The following issues were found
tools/lib/traceevent/plugins/plugin_kvm.c
4 issues
Line: 367
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
unsigned cr4_pae:1;
unsigned quadrant:2;
unsigned direct:1;
unsigned access:3;
unsigned invalid:1;
unsigned efer_nx:1;
unsigned cr0_wp:1;
unsigned smep_and_not_wp:1;
unsigned smap_and_not_wp:1;
Reported by FlawFinder.
Line: 403
Column: 22
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
role.level,
role.quadrant,
role.direct ? " direct" : "",
access_str[role.access],
role.invalid ? " invalid" : "",
role.cr4_pae ? "" : "!",
role.efer_nx ? "" : "!",
role.cr0_wp ? "" : "!",
role.smep_and_not_wp ? " smep" : "",
Reported by FlawFinder.
Line: 59
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cr0_pe, int eflags_vm,
int cs_d, int cs_l)
{
static char out[15*3+1];
int i;
for (i = 0; i < len; ++i)
sprintf(out + i * 3, "%02x ", insn[i]);
out[len*3-1] = '\0';
Reported by FlawFinder.
Line: 63
Column: 3
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
int i;
for (i = 0; i < len; ++i)
sprintf(out + i * 3, "%02x ", insn[i]);
out[len*3-1] = '\0';
return out;
}
#endif
Reported by FlawFinder.
tools/perf/util/dwarf-aux.c
4 issues
Line: 544
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if ((ret & DIE_FIND_CB_CHILD) &&
die_find_child(die_mem, callback, data, &child_die)) {
memcpy(die_mem, &child_die, sizeof(Dwarf_Die));
return die_mem;
}
} while ((ret & DIE_FIND_CB_SIBLING) &&
dwarf_siblingof(die_mem, die_mem) == 0);
Reported by FlawFinder.
Line: 566
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dwarf_tag(fn_die) == DW_TAG_subprogram &&
!dwarf_highpc(fn_die, &addr) &&
addr == ad->addr) {
memcpy(ad->die_mem, fn_die, sizeof(Dwarf_Die));
return DWARF_CB_ABORT;
}
return DWARF_CB_OK;
}
Reported by FlawFinder.
Line: 606
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
if (dwarf_tag(fn_die) == DW_TAG_subprogram &&
dwarf_haspc(fn_die, ad->addr)) {
memcpy(ad->die_mem, fn_die, sizeof(Dwarf_Die));
return DWARF_CB_ABORT;
}
return DWARF_CB_OK;
}
Reported by FlawFinder.
Line: 685
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Inlined function could be recursive. Trace it until fail */
while (sp_die) {
memcpy(die_mem, sp_die, sizeof(Dwarf_Die));
sp_die = die_find_child(sp_die, __die_find_inline_cb, &addr,
&tmp_die);
}
return die_mem;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/btf_dump_test_case_syntax.c
4 issues
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
});
} (*fn_complex_t)(union {
void *f;
char g[16];
}, struct {
int h;
});
typedef void (* (*signal_t)(int, void (*)(int)))(int);
Reported by FlawFinder.
Line: 95
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef void (* (*signal_t)(int, void (*)(int)))(int);
typedef char * (*fn_ptr_arr1_t[10])(int **);
typedef char * (* const (* const fn_ptr_arr2_t[5])())(char * (*)(int));
struct struct_w_typedefs {
int_t a;
Reported by FlawFinder.
Line: 97
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef char * (*fn_ptr_arr1_t[10])(int **);
typedef char * (* const (* const fn_ptr_arr2_t[5])())(char * (*)(int));
struct struct_w_typedefs {
int_t a;
crazy_ptr_t b;
we_need_to_go_deeper_ptr_t c;
Reported by FlawFinder.
Line: 204
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
K = 100,
L = 200,
} m;
char n[16];
struct {
char o;
int p;
void (*q)(int);
} r[5];
Reported by FlawFinder.
tools/bpf/resolve_btfids/main.c
4 issues
Line: 125
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (var >= level) {
va_start(args, fmt);
ret = vfprintf(stderr, fmt, args);
va_end(args);
}
return ret;
}
Reported by FlawFinder.
Line: 309
Column: 7
CWE codes:
362
Elf *elf;
int fd;
fd = open(obj->path, O_RDWR, 0666);
if (fd == -1) {
pr_err("FAILED cannot open %s: %s\n",
obj->path, strerror(errno));
return -1;
}
Reported by FlawFinder.
Line: 206
Column: 12
CWE codes:
126
* prefix_end = ^
* pos = ^
*/
int len = strlen(prefix_end);
int pos = sizeof("__") - 1;
char *p, *id;
if (pos >= len)
return NULL;
Reported by FlawFinder.
Line: 240
Column: 12
CWE codes:
126
* id = ^
*/
char *id = name + sizeof(BTF_SET "__") - 1;
int len = strlen(name);
if (id >= name + len) {
pr_err("FAILED to parse set name: %s\n", name);
return NULL;
}
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/dev_cgroup.c
4 issues
Line: 12
#include <linux/version.h>
#include <bpf/bpf_helpers.h>
SEC("cgroup/dev")
int bpf_prog1(struct bpf_cgroup_dev_ctx *ctx)
{
short type = ctx->access_type & 0xFFFF;
#ifdef DEBUG
short access = ctx->access_type >> 16;
Reported by Cppcheck.
Line: 32
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
break;
}
if (access & BPF_DEVCG_ACC_READ)
fmt[8] = 'r';
if (access & BPF_DEVCG_ACC_WRITE)
fmt[9] = 'w';
Reported by FlawFinder.
Line: 35
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (access & BPF_DEVCG_ACC_READ)
fmt[8] = 'r';
if (access & BPF_DEVCG_ACC_WRITE)
fmt[9] = 'w';
if (access & BPF_DEVCG_ACC_MKNOD)
fmt[10] = 'm';
Reported by FlawFinder.
Line: 38
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (access & BPF_DEVCG_ACC_WRITE)
fmt[9] = 'w';
if (access & BPF_DEVCG_ACC_MKNOD)
fmt[10] = 'm';
bpf_trace_printk(fmt, sizeof(fmt), ctx->major, ctx->minor);
#endif
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_core_reloc_kernel.c
4 issues
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char _license[] SEC("license") = "GPL";
struct {
char in[256];
char out[256];
bool skip;
uint64_t my_pid_tgid;
} data = {};
Reported by FlawFinder.
Line: 14
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char in[256];
char out[256];
bool skip;
uint64_t my_pid_tgid;
} data = {};
struct core_reloc_kernel_output {
Reported by FlawFinder.
Line: 22
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct core_reloc_kernel_output {
int valid[10];
/* we have test_progs[-flavor], so cut flavor part */
char comm[sizeof("test_progs")];
int comm_len;
};
struct task_struct {
int pid;
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct task_struct {
int pid;
int tgid;
char comm[16];
struct task_struct *group_leader;
};
#define CORE_READ(dst, src) bpf_core_read(dst, sizeof(*(dst)), src)
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_global_data.c
4 issues
Line: 21
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(max_entries, 5);
__type(key, __u32);
const char (*value)[32];
} result_string SEC(".maps");
struct foo {
__u8 a;
__u32 b;
Reported by FlawFinder.
Line: 47
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const __u64 num6 = 0xab;
/* Relocation tests for strings. */
static const char str0[32] = "abcdefghijklmnopqrstuvwxyz";
static char str1[32] = "abcdefghijklmnopqrstuvwxyz";
static char str2[32];
/* Relocation tests for structs. */
static const struct foo struct0 = {
Reported by FlawFinder.
Line: 48
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Relocation tests for strings. */
static const char str0[32] = "abcdefghijklmnopqrstuvwxyz";
static char str1[32] = "abcdefghijklmnopqrstuvwxyz";
static char str2[32];
/* Relocation tests for structs. */
static const struct foo struct0 = {
.a = 42,
Reported by FlawFinder.
Line: 49
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Relocation tests for strings. */
static const char str0[32] = "abcdefghijklmnopqrstuvwxyz";
static char str1[32] = "abcdefghijklmnopqrstuvwxyz";
static char str2[32];
/* Relocation tests for structs. */
static const struct foo struct0 = {
.a = 42,
.b = 0xfefeefef,
Reported by FlawFinder.
tools/perf/util/genelf_debug.c
4 issues
Line: 62
CWE codes:
476
retry:
if ((be->cur_pos + sz) < be_sz) {
memcpy(be->data + be->cur_pos, addr, sz);
be->cur_pos += sz;
return 0;
}
if (!be_sz)
Reported by Cppcheck.
Line: 62
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
retry:
if ((be->cur_pos + sz) < be_sz) {
memcpy(be->data + be->cur_pos, addr, sz);
be->cur_pos += sz;
return 0;
}
if (!be_sz)
Reported by FlawFinder.
Line: 186
Column: 32
CWE codes:
126
static void emit_string(struct buffer_ext *be, const char *s)
{
buffer_ext_add(be, (void *)s, strlen(s) + 1);
}
static void emit_unsigned_LEB128(struct buffer_ext *be,
unsigned long data)
{
Reported by FlawFinder.
Line: 276
Column: 27
CWE codes:
126
buffer_ext_add(be, (void *)"", 1);
/* LNE field, strlen(filename) + zero termination, 3 bytes for: the dir entry, timestamp, filesize */
emit_unsigned_LEB128(be, strlen(filename) + 5);
emit_opcode(be, DW_LNE_define_file);
emit_string(be, filename);
/* directory index 0=do not know */
emit_unsigned_LEB128(be, 0);
/* last modification date on file 0=do not know */
Reported by FlawFinder.
tools/lib/traceevent/event-plugin.c
4 issues
Line: 605
Column: 11
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
* Next let the environment-set plugin directory
* override the system defaults.
*/
envdir = getenv("TRACEEVENT_PLUGIN_DIR");
if (envdir)
load_plugins_dir(tep, suffix, envdir, load_plugin, data);
/*
* Now let the home directory override the environment
Reported by FlawFinder.
Line: 613
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
* Now let the home directory override the environment
* or system defaults.
*/
home = getenv("HOME");
if (!home)
return;
ret = asprintf(&path, "%s/%s", home, LOCAL_PLUGIN_DIR);
if (ret < 0) {
Reported by FlawFinder.
Line: 541
Column: 22
CWE codes:
126
continue;
/* Only load plugins that end in suffix */
if (strcmp(name + (strlen(name) - strlen(suffix)), suffix) != 0)
continue;
load_plugin(tep, path, name, data);
}
Reported by FlawFinder.
Line: 541
Column: 37
CWE codes:
126
continue;
/* Only load plugins that end in suffix */
if (strcmp(name + (strlen(name) - strlen(suffix)), suffix) != 0)
continue;
load_plugin(tep, path, name, data);
}
Reported by FlawFinder.
tools/lib/traceevent/event-parse.h
4 issues
Line: 276
Column: 10
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int flags;
struct tep_format format;
struct tep_print_fmt print_fmt;
char *system;
tep_event_handler_func handler;
void *context;
};
enum {
Reported by FlawFinder.
Line: 461
Column: 26
CWE codes:
134
Suggestion:
Use a constant for the format specification
void tep_print_event(struct tep_handle *tep, struct trace_seq *s,
struct tep_record *record, const char *fmt, ...)
__attribute__ ((format (printf, 4, 5)));
int tep_parse_header_page(struct tep_handle *tep, char *buf, unsigned long size,
int long_size);
enum tep_errno tep_parse_event(struct tep_handle *tep, const char *buf,
Reported by FlawFinder.
Line: 424
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char str[] = { 0x1, 0x2, 0x3, 0x4 };
unsigned int val;
memcpy(&val, str, 4);
return val == 0x01020304;
}
/* taken from kernel/trace/trace.h */
enum trace_flag_type {
Reported by FlawFinder.
Line: 713
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tep_handle *tep;
int filters;
struct tep_filter_type *event_filters;
char error_buffer[TEP_FILTER_ERROR_BUFSZ];
};
struct tep_event_filter *tep_filter_alloc(struct tep_handle *tep);
/* for backward compatibility */
Reported by FlawFinder.