The following issues were found
tools/testing/selftests/vm/map_populate.c
3 issues
Line: 81
Column: 9
CWE codes:
377
FILE *ftmp;
unsigned long *smap;
ftmp = tmpfile();
BUG_ON(ftmp == 0, "tmpfile()");
ret = ftruncate(fileno(ftmp), MMAP_SZ);
BUG_ON(ret, "ftruncate()");
Reported by FlawFinder.
Line: 37
Column: 8
CWE codes:
120
20
{
int status, ret;
ret = read(sock, &status, sizeof(int));
BUG_ON(ret <= 0, "read(sock)");
*smap = 0x22222BAD;
ret = msync(smap, MMAP_SZ, MS_SYNC);
BUG_ON(ret, "msync()");
Reported by FlawFinder.
Line: 66
Column: 8
CWE codes:
120
20
ret = write(sock, &buf, sizeof(int));
BUG_ON(ret <= 0, "write(sock)");
ret = read(sock, &buf, sizeof(int));
BUG_ON(ret <= 0, "read(sock)");
BUG_ON(*smap == 0x22222BAD, "MAP_POPULATE didn't COW private page");
BUG_ON(*smap != 0xdeadbabe, "mapping was corrupted");
Reported by FlawFinder.
tools/testing/selftests/watchdog/watchdog-test.c
3 issues
Line: 106
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
setbuf(stdout, NULL);
while ((c = getopt_long(argc, argv, sopts, lopts, NULL)) != -1) {
if (c == 'f')
file = optarg;
}
fd = open(file, O_WRONLY);
Reported by FlawFinder.
Line: 136
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
optind = 0;
while ((c = getopt_long(argc, argv, sopts, lopts, NULL)) != -1) {
switch (c) {
case 'b':
flags = 0;
oneshot = 1;
ret = ioctl(fd, WDIOC_GETBOOTSTATUS, &flags);
Reported by FlawFinder.
Line: 111
Column: 7
CWE codes:
362
file = optarg;
}
fd = open(file, O_WRONLY);
if (fd == -1) {
if (errno == ENOENT)
printf("Watchdog device (%s) not found.\n", file);
else if (errno == EACCES)
Reported by FlawFinder.
tools/testing/selftests/x86/syscall_numbering.c
3 issues
Line: 85
Column: 28
CWE codes:
134
Suggestion:
Use a constant for the format specification
return 8 + level * 4;
}
#define msg(lvl, fmt, ...) printf("%-*s" fmt, offset(), "[" #lvl "]", \
## __VA_ARGS__)
#define run(fmt, ...) msg(RUN, fmt, ## __VA_ARGS__)
#define info(fmt, ...) msg(INFO, fmt, ## __VA_ARGS__)
#define ok(fmt, ...) msg(OK, fmt, ## __VA_ARGS__)
Reported by FlawFinder.
Line: 147
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *syscall_str(int msb, int start, int end)
{
static char buf[64];
const char * const type = (start & X32_BIT) ? "x32" : "x64";
int lsb = start;
/*
* Improve readability by stripping the x32 bit, but round
Reported by FlawFinder.
Line: 451
Column: 11
CWE codes:
362
/*
* Harmless file descriptor to work on...
*/
nullfd = open("/dev/null", O_RDWR);
if (nullfd < 0) {
crit("Unable to open /dev/null: %s\n", strerror(errno));
}
/*
Reported by FlawFinder.
tools/virtio/virtio-trace/trace-agent-ctl.c
3 issues
Line: 36
Column: 11
CWE codes:
362
{
int ctl_fd;
ctl_fd = open(ctl_path, O_RDONLY);
if (ctl_fd == -1) {
pr_err("Cannot open ctl_fd\n");
goto error;
}
Reported by FlawFinder.
Line: 92
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *rw_ctl_loop(int ctl_fd)
{
ssize_t rlen;
char buf[HOST_MSG_SIZE];
int ret;
/* Setup signal handlers */
signal(SIGTERM, signal_handler);
signal(SIGINT, signal_handler);
Reported by FlawFinder.
tools/virtio/virtio-trace/trace-agent-rw.c
3 issues
Line: 49
Column: 17
CWE codes:
362
rw_ti->cpu_num = cpu;
/* set read(input) fd */
rw_ti->in_fd = open(in_path, O_RDONLY);
if (rw_ti->in_fd == -1) {
pr_err("Could not open in_fd (CPU:%d)\n", cpu);
goto error;
}
Reported by FlawFinder.
Line: 58
Column: 19
CWE codes:
362
/* set write(output) fd */
if (!stdout_flag) {
/* virtio-serial output mode */
rw_ti->out_fd = open(out_path, O_WRONLY);
if (rw_ti->out_fd == -1) {
pr_err("Could not open out_fd (CPU:%d)\n", cpu);
goto error;
}
} else
Reported by FlawFinder.
Line: 140
Column: 4
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
* NULL. Then, this waits for being filled the data in a
* ring-buffer.
*/
usleep(READ_WAIT_USEC);
pr_debug("Read retry(cpu:%d)\n", ts->cpu_num);
continue;
}
wlen = 0;
Reported by FlawFinder.
tools/virtio/virtio-trace/trace-agent.c
3 issues
Line: 122
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (this_is_write_path)
/* write(output) path */
ret = snprintf(buf, PATH_MAX, WRITE_PATH_FMT, cpu_num);
else
/* read(input) path */
ret = snprintf(buf, PATH_MAX, READ_PATH_FMT, cpu_num);
if (ret <= 0) {
Reported by FlawFinder.
Line: 125
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
ret = snprintf(buf, PATH_MAX, WRITE_PATH_FMT, cpu_num);
else
/* read(input) path */
ret = snprintf(buf, PATH_MAX, READ_PATH_FMT, cpu_num);
if (ret <= 0) {
pr_err("Failed to generate %s path(CPU#%d):%d\n",
this_is_write_path ? "read" : "write", cpu_num, ret);
goto error;
Reported by FlawFinder.
Line: 190
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int cmd;
unsigned long size;
while ((cmd = getopt(argc, argv, "hos:")) != -1) {
switch (cmd) {
/* stdout mode */
case 'o':
s->use_stdout = true;
break;
Reported by FlawFinder.
tools/virtio/virtio-trace/trace-agent.h
3 issues
Line: 68
Column: 29
CWE codes:
134
Suggestion:
Use a constant for the format specification
return calloc(1, size);
}
#define pr_err(format, ...) fprintf(stderr, format, ## __VA_ARGS__)
#define pr_info(format, ...) fprintf(stdout, format, ## __VA_ARGS__)
#ifdef DEBUG
#define pr_debug(format, ...) fprintf(stderr, format, ## __VA_ARGS__)
#else
#define pr_debug(format, ...) do {} while (0)
Reported by FlawFinder.
Line: 69
Column: 30
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
#define pr_err(format, ...) fprintf(stderr, format, ## __VA_ARGS__)
#define pr_info(format, ...) fprintf(stdout, format, ## __VA_ARGS__)
#ifdef DEBUG
#define pr_debug(format, ...) fprintf(stderr, format, ## __VA_ARGS__)
#else
#define pr_debug(format, ...) do {} while (0)
#endif
Reported by FlawFinder.
Line: 71
Column: 31
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define pr_err(format, ...) fprintf(stderr, format, ## __VA_ARGS__)
#define pr_info(format, ...) fprintf(stdout, format, ## __VA_ARGS__)
#ifdef DEBUG
#define pr_debug(format, ...) fprintf(stderr, format, ## __VA_ARGS__)
#else
#define pr_debug(format, ...) do {} while (0)
#endif
#endif /*__TRACE_AGENT_H__*/
Reported by FlawFinder.
drivers/media/pci/ttpci/budget-av.c
3 issues
Line: 260
Column: 77
CWE codes:
362
return 0;
}
static int ciintf_poll_slot_status(struct dvb_ca_en50221 *ca, int slot, int open)
{
struct budget_av *budget_av = (struct budget_av *) ca->data;
struct saa7146_dev *saa = budget_av->budget.dev;
int result;
Reported by FlawFinder.
Line: 289
Column: 55
CWE codes:
362
*
* if the CI interface is not open, we also do the above test since we
* don't care if the cam has problems - we'll be resetting it on open() anyway */
if ((budget_av->slot_status == SLOTSTATUS_NONE) || (!open)) {
saa7146_setgpio(budget_av->budget.dev, 1, SAA7146_GPIO_OUTLO);
result = ttpci_budget_debiread(&budget_av->budget, DEBICICAM, 0, 1, 0, 1);
if ((result >= 0) && (budget_av->slot_status == SLOTSTATUS_NONE)) {
budget_av->slot_status = SLOTSTATUS_PRESENT;
pr_info("cam inserted B\n");
Reported by FlawFinder.
Line: 1407
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dprintk(1, "VIDIOC_ENUMINPUT %d\n", i->index);
if (i->index >= KNC1_INPUTS)
return -EINVAL;
memcpy(i, &knc1_inputs[i->index], sizeof(struct v4l2_input));
return 0;
}
static int vidioc_g_input(struct file *file, void *fh, unsigned int *i)
{
Reported by FlawFinder.
drivers/md/dm-table.c
3 issues
Line: 233
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
i_size_read(bdev->bd_inode) >> SECTOR_SHIFT;
unsigned short logical_block_size_sectors =
limits->logical_block_size >> SECTOR_SHIFT;
char b[BDEVNAME_SIZE];
if (!dev_size)
return 0;
if ((start >= dev_size) || (start + len > dev_size)) {
Reported by FlawFinder.
Line: 403
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct queue_limits *limits = data;
struct block_device *bdev = dev->bdev;
struct request_queue *q = bdev_get_queue(bdev);
char b[BDEVNAME_SIZE];
if (unlikely(!q)) {
DMWARN("%s: Cannot set limits for nonexistent device %s",
dm_device_name(ti->table->md), bdevname(bdev, b));
return 0;
Reported by FlawFinder.
Line: 491
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
argv = kmalloc_array(new_size, sizeof(*argv), gfp);
if (argv && old_argv) {
memcpy(argv, old_argv, *size * sizeof(*argv));
*size = new_size;
}
kfree(old_argv);
return argv;
Reported by FlawFinder.
drivers/md/dm.c
3 issues
Line: 1376
CWE codes:
562
flush_bio.bi_opf = REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC;
bio_set_dev(&flush_bio, ci->io->md->disk->part0);
ci->bio = &flush_bio;
ci->sector_count = 0;
BUG_ON(bio_has_data(ci->bio));
while ((ti = dm_table_get_target(ci->map, target_nr++)))
__send_duplicate_bios(ci, ti, ti->num_flush_bios, NULL);
Reported by Cppcheck.
Line: 1786
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
md->disk->fops = &dm_blk_dops;
md->disk->queue = md->queue;
md->disk->private_data = md;
sprintf(md->disk->disk_name, "dm-%d", minor);
if (IS_ENABLED(CONFIG_DAX_DRIVER)) {
md->dax_dev = alloc_dax(md, md->disk->disk_name,
&dm_dax_ops, 0);
if (IS_ERR(md->dax_dev))
Reported by FlawFinder.
Line: 2696
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int r;
unsigned noio_flag;
char udev_cookie[DM_COOKIE_LENGTH];
char *envp[] = { udev_cookie, NULL };
noio_flag = memalloc_noio_save();
if (!cookie)
Reported by FlawFinder.