The following issues were found
tools/perf/arch/x86/util/header.c
5 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int a, b, c, d, lvl;
int family = -1, model = -1, step = -1;
int nb;
char vendor[16];
cpuid(0, &lvl, &b, &c, &d);
strncpy(&vendor[0], (char *)(&b), 4);
strncpy(&vendor[4], (char *)(&d), 4);
strncpy(&vendor[8], (char *)(&c), 4);
Reported by FlawFinder.
Line: 35
Column: 2
CWE codes:
120
char vendor[16];
cpuid(0, &lvl, &b, &c, &d);
strncpy(&vendor[0], (char *)(&b), 4);
strncpy(&vendor[4], (char *)(&d), 4);
strncpy(&vendor[8], (char *)(&c), 4);
vendor[12] = '\0';
if (lvl >= 1) {
Reported by FlawFinder.
Line: 36
Column: 2
CWE codes:
120
cpuid(0, &lvl, &b, &c, &d);
strncpy(&vendor[0], (char *)(&b), 4);
strncpy(&vendor[4], (char *)(&d), 4);
strncpy(&vendor[8], (char *)(&c), 4);
vendor[12] = '\0';
if (lvl >= 1) {
cpuid(1, &a, &b, &c, &d);
Reported by FlawFinder.
Line: 37
Column: 2
CWE codes:
120
cpuid(0, &lvl, &b, &c, &d);
strncpy(&vendor[0], (char *)(&b), 4);
strncpy(&vendor[4], (char *)(&d), 4);
strncpy(&vendor[8], (char *)(&c), 4);
vendor[12] = '\0';
if (lvl >= 1) {
cpuid(1, &a, &b, &c, &d);
Reported by FlawFinder.
Line: 136
Column: 16
CWE codes:
126
if (!full_mapcpuid && full_cpuid)
cpuid_len = strrchr(id, '-') - id;
else
cpuid_len = strlen(id);
/* Verify the entire string matched. */
if (match_len == cpuid_len)
return 0;
}
Reported by FlawFinder.
tools/testing/selftests/bpf/test_maps.c
5 issues
Line: 1816
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
int main(void)
{
srand(time(NULL));
libbpf_set_strict_mode(LIBBPF_STRICT_ALL);
map_flags = 0;
run_all_tests();
Reported by FlawFinder.
Line: 1246
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bigkey {
int a;
char b[4096];
long long c;
} key;
int fd, i, value;
fd = bpf_create_map(BPF_MAP_TYPE_HASH, sizeof(key), sizeof(value),
Reported by FlawFinder.
Line: 150
Column: 4
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
exit(1);
}
close(fd);
usleep(10); /* give kernel time to destroy */
}
}
static void test_hashmap_percpu(unsigned int task, void *data)
{
Reported by FlawFinder.
Line: 1341
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
if (!attempts || (errno != EAGAIN && errno != EBUSY))
return -errno;
usleep(1);
attempts--;
}
return 0;
}
Reported by FlawFinder.
Line: 1354
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
if (!attempts || (errno != EAGAIN && errno != EBUSY))
return -errno;
usleep(1);
attempts--;
}
return 0;
}
Reported by FlawFinder.
tools/perf/tests/pe-file-parsing.c
5 issues
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int run_dir(const char *d)
{
char filename[PATH_MAX];
char debugfile[PATH_MAX];
struct build_id bid;
char debuglink[PATH_MAX];
char expect_build_id[] = {
0x5a, 0x0f, 0xd8, 0x82, 0xb5, 0x30, 0x84, 0x22,
Reported by FlawFinder.
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int run_dir(const char *d)
{
char filename[PATH_MAX];
char debugfile[PATH_MAX];
struct build_id bid;
char debuglink[PATH_MAX];
char expect_build_id[] = {
0x5a, 0x0f, 0xd8, 0x82, 0xb5, 0x30, 0x84, 0x22,
0x4b, 0xa4, 0x7b, 0x62, 0x4c, 0x55, 0xa4, 0x69,
Reported by FlawFinder.
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char filename[PATH_MAX];
char debugfile[PATH_MAX];
struct build_id bid;
char debuglink[PATH_MAX];
char expect_build_id[] = {
0x5a, 0x0f, 0xd8, 0x82, 0xb5, 0x30, 0x84, 0x22,
0x4b, 0xa4, 0x7b, 0x62, 0x4c, 0x55, 0xa4, 0x69,
};
char expect_debuglink[PATH_MAX] = "pe-file.exe.debug";
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x5a, 0x0f, 0xd8, 0x82, 0xb5, 0x30, 0x84, 0x22,
0x4b, 0xa4, 0x7b, 0x62, 0x4c, 0x55, 0xa4, 0x69,
};
char expect_debuglink[PATH_MAX] = "pe-file.exe.debug";
struct dso *dso;
struct symbol *sym;
int ret;
scnprintf(filename, PATH_MAX, "%s/pe-file.exe", d);
Reported by FlawFinder.
Line: 75
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int subtest __maybe_unused)
{
struct stat st;
char path_dir[PATH_MAX];
/* First try development tree tests. */
if (!lstat("./tests", &st))
return run_dir("./tests");
Reported by FlawFinder.
tools/perf/tests/hists_cumulate.c
5 issues
Line: 232
CWE codes:
476
scnprintf(buf, sizeof(buf), "Invalid callchain entry #%zd/%zd", i, c);
TEST_ASSERT_VAL("Incorrect number of callchain entry",
c < expected_callchain[i].nr);
TEST_ASSERT_VAL(buf,
!strcmp(CDSO(clist), expected_callchain[i].node[c].dso) &&
!strcmp(CSYM(clist), expected_callchain[i].node[c].sym));
c++;
}
Reported by Cppcheck.
Line: 234
CWE codes:
476
TEST_ASSERT_VAL("Incorrect number of callchain entry",
c < expected_callchain[i].nr);
TEST_ASSERT_VAL(buf,
!strcmp(CDSO(clist), expected_callchain[i].node[c].dso) &&
!strcmp(CSYM(clist), expected_callchain[i].node[c].sym));
c++;
}
/* TODO: handle multiple child nodes properly */
TEST_ASSERT_VAL("Incorrect number of callchain entry",
Reported by Cppcheck.
Line: 235
CWE codes:
476
c < expected_callchain[i].nr);
TEST_ASSERT_VAL(buf,
!strcmp(CDSO(clist), expected_callchain[i].node[c].dso) &&
!strcmp(CSYM(clist), expected_callchain[i].node[c].sym));
c++;
}
/* TODO: handle multiple child nodes properly */
TEST_ASSERT_VAL("Incorrect number of callchain entry",
c <= expected_callchain[i].nr);
Reported by Cppcheck.
Line: 240
CWE codes:
476
}
/* TODO: handle multiple child nodes properly */
TEST_ASSERT_VAL("Incorrect number of callchain entry",
c <= expected_callchain[i].nr);
}
TEST_ASSERT_VAL("Incorrect number of hist entry",
i == nr_expected);
TEST_ASSERT_VAL("Incorrect number of callchain entry",
!symbol_conf.use_callchain || nr_expected == nr_callchain);
Reported by Cppcheck.
Line: 180
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int do_test(struct hists *hists, struct result *expected, size_t nr_expected,
struct callchain_result *expected_callchain, size_t nr_callchain)
{
char buf[32];
size_t i, c;
struct hist_entry *he;
struct rb_root *root;
struct rb_node *node;
struct callchain_node *cnode;
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/send_signal.c
5 issues
Line: 20
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int pipe_c2p[2], pipe_p2c[2];
int err = -1, pmu_fd = -1;
__u32 duration = 0;
char buf[256];
pid_t pid;
if (CHECK(pipe(pipe_c2p), test_name,
"pipe pipe_c2p error: %s\n", strerror(errno)))
return;
Reported by FlawFinder.
Line: 54
Column: 9
CWE codes:
120
20
CHECK(write(pipe_c2p[1], buf, 1) != 1, "pipe_write", "err %d\n", -errno);
/* make sure parent enabled bpf program to send_signal */
CHECK(read(pipe_p2c[0], buf, 1) != 1, "pipe_read", "err %d\n", -errno);
/* wait a little for signal handler */
sleep(1);
buf[0] = sigusr1_received ? '2' : '0';
Reported by FlawFinder.
Line: 63
Column: 9
CWE codes:
120
20
CHECK(write(pipe_c2p[1], buf, 1) != 1, "pipe_write", "err %d\n", -errno);
/* wait for parent notification and exit */
CHECK(read(pipe_p2c[0], buf, 1) != 1, "pipe_read", "err %d\n", -errno);
close(pipe_c2p[1]);
close(pipe_p2c[0]);
exit(0);
}
Reported by FlawFinder.
Line: 99
Column: 8
CWE codes:
120
20
}
/* wait until child signal handler installed */
CHECK(read(pipe_c2p[0], buf, 1) != 1, "pipe_read", "err %d\n", -errno);
/* trigger the bpf send_signal */
skel->bss->pid = pid;
skel->bss->sig = SIGUSR1;
skel->bss->signal_thread = signal_thread;
Reported by FlawFinder.
Line: 110
Column: 8
CWE codes:
120
20
CHECK(write(pipe_p2c[1], buf, 1) != 1, "pipe_write", "err %d\n", -errno);
/* wait for result */
err = read(pipe_c2p[0], buf, 1);
if (CHECK(err < 0, test_name, "reading pipe error: %s\n", strerror(errno)))
goto disable_pmu;
if (CHECK(err == 0, test_name, "reading pipe error: size 0\n")) {
err = -1;
goto disable_pmu;
Reported by FlawFinder.
tools/perf/util/copyfile.c
5 issues
Line: 23
Column: 12
CWE codes:
362
struct nscookie nsc;
nsinfo__mountns_enter(nsi, &nsc);
from_fp = fopen(from, "r");
nsinfo__mountns_exit(&nsc);
if (from_fp == NULL)
goto out;
to_fp = fopen(to, "w");
Reported by FlawFinder.
Line: 28
Column: 10
CWE codes:
362
if (from_fp == NULL)
goto out;
to_fp = fopen(to, "w");
if (to_fp == NULL)
goto out_fclose_from;
while (getline(&line, &n, from_fp) > 0)
if (fputs(line, to_fp) == EOF)
Reported by FlawFinder.
Line: 100
Column: 9
CWE codes:
377
ptr = memmove(ptr + 1, ptr, strlen(ptr) - 1);
*ptr = '.';
tofd = mkstemp(tmp);
if (tofd < 0)
goto out;
if (st.st_size == 0) { /* /proc? do it slowly... */
err = slow_copyfile(from, tmp, nsi);
Reported by FlawFinder.
Line: 115
Column: 11
CWE codes:
362
goto out_close_to;
nsinfo__mountns_enter(nsi, &nsc);
fromfd = open(from, O_RDONLY);
nsinfo__mountns_exit(&nsc);
if (fromfd < 0)
goto out_close_to;
err = copyfile_offset(fromfd, 0, tofd, 0, st.st_size);
Reported by FlawFinder.
Line: 97
Column: 30
CWE codes:
126
ptr = strrchr(tmp, '/');
if (!ptr)
goto out;
ptr = memmove(ptr + 1, ptr, strlen(ptr) - 1);
*ptr = '.';
tofd = mkstemp(tmp);
if (tofd < 0)
goto out;
Reported by FlawFinder.
tools/bpf/bpftool/net.c
5 issues
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#endif
struct ip_devname_ifindex {
char devname[64];
int ifindex;
};
struct bpf_netdev_t {
struct ip_devname_ifindex *devices;
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct tc_kind_handle {
char kind[64];
int handle;
};
struct bpf_tcinfo_t {
struct tc_kind_handle *handle_array;
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool multipart = true;
struct nlmsgerr *err;
struct nlmsghdr *nh;
char buf[4096];
int len, ret;
while (multipart) {
multipart = false;
len = recv(sock, buf, sizeof(buf), 0);
Reported by FlawFinder.
Line: 492
Column: 7
CWE codes:
362
int err;
int fd;
fd = open("/proc/self/ns/net", O_RDONLY);
if (fd < 0) {
p_err("can't open /proc/self/ns/net: %s",
strerror(errno));
return -1;
}
Reported by FlawFinder.
Line: 654
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int i, sock, ret, filter_idx = -1;
struct bpf_netdev_t dev_array;
unsigned int nl_pid = 0;
char err_buf[256];
if (argc == 2) {
filter_idx = net_parse_dev(&argc, &argv);
if (filter_idx < 1)
return -1;
Reported by FlawFinder.
tools/testing/selftests/cgroup/test_kill.c
5 issues
Line: 116
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int test_cgkill_tree(const char *root)
{
pid_t pids[5];
char *cgroup[10] = {0};
int ret = KSFT_FAIL;
int i;
cgroup[0] = cg_name(root, "cg_test_tree_A");
if (!cgroup[0])
Reported by FlawFinder.
Line: 276
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char *argv[])
{
char root[PATH_MAX];
int i, ret = EXIT_SUCCESS;
if (cg_find_unified_root(root, sizeof(root)))
ksft_exit_skip("cgroup v2 isn't mounted\n");
for (i = 0; i < ARRAY_SIZE(tests); i++) {
Reported by FlawFinder.
Line: 51
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
int ppid = getppid();
while (getppid() == ppid)
usleep(1000);
return getppid() == ppid;
}
static int test_cgkill_simple(const char *root)
Reported by FlawFinder.
Line: 214
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
ppid = getppid();
while (getppid() == ppid)
usleep(1000);
return getppid() == ppid;
}
/*
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
if (pid < 0)
goto cleanup;
usleep(100000);
if (cg_kill_wait(cgroup))
goto cleanup;
if (cg_wait_for_proc_count(cgroup, 0))
Reported by FlawFinder.
tools/lib/api/fs/tracing_path.c
5 issues
Line: 16
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "tracing_path.h"
static char tracing_mnt[PATH_MAX] = "/sys/kernel/debug";
static char tracing_path[PATH_MAX] = "/sys/kernel/debug/tracing";
static char tracing_events_path[PATH_MAX] = "/sys/kernel/debug/tracing/events";
static void __tracing_path_set(const char *tracing, const char *mountpoint)
{
Reported by FlawFinder.
Line: 17
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "tracing_path.h"
static char tracing_mnt[PATH_MAX] = "/sys/kernel/debug";
static char tracing_path[PATH_MAX] = "/sys/kernel/debug/tracing";
static char tracing_events_path[PATH_MAX] = "/sys/kernel/debug/tracing/events";
static void __tracing_path_set(const char *tracing, const char *mountpoint)
{
snprintf(tracing_mnt, sizeof(tracing_mnt), "%s", mountpoint);
Reported by FlawFinder.
Line: 18
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char tracing_mnt[PATH_MAX] = "/sys/kernel/debug";
static char tracing_path[PATH_MAX] = "/sys/kernel/debug/tracing";
static char tracing_events_path[PATH_MAX] = "/sys/kernel/debug/tracing/events";
static void __tracing_path_set(const char *tracing, const char *mountpoint)
{
snprintf(tracing_mnt, sizeof(tracing_mnt), "%s", mountpoint);
snprintf(tracing_path, sizeof(tracing_path), "%s/%s",
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int tracing_path__strerror_open_tp(int err, char *buf, size_t size,
const char *sys, const char *name)
{
char sbuf[128];
char filename[PATH_MAX];
snprintf(filename, PATH_MAX, "%s/%s", sys, name ?: "*");
switch (err) {
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *sys, const char *name)
{
char sbuf[128];
char filename[PATH_MAX];
snprintf(filename, PATH_MAX, "%s/%s", sys, name ?: "*");
switch (err) {
case ENOENT:
Reported by FlawFinder.
tools/perf/util/zlib.c
5 issues
Line: 23
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *ptr;
int len;
struct stat stbuf;
unsigned char buf[CHUNK_SIZE];
z_stream zs = {
.zalloc = Z_NULL,
.zfree = Z_NULL,
.opaque = Z_NULL,
.avail_in = 0,
Reported by FlawFinder.
Line: 32
Column: 13
CWE codes:
362
.next_in = Z_NULL,
};
input_fd = open(input, O_RDONLY);
if (input_fd < 0)
return -1;
if (fstat(input_fd, &stbuf) < 0)
goto out_close;
Reported by FlawFinder.
Line: 85
Column: 11
CWE codes:
362
bool gzip_is_compressed(const char *input)
{
int fd = open(input, O_RDONLY);
const uint8_t magic[2] = { 0x1f, 0x8b };
char buf[2] = { 0 };
ssize_t rc;
if (fd < 0)
Reported by FlawFinder.
Line: 87
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int fd = open(input, O_RDONLY);
const uint8_t magic[2] = { 0x1f, 0x8b };
char buf[2] = { 0 };
ssize_t rc;
if (fd < 0)
return -1;
Reported by FlawFinder.