The following issues were found
tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
5 issues
Line: 239
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (level != LIBBPF_WARN ||
strcmp(format, "libbpf: \n%s\n")) {
vprintf(format, args);
return 0;
}
log_buf = va_arg(args, char *);
if (!log_buf)
Reported by FlawFinder.
Line: 249
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (err_str && strstr(log_buf, err_str) != NULL)
found = true;
out:
printf(format, log_buf);
return 0;
}
static void test_invalid_license(void)
{
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int lfd = (int)(long)arg, err = 0, fd;
ssize_t nr_sent = 0, bytes = 0;
char batch[1500];
fd = accept(lfd, NULL, NULL);
while (fd == -1) {
if (errno == EINTR)
continue;
Reported by FlawFinder.
Line: 102
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pthread_t srv_thread;
socklen_t addrlen = sizeof(sa6);
void *thread_ret;
char batch[1500];
int err;
WRITE_ONCE(stop, 0);
lfd = socket(AF_INET6, SOCK_STREAM, 0);
Reported by FlawFinder.
Line: 42
Column: 60
CWE codes:
126
{
int err;
err = setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, tcp_ca, strlen(tcp_ca));
if (CHECK(err == -1, "setsockopt(fd, TCP_CONGESTION)", "errno:%d\n",
errno))
return -1;
return 0;
Reported by FlawFinder.
tools/firmware/ihex2fw.c
5 issues
Line: 79
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
uint8_t *data;
int opt;
while ((opt = getopt(argc, argv, "wsj")) != -1) {
switch (opt) {
case 'w':
wide_records = 1;
break;
case 's':
Reported by FlawFinder.
Line: 101
Column: 10
CWE codes:
362
if (!strcmp(argv[optind], "-"))
infd = 0;
else
infd = open(argv[optind], O_RDONLY);
if (infd == -1) {
fprintf(stderr, "Failed to open source file: %s",
strerror(errno));
return usage();
}
Reported by FlawFinder.
Line: 120
Column: 11
CWE codes:
362
if (!strcmp(argv[optind+1], "-"))
outfd = 1;
else
outfd = open(argv[optind+1], O_TRUNC|O_CREAT|O_WRONLY, 0644);
if (outfd == -1) {
fprintf(stderr, "Failed to open destination file: %s",
strerror(errno));
return usage();
}
Reported by FlawFinder.
Line: 236
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&data32, &record->data[0], sizeof(data32));
data32 = htonl(data32);
memcpy(&record->data[0], &data32, sizeof(data32));
/* These records contain the CS/IP or EIP where execution
* starts. If requested output this as a record. */
if (include_jump)
file_record(record);
Reported by FlawFinder.
Line: 272
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int output_records(int outfd)
{
unsigned char zeroes[6] = {0, 0, 0, 0, 0, 0};
struct ihex_binrec *p = records;
while (p) {
uint16_t writelen = ALIGN(ihex_binrec_size(p), 4);
Reported by FlawFinder.
tools/perf/ui/gtk/annotate.c
5 issues
Line: 106
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
GtkListStore *store;
GtkWidget *view;
int i;
char s[512];
notes = symbol__annotation(sym);
for (i = 0; i < MAX_ANN_COLS; i++) {
col_types[i] = G_TYPE_STRING;
Reported by FlawFinder.
Line: 179
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
err = symbol__annotate(ms, evsel, &annotation__default_options, NULL);
if (err) {
char msg[BUFSIZ];
symbol__strerror_disassemble(ms, err, msg, sizeof(msg));
ui__error("Couldn't annotate %s: %s\n", sym->name, msg);
return -1;
}
Reported by FlawFinder.
Line: 36
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
const char *markup;
int ret = 0;
strcpy(buf, "");
if (dl->al.offset == (s64) -1)
return 0;
symhist = annotation__histogram(symbol__annotation(sym), evidx);
Reported by FlawFinder.
Line: 62
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
{
u64 start = map__rip_2objdump(ms->map, ms->sym->start);
strcpy(buf, "");
if (dl->al.offset == (s64) -1)
return 0;
return scnprintf(buf, size, "%"PRIx64, start + dl->al.offset);
Reported by FlawFinder.
Line: 76
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
char *line = g_markup_escape_text(dl->al.line, -1);
const char *markup = "<span fgcolor='gray'>";
strcpy(buf, "");
if (!line)
return 0;
if (dl->al.offset != (s64) -1)
Reported by FlawFinder.
tools/testing/selftests/kvm/lib/test_util.c
5 issues
Line: 111
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
assert(fmt);
va_start(ap, fmt);
vprintf(fmt, ap);
va_end(ap);
puts(", skipping test");
}
bool thp_configured(void)
Reported by FlawFinder.
Line: 135
Column: 6
CWE codes:
362
TEST_ASSERT(thp_configured(), "THP is not configured in host kernel");
f = fopen("/sys/kernel/mm/transparent_hugepage/hpage_pmd_size", "r");
TEST_ASSERT(f != NULL, "Error in opening transparent_hugepage/hpage_pmd_size");
fscanf(f, "%ld", &size);
fclose(f);
Reported by FlawFinder.
Line: 146
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t get_def_hugetlb_pagesz(void)
{
char buf[64];
const char *tag = "Hugepagesize:";
FILE *f;
f = fopen("/proc/meminfo", "r");
TEST_ASSERT(f != NULL, "Error in opening /proc/meminfo");
Reported by FlawFinder.
Line: 150
Column: 6
CWE codes:
362
const char *tag = "Hugepagesize:";
FILE *f;
f = fopen("/proc/meminfo", "r");
TEST_ASSERT(f != NULL, "Error in opening /proc/meminfo");
while (fgets(buf, sizeof(buf), f) != NULL) {
if (strstr(buf, tag) == buf) {
fclose(f);
Reported by FlawFinder.
Line: 156
Column: 26
CWE codes:
126
while (fgets(buf, sizeof(buf), f) != NULL) {
if (strstr(buf, tag) == buf) {
fclose(f);
return strtoull(buf + strlen(tag), NULL, 10) << 10;
}
}
if (feof(f))
TEST_FAIL("HUGETLB is not configured in host kernel");
Reported by FlawFinder.
tools/testing/selftests/powerpc/benchmarks/fork.c
5 issues
Line: 236
Column: 7
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
while (1) {
int option_index = 0;
c = getopt_long(argc, argv, "", options, &option_index);
if (c == -1)
break;
switch (c) {
Reported by FlawFinder.
Line: 110
Column: 15
CWE codes:
362
Suggestion:
Use fork() instead
static void bench_vfork(void)
{
while (1) {
pid_t pid = vfork();
if (pid == -1) {
perror("fork");
exit(1);
}
if (pid == 0) {
Reported by FlawFinder.
Line: 251
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
break;
case 's':
timeout = atoi(optarg);
break;
default:
usage();
exit(1);
Reported by FlawFinder.
Line: 293
Column: 9
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (((argc - optind) != 1)) {
cpu = -1;
} else {
cpu = atoi(argv[optind++]);
}
if (do_exec)
exec_file = argv[0];
Reported by FlawFinder.
Line: 272
Column: 7
CWE codes:
126
if (do_exec) {
char *dirname = strdup(argv[0]);
int i;
i = strlen(dirname) - 1;
while (i) {
if (dirname[i] == '/') {
dirname[i] = '\0';
if (chdir(dirname) == -1) {
perror("chdir");
Reported by FlawFinder.
tools/testing/selftests/net/rxtimestamp.c
5 issues
Line: 364
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int failures = 0;
int s, t, opt;
while ((opt = getopt_long(argc, argv, "", long_options,
&arg_index)) != -1) {
switch (opt) {
case 'l':
for (t = 0; t < ARRAY_SIZE(test_cases); t++) {
printf("%d\t", t);
Reported by FlawFinder.
Line: 181
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct scm_timestamping *ts;
struct tstamps actual = {};
char cmsg_buf[CMSG_SIZE];
struct iovec recv_iov;
struct cmsghdr *cmsg;
bool failed = false;
struct msghdr hdr;
int flags = 0;
Reported by FlawFinder.
Line: 374
Column: 8
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
return 0;
case 'n':
t = atoi(optarg);
if (t >= ARRAY_SIZE(test_cases))
error(1, 0, "Invalid test case: %d", t);
all_tests = false;
test_cases[t].enabled = true;
break;
Reported by FlawFinder.
Line: 381
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
test_cases[t].enabled = true;
break;
case 's':
op_size = atoi(optarg);
break;
case 't':
all_protocols = false;
socket_types[2].enabled = true;
break;
Reported by FlawFinder.
Line: 335
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
}
config_so_flags(rcv, test_cases[test_num].sockopt);
usleep(20000); /* setsockopt for SO_TIMESTAMPING is asynchronous */
do_send(src);
failed = do_recv(rcv, read_size, test_cases[test_num].expected);
close(rcv);
Reported by FlawFinder.
tools/testing/selftests/proc/proc-self-syscall.c
5 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(void)
{
char buf1[64];
char buf2[64];
int fd;
ssize_t rv;
fd = open("/proc/self/syscall", O_RDONLY);
Reported by FlawFinder.
Line: 33
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(void)
{
char buf1[64];
char buf2[64];
int fd;
ssize_t rv;
fd = open("/proc/self/syscall", O_RDONLY);
if (fd == -1) {
Reported by FlawFinder.
Line: 37
Column: 7
CWE codes:
362
int fd;
ssize_t rv;
fd = open("/proc/self/syscall", O_RDONLY);
if (fd == -1) {
if (errno == ENOENT)
return 4;
return 1;
}
Reported by FlawFinder.
Line: 52
Column: 11
CWE codes:
126
rv = sys_read(fd, buf2, sizeof(buf2));
if (rv < 0)
return 1;
if (rv < strlen(buf1))
return 1;
if (strncmp(buf1, buf2, strlen(buf1)) != 0)
return 1;
return 0;
Reported by FlawFinder.
Line: 54
Column: 26
CWE codes:
126
return 1;
if (rv < strlen(buf1))
return 1;
if (strncmp(buf1, buf2, strlen(buf1)) != 0)
return 1;
return 0;
}
Reported by FlawFinder.
tools/testing/selftests/net/timestamping.c
5 issues
Line: 280
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void recvpacket(int sock, int recvmsg_flags,
int siocgstamp, int siocgstampns, int ptpv2)
{
char data[256];
struct msghdr msg;
struct iovec entry;
struct sockaddr_in from_addr;
struct {
struct cmsghdr cm;
Reported by FlawFinder.
Line: 286
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sockaddr_in from_addr;
struct {
struct cmsghdr cm;
char control[512];
} control;
int res;
memset(&msg, 0, sizeof(msg));
msg.msg_iov = &entry;
Reported by FlawFinder.
Line: 388
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bail("socket");
memset(&device, 0, sizeof(device));
memcpy(device.ifr_name, interface, if_len + 1);
if (ioctl(sock, SIOCGIFADDR, &device) < 0)
bail("getting interface IP address");
memset(&hwtstamp, 0, sizeof(hwtstamp));
memcpy(hwtstamp.ifr_name, interface, if_len + 1);
Reported by FlawFinder.
Line: 393
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bail("getting interface IP address");
memset(&hwtstamp, 0, sizeof(hwtstamp));
memcpy(hwtstamp.ifr_name, interface, if_len + 1);
hwtstamp.ifr_data = (void *)&hwconfig;
memset(&hwconfig, 0, sizeof(hwconfig));
hwconfig.tx_type =
(so_timestamping.flags & SOF_TIMESTAMPING_TX_HARDWARE) ?
HWTSTAMP_TX_ON : HWTSTAMP_TX_OFF;
Reported by FlawFinder.
Line: 341
Column: 11
CWE codes:
126
if (argc < 2)
usage(0);
interface = argv[1];
if_len = strlen(interface);
if (if_len >= IFNAMSIZ) {
printf("interface name exceeds IFNAMSIZ\n");
exit(1);
}
Reported by FlawFinder.
tools/testing/selftests/kvm/x86_64/hyperv_cpuid.c
5 issues
Line: 113
Column: 50
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
void test_hv_cpuid_e2big(struct kvm_vm *vm, bool system)
{
static struct kvm_cpuid2 cpuid = {.nent = 0};
int ret;
if (!system)
Reported by FlawFinder.
Line: 118
Column: 7
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
static struct kvm_cpuid2 cpuid = {.nent = 0};
int ret;
if (!system)
ret = _vcpu_ioctl(vm, VCPU_ID, KVM_GET_SUPPORTED_HV_CPUID, &cpuid);
else
ret = _kvm_ioctl(vm, KVM_GET_SUPPORTED_HV_CPUID, &cpuid);
TEST_ASSERT(ret == -1 && errno == E2BIG,
Reported by FlawFinder.
Line: 125
Column: 33
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
TEST_ASSERT(ret == -1 && errno == E2BIG,
"%s KVM_GET_SUPPORTED_HV_CPUID didn't fail with -E2BIG when"
" it should have: %d %d", system ? "KVM" : "vCPU", ret, errno);
}
int main(int argc, char *argv[])
{
struct kvm_vm *vm;
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool smt_possible(void)
{
char buf[16];
FILE *f;
bool res = true;
f = fopen("/sys/devices/system/cpu/smt/control", "r");
if (f) {
Reported by FlawFinder.
Line: 35
Column: 6
CWE codes:
362
FILE *f;
bool res = true;
f = fopen("/sys/devices/system/cpu/smt/control", "r");
if (f) {
if (fread(buf, sizeof(*buf), sizeof(buf), f) > 0) {
if (!strncmp(buf, "forceoff", 8) ||
!strncmp(buf, "notsupported", 12))
res = false;
Reported by FlawFinder.
tools/iio/iio_utils.h
5 issues
Line: 55
Column: 9
CWE codes:
126
static inline int iioutils_check_suffix(const char *str, const char *suffix)
{
return strlen(str) >= strlen(suffix) &&
strncmp(str+strlen(str)-strlen(suffix),
suffix, strlen(suffix)) == 0;
}
int iioutils_break_up_name(const char *full_name, char **generic_name);
Reported by FlawFinder.
Line: 55
Column: 24
CWE codes:
126
static inline int iioutils_check_suffix(const char *str, const char *suffix)
{
return strlen(str) >= strlen(suffix) &&
strncmp(str+strlen(str)-strlen(suffix),
suffix, strlen(suffix)) == 0;
}
int iioutils_break_up_name(const char *full_name, char **generic_name);
Reported by FlawFinder.
Line: 56
Column: 15
CWE codes:
126
static inline int iioutils_check_suffix(const char *str, const char *suffix)
{
return strlen(str) >= strlen(suffix) &&
strncmp(str+strlen(str)-strlen(suffix),
suffix, strlen(suffix)) == 0;
}
int iioutils_break_up_name(const char *full_name, char **generic_name);
int iioutils_get_param_float(float *output, const char *param_name,
Reported by FlawFinder.
Line: 56
Column: 27
CWE codes:
126
static inline int iioutils_check_suffix(const char *str, const char *suffix)
{
return strlen(str) >= strlen(suffix) &&
strncmp(str+strlen(str)-strlen(suffix),
suffix, strlen(suffix)) == 0;
}
int iioutils_break_up_name(const char *full_name, char **generic_name);
int iioutils_get_param_float(float *output, const char *param_name,
Reported by FlawFinder.
Line: 57
Column: 12
CWE codes:
126
{
return strlen(str) >= strlen(suffix) &&
strncmp(str+strlen(str)-strlen(suffix),
suffix, strlen(suffix)) == 0;
}
int iioutils_break_up_name(const char *full_name, char **generic_name);
int iioutils_get_param_float(float *output, const char *param_name,
const char *device_dir, const char *name,
Reported by FlawFinder.