The following issues were found
tools/testing/selftests/bpf/progs/profiler.inc.h
3 issues
Line: 550
return true;
}
SEC("kprobe/proc_sys_write")
ssize_t BPF_KPROBE(kprobe__proc_sys_write,
struct file* filp, const char* buf,
size_t count, loff_t* ppos)
{
struct bpf_func_stats_ctx stats_ctx;
Reported by Cppcheck.
Line: 550
return true;
}
SEC("kprobe/proc_sys_write")
ssize_t BPF_KPROBE(kprobe__proc_sys_write,
struct file* filp, const char* buf,
size_t count, loff_t* ppos)
{
struct bpf_func_stats_ctx stats_ctx;
Reported by Cppcheck.
Line: 550
return true;
}
SEC("kprobe/proc_sys_write")
ssize_t BPF_KPROBE(kprobe__proc_sys_write,
struct file* filp, const char* buf,
size_t count, loff_t* ppos)
{
struct bpf_func_stats_ctx stats_ctx;
Reported by Cppcheck.
tools/testing/selftests/bpf/progs/pyperf.h
3 issues
Line: 39
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} Stats;
typedef struct {
char name[FUNCTION_NAME_LEN];
char file[FILE_NAME_LEN];
} Symbol;
typedef struct {
uint32_t pid;
Reported by FlawFinder.
Line: 40
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct {
char name[FUNCTION_NAME_LEN];
char file[FILE_NAME_LEN];
} Symbol;
typedef struct {
uint32_t pid;
uint32_t tid;
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct {
uint32_t pid;
uint32_t tid;
char comm[TASK_COMM_LEN];
int32_t kernel_stack_id;
int32_t user_stack_id;
bool thread_current;
bool pthread_match;
bool stack_complete;
Reported by FlawFinder.
sound/usb/usx2y/usb_stream.c
3 issues
Line: 412
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (l + il > s->period_size)
il = s->period_size - l;
if (il <= ol) {
memcpy(o, i, il);
o += il;
ol -= il;
} else {
memcpy(o, i, ol);
singen_6pack(o, ol);
Reported by FlawFinder.
Line: 416
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
o += il;
ol -= il;
} else {
memcpy(o, i, ol);
singen_6pack(o, ol);
o = s->playback_to;
memcpy(o, i + ol, il - ol);
o += il - ol;
ol = s->period_size - s->playback1st_size;
Reported by FlawFinder.
Line: 419
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(o, i, ol);
singen_6pack(o, ol);
o = s->playback_to;
memcpy(o, i + ol, il - ol);
o += il - ol;
ol = s->period_size - s->playback1st_size;
}
l += il;
}
Reported by FlawFinder.
tools/testing/selftests/kvm/steal_time.c
3 issues
Line: 222
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static long get_run_delay(void)
{
char path[64];
long val[2];
FILE *fp;
sprintf(path, "/proc/%ld/schedstat", syscall(SYS_gettid));
fp = fopen(path, "r");
Reported by FlawFinder.
Line: 226
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
long val[2];
FILE *fp;
sprintf(path, "/proc/%ld/schedstat", syscall(SYS_gettid));
fp = fopen(path, "r");
fscanf(fp, "%ld %ld ", &val[0], &val[1]);
fclose(fp);
return val[1];
Reported by FlawFinder.
Line: 227
Column: 7
CWE codes:
362
FILE *fp;
sprintf(path, "/proc/%ld/schedstat", syscall(SYS_gettid));
fp = fopen(path, "r");
fscanf(fp, "%ld %ld ", &val[0], &val[1]);
fclose(fp);
return val[1];
}
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/mmap.c
3 issues
Line: 109
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
val = 111;
CHECK_FAIL(bpf_map_update_elem(data_map_fd, &zero, &val, 0));
usleep(1);
CHECK_FAIL(bss_data->in_val != 123);
CHECK_FAIL(bss_data->out_val != 123);
CHECK_FAIL(skel->bss->in_val != 123);
CHECK_FAIL(skel->bss->out_val != 123);
Reported by FlawFinder.
Line: 188
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
}
bss_data->in_val = 321;
usleep(1);
CHECK_FAIL(bss_data->in_val != 321);
CHECK_FAIL(bss_data->out_val != 321);
CHECK_FAIL(skel->bss->in_val != 321);
CHECK_FAIL(skel->bss->out_val != 321);
CHECK_FAIL(map_data->val[0] != 111);
Reported by FlawFinder.
Line: 287
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
__u32 id = data_map_id - 1;
if (bpf_map_get_next_id(id, &id) || id > data_map_id)
break;
usleep(1);
}
/* should fail to get map FD by non-existing ID */
tmp_fd = bpf_map_get_fd_by_id(data_map_id);
if (CHECK(tmp_fd >= 0, "get_map_by_id_after",
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/module_attach.c
3 issues
Line: 13
Column: 7
CWE codes:
362
{
int fd, err;
fd = open("/sys/kernel/bpf_testmod", O_RDONLY);
err = -errno;
if (CHECK(fd < 0, "testmod_file_open", "failed: %d\n", err))
return err;
read(fd, NULL, read_sz);
Reported by FlawFinder.
Line: 35
Column: 7
CWE codes:
362
memset(buf, 'a', write_sz);
buf[write_sz-1] = '\0';
fd = open("/sys/kernel/bpf_testmod", O_WRONLY);
err = -errno;
if (CHECK(fd < 0, "testmod_file_open", "failed: %d\n", err)) {
free(buf);
return err;
}
Reported by FlawFinder.
tools/perf/util/thread-stack.c
3 issues
Line: 190
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!new_ts)
return NULL;
if (ts)
memcpy(new_ts, ts, old_sz * sizeof(*ts));
new_ts->arr_sz = new_sz;
zfree(&thread->ts);
thread->ts = new_ts;
ts = new_ts;
}
Reported by FlawFinder.
Line: 638
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
be = &dst->entries[0];
nr = min(ts->br_stack_sz - ts->br_stack_pos, (unsigned int)dst->nr);
memcpy(be, &src->entries[ts->br_stack_pos], bsz * nr);
if (src->nr >= ts->br_stack_sz) {
sz -= nr;
be = &dst->entries[nr];
nr = min(ts->br_stack_pos, sz);
Reported by FlawFinder.
Line: 644
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sz -= nr;
be = &dst->entries[nr];
nr = min(ts->br_stack_pos, sz);
memcpy(be, &src->entries[0], bsz * ts->br_stack_pos);
}
}
/* Start of user space branch entries */
static bool us_start(struct branch_entry *be, u64 kernel_start, bool *start)
Reported by FlawFinder.
tools/perf/util/evsel_fprintf.c
3 issues
Line: 28
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
va_start(args, fmt);
ret += vfprintf(fp, fmt, args);
va_end(args);
return ret;
}
static int __print_attr__fprintf(FILE *fp, const char *name, const char *val, void *priv)
Reported by FlawFinder.
Line: 148
Column: 16
CWE codes:
134
Suggestion:
Use a constant for the format specification
printed += fprintf(fp, " <-");
if (print_ip)
printed += fprintf(fp, "%c%16" PRIx64, s, node->ip);
if (map)
addr = map->map_ip(map, node->ip);
if (print_sym) {
Reported by FlawFinder.
Line: 217
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
printed += fprintf(fp, "%-*.*s", left_alignment, left_alignment, " ");
if (print_ip)
printed += fprintf(fp, "%16" PRIx64, sample->ip);
if (print_sym) {
printed += fprintf(fp, " ");
if (print_symoffset) {
printed += __symbol__fprintf_symname_offs(al->sym, al,
Reported by FlawFinder.
tools/testing/selftests/kvm/lib/x86_64/processor.c
3 issues
Line: 1032
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct kvm_debugregs debugregs;
union {
struct kvm_nested_state nested;
char nested_[16384];
};
struct kvm_msrs msrs;
};
static int kvm_get_num_msrs_fd(int kvm_fd)
Reported by FlawFinder.
Line: 1353
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cur->function != ent->function || cur->index != ent->index)
continue;
memcpy(cur, ent, sizeof(struct kvm_cpuid_entry2));
return true;
}
return false;
}
Reported by FlawFinder.
Line: 1418
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nent++;
}
memcpy(&cpuid_full->entries[nent], cpuid_hv->entries,
cpuid_hv->nent * sizeof(struct kvm_cpuid_entry2));
cpuid_full->nent = nent + cpuid_hv->nent;
}
vcpu_set_cpuid(vm, vcpuid, cpuid_full);
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_core_reloc_arrays.c
3 issues
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char _license[] SEC("license") = "GPL";
struct {
char in[256];
char out[256];
} data = {};
struct core_reloc_arrays_output {
int a2;
Reported by FlawFinder.
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char in[256];
char out[256];
} data = {};
struct core_reloc_arrays_output {
int a2;
char b123;
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct core_reloc_arrays {
int a[5];
char b[2][3][4];
struct core_reloc_arrays_substruct c[3];
struct core_reloc_arrays_substruct d[1][2];
struct core_reloc_arrays_substruct f[][2];
};
Reported by FlawFinder.