
}
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void fail(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void fail(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
exit(1);
Reported by FlawFinder.
Line: 60
Column: 7
CWE codes:
362
int fd;
unsigned long a, b;
fd = open("/dev/zero", O_RDONLY);
if (fd == -1)
return 1;
for (va = 0; va < va_max; va += PAGE_SIZE) {
p = mmap((void *)va, PAGE_SIZE, PROT_NONE, MAP_PRIVATE|MAP_FILE|MAP_FIXED, fd, 0);
Reported by FlawFinder.
tools/perf/bench/inject-buildid.c
9 issues
Line: 193
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
event.mmap2.maj = MMAP_DEV_MAJOR;
event.mmap2.ino = dso->ino;
strcpy(event.mmap2.filename, dso->name);
event.mmap2.start = dso_map_addr(dso);
event.mmap2.len = 4096;
event.mmap2.prot = PROT_EXEC;
Reported by FlawFinder.
Line: 90
Column: 14
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
if (filename__read_build_id(fpath, &bid) < 0)
return 0;
dso->name = realpath(fpath, NULL);
if (dso->name == NULL)
return -1;
dso->ino = nr_dsos++;
pr_debug2(" Adding DSO: %s\n", fpath);
Reported by FlawFinder.
Line: 444
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
static int do_inject_loops(struct bench_data *data)
{
srand(time(NULL));
symbol__init(NULL);
bench_sample_type = PERF_SAMPLE_IDENTIFIER | PERF_SAMPLE_IP;
bench_sample_type |= PERF_SAMPLE_TID | PERF_SAMPLE_TIME;
bench_id_hdr_size = 32;
Reported by FlawFinder.
Line: 249
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void *data_reader(void *arg)
{
struct bench_data *data = arg;
char buf[8192];
int flag;
int n;
flag = fcntl(data->output_pipe[0], F_GETFL);
fcntl(data->output_pipe[0], F_SETFL, flag | O_NONBLOCK);
Reported by FlawFinder.
Line: 306
Column: 17
CWE codes:
362
dup2(data->output_pipe[1], STDOUT_FILENO);
close(data->output_pipe[1]);
dev_null_fd = open("/dev/null", O_WRONLY);
if (dev_null_fd < 0)
exit(1);
dup2(dev_null_fd, STDERR_FILENO);
Reported by FlawFinder.
Line: 180
Column: 17
CWE codes:
126
u64 *id_hdr_ptr = (void *)&event;
int ts_idx;
len += roundup(strlen(dso->name) + 1, 8) + bench_id_hdr_size;
memset(&event, 0, min(len, sizeof(event.mmap2)));
event.header.type = PERF_RECORD_MMAP2;
event.header.misc = PERF_RECORD_MISC_USER;
Reported by FlawFinder.
Line: 267
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
if (errno != EINTR && errno != EAGAIN)
break;
usleep(100);
}
close(data->output_pipe[0]);
return NULL;
}
Reported by FlawFinder.
tools/testing/selftests/proc/setns-dcache.c
9 issues
Line: 93
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
{
char buf[64];
snprintf(buf, sizeof(buf), "/proc/%u/ns/net", pid);
nsfd = open(buf, O_RDONLY);
if (nsfd == -1) {
return 1;
}
Reported by FlawFinder.
Line: 95
Column: 10
CWE codes:
362
{
char buf[64];
snprintf(buf, sizeof(buf), "/proc/%u/ns/net", pid);
nsfd = open(buf, O_RDONLY);
if (nsfd == -1) {
return 1;
}
}
Reported by FlawFinder.
Line: 102
Column: 8
CWE codes:
362
}
/* Reliably pin dentry into dcache. */
(void)open("/proc/net/unix", O_RDONLY);
if (setns(nsfd, CLONE_NEWNET) == -1) {
return 1;
}
Reported by FlawFinder.
Line: 112
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pid = 0;
{
char buf[4096];
ssize_t rv;
int fd;
fd = open("/proc/net/unix", O_RDONLY);
if (fd == -1) {
Reported by FlawFinder.
Line: 116
Column: 8
CWE codes:
362
ssize_t rv;
int fd;
fd = open("/proc/net/unix", O_RDONLY);
if (fd == -1) {
return 1;
}
#define S "Num RefCount Protocol Flags Type St Inode Path\n"
Reported by FlawFinder.
Line: 122
Column: 8
CWE codes:
120
20
}
#define S "Num RefCount Protocol Flags Type St Inode Path\n"
rv = read(fd, buf, sizeof(buf));
assert(rv == strlen(S));
assert(memcmp(buf, S, strlen(S)) == 0);
}
Reported by FlawFinder.
Line: 124
Column: 16
CWE codes:
126
#define S "Num RefCount Protocol Flags Type St Inode Path\n"
rv = read(fd, buf, sizeof(buf));
assert(rv == strlen(S));
assert(memcmp(buf, S, strlen(S)) == 0);
}
return 0;
}
Reported by FlawFinder.
Line: 125
Column: 25
CWE codes:
126
rv = read(fd, buf, sizeof(buf));
assert(rv == strlen(S));
assert(memcmp(buf, S, strlen(S)) == 0);
}
return 0;
}
Reported by FlawFinder.
tools/perf/util/scripting-engines/trace-event-perl.c
9 issues
Line: 366
Column: 36
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
pid = raw_field_value(event, "common_pid", data);
sprintf(handler, "%s::%s", event->system, event->name);
if (!test_and_set_bit(event->id, events_defined))
define_event_symbols(event, handler, event->print_fmt.args);
s = nsecs / NSEC_PER_SEC;
Reported by FlawFinder.
Line: 366
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pid = raw_field_value(event, "common_pid", data);
sprintf(handler, "%s::%s", event->system, event->name);
if (!test_and_set_bit(event->id, events_defined))
define_event_symbols(event, handler, event->print_fmt.args);
s = nsecs / NSEC_PER_SEC;
Reported by FlawFinder.
Line: 551
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
char fname[PATH_MAX];
FILE *ofp;
sprintf(fname, "%s.pl", outfile);
ofp = fopen(fname, "w");
if (ofp == NULL) {
fprintf(stderr, "couldn't open %s\n", fname);
return -1;
}
Reported by FlawFinder.
Line: 614
Column: 42
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
for (i = 0; all_events && i < nr_events; i++) {
event = all_events[i];
fprintf(ofp, "sub %s::%s\n{\n", event->system, event->name);
fprintf(ofp, "\tmy (");
fprintf(ofp, "$event_name, ");
fprintf(ofp, "$context, ");
fprintf(ofp, "$common_cpu, ");
Reported by FlawFinder.
Line: 685
Column: 39
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
count = 4;
}
fprintf(ofp, "flag_str(\"");
fprintf(ofp, "%s::%s\", ", event->system,
event->name);
fprintf(ofp, "\"%s\", $%s)", f->name,
f->name);
} else if (f->flags & TEP_FIELD_IS_SYMBOLIC) {
if ((count - 1) % 5 != 0) {
Reported by FlawFinder.
Line: 695
Column: 39
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
count = 4;
}
fprintf(ofp, "symbol_str(\"");
fprintf(ofp, "%s::%s\", ", event->system,
event->name);
fprintf(ofp, "\"%s\", $%s)", f->name,
f->name);
} else
fprintf(ofp, "$%s", f->name);
Reported by FlawFinder.
Line: 345
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct thread *thread = al->thread;
struct tep_event *event = evsel->tp_format;
struct tep_format_field *field;
static char handler[256];
unsigned long long val;
unsigned long s, ns;
int pid;
int cpu = sample->cpu;
void *data = sample->raw_data;
Reported by FlawFinder.
Line: 548
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tep_event **all_events;
struct tep_event *event = NULL;
struct tep_format_field *f;
char fname[PATH_MAX];
FILE *ofp;
sprintf(fname, "%s.pl", outfile);
ofp = fopen(fname, "w");
if (ofp == NULL) {
Reported by FlawFinder.
Line: 552
Column: 8
CWE codes:
362
FILE *ofp;
sprintf(fname, "%s.pl", outfile);
ofp = fopen(fname, "w");
if (ofp == NULL) {
fprintf(stderr, "couldn't open %s\n", fname);
return -1;
}
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/sk_lookup.c
9 issues
Line: 1065
.ctx_in = &ctx,
.ctx_size_in = sizeof(ctx),
.ctx_out = &ctx,
.ctx_size_out = sizeof(ctx),
);
if (fill_sk_lookup_ctx(&ctx, local_ip, EXT_PORT, remote_ip, INT_PORT))
return;
Reported by Cppcheck.
Line: 1357
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
for (cmd = setup_script; *cmd; cmd++) {
err = system(*cmd);
if (CHECK(err, "system", "failed\n")) {
log_err("system(%s)", *cmd);
return -1;
}
}
Reported by FlawFinder.
Line: 301
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int recv_byte(int fd)
{
char buf[1];
ssize_t n;
n = recv(fd, buf, sizeof(buf), 0);
if (CHECK(n <= 0, "recv_byte", "recv")) {
log_err("failed/partial recv");
Reported by FlawFinder.
Line: 314
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int tcp_recv_send(int server_fd)
{
char buf[1];
int ret, fd;
ssize_t n;
fd = accept(server_fd, NULL, NULL);
if (CHECK(fd < 0, "accept", "failed\n")) {
Reported by FlawFinder.
Line: 353
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
v6->sin6_port = v4.sin_port;
v6->sin6_addr.s6_addr[10] = 0xff;
v6->sin6_addr.s6_addr[11] = 0xff;
memcpy(&v6->sin6_addr.s6_addr[12], &v4.sin_addr.s_addr, 4);
memset(&v6->sin6_addr.s6_addr[0], 0, 10);
}
static int udp_recv_send(int server_fd)
{
Reported by FlawFinder.
Line: 359
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int udp_recv_send(int server_fd)
{
char cmsg_buf[CMSG_SPACE(sizeof(struct sockaddr_storage))];
struct sockaddr_storage _src_addr = { 0 };
struct sockaddr_storage *src_addr = &_src_addr;
struct sockaddr_storage *dst_addr = NULL;
struct msghdr msg = { 0 };
struct iovec iov = { 0 };
Reported by FlawFinder.
Line: 366
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct msghdr msg = { 0 };
struct iovec iov = { 0 };
struct cmsghdr *cm;
char buf[1];
int ret, fd;
ssize_t n;
iov.iov_base = buf;
iov.iov_len = sizeof(buf);
Reported by FlawFinder.
Line: 476
Column: 11
CWE codes:
362
struct bpf_link *link;
int net_fd;
net_fd = open("/proc/self/ns/net", O_RDONLY);
if (CHECK(net_fd < 0, "open", "failed\n")) {
log_err("failed to open /proc/self/ns/net");
return NULL;
}
Reported by FlawFinder.
Line: 527
Column: 11
CWE codes:
362
int net_fd;
int err;
net_fd = open("/proc/self/ns/net", O_RDONLY);
if (CHECK(net_fd < 0, "open", "failed\n")) {
log_err("failed to open /proc/self/ns/net");
return;
}
Reported by FlawFinder.
tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
9 issues
Line: 253
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
fprintf(stderr, "%s\n", buf);
intel_pt_log("%s\n", buf);
}
Reported by FlawFinder.
Line: 233
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint64_t psb_ip;
const unsigned char *next_buf;
size_t next_len;
unsigned char temp_buf[INTEL_PT_PKT_MAX_SZ];
};
static uint64_t intel_pt_lower_power_of_2(uint64_t x)
{
int i;
Reported by FlawFinder.
Line: 249
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__printf(1, 2)
static void p_log(const char *fmt, ...)
{
char buf[512];
va_list args;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
Reported by FlawFinder.
Line: 673
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
old_len = decoder->len;
len = decoder->len;
memcpy(buf, decoder->buf, len);
ret = intel_pt_get_data(decoder, false);
if (ret) {
decoder->pos += old_len;
return ret < 0 ? ret : -EINVAL;
Reported by FlawFinder.
Line: 684
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
n = INTEL_PT_PKT_MAX_SZ - len;
if (n > decoder->len)
n = decoder->len;
memcpy(buf + len, decoder->buf, n);
len += n;
decoder->prev_pkt_ctx = decoder->pkt_ctx;
ret = intel_pt_get_packet(buf, len, &decoder->packet, &decoder->pkt_ctx);
if (ret < (int)old_len) {
Reported by FlawFinder.
Line: 1196
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out_no_progress:
decoder->state.insn_op = intel_pt_insn->op;
decoder->state.insn_len = intel_pt_insn->length;
memcpy(decoder->state.insn, intel_pt_insn->buf,
INTEL_PT_INSN_BUF_SZ);
if (decoder->tx_flags & INTEL_PT_IN_TX)
decoder->state.flags |= INTEL_PT_IN_TX;
Reported by FlawFinder.
Line: 2246
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* data file.
*/
if (!decoder->vm_tm_corr_dry_run)
memcpy((void *)decoder->buf + 1, &decoder->packet.payload, 7);
intel_pt_log("Translated VM TSC %#" PRIx64 " -> %#" PRIx64
" VMCS %#" PRIx64 " TSC Offset %#" PRIx64 "\n",
payload, decoder->packet.payload, vmcs_info->vmcs,
vmcs_info->tsc_offset);
Reported by FlawFinder.
Line: 2530
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
decoder->packet.payload = host_tsc;
if (!decoder->vm_tm_corr_dry_run)
memcpy((void *)decoder->buf + 1, &host_tsc, 8);
}
static int intel_pt_vm_time_correlation(struct intel_pt_decoder *decoder)
{
struct intel_pt_vm_tsc_info data = { .psbend = false };
Reported by FlawFinder.
Line: 3541
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
decoder->pos -= part_psb;
decoder->next_buf = decoder->buf + rest_psb;
decoder->next_len = decoder->len - rest_psb;
memcpy(decoder->temp_buf, INTEL_PT_PSB_STR, INTEL_PT_PSB_LEN);
decoder->buf = decoder->temp_buf;
decoder->len = INTEL_PT_PSB_LEN;
return 0;
}
Reported by FlawFinder.
tools/power/acpi/tools/acpidump/apfiles.c
9 issues
Line: 134
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
if (instance > 0) {
snprintf(instance_str, sizeof(instance_str), "%u", instance);
strcat(filename, instance_str);
}
strcat(filename, FILE_SUFFIX_BINARY_TABLE);
if (gbl_verbose_mode) {
Reported by FlawFinder.
Line: 137
Column: 2
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(filename, instance_str);
}
strcat(filename, FILE_SUFFIX_BINARY_TABLE);
if (gbl_verbose_mode) {
fprintf(stderr,
"Writing [%4.4s] to binary file: %s 0x%X (%u) bytes\n",
table->signature, filename, table->length,
Reported by FlawFinder.
Line: 77
Column: 9
CWE codes:
362
/* Point stdout to the file */
file = fopen(pathname, "w");
if (!file) {
fprintf(stderr, "Could not open output file: %s\n", pathname);
return (-1);
}
Reported by FlawFinder.
Line: 106
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ap_write_to_binary_file(struct acpi_table_header *table, u32 instance)
{
char filename[ACPI_NAMESEG_SIZE + 16];
char instance_str[16];
ACPI_FILE file;
acpi_size actual;
u32 table_length;
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ap_write_to_binary_file(struct acpi_table_header *table, u32 instance)
{
char filename[ACPI_NAMESEG_SIZE + 16];
char instance_str[16];
ACPI_FILE file;
acpi_size actual;
u32 table_length;
/* Obtain table length */
Reported by FlawFinder.
Line: 148
Column: 9
CWE codes:
362
/* Open the file and dump the entire table in binary mode */
file = fopen(filename, "wb");
if (!file) {
fprintf(stderr, "Could not open output file: %s\n", filename);
return (-1);
}
Reported by FlawFinder.
Line: 189
Column: 9
CWE codes:
362
/* Must use binary mode */
file = fopen(pathname, "rb");
if (!file) {
fprintf(stderr, "Could not open input file: %s\n", pathname);
return (NULL);
}
Reported by FlawFinder.
Line: 38
Column: 13
CWE codes:
120
20
fprintf(stderr,
"Target path already exists, overwrite? [y|n] ");
in_char = fgetc(stdin);
if (in_char == '\n') {
in_char = fgetc(stdin);
}
if (in_char != 'y' && in_char != 'Y') {
Reported by FlawFinder.