The following issues were found
tools/testing/nvdimm/dimm_devs.c
3 issues
Line: 24
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
nvdimm->sec.flags = nvdimm_security_flags(nvdimm, NVDIMM_USER);
if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
return sprintf(buf, "disabled\n");
if (test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.flags))
return sprintf(buf, "unlocked\n");
if (test_bit(NVDIMM_SECURITY_LOCKED, &nvdimm->sec.flags))
return sprintf(buf, "locked\n");
return -ENOTTY;
Reported by FlawFinder.
Line: 26
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (test_bit(NVDIMM_SECURITY_DISABLED, &nvdimm->sec.flags))
return sprintf(buf, "disabled\n");
if (test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.flags))
return sprintf(buf, "unlocked\n");
if (test_bit(NVDIMM_SECURITY_LOCKED, &nvdimm->sec.flags))
return sprintf(buf, "locked\n");
return -ENOTTY;
}
Reported by FlawFinder.
Line: 28
Column: 10
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (test_bit(NVDIMM_SECURITY_UNLOCKED, &nvdimm->sec.flags))
return sprintf(buf, "unlocked\n");
if (test_bit(NVDIMM_SECURITY_LOCKED, &nvdimm->sec.flags))
return sprintf(buf, "locked\n");
return -ENOTTY;
}
Reported by FlawFinder.
tools/testing/selftests/intel_pstate/msr.c
3 issues
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char **argv) {
int cpu, fd;
long long msr;
char msr_file_name[64];
if (argc != 2)
return 1;
errno = 0;
Reported by FlawFinder.
Line: 28
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (errno)
return 1;
sprintf(msr_file_name, "/dev/cpu/%d/msr", cpu);
fd = open(msr_file_name, O_RDONLY);
if (fd == -1) {
perror("Failed to open");
return 1;
Reported by FlawFinder.
Line: 29
Column: 7
CWE codes:
362
return 1;
sprintf(msr_file_name, "/dev/cpu/%d/msr", cpu);
fd = open(msr_file_name, O_RDONLY);
if (fd == -1) {
perror("Failed to open");
return 1;
}
Reported by FlawFinder.
tools/testing/selftests/intel_pstate/aperf.c
3 issues
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char **argv) {
unsigned int i, cpu, fd;
char msr_file_name[64];
long long tsc, old_tsc, new_tsc;
long long aperf, old_aperf, new_aperf;
long long mperf, old_mperf, new_mperf;
struct timespec before, after;
long long int start, finish, total;
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
return 1;
}
sprintf(msr_file_name, "/dev/cpu/%d/msr", cpu);
fd = open(msr_file_name, O_RDONLY);
if (fd == -1) {
printf("/dev/cpu/%d/msr: %s\n", cpu, strerror(errno));
return KSFT_SKIP;
Reported by FlawFinder.
Line: 47
Column: 7
CWE codes:
362
}
sprintf(msr_file_name, "/dev/cpu/%d/msr", cpu);
fd = open(msr_file_name, O_RDONLY);
if (fd == -1) {
printf("/dev/cpu/%d/msr: %s\n", cpu, strerror(errno));
return KSFT_SKIP;
}
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/tp_attach_query.c
3 issues
Line: 14
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_event_attr attr = {};
struct bpf_object *obj[num_progs];
struct bpf_prog_info prog_info;
char buf[256];
for (i = 0; i < num_progs; i++)
obj[i] = NULL;
snprintf(buf, sizeof(buf),
Reported by FlawFinder.
Line: 21
Column: 8
CWE codes:
362
snprintf(buf, sizeof(buf),
"/sys/kernel/debug/tracing/events/sched/sched_switch/id");
efd = open(buf, O_RDONLY, 0);
if (CHECK(efd < 0, "open", "err %d errno %d\n", efd, errno))
return;
bytes = read(efd, buf, sizeof(buf));
close(efd);
if (CHECK(bytes <= 0 || bytes >= sizeof(buf),
Reported by FlawFinder.
Line: 24
Column: 10
CWE codes:
120
20
efd = open(buf, O_RDONLY, 0);
if (CHECK(efd < 0, "open", "err %d errno %d\n", efd, errno))
return;
bytes = read(efd, buf, sizeof(buf));
close(efd);
if (CHECK(bytes <= 0 || bytes >= sizeof(buf),
"read", "bytes %d errno %d\n", bytes, errno))
return;
Reported by FlawFinder.
sound/virtio/virtio_card.c
3 issues
Line: 217
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
strscpy(snd->card->shortname, VIRTIO_SND_CARD_NAME,
sizeof(snd->card->shortname));
if (dev->parent->bus)
snprintf(snd->card->longname, sizeof(snd->card->longname),
VIRTIO_SND_CARD_NAME " at %s/%s/%s",
dev->parent->bus->name, dev_name(dev->parent),
dev_name(dev));
else
snprintf(snd->card->longname, sizeof(snd->card->longname),
Reported by FlawFinder.
Line: 222
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
dev->parent->bus->name, dev_name(dev->parent),
dev_name(dev));
else
snprintf(snd->card->longname, sizeof(snd->card->longname),
VIRTIO_SND_CARD_NAME " at %s/%s",
dev_name(dev->parent), dev_name(dev));
rc = virtsnd_jack_parse_cfg(snd);
if (rc)
Reported by FlawFinder.
Line: 118
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
[VIRTIO_SND_VQ_TX] = virtsnd_pcm_tx_notify_cb,
[VIRTIO_SND_VQ_RX] = virtsnd_pcm_rx_notify_cb
};
static const char *names[VIRTIO_SND_VQ_MAX] = {
[VIRTIO_SND_VQ_CONTROL] = "virtsnd-ctl",
[VIRTIO_SND_VQ_EVENT] = "virtsnd-event",
[VIRTIO_SND_VQ_TX] = "virtsnd-tx",
[VIRTIO_SND_VQ_RX] = "virtsnd-rx"
};
Reported by FlawFinder.
tools/power/cpupower/utils/idle_monitor/cpupower-monitor.h
3 issues
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct cstate {
int id;
enum power_range_e range;
char name[CSTATE_NAME_LEN];
char desc[CSTATE_DESC_LEN];
/* either provide a percentage or a general count */
int (*get_count_percent)(unsigned int self_id, double *percent,
unsigned int cpu);
Reported by FlawFinder.
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int id;
enum power_range_e range;
char name[CSTATE_NAME_LEN];
char desc[CSTATE_DESC_LEN];
/* either provide a percentage or a general count */
int (*get_count_percent)(unsigned int self_id, double *percent,
unsigned int cpu);
int (*get_count)(unsigned int self_id, unsigned long long *count,
Reported by FlawFinder.
Line: 54
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct cpuidle_monitor {
/* Name must not contain whitespaces */
char name[MONITOR_NAME_LEN];
int name_len;
int hw_states_num;
cstate_t *hw_states;
int (*start) (void);
int (*stop) (void);
Reported by FlawFinder.
tools/perf/examples/bpf/etcsnoop.c
3 issues
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct augmented_filename {
int size;
int reserved;
char value[64];
};
#define augmented_filename_syscall_enter(syscall) \
struct augmented_enter_##syscall##_args { \
struct syscall_enter_##syscall##_args args; \
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}; \
int syscall_enter(syscall)(struct syscall_enter_##syscall##_args *args) \
{ \
char etc[6] = "/etc/"; \
struct augmented_enter_##syscall##_args augmented_args = { .filename.reserved = 0, }; \
probe_read(&augmented_args.args, sizeof(augmented_args.args), args); \
augmented_args.filename.size = probe_read_str(&augmented_args.filename.value, \
sizeof(augmented_args.filename.value), \
args->filename_ptr); \
Reported by FlawFinder.
Line: 74
Column: 34
CWE codes:
362
long mode;
};
augmented_filename_syscall_enter(open);
license(GPL);
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/varlen.c
3 issues
Line: 37
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bss->test_pid = getpid();
/* trigger everything */
memcpy(bss->buf_in1, str1, size1);
memcpy(bss->buf_in2, str2, size2);
bss->capture = true;
usleep(1);
bss->capture = false;
Reported by FlawFinder.
Line: 38
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* trigger everything */
memcpy(bss->buf_in1, str1, size1);
memcpy(bss->buf_in2, str2, size2);
bss->capture = true;
usleep(1);
bss->capture = false;
CHECK_VAL(bss->payload1_len1, size1);
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
memcpy(bss->buf_in1, str1, size1);
memcpy(bss->buf_in2, str2, size2);
bss->capture = true;
usleep(1);
bss->capture = false;
CHECK_VAL(bss->payload1_len1, size1);
CHECK_VAL(bss->payload1_len2, size2);
CHECK_VAL(bss->total1, size1 + size2);
Reported by FlawFinder.
tools/leds/uledmon.c
3 issues
Line: 37
Column: 7
CWE codes:
362
strncpy(uleds_dev.name, argv[1], LED_MAX_NAME_SIZE);
uleds_dev.max_brightness = 100;
fd = open("/dev/uleds", O_RDWR);
if (fd == -1) {
perror("Failed to open /dev/uleds");
return 1;
}
Reported by FlawFinder.
Line: 34
Column: 2
CWE codes:
120
return 1;
}
strncpy(uleds_dev.name, argv[1], LED_MAX_NAME_SIZE);
uleds_dev.max_brightness = 100;
fd = open("/dev/uleds", O_RDWR);
if (fd == -1) {
perror("Failed to open /dev/uleds");
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/xdp_adjust_tail.c
3 issues
Line: 11
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 duration, retval, size, expect_sz;
struct bpf_object *obj;
int err, prog_fd;
char buf[128];
err = bpf_prog_load(file, BPF_PROG_TYPE_XDP, &obj, &prog_fd);
if (CHECK_FAIL(err))
return;
Reported by FlawFinder.
Line: 37
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char *file = "./test_xdp_adjust_tail_grow.o";
struct bpf_object *obj;
char buf[4096]; /* avoid segfault: large buf to hold grow results */
__u32 duration, retval, size, expect_sz;
int err, prog_fd;
err = bpf_prog_load(file, BPF_PROG_TYPE_XDP, &obj, &prog_fd);
if (CHECK_FAIL(err))
Reported by FlawFinder.
Line: 64
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void test_xdp_adjust_tail_grow2(void)
{
const char *file = "./test_xdp_adjust_tail_grow.o";
char buf[4096]; /* avoid segfault: large buf to hold grow results */
int tailroom = 320; /* SKB_DATA_ALIGN(sizeof(struct skb_shared_info))*/;
struct bpf_object *obj;
int err, cnt, i;
int max_grow;
Reported by FlawFinder.