Line: 18 Column: 21 CWE codes: 134
Suggestion: Use a constant for the format specification

              
#define LOG_SIZE (1 << 20)

#define err(str...)	printf("ERROR: " str)

static const struct bpf_insn code_sample[] = {
	/* We need a few instructions to pass the min log length */
	BPF_MOV64_IMM(BPF_REG_0, 0),
	BPF_MOV64_IMM(BPF_REG_0, 0),

            

Line: 137 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
int main(int argc, char **argv)
{
	char full_log[LOG_SIZE];
	char log[LOG_SIZE];
	size_t want_len;
	int i;

	memset(log, 1, LOG_SIZE);

            

Line: 138 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              int main(int argc, char **argv)
{
	char full_log[LOG_SIZE];
	char log[LOG_SIZE];
	size_t want_len;
	int i;

	memset(log, 1, LOG_SIZE);


            

Line: 158 Column: 13 CWE codes: 126

              	printf("Test oversized buffer...\n");
	test_log_good(full_log, LOG_SIZE, LOG_SIZE, 0, EACCES, full_log);

	want_len = strlen(full_log);

	printf("Test exact buffer...\n");
	test_log_good(log, LOG_SIZE, want_len + 2, want_len, EACCES, full_log);

	printf("Test undersized buffers...\n");

            

Line: 13 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              static __attribute__((noinline))
void urandom_read(int fd, int count)
{
       char buf[BUF_SIZE];
       int i;

       for (i = 0; i < count; ++i)
               read(fd, buf, BUF_SIZE);
}

            

Line: 22 Column: 11 CWE codes: 362

              
int main(int argc, char *argv[])
{
	int fd = open("/dev/urandom", O_RDONLY);
	int count = 4;

	if (fd < 0)
		return 1;


            

Line: 29 Column: 11 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)

              		return 1;

	if (argc == 2)
		count = atoi(argv[1]);

	urandom_read(fd, count);

	close(fd);
	return 0;

            

Line: 17 Column: 16 CWE codes: 120 20

                     int i;

       for (i = 0; i < count; ++i)
               read(fd, buf, BUF_SIZE);
}

int main(int argc, char *argv[])
{
	int fd = open("/dev/urandom", O_RDONLY);

            

Line: 74 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	if (!me)
		return NULL;
	memcpy(me, entry, sizeof(struct metric_event));
	me->evsel = ((struct metric_event *)entry)->evsel;
	INIT_LIST_HEAD(&me->head);
	return &me->nd;
}


            

Line: 452 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	if (!me)
		return NULL;
	memcpy(me, entry, sizeof(struct mep));
	me->name = strdup(me->name);
	if (!me->name)
		goto out_me;
	me->metrics = strlist__new(NULL, NULL);
	if (!me->metrics)

            

Line: 1346 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              					return -ENOMEM;
				}

				memcpy(new_expr->metric_refs, old_expr->metric_refs,
				       nr * alloc_size);
			} else {
				new_expr->metric_refs = NULL;
			}


            

Line: 415 Column: 8 CWE codes: 126

              		return true;
	if (!n)
		return !strcasecmp(list, "No_group");
	len = strlen(list);
	m = strcasestr(n, list);
	if (!m)
		return false;
	if ((m == n || m[-1] == ';' || m[-1] == ' ') &&
	    (m[len] == 0 || m[len] == ';'))

            

Line: 34 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	void *p = malloc(len);

	if (p)
		memcpy(p, src, len);

	return p;
}

/**

            

Line: 109 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	if (size) {
		size_t len = (ret >= size) ? size - 1 : ret;
		memcpy(dest, src, len);
		dest[len] = '\0';
	}
	return ret;
}
#ifdef __clang__

            

Line: 105 Column: 15 CWE codes: 126

              #endif
size_t __weak strlcpy(char *dest, const char *src, size_t size)
{
	size_t ret = strlen(src);

	if (size) {
		size_t len = (ret >= size) ? size - 1 : ret;
		memcpy(dest, src, len);
		dest[len] = '\0';

            

Line: 144 Column: 9 CWE codes: 126

              	size_t size;
	char *end;

	size = strlen(s);
	if (!size)
		return s;

	end = s + size - 1;
	while (end >= s && isspace(*end))

            

Line: 83 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              /* Sender sprays nr_loops messages down each file descriptor */
static void *sender(struct sender_context *ctx)
{
	char data[DATASIZE];
	unsigned int i, j;

	ready(ctx->ready_out, ctx->wakefd);
	memset(data, 'S', sizeof(data));


            

Line: 122 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
	/* Receive them all */
	for (i = 0; i < ctx->num_packets; i++) {
		char data[DATASIZE];
		int ret, done = 0;

again:
		ret = read(ctx->in_fds[0], data + done, DATASIZE - done);
		if (ret < 0)

            

Line: 126 Column: 9 CWE codes: 120 20

              		int ret, done = 0;

again:
		ret = read(ctx->in_fds[0], data + done, DATASIZE - done);
		if (ret < 0)
			err(EXIT_FAILURE, "SERVER: read");
		done += ret;
		if (done < DATASIZE)
			goto again;

            

Line: 287 Column: 7 CWE codes: 120 20

              
	/* Wait for everyone to be ready */
	for (i = 0; i < total_children; i++)
		if (read(readyfds[0], &dummy, 1) != 1)
			err(EXIT_FAILURE, "Reading for readyfds");

	gettimeofday(&start, NULL);

	/* Kick them off */

            

Line: 27 Column: 9 CWE codes: 134
Suggestion: Use a constant for the format specification

              static int libperf_print(enum libperf_print_level level,
			 const char *fmt, va_list ap)
{
	return vfprintf(stderr, fmt, ap);
}

static int test_stat_cpu(void)
{
	struct perf_cpu_map *cpus;

            

Line: 222 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              		.wakeup_watermark = 1,
		.disabled         = 1,
	};
	char path[PATH_MAX];
	int id, err, pid, go_pipe[2];
	union perf_event *event;
	int count = 0;

	snprintf(path, PATH_MAX, "%s/kernel/debug/tracing/events/syscalls/sys_enter_prctl/id",

            

Line: 333 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              		.disabled         = 1,
	};
	cpu_set_t saved_mask;
	char path[PATH_MAX];
	int id, err, cpu, tmp;
	union perf_event *event;
	int count = 0;

	snprintf(path, PATH_MAX, "%s/kernel/debug/tracing/events/syscalls/sys_enter_prctl/id",

            

Line: 248 Column: 3 CWE codes: 120 20

              		int i;
		char bf;

		read(go_pipe[0], &bf, 1);

		/* Generate 100 prctl calls. */
		for (i = 0; i < 100; i++)
			prctl(0, 0, 0, 0, 0);


            

Line: 55 Column: 8 CWE codes: 134
Suggestion: Use a constant for the format specification

              	char *pathname = get_pathname();

	va_start(args, fmt);
	len = vsnprintf(pathname, PATH_MAX, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}

            

Line: 89 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

              	char path[PATH_MAX];
	struct stat st;

	sprintf(path, "%s/%s", base_path, dent->d_name);
	if (stat(path, &st))
		return false;

	return S_ISDIR(st.st_mode);
}

            

Line: 31 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               */
static char *get_pathname(void)
{
	static char pathname_array[4][PATH_MAX];
	static int idx;

	return pathname_array[3 & ++idx];
}


            

Line: 86 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              /* Helper function for filesystems that return a dent->d_type DT_UNKNOWN */
bool is_directory(const char *base_path, const struct dirent *dent)
{
	char path[PATH_MAX];
	struct stat st;

	sprintf(path, "%s/%s", base_path, dent->d_name);
	if (stat(path, &st))
		return false;

            

Line: 76 Column: 21 CWE codes: 134
Suggestion: Use a constant for the format specification

              
#define BUF_SIZE		1024

#define p_hex(val)		snprintf(buf, BUF_SIZE, "%#"PRIx64, (uint64_t)(val))
#define p_unsigned(val)		snprintf(buf, BUF_SIZE, "%"PRIu64, (uint64_t)(val))
#define p_signed(val)		snprintf(buf, BUF_SIZE, "%"PRId64, (int64_t)(val))
#define p_sample_type(val)	__p_sample_type(buf, BUF_SIZE, val)
#define p_branch_sample_type(val) __p_branch_sample_type(buf, BUF_SIZE, val)
#define p_read_format(val)	__p_read_format(buf, BUF_SIZE, val)

            

Line: 77 Column: 26 CWE codes: 134
Suggestion: Use a constant for the format specification

              #define BUF_SIZE		1024

#define p_hex(val)		snprintf(buf, BUF_SIZE, "%#"PRIx64, (uint64_t)(val))
#define p_unsigned(val)		snprintf(buf, BUF_SIZE, "%"PRIu64, (uint64_t)(val))
#define p_signed(val)		snprintf(buf, BUF_SIZE, "%"PRId64, (int64_t)(val))
#define p_sample_type(val)	__p_sample_type(buf, BUF_SIZE, val)
#define p_branch_sample_type(val) __p_branch_sample_type(buf, BUF_SIZE, val)
#define p_read_format(val)	__p_read_format(buf, BUF_SIZE, val)


            

Line: 78 Column: 24 CWE codes: 134
Suggestion: Use a constant for the format specification

              
#define p_hex(val)		snprintf(buf, BUF_SIZE, "%#"PRIx64, (uint64_t)(val))
#define p_unsigned(val)		snprintf(buf, BUF_SIZE, "%"PRIu64, (uint64_t)(val))
#define p_signed(val)		snprintf(buf, BUF_SIZE, "%"PRId64, (int64_t)(val))
#define p_sample_type(val)	__p_sample_type(buf, BUF_SIZE, val)
#define p_branch_sample_type(val) __p_branch_sample_type(buf, BUF_SIZE, val)
#define p_read_format(val)	__p_read_format(buf, BUF_SIZE, val)

#define PRINT_ATTRn(_n, _f, _p)				\

            

Line: 96 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              int perf_event_attr__fprintf(FILE *fp, struct perf_event_attr *attr,
			     attr__fprintf_f attr__fprintf, void *priv)
{
	char buf[BUF_SIZE];
	int ret = 0;

	PRINT_ATTRf(type, p_unsigned);
	PRINT_ATTRf(size, p_unsigned);
	PRINT_ATTRf(config, p_hex);

            

Line: 125 Column: 9 CWE codes: 134
Suggestion: Use a constant for the format specification

              
	if (var >= level) {
		va_start(args, fmt);
		ret = vfprintf(stderr, fmt, args);
		va_end(args);
	}

	return ret;
}

            

Line: 591 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	ptype = pyrf_event__type[event->header.type];
	pevent = PyObject_New(struct pyrf_event, ptype);
	if (pevent != NULL)
		memcpy(&pevent->event, event, event->header.size);
	return (PyObject *)pevent;
}

struct pyrf_cpu_map {
	PyObject_HEAD

            

Line: 357 Column: 22 CWE codes: 120 20

              static PyObject *pyrf_read_event__repr(struct pyrf_event *pevent)
{
	return _PyUnicode_FromFormat("{ type: read, pid: %u, tid: %u }",
				   pevent->event.read.pid,
				   pevent->event.read.tid);
	/*
 	 * FIXME: return the array of read values,
 	 * making this method useful ;-)
 	 */

            

Line: 358 Column: 22 CWE codes: 120 20

              {
	return _PyUnicode_FromFormat("{ type: read, pid: %u, tid: %u }",
				   pevent->event.read.pid,
				   pevent->event.read.tid);
	/*
 	 * FIXME: return the array of read values,
 	 * making this method useful ;-)
 	 */
}

            

Line: 26 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              		unsigned long long siblings;
		char *str;
		size_t strlen;
		char fn[256];

		snprintf(fn, sizeof fn,
			"devices/system/cpu/cpu%d/topology/core_cpus", cpu);
		if (sysfs__read_str(fn, &str, &strlen) < 0) {
			snprintf(fn, sizeof fn,

            

Line: 25 Column: 10 CWE codes: 126

              	for (cpu = 0; cpu < ncpu; cpu++) {
		unsigned long long siblings;
		char *str;
		size_t strlen;
		char fn[256];

		snprintf(fn, sizeof fn,
			"devices/system/cpu/cpu%d/topology/core_cpus", cpu);
		if (sysfs__read_str(fn, &str, &strlen) < 0) {

            

Line: 30 Column: 34 CWE codes: 126

              
		snprintf(fn, sizeof fn,
			"devices/system/cpu/cpu%d/topology/core_cpus", cpu);
		if (sysfs__read_str(fn, &str, &strlen) < 0) {
			snprintf(fn, sizeof fn,
				"devices/system/cpu/cpu%d/topology/thread_siblings",
				cpu);
			if (sysfs__read_str(fn, &str, &strlen) < 0)
				continue;

            

Line: 34 Column: 35 CWE codes: 126

              			snprintf(fn, sizeof fn,
				"devices/system/cpu/cpu%d/topology/thread_siblings",
				cpu);
			if (sysfs__read_str(fn, &str, &strlen) < 0)
				continue;
		}
		/* Entry is hex, but does not have 0x, so need custom parser */
		siblings = strtoull(str, NULL, 16);
		free(str);