The following issues were found
tools/perf/util/parse-events.c
34 issues
Line: 272
Column: 25
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
path = zalloc(sizeof(*path));
if (!path)
return NULL;
if (asprintf(&path->system, "%.*s", MAX_EVENT_LENGTH, sys_dirent->d_name) < 0) {
free(path);
return NULL;
}
if (asprintf(&path->name, "%.*s", MAX_EVENT_LENGTH, evt_dirent->d_name) < 0) {
zfree(&path->system);
Reported by FlawFinder.
Line: 277
Column: 19
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return NULL;
}
if (asprintf(&path->name, "%.*s", MAX_EVENT_LENGTH, evt_dirent->d_name) < 0) {
zfree(&path->system);
free(path);
return NULL;
}
return path;
}
Reported by FlawFinder.
Line: 307
Column: 16
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
path->name = strdup(str+1);
if (path->system == NULL || path->name == NULL) {
zfree(&path->system);
zfree(&path->name);
zfree(&path);
}
return path;
Reported by FlawFinder.
Line: 3257
Column: 3
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
strcat(buf, ",");
else
first = false;
strcat(buf, name);
}
}
/*
* Return string contains valid config terms of an event.
Reported by FlawFinder.
Line: 175
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int tp_event_has_id(const char *dir_path, struct dirent *evt_dir)
{
char evt_path[MAXPATHLEN];
int fd;
snprintf(evt_path, MAXPATHLEN, "%s/%s/id", dir_path, evt_dir->d_name);
fd = open(evt_path, O_RDONLY);
if (fd < 0)
Reported by FlawFinder.
Line: 179
Column: 7
CWE codes:
362
int fd;
snprintf(evt_path, MAXPATHLEN, "%s/%s/id", dir_path, evt_dir->d_name);
fd = open(evt_path, O_RDONLY);
if (fd < 0)
return -EINVAL;
close(fd);
return 0;
Reported by FlawFinder.
Line: 234
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tracepoint_path *path = NULL;
DIR *sys_dir, *evt_dir;
struct dirent *sys_dirent, *evt_dirent;
char id_buf[24];
int fd;
u64 id;
char evt_path[MAXPATHLEN];
char *dir_path;
Reported by FlawFinder.
Line: 237
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char id_buf[24];
int fd;
u64 id;
char evt_path[MAXPATHLEN];
char *dir_path;
sys_dir = tracing_events__opendir();
if (!sys_dir)
return NULL;
Reported by FlawFinder.
Line: 256
Column: 9
CWE codes:
362
scnprintf(evt_path, MAXPATHLEN, "%s/%s/id", dir_path,
evt_dirent->d_name);
fd = open(evt_path, O_RDONLY);
if (fd < 0)
continue;
if (read(fd, id_buf, sizeof(id_buf)) < 0) {
close(fd);
continue;
Reported by FlawFinder.
Line: 469
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct perf_event_attr attr;
LIST_HEAD(config_terms);
char name[MAX_NAME_LEN], *config_name;
int cache_type = -1, cache_op = -1, cache_result = -1;
char *op_result[2] = { op_result1, op_result2 };
int i, n, ret;
bool hybrid;
Reported by FlawFinder.
security/apparmor/policy_unpack_test.c
34 issues
Line: 69
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_STRING_NAME) + 1;
strcpy(buf + 3, TEST_STRING_NAME);
buf = e->start + TEST_STRING_BUF_OFFSET;
*buf = AA_STRING;
*(buf + 1) = strlen(TEST_STRING_DATA) + 1;
strcpy(buf + 3, TEST_STRING_DATA);
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_STRING_BUF_OFFSET;
*buf = AA_STRING;
*(buf + 1) = strlen(TEST_STRING_DATA) + 1;
strcpy(buf + 3, TEST_STRING_DATA);
buf = e->start + TEST_NAMED_U32_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_U32_NAME) + 1;
strcpy(buf + 3, TEST_U32_NAME);
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_NAMED_U32_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_U32_NAME) + 1;
strcpy(buf + 3, TEST_U32_NAME);
*(buf + 3 + strlen(TEST_U32_NAME) + 1) = AA_U32;
*((u32 *)(buf + 3 + strlen(TEST_U32_NAME) + 2)) = TEST_U32_DATA;
buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
*buf = AA_NAME;
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_NAMED_U64_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_U64_NAME) + 1;
strcpy(buf + 3, TEST_U64_NAME);
*(buf + 3 + strlen(TEST_U64_NAME) + 1) = AA_U64;
*((u64 *)(buf + 3 + strlen(TEST_U64_NAME) + 2)) = TEST_U64_DATA;
buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
*buf = AA_NAME;
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_NAMED_BLOB_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_BLOB_NAME) + 1;
strcpy(buf + 3, TEST_BLOB_NAME);
*(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB;
*(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE;
memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6,
TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE);
Reported by FlawFinder.
Line: 102
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
strcpy(buf + 3, TEST_ARRAY_NAME);
*(buf + 3 + strlen(TEST_ARRAY_NAME) + 1) = AA_ARRAY;
*((u16 *)(buf + 3 + strlen(TEST_ARRAY_NAME) + 2)) = TEST_ARRAY_SIZE;
return e;
}
Reported by FlawFinder.
Line: 96
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
strcpy(buf + 3, TEST_BLOB_NAME);
*(buf + 3 + strlen(TEST_BLOB_NAME) + 1) = AA_BLOB;
*(buf + 3 + strlen(TEST_BLOB_NAME) + 2) = TEST_BLOB_DATA_SIZE;
memcpy(buf + 3 + strlen(TEST_BLOB_NAME) + 6,
TEST_BLOB_DATA, TEST_BLOB_DATA_SIZE);
buf = e->start + TEST_NAMED_ARRAY_BUF_OFFSET;
*buf = AA_NAME;
*(buf + 1) = strlen(TEST_ARRAY_NAME) + 1;
Reported by FlawFinder.
Line: 14
Column: 7
CWE codes:
126
#define TEST_STRING_NAME "TEST_STRING"
#define TEST_STRING_DATA "testing"
#define TEST_STRING_BUF_OFFSET \
(3 + strlen(TEST_STRING_NAME) + 1)
#define TEST_U32_NAME "U32_TEST"
#define TEST_U32_DATA ((u32)0x01020304)
#define TEST_NAMED_U32_BUF_OFFSET \
(TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
Reported by FlawFinder.
Line: 19
Column: 32
CWE codes:
126
#define TEST_U32_NAME "U32_TEST"
#define TEST_U32_DATA ((u32)0x01020304)
#define TEST_NAMED_U32_BUF_OFFSET \
(TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
#define TEST_U32_BUF_OFFSET \
(TEST_NAMED_U32_BUF_OFFSET + 3 + strlen(TEST_U32_NAME) + 1)
#define TEST_U16_OFFSET (TEST_U32_BUF_OFFSET + 3)
#define TEST_U16_DATA ((u16)(TEST_U32_DATA >> 16))
Reported by FlawFinder.
Line: 21
Column: 35
CWE codes:
126
#define TEST_NAMED_U32_BUF_OFFSET \
(TEST_STRING_BUF_OFFSET + 3 + strlen(TEST_STRING_DATA) + 1)
#define TEST_U32_BUF_OFFSET \
(TEST_NAMED_U32_BUF_OFFSET + 3 + strlen(TEST_U32_NAME) + 1)
#define TEST_U16_OFFSET (TEST_U32_BUF_OFFSET + 3)
#define TEST_U16_DATA ((u16)(TEST_U32_DATA >> 16))
#define TEST_U64_NAME "U64_TEST"
Reported by FlawFinder.
drivers/staging/ks7010/ks_wlan_net.c
33 issues
Line: 1811
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
struct ks_wlan_private *priv = netdev_priv(dev);
strcpy(extra, priv->firmware_version);
dwrq->length = priv->version_size + 1;
return 0;
}
static int ks_wlan_set_preamble(struct net_device *dev,
Reported by FlawFinder.
Line: 161
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* for SLEEP MODE */
if (priv->dev_state < DEVICE_STATE_READY)
strcpy(cwrq->name, "NOT READY!");
else if (priv->reg.phy_type == D_11B_ONLY_MODE)
strcpy(cwrq->name, "IEEE 802.11b");
else if (priv->reg.phy_type == D_11G_ONLY_MODE)
strcpy(cwrq->name, "IEEE 802.11g");
else
Reported by FlawFinder.
Line: 163
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (priv->dev_state < DEVICE_STATE_READY)
strcpy(cwrq->name, "NOT READY!");
else if (priv->reg.phy_type == D_11B_ONLY_MODE)
strcpy(cwrq->name, "IEEE 802.11b");
else if (priv->reg.phy_type == D_11G_ONLY_MODE)
strcpy(cwrq->name, "IEEE 802.11g");
else
strcpy(cwrq->name, "IEEE 802.11b/g");
Reported by FlawFinder.
Line: 165
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else if (priv->reg.phy_type == D_11B_ONLY_MODE)
strcpy(cwrq->name, "IEEE 802.11b");
else if (priv->reg.phy_type == D_11G_ONLY_MODE)
strcpy(cwrq->name, "IEEE 802.11g");
else
strcpy(cwrq->name, "IEEE 802.11b/g");
return 0;
}
Reported by FlawFinder.
Line: 167
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
else if (priv->reg.phy_type == D_11G_ONLY_MODE)
strcpy(cwrq->name, "IEEE 802.11g");
else
strcpy(cwrq->name, "IEEE 802.11b/g");
return 0;
}
static int ks_wlan_set_freq(struct net_device *dev,
Reported by FlawFinder.
Line: 266
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Set the SSID */
memset(priv->reg.ssid.body, 0, sizeof(priv->reg.ssid.body));
memcpy(priv->reg.ssid.body, extra, len);
priv->reg.ssid.size = len;
}
/* Write it to the card */
priv->need_commit |= SME_MODE_SET;
Reported by FlawFinder.
Line: 292
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (priv->reg.ssid.size != 0) {
/* Get the current SSID */
memcpy(extra, priv->reg.ssid.body, priv->reg.ssid.size);
/* If none, we may want to get the one that was set */
/* Push it out ! */
dwrq->essid.length = priv->reg.ssid.size;
Reported by FlawFinder.
Line: 370
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -E2BIG;
memset(priv->nick, 0, sizeof(priv->nick));
memcpy(priv->nick, extra, dwrq->data.length);
return -EINPROGRESS; /* Call commit handler */
}
static int ks_wlan_get_nick(struct net_device *dev,
Reported by FlawFinder.
Line: 811
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Send the key to the card */
priv->reg.wep_key[index].size = key.len;
memcpy(&priv->reg.wep_key[index].val[0], &key.key[0],
priv->reg.wep_key[index].size);
priv->need_commit |= (SME_WEP_VAL1 << index);
priv->reg.wep_index = index;
priv->need_commit |= SME_WEP_INDEX;
} else {
Reported by FlawFinder.
Line: 896
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (index >= 0 && index < 4) {
enc->length = (priv->reg.wep_key[index].size <= 16) ?
priv->reg.wep_key[index].size : 0;
memcpy(extra, priv->reg.wep_key[index].val, enc->length);
}
return 0;
}
Reported by FlawFinder.
scripts/gdb/linux/tasks.py
33 issues
Line: 14
Column: 1
# This work is licensed under the terms of the GNU GPL version 2.
#
import gdb
from linux import utils
task_type = utils.CachedType("struct task_struct")
Reported by Pylint.
Line: 75
Column: 22
def __init__(self):
super(LxPs, self).__init__("lx-ps", gdb.COMMAND_DATA)
def invoke(self, arg, from_tty):
gdb.write("{:>10} {:>12} {:>7}\n".format("TASK", "PID", "COMM"))
for task in task_lists():
gdb.write("{} {:^5} {}\n".format(
task.format_string().split()[0],
task["pid"].format_string(),
Reported by Pylint.
Line: 75
Column: 27
def __init__(self):
super(LxPs, self).__init__("lx-ps", gdb.COMMAND_DATA)
def invoke(self, arg, from_tty):
gdb.write("{:>10} {:>12} {:>7}\n".format("TASK", "PID", "COMM"))
for task in task_lists():
gdb.write("{} {:^5} {}\n".format(
task.format_string().split()[0],
task["pid"].format_string(),
Reported by Pylint.
Line: 95
Column: 9
def get_thread_info(task):
thread_info_ptr_type = thread_info_type.get_type().pointer()
if utils.is_target_arch("ia64"):
global ia64_task_size
if ia64_task_size is None:
ia64_task_size = gdb.parse_and_eval("sizeof(struct task_struct)")
thread_info_addr = task.address + ia64_task_size
thread_info = thread_info_addr.cast(thread_info_ptr_type)
else:
Reported by Pylint.
Line: 1
Column: 1
#
# gdb helper commands and functions for Linux kernel debugging
#
# task & thread tools
#
# Copyright (c) Siemens AG, 2011-2013
#
# Authors:
# Jan Kiszka <jan.kiszka@siemens.com>
Reported by Pylint.
Line: 22
Column: 1
task_type = utils.CachedType("struct task_struct")
def task_lists():
task_ptr_type = task_type.get_type().pointer()
init_task = gdb.parse_and_eval("init_task").address
t = g = init_task
while True:
Reported by Pylint.
Line: 25
Column: 5
def task_lists():
task_ptr_type = task_type.get_type().pointer()
init_task = gdb.parse_and_eval("init_task").address
t = g = init_task
while True:
while True:
yield t
Reported by Pylint.
Line: 25
Column: 9
def task_lists():
task_ptr_type = task_type.get_type().pointer()
init_task = gdb.parse_and_eval("init_task").address
t = g = init_task
while True:
while True:
yield t
Reported by Pylint.
Line: 31
Column: 13
while True:
yield t
t = utils.container_of(t['thread_group']['next'],
task_ptr_type, "thread_group")
if t == g:
break
t = g = utils.container_of(g['tasks']['next'],
Reported by Pylint.
Line: 36
Column: 13
if t == g:
break
t = g = utils.container_of(g['tasks']['next'],
task_ptr_type, "tasks")
if t == init_task:
return
Reported by Pylint.
drivers/net/wireless/intel/iwlwifi/dvm/debugfs.c
33 issues
Line: 150
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_priv *priv = file->private_data;
char buf[64];
int buf_size;
u32 offset, len;
memset(buf, 0, sizeof(buf));
buf_size = min(count, sizeof(buf) - 1);
Reported by FlawFinder.
Line: 352
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos) {
struct iwl_priv *priv = file->private_data;
char buf[512];
int pos = 0;
const size_t bufsz = sizeof(buf);
pos += scnprintf(buf + pos, bufsz - pos, "STATUS_RF_KILL_HW:\t %d\n",
test_bit(STATUS_RF_KILL_HW, &priv->status));
Reported by FlawFinder.
Line: 416
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct iwl_priv *priv = file->private_data;
char buf[8];
int buf_size;
u32 reset_flag;
memset(buf, 0, sizeof(buf));
buf_size = min(count, sizeof(buf) - 1);
Reported by FlawFinder.
Line: 439
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iwl_priv *priv = file->private_data;
struct iwl_rxon_context *ctx;
int pos = 0, i;
char buf[256 * NUM_IWL_RXON_CTX];
const size_t bufsz = sizeof(buf);
for_each_context(priv, ctx) {
pos += scnprintf(buf + pos, bufsz - pos, "context %d:\n",
ctx->ctxid);
Reported by FlawFinder.
Line: 467
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct iwl_priv *priv = file->private_data;
struct iwl_tt_mgmt *tt = &priv->thermal_throttle;
struct iwl_tt_restriction *restriction;
char buf[100];
int pos = 0;
const size_t bufsz = sizeof(buf);
pos += scnprintf(buf + pos, bufsz - pos,
"Thermal Throttling Mode: %s\n",
Reported by FlawFinder.
Line: 497
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_priv *priv = file->private_data;
char buf[8];
int buf_size;
int ht40;
memset(buf, 0, sizeof(buf));
buf_size = min(count, sizeof(buf) - 1);
Reported by FlawFinder.
Line: 520
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_priv *priv = file->private_data;
char buf[100];
int pos = 0;
const size_t bufsz = sizeof(buf);
pos += scnprintf(buf + pos, bufsz - pos,
"11n 40MHz Mode: %s\n",
Reported by FlawFinder.
Line: 535
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_priv *priv = file->private_data;
char buf[8];
int pos = 0;
const size_t bufsz = sizeof(buf);
pos += scnprintf(buf + pos, bufsz - pos, "%d\n", priv->temperature);
return simple_read_from_buffer(user_buf, count, ppos, buf, pos);
Reported by FlawFinder.
Line: 549
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_priv *priv = file->private_data;
char buf[8];
int buf_size;
int value;
memset(buf, 0, sizeof(buf));
buf_size = min(count, sizeof(buf) - 1);
Reported by FlawFinder.
Line: 591
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t count, loff_t *ppos)
{
struct iwl_priv *priv = file->private_data;
char buf[10];
int pos, value;
const size_t bufsz = sizeof(buf);
/* see the write function */
value = priv->power_data.debug_sleep_level_override;
Reported by FlawFinder.
security/smack/smackfs.c
33 issues
Line: 1185
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto free_data_out;
}
rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
&host[0], &host[1], &host[2], &host[3], &masks, smack);
if (rc != 6) {
rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
&host[0], &host[1], &host[2], &host[3], smack);
if (rc != 5) {
Reported by FlawFinder.
Line: 1188
Column: 8
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
&host[0], &host[1], &host[2], &host[3], &masks, smack);
if (rc != 6) {
rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
&host[0], &host[1], &host[2], &host[3], smack);
if (rc != 5) {
rc = -EINVAL;
goto free_out;
}
Reported by FlawFinder.
Line: 1445
Column: 6
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
goto free_data_out;
}
i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
&scanned[0], &scanned[1], &scanned[2], &scanned[3],
&scanned[4], &scanned[5], &scanned[6], &scanned[7],
&mask, smack);
if (i != 10) {
i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
Reported by FlawFinder.
Line: 1450
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
&scanned[4], &scanned[5], &scanned[6], &scanned[7],
&mask, smack);
if (i != 10) {
i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
&scanned[0], &scanned[1], &scanned[2],
&scanned[3], &scanned[4], &scanned[5],
&scanned[6], &scanned[7], smack);
if (i != 9) {
rc = -EINVAL;
Reported by FlawFinder.
Line: 391
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int import, int tokens)
{
ssize_t cnt = 0;
char *tok[4];
int rc;
int i;
/*
* Parsing the rule in-place, filling all white-spaces with '\0'
Reported by FlawFinder.
Line: 836
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct smack_known *skp;
struct netlbl_lsm_secattr ncats;
char mapcatset[SMK_CIPSOLEN];
int maplevel;
unsigned int cat;
int catlen;
ssize_t rc = -EINVAL;
char *data = NULL;
Reported by FlawFinder.
Line: 1572
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t smk_read_doi(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
char temp[80];
ssize_t rc;
if (*ppos != 0)
return 0;
Reported by FlawFinder.
Line: 1578
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (*ppos != 0)
return 0;
sprintf(temp, "%d", smk_cipso_doi_value);
rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
return rc;
}
Reported by FlawFinder.
Line: 1596
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t smk_write_doi(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
char temp[80];
int i;
if (!smack_privileged(CAP_MAC_ADMIN))
return -EPERM;
Reported by FlawFinder.
Line: 1638
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static ssize_t smk_read_direct(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
char temp[80];
ssize_t rc;
if (*ppos != 0)
return 0;
Reported by FlawFinder.
tools/testing/selftests/powerpc/signal/sigfuz.c
33 issues
Line: 153
Column: 38
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
if (one_in_chance(10))
ucp->uc_mcontext.gp_regs[PT_MSR] = random();
if (one_in_chance(10))
ucp->uc_mcontext.gp_regs[PT_NIP] = random();
if (one_in_chance(10))
ucp->uc_link->uc_mcontext.gp_regs[PT_MSR] = random();
if (one_in_chance(10))
Reported by FlawFinder.
Line: 155
Column: 38
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (one_in_chance(10))
ucp->uc_mcontext.gp_regs[PT_MSR] = random();
if (one_in_chance(10))
ucp->uc_mcontext.gp_regs[PT_NIP] = random();
if (one_in_chance(10))
ucp->uc_link->uc_mcontext.gp_regs[PT_MSR] = random();
if (one_in_chance(10))
ucp->uc_link->uc_mcontext.gp_regs[PT_NIP] = random();
Reported by FlawFinder.
Line: 157
Column: 47
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (one_in_chance(10))
ucp->uc_mcontext.gp_regs[PT_NIP] = random();
if (one_in_chance(10))
ucp->uc_link->uc_mcontext.gp_regs[PT_MSR] = random();
if (one_in_chance(10))
ucp->uc_link->uc_mcontext.gp_regs[PT_NIP] = random();
ucp->uc_mcontext.gp_regs[PT_TRAP] = random();
ucp->uc_mcontext.gp_regs[PT_DSISR] = random();
Reported by FlawFinder.
Line: 159
Column: 47
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (one_in_chance(10))
ucp->uc_link->uc_mcontext.gp_regs[PT_MSR] = random();
if (one_in_chance(10))
ucp->uc_link->uc_mcontext.gp_regs[PT_NIP] = random();
ucp->uc_mcontext.gp_regs[PT_TRAP] = random();
ucp->uc_mcontext.gp_regs[PT_DSISR] = random();
ucp->uc_mcontext.gp_regs[PT_DAR] = random();
ucp->uc_mcontext.gp_regs[PT_ORIG_R3] = random();
Reported by FlawFinder.
Line: 161
Column: 38
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (one_in_chance(10))
ucp->uc_link->uc_mcontext.gp_regs[PT_NIP] = random();
ucp->uc_mcontext.gp_regs[PT_TRAP] = random();
ucp->uc_mcontext.gp_regs[PT_DSISR] = random();
ucp->uc_mcontext.gp_regs[PT_DAR] = random();
ucp->uc_mcontext.gp_regs[PT_ORIG_R3] = random();
ucp->uc_mcontext.gp_regs[PT_XER] = random();
ucp->uc_mcontext.gp_regs[PT_RESULT] = random();
Reported by FlawFinder.
Line: 162
Column: 39
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
ucp->uc_link->uc_mcontext.gp_regs[PT_NIP] = random();
ucp->uc_mcontext.gp_regs[PT_TRAP] = random();
ucp->uc_mcontext.gp_regs[PT_DSISR] = random();
ucp->uc_mcontext.gp_regs[PT_DAR] = random();
ucp->uc_mcontext.gp_regs[PT_ORIG_R3] = random();
ucp->uc_mcontext.gp_regs[PT_XER] = random();
ucp->uc_mcontext.gp_regs[PT_RESULT] = random();
ucp->uc_mcontext.gp_regs[PT_SOFTE] = random();
Reported by FlawFinder.
Line: 163
Column: 37
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
ucp->uc_mcontext.gp_regs[PT_TRAP] = random();
ucp->uc_mcontext.gp_regs[PT_DSISR] = random();
ucp->uc_mcontext.gp_regs[PT_DAR] = random();
ucp->uc_mcontext.gp_regs[PT_ORIG_R3] = random();
ucp->uc_mcontext.gp_regs[PT_XER] = random();
ucp->uc_mcontext.gp_regs[PT_RESULT] = random();
ucp->uc_mcontext.gp_regs[PT_SOFTE] = random();
ucp->uc_mcontext.gp_regs[PT_DSCR] = random();
Reported by FlawFinder.
Line: 164
Column: 41
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
ucp->uc_mcontext.gp_regs[PT_TRAP] = random();
ucp->uc_mcontext.gp_regs[PT_DSISR] = random();
ucp->uc_mcontext.gp_regs[PT_DAR] = random();
ucp->uc_mcontext.gp_regs[PT_ORIG_R3] = random();
ucp->uc_mcontext.gp_regs[PT_XER] = random();
ucp->uc_mcontext.gp_regs[PT_RESULT] = random();
ucp->uc_mcontext.gp_regs[PT_SOFTE] = random();
ucp->uc_mcontext.gp_regs[PT_DSCR] = random();
ucp->uc_mcontext.gp_regs[PT_CTR] = random();
Reported by FlawFinder.
Line: 165
Column: 37
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
ucp->uc_mcontext.gp_regs[PT_DSISR] = random();
ucp->uc_mcontext.gp_regs[PT_DAR] = random();
ucp->uc_mcontext.gp_regs[PT_ORIG_R3] = random();
ucp->uc_mcontext.gp_regs[PT_XER] = random();
ucp->uc_mcontext.gp_regs[PT_RESULT] = random();
ucp->uc_mcontext.gp_regs[PT_SOFTE] = random();
ucp->uc_mcontext.gp_regs[PT_DSCR] = random();
ucp->uc_mcontext.gp_regs[PT_CTR] = random();
ucp->uc_mcontext.gp_regs[PT_LNK] = random();
Reported by FlawFinder.
Line: 166
Column: 40
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
ucp->uc_mcontext.gp_regs[PT_DAR] = random();
ucp->uc_mcontext.gp_regs[PT_ORIG_R3] = random();
ucp->uc_mcontext.gp_regs[PT_XER] = random();
ucp->uc_mcontext.gp_regs[PT_RESULT] = random();
ucp->uc_mcontext.gp_regs[PT_SOFTE] = random();
ucp->uc_mcontext.gp_regs[PT_DSCR] = random();
ucp->uc_mcontext.gp_regs[PT_CTR] = random();
ucp->uc_mcontext.gp_regs[PT_LNK] = random();
ucp->uc_mcontext.gp_regs[PT_CCR] = random();
Reported by FlawFinder.
security/device_cgroup.c
33 issues
Line: 37
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct dev_exception_item {
u32 major, minor;
short type;
short access;
struct list_head list;
struct rcu_head rcu;
};
struct dev_cgroup {
Reported by FlawFinder.
Line: 106
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (walk->minor != ex->minor)
continue;
walk->access |= ex->access;
kfree(excopy);
excopy = NULL;
}
if (excopy != NULL)
Reported by FlawFinder.
Line: 106
Column: 23
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (walk->minor != ex->minor)
continue;
walk->access |= ex->access;
kfree(excopy);
excopy = NULL;
}
if (excopy != NULL)
Reported by FlawFinder.
Line: 134
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (walk->minor != ex->minor)
continue;
walk->access &= ~ex->access;
if (!walk->access) {
list_del_rcu(&walk->list);
kfree_rcu(walk, rcu);
}
}
Reported by FlawFinder.
Line: 134
Column: 24
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (walk->minor != ex->minor)
continue;
walk->access &= ~ex->access;
if (!walk->access) {
list_del_rcu(&walk->list);
kfree_rcu(walk, rcu);
}
}
Reported by FlawFinder.
Line: 135
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
continue;
walk->access &= ~ex->access;
if (!walk->access) {
list_del_rcu(&walk->list);
kfree_rcu(walk, rcu);
}
}
}
Reported by FlawFinder.
Line: 238
Column: 41
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#define MAJMINLEN 13
#define ACCLEN 4
static void set_access(char *acc, short access)
{
int idx = 0;
memset(acc, 0, ACCLEN);
if (access & DEVCG_ACC_READ)
acc[idx++] = 'r';
Reported by FlawFinder.
Line: 242
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
int idx = 0;
memset(acc, 0, ACCLEN);
if (access & DEVCG_ACC_READ)
acc[idx++] = 'r';
if (access & DEVCG_ACC_WRITE)
acc[idx++] = 'w';
if (access & DEVCG_ACC_MKNOD)
acc[idx++] = 'm';
Reported by FlawFinder.
Line: 244
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
memset(acc, 0, ACCLEN);
if (access & DEVCG_ACC_READ)
acc[idx++] = 'r';
if (access & DEVCG_ACC_WRITE)
acc[idx++] = 'w';
if (access & DEVCG_ACC_MKNOD)
acc[idx++] = 'm';
}
Reported by FlawFinder.
Line: 246
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
acc[idx++] = 'r';
if (access & DEVCG_ACC_WRITE)
acc[idx++] = 'w';
if (access & DEVCG_ACC_MKNOD)
acc[idx++] = 'm';
}
static char type_to_char(short type)
{
Reported by FlawFinder.
tools/perf/scripts/python/stat-cpi.py
33 issues
Line: 36
Column: 1
return data[key][0]
def stat__cycles_k(cpu, thread, time, val, ena, run):
store(time, "cycles", cpu, thread, val, ena, run);
def stat__instructions_k(cpu, thread, time, val, ena, run):
store(time, "instructions", cpu, thread, val, ena, run);
def stat__cycles_u(cpu, thread, time, val, ena, run):
Reported by Pylint.
Line: 39
Column: 1
store(time, "cycles", cpu, thread, val, ena, run);
def stat__instructions_k(cpu, thread, time, val, ena, run):
store(time, "instructions", cpu, thread, val, ena, run);
def stat__cycles_u(cpu, thread, time, val, ena, run):
store(time, "cycles", cpu, thread, val, ena, run);
def stat__instructions_u(cpu, thread, time, val, ena, run):
Reported by Pylint.
Line: 42
Column: 1
store(time, "instructions", cpu, thread, val, ena, run);
def stat__cycles_u(cpu, thread, time, val, ena, run):
store(time, "cycles", cpu, thread, val, ena, run);
def stat__instructions_u(cpu, thread, time, val, ena, run):
store(time, "instructions", cpu, thread, val, ena, run);
def stat__cycles(cpu, thread, time, val, ena, run):
Reported by Pylint.
Line: 45
Column: 1
store(time, "cycles", cpu, thread, val, ena, run);
def stat__instructions_u(cpu, thread, time, val, ena, run):
store(time, "instructions", cpu, thread, val, ena, run);
def stat__cycles(cpu, thread, time, val, ena, run):
store(time, "cycles", cpu, thread, val, ena, run);
def stat__instructions(cpu, thread, time, val, ena, run):
Reported by Pylint.
Line: 48
Column: 1
store(time, "instructions", cpu, thread, val, ena, run);
def stat__cycles(cpu, thread, time, val, ena, run):
store(time, "cycles", cpu, thread, val, ena, run);
def stat__instructions(cpu, thread, time, val, ena, run):
store(time, "instructions", cpu, thread, val, ena, run);
def stat__interval(time):
Reported by Pylint.
Line: 51
Column: 1
store(time, "cycles", cpu, thread, val, ena, run);
def stat__instructions(cpu, thread, time, val, ena, run):
store(time, "instructions", cpu, thread, val, ena, run);
def stat__interval(time):
for cpu in cpus:
for thread in threads:
cyc = get(time, "cycles", cpu, thread)
Reported by Pylint.
Line: 67
Column: 3
def trace_end():
pass
# XXX trace_end callback could be used as an alternative place
# to compute same values as in the script above:
#
# for time in times:
# for cpu in cpus:
# for thread in threads:
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: GPL-2.0
from __future__ import print_function
data = {}
times = []
threads = []
cpus = []
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: GPL-2.0
from __future__ import print_function
data = {}
times = []
threads = []
cpus = []
Reported by Pylint.
Line: 10
Column: 1
threads = []
cpus = []
def get_key(time, event, cpu, thread):
return "%d-%s-%d-%d" % (time, event, cpu, thread)
def store_key(time, cpu, thread):
if (time not in times):
times.append(time)
Reported by Pylint.
drivers/net/ethernet/intel/ixgbe/ixgbe_common.c
33 issues
Line: 506
Column: 27
CWE codes:
120
20
return IXGBE_ERR_INVALID_ARGUMENT;
}
ret_val = hw->eeprom.ops.read(hw, IXGBE_PBANUM0_PTR, &data);
if (ret_val) {
hw_dbg(hw, "NVM Read Error\n");
return ret_val;
}
Reported by FlawFinder.
Line: 580
Column: 28
CWE codes:
120
20
length--;
for (offset = 0; offset < length; offset++) {
ret_val = hw->eeprom.ops.read(hw, pba_ptr + offset, &data);
if (ret_val) {
hw_dbg(hw, "NVM Read Error\n");
return ret_val;
}
pba_num[offset * 2] = (u8)(data >> 8);
Reported by FlawFinder.
Line: 697
Column: 18
CWE codes:
120
20
/* Get MAC instance from EEPROM for configuring CS4227 */
if (hw->device_id == IXGBE_DEV_ID_X550EM_A_SFP) {
hw->eeprom.ops.read(hw, IXGBE_EEPROM_CTRL_4, &ee_ctrl_4);
bus->instance_id = (ee_ctrl_4 & IXGBE_EE_CTRL_4_INST_ID) >>
IXGBE_EE_CTRL_4_INST_ID_SHIFT;
}
}
Reported by FlawFinder.
Line: 1707
Column: 22
CWE codes:
120
20
/* Include 0x0-0x3F in the checksum */
for (i = 0; i < IXGBE_EEPROM_CHECKSUM; i++) {
if (hw->eeprom.ops.read(hw, i, &word)) {
hw_dbg(hw, "EEPROM read failed\n");
break;
}
checksum += word;
}
Reported by FlawFinder.
Line: 1716
Column: 22
CWE codes:
120
20
/* Include all data from pointers except for the fw pointer */
for (i = IXGBE_PCIE_ANALOG_PTR; i < IXGBE_FW_PTR; i++) {
if (hw->eeprom.ops.read(hw, i, &pointer)) {
hw_dbg(hw, "EEPROM read failed\n");
return IXGBE_ERR_EEPROM;
}
/* If the pointer seems invalid */
Reported by FlawFinder.
Line: 1725
Column: 22
CWE codes:
120
20
if (pointer == 0xFFFF || pointer == 0)
continue;
if (hw->eeprom.ops.read(hw, pointer, &length)) {
hw_dbg(hw, "EEPROM read failed\n");
return IXGBE_ERR_EEPROM;
}
if (length == 0xFFFF || length == 0)
Reported by FlawFinder.
Line: 1734
Column: 23
CWE codes:
120
20
continue;
for (j = pointer + 1; j <= pointer + length; j++) {
if (hw->eeprom.ops.read(hw, j, &word)) {
hw_dbg(hw, "EEPROM read failed\n");
return IXGBE_ERR_EEPROM;
}
checksum += word;
}
Reported by FlawFinder.
Line: 1767
Column: 26
CWE codes:
120
20
* not continue or we could be in for a very long wait while every
* EEPROM read fails
*/
status = hw->eeprom.ops.read(hw, 0, &checksum);
if (status) {
hw_dbg(hw, "EEPROM read failed\n");
return status;
}
Reported by FlawFinder.