The following issues were found
tools/testing/selftests/timers/set-2038.c
5 issues
Line: 66
Column: 8
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
int ret;
ret = system("date");
ret = system("./inconsistency-check -c 0 -t 20");
ret |= system("./nanosleep");
ret |= system("./nsleep-lat");
return ret;
Reported by FlawFinder.
Line: 67
Column: 8
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int ret;
ret = system("date");
ret = system("./inconsistency-check -c 0 -t 20");
ret |= system("./nanosleep");
ret |= system("./nsleep-lat");
return ret;
}
Reported by FlawFinder.
Line: 68
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
ret = system("date");
ret = system("./inconsistency-check -c 0 -t 20");
ret |= system("./nanosleep");
ret |= system("./nsleep-lat");
return ret;
}
Reported by FlawFinder.
Line: 69
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
ret = system("date");
ret = system("./inconsistency-check -c 0 -t 20");
ret |= system("./nanosleep");
ret |= system("./nsleep-lat");
return ret;
}
int main(int argc, char *argv[])
Reported by FlawFinder.
Line: 81
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
time_t start;
/* Process arguments */
while ((opt = getopt(argc, argv, "d")) != -1) {
switch (opt) {
case 'd':
dangerous = 1;
}
}
Reported by FlawFinder.
tools/testing/selftests/x86/test_vsyscall.c
5 issues
Line: 123
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
char name[MAPS_LINE_LEN];
/* sscanf() is safe here as strlen(name) >= strlen(line) */
if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
&start, &end, &r, &x, name) != 5)
continue;
if (strcmp(name, "[vsyscall]"))
continue;
Reported by FlawFinder.
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef __x86_64__
int nerrs = 0;
FILE *maps;
char line[MAPS_LINE_LEN];
bool found = false;
maps = fopen("/proc/self/maps", "r");
if (!maps) {
printf("[WARN]\tCould not open /proc/self/maps -- assuming vsyscall is r-x\n");
Reported by FlawFinder.
Line: 110
Column: 9
CWE codes:
362
char line[MAPS_LINE_LEN];
bool found = false;
maps = fopen("/proc/self/maps", "r");
if (!maps) {
printf("[WARN]\tCould not open /proc/self/maps -- assuming vsyscall is r-x\n");
vsyscall_map_r = true;
return 0;
}
Reported by FlawFinder.
Line: 120
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (fgets(line, MAPS_LINE_LEN, maps)) {
char r, x;
void *start, *end;
char name[MAPS_LINE_LEN];
/* sscanf() is safe here as strlen(name) >= strlen(line) */
if (sscanf(line, "%p-%p %c-%cp %*x %*x:%*x %*u %s",
&start, &end, &r, &x, name) != 5)
continue;
Reported by FlawFinder.
Line: 479
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int test_process_vm_readv(void)
{
#ifdef __x86_64__
char buf[4096];
struct iovec local, remote;
int ret;
printf("[RUN]\tprocess_vm_readv() from vsyscall page\n");
Reported by FlawFinder.
tools/usb/usbip/src/usbip_unbind.c
5 issues
Line: 111
Column: 9
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int ret = -1;
for (;;) {
opt = getopt_long(argc, argv, "b:", opts, NULL);
if (opt == -1)
break;
switch (opt) {
Reported by FlawFinder.
Line: 36
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int rc, ret = -1;
char unbind_attr_name[] = "unbind";
char unbind_attr_path[SYSFS_PATH_MAX];
char rebind_attr_name[] = "rebind";
char rebind_attr_path[SYSFS_PATH_MAX];
struct udev *udev;
struct udev_device *dev;
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char unbind_attr_name[] = "unbind";
char unbind_attr_path[SYSFS_PATH_MAX];
char rebind_attr_name[] = "rebind";
char rebind_attr_path[SYSFS_PATH_MAX];
struct udev *udev;
struct udev_device *dev;
const char *driver;
Reported by FlawFinder.
Line: 66
Column: 54
CWE codes:
126
SYSFS_MNT_PATH, SYSFS_BUS_NAME, bus_type, SYSFS_DRIVERS_NAME,
USBIP_HOST_DRV_NAME, unbind_attr_name);
rc = write_sysfs_attribute(unbind_attr_path, busid, strlen(busid));
if (rc < 0) {
err("error unbinding device %s from driver", busid);
goto err_close_udev;
}
Reported by FlawFinder.
Line: 84
Column: 54
CWE codes:
126
SYSFS_MNT_PATH, SYSFS_BUS_NAME, bus_type, SYSFS_DRIVERS_NAME,
USBIP_HOST_DRV_NAME, rebind_attr_name);
rc = write_sysfs_attribute(rebind_attr_path, busid, strlen(busid));
if (rc < 0) {
err("error rebinding");
goto err_close_udev;
}
Reported by FlawFinder.
tools/usb/usbip/src/usbip_detach.c
5 issues
Line: 77
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
/* remove the port state file */
snprintf(path, PATH_MAX, VHCI_STATE_PATH"/port%d", portnum);
remove(path);
rmdir(VHCI_STATE_PATH);
ret = usbip_vhci_detach_device(portnum);
Reported by FlawFinder.
Line: 106
Column: 9
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int ret = -1;
for (;;) {
opt = getopt_long(argc, argv, "p:", opts, NULL);
if (opt == -1)
break;
switch (opt) {
Reported by FlawFinder.
Line: 36
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int ret = 0;
uint8_t portnum;
char path[PATH_MAX+1];
int i;
struct usbip_imported_device *idev;
int found = 0;
unsigned int port_len = strlen(port);
Reported by FlawFinder.
Line: 49
Column: 12
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return -1;
}
portnum = atoi(port);
ret = usbip_vhci_driver_open();
if (ret < 0) {
err("open vhci_driver");
return -1;
Reported by FlawFinder.
Line: 41
Column: 26
CWE codes:
126
struct usbip_imported_device *idev;
int found = 0;
unsigned int port_len = strlen(port);
for (unsigned int i = 0; i < port_len; i++)
if (!isdigit(port[i])) {
err("invalid port %s", port);
return -1;
Reported by FlawFinder.
tools/testing/selftests/uevent/uevent_filtering.c
5 issues
Line: 358
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
_exit(KSFT_SKIP);
}
ret = access(__DEV_FULL, F_OK);
EXPECT_EQ(0, ret) {
if (errno == ENOENT) {
TH_LOG(__DEV_FULL " does not exist. Skipping test");
_exit(KSFT_SKIP);
}
Reported by FlawFinder.
Line: 84
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int fret = -1, rcv_buf_sz = __UEVENT_BUFFER_SIZE;
uint64_t sync_add = 1;
struct sockaddr_nl sk_addr = { 0 }, rcv_addr = { 0 };
char buf[__UEVENT_BUFFER_SIZE] = { 0 };
struct iovec iov = { buf, __UEVENT_BUFFER_SIZE };
char control[CMSG_SPACE(sizeof(struct ucred))];
struct msghdr hdr = {
&rcv_addr, sizeof(rcv_addr), &iov, 1,
control, sizeof(control), 0,
Reported by FlawFinder.
Line: 86
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sockaddr_nl sk_addr = { 0 }, rcv_addr = { 0 };
char buf[__UEVENT_BUFFER_SIZE] = { 0 };
struct iovec iov = { buf, __UEVENT_BUFFER_SIZE };
char control[CMSG_SPACE(sizeof(struct ucred))];
struct msghdr hdr = {
&rcv_addr, sizeof(rcv_addr), &iov, 1,
control, sizeof(control), 0,
};
Reported by FlawFinder.
Line: 198
Column: 7
CWE codes:
362
int fd, ret;
unsigned int i;
fd = open(__DEV_FULL, O_RDWR | O_CLOEXEC);
if (fd < 0) {
if (errno != ENOENT)
return -EINVAL;
return -1;
Reported by FlawFinder.
tools/virtio/linux/kernel.h
5 issues
Line: 50
Column: 45
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define offset_in_page(p) (((unsigned long)p) % PAGE_SIZE)
#define __printf(a,b) __attribute__((format(printf,a,b)))
#define ARRAY_SIZE(x) (sizeof(x)/sizeof(x[0]))
extern void *__kmalloc_fake, *__kfree_ignore_start, *__kfree_ignore_end;
static inline void *kmalloc(size_t s, gfp_t gfp)
Reported by FlawFinder.
Line: 131
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
return krealloc(p, bytes, gfp);
}
#define pr_err(format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#ifdef DEBUG
#define pr_debug(format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#else
#define pr_debug(format, ...) do {} while (0)
#endif
Reported by FlawFinder.
Line: 133
Column: 31
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define pr_err(format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#ifdef DEBUG
#define pr_debug(format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#else
#define pr_debug(format, ...) do {} while (0)
#endif
#define dev_err(dev, format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#define dev_warn(dev, format, ...) fprintf (stderr, format, ## __VA_ARGS__)
Reported by FlawFinder.
Line: 137
Column: 35
CWE codes:
134
Suggestion:
Use a constant for the format specification
#else
#define pr_debug(format, ...) do {} while (0)
#endif
#define dev_err(dev, format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#define dev_warn(dev, format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#define min(x, y) ({ \
typeof(x) _min1 = (x); \
typeof(y) _min2 = (y); \
Reported by FlawFinder.
Line: 138
Column: 36
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define pr_debug(format, ...) do {} while (0)
#endif
#define dev_err(dev, format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#define dev_warn(dev, format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#define min(x, y) ({ \
typeof(x) _min1 = (x); \
typeof(y) _min2 = (y); \
(void) (&_min1 == &_min2); \
Reported by FlawFinder.
tools/testing/selftests/vm/mlock2.h
5 issues
Line: 44
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
}
while (getline(&line, &size, file) > 0) {
if (sscanf(line, "%lx-%lx %s %lx %s %lu %s\n",
&start, &end, perms, &offset, dev, &inode, path) < 6)
goto next;
if (start <= addr && addr < end)
goto out;
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *line = NULL;
size_t size = 0;
unsigned long start, end;
char perms[5];
unsigned long offset;
char dev[32];
unsigned long inode;
char path[BUFSIZ];
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long start, end;
char perms[5];
unsigned long offset;
char dev[32];
unsigned long inode;
char path[BUFSIZ];
file = fopen("/proc/self/smaps", "r");
if (!file) {
Reported by FlawFinder.
Line: 35
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long offset;
char dev[32];
unsigned long inode;
char path[BUFSIZ];
file = fopen("/proc/self/smaps", "r");
if (!file) {
perror("fopen smaps");
_exit(1);
Reported by FlawFinder.
Line: 37
Column: 9
CWE codes:
362
unsigned long inode;
char path[BUFSIZ];
file = fopen("/proc/self/smaps", "r");
if (!file) {
perror("fopen smaps");
_exit(1);
}
Reported by FlawFinder.
drivers/acpi/acpica/tbfind.c
5 issues
Line: 15
#include "actables.h"
#define _COMPONENT ACPI_TABLES
ACPI_MODULE_NAME("tbfind")
/*******************************************************************************
*
* FUNCTION: acpi_tb_find_table
*
Reported by Cppcheck.
Line: 51
Column: 7
CWE codes:
126
/* Don't allow the OEM strings to be too long */
if ((strlen(oem_id) > ACPI_OEM_ID_SIZE) ||
(strlen(oem_table_id) > ACPI_OEM_TABLE_ID_SIZE)) {
return_ACPI_STATUS(AE_AML_STRING_LIMIT);
}
/* Normalize the input strings */
Reported by FlawFinder.
Line: 52
Column: 7
CWE codes:
126
/* Don't allow the OEM strings to be too long */
if ((strlen(oem_id) > ACPI_OEM_ID_SIZE) ||
(strlen(oem_table_id) > ACPI_OEM_TABLE_ID_SIZE)) {
return_ACPI_STATUS(AE_AML_STRING_LIMIT);
}
/* Normalize the input strings */
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
120
memset(&header, 0, sizeof(struct acpi_table_header));
ACPI_COPY_NAMESEG(header.signature, signature);
strncpy(header.oem_id, oem_id, ACPI_OEM_ID_SIZE);
strncpy(header.oem_table_id, oem_table_id, ACPI_OEM_TABLE_ID_SIZE);
/* Search for the table */
(void)acpi_ut_acquire_mutex(ACPI_MTX_TABLES);
Reported by FlawFinder.
Line: 61
Column: 2
CWE codes:
120
memset(&header, 0, sizeof(struct acpi_table_header));
ACPI_COPY_NAMESEG(header.signature, signature);
strncpy(header.oem_id, oem_id, ACPI_OEM_ID_SIZE);
strncpy(header.oem_table_id, oem_table_id, ACPI_OEM_TABLE_ID_SIZE);
/* Search for the table */
(void)acpi_ut_acquire_mutex(ACPI_MTX_TABLES);
for (i = 0; i < acpi_gbl_root_table_list.current_table_count; ++i) {
Reported by FlawFinder.
drivers/edac/amd64_edac.c
5 issues
Line: 566
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
struct mem_ctl_info *mci = to_mci(dev); \
struct amd64_pvt *pvt = mci->pvt_info; \
\
return sprintf(data, "0x%016llx\n", (u64)pvt->reg); \
}
EDAC_DCT_ATTR_SHOW(dhar);
EDAC_DCT_ATTR_SHOW(dbam0);
EDAC_DCT_ATTR_SHOW(top_mem);
Reported by FlawFinder.
Line: 585
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
get_dram_hole_info(mci, &hole_base, &hole_offset, &hole_size);
return sprintf(data, "%llx %llx %llx\n", hole_base, hole_offset,
hole_size);
}
/*
* update NUM_DBG_ATTRS in case you add new members
Reported by FlawFinder.
Line: 616
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct mem_ctl_info *mci = to_mci(dev);
struct amd64_pvt *pvt = mci->pvt_info;
return sprintf(buf, "0x%x\n", pvt->injection.section);
}
/*
* store error injection section value which refers to one of 4 16-byte sections
* within a 64-byte cacheline
Reported by FlawFinder.
Line: 652
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct mem_ctl_info *mci = to_mci(dev);
struct amd64_pvt *pvt = mci->pvt_info;
return sprintf(buf, "0x%x\n", pvt->injection.word);
}
/*
* store error injection word value which refers to one of 9 16-bit word of the
* 16-byte (128-bit + ECC bits) section
Reported by FlawFinder.
Line: 689
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct mem_ctl_info *mci = to_mci(dev);
struct amd64_pvt *pvt = mci->pvt_info;
return sprintf(buf, "0x%x\n", pvt->injection.bit_map);
}
/*
* store 16 bit error injection vector which enables injecting errors to the
* corresponding bit within the error injection word above. When used during a
Reported by FlawFinder.
drivers/crypto/qat/qat_common/adf_transport.c
5 issues
Line: 349
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char key_buf[ADF_CFG_MAX_KEY_LEN_IN_BYTES];
char val_buf[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
snprintf(key_buf, ADF_CFG_MAX_KEY_LEN_IN_BYTES, format, key);
if (adf_cfg_get_param_value(accel_dev, section, key_buf, val_buf))
return -EFAULT;
if (kstrtouint(val_buf, 10, value))
Reported by FlawFinder.
Line: 90
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -EAGAIN;
}
spin_lock_bh(&ring->lock);
memcpy((void *)((uintptr_t)ring->base_addr + ring->tail), msg,
ADF_MSG_SIZE_TO_BYTES(ring->msg_size));
ring->tail = adf_modulo(ring->tail +
ADF_MSG_SIZE_TO_BYTES(ring->msg_size),
ADF_RING_SIZE_MODULO(ring->ring_size));
Reported by FlawFinder.
Line: 219
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 num_rings_per_bank = GET_NUM_RINGS_PER_BANK(accel_dev);
struct adf_etr_bank_data *bank;
struct adf_etr_ring_data *ring;
char val[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
u32 ring_num;
int ret;
if (bank_num >= GET_MAX_BANKS(accel_dev)) {
dev_err(&GET_DEV(accel_dev), "Invalid bank number\n");
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *section, const char *format,
u32 key, u32 *value)
{
char key_buf[ADF_CFG_MAX_KEY_LEN_IN_BYTES];
char val_buf[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
snprintf(key_buf, ADF_CFG_MAX_KEY_LEN_IN_BYTES, format, key);
if (adf_cfg_get_param_value(accel_dev, section, key_buf, val_buf))
Reported by FlawFinder.
Line: 347
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 key, u32 *value)
{
char key_buf[ADF_CFG_MAX_KEY_LEN_IN_BYTES];
char val_buf[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
snprintf(key_buf, ADF_CFG_MAX_KEY_LEN_IN_BYTES, format, key);
if (adf_cfg_get_param_value(accel_dev, section, key_buf, val_buf))
return -EFAULT;
Reported by FlawFinder.