The following issues were found
tools/testing/selftests/pidfd/pidfd_open_test.c
4 issues
Line: 89
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static pid_t get_pid_from_fdinfo_file(int pidfd, const char *key, size_t keylen)
{
int ret;
char path[512];
FILE *f;
size_t n = 0;
pid_t result = -1;
char *line = NULL;
Reported by FlawFinder.
Line: 97
Column: 6
CWE codes:
362
snprintf(path, sizeof(path), "/proc/self/fdinfo/%d", pidfd);
f = fopen(path, "re");
if (!f)
return -1;
while (getline(&line, &n, f) != -1) {
char *numstr;
Reported by FlawFinder.
Line: 81
Column: 33
CWE codes:
126
static char *trim_whitespace_in_place(char *buffer)
{
buffer += char_left_gc(buffer, strlen(buffer));
buffer[char_right_gc(buffer, strlen(buffer))] = '\0';
return buffer;
}
static pid_t get_pid_from_fdinfo_file(int pidfd, const char *key, size_t keylen)
Reported by FlawFinder.
Line: 82
Column: 31
CWE codes:
126
static char *trim_whitespace_in_place(char *buffer)
{
buffer += char_left_gc(buffer, strlen(buffer));
buffer[char_right_gc(buffer, strlen(buffer))] = '\0';
return buffer;
}
static pid_t get_pid_from_fdinfo_file(int pidfd, const char *key, size_t keylen)
{
Reported by FlawFinder.
tools/testing/selftests/sigaltstack/sas.c
4 issues
Line: 63
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
aa = alloca(1024);
assert(aa);
p = (struct stk_data *)(aa + 512);
strcpy(p->msg, msg);
p->flag = 1;
ksft_print_msg("[RUN]\tsignal USR1\n");
err = sigaltstack(NULL, &stk);
if (err) {
ksft_exit_fail_msg("sigaltstack() - %s\n", strerror(errno));
Reported by FlawFinder.
Line: 98
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (p) {
ksft_test_result_fail("sigaltstack re-used\n");
/* corrupt the data */
strcpy(p->msg, msg2);
/* tell other sighandler that his data is corrupted */
p->flag = 0;
}
}
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *msg = "[OK]\tStack preserved";
static const char *msg2 = "[FAIL]\tStack corrupted";
struct stk_data {
char msg[128];
int flag;
};
void my_usr1(int sig, siginfo_t *si, void *u)
{
Reported by FlawFinder.
Line: 94
Column: 28
CWE codes:
126
aa = alloca(1024);
/* dont run valgrind on this */
/* try to find the data stored by previous sighandler */
p = memmem(aa, 1024, msg, strlen(msg));
if (p) {
ksft_test_result_fail("sigaltstack re-used\n");
/* corrupt the data */
strcpy(p->msg, msg2);
/* tell other sighandler that his data is corrupted */
Reported by FlawFinder.
tools/iio/iio_event_monitor.c
4 issues
Line: 292
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
int ret;
DIR *dp;
snprintf(evdir, sizeof(evdir), FORMAT_EVENTS_DIR, dev_dir);
evdir[sizeof(evdir)-1] = '\0';
dp = opendir(evdir);
if (!dp) {
fprintf(stderr, "Enabling/disabling events: can't open %s\n",
Reported by FlawFinder.
Line: 288
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void enable_events(char *dev_dir, int enable)
{
const struct dirent *ent;
char evdir[256];
int ret;
DIR *dp;
snprintf(evdir, sizeof(evdir), FORMAT_EVENTS_DIR, dev_dir);
evdir[sizeof(evdir)-1] = '\0';
Reported by FlawFinder.
Line: 371
Column: 7
CWE codes:
362
if (all_events && dev_dir_name)
enable_events(dev_dir_name, 1);
fd = open(chrdev_name, 0);
if (fd == -1) {
ret = -errno;
fprintf(stderr, "Failed to open %s\n", chrdev_name);
goto error_free_chrdev_name;
}
Reported by FlawFinder.
Line: 398
Column: 9
CWE codes:
120
20
}
while (true) {
ret = read(event_fd, &event, sizeof(event));
if (ret == -1) {
if (errno == EAGAIN) {
fprintf(stderr, "nothing available\n");
continue;
} else {
Reported by FlawFinder.
tools/testing/selftests/powerpc/dscr/dscr_inherit_exec_test.c
4 issues
Line: 87
Column: 4
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
char dscr_str[16];
sprintf(dscr_str, "%ld", dscr);
execlp(prog, prog, "exec", dscr_str, NULL);
exit(1);
}
}
return 0;
}
Reported by FlawFinder.
Line: 84
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 1;
}
} else {
char dscr_str[16];
sprintf(dscr_str, "%ld", dscr);
execlp(prog, prog, "exec", dscr_str, NULL);
exit(1);
}
Reported by FlawFinder.
Line: 86
Column: 4
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
} else {
char dscr_str[16];
sprintf(dscr_str, "%ld", dscr);
execlp(prog, prog, "exec", dscr_str, NULL);
exit(1);
}
}
return 0;
Reported by FlawFinder.
Line: 99
Column: 17
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (argc == 3 && !strcmp(argv[1], "exec")) {
unsigned long parent_dscr;
parent_dscr = atoi(argv[2]);
do_exec(parent_dscr);
} else if (argc != 1) {
fprintf(stderr, "Usage: %s\n", argv[0]);
exit(1);
}
Reported by FlawFinder.
tools/testing/selftests/powerpc/mm/stack_expansion_ldst.c
4 issues
Line: 78
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int search_proc_maps(char *needle, unsigned long *low, unsigned long *high)
{
unsigned long start, end;
static char buf[4096];
char name[128];
FILE *f;
int rc;
f = fopen("/proc/self/maps", "r");
Reported by FlawFinder.
Line: 79
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
unsigned long start, end;
static char buf[4096];
char name[128];
FILE *f;
int rc;
f = fopen("/proc/self/maps", "r");
if (!f) {
Reported by FlawFinder.
Line: 83
Column: 6
CWE codes:
362
FILE *f;
int rc;
f = fopen("/proc/self/maps", "r");
if (!f) {
perror("fopen");
return -1;
}
Reported by FlawFinder.
Line: 90
Column: 8
CWE codes:
120
Suggestion:
Check that the limit is sufficiently small, or use a different input function
}
while (fgets(buf, sizeof(buf), f)) {
rc = sscanf(buf, "%lx-%lx %*c%*c%*c%*c %*x %*d:%*d %*d %127s\n",
&start, &end, name);
if (rc == 2)
continue;
if (rc != 3) {
Reported by FlawFinder.
tools/testing/selftests/powerpc/signal/sig_sc_double_restart.c
4 issues
Line: 85
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int pipefd[2];
pid_t pid;
char buf[512];
if (pipe(pipefd) == -1) {
perror("pipe");
exit(EXIT_FAILURE);
}
Reported by FlawFinder.
Line: 79
Column: 15
CWE codes:
126
}
#define DATA "test 123"
#define DLEN (strlen(DATA)+1)
int test_restart(void)
{
int pipefd[2];
pid_t pid;
Reported by FlawFinder.
Line: 146
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
} else {
int wstatus;
usleep(100000); /* Hack to get reader waiting */
kill(pid, SIGUSR1);
usleep(100000);
if (write(pipefd[1], DATA, DLEN) != DLEN) {
perror("write");
exit(EXIT_FAILURE);
Reported by FlawFinder.
Line: 148
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
usleep(100000); /* Hack to get reader waiting */
kill(pid, SIGUSR1);
usleep(100000);
if (write(pipefd[1], DATA, DLEN) != DLEN) {
perror("write");
exit(EXIT_FAILURE);
}
close(pipefd[0]);
Reported by FlawFinder.
sound/usb/stream.c
4 issues
Line: 291
CWE codes:
908
const unsigned int *maps;
int c;
if (channels > ARRAY_SIZE(chmap->map))
return NULL;
chmap = kzalloc(sizeof(*chmap), GFP_KERNEL);
if (!chmap)
return NULL;
Reported by Cppcheck.
Line: 332
CWE codes:
908
void *p = cluster;
int len, c;
if (channels > ARRAY_SIZE(chmap->map))
return NULL;
chmap = kzalloc(sizeof(*chmap), GFP_KERNEL);
if (!chmap)
return NULL;
Reported by Cppcheck.
Line: 535
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
pcm->private_free = snd_usb_audio_pcm_free;
pcm->info_flags = 0;
if (chip->pcm_devs > 0)
sprintf(pcm->name, "USB Audio #%d", chip->pcm_devs);
else
strcpy(pcm->name, "USB Audio");
snd_usb_init_substream(as, stream, fp, pd);
Reported by FlawFinder.
Line: 537
Column: 3
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (chip->pcm_devs > 0)
sprintf(pcm->name, "USB Audio #%d", chip->pcm_devs);
else
strcpy(pcm->name, "USB Audio");
snd_usb_init_substream(as, stream, fp, pd);
/*
* Keep using head insertion for M-Audio Audiophile USB (tm) which has a
Reported by FlawFinder.
tools/testing/selftests/proc/fd-002-posix-eq.c
4 issues
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int fd0, fd1, fd2;
struct stat st0, st1, st2;
char buf[64];
int rv;
fd0 = open("/", O_DIRECTORY|O_RDONLY);
assert(fd0 >= 0);
Reported by FlawFinder.
Line: 32
Column: 8
CWE codes:
362
char buf[64];
int rv;
fd0 = open("/", O_DIRECTORY|O_RDONLY);
assert(fd0 >= 0);
snprintf(buf, sizeof(buf), "/proc/self/fd/%u", fd0);
fd1 = open(buf, O_RDONLY);
assert(fd1 >= 0);
Reported by FlawFinder.
Line: 36
Column: 8
CWE codes:
362
assert(fd0 >= 0);
snprintf(buf, sizeof(buf), "/proc/self/fd/%u", fd0);
fd1 = open(buf, O_RDONLY);
assert(fd1 >= 0);
snprintf(buf, sizeof(buf), "/proc/thread-self/fd/%u", fd0);
fd2 = open(buf, O_RDONLY);
assert(fd2 >= 0);
Reported by FlawFinder.
Line: 40
Column: 8
CWE codes:
362
assert(fd1 >= 0);
snprintf(buf, sizeof(buf), "/proc/thread-self/fd/%u", fd0);
fd2 = open(buf, O_RDONLY);
assert(fd2 >= 0);
rv = fstat(fd0, &st0);
assert(rv == 0);
rv = fstat(fd1, &st1);
Reported by FlawFinder.
tools/testing/selftests/proc/proc-loadavg-001.c
4 issues
Line: 40
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (pid == -1)
return 1;
if (pid == 0) {
char buf[128], *p;
int fd;
ssize_t rv;
fd = open("/proc/loadavg" , O_RDONLY);
if (fd == -1)
Reported by FlawFinder.
Line: 44
Column: 8
CWE codes:
362
int fd;
ssize_t rv;
fd = open("/proc/loadavg" , O_RDONLY);
if (fd == -1)
return 1;
rv = read(fd, buf, sizeof(buf));
if (rv < 3)
return 1;
Reported by FlawFinder.
tools/testing/selftests/resctrl/cmt_test.c
4 issues
Line: 20
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define MAX_DIFF_PERCENT 15
static int count_of_bits;
static char cbm_mask[256];
static unsigned long long_mask;
static unsigned long cache_size;
static int cmt_setup(int num, ...)
{
Reported by FlawFinder.
Line: 44
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int check_results(struct resctrl_val_param *param, int no_of_bits)
{
char *token_array[8], temp[512];
unsigned long sum_llc_occu_resc = 0;
int runs = 0;
FILE *fp;
ksft_print_msg("Checking for pass/fail\n");
Reported by FlawFinder.
Line: 50
Column: 7
CWE codes:
362
FILE *fp;
ksft_print_msg("Checking for pass/fail\n");
fp = fopen(param->filename, "r");
if (!fp) {
perror("# Error in opening file\n");
return errno;
}
Reported by FlawFinder.
Line: 130
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
};
if (strcmp(benchmark_cmd[0], "fill_buf") == 0)
sprintf(benchmark_cmd[1], "%lu", param.span);
remove(RESULT_FILE_NAME);
ret = resctrl_val(benchmark_cmd, ¶m);
if (ret)
Reported by FlawFinder.