The following issues were found

tools/testing/selftests/firmware/fw_namespace.c
5 issues
vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 31 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	va_list ap;

	va_start(ap, fmt);
	vfprintf(stderr, fmt, ap);
	va_end(ap);
	if (fw_path)
		unlink(fw_path);
	umount("/lib/firmware");
	exit(EXIT_FAILURE);

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 43 Column: 7 CWE codes: 362 

              {
	int fd;

	fd = open(sys_path, O_WRONLY);
	if (fd < 0)
		die("open failed: %s\n",
		    strerror(errno));
	if (write(fd, fw_name, strlen(fw_name)) != strlen(fw_name))
		exit(EXIT_FAILURE);

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 57 Column: 7 CWE codes: 362 

              	int fd;
	const char fw[] = "ABCD0123";

	fd = open(fw_path, O_WRONLY | O_CREAT, 0600);
	if (fd < 0)
		die("open failed: %s\n",
		    strerror(errno));
	if (write(fd, fw, sizeof(fw) -1) != sizeof(fw) -1)
		die("write failed: %s\n",

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 47 Column: 25 CWE codes: 126 

              	if (fd < 0)
		die("open failed: %s\n",
		    strerror(errno));
	if (write(fd, fw_name, strlen(fw_name)) != strlen(fw_name))
		exit(EXIT_FAILURE);
	close(fd);
}

static void setup_fw(const char *fw_path)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 47 Column: 45 CWE codes: 126 

              	if (fd < 0)
		die("open failed: %s\n",
		    strerror(errno));
	if (write(fd, fw_name, strlen(fw_name)) != strlen(fw_name))
		exit(EXIT_FAILURE);
	close(fd);
}

static void setup_fw(const char *fw_path)

Reported by FlawFinder.

tools/testing/selftests/fpu/test_fpu.c
5 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 20 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
int main(void)
{
	char dummy[1];
	int fd = open(test_fpu_path, O_RDONLY);

	if (fd < 0) {
		printf("[SKIP]\tcan't access %s: %s\n",
		       test_fpu_path, strerror(errno));

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 21 Column: 11 CWE codes: 362 

              int main(void)
{
	char dummy[1];
	int fd = open(test_fpu_path, O_RDONLY);

	if (fd < 0) {
		printf("[SKIP]\tcan't access %s: %s\n",
		       test_fpu_path, strerror(errno));
		return 0;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 29 Column: 6 CWE codes: 120 20 

              		return 0;
	}

	if (read(fd, dummy, 1) < 0) {
		printf("[FAIL]\taccess with default rounding mode failed\n");
		return 1;
	}

	fesetround(FE_DOWNWARD);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 35 Column: 6 CWE codes: 120 20 

              	}

	fesetround(FE_DOWNWARD);
	if (read(fd, dummy, 1) < 0) {
		printf("[FAIL]\taccess with downward rounding mode failed\n");
		return 2;
	}
	if (fegetround() != FE_DOWNWARD) {
		printf("[FAIL]\tusermode rounding mode clobbered\n");

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 50 Column: 6 CWE codes: 120 20 

              	 */
	feclearexcept(FE_ALL_EXCEPT);
	feenableexcept(FE_ALL_EXCEPT);
	if (read(fd, dummy, 1) < 0) {
		printf("[FAIL]\taccess with fpu exceptions unmasked failed\n");
		return 4;
	}
	if (fegetexcept() != FE_ALL_EXCEPT) {
		printf("[FAIL]\tusermode fpu exception mask clobbered\n");

Reported by FlawFinder.

tools/lib/traceevent/trace-seq.c
5 issues
Memory leak: buf
Error

Line: 90 CWE codes: 401 

              	buf = realloc(s->buffer, s->buffer_size + TRACE_SEQ_BUF_SIZE);
	if (WARN_ONCE(!buf, "Can't allocate trace_seq buffer memory")) {
		s->state = TRACE_SEQ__MEM_ALLOC_FAILED;
		return;
	}

	s->buffer = buf;
	s->buffer_size += TRACE_SEQ_BUF_SIZE;
}

Reported by Cppcheck.

vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 125 Column: 8 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	len = (s->buffer_size - 1) - s->len;

	va_start(ap, fmt);
	ret = vsnprintf(s->buffer + s->len, len, fmt, ap);
	va_end(ap);

	if (ret >= len) {
		expand_buffer(s);
		goto try_again;

Reported by FlawFinder.

vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 165 Column: 8 CWE codes: 134
Suggestion: Use a constant for the format specification 

              
	len = (s->buffer_size - 1) - s->len;

	ret = vsnprintf(s->buffer + s->len, len, fmt, args);

	if (ret >= len) {
		expand_buffer(s);
		goto try_again;
	}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 201 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	TRACE_SEQ_CHECK_RET0(s);

	memcpy(s->buffer + s->len, str, len);
	s->len += len;

	return len;
}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 194 Column: 8 CWE codes: 126 

              
	TRACE_SEQ_CHECK_RET0(s);

	len = strlen(str);

	while (len > ((s->buffer_size - 1) - s->len))
		expand_buffer(s);

	TRACE_SEQ_CHECK_RET0(s);

Reported by FlawFinder.

tools/testing/selftests/bpf/progs/profiler.h
5 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 92 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct ancestors_data_t ancestors_info;
	uint8_t sysctl_val_length;
	uint16_t sysctl_path_length;
	char payload[MAX_SYSCTL_PAYLOAD_LEN];
};

struct var_kill_data_t {
	struct var_metadata_t meta;
	struct cgroup_data_t cgroup_data;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 105 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	uint64_t last_kill_time;
	uint8_t kill_target_name_length;
	uint8_t kill_target_cgroup_proc_length;
	char payload[MAX_KILL_PAYLOAD_LEN];
	size_t payload_length;
};

struct var_exec_data_t {
	struct var_metadata_t meta;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 119 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	uint16_t bin_path_length;
	uint16_t cmdline_length;
	uint16_t environment_length;
	char payload[MAX_EXEC_PAYLOAD_LEN];
};

struct var_fork_data_t {
	struct var_metadata_t meta;
	pid_t parent_pid;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 127 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	pid_t parent_pid;
	uint32_t parent_exec_id;
	uint64_t parent_start_time;
	char payload[MAX_METADATA_PAYLOAD_LEN];
};

struct var_filemod_data_t {
	struct var_metadata_t meta;
	struct cgroup_data_t cgroup_data;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 141 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	ino_t dst_inode;
	uint16_t src_filepath_length;
	uint16_t dst_filepath_length;
	char payload[MAX_FILEMOD_PAYLOAD_LEN];
};

struct profiler_config_struct {
	bool fetch_cgroups_from_bpf;
	ino_t cgroup_fs_inode;

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/link_pinning.c
5 issues
usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 24 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		goto cleanup;

	bss->in = 1;
	usleep(1);
	CHECK(bss->out != 1, "res_check1", "exp %d, got %d\n", 1, bss->out);

	/* pin link */
	err = bpf_link__pin(link, link_pin_path);
	if (CHECK(err, "link_pin", "err: %d\n", err))

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 41 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		goto cleanup;

	bss->in = 2;
	usleep(1);
	CHECK(bss->out != 2, "res_check2", "exp %d, got %d\n", 2, bss->out);

	/* destroy link, pinned link should keep program attached */
	bpf_link__destroy(link);
	link = NULL;

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 49 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              	link = NULL;

	bss->in = 3;
	usleep(1);
	CHECK(bss->out != 3, "res_check3", "exp %d, got %d\n", 3, bss->out);

	/* re-open link from BPFFS */
	link = bpf_link__open(link_pin_path);
	if (!ASSERT_OK_PTR(link, "link_open"))

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 67 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              
	/* still active, as we have FD open now */
	bss->in = 4;
	usleep(1);
	CHECK(bss->out != 4, "res_check4", "exp %d, got %d\n", 4, bss->out);

	bpf_link__destroy(link);
	link = NULL;

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 80 Column: 3 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              	 */
	for (i = 5; i < 10000; i++) {
		bss->in = i;
		usleep(1);
		if (bss->out == i - 1)
			break;
	}
	CHECK(i == 10000, "link_attached", "got to iteration #%d\n", i);

Reported by FlawFinder.

tools/testing/selftests/powerpc/tm/tm-vmxcopy.c
5 issues
tmpfile - Function tmpfile() has a security flaw on some systems (e.g., older System V systems)
Security

Line: 43 Column: 7 CWE codes: 377 

              	int i;
	int fd;
	int size = pgsize*16;
	char tmpfile[] = "/tmp/page_faultXXXXXX";
	char buf[pgsize];
	char *a;
	uint64_t aborted = 0;

	SKIP_IF(!have_htm());

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 44 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int fd;
	int size = pgsize*16;
	char tmpfile[] = "/tmp/page_faultXXXXXX";
	char buf[pgsize];
	char *a;
	uint64_t aborted = 0;

	SKIP_IF(!have_htm());
	SKIP_IF(!is_ppc64le());

Reported by FlawFinder.

mkstemp - Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library
Security

Line: 51 Column: 7 CWE codes: 377 

              	SKIP_IF(!have_htm());
	SKIP_IF(!is_ppc64le());

	fd = mkstemp(tmpfile);
	assert(fd >= 0);

	memset(buf, 0, pgsize);
	for (i = 0; i < size; i += pgsize)
		assert(write(fd, buf, pgsize) == pgsize);

Reported by FlawFinder.

tmpfile - Function tmpfile() has a security flaw on some systems (e.g., older System V systems)
Security

Line: 51 Column: 15 CWE codes: 377 

              	SKIP_IF(!have_htm());
	SKIP_IF(!is_ppc64le());

	fd = mkstemp(tmpfile);
	assert(fd >= 0);

	memset(buf, 0, pgsize);
	for (i = 0; i < size; i += pgsize)
		assert(write(fd, buf, pgsize) == pgsize);

Reported by FlawFinder.

tmpfile - Function tmpfile() has a security flaw on some systems (e.g., older System V systems)
Security

Line: 58 Column: 9 CWE codes: 377 

              	for (i = 0; i < size; i += pgsize)
		assert(write(fd, buf, pgsize) == pgsize);

	unlink(tmpfile);

	a = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
	assert(a != MAP_FAILED);

	asm __volatile__(

Reported by FlawFinder.

tools/testing/selftests/futex/functional/futex_wait_private_mapped_file.c
5 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 79 Column: 14 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	int res;
	int c;

	while ((c = getopt(argc, argv, "chv:")) != -1) {
		switch (c) {
		case 'c':
			log_color(1);
			break;
		case 'h':

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 36 Column: 1 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define TEST_NAME "futex-wait-private-mapped-file"
#define PAGE_SZ 4096

char pad[PAGE_SZ] = {1};
futex_t val = 1;
char pad2[PAGE_SZ] = {1};

#define WAKE_WAIT_US 3000000
struct timespec wait_timeout = { .tv_sec = 5, .tv_nsec = 0};

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 38 Column: 1 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
char pad[PAGE_SZ] = {1};
futex_t val = 1;
char pad2[PAGE_SZ] = {1};

#define WAKE_WAIT_US 3000000
struct timespec wait_timeout = { .tv_sec = 5, .tv_nsec = 0};

void usage(char *prog)

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 88 Column: 18 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              			usage(basename(argv[0]));
			exit(0);
		case 'v':
			log_verbosity(atoi(optarg));
			break;
		default:
			usage(basename(argv[0]));
			exit(1);
		}

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 110 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              	}

	info("wait a while\n");
	usleep(WAKE_WAIT_US);
	val = 2;
	res = futex_wake(&val, 1, 0);
	info("futex_wake %d\n", res);
	if (res != 1) {
		fail("FUTEX_WAKE didn't find the waiting thread.\n");

Reported by FlawFinder.

tools/perf/util/evsel.h
5 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 249 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
#define EVSEL__MAX_ALIASES 8

extern const char *evsel__hw_cache[PERF_COUNT_HW_CACHE_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_cache_op[PERF_COUNT_HW_CACHE_OP_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_cache_result[PERF_COUNT_HW_CACHE_RESULT_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_names[PERF_COUNT_HW_MAX];
extern const char *evsel__sw_names[PERF_COUNT_SW_MAX];
extern char *evsel__bpf_counter_events;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 250 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define EVSEL__MAX_ALIASES 8

extern const char *evsel__hw_cache[PERF_COUNT_HW_CACHE_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_cache_op[PERF_COUNT_HW_CACHE_OP_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_cache_result[PERF_COUNT_HW_CACHE_RESULT_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_names[PERF_COUNT_HW_MAX];
extern const char *evsel__sw_names[PERF_COUNT_SW_MAX];
extern char *evsel__bpf_counter_events;
bool evsel__match_bpf_counter_events(const char *name);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 251 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
extern const char *evsel__hw_cache[PERF_COUNT_HW_CACHE_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_cache_op[PERF_COUNT_HW_CACHE_OP_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_cache_result[PERF_COUNT_HW_CACHE_RESULT_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_names[PERF_COUNT_HW_MAX];
extern const char *evsel__sw_names[PERF_COUNT_SW_MAX];
extern char *evsel__bpf_counter_events;
bool evsel__match_bpf_counter_events(const char *name);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 252 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              extern const char *evsel__hw_cache[PERF_COUNT_HW_CACHE_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_cache_op[PERF_COUNT_HW_CACHE_OP_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_cache_result[PERF_COUNT_HW_CACHE_RESULT_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_names[PERF_COUNT_HW_MAX];
extern const char *evsel__sw_names[PERF_COUNT_SW_MAX];
extern char *evsel__bpf_counter_events;
bool evsel__match_bpf_counter_events(const char *name);

int __evsel__hw_cache_type_op_res_name(u8 type, u8 op, u8 result, char *bf, size_t size);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 253 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              extern const char *evsel__hw_cache_op[PERF_COUNT_HW_CACHE_OP_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_cache_result[PERF_COUNT_HW_CACHE_RESULT_MAX][EVSEL__MAX_ALIASES];
extern const char *evsel__hw_names[PERF_COUNT_HW_MAX];
extern const char *evsel__sw_names[PERF_COUNT_SW_MAX];
extern char *evsel__bpf_counter_events;
bool evsel__match_bpf_counter_events(const char *name);

int __evsel__hw_cache_type_op_res_name(u8 type, u8 op, u8 result, char *bf, size_t size);
const char *evsel__name(struct evsel *evsel);

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/flow_dissector.c
5 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 400 Column: 7 CWE codes: 362 

              
	strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));

	fd = open("/dev/net/tun", O_RDWR);
	if (fd < 0)
		return -1;

	ret = ioctl(fd, TUNSETIFF, &ifr);
	if (ret)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 454 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	int i, err, map_fd, prog_fd;
	struct bpf_program *prog;
	char prog_name[32];

	map_fd = bpf_map__fd(prog_array);
	if (map_fd < 0)
		return -1;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 539 Column: 11 CWE codes: 362 

              	struct bpf_link *link;
	int err, net_fd;

	net_fd = open("/proc/self/ns/net", O_RDONLY);
	if (CHECK(net_fd < 0, "open(/proc/self/ns/net)", "err %d\n", errno))
		return;

	link = bpf_program__attach_netns(skel->progs._dissect, net_fd);
	if (!ASSERT_OK_PTR(link, "attach_netns"))

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 398 Column: 2 CWE codes: 120 

              	};
	int fd, ret;

	strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));

	fd = open("/dev/net/tun", O_RDWR);
	if (fd < 0)
		return -1;

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 427 Column: 2 CWE codes: 120 

              	struct ifreq ifr = {};
	int sk, ret;

	strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));

	sk = socket(PF_INET, SOCK_DGRAM, 0);
	if (sk < 0)
		return -1;

Reported by FlawFinder.

tools/testing/selftests/ptrace/vmaccess.c
5 issues
execlp - This causes a new program to execute and is difficult to use safely
Security

Line: 34 Column: 3 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              
		pthread_create(&pt, NULL, thread, NULL);
		pthread_join(pt, NULL);
		execlp("true", "true", NULL);
	}

	sleep(1);
	sprintf(mm, "/proc/%d/mem", pid);
	f = open(mm, O_RDONLY);

Reported by FlawFinder.

execlp - This causes a new program to execute and is difficult to use safely
Security

Line: 55 Column: 3 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              
		pthread_create(&pt, NULL, thread, NULL);
		pthread_join(pt, NULL);
		execlp("sleep", "sleep", "2", NULL);
	}

	sleep(1);
	k = ptrace(PTRACE_ATTACH, pid, 0L, 0L);
	ASSERT_EQ(errno, EAGAIN);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 27 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              TEST(vmaccess)
{
	int f, pid = fork();
	char mm[64];

	if (!pid) {
		pthread_t pt;

		pthread_create(&pt, NULL, thread, NULL);

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 38 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	}

	sleep(1);
	sprintf(mm, "/proc/%d/mem", pid);
	f = open(mm, O_RDONLY);
	ASSERT_GE(f, 0);
	close(f);
	f = kill(pid, SIGCONT);
	ASSERT_EQ(f, 0);

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 39 Column: 6 CWE codes: 362 

              
	sleep(1);
	sprintf(mm, "/proc/%d/mem", pid);
	f = open(mm, O_RDONLY);
	ASSERT_GE(f, 0);
	close(f);
	f = kill(pid, SIGCONT);
	ASSERT_EQ(f, 0);
}

Reported by FlawFinder.