The following issues were found

tools/perf/ui/tui/progress.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int get_title(struct ui_progress *p, char *buf, size_t size)
{
	char buf_cur[20];
	char buf_tot[20];
	int ret;

	ret  = unit_number__scnprintf(buf_cur, sizeof(buf_cur), p->curr);
	ret += unit_number__scnprintf(buf_tot, sizeof(buf_tot), p->total);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 18 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int get_title(struct ui_progress *p, char *buf, size_t size)
{
	char buf_cur[20];
	char buf_tot[20];
	int ret;

	ret  = unit_number__scnprintf(buf_cur, sizeof(buf_cur), p->curr);
	ret += unit_number__scnprintf(buf_tot, sizeof(buf_tot), p->total);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 30 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static void tui_progress__update(struct ui_progress *p)
{
	char buf[100], *title = (char *) p->title;
	int bar, y;
	/*
	 * FIXME: We should have a per UI backend way of showing progress,
	 * stdio will just show a percentage as NN%, etc.
	 */

Reported by FlawFinder.

tools/perf/util/topdown.c
3 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 33 Column: 3 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	if (use_group)
		*s++ = '{';
	for (i = 0; attr[i]; i++) {
		strcpy(s, attr[i]);
		s += strlen(s);
		*s++ = ',';
	}
	if (use_group) {
		s[-1] = '}';

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 15 Column: 11 CWE codes: 126 

              
	for (i = 0; attr[i]; i++) {
		if (pmu_have_event("cpu", attr[i])) {
			len += strlen(attr[i]) + 1;
			attr[i - off] = attr[i];
		} else
			off++;
	}
	attr[i - off] = NULL;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 34 Column: 8 CWE codes: 126 

              		*s++ = '{';
	for (i = 0; attr[i]; i++) {
		strcpy(s, attr[i]);
		s += strlen(s);
		*s++ = ',';
	}
	if (use_group) {
		s[-1] = '}';
		*s = 0;

Reported by FlawFinder.

tools/perf/util/demangle-rust.c
3 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 84 Column: 8 CWE codes: 126 

              	if (!sym)
		return false;

	len = strlen(sym);
	if (len <= hash_prefix_len + hash_len)
		/* Not long enough to contain "::h" + hash + something else */
		return false;

	len_without_hash = len - (hash_prefix_len + hash_len);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 193 Column: 14 CWE codes: 126 

              
	in = sym;
	out = sym;
	end = sym + strlen(sym) - (hash_prefix_len + hash_len);

	while (in < end)
		switch (*in) {
		case '$':
			if (!(unescape(&in, &out, "$C$", ',')

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 258 Column: 15 CWE codes: 126 

              
static bool unescape(const char **in, char **out, const char *seq, char value)
{
	size_t len = strlen(seq);

	if (strncmp(*in, seq, len))
		return false;

	**out = value;

Reported by FlawFinder.

tools/perf/ui/tui/util.c
3 issues
vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 257 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	}

	fprintf(stderr, "%s\n", title);
	vfprintf(stderr, format, args);
	return K_ESC;
}

static int perf_tui__error(const char *format, va_list args)
{

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 80 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	int x, y, len, key;
	int max_len = 60, nr_lines = 0;
	static char buf[50];
	const char *t;

	t = text;
	while (1) {
		const char *sep = strchr(t, '\n');

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 163 Column: 2 CWE codes: 120 

              	}

	buf[len] = '\0';
	strncpy(input, buf, len+1);
	return key;
}

void __ui__info_window(const char *title, const char *text, const char *exit_msg)
{

Reported by FlawFinder.

tools/testing/selftests/proc/proc-self-wchan.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 24 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
int main(void)
{
	char buf[64];
	int fd;

	fd = open("/proc/self/wchan", O_RDONLY);
	if (fd == -1) {
		if (errno == ENOENT)

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 27 Column: 7 CWE codes: 362 

              	char buf[64];
	int fd;

	fd = open("/proc/self/wchan", O_RDONLY);
	if (fd == -1) {
		if (errno == ENOENT)
			return 4;
		return 1;
	}

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 35 Column: 6 CWE codes: 120 20 

              	}

	buf[0] = '\0';
	if (read(fd, buf, sizeof(buf)) != 1)
		return 1;
	if (buf[0] != '0')
		return 1;
	return 0;
}

Reported by FlawFinder.

tools/testing/selftests/futex/functional/futex_wait_uninitialized_heap.c
3 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 72 Column: 14 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	long page_size;
	pthread_t thr;

	while ((c = getopt(argc, argv, "chv:")) != -1) {
		switch (c) {
		case 'c':
			log_color(1);
			break;
		case 'h':

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 81 Column: 18 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              			usage(basename(argv[0]));
			exit(0);
		case 'v':
			log_verbosity(atoi(optarg));
			break;
		default:
			usage(basename(argv[0]));
			exit(1);
		}

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 112 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              	}

	info("waiting %dus for child to return\n", WAIT_US);
	usleep(WAIT_US);

	ret = child_ret;
	if (child_blocked) {
		fail("child blocked in kernel\n");
		ret = RET_FAIL;

Reported by FlawFinder.

tools/lib/symbol/kallsyms.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 36 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              					  char type, u64 start))
{
	struct io io;
	char bf[BUFSIZ];
	int err;

	io.fd = open(filename, O_RDONLY, 0);

	if (io.fd < 0)

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 39 Column: 10 CWE codes: 362 

              	char bf[BUFSIZ];
	int err;

	io.fd = open(filename, O_RDONLY, 0);

	if (io.fd < 0)
		return -1;

	io__init(&io, io.fd, bf, sizeof(bf));

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 52 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		int ch;
		size_t i;
		char symbol_type;
		char symbol_name[KSYM_NAME_LEN + 1];

		if (io__get_hex(&io, &start) != ' ') {
			read_to_eol(&io);
			continue;
		}

Reported by FlawFinder.

tools/testing/selftests/proc/fd-001-lookup.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 55 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static void test_lookup(unsigned int fd)
{
	char buf[64];
	unsigned int c;
	unsigned int u;
	int i;

	snprintf(buf, sizeof(buf), "/proc/self/fd/%u", fd);

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 146 Column: 7 CWE codes: 362 

              
	/* Now fdtable is clean. */

	fd = open("/", O_PATH|O_DIRECTORY);
	assert(fd == 0);
	test_lookup(fd);
	close(fd);

	/* Clean again! */

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 153 Column: 7 CWE codes: 362 

              
	/* Clean again! */

	fd = open("/", O_PATH|O_DIRECTORY);
	assert(fd == 0);
	/* Default RLIMIT_NOFILE-1 */
	target_fd = 1023;
	while (target_fd > 0) {
		if (dup2(fd, target_fd) == target_fd)

Reported by FlawFinder.

tools/perf/builtin-bench.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 214 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void run_collection(struct collection *coll)
{
	struct bench *bench;
	const char *argv[2];

	argv[1] = NULL;
	/*
	 * TODO:
	 *

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 194 Column: 9 CWE codes: 126 

              	char *name;
	int ret;

	size = strlen(coll_name) + 1 + strlen(bench_name) + 1;

	name = zalloc(size);
	BUG_ON(!name);

	scnprintf(name, size, "%s-%s", coll_name, bench_name);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 194 Column: 33 CWE codes: 126 

              	char *name;
	int ret;

	size = strlen(coll_name) + 1 + strlen(bench_name) + 1;

	name = zalloc(size);
	BUG_ON(!name);

	scnprintf(name, size, "%s-%s", coll_name, bench_name);

Reported by FlawFinder.

tools/testing/selftests/bpf/test_flow_dissector.c
3 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 626 Column: 14 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              {
	int c;

	while ((c = getopt(argc, argv, "d:D:e:f:Fhi:l:n:o:O:Rs:S:t:Tx:X:")) != -1) {
		switch (c) {
		case 'd':
			if (cfg_l3_outer == AF_UNSPEC)
				error(1, 0, "-d must be preceded by -o");
			if (cfg_l3_outer == AF_INET)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 81 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static bool	cfg_only_tx;
static int	cfg_src_port = 9;

static char	buf[ETH_DATA_LEN];

#define INIT_ADDR4(name, addr4, port)				\
	static struct sockaddr_in name = {			\
		.sin_family = AF_INET,				\
		.sin_port = __constant_htons(port),		\

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 122 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void util_printaddr(const char *msg, struct sockaddr *addr)
{
	unsigned long off = 0;
	char nbuf[INET6_ADDRSTRLEN];

	switch (addr->sa_family) {
	case PF_INET:
		off = __builtin_offsetof(struct sockaddr_in, sin_addr);
		break;

Reported by FlawFinder.