The following issues were found
tools/testing/selftests/sched/cs_prctl_test.c
8 issues
Line: 243
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
keypress = 1;
break;
case 'h':
printf(USAGE);
exit(EXIT_SUCCESS);
default:
handle_usage(20, "unknown option");
}
}
Reported by FlawFinder.
Line: 228
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int pid;
int opt;
while ((opt = getopt(argc, argv, ":hkT:P:d:")) != -1) {
switch (opt) {
case 'P':
num_processes = (int)strtol(optarg, NULL, 10);
break;
case 'T':
Reported by FlawFinder.
Line: 259
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (keypress)
delay = -1;
srand(time(NULL));
/* put into separate process group */
if (setpgid(0, 0) != 0)
handle_error("process group");
Reported by FlawFinder.
Line: 159
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 0;
}
static unsigned char child_func_process_stack[STACK_SIZE];
void create_processes(int num_processes, int num_threads, struct child_args proc[])
{
pid_t cpid;
int i;
Reported by FlawFinder.
Line: 121
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
static int child_func_thread(void __attribute__((unused))*arg)
{
while (1)
usleep(20000);
return 0;
}
static void create_threads(int num_threads, int thr_tids[])
{
Reported by FlawFinder.
Line: 155
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
close(ca->pfd[1]);
while (1)
usleep(20000);
return 0;
}
static unsigned char child_func_process_stack[STACK_SIZE];
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
120
20
}
for (i = 0; i < num_processes; ++i) {
read(proc[i].pfd[0], &proc[i].thr_tids, sizeof(int) * proc[i].num_threads);
close(proc[i].pfd[0]);
}
}
void disp_processes(int num_processes, struct child_args proc[])
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_snprintf.c
8 issues
Line: 9
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 pid = 0;
char num_out[64] = {};
long num_ret = 0;
char ip_out[64] = {};
long ip_ret = 0;
Reported by FlawFinder.
Line: 12
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char num_out[64] = {};
long num_ret = 0;
char ip_out[64] = {};
long ip_ret = 0;
char sym_out[64] = {};
long sym_ret = 0;
Reported by FlawFinder.
Line: 15
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char ip_out[64] = {};
long ip_ret = 0;
char sym_out[64] = {};
long sym_ret = 0;
char addr_out[64] = {};
long addr_ret = 0;
Reported by FlawFinder.
Line: 18
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char sym_out[64] = {};
long sym_ret = 0;
char addr_out[64] = {};
long addr_ret = 0;
char str_out[64] = {};
long str_ret = 0;
Reported by FlawFinder.
Line: 21
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char addr_out[64] = {};
long addr_ret = 0;
char str_out[64] = {};
long str_ret = 0;
char over_out[6] = {};
long over_ret = 0;
Reported by FlawFinder.
Line: 24
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char str_out[64] = {};
long str_ret = 0;
char over_out[6] = {};
long over_ret = 0;
char pad_out[10] = {};
long pad_ret = 0;
Reported by FlawFinder.
Line: 27
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char over_out[6] = {};
long over_ret = 0;
char pad_out[10] = {};
long pad_ret = 0;
char noarg_out[64] = {};
long noarg_ret = 0;
Reported by FlawFinder.
Line: 30
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char pad_out[10] = {};
long pad_ret = 0;
char noarg_out[64] = {};
long noarg_ret = 0;
long nobuf_ret = 0;
extern const void schedule __ksym;
Reported by FlawFinder.
tools/testing/selftests/pidfd/pidfd_setns_test.c
8 issues
Line: 93
Column: 7
CWE codes:
362
if (unshare(CLONE_NEWTIME))
return false;
fd = open("/proc/self/ns/time_for_children", O_RDONLY | O_CLOEXEC);
if (fd < 0)
return false;
ret = setns(fd, CLONE_NEWTIME);
close(fd);
Reported by FlawFinder.
Line: 136
Column: 12
CWE codes:
362
self->child_nsfds2[i] = -EBADF;
}
proc_fd = open("/proc/self/ns", O_DIRECTORY | O_CLOEXEC);
ASSERT_GE(proc_fd, 0) {
TH_LOG("%m - Failed to open /proc/self/ns");
}
self->pid = getpid();
Reported by FlawFinder.
Line: 233
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
close(ipc_sockets[0]);
for (i = 0; i < PIDFD_NS_MAX; i++) {
char p[100];
const struct ns_info *info = &ns_info[i];
self->nsfds[i] = openat(proc_fd, info->name, O_RDONLY | O_CLOEXEC);
if (self->nsfds[i] < 0) {
Reported by FlawFinder.
Line: 250
Column: 27
CWE codes:
362
EXPECT_GT(ret, 0);
EXPECT_LT(ret, sizeof(p));
self->child_nsfds1[i] = open(p, O_RDONLY | O_CLOEXEC);
if (self->child_nsfds1[i] < 0) {
EXPECT_EQ(errno, ENOENT) {
TH_LOG("%m - Failed to open %s namespace for process %d",
info->name, self->child_pid1);
}
Reported by FlawFinder.
Line: 263
Column: 27
CWE codes:
362
EXPECT_GT(ret, 0);
EXPECT_LT(ret, sizeof(p));
self->child_nsfds2[i] = open(p, O_RDONLY | O_CLOEXEC);
if (self->child_nsfds2[i] < 0) {
EXPECT_EQ(errno, ENOENT) {
TH_LOG("%m - Failed to open %s namespace for process %d",
info->name, self->child_pid1);
}
Reported by FlawFinder.
Line: 305
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int preserve_ns(const int pid, const char *ns)
{
int ret;
char path[50];
ret = snprintf(path, sizeof(path), "/proc/%d/ns/%s", pid, ns);
if (ret < 0 || (size_t)ret >= sizeof(path))
return -EIO;
Reported by FlawFinder.
Line: 311
Column: 9
CWE codes:
362
if (ret < 0 || (size_t)ret >= sizeof(path))
return -EIO;
return open(path, O_RDONLY | O_CLOEXEC);
}
static int in_same_namespace(int ns_fd1, pid_t pid2, const char *ns)
{
int ns_fd2 = -EBADF;
Reported by FlawFinder.
tools/lib/subcmd/parse-options.c
8 issues
Line: 130
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
char reason[128];
bool noarg = false;
err = snprintf(reason, sizeof(reason),
opt->flags & PARSE_OPT_CANSKIP ?
"is being ignored because %s " :
"is not available because %s",
opt->build_opt);
reason[sizeof(reason) - 1] = '\0';
Reported by FlawFinder.
Line: 85
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (opt->flags & PARSE_OPT_EXCLUSIVE) {
if (p->excl_opt && p->excl_opt != opt) {
char msg[128];
if (((flags & OPT_SHORT) && p->excl_opt->short_name) ||
p->excl_opt->long_name == NULL) {
snprintf(msg, sizeof(msg), "cannot be used with switch `%c'",
p->excl_opt->short_name);
Reported by FlawFinder.
Line: 127
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (opt->flags & PARSE_OPT_NOBUILD) {
char reason[128];
bool noarg = false;
err = snprintf(reason, sizeof(reason),
opt->flags & PARSE_OPT_CANSKIP ?
"is being ignored because %s " :
Reported by FlawFinder.
Line: 820
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ordered = malloc(len);
if (!ordered)
goto out;
memcpy(ordered, opts, len);
qsort(ordered, nr_opts, sizeof(*o), option__cmp);
out:
return ordered;
}
Reported by FlawFinder.
Line: 34
Column: 15
CWE codes:
126
static const char *skip_prefix(const char *str, const char *prefix)
{
size_t len = strlen(prefix);
return strncmp(str, prefix, len) ? NULL : str + len;
}
static void optwarning(const struct option *opt, const char *reason, int flags)
{
Reported by FlawFinder.
Line: 138
Column: 4
CWE codes:
120
reason[sizeof(reason) - 1] = '\0';
if (err < 0)
strncpy(reason, opt->flags & PARSE_OPT_CANSKIP ?
"is being ignored" :
"is not available",
sizeof(reason));
if (!(opt->flags & PARSE_OPT_CANSKIP))
Reported by FlawFinder.
Line: 371
Column: 19
CWE codes:
126
int abbrev_flags = 0, ambiguous_flags = 0;
if (!arg_end)
arg_end = arg + strlen(arg);
retry:
for (; options->type != OPTION_END; options++) {
const char *rest;
int flags = 0;
Reported by FlawFinder.
Line: 478
Column: 6
CWE codes:
126
static void check_typos(const char *arg, const struct option *options)
{
if (strlen(arg) < 3)
return;
if (strstarts(arg, "no-")) {
fprintf(stderr, " Error: did you mean `--%s` (with two dashes ?)\n", arg);
exit(129);
Reported by FlawFinder.
tools/objtool/objtool.c
8 issues
Line: 59
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return false;
}
strcpy(name, _objname);
strcpy(name + len, ".orig");
d = open(name, O_CREAT|O_WRONLY|O_TRUNC, 0644);
if (d < 0) {
perror("failed to create backup file");
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
}
strcpy(name, _objname);
strcpy(name + len, ".orig");
d = open(name, O_CREAT|O_WRONLY|O_TRUNC, 0644);
if (d < 0) {
perror("failed to create backup file");
return false;
Reported by FlawFinder.
Line: 62
Column: 6
CWE codes:
362
strcpy(name, _objname);
strcpy(name + len, ".orig");
d = open(name, O_CREAT|O_WRONLY|O_TRUNC, 0644);
if (d < 0) {
perror("failed to create backup file");
return false;
}
Reported by FlawFinder.
Line: 68
Column: 6
CWE codes:
362
return false;
}
s = open(_objname, O_RDONLY);
if (s < 0) {
perror("failed to open orig file");
return false;
}
Reported by FlawFinder.
Line: 50
Column: 12
CWE codes:
126
static bool objtool_create_backup(const char *_objname)
{
int len = strlen(_objname);
char *buf, *base, *name = malloc(len+6);
int s, d, l, t;
if (!name) {
perror("failed backup name malloc");
Reported by FlawFinder.
Line: 145
Column: 17
CWE codes:
126
printf("\n usage: %s\n\n", objtool_usage_string);
for (i = 0; i < ARRAY_SIZE(objtool_cmds); i++) {
if (longest < strlen(objtool_cmds[i].name))
longest = strlen(objtool_cmds[i].name);
}
puts(" Commands:");
for (i = 0; i < ARRAY_SIZE(objtool_cmds); i++) {
Reported by FlawFinder.
Line: 146
Column: 14
CWE codes:
126
for (i = 0; i < ARRAY_SIZE(objtool_cmds); i++) {
if (longest < strlen(objtool_cmds[i].name))
longest = strlen(objtool_cmds[i].name);
}
puts(" Commands:");
for (i = 0; i < ARRAY_SIZE(objtool_cmds); i++) {
printf(" %-*s ", longest, objtool_cmds[i].name);
Reported by FlawFinder.
tools/testing/selftests/kvm/lib/assert.c
8 issues
Line: 43
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
n = backtrace(stack, n);
c = &cmd[0];
c += sprintf(c, "%s", addr2line);
/*
* Skip the first 3 frames: backtrace, test_dump_stack, and
* test_assert. We hope that backtrace isn't inlined and the other two
* we've declared noinline.
*/
Reported by FlawFinder.
Line: 51
Column: 7
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
*/
for (i = 2; i < n; i++)
c += sprintf(c, " %lx", ((unsigned long) stack[i]) - 1);
c += sprintf(c, "%s", pipeline);
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-result"
system(cmd);
#pragma GCC diagnostic pop
}
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
c += sprintf(c, "%s", pipeline);
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-result"
system(cmd);
#pragma GCC diagnostic pop
}
static pid_t _gettid(void)
{
Reported by FlawFinder.
Line: 80
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
test_dump_stack();
if (fmt) {
fputs(" ", stderr);
vfprintf(stderr, fmt, ap);
fputs("\n", stderr);
}
va_end(ap);
if (errno == EACCES) {
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *stack[n];
const char *addr2line = "addr2line -s -e /proc/$PPID/exe -fpai";
const char *pipeline = "|cat -n 1>&2";
char cmd[strlen(addr2line) + strlen(pipeline) +
/* N bytes per addr * 2 digits per byte + 1 space per addr: */
n * (((sizeof(void *)) * 2) + 1) +
/* Null terminator: */
1];
char *c;
Reported by FlawFinder.
Line: 50
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
* we've declared noinline.
*/
for (i = 2; i < n; i++)
c += sprintf(c, " %lx", ((unsigned long) stack[i]) - 1);
c += sprintf(c, "%s", pipeline);
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-result"
system(cmd);
#pragma GCC diagnostic pop
Reported by FlawFinder.
Line: 34
Column: 11
CWE codes:
126
void *stack[n];
const char *addr2line = "addr2line -s -e /proc/$PPID/exe -fpai";
const char *pipeline = "|cat -n 1>&2";
char cmd[strlen(addr2line) + strlen(pipeline) +
/* N bytes per addr * 2 digits per byte + 1 space per addr: */
n * (((sizeof(void *)) * 2) + 1) +
/* Null terminator: */
1];
char *c;
Reported by FlawFinder.
Line: 34
Column: 31
CWE codes:
126
void *stack[n];
const char *addr2line = "addr2line -s -e /proc/$PPID/exe -fpai";
const char *pipeline = "|cat -n 1>&2";
char cmd[strlen(addr2line) + strlen(pipeline) +
/* N bytes per addr * 2 digits per byte + 1 space per addr: */
n * (((sizeof(void *)) * 2) + 1) +
/* Null terminator: */
1];
char *c;
Reported by FlawFinder.
tools/perf/util/genelf.c
8 issues
Line: 410
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
warnx("cannot allocate strsym");
goto error;
}
strcpy(strsym + 1, sym);
scn = elf_newscn(e);
if (!scn) {
warnx("cannot create section");
goto error;
Reported by FlawFinder.
Line: 53
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int namesz; /* Size of entry's owner string */
unsigned int descsz; /* Size of the note descriptor */
unsigned int type; /* Interpretation of the descriptor */
char name[0]; /* Start of the name+desc data */
} Elf_Note;
struct options {
char *output;
int fd;
Reported by FlawFinder.
Line: 77
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct buildid_note {
Elf_Note desc; /* descsz: size of build-id, must be multiple of 4 */
char name[4]; /* GNU\0 */
char build_id[20];
} bnote;
static Elf_Sym symtab[]={
/* symbol 0 MUST be the undefined symbol */
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct buildid_note {
Elf_Note desc; /* descsz: size of build-id, must be multiple of 4 */
char name[4]; /* GNU\0 */
char build_id[20];
} bnote;
static Elf_Sym symtab[]={
/* symbol 0 MUST be the undefined symbol */
{ .st_name = 0, /* index in sym_string table */
Reported by FlawFinder.
Line: 110
Column: 7
CWE codes:
362
size_t sz = sizeof(note->build_id);
ssize_t sret;
fd = open("/dev/urandom", O_RDONLY);
if (fd == -1)
err(1, "cannot access /dev/urandom for buildid");
sret = read(fd, note->build_id, sz);
Reported by FlawFinder.
Line: 464
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
bnote.desc.namesz = sizeof(bnote.name); /* must include 0 termination */
bnote.desc.descsz = sizeof(bnote.build_id);
bnote.desc.type = NT_GNU_BUILD_ID;
strcpy(bnote.name, "GNU");
d->d_align = 4;
d->d_off = 0LL;
d->d_buf = &bnote;
d->d_type = ELF_T_BYTE;
Reported by FlawFinder.
Line: 114
Column: 9
CWE codes:
120
20
if (fd == -1)
err(1, "cannot access /dev/urandom for buildid");
sret = read(fd, note->build_id, sz);
close(fd);
if (sret != (ssize_t)sz)
memset(note->build_id, 0, sz);
Reported by FlawFinder.
Line: 404
Column: 15
CWE codes:
126
* setup symbols string table
* 2 = 1 for 0 in 1st entry, 1 for the 0 at end of symbol for 2nd entry
*/
symlen = 2 + strlen(sym);
strsym = calloc(1, symlen);
if (!strsym) {
warnx("cannot allocate strsym");
goto error;
}
Reported by FlawFinder.
tools/perf/util/namespaces.c
8 issues
Line: 285
Column: 10
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
struct nscookie nsc;
nsinfo__mountns_enter(nsi, &nsc);
rpath = realpath(path, NULL);
nsinfo__mountns_exit(&nsc);
return rpath;
}
Reported by FlawFinder.
Line: 53
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
namespaces->end_time = -1;
if (event)
memcpy(namespaces->link_info, event->link_info, link_info_size);
return namespaces;
}
void namespaces__free(struct namespaces *namespaces)
Reported by FlawFinder.
Line: 65
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nsinfo__init(struct nsinfo *nsi)
{
char oldns[PATH_MAX];
char spath[PATH_MAX];
char *newns = NULL;
char *statln = NULL;
char *nspid;
struct stat old_stat;
Reported by FlawFinder.
Line: 66
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nsinfo__init(struct nsinfo *nsi)
{
char oldns[PATH_MAX];
char spath[PATH_MAX];
char *newns = NULL;
char *statln = NULL;
char *nspid;
struct stat old_stat;
struct stat new_stat;
Reported by FlawFinder.
Line: 103
Column: 6
CWE codes:
362
if (snprintf(spath, PATH_MAX, "/proc/%d/status", nsi->pid) >= PATH_MAX)
goto out;
f = fopen(spath, "r");
if (f == NULL)
goto out;
while (getline(&statln, &linesz, f) != -1) {
/* Use tgid if CONFIG_PID_NS is not defined. */
Reported by FlawFinder.
Line: 211
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void nsinfo__mountns_enter(struct nsinfo *nsi,
struct nscookie *nc)
{
char curpath[PATH_MAX];
int oldns = -1;
int newns = -1;
char *oldcwd = NULL;
if (nc == NULL)
Reported by FlawFinder.
Line: 232
Column: 10
CWE codes:
362
if (!oldcwd)
return;
oldns = open(curpath, O_RDONLY);
if (oldns < 0)
goto errout;
newns = open(nsi->mntns_path, O_RDONLY);
if (newns < 0)
Reported by FlawFinder.
Line: 236
Column: 10
CWE codes:
362
if (oldns < 0)
goto errout;
newns = open(nsi->mntns_path, O_RDONLY);
if (newns < 0)
goto errout;
if (setns(newns, CLONE_NEWNS) < 0)
goto errout;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_l4lb_noinline.c
8 issues
Line: 161
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct eth_hdr {
unsigned char eth_dest[ETH_ALEN];
unsigned char eth_source[ETH_ALEN];
unsigned short eth_proto;
};
struct {
Reported by FlawFinder.
Line: 162
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct eth_hdr {
unsigned char eth_dest[ETH_ALEN];
unsigned char eth_source[ETH_ALEN];
unsigned short eth_proto;
};
struct {
__uint(type, BPF_MAP_TYPE_HASH);
Reported by FlawFinder.
Line: 250
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return TC_ACT_SHOT;
pckt->proto = ip6h->nexthdr;
pckt->flags |= F_ICMP;
memcpy(pckt->srcv6, ip6h->daddr.s6_addr32, 16);
memcpy(pckt->dstv6, ip6h->saddr.s6_addr32, 16);
return TC_ACT_UNSPEC;
}
static __noinline int parse_icmp(void *data, void *data_end, __u64 off,
Reported by FlawFinder.
Line: 251
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pckt->proto = ip6h->nexthdr;
pckt->flags |= F_ICMP;
memcpy(pckt->srcv6, ip6h->daddr.s6_addr32, 16);
memcpy(pckt->dstv6, ip6h->saddr.s6_addr32, 16);
return TC_ACT_UNSPEC;
}
static __noinline int parse_icmp(void *data, void *data_end, __u64 off,
struct packet_description *pckt)
Reported by FlawFinder.
Line: 364
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return action;
off += IPV6_PLUS_ICMP_HDR;
} else {
memcpy(pckt.srcv6, ip6h->saddr.s6_addr32, 16);
memcpy(pckt.dstv6, ip6h->daddr.s6_addr32, 16);
}
} else {
iph = data + off;
if (iph + 1 > data_end)
Reported by FlawFinder.
Line: 365
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
off += IPV6_PLUS_ICMP_HDR;
} else {
memcpy(pckt.srcv6, ip6h->saddr.s6_addr32, 16);
memcpy(pckt.dstv6, ip6h->daddr.s6_addr32, 16);
}
} else {
iph = data + off;
if (iph + 1 > data_end)
return TC_ACT_SHOT;
Reported by FlawFinder.
Line: 404
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (is_ipv6)
memcpy(vip.daddr.v6, pckt.dstv6, 16);
else
vip.daddr.v4 = pckt.dst;
vip.dport = pckt.port16[1];
vip.protocol = pckt.proto;
Reported by FlawFinder.
Line: 430
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!cval)
return TC_ACT_SHOT;
ifindex = cval->ifindex;
memcpy(tkey.remote_ipv6, dst->dstv6, 16);
tun_flag = BPF_F_TUNINFO_IPV6;
} else {
cval = bpf_map_lookup_elem(&ctl_array, &v4_intf_pos);
if (!cval)
return TC_ACT_SHOT;
Reported by FlawFinder.
tools/testing/selftests/kvm/demand_paging_test.c
8 issues
Line: 29
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
#ifdef __NR_userfaultfd
#ifdef PRINT_PER_PAGE_UPDATES
#define PER_PAGE_DEBUG(...) printf(__VA_ARGS__)
#else
#define PER_PAGE_DEBUG(...) _no_printf(__VA_ARGS__)
#endif
#ifdef PRINT_PER_VCPU_UPDATES
Reported by FlawFinder.
Line: 35
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
#endif
#ifdef PRINT_PER_VCPU_UPDATES
#define PER_VCPU_DEBUG(...) printf(__VA_ARGS__)
#else
#define PER_VCPU_DEBUG(...) _no_printf(__VA_ARGS__)
#endif
static int nr_vcpus = 1;
Reported by FlawFinder.
Line: 450
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
guest_modes_append_default();
while ((opt = getopt(argc, argv, "hm:u:d:b:t:v:o")) != -1) {
switch (opt) {
case 'm':
guest_modes_cmdline(optarg);
break;
case 'u':
Reported by FlawFinder.
Line: 243
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
TEST_ASSERT(alias != NULL, "Alias required for minor faults");
for (p = 0; p < (len / demand_paging_size); ++p) {
memcpy(alias + (p * demand_paging_size),
guest_data_prototype, demand_paging_size);
}
}
uffd = syscall(__NR_userfaultfd, O_CLOEXEC | O_NONBLOCK);
Reported by FlawFinder.
Line: 473
Column: 15
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
p.src_type = parse_backing_src_type(optarg);
break;
case 'v':
nr_vcpus = atoi(optarg);
TEST_ASSERT(nr_vcpus > 0 && nr_vcpus <= max_vcpus,
"Invalid number of vcpus, must be between 1 and %d", max_vcpus);
break;
case 'o':
p.partition_vcpu_memory_access = false;
Reported by FlawFinder.
Line: 186
Column: 7
CWE codes:
120
20
if (!pollfd[0].revents & POLLIN)
continue;
r = read(uffd, &msg, sizeof(msg));
if (r == -1) {
if (errno == EAGAIN)
continue;
pr_info("Read of uffd got errno %d\n", errno);
return NULL;
Reported by FlawFinder.
Line: 203
Column: 4
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
continue;
if (delay)
usleep(delay);
addr = msg.arg.pagefault.address;
r = handle_uffd_page_request(uffd_args->uffd_mode, uffd, addr);
if (r < 0)
return NULL;
pages++;
Reported by FlawFinder.