The following issues were found
samples/bpf/test_lru_dist.c
5 issues
Line: 510
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
setbuf(stdout, NULL);
srand(time(NULL));
nr_cpus = bpf_num_possible_cpus();
assert(nr_cpus != -1);
printf("nr_cpus:%d\n\n", nr_cpus);
Reported by FlawFinder.
Line: 180
Column: 12
CWE codes:
362
char *b, *l;
int i;
dist_fd = open(dist_file, 0);
assert(dist_fd != -1);
assert(fstat(dist_fd, &fst) == 0);
b = malloc(fst.st_size);
assert(b);
Reported by FlawFinder.
Line: 505
Column: 13
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
dist_file = argv[1];
lru_size = atoi(argv[2]);
nr_tasks = atoi(argv[3]);
setbuf(stdout, NULL);
srand(time(NULL));
Reported by FlawFinder.
Line: 506
Column: 13
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
dist_file = argv[1];
lru_size = atoi(argv[2]);
nr_tasks = atoi(argv[3]);
setbuf(stdout, NULL);
srand(time(NULL));
Reported by FlawFinder.
Line: 187
Column: 9
CWE codes:
120
20
b = malloc(fst.st_size);
assert(b);
assert(read(dist_fd, b, fst.st_size) == fst.st_size);
close(dist_fd);
for (i = 0; i < fst.st_size; i++) {
if (b[i] == '\n')
counts++;
}
Reported by FlawFinder.
samples/nitro_enclaves/ne_ioctl_sample.c
5 issues
Line: 345
Column: 21
CWE codes:
362
printf("Enclave image offset in enclave memory is %lld\n",
image_load_info.memory_offset);
enclave_image_fd = open(enclave_image_path, O_RDONLY);
if (enclave_image_fd < 0) {
printf("Error in open enclave image file [%m]\n");
return enclave_image_fd;
}
Reported by FlawFinder.
Line: 383
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bytes_to_write = memory_size < remaining_bytes ?
memory_size : remaining_bytes;
memcpy(userspace_addr + memory_offset,
enclave_image + image_written_bytes, bytes_to_write);
image_written_bytes += bytes_to_write;
if (image_written_bytes == enclave_image_size)
Reported by FlawFinder.
Line: 790
Column: 14
CWE codes:
362
exit(EXIT_FAILURE);
}
ne_dev_fd = open(NE_DEV_NAME, O_RDWR | O_CLOEXEC);
if (ne_dev_fd < 0) {
printf("Error in open NE device [%m]\n");
exit(EXIT_FAILURE);
}
Reported by FlawFinder.
Line: 737
Column: 7
CWE codes:
120
20
* Read the heartbeat value that the init process in the enclave sends
* after vsock connect.
*/
rc = read(client_vsock_fd, &recv_buf, sizeof(recv_buf));
if (rc < 0) {
printf("Error in read [%m]\n");
goto out;
}
Reported by FlawFinder.
Line: 784
Column: 6
CWE codes:
126
exit(EXIT_FAILURE);
}
if (strlen(argv[1]) >= PATH_MAX) {
printf("The size of the path to enclave image is higher than max path\n");
exit(EXIT_FAILURE);
}
Reported by FlawFinder.
samples/pidfd/pidfd-metadata.c
5 issues
Line: 37
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static pid_t pidfd_clone(int flags, int *pidfd)
{
size_t stack_size = 1024;
char *stack[1024] = { 0 };
#ifdef __ia64__
return __clone2(do_child, stack, stack_size, flags | SIGCHLD, NULL, pidfd);
#else
return clone(do_child, stack + stack_size, flags | SIGCHLD, NULL, pidfd);
Reported by FlawFinder.
Line: 55
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int pidfd_metadata_fd(pid_t pid, int pidfd)
{
int procfd, ret;
char path[100];
snprintf(path, sizeof(path), "/proc/%d", pid);
procfd = open(path, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
if (procfd < 0) {
warn("Failed to open %s\n", path);
Reported by FlawFinder.
Line: 58
Column: 11
CWE codes:
362
char path[100];
snprintf(path, sizeof(path), "/proc/%d", pid);
procfd = open(path, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
if (procfd < 0) {
warn("Failed to open %s\n", path);
return -1;
}
Reported by FlawFinder.
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char *argv[])
{
int pidfd = -1, ret = EXIT_FAILURE;
char buf[4096] = { 0 };
pid_t pid;
int procfd, statusfd;
ssize_t bytes;
pid = pidfd_clone(CLONE_PIDFD, &pidfd);
Reported by FlawFinder.
Line: 110
Column: 10
CWE codes:
120
20
if (statusfd < 0)
goto out;
bytes = read(statusfd, buf, sizeof(buf));
if (bytes > 0)
bytes = write(STDOUT_FILENO, buf, bytes);
close(statusfd);
ret = EXIT_SUCCESS;
Reported by FlawFinder.
samples/uhid/uhid-example.c
5 issues
Line: 182
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
memset(&ev, 0, sizeof(ev));
ev.type = UHID_CREATE;
strcpy((char*)ev.u.create.name, "test-uhid-device");
ev.u.create.rd_data = rdesc;
ev.u.create.rd_size = sizeof(rdesc);
ev.u.create.bus = BUS_USB;
ev.u.create.vendor = 0x15d9;
ev.u.create.product = 0x0a37;
Reported by FlawFinder.
Line: 303
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int keyboard(int fd)
{
char buf[128];
ssize_t ret, i;
ret = read(STDIN_FILENO, buf, sizeof(buf));
if (ret == 0) {
fprintf(stderr, "Read HUP on stdin\n");
Reported by FlawFinder.
Line: 416
Column: 7
CWE codes:
362
}
fprintf(stderr, "Open uhid-cdev %s\n", path);
fd = open(path, O_RDWR | O_CLOEXEC);
if (fd < 0) {
fprintf(stderr, "Cannot open uhid-cdev %s: %m\n", path);
return EXIT_FAILURE;
}
Reported by FlawFinder.
Line: 231
Column: 8
CWE codes:
120
20
ssize_t ret;
memset(&ev, 0, sizeof(ev));
ret = read(fd, &ev, sizeof(ev));
if (ret == 0) {
fprintf(stderr, "Read HUP on uhid-cdev\n");
return -EFAULT;
} else if (ret < 0) {
fprintf(stderr, "Cannot read uhid-cdev: %m\n");
Reported by FlawFinder.
Line: 306
Column: 8
CWE codes:
120
20
char buf[128];
ssize_t ret, i;
ret = read(STDIN_FILENO, buf, sizeof(buf));
if (ret == 0) {
fprintf(stderr, "Read HUP on stdin\n");
return -EFAULT;
} else if (ret < 0) {
fprintf(stderr, "Cannot read stdin: %m\n");
Reported by FlawFinder.
samples/watch_queue/watch_test.c
5 issues
Line: 37
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return syscall(__NR_keyctl, KEYCTL_WATCH_KEY, key, watch_fd, watch_id);
}
static const char *key_subtypes[256] = {
[NOTIFY_KEY_INSTANTIATED] = "instantiated",
[NOTIFY_KEY_UPDATED] = "updated",
[NOTIFY_KEY_LINKED] = "linked",
[NOTIFY_KEY_UNLINKED] = "unlinked",
[NOTIFY_KEY_CLEARED] = "cleared",
Reported by FlawFinder.
Line: 66
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static void consumer(int fd)
{
unsigned char buffer[433], *p, *end;
union {
struct watch_notification n;
unsigned char buf1[128];
} n;
ssize_t buf_len;
Reported by FlawFinder.
Line: 69
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char buffer[433], *p, *end;
union {
struct watch_notification n;
unsigned char buf1[128];
} n;
ssize_t buf_len;
for (;;) {
buf_len = read(fd, buffer, sizeof(buffer));
Reported by FlawFinder.
Line: 104
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fprintf(stderr, "Short message header: %zu\n", largest);
return;
}
memcpy(&n, p, largest);
printf("NOTIFY[%03zx]: ty=%06x sy=%02x i=%08x\n",
p - buffer, n.n.type, n.n.subtype, n.n.info);
len = n.n.info & WATCH_INFO_LENGTH;
Reported by FlawFinder.
scripts/basic/fixdep.c
5 issues
Line: 119
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int ret;
va_start(ap, format);
ret = vprintf(format, ap);
if (ret < 0) {
perror("fixdep");
exit(1);
}
va_end(ap);
Reported by FlawFinder.
Line: 173
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
perror("fixdep:malloc");
exit(1);
}
memcpy(aux->name, name, len);
aux->len = len;
aux->hash = hash;
aux->next = hashtab[hash % HASHSZ];
hashtab[hash % HASHSZ] = aux;
}
Reported by FlawFinder.
Line: 236
Column: 7
CWE codes:
362
int fd;
char *buf;
fd = open(filename, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "fixdep: error opening file: ");
perror(filename);
exit(2);
}
Reported by FlawFinder.
Line: 198
Column: 15
CWE codes:
126
/* test if s ends in sub */
static int str_ends_with(const char *s, int slen, const char *sub)
{
int sublen = strlen(sub);
if (sublen > slen)
return 0;
return !memcmp(s + slen - sublen, sub, sublen);
Reported by FlawFinder.
scripts/dtc/dtc.c
5 issues
Line: 310
CWE codes:
908
else
die("Unknown input format \"%s\"\n", inform);
dti->outname = outname;
if (depfile) {
fputc('\n', depfile);
fclose(depfile);
}
Reported by Cppcheck.
Line: 147
Column: 6
CWE codes:
362
if (!S_ISREG(statbuf.st_mode))
return fallback;
f = fopen(fname, "r");
if (f == NULL)
return fallback;
if (fread(&magic, 4, 1, f) != 1) {
fclose(f);
return fallback;
Reported by FlawFinder.
Line: 281
Column: 13
CWE codes:
362
die("Can't set both -p and -S\n");
if (depname) {
depfile = fopen(depname, "w");
if (!depfile)
die("Couldn't open dependency file %s: %s\n", depname,
strerror(errno));
fprintf(depfile, "%s:", outname);
}
Reported by FlawFinder.
Line: 346
Column: 10
CWE codes:
362
if (streq(outname, "-")) {
outf = stdout;
} else {
outf = fopen(outname, "wb");
if (! outf)
die("Couldn't open output file %s: %s\n",
outname, strerror(errno));
}
Reported by FlawFinder.
Line: 42
Column: 23
CWE codes:
126
if (unit)
tree->basenamelen = unit - tree->name;
else
tree->basenamelen = strlen(tree->name);
for_each_child(tree, child)
fill_fullpaths(child, tree->fullpath);
}
Reported by FlawFinder.
scripts/dtc/flattree.c
5 issues
Line: 581
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((inb->ptr + len) > inb->limit)
die("Premature end of data parsing flat device tree\n");
memcpy(p, inb->ptr, len);
inb->ptr += len;
}
static uint32_t flat_read_word(struct inbuf *inb)
Reported by FlawFinder.
Line: 57
Column: 9
CWE codes:
126
struct data *dtbuf = e;
if (len == 0)
len = strlen(str);
*dtbuf = data_append_data(*dtbuf, str, len);
*dtbuf = data_append_byte(*dtbuf, '\0');
}
Reported by FlawFinder.
Line: 231
Column: 33
CWE codes:
126
return i;
}
*d = data_append_data(*d, str, strlen(str)+1);
return i;
}
static void flatten_tree(struct node *tree, struct emitter *emit,
void *etarget, struct data *strbuf,
Reported by FlawFinder.
Line: 440
Column: 9
CWE codes:
126
p = strbuf.val;
while (p < (strbuf.val + strbuf.len)) {
len = strlen(p);
fprintf(f, "\t.string \"%s\"\n", p);
p += len+1;
}
}
Reported by FlawFinder.
Line: 717
Column: 9
CWE codes:
126
{
int plen;
plen = strlen(ppath);
if (!strstarts(cpath, ppath))
die("Path \"%s\" is not valid as a child of \"%s\"\n",
cpath, ppath);
Reported by FlawFinder.
scripts/gcc-plugins/gcc-generate-gimple-pass.h
5 issues
Line: 100
.todo_flags_finish = TODO_FLAGS_FINISH,
};
class _PASS_NAME_PASS : public gimple_opt_pass {
public:
_PASS_NAME_PASS() : gimple_opt_pass(_PASS_NAME_PASS_DATA, g) {}
#ifndef NO_GATE
#if BUILDING_GCC_VERSION >= 5000
Reported by Cppcheck.
Line: 100
.todo_flags_finish = TODO_FLAGS_FINISH,
};
class _PASS_NAME_PASS : public gimple_opt_pass {
public:
_PASS_NAME_PASS() : gimple_opt_pass(_PASS_NAME_PASS_DATA, g) {}
#ifndef NO_GATE
#if BUILDING_GCC_VERSION >= 5000
Reported by Cppcheck.
Line: 100
.todo_flags_finish = TODO_FLAGS_FINISH,
};
class _PASS_NAME_PASS : public gimple_opt_pass {
public:
_PASS_NAME_PASS() : gimple_opt_pass(_PASS_NAME_PASS_DATA, g) {}
#ifndef NO_GATE
#if BUILDING_GCC_VERSION >= 5000
Reported by Cppcheck.
Line: 100
.todo_flags_finish = TODO_FLAGS_FINISH,
};
class _PASS_NAME_PASS : public gimple_opt_pass {
public:
_PASS_NAME_PASS() : gimple_opt_pass(_PASS_NAME_PASS_DATA, g) {}
#ifndef NO_GATE
#if BUILDING_GCC_VERSION >= 5000
Reported by Cppcheck.
Line: 100
.todo_flags_finish = TODO_FLAGS_FINISH,
};
class _PASS_NAME_PASS : public gimple_opt_pass {
public:
_PASS_NAME_PASS() : gimple_opt_pass(_PASS_NAME_PASS_DATA, g) {}
#ifndef NO_GATE
#if BUILDING_GCC_VERSION >= 5000
Reported by Cppcheck.
scripts/kconfig/lxdialog/textbox.c
5 issues
Line: 359
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *get_line(void)
{
int i = 0;
static char line[MAX_LEN + 1];
end_reached = 0;
while (*page != '\n') {
if (*page == '\0') {
end_reached = 1;
Reported by FlawFinder.
Line: 154
Column: 17
CWE codes:
126
end_reached = 1;
/* point to last char in buf */
page = buf + strlen(buf);
back_lines(boxh);
refresh_text_box(dialog, box, boxh, boxw, cur_y,
cur_x, update_text, data);
break;
case 'K': /* Previous line */
Reported by FlawFinder.
Line: 333
Column: 14
CWE codes:
126
char *line;
line = get_line();
line += MIN(strlen(line), hscroll); /* Scroll horizontally */
wmove(win, row, 0); /* move cursor to correct line */
waddch(win, ' ');
waddnstr(win, line, MIN(strlen(line), width - 2));
/* Clear 'residue' of previous line */
Reported by FlawFinder.
Line: 336
Column: 26
CWE codes:
126
line += MIN(strlen(line), hscroll); /* Scroll horizontally */
wmove(win, row, 0); /* move cursor to correct line */
waddch(win, ' ');
waddnstr(win, line, MIN(strlen(line), width - 2));
/* Clear 'residue' of previous line */
#if OLD_NCURSES
{
int x = getcurx(win);
Reported by FlawFinder.
Line: 392
Column: 33
CWE codes:
126
wattrset(win, dlg.position_indicator.atr);
wbkgdset(win, dlg.position_indicator.atr & A_COLOR);
percent = (page - buf) * 100 / strlen(buf);
wmove(win, getmaxy(win) - 3, getmaxx(win) - 9);
wprintw(win, "(%3d%%)", percent);
}
Reported by FlawFinder.