The following issues were found
tools/laptop/dslm/dslm.c
4 issues
Line: 31
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* 1 = active, 0 = standby/sleep, -1 = unknown */
static int check_powermode(int fd)
{
unsigned char args[4] = {WIN_CHECKPOWERMODE1,0,0,0};
int state;
if (ioctl(fd, HDIO_DRIVE_CMD, &args)
&& (args[0] = WIN_CHECKPOWERMODE2) /* try again with 0x98 */
&& ioctl(fd, HDIO_DRIVE_CMD, &args)) {
Reported by FlawFinder.
Line: 142
Column: 16
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (argc == 2)
disk = argv[1];
else if (argc == 4) {
settle_time = atoi(argv[2]);
disk = argv[3];
} else
usage();
if (!(fd = open(disk, O_RDONLY|O_NONBLOCK))) {
Reported by FlawFinder.
Line: 147
Column: 16
CWE codes:
362
} else
usage();
if (!(fd = open(disk, O_RDONLY|O_NONBLOCK))) {
printf("Can't open %s, because: %s\n", disk, strerror(errno));
exit(-1);
}
if (settle_time) {
Reported by FlawFinder.
Line: 61
Column: 8
CWE codes:
126
static char *myctime(time_t time)
{
char *ts = ctime(&time);
ts[strlen(ts) - 1] = 0;
return ts;
}
static void measure(int fd)
Reported by FlawFinder.
tools/perf/util/strlist.c
4 issues
Line: 125
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (asprintf(&subst, "%s/%s", subst_dir, s) < 0)
goto out;
if (access(subst, F_OK) == 0) {
err = strlist__load(slist, subst);
goto out;
}
if (slist->file_only) {
Reported by FlawFinder.
Line: 70
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int strlist__load(struct strlist *slist, const char *filename)
{
char entry[1024];
int err;
FILE *fp = fopen(filename, "r");
if (fp == NULL)
return -errno;
Reported by FlawFinder.
Line: 72
Column: 13
CWE codes:
362
{
char entry[1024];
int err;
FILE *fp = fopen(filename, "r");
if (fp == NULL)
return -errno;
while (fgets(entry, sizeof(entry), fp) != NULL) {
Reported by FlawFinder.
Line: 78
Column: 22
CWE codes:
126
return -errno;
while (fgets(entry, sizeof(entry), fp) != NULL) {
const size_t len = strlen(entry);
if (len == 0)
continue;
entry[len - 1] = '\0';
Reported by FlawFinder.
tools/include/uapi/linux/usbdevice_fs.h
4 issues
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usbdevfs_getdriver {
unsigned int interface;
char driver[USBDEVFS_MAXDRIVERNAME + 1];
};
struct usbdevfs_connectinfo {
unsigned int devnum;
unsigned char slow;
Reported by FlawFinder.
Line: 149
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* except find out what device connects to what port. */
struct usbdevfs_hub_portinfo {
char nports; /* number of downstream ports in this hub */
char port [127]; /* e.g. port 3 connects to device 27 */
};
/* System and bus capability flags */
#define USBDEVFS_CAP_ZERO_PACKET 0x01
#define USBDEVFS_CAP_BULK_CONTINUATION 0x02
Reported by FlawFinder.
Line: 173
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usbdevfs_disconnect_claim {
unsigned int interface;
unsigned int flags;
char driver[USBDEVFS_MAXDRIVERNAME + 1];
};
struct usbdevfs_streams {
unsigned int num_streams; /* Not used by USBDEVFS_FREE_STREAMS */
unsigned int num_eps;
Reported by FlawFinder.
Line: 179
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct usbdevfs_streams {
unsigned int num_streams; /* Not used by USBDEVFS_FREE_STREAMS */
unsigned int num_eps;
unsigned char eps[0];
};
/*
* USB_SPEED_* values returned by USBDEVFS_GET_SPEED are defined in
* linux/usb/ch9.h
Reported by FlawFinder.
tools/include/uapi/linux/tls.h
4 issues
Line: 72
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tls12_crypto_info_aes_gcm_128 {
struct tls_crypto_info info;
unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};
Reported by FlawFinder.
Line: 73
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tls12_crypto_info_aes_gcm_128 {
struct tls_crypto_info info;
unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};
#endif /* _UAPI_LINUX_TLS_H */
Reported by FlawFinder.
Line: 74
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tls_crypto_info info;
unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};
#endif /* _UAPI_LINUX_TLS_H */
Reported by FlawFinder.
Line: 75
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};
#endif /* _UAPI_LINUX_TLS_H */
Reported by FlawFinder.
tools/perf/tests/bpf.c
4 issues
Line: 46
Column: 11
CWE codes:
362
{
int fds[2], i;
fds[0] = open("/dev/null", O_RDONLY);
fds[1] = open("/dev/null", O_RDWR);
if (fds[0] < 0 || fds[1] < 0)
return -1;
Reported by FlawFinder.
Line: 47
Column: 11
CWE codes:
362
int fds[2], i;
fds[0] = open("/dev/null", O_RDONLY);
fds[1] = open("/dev/null", O_RDWR);
if (fds[0] < 0 || fds[1] < 0)
return -1;
for (i = 0; i < NR_ITERS; i++) {
Reported by FlawFinder.
Line: 118
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.default_interval = 1,
};
char pid[16];
char sbuf[STRERR_BUFSIZE];
struct evlist *evlist;
int i, ret = TEST_FAIL, err = 0, count = 0;
struct parse_events_state parse_state;
Reported by FlawFinder.
Line: 119
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
char pid[16];
char sbuf[STRERR_BUFSIZE];
struct evlist *evlist;
int i, ret = TEST_FAIL, err = 0, count = 0;
struct parse_events_state parse_state;
struct parse_events_error parse_error;
Reported by FlawFinder.
tools/include/uapi/linux/kvm.h
4 issues
Line: 134
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 chip_id;
__u32 pad;
union {
char dummy[512]; /* reserving space */
#ifdef __KVM_HAVE_PIT
struct kvm_pic_state pic;
#endif
#ifdef __KVM_HAVE_IOAPIC
struct kvm_ioapic_state ioapic;
Reported by FlawFinder.
Line: 473
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* KVM_EXIT_XEN */
struct kvm_xen_exit xen;
/* Fix the size of the union. */
char padding[256];
};
/* 2048 is the size of the char array used to bound/pad the size
* of the union that holds sync regs.
*/
Reported by FlawFinder.
Line: 491
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u64 kvm_dirty_regs;
union {
struct kvm_sync_regs regs;
char padding[SYNC_REGS_SIZE_BYTES];
} s;
};
/* for KVM_REGISTER_COALESCED_MMIO / KVM_UNREGISTER_COALESCED_MMIO */
Reported by FlawFinder.
Line: 731
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kvm_s390_prefix_info prefix;
struct kvm_s390_stop_info stop;
struct kvm_s390_mchk_info mchk;
char reserved[64];
} u;
};
struct kvm_s390_irq_state {
__u64 buf;
Reported by FlawFinder.
tools/perf/util/term.c
4 issues
Line: 10
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
void get_term_dimensions(struct winsize *ws)
{
char *s = getenv("LINES");
if (s != NULL) {
ws->ws_row = atoi(s);
s = getenv("COLUMNS");
if (s != NULL) {
Reported by FlawFinder.
Line: 14
Column: 7
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (s != NULL) {
ws->ws_row = atoi(s);
s = getenv("COLUMNS");
if (s != NULL) {
ws->ws_col = atoi(s);
if (ws->ws_row && ws->ws_col)
return;
}
Reported by FlawFinder.
Line: 13
Column: 16
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
char *s = getenv("LINES");
if (s != NULL) {
ws->ws_row = atoi(s);
s = getenv("COLUMNS");
if (s != NULL) {
ws->ws_col = atoi(s);
if (ws->ws_row && ws->ws_col)
return;
Reported by FlawFinder.
Line: 16
Column: 17
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
ws->ws_row = atoi(s);
s = getenv("COLUMNS");
if (s != NULL) {
ws->ws_col = atoi(s);
if (ws->ws_row && ws->ws_col)
return;
}
}
#ifdef TIOCGWINSZ
Reported by FlawFinder.
tools/testing/selftests/sync/sync.c
4 issues
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* SW_SYNC ioctls */
struct sw_sync_create_fence_data {
__u32 value;
char name[32];
__s32 fence;
};
#define SW_SYNC_IOC_MAGIC 'W'
#define SW_SYNC_IOC_CREATE_FENCE _IOWR(SW_SYNC_IOC_MAGIC, 0,\
Reported by FlawFinder.
Line: 168
Column: 9
CWE codes:
362
int sw_sync_timeline_create(void)
{
return open("/sys/kernel/debug/sync/sw_sync", O_RDWR);
}
int sw_sync_timeline_inc(int fd, unsigned int count)
{
__u32 arg = count;
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
120
int err;
data.fd2 = fd2;
strncpy(data.name, name, sizeof(data.name) - 1);
data.name[sizeof(data.name) - 1] = '\0';
err = ioctl(fd1, SYNC_IOC_MERGE, &data);
if (err < 0)
return err;
Reported by FlawFinder.
Line: 201
Column: 2
CWE codes:
120
int err;
data.value = value;
strncpy(data.name, name, sizeof(data.name) - 1);
data.name[sizeof(data.name) - 1] = '\0';
err = ioctl(fd, SW_SYNC_IOC_CREATE_FENCE, &data);
if (err < 0)
return err;
Reported by FlawFinder.
tools/power/acpi/tools/acpidump/apmain.c
4 issues
Line: 206
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
switch (acpi_gbl_optarg[0]) {
case '^': /* -v: (Version) */
fprintf(stderr,
ACPI_COMMON_SIGNON(AP_UTILITY_NAME));
return (1);
case 'd':
Reported by FlawFinder.
Line: 212
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
case 'd':
fprintf(stderr,
ACPI_COMMON_SIGNON(AP_UTILITY_NAME));
printf(ACPI_COMMON_BUILD_TIME);
return (1);
default:
Reported by FlawFinder.
Line: 214
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(stderr,
ACPI_COMMON_SIGNON(AP_UTILITY_NAME));
printf(ACPI_COMMON_BUILD_TIME);
return (1);
default:
printf("Unknown option: -v%s\n",
Reported by FlawFinder.
Line: 228
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
case 'z': /* Verbose mode */
gbl_verbose_mode = TRUE;
fprintf(stderr, ACPI_COMMON_SIGNON(AP_UTILITY_NAME));
continue;
/*
* Table options
*/
Reported by FlawFinder.
tools/power/cpupower/debug/i386/centrino-decode.c
4 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int *lo, unsigned int *hi)
{
int fd;
char file[20];
unsigned long long val;
int retval = -1;
*lo = *hi = 0;
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (cpu > MCPU)
goto err1;
sprintf(file, "/dev/cpu/%d/msr", cpu);
fd = open(file, O_RDONLY);
if (fd < 0)
goto err1;
Reported by FlawFinder.
Line: 42
Column: 7
CWE codes:
362
goto err1;
sprintf(file, "/dev/cpu/%d/msr", cpu);
fd = open(file, O_RDONLY);
if (fd < 0)
goto err1;
if (lseek(fd, msr, SEEK_CUR) == -1)
Reported by FlawFinder.
Line: 50
Column: 6
CWE codes:
120
20
if (lseek(fd, msr, SEEK_CUR) == -1)
goto err2;
if (read(fd, &val, 8) != 8)
goto err2;
*lo = (uint32_t )(val & 0xffffffffull);
*hi = (uint32_t )(val>>32 & 0xffffffffull);
Reported by FlawFinder.