The following issues were found
drivers/ata/pata_it821x.c
7 issues
Line: 501
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void it821x_dev_config(struct ata_device *adev)
{
unsigned char model_num[ATA_ID_PROD_LEN + 1];
ata_id_c_string(adev->id, model_num, ATA_ID_PROD, sizeof(model_num));
if (adev->max_sectors > 255)
adev->max_sectors = 255;
Reported by FlawFinder.
Line: 540
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ata_taskfile *tf, u16 *id)
{
unsigned int err_mask;
unsigned char model_num[ATA_ID_PROD_LEN + 1];
err_mask = ata_do_dev_read_id(adev, tf, id);
if (err_mask)
return err_mask;
ata_id_c_string(id, model_num, ATA_ID_PROD, sizeof(model_num));
Reported by FlawFinder.
Line: 605
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void it821x_display_disk(int n, u8 *buf)
{
unsigned char id[41];
int mode = 0;
const char *mtype = "";
char mbuf[8];
const char *cbl = "(40 wire cable)";
Reported by FlawFinder.
Line: 608
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char id[41];
int mode = 0;
const char *mtype = "";
char mbuf[8];
const char *cbl = "(40 wire cable)";
static const char *types[5] = {
"RAID0", "RAID1", "RAID 0+1", "JBOD", "DISK"
};
Reported by FlawFinder.
Line: 611
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char mbuf[8];
const char *cbl = "(40 wire cable)";
static const char *types[5] = {
"RAID0", "RAID1", "RAID 0+1", "JBOD", "DISK"
};
if (buf[52] > 4) /* No Disk */
return;
Reported by FlawFinder.
Line: 634
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (mode)
snprintf(mbuf, 8, "%5s%d", mtype, mode - 1);
else
strcpy(mbuf, "PIO");
if (buf[52] == 4)
printk(KERN_INFO "%d: %-6s %-8s %s %s\n",
n, mbuf, types[buf[52]], id, cbl);
else
printk(KERN_INFO "%d: %-6s %-8s Volume: %1d %s %s\n",
Reported by FlawFinder.
Line: 906
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
const struct ata_port_info *ppi[] = { NULL, NULL };
static const char *mode[2] = { "pass through", "smart" };
int rc;
rc = pcim_enable_device(pdev);
if (rc)
return rc;
Reported by FlawFinder.
drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
7 issues
Line: 847
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_info->cu_active_number = adev->gfx.cu_info.number;
dev_info->cu_ao_mask = adev->gfx.cu_info.ao_cu_mask;
dev_info->ce_ram_size = adev->gfx.ce_ram_size;
memcpy(&dev_info->cu_ao_bitmap[0], &adev->gfx.cu_info.ao_cu_bitmap[0],
sizeof(adev->gfx.cu_info.ao_cu_bitmap));
memcpy(&dev_info->cu_bitmap[0], &adev->gfx.cu_info.bitmap[0],
sizeof(adev->gfx.cu_info.bitmap));
dev_info->vram_type = adev->gmc.vram_type;
dev_info->vram_bit_width = adev->gmc.vram_width;
Reported by FlawFinder.
Line: 849
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dev_info->ce_ram_size = adev->gfx.ce_ram_size;
memcpy(&dev_info->cu_ao_bitmap[0], &adev->gfx.cu_info.ao_cu_bitmap[0],
sizeof(adev->gfx.cu_info.ao_cu_bitmap));
memcpy(&dev_info->cu_bitmap[0], &adev->gfx.cu_info.bitmap[0],
sizeof(adev->gfx.cu_info.bitmap));
dev_info->vram_type = adev->gmc.vram_type;
dev_info->vram_bit_width = adev->gmc.vram_width;
dev_info->vce_harvest_config = adev->vce.harvest_config;
dev_info->gc_double_offchip_lds_buf =
Reported by FlawFinder.
Line: 918
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct atom_context *atom_context;
atom_context = adev->mode_info.atom_context;
memcpy(vbios_info.name, atom_context->name, sizeof(atom_context->name));
memcpy(vbios_info.vbios_pn, atom_context->vbios_pn, sizeof(atom_context->vbios_pn));
vbios_info.version = atom_context->version;
memcpy(vbios_info.vbios_ver_str, atom_context->vbios_ver_str,
sizeof(atom_context->vbios_ver_str));
memcpy(vbios_info.date, atom_context->date, sizeof(atom_context->date));
Reported by FlawFinder.
Line: 919
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
atom_context = adev->mode_info.atom_context;
memcpy(vbios_info.name, atom_context->name, sizeof(atom_context->name));
memcpy(vbios_info.vbios_pn, atom_context->vbios_pn, sizeof(atom_context->vbios_pn));
vbios_info.version = atom_context->version;
memcpy(vbios_info.vbios_ver_str, atom_context->vbios_ver_str,
sizeof(atom_context->vbios_ver_str));
memcpy(vbios_info.date, atom_context->date, sizeof(atom_context->date));
Reported by FlawFinder.
Line: 921
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(vbios_info.name, atom_context->name, sizeof(atom_context->name));
memcpy(vbios_info.vbios_pn, atom_context->vbios_pn, sizeof(atom_context->vbios_pn));
vbios_info.version = atom_context->version;
memcpy(vbios_info.vbios_ver_str, atom_context->vbios_ver_str,
sizeof(atom_context->vbios_ver_str));
memcpy(vbios_info.date, atom_context->date, sizeof(atom_context->date));
return copy_to_user(out, &vbios_info,
min((size_t)size, sizeof(vbios_info))) ? -EFAULT : 0;
Reported by FlawFinder.
Line: 923
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vbios_info.version = atom_context->version;
memcpy(vbios_info.vbios_ver_str, atom_context->vbios_ver_str,
sizeof(atom_context->vbios_ver_str));
memcpy(vbios_info.date, atom_context->date, sizeof(atom_context->date));
return copy_to_user(out, &vbios_info,
min((size_t)size, sizeof(vbios_info))) ? -EFAULT : 0;
}
default:
Reported by FlawFinder.
Line: 1415
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct atom_context *ctx = adev->mode_info.atom_context;
int ret, i;
static const char *ta_fw_name[TA_FW_TYPE_MAX_INDEX] = {
#define TA_FW_NAME(type) [TA_FW_TYPE_PSP_##type] = #type
TA_FW_NAME(XGMI),
TA_FW_NAME(RAS),
TA_FW_NAME(HDCP),
TA_FW_NAME(DTM),
Reported by FlawFinder.
drivers/acpi/acpica/utcopy.c
7 issues
Line: 118
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
string.
length + 1);
memcpy((void *)data_space,
(void *)internal_object->string.pointer,
(acpi_size)internal_object->string.length + 1);
break;
case ACPI_TYPE_BUFFER:
Reported by FlawFinder.
Line: 131
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ACPI_ROUND_UP_TO_NATIVE_WORD(internal_object->string.
length);
memcpy((void *)data_space,
(void *)internal_object->buffer.pointer,
internal_object->buffer.length);
break;
case ACPI_TYPE_INTEGER:
Reported by FlawFinder.
Line: 471
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto error_exit;
}
memcpy(internal_object->string.pointer,
external_object->string.pointer,
external_object->string.length);
internal_object->string.length = external_object->string.length;
break;
Reported by FlawFinder.
Line: 486
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
goto error_exit;
}
memcpy(internal_object->buffer.pointer,
external_object->buffer.pointer,
external_object->buffer.length);
internal_object->buffer.length = external_object->buffer.length;
Reported by FlawFinder.
Line: 662
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy_size = sizeof(struct acpi_namespace_node);
}
memcpy(ACPI_CAST_PTR(char, dest_desc),
ACPI_CAST_PTR(char, source_desc), copy_size);
/* Restore the saved fields */
dest_desc->common.reference_count = reference_count;
Reported by FlawFinder.
Line: 693
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the actual buffer data */
memcpy(dest_desc->buffer.pointer,
source_desc->buffer.pointer,
source_desc->buffer.length);
}
break;
Reported by FlawFinder.
Line: 715
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the actual string data */
memcpy(dest_desc->string.pointer,
source_desc->string.pointer,
(acpi_size)source_desc->string.length + 1);
}
break;
Reported by FlawFinder.
drivers/block/rsxx/cregs.c
7 issues
Line: 450
Column: 7
CWE codes:
120
20
unsigned int op;
int st;
op = read ? CREG_OP_READ : CREG_OP_WRITE;
do {
xfer = min_t(unsigned int, size8, MAX_CREG_DATA8);
st = __issue_creg_rw(card, op, addr, xfer,
Reported by FlawFinder.
Line: 655
Column: 9
CWE codes:
120
20
/*-------------- IOCTL REG Access ------------------*/
static int issue_reg_cmd(struct rsxx_cardinfo *card,
struct rsxx_reg_access *cmd,
int read)
{
unsigned int op = read ? CREG_OP_READ : CREG_OP_WRITE;
return __issue_creg_rw(card, op, cmd->addr, cmd->cnt, cmd->data,
cmd->stream, &cmd->stat);
Reported by FlawFinder.
Line: 657
Column: 20
CWE codes:
120
20
struct rsxx_reg_access *cmd,
int read)
{
unsigned int op = read ? CREG_OP_READ : CREG_OP_WRITE;
return __issue_creg_rw(card, op, cmd->addr, cmd->cnt, cmd->data,
cmd->stream, &cmd->stat);
}
Reported by FlawFinder.
Line: 665
Column: 8
CWE codes:
120
20
int rsxx_reg_access(struct rsxx_cardinfo *card,
struct rsxx_reg_access __user *ucmd,
int read)
{
struct rsxx_reg_access cmd;
int st;
st = copy_from_user(&cmd, ucmd, sizeof(cmd));
Reported by FlawFinder.
drivers/char/tpm/tpm2-space.c
7 issues
Line: 158
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOMEM;
}
memcpy(&buf[*offset], &tbuf.data[TPM_HEADER_SIZE], body_size);
*offset += body_size;
tpm_buf_destroy(&tbuf);
return 0;
}
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cc < 0)
return cc;
memcpy(&chip->work_space.context_tbl, &space->context_tbl,
sizeof(space->context_tbl));
memcpy(&chip->work_space.session_tbl, &space->session_tbl,
sizeof(space->session_tbl));
memcpy(chip->work_space.context_buf, space->context_buf,
space->buf_size);
Reported by FlawFinder.
Line: 315
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&chip->work_space.context_tbl, &space->context_tbl,
sizeof(space->context_tbl));
memcpy(&chip->work_space.session_tbl, &space->session_tbl,
sizeof(space->session_tbl));
memcpy(chip->work_space.context_buf, space->context_buf,
space->buf_size);
memcpy(chip->work_space.session_buf, space->session_buf,
space->buf_size);
Reported by FlawFinder.
Line: 317
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(space->context_tbl));
memcpy(&chip->work_space.session_tbl, &space->session_tbl,
sizeof(space->session_tbl));
memcpy(chip->work_space.context_buf, space->context_buf,
space->buf_size);
memcpy(chip->work_space.session_buf, space->session_buf,
space->buf_size);
rc = tpm2_load_space(chip);
Reported by FlawFinder.
Line: 319
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(space->session_tbl));
memcpy(chip->work_space.context_buf, space->context_buf,
space->buf_size);
memcpy(chip->work_space.session_buf, space->session_buf,
space->buf_size);
rc = tpm2_load_space(chip);
if (rc) {
tpm2_flush_space(chip);
Reported by FlawFinder.
Line: 564
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(space->context_tbl));
memcpy(&space->session_tbl, &chip->work_space.session_tbl,
sizeof(space->session_tbl));
memcpy(space->context_buf, chip->work_space.context_buf,
space->buf_size);
memcpy(space->session_buf, chip->work_space.session_buf,
space->buf_size);
return 0;
Reported by FlawFinder.
Line: 566
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(space->session_tbl));
memcpy(space->context_buf, chip->work_space.context_buf,
space->buf_size);
memcpy(space->session_buf, chip->work_space.session_buf,
space->buf_size);
return 0;
out:
dev_err(&chip->dev, "%s: error %d\n", __func__, rc);
Reported by FlawFinder.
tools/perf/tests/pmu.c
7 issues
Line: 122
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
char buf[PATH_MAX];
snprintf(buf, PATH_MAX, "rm -f %s/*\n", dir);
if (system(buf))
return -1;
snprintf(buf, PATH_MAX, "rmdir %s\n", dir);
return system(buf);
}
Reported by FlawFinder.
Line: 126
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return -1;
snprintf(buf, PATH_MAX, "rmdir %s\n", dir);
return system(buf);
}
static struct list_head *test_terms_list(void)
{
static LIST_HEAD(terms);
Reported by FlawFinder.
Line: 90
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static char *test_format_dir_get(void)
{
static char dir[PATH_MAX];
unsigned int i;
snprintf(dir, PATH_MAX, "/tmp/perf-pmu-test-format-XXXXXX");
if (!mkdtemp(dir))
return NULL;
Reported by FlawFinder.
Line: 98
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return NULL;
for (i = 0; i < ARRAY_SIZE(test_formats); i++) {
static char name[PATH_MAX];
struct test_format *format = &test_formats[i];
FILE *file;
scnprintf(name, PATH_MAX, "%s/%s", dir, format->name);
Reported by FlawFinder.
Line: 104
Column: 10
CWE codes:
362
scnprintf(name, PATH_MAX, "%s/%s", dir, format->name);
file = fopen(name, "w");
if (!file)
return NULL;
if (1 != fwrite(format->value, strlen(format->value), 1, file))
break;
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Cleanup format directory. */
static int test_format_dir_put(char *dir)
{
char buf[PATH_MAX];
snprintf(buf, PATH_MAX, "rm -f %s/*\n", dir);
if (system(buf))
return -1;
snprintf(buf, PATH_MAX, "rmdir %s\n", dir);
Reported by FlawFinder.
Line: 108
Column: 34
CWE codes:
126
if (!file)
return NULL;
if (1 != fwrite(format->value, strlen(format->value), 1, file))
break;
fclose(file);
}
Reported by FlawFinder.
tools/cgroup/cgroup_event_listener.c
7 issues
Line: 70
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
assert(ret == sizeof(result));
ret = access(event_control_path, W_OK);
if ((ret == -1) && (errno == ENOENT)) {
puts("The cgroup seems to have removed.");
break;
}
Reported by FlawFinder.
Line: 27
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int efd = -1;
int cfd = -1;
int event_control = -1;
char event_control_path[PATH_MAX];
char line[LINE_MAX];
int ret;
if (argc != 3)
errx(1, "%s", USAGE_STR);
Reported by FlawFinder.
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cfd = -1;
int event_control = -1;
char event_control_path[PATH_MAX];
char line[LINE_MAX];
int ret;
if (argc != 3)
errx(1, "%s", USAGE_STR);
Reported by FlawFinder.
Line: 34
Column: 8
CWE codes:
362
if (argc != 3)
errx(1, "%s", USAGE_STR);
cfd = open(argv[1], O_RDONLY);
if (cfd == -1)
err(1, "Cannot open %s", argv[1]);
ret = snprintf(event_control_path, PATH_MAX, "%s/cgroup.event_control",
dirname(argv[1]));
Reported by FlawFinder.
Line: 43
Column: 18
CWE codes:
362
if (ret >= PATH_MAX)
errx(1, "Path to cgroup.event_control is too long");
event_control = open(event_control_path, O_WRONLY);
if (event_control == -1)
err(1, "Cannot open %s", event_control_path);
efd = eventfd(0, 0);
if (efd == -1)
Reported by FlawFinder.
Line: 55
Column: 35
CWE codes:
126
if (ret >= LINE_MAX)
errx(1, "Arguments string is too long");
ret = write(event_control, line, strlen(line) + 1);
if (ret == -1)
err(1, "Cannot write to cgroup.event_control");
while (1) {
uint64_t result;
Reported by FlawFinder.
Line: 62
Column: 9
CWE codes:
120
20
while (1) {
uint64_t result;
ret = read(efd, &result, sizeof(result));
if (ret == -1) {
if (errno == EINTR)
continue;
err(1, "Cannot read from eventfd");
}
Reported by FlawFinder.
tools/testing/selftests/powerpc/pmu/lib.c
7 issues
Line: 155
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int parse_proc_maps(void)
{
unsigned long start, end;
char execute, name[128];
FILE *f;
int rc;
f = fopen("/proc/self/maps", "r");
if (!f) {
Reported by FlawFinder.
Line: 159
Column: 6
CWE codes:
362
FILE *f;
int rc;
f = fopen("/proc/self/maps", "r");
if (!f) {
perror("fopen");
return -1;
}
Reported by FlawFinder.
Line: 194
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool require_paranoia_below(int level)
{
long current;
char *end, buf[16];
FILE *f;
bool rc;
rc = false;
Reported by FlawFinder.
Line: 200
Column: 6
CWE codes:
362
rc = false;
f = fopen(PARANOID_PATH, "r");
if (!f) {
perror("fopen");
goto out;
}
Reported by FlawFinder.
Line: 38
Column: 10
CWE codes:
120
20
char c = PARENT_TOKEN;
FAIL_IF(write(write_pipe.write_fd, &c, 1) != 1);
FAIL_IF(read(read_pipe.read_fd, &c, 1) != 1);
if (c != CHILD_TOKEN) /* sometimes expected */
return 1;
return 0;
}
Reported by FlawFinder.
Line: 167
Column: 8
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
do {
/* This skips line with no executable which is what we want */
rc = fscanf(f, "%lx-%lx %*c%*c%c%*c %*x %*d:%*d %*d %127s\n",
&start, &end, &execute, name);
if (rc <= 0)
break;
if (execute != 'x')
Reported by FlawFinder.
tools/testing/selftests/perf_events/remove_on_exec.c
7 issues
Line: 143
Column: 3
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (pid_exec == 0) {
ASSERT_NE(dup2(pipefd[1], STDOUT_FILENO), -1);
close(pipefd[0]);
execl("/proc/self/exe", "exec_child", NULL);
_exit((perror("exec failed"), 1));
}
close(pipefd[1]);
ASSERT_EQ(waitpid(pid_exec, &tmp, WNOHANG), 0); /* Child is running. */
Reported by FlawFinder.
Line: 181
Column: 3
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
pid_exec = fork();
if (pid_exec == 0) {
execl("/proc/self/exe", "exec_child", NULL);
_exit((perror("exec failed"), 1));
}
/*
* The child may exit abnormally at any time if the event propagated and
Reported by FlawFinder.
Line: 206
Column: 4
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
for (i = 0; i < sizeof(pids) / sizeof(pids[0]); i++) {
pids[i] = fork();
if (pids[i] == 0) {
execl("/proc/self/exe", "exec_child", NULL);
_exit((perror("exec failed"), 1));
}
/* Some forked with event disabled, rest with enabled. */
if (i > 10)
Reported by FlawFinder.
Line: 150
Column: 12
CWE codes:
120
20
ASSERT_EQ(waitpid(pid_exec, &tmp, WNOHANG), 0); /* Child is running. */
/* Wait for exec'd child to start spinning. */
EXPECT_EQ(read(pipefd[0], &tmp, sizeof(int)), sizeof(int));
EXPECT_EQ(tmp, 42);
close(pipefd[0]);
/* Now we can enable the event, knowing the child is doing work. */
EXPECT_EQ(ioctl(self->fd, PERF_EVENT_IOC_ENABLE, 0), 0);
/* If the event propagated to the exec'd child, it will exit normally... */
Reported by FlawFinder.
Line: 156
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
/* Now we can enable the event, knowing the child is doing work. */
EXPECT_EQ(ioctl(self->fd, PERF_EVENT_IOC_ENABLE, 0), 0);
/* If the event propagated to the exec'd child, it will exit normally... */
usleep(100000); /* ... give time for event to trigger (in case of bug). */
EXPECT_EQ(waitpid(pid_exec, &tmp, WNOHANG), 0); /* Should still be running. */
EXPECT_EQ(kill(pid_exec, SIGKILL), 0);
/* Verify removal from child did not affect this task's event. */
tmp = signal_count;
Reported by FlawFinder.
Line: 189
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
* The child may exit abnormally at any time if the event propagated and
* a SIGTRAP is sent before the handler was set up.
*/
usleep(100000); /* ... give time for event to trigger (in case of bug). */
EXPECT_EQ(waitpid(pid_exec, &tmp, WNOHANG), 0); /* Should still be running. */
EXPECT_EQ(kill(pid_exec, SIGKILL), 0);
/* Verify removal from child did not affect this task's event. */
tmp = signal_count;
Reported by FlawFinder.
Line: 215
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
EXPECT_EQ(ioctl(self->fd, PERF_EVENT_IOC_ENABLE, 0), 0);
}
usleep(100000); /* ... give time for event to trigger (in case of bug). */
for (i = 0; i < sizeof(pids) / sizeof(pids[0]); i++) {
/* All children should still be running. */
EXPECT_EQ(waitpid(pids[i], &tmp, WNOHANG), 0);
EXPECT_EQ(kill(pids[i], SIGKILL), 0);
Reported by FlawFinder.
tools/testing/selftests/pidfd/pidfd_fdinfo_test.c
7 issues
Line: 34
Column: 6
CWE codes:
134
Suggestion:
Use a constant for the format specification
err->code = code;
va_start(args, fmt);
r = vsnprintf(err->msg, sizeof(err->msg), fmt, args);
assert((size_t)r < sizeof(err->msg));
va_end(args);
return code;
}
Reported by FlawFinder.
Line: 162
Column: 6
CWE codes:
134
Suggestion:
Use a constant for the format specification
int r;
va_start(args, expect);
r = vsnprintf(buffer, sizeof(buffer), expect, args);
assert((size_t)r < sizeof(buffer));
va_end(args);
snprintf(path, sizeof(path), "/proc/self/fdinfo/%d", pidfd);
f = fopen(path, "re");
Reported by FlawFinder.
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct error {
int code;
char msg[512];
};
static int error_set(struct error *err, int code, const char *fmt, ...)
{
va_list args;
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static int flags = CLONE_PIDFD | CLONE_NEWPID | CLONE_NEWNS | SIGCHLD;
size_t stack_size = 1024;
char *stack[1024] = { 0 };
struct child ret;
if (!(flags & CLONE_NEWUSER) && geteuid() != 0)
flags |= CLONE_NEWUSER;
Reported by FlawFinder.
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int verify_fdinfo(int pidfd, struct error *err, const char *prefix,
size_t prefix_len, const char *expect, ...)
{
char buffer[512] = {0, };
char path[512] = {0, };
va_list args;
FILE *f;
char *line = NULL;
size_t n = 0;
Reported by FlawFinder.
Line: 153
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t prefix_len, const char *expect, ...)
{
char buffer[512] = {0, };
char path[512] = {0, };
va_list args;
FILE *f;
char *line = NULL;
size_t n = 0;
int found = 0;
Reported by FlawFinder.
Line: 167
Column: 6
CWE codes:
362
va_end(args);
snprintf(path, sizeof(path), "/proc/self/fdinfo/%d", pidfd);
f = fopen(path, "re");
if (!f)
return error_set(err, PIDFD_ERROR, "fdinfo open failed for %d",
pidfd);
while (getline(&line, &n, f) != -1) {
Reported by FlawFinder.