The following issues were found
drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c
6 issues
Line: 525
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ntohs(tuple->src_port));
}
if (tuple->etype == htons(ETH_P_IP)) {
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv4_layout.ipv4),
&tuple->src_ipv4,
4);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
Reported by FlawFinder.
Line: 529
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outer_headers.src_ipv4_src_ipv6.ipv4_layout.ipv4),
&tuple->src_ipv4,
4);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
&tuple->dst_ipv4,
4);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
outer_headers.src_ipv4_src_ipv6.ipv4_layout.ipv4);
Reported by FlawFinder.
Line: 538
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
outer_headers.dst_ipv4_dst_ipv6.ipv4_layout.ipv4);
} else {
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6),
&tuple->src_ipv6,
16);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
Reported by FlawFinder.
Line: 542
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6),
&tuple->src_ipv6,
16);
memcpy(MLX5_ADDR_OF(fte_match_param, spec->match_value,
outer_headers.dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
&tuple->dst_ipv6,
16);
memset(MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
outer_headers.src_ipv4_src_ipv6.ipv6_layout.ipv6),
Reported by FlawFinder.
Line: 642
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
tuple->src_ipv4 = fk->addrs.v4addrs.src;
tuple->dst_ipv4 = fk->addrs.v4addrs.dst;
} else {
memcpy(&tuple->src_ipv6, &fk->addrs.v6addrs.src,
sizeof(struct in6_addr));
memcpy(&tuple->dst_ipv6, &fk->addrs.v6addrs.dst,
sizeof(struct in6_addr));
}
tuple->src_port = fk->ports.src;
Reported by FlawFinder.
Line: 644
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
memcpy(&tuple->src_ipv6, &fk->addrs.v6addrs.src,
sizeof(struct in6_addr));
memcpy(&tuple->dst_ipv6, &fk->addrs.v6addrs.dst,
sizeof(struct in6_addr));
}
tuple->src_port = fk->ports.src;
tuple->dst_port = fk->ports.dst;
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/flower/metadata.c
6 issues
Line: 52
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
NFP_FL_STATS_ELEM_RS + 1))
return -ENOBUFS;
memcpy(&ring->buf[ring->head], &stats_context_id, NFP_FL_STATS_ELEM_RS);
ring->head = (ring->head + NFP_FL_STATS_ELEM_RS) %
(priv->stats_ring_size * NFP_FL_STATS_ELEM_RS);
return 0;
}
Reported by FlawFinder.
Line: 89
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ENOENT;
}
memcpy(&temp_stats_id, &ring->buf[ring->tail], NFP_FL_STATS_ELEM_RS);
*stats_context_id = temp_stats_id;
memcpy(&ring->buf[ring->tail], &freed_stats_id, NFP_FL_STATS_ELEM_RS);
ring->tail = (ring->tail + NFP_FL_STATS_ELEM_RS) %
(priv->stats_ring_size * NFP_FL_STATS_ELEM_RS);
Reported by FlawFinder.
Line: 91
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&temp_stats_id, &ring->buf[ring->tail], NFP_FL_STATS_ELEM_RS);
*stats_context_id = temp_stats_id;
memcpy(&ring->buf[ring->tail], &freed_stats_id, NFP_FL_STATS_ELEM_RS);
ring->tail = (ring->tail + NFP_FL_STATS_ELEM_RS) %
(priv->stats_ring_size * NFP_FL_STATS_ELEM_RS);
return 0;
}
Reported by FlawFinder.
Line: 145
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (CIRC_SPACE(ring->head, ring->tail, NFP_FLOWER_MASK_ENTRY_RS) == 0)
return -ENOBUFS;
memcpy(&ring->buf[ring->head], &mask_id, NFP_FLOWER_MASK_ELEMENT_RS);
ring->head = (ring->head + NFP_FLOWER_MASK_ELEMENT_RS) %
(NFP_FLOWER_MASK_ENTRY_RS * NFP_FLOWER_MASK_ELEMENT_RS);
priv->mask_ids.last_used[mask_id] = ktime_get();
Reported by FlawFinder.
Line: 174
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ring->head == ring->tail)
goto err_not_found;
memcpy(&temp_id, &ring->buf[ring->tail], NFP_FLOWER_MASK_ELEMENT_RS);
*mask_id = temp_id;
reuse_timeout = ktime_add_ns(priv->mask_ids.last_used[*mask_id],
NFP_FL_MASK_REUSE_TIME_NS);
Reported by FlawFinder.
Line: 183
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ktime_before(ktime_get(), reuse_timeout))
goto err_not_found;
memcpy(&ring->buf[ring->tail], &freed_id, NFP_FLOWER_MASK_ELEMENT_RS);
ring->tail = (ring->tail + NFP_FLOWER_MASK_ELEMENT_RS) %
(NFP_FLOWER_MASK_ENTRY_RS * NFP_FLOWER_MASK_ELEMENT_RS);
return 0;
Reported by FlawFinder.
drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
6 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "nfp_port.h"
struct nfp_et_stat {
char name[ETH_GSTRING_LEN];
int off;
};
static const struct nfp_et_stat nfp_net_et_stats[] = {
/* Stats from the device */
Reported by FlawFinder.
Line: 203
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
nfp_get_drvinfo(struct nfp_app *app, struct pci_dev *pdev,
const char *vnic_version, struct ethtool_drvinfo *drvinfo)
{
char nsp_version[ETHTOOL_FWVERS_LEN] = {};
strlcpy(drvinfo->driver, pdev->driver->name, sizeof(drvinfo->driver));
nfp_net_get_nspinfo(app, nsp_version);
snprintf(drvinfo->fw_version, sizeof(drvinfo->fw_version),
"%s %s %s %s", vnic_version, nsp_version,
Reported by FlawFinder.
Line: 215
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void
nfp_net_get_drvinfo(struct net_device *netdev, struct ethtool_drvinfo *drvinfo)
{
char vnic_version[ETHTOOL_FWVERS_LEN] = {};
struct nfp_net *nn = netdev_priv(netdev);
snprintf(vnic_version, sizeof(vnic_version), "%d.%d.%d.%d",
nn->fw_ver.resv, nn->fw_ver.class,
nn->fw_ver.major, nn->fw_ver.minor);
Reported by FlawFinder.
Line: 601
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (id < ARRAY_SIZE(nfp_tlv_stat_names) &&
nfp_tlv_stat_names[id][0]) {
memcpy(data, nfp_tlv_stat_names[id], ETH_GSTRING_LEN);
data += ETH_GSTRING_LEN;
} else {
ethtool_sprintf(&data, "dev_unknown_stat%u", id);
}
}
Reported by FlawFinder.
Line: 1022
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < ARRAY_SIZE(nn->rss_itbl); i++)
indir[i] = nn->rss_itbl[i];
if (key)
memcpy(key, nn->rss_key, nfp_net_rss_key_sz(nn));
if (hfunc) {
*hfunc = nn->rss_hfunc;
if (*hfunc >= 1 << ETH_RSS_HASH_FUNCS_COUNT)
*hfunc = ETH_RSS_HASH_UNKNOWN;
}
Reported by FlawFinder.
Line: 1047
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
if (key) {
memcpy(nn->rss_key, key, nfp_net_rss_key_sz(nn));
nfp_net_rss_write_key(nn);
}
if (indir) {
for (i = 0; i < ARRAY_SIZE(nn->rss_itbl); i++)
nn->rss_itbl[i] = indir[i];
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/cgroup_attach_override.c
6 issues
Line: 51
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
"attach prog to %s failed, errno=%d\n", FOO, errno))
goto err;
if (CHECK(!system(PING_CMD), "ping_fail",
"ping unexpectedly succeeded\n"))
goto err;
bar = test__join_cgroup(BAR);
if (CHECK(bar < 0, "cgroup_join_bar", "cgroup setup failed\n"))
Reported by FlawFinder.
Line: 59
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (CHECK(bar < 0, "cgroup_join_bar", "cgroup setup failed\n"))
goto err;
if (CHECK(!system(PING_CMD), "ping_fail",
"ping unexpectedly succeeded\n"))
goto err;
if (CHECK(bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
BPF_F_ALLOW_OVERRIDE),
Reported by FlawFinder.
Line: 69
Column: 12
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
"attach prog to %s failed, errno=%d\n", BAR, errno))
goto err;
if (CHECK(system(PING_CMD), "ping_ok", "ping failed\n"))
goto err;
if (CHECK(bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS),
"prog_detach_bar",
"detach prog from %s failed, errno=%d\n", BAR, errno))
Reported by FlawFinder.
Line: 77
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
"detach prog from %s failed, errno=%d\n", BAR, errno))
goto err;
if (CHECK(!system(PING_CMD), "ping_fail",
"ping unexpectedly succeeded\n"))
goto err;
if (CHECK(bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
BPF_F_ALLOW_OVERRIDE),
Reported by FlawFinder.
Line: 92
Column: 12
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
"detach prog from %s failed, errno=%d\n", FOO, errno))
goto err;
if (CHECK(system(PING_CMD), "ping_ok", "ping failed\n"))
goto err;
if (CHECK(bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS,
BPF_F_ALLOW_OVERRIDE),
"prog_attach_allow_bar_override",
Reported by FlawFinder.
Line: 11
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define BAR "/foo/bar/"
#define PING_CMD "ping -q -c1 -w1 127.0.0.1 > /dev/null"
static char bpf_log_buf[BPF_LOG_BUF_SIZE];
static int prog_load(int verdict)
{
struct bpf_insn prog[] = {
BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */
Reported by FlawFinder.
sound/xen/xen_snd_front_alsa.c
6 issues
Line: 629
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (unlikely(pos + count > stream->buffer_sz))
return -EINVAL;
memcpy(stream->buffer + pos, src, count);
return xen_snd_front_stream_write(&stream->evt_pair->req, pos, count);
}
static int alsa_cap_copy_user(struct snd_pcm_substream *substream,
Reported by FlawFinder.
Line: 666
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (ret < 0)
return ret;
memcpy(dst, stream->buffer + pos, count);
return 0;
}
static int alsa_pb_fill_silence(struct snd_pcm_substream *substream,
Reported by FlawFinder.
Line: 786
Column: 2
CWE codes:
120
pcm->info_flags = 0;
/* we want to handle all PCM operations in non-atomic context */
pcm->nonatomic = true;
strncpy(pcm->name, "Virtual card PCM", sizeof(pcm->name));
if (instance_cfg->num_streams_pb)
snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK,
&snd_drv_alsa_playback_ops);
Reported by FlawFinder.
Line: 838
Column: 2
CWE codes:
120
goto fail;
}
strncpy(card->driver, XENSND_DRIVER_NAME, sizeof(card->driver));
strncpy(card->shortname, cfg->name_short, sizeof(card->shortname));
strncpy(card->longname, cfg->name_long, sizeof(card->longname));
ret = snd_card_register(card);
if (ret < 0)
Reported by FlawFinder.
Line: 839
Column: 2
CWE codes:
120
}
strncpy(card->driver, XENSND_DRIVER_NAME, sizeof(card->driver));
strncpy(card->shortname, cfg->name_short, sizeof(card->shortname));
strncpy(card->longname, cfg->name_long, sizeof(card->longname));
ret = snd_card_register(card);
if (ret < 0)
goto fail;
Reported by FlawFinder.
Line: 840
Column: 2
CWE codes:
120
strncpy(card->driver, XENSND_DRIVER_NAME, sizeof(card->driver));
strncpy(card->shortname, cfg->name_short, sizeof(card->shortname));
strncpy(card->longname, cfg->name_long, sizeof(card->longname));
ret = snd_card_register(card);
if (ret < 0)
goto fail;
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/cgroup_attach_multi.c
6 issues
Line: 150
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
"prog5_attach_to_cg5_none", "errno=%d\n", errno))
goto err;
CHECK_FAIL(system(PING_CMD));
CHECK_FAIL(bpf_map_lookup_elem(map_fd, &key, &value));
CHECK_FAIL(value != 1 + 2 + 8 + 32);
/* query the number of effective progs in cg5 */
CHECK_FAIL(bpf_prog_query(cg5, BPF_CGROUP_INET_EGRESS,
Reported by FlawFinder.
Line: 189
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
value = 0;
CHECK_FAIL(bpf_map_update_elem(map_fd, &key, &value, 0));
CHECK_FAIL(system(PING_CMD));
CHECK_FAIL(bpf_map_lookup_elem(map_fd, &key, &value));
CHECK_FAIL(value != 1 + 2 + 8 + 16);
/* test replace */
Reported by FlawFinder.
Line: 242
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
value = 0;
CHECK_FAIL(bpf_map_update_elem(map_fd, &key, &value, 0));
CHECK_FAIL(system(PING_CMD));
CHECK_FAIL(bpf_map_lookup_elem(map_fd, &key, &value));
CHECK_FAIL(value != 64 + 2 + 8 + 16);
/* detach 3rd from bottom program and ping again */
if (CHECK(!bpf_prog_detach2(0, cg3, BPF_CGROUP_INET_EGRESS),
Reported by FlawFinder.
Line: 257
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
value = 0;
CHECK_FAIL(bpf_map_update_elem(map_fd, &key, &value, 0));
CHECK_FAIL(system(PING_CMD));
CHECK_FAIL(bpf_map_lookup_elem(map_fd, &key, &value));
CHECK_FAIL(value != 64 + 2 + 16);
/* detach 2nd from bottom program and ping again */
if (CHECK(bpf_prog_detach2(-1, cg4, BPF_CGROUP_INET_EGRESS),
Reported by FlawFinder.
Line: 268
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
value = 0;
CHECK_FAIL(bpf_map_update_elem(map_fd, &key, &value, 0));
CHECK_FAIL(system(PING_CMD));
CHECK_FAIL(bpf_map_lookup_elem(map_fd, &key, &value));
CHECK_FAIL(value != 64 + 2 + 4);
prog_cnt = 4;
CHECK_FAIL(bpf_prog_query(cg5, BPF_CGROUP_INET_EGRESS,
Reported by FlawFinder.
Line: 9
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PING_CMD "ping -q -c1 -w1 127.0.0.1 > /dev/null"
static char bpf_log_buf[BPF_LOG_BUF_SIZE];
static int map_fd = -1;
static int prog_load_cnt(int verdict, int val)
{
Reported by FlawFinder.
tools/bpf/bpftool/cgroup.c
6 issues
Line: 130
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 prog_ids[1024] = {0};
__u32 prog_cnt, iter;
__u32 attach_flags;
char buf[32];
int ret;
prog_cnt = ARRAY_SIZE(prog_ids);
ret = bpf_prog_query(cgroup_fd, type, query_flags, &attach_flags,
prog_ids, &prog_cnt);
Reported by FlawFinder.
Line: 193
Column: 14
CWE codes:
362
}
}
cgroup_fd = open(path, O_RDONLY);
if (cgroup_fd < 0) {
p_err("can't open cgroup %s", path);
goto exit;
}
Reported by FlawFinder.
Line: 252
Column: 14
CWE codes:
362
if (typeflag != FTW_D)
return 0;
cgroup_fd = open(fpath, O_RDONLY);
if (cgroup_fd < 0) {
p_err("can't open cgroup %s: %s", fpath, strerror(errno));
return SHOW_TREE_FN_ERR;
}
Reported by FlawFinder.
Line: 303
Column: 6
CWE codes:
362
struct mntent *mnt;
FILE *f;
f = fopen("/proc/mounts", "r");
if (f == NULL)
return NULL;
while ((mnt = getmntent(f))) {
if (strcmp(mnt->mnt_type, "cgroup2") == 0) {
Reported by FlawFinder.
Line: 393
Column: 14
CWE codes:
362
goto exit;
}
cgroup_fd = open(argv[0], O_RDONLY);
if (cgroup_fd < 0) {
p_err("can't open cgroup %s", argv[0]);
goto exit;
}
Reported by FlawFinder.
Line: 451
Column: 14
CWE codes:
362
goto exit;
}
cgroup_fd = open(argv[0], O_RDONLY);
if (cgroup_fd < 0) {
p_err("can't open cgroup %s", argv[0]);
goto exit;
}
Reported by FlawFinder.
tools/testing/selftests/powerpc/ptrace/core-pkey.c
6 issues
Line: 165
CWE codes:
476
/* Crash. */
ptr = 0;
*ptr = 1;
/* Shouldn't get here. */
FAIL_IF(true);
return TEST_FAIL;
Reported by Cppcheck.
Line: 258
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int parent(struct shared_info *info, pid_t pid)
{
char *filenames, *filename[3];
int fd, i, ret, status;
unsigned long regs[3];
off_t core_size;
void *core;
Reported by FlawFinder.
Line: 323
Column: 7
CWE codes:
362
goto out;
}
fd = open(filename[i], O_RDONLY);
if (fd == -1) {
perror("Error opening core file");
ret = TEST_FAIL;
goto out;
}
Reported by FlawFinder.
Line: 354
Column: 6
CWE codes:
362
size_t len = strlen(core_pattern), ret;
FILE *f;
f = fopen(core_pattern_file, "w");
SKIP_IF_MSG(!f, "Try with root privileges");
ret = fwrite(core_pattern, 1, len, f);
fclose(f);
if (ret != len) {
Reported by FlawFinder.
Line: 379
Column: 6
CWE codes:
362
return TEST_FAIL;
}
f = fopen(core_pattern_file, "r");
if (!f) {
perror("Error opening core_pattern file");
ret = TEST_FAIL;
goto out;
}
Reported by FlawFinder.
Line: 351
Column: 15
CWE codes:
126
static int write_core_pattern(const char *core_pattern)
{
size_t len = strlen(core_pattern), ret;
FILE *f;
f = fopen(core_pattern_file, "w");
SKIP_IF_MSG(!f, "Try with root privileges");
Reported by FlawFinder.
sound/xen/xen_snd_front.c
6 issues
Line: 97
Column: 10
CWE codes:
362
mutex_lock(&evtchnl->ring_io_lock);
req = be_stream_prepare_req(evtchnl, XENSND_OP_OPEN);
req->op.open.pcm_format = format;
req->op.open.pcm_channels = channels;
req->op.open.pcm_rate = rate;
req->op.open.buffer_sz = buffer_sz;
req->op.open.period_sz = period_sz;
req->op.open.gref_directory =
Reported by FlawFinder.
Line: 98
Column: 10
CWE codes:
362
mutex_lock(&evtchnl->ring_io_lock);
req = be_stream_prepare_req(evtchnl, XENSND_OP_OPEN);
req->op.open.pcm_format = format;
req->op.open.pcm_channels = channels;
req->op.open.pcm_rate = rate;
req->op.open.buffer_sz = buffer_sz;
req->op.open.period_sz = period_sz;
req->op.open.gref_directory =
xen_front_pgdir_shbuf_get_dir_start(shbuf);
Reported by FlawFinder.
Line: 99
Column: 10
CWE codes:
362
req = be_stream_prepare_req(evtchnl, XENSND_OP_OPEN);
req->op.open.pcm_format = format;
req->op.open.pcm_channels = channels;
req->op.open.pcm_rate = rate;
req->op.open.buffer_sz = buffer_sz;
req->op.open.period_sz = period_sz;
req->op.open.gref_directory =
xen_front_pgdir_shbuf_get_dir_start(shbuf);
mutex_unlock(&evtchnl->ring_io_lock);
Reported by FlawFinder.
Line: 100
Column: 10
CWE codes:
362
req->op.open.pcm_format = format;
req->op.open.pcm_channels = channels;
req->op.open.pcm_rate = rate;
req->op.open.buffer_sz = buffer_sz;
req->op.open.period_sz = period_sz;
req->op.open.gref_directory =
xen_front_pgdir_shbuf_get_dir_start(shbuf);
mutex_unlock(&evtchnl->ring_io_lock);
Reported by FlawFinder.
Line: 101
Column: 10
CWE codes:
362
req->op.open.pcm_channels = channels;
req->op.open.pcm_rate = rate;
req->op.open.buffer_sz = buffer_sz;
req->op.open.period_sz = period_sz;
req->op.open.gref_directory =
xen_front_pgdir_shbuf_get_dir_start(shbuf);
mutex_unlock(&evtchnl->ring_io_lock);
ret = be_stream_do_io(evtchnl);
Reported by FlawFinder.
Line: 102
Column: 10
CWE codes:
362
req->op.open.pcm_rate = rate;
req->op.open.buffer_sz = buffer_sz;
req->op.open.period_sz = period_sz;
req->op.open.gref_directory =
xen_front_pgdir_shbuf_get_dir_start(shbuf);
mutex_unlock(&evtchnl->ring_io_lock);
ret = be_stream_do_io(evtchnl);
Reported by FlawFinder.
tools/perf/util/jitdump.c
6 issues
Line: 243
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/*
* keep dirname for generating files and mmap records
*/
strcpy(jd->dir, name);
dirname(jd->dir);
return 0;
error:
funlockfile(jd->in);
Reported by FlawFinder.
Line: 56
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t code_load_count;
u64 bytes_written;
struct rb_root code_root;
char dir[PATH_MAX];
};
struct debug_line_info {
unsigned long vma;
unsigned int lineno;
Reported by FlawFinder.
Line: 96
Column: 7
CWE codes:
362
fprintf(stderr, "write ELF image %s\n", filename);
nsinfo__mountns_enter(jd->nsi, &nsc);
fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY, 0644);
saved_errno = errno;
nsinfo__mountns_exit(&nsc);
if (fd == -1) {
pr_warning("cannot create jit ELF %s: %s\n", filename, strerror(saved_errno));
return -1;
Reported by FlawFinder.
Line: 154
Column: 11
CWE codes:
362
int ret, retval = -1;
nsinfo__mountns_enter(jd->nsi, &nsc);
jd->in = fopen(name, "r");
nsinfo__mountns_exit(&nsc);
if (!jd->in)
return -1;
bsz = hmax(sizeof(header), sizeof(*prefix));
Reported by FlawFinder.
Line: 648
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!data)
return -1;
memcpy(data, &jr->info.entries, sz);
jd->debug_data = data;
/*
* we must use nr_entry instead of size here because
Reported by FlawFinder.
Line: 675
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!unwinding_data)
return -1;
memcpy(unwinding_data, &jr->unwinding.unwinding_data,
unwinding_data_size);
jd->eh_frame_hdr_size = jr->unwinding.eh_frame_hdr_size;
jd->unwinding_size = jr->unwinding.unwinding_size;
jd->unwinding_mapped_size = jr->unwinding.mapped_size;
Reported by FlawFinder.