The following issues were found

tools/power/cpupower/utils/helpers/cpuid.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 10 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
#include "helpers/helpers.h"

static const char *cpu_vendor_table[X86_VENDOR_MAX] = {
	"Unknown", "GenuineIntel", "AuthenticAMD", "HygonGenuine",
};

#if defined(__i386__) || defined(__x86_64__)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 49 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              int get_cpu_info(struct cpupower_cpu_info *cpu_info)
{
	FILE *fp;
	char value[64];
	unsigned int proc, x;
	unsigned int unknown = 0xffffff;
	unsigned int cpuid_level, ext_cpuid_level;

	int ret = -EINVAL;

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 62 Column: 7 CWE codes: 362 

              	cpu_info->stepping		= unknown;
	cpu_info->caps			= 0;

	fp = fopen("/proc/cpuinfo", "r");
	if (!fp)
		return -EIO;

	while (!feof(fp)) {
		if (!fgets(value, 64, fp))

Reported by FlawFinder.

tools/build/fixdep.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 52 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	char *m = map;
	char *end = m + len;
	char *p;
	char s[PATH_MAX];
	int is_target, has_target = 0;
	int saw_any_target = 0;
	int is_first_dep = 0;

	while (m < end) {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 74 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			has_target = 1;
		} else if (has_target) {
			/* Save this token/filename */
			memcpy(s, m, p-m);
			s[p - m] = 0;

			/*
			 * Do not list the source file as dependency,
			 * so that kbuild is not confused if a .c file

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 127 Column: 7 CWE codes: 362 

              	int fd;
	void *map;

	fd = open(depfile, O_RDONLY);
	if (fd < 0) {
		fprintf(stderr, "fixdep: error opening depfile: ");
		perror(depfile);
		exit(2);
	}

Reported by FlawFinder.

tools/testing/selftests/futex/functional/futex_wait_timeout.c
3 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 100 Column: 14 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	pthread_t thread;
	int c;

	while ((c = getopt(argc, argv, "cht:v:")) != -1) {
		switch (c) {
		case 'c':
			log_color(1);
			break;
		case 'h':

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 109 Column: 17 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              			usage(basename(argv[0]));
			exit(0);
		case 't':
			timeout_ns = atoi(optarg);
			break;
		case 'v':
			log_verbosity(atoi(optarg));
			break;
		default:

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 112 Column: 18 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              			timeout_ns = atoi(optarg);
			break;
		case 'v':
			log_verbosity(atoi(optarg));
			break;
		default:
			usage(basename(argv[0]));
			exit(1);
		}

Reported by FlawFinder.

tools/perf/util/pmu-hybrid.c
3 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 35 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	if (!sysfs)
		return false;

	snprintf(path, PATH_MAX, CPUS_TEMPLATE_CPU, sysfs, name);
	if (!file_available(path))
		return false;

	file = fopen(path, "r");
	if (!file)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 23 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
bool perf_pmu__hybrid_mounted(const char *name)
{
	char path[PATH_MAX];
	const char *sysfs;
	FILE *file;
	int n, cpu;

	if (strncmp(name, "cpu_", 4))

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 39 Column: 9 CWE codes: 362 

              	if (!file_available(path))
		return false;

	file = fopen(path, "r");
	if (!file)
		return false;

	n = fscanf(file, "%u", &cpu);
	fclose(file);

Reported by FlawFinder.

tools/perf/util/intel-bts.c
3 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 854 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

              		return;

	for (i = start; i <= finish; i++)
		fprintf(stdout, intel_bts_info_fmts[i], arr[i]);
}

int intel_bts_process_auxtrace_info(union perf_event *event,
				    struct perf_session *session)
{

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 295 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	sample.cpu = btsq->cpu;
	sample.flags = btsq->sample_flags;
	sample.insn_len = btsq->intel_pt_insn.length;
	memcpy(sample.insn, btsq->intel_pt_insn.buf, INTEL_PT_INSN_BUF_SZ);

	event.sample.header.type = PERF_RECORD_SAMPLE;
	event.sample.header.misc = sample.cpumode;
	event.sample.header.size = sizeof(struct perf_event_header);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 322 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct machine *machine = btsq->bts->machine;
	struct thread *thread;
	unsigned char buf[INTEL_PT_INSN_BUF_SZ];
	ssize_t len;
	bool x86_64;
	int err = -1;

	thread = machine__find_thread(machine, -1, btsq->tid);

Reported by FlawFinder.

tools/perf/util/event.c
3 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 722 Column: 4 CWE codes: 134
Suggestion: Use a constant for the format specification 

              						al->sym->name);
		}
		if (!ret && al->sym) {
			snprintf(al_addr_str, sz, "0x%"PRIx64,
				al->map->unmap_ip(al->map, al->sym->start));
			ret = strlist__has_entry(symbol_conf.sym_list,
						al_addr_str);
		}
		if (!ret && symbol_conf.addr_list && al->map) {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 292 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              size_t perf_event__fprintf_mmap2(union perf_event *event, FILE *fp)
{
	if (event->header.misc & PERF_RECORD_MISC_MMAP_BUILD_ID) {
		char sbuild_id[SBUILD_ID_SIZE];
		struct build_id bid;

		build_id__init(&bid, event->mmap2.build_id,
			       event->mmap2.build_id_size);
		build_id__sprintf(&bid, sbuild_id);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 714 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	if (symbol_conf.sym_list) {
		int ret = 0;
		char al_addr_str[32];
		size_t sz = sizeof(al_addr_str);

		if (al->sym) {
			ret = strlist__has_entry(symbol_conf.sym_list,
						al->sym->name);

Reported by FlawFinder.

tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.c
3 issues
vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 264 Column: 8 CWE codes: 134
Suggestion: Use a constant for the format specification 

              		return *err;

	va_start(ap, fmt);
	ret = vsnprintf(*buf_p, *blen, fmt, ap);
	va_end(ap);

	if (ret < 0) {
		if (err && !*err)
			*err = ret;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 21 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              #define le32_to_cpu bswap_32
#define le64_to_cpu bswap_64
#define memcpy_le64(d, s, n) do { \
	memcpy((d), (s), (n));    \
	*(d) = le64_to_cpu(*(d)); \
} while (0)
#else
#define le16_to_cpu
#define le32_to_cpu

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 28 Column: 21 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              #define le16_to_cpu
#define le32_to_cpu
#define le64_to_cpu
#define memcpy_le64 memcpy
#endif

static const char * const arm_spe_packet_name[] = {
	[ARM_SPE_PAD]		= "PAD",
	[ARM_SPE_END]		= "END",

Reported by FlawFinder.

tools/testing/selftests/powerpc/tm/tm-signal-pagefault.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 50 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               * handler's ucontext point to newly allocated memory, when that memory is
 * paged-in it will contain the expected content.
 */
static char backing_mem[UF_MEM_SIZE];

static size_t pagesize;

/*
 * Return a chunk of at least 'size' bytes of memory that will be handled by

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 73 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
	/* Save the data that will be copied into the faulting page */
	if (backing_data != NULL)
		memcpy(&backing_mem[uf_mem_offset], backing_data, size);

	/* Reserve the requested amount of uf_mem */
	uf_mem_offset += size;
	/* Keep uf_mem_offset aligned to the page size (round up) */
	uf_mem_offset = (uf_mem_offset + pagesize - 1) & ~(pagesize - 1);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 101 Column: 11 CWE codes: 120 20 

              			exit(EXIT_FAILURE);
		}

		nread = read(uffd, &msg, sizeof(msg));
		if (nread == 0) {
			fprintf(stderr, "read(): EOF on userfaultfd\n");
			exit(EXIT_FAILURE);
		}

Reported by FlawFinder.

tools/testing/selftests/futex/functional/futex_requeue_pi_signal_restart.c
3 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 125 Column: 14 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	pthread_t waiter;
	int c, res, ret = RET_PASS;

	while ((c = getopt(argc, argv, "chv:")) != -1) {
		switch (c) {
		case 'c':
			log_color(1);
			break;
		case 'h':

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 134 Column: 18 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              			usage(basename(argv[0]));
			exit(0);
		case 'v':
			log_verbosity(atoi(optarg));
			break;
		default:
			usage(basename(argv[0]));
			exit(1);
		}

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 178 Column: 3 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		 */
		info("Issuing SIGUSR1 to waiter\n");
		pthread_kill(waiter, SIGUSR1);
		usleep(DELAY_US);

		info("Requeueing waiter via FUTEX_CMP_REQUEUE_PI\n");
		old_val = f1;
		res = futex_cmp_requeue_pi(&f1, old_val, &(f2), 1, 0,
					   FUTEX_PRIVATE_FLAG);

Reported by FlawFinder.

tools/perf/trace/beauty/sockaddr.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 16 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static size_t af_inet__scnprintf(struct sockaddr *sa, char *bf, size_t size)
{
	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
	char tmp[16];
	return scnprintf(bf, size, ", port: %d, addr: %s", ntohs(sin->sin_port),
			 inet_ntop(sin->sin_family, &sin->sin_addr, tmp, sizeof(tmp)));
}

static size_t af_inet6__scnprintf(struct sockaddr *sa, char *bf, size_t size)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 25 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
	u32 flowinfo = ntohl(sin6->sin6_flowinfo);
	char tmp[512];
	size_t printed = scnprintf(bf, size, ", port: %d, addr: %s", ntohs(sin6->sin6_port),
				   inet_ntop(sin6->sin6_family, &sin6->sin6_addr, tmp, sizeof(tmp)));
	if (flowinfo != 0)
		printed += scnprintf(bf + printed, size - printed, ", flowinfo: %lu", flowinfo);
	if (sin6->sin6_scope_id != 0)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 51 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static size_t syscall_arg__scnprintf_augmented_sockaddr(struct syscall_arg *arg, char *bf, size_t size)
{
	struct sockaddr *sa = (struct sockaddr *)arg->augmented.args;
	char family[32];
	size_t printed;

	strarray__scnprintf(&strarray__socket_families, family, sizeof(family), "%d", arg->show_string_prefix, sa->sa_family);
	printed = scnprintf(bf, size, "{ .family: %s", family);

Reported by FlawFinder.