The following issues were found
sound/core/pcm_misc.c
6 issues
Line: 39
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char phys; /* physical bit width */
signed char le; /* 0 = big-endian, 1 = little-endian, -1 = others */
signed char signd; /* 0 = unsigned, 1 = signed, -1 = others */
unsigned char silence[8]; /* silence data to fill */
};
/* we do lots of calculations on snd_pcm_format_t; shut up sparse */
#define INT __force int
Reported by FlawFinder.
Line: 449
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dst = data;
#if 0
while (samples--) {
memcpy(dst, pat, width);
dst += width;
}
#else
/* a bit optimization for constant width */
switch (width) {
Reported by FlawFinder.
Line: 457
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (width) {
case 2:
while (samples--) {
memcpy(dst, pat, 2);
dst += 2;
}
break;
case 3:
while (samples--) {
Reported by FlawFinder.
Line: 463
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 3:
while (samples--) {
memcpy(dst, pat, 3);
dst += 3;
}
break;
case 4:
while (samples--) {
Reported by FlawFinder.
Line: 469
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 4:
while (samples--) {
memcpy(dst, pat, 4);
dst += 4;
}
break;
case 8:
while (samples--) {
Reported by FlawFinder.
Line: 475
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
case 8:
while (samples--) {
memcpy(dst, pat, 8);
dst += 8;
}
break;
}
#endif
Reported by FlawFinder.
samples/bpf/tracex2_user.c
6 issues
Line: 151
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
signal(SIGTERM, int_exit);
/* start 'ping' in the background to have some kfree_skb events */
f = popen("ping -4 -c5 localhost", "r");
(void) f;
/* start 'dd' in the background to have plenty of 'write' syscalls */
f = popen("dd if=/dev/zero of=/dev/null count=5000000", "r");
(void) f;
Reported by FlawFinder.
Line: 155
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
(void) f;
/* start 'dd' in the background to have plenty of 'write' syscalls */
f = popen("dd if=/dev/zero of=/dev/null count=5000000", "r");
(void) f;
bpf_object__for_each_program(prog, obj) {
links[j] = bpf_program__attach(prog);
if (libbpf_get_error(links[j])) {
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct task {
char comm[16];
__u64 pid_tgid;
__u64 uid_gid;
};
struct hist_key {
Reported by FlawFinder.
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int nr_cpus = bpf_num_possible_cpus();
struct hist_key key = {}, next_key;
long values[nr_cpus];
char starstr[MAX_STARS];
long value;
long data[MAX_INDEX] = {};
int max_ind = -1;
long max_value = 0;
int i, ind;
Reported by FlawFinder.
Line: 97
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (memcmp(&tasks[i], &next_key, SIZE) == 0)
found = 1;
if (!found)
memcpy(&tasks[task_cnt++], &next_key, SIZE);
key = next_key;
}
for (i = 0; i < task_cnt; i++) {
printf("\npid %d cmd %s uid %d\n",
Reported by FlawFinder.
Line: 123
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bpf_link *links[2];
struct bpf_program *prog;
struct bpf_object *obj;
char filename[256];
int i, j = 0;
FILE *f;
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
obj = bpf_object__open_file(filename, NULL);
Reported by FlawFinder.
sound/soc/fsl/imx-pcm-rpmsg.c
6 issues
Line: 77
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -ETIMEDOUT;
}
memcpy(&msg->r_msg, &info->r_msg, sizeof(struct rpmsg_r_msg));
memcpy(&info->msg[msg->r_msg.header.cmd].r_msg,
&msg->r_msg, sizeof(struct rpmsg_r_msg));
/*
* Reset the buffer pointer to be zero, actully we have
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(&msg->r_msg, &info->r_msg, sizeof(struct rpmsg_r_msg));
memcpy(&info->msg[msg->r_msg.header.cmd].r_msg,
&msg->r_msg, sizeof(struct rpmsg_r_msg));
/*
* Reset the buffer pointer to be zero, actully we have
* set the buffer pointer to be zero in imx_rpmsg_terminate_all
Reported by FlawFinder.
Line: 122
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (info->work_write_index != info->work_read_index) {
int index = info->work_write_index;
memcpy(&info->work_list[index].msg, msg,
sizeof(struct rpmsg_s_msg));
queue_work(info->rpmsg_wq, &info->work_list[index].work);
info->work_write_index++;
info->work_write_index %= WORK_MAX_NUM;
Reported by FlawFinder.
Line: 576
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* The notification message is updated to latest */
spin_lock_irqsave(&info->lock[substream->stream], flags);
memcpy(&info->notify[substream->stream], msg,
sizeof(struct rpmsg_s_msg));
info->notify_updated[substream->stream] = true;
spin_unlock_irqrestore(&info->lock[substream->stream], flags);
if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)
Reported by FlawFinder.
Line: 723
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
spin_lock_irqsave(&info->lock[TX], flags);
if (info->notify_updated[TX]) {
memcpy(&msg, &info->notify[TX], sizeof(struct rpmsg_s_msg));
info->notify_updated[TX] = false;
spin_unlock_irqrestore(&info->lock[TX], flags);
info->send_message(&msg, info);
} else {
spin_unlock_irqrestore(&info->lock[TX], flags);
Reported by FlawFinder.
Line: 733
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
spin_lock_irqsave(&info->lock[RX], flags);
if (info->notify_updated[RX]) {
memcpy(&msg, &info->notify[RX], sizeof(struct rpmsg_s_msg));
info->notify_updated[RX] = false;
spin_unlock_irqrestore(&info->lock[RX], flags);
info->send_message(&msg, info);
} else {
spin_unlock_irqrestore(&info->lock[RX], flags);
Reported by FlawFinder.
sound/firewire/dice/dice.c
6 issues
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct snd_card *card = dice->card;
struct fw_device *dev = fw_parent_device(dice->unit);
char vendor[32], model[32];
unsigned int i;
int err;
strcpy(card->driver, "DICE");
Reported by FlawFinder.
Line: 105
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
unsigned int i;
int err;
strcpy(card->driver, "DICE");
strcpy(card->shortname, "DICE");
BUILD_BUG_ON(NICK_NAME_SIZE < sizeof(card->shortname));
err = snd_dice_transaction_read_global(dice, GLOBAL_NICK_NAME,
card->shortname,
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(card->driver, "DICE");
strcpy(card->shortname, "DICE");
BUILD_BUG_ON(NICK_NAME_SIZE < sizeof(card->shortname));
err = snd_dice_transaction_read_global(dice, GLOBAL_NICK_NAME,
card->shortname,
sizeof(card->shortname));
if (err >= 0) {
Reported by FlawFinder.
Line: 129
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
vendor, model, dev->config_rom[4] & 0x3fffff,
dev_name(&dice->unit->device), 100 << dev->max_speed);
strcpy(card->mixername, "DICE");
}
static void dice_card_free(struct snd_card *card)
{
struct snd_dice *dice = card->private_data;
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
card->shortname[sizeof(card->shortname) - 1] = '\0';
}
strcpy(vendor, "?");
fw_csr_string(dev->config_rom + 5, CSR_VENDOR, vendor, sizeof(vendor));
strcpy(model, "?");
fw_csr_string(dice->unit->directory, CSR_MODEL, model, sizeof(model));
snprintf(card->longname, sizeof(card->longname),
"%s %s (serial %u) at %s, S%d",
Reported by FlawFinder.
Line: 122
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(vendor, "?");
fw_csr_string(dev->config_rom + 5, CSR_VENDOR, vendor, sizeof(vendor));
strcpy(model, "?");
fw_csr_string(dice->unit->directory, CSR_MODEL, model, sizeof(model));
snprintf(card->longname, sizeof(card->longname),
"%s %s (serial %u) at %s, S%d",
vendor, model, dev->config_rom[4] & 0x3fffff,
dev_name(&dice->unit->device), 100 << dev->max_speed);
Reported by FlawFinder.
scripts/dtc/treesource.c
6 issues
Line: 96
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (isprint((unsigned char)c))
fprintf(f, "%c", c);
else
fprintf(f, "\\x%02"PRIx8, c);
}
}
fprintf(f, "\"");
}
Reported by FlawFinder.
Line: 110
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
for (; p < end; p += width) {
switch (width) {
case 1:
fprintf(f, "%02"PRIx8, *(const uint8_t*)p);
break;
case 2:
fprintf(f, "0x%02"PRIx16, dtb_ld16(p));
break;
case 4:
Reported by FlawFinder.
Line: 113
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(f, "%02"PRIx8, *(const uint8_t*)p);
break;
case 2:
fprintf(f, "0x%02"PRIx16, dtb_ld16(p));
break;
case 4:
fprintf(f, "0x%02"PRIx32, dtb_ld32(p));
break;
case 8:
Reported by FlawFinder.
Line: 116
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(f, "0x%02"PRIx16, dtb_ld16(p));
break;
case 4:
fprintf(f, "0x%02"PRIx32, dtb_ld32(p));
break;
case 8:
fprintf(f, "0x%02"PRIx64, dtb_ld64(p));
break;
}
Reported by FlawFinder.
Line: 119
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(f, "0x%02"PRIx32, dtb_ld32(p));
break;
case 8:
fprintf(f, "0x%02"PRIx64, dtb_ld64(p));
break;
}
if (p + width < end)
fputc(' ', f);
}
Reported by FlawFinder.
Line: 265
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (chunk_len == data_len) {
size_t pos = m->offset + chunk_len;
fprintf(f, pos == len ? "%s" : "%s,",
delim_end[emit_type] ? : "");
emit_type = TYPE_NONE;
}
}
fprintf(f, ";");
Reported by FlawFinder.
security/yama/yama_lsm.c
6 issues
Line: 46
Column: 14
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct access_report_info {
struct callback_head work;
const char *access;
struct task_struct *target;
struct task_struct *agent;
};
static void __report_access(struct callback_head *work)
Reported by FlawFinder.
Line: 62
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
pr_notice_ratelimited(
"ptrace %s of \"%s\"[%d] was attempted by \"%s\"[%d]\n",
info->access, target_cmd, info->target->pid, agent_cmd,
info->agent->pid);
kfree(agent_cmd);
kfree(target_cmd);
Reported by FlawFinder.
Line: 74
Column: 39
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
/* defers execution because cmdline access can sleep */
static void report_access(const char *access, struct task_struct *target,
struct task_struct *agent)
{
struct access_report_info *info;
char agent_comm[sizeof(agent->comm)];
Reported by FlawFinder.
Line: 88
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
*/
pr_notice_ratelimited(
"ptrace %s of \"%s\"[%d] was attempted by \"%s\"[%d]\n",
access, target->comm, target->pid,
get_task_comm(agent_comm, agent), agent->pid);
return;
}
info = kmalloc(sizeof(*info), GFP_ATOMIC);
Reported by FlawFinder.
Line: 99
Column: 17
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
init_task_work(&info->work, __report_access);
get_task_struct(target);
get_task_struct(agent);
info->access = access;
info->target = target;
info->agent = agent;
if (task_work_add(current, &info->work, TWA_RESUME) == 0)
return; /* success */
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct task_struct *agent)
{
struct access_report_info *info;
char agent_comm[sizeof(agent->comm)];
assert_spin_locked(&target->alloc_lock); /* for target->comm */
if (current->flags & PF_KTHREAD) {
/* I don't think kthreads call task_work_run() before exiting.
Reported by FlawFinder.
sound/soc/generic/simple-card-utils.c
6 issues
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *prefix,
struct asoc_simple_data *data)
{
char prop[128];
if (!prefix)
prefix = "";
/* sampling rate convert */
Reported by FlawFinder.
Line: 124
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Parse the card name from DT */
ret = snd_soc_of_parse_card_name(card, "label");
if (ret < 0 || !card->name) {
char prop[128];
snprintf(prop, sizeof(prop), "%sname", prefix);
ret = snd_soc_of_parse_card_name(card, prop);
if (ret < 0)
return ret;
Reported by FlawFinder.
Line: 466
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *prefix)
{
struct device_node *node = card->dev->of_node;
char prop[128];
if (!prefix)
prefix = "";
snprintf(prop, sizeof(prop), "%s%s", prefix, "routing");
Reported by FlawFinder.
Line: 484
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *prefix)
{
struct device_node *node = card->dev->of_node;
char prop[128];
if (!prefix)
prefix = "";
snprintf(prop, sizeof(prop), "%s%s", prefix, "widgets");
Reported by FlawFinder.
Line: 507
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct snd_kcontrol_new *controls;
struct device *dev = card->dev;
unsigned int i, nb_controls;
char prop[128];
int ret;
if (!prefix)
prefix = "";
Reported by FlawFinder.
Line: 563
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct device *dev = card->dev;
enum of_gpio_flags flags;
char prop[128];
char *pin_name;
char *gpio_name;
int mask;
int det;
Reported by FlawFinder.
scripts/extract-cert.c
6 issues
Line: 98
Column: 24
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
ERR_load_crypto_strings();
ERR_clear_error();
kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0");
key_pass = getenv("KBUILD_SIGN_PIN");
if (argc != 3)
format();
Reported by FlawFinder.
Line: 100
Column: 20
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0");
key_pass = getenv("KBUILD_SIGN_PIN");
if (argc != 3)
format();
cert_src = argv[1];
Reported by FlawFinder.
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void display_openssl_errors(int l)
{
const char *file;
char buf[120];
int e, line;
if (ERR_peek_error() == 0)
return;
fprintf(stderr, "At main.c:%d:\n", l);
Reported by FlawFinder.
Line: 78
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void write_cert(X509 *x509)
{
char buf[200];
if (!wb) {
wb = BIO_new_file(cert_dst, "wb");
ERR(!wb, "%s", cert_dst);
}
Reported by FlawFinder.
Line: 98
Column: 19
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
ERR_load_crypto_strings();
ERR_clear_error();
kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0");
key_pass = getenv("KBUILD_SIGN_PIN");
if (argc != 3)
format();
Reported by FlawFinder.
Line: 110
Column: 13
CWE codes:
362
if (!cert_src[0]) {
/* Invoked with no input; create empty file */
FILE *f = fopen(cert_dst, "wb");
ERR(!f, "%s", cert_dst);
fclose(f);
exit(0);
} else if (!strncmp(cert_src, "pkcs11:", 7)) {
ENGINE *e;
Reported by FlawFinder.
sound/isa/gus/gusextreme.c
6 issues
Line: 32
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MODULE_LICENSE("GPL");
static int index[SNDRV_CARDS] = SNDRV_DEFAULT_IDX; /* Index 0-MAX */
static char *id[SNDRV_CARDS] = SNDRV_DEFAULT_STR; /* ID for this card */
static bool enable[SNDRV_CARDS] = SNDRV_DEFAULT_ENABLE; /* Enable this card */
static long port[SNDRV_CARDS] = SNDRV_DEFAULT_PORT; /* 0x220,0x240,0x260 */
static long gf1_port[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS) - 1] = -1}; /* 0x210,0x220,0x230,0x240,0x250,0x260,0x270 */
static long mpu_port[SNDRV_CARDS] = {[0 ... (SNDRV_CARDS) - 1] = -1}; /* 0x300,0x310,0x320 */
static int irq[SNDRV_CARDS] = SNDRV_DEFAULT_IRQ; /* 5,7,9,10 */
Reported by FlawFinder.
Line: 207
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
id1.iface = id2.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
/* reassign AUX to SYNTHESIZER */
strcpy(id1.name, "Aux Playback Volume");
strcpy(id2.name, "Synth Playback Volume");
error = snd_ctl_rename_id(card, &id1, &id2);
if (error < 0)
return error;
Reported by FlawFinder.
Line: 208
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* reassign AUX to SYNTHESIZER */
strcpy(id1.name, "Aux Playback Volume");
strcpy(id2.name, "Synth Playback Volume");
error = snd_ctl_rename_id(card, &id1, &id2);
if (error < 0)
return error;
/* reassign Master Playback Switch to Synth Playback Switch */
Reported by FlawFinder.
Line: 214
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return error;
/* reassign Master Playback Switch to Synth Playback Switch */
strcpy(id1.name, "Master Playback Switch");
strcpy(id2.name, "Synth Playback Switch");
error = snd_ctl_rename_id(card, &id1, &id2);
if (error < 0)
return error;
Reported by FlawFinder.
Line: 215
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* reassign Master Playback Switch to Synth Playback Switch */
strcpy(id1.name, "Master Playback Switch");
strcpy(id2.name, "Synth Playback Switch");
error = snd_ctl_rename_id(card, &id1, &id2);
if (error < 0)
return error;
return 0;
Reported by FlawFinder.
Line: 313
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
goto out;
}
sprintf(card->longname, "Gravis UltraSound Extreme at 0x%lx, "
"irq %i&%i, dma %i&%i", es1688->port,
gus->gf1.irq, es1688->irq, gus->gf1.dma1, es1688->dma8);
error = snd_card_register(card);
if (error < 0)
Reported by FlawFinder.
samples/bpf/map_perf_test_user.c
6 issues
Line: 49
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
NR_TESTS,
};
const char *test_map_names[NR_TESTS] = {
[HASH_PREALLOC] = "hash_map",
[PERCPU_HASH_PREALLOC] = "percpu_hash_map",
[HASH_KMALLOC] = "hash_map_alloc",
[PERCPU_HASH_KMALLOC] = "percpu_hash_map_alloc",
[LRU_HASH_PREALLOC] = "lru_hash_map",
Reported by FlawFinder.
Line: 429
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bpf_program *prog;
struct bpf_object *obj;
struct bpf_map *map;
char filename[256];
int i = 0;
if (argc > 1)
test_flags = atoi(argv[1]) ? : test_flags;
Reported by FlawFinder.
Line: 433
Column: 16
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int i = 0;
if (argc > 1)
test_flags = atoi(argv[1]) ? : test_flags;
if (argc > 2)
nr_cpus = atoi(argv[2]) ? : nr_cpus;
if (argc > 3)
Reported by FlawFinder.
Line: 436
Column: 13
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
test_flags = atoi(argv[1]) ? : test_flags;
if (argc > 2)
nr_cpus = atoi(argv[2]) ? : nr_cpus;
if (argc > 3)
num_map_entries = atoi(argv[3]);
if (argc > 4)
Reported by FlawFinder.
Line: 439
Column: 21
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
nr_cpus = atoi(argv[2]) ? : nr_cpus;
if (argc > 3)
num_map_entries = atoi(argv[3]);
if (argc > 4)
max_cnt = atoi(argv[4]);
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
Reported by FlawFinder.
Line: 442
Column: 13
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
num_map_entries = atoi(argv[3]);
if (argc > 4)
max_cnt = atoi(argv[4]);
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
obj = bpf_object__open_file(filename, NULL);
if (libbpf_get_error(obj)) {
fprintf(stderr, "ERROR: opening BPF object file failed\n");
Reported by FlawFinder.