The following issues were found
tools/testing/selftests/rlimits/rlimits-per-userns.c
3 issues
Line: 93
Column: 6
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
int childs = NR_CHILDS;
pid_t pid;
if (getenv("I_AM_SERVICE")) {
pause();
exit(EXIT_SUCCESS);
}
service_prog = argv[0];
Reported by FlawFinder.
Line: 111
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
for (i = 0; i < NR_CHILDS; i++) {
child[i] = fork_child();
wstatus[i] = 0;
usleep(250000);
}
while (1) {
for (i = 0; i < NR_CHILDS; i++) {
if (child[i] <= 0)
Reported by FlawFinder.
Line: 135
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
if (!childs)
break;
usleep(250000);
for (i = 0; i < NR_CHILDS; i++) {
if (child[i] <= 0)
continue;
kill(child[i], SIGUSR1);
Reported by FlawFinder.
tools/perf/util/stat-shadow.c
3 issues
Line: 91
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!nd)
return NULL;
memcpy(nd, entry, sizeof(struct saved_value));
return &nd->rb_node;
}
static void saved_value_delete(struct rblist *rblist __maybe_unused,
struct rb_node *rb_node)
Reported by FlawFinder.
Line: 895
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!metric_events[i]) {
if (expr__parse(&ratio, &pctx, metric_expr, runtime) == 0) {
char *unit;
char metric_bf[64];
if (metric_unit && metric_name) {
if (perf_pmu__convert_scale(metric_unit,
&unit, &scale) >= 0) {
ratio *= scale;
Reported by FlawFinder.
Line: 1278
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
evsel->name, evsel->metric_name, NULL, 1, cpu, out, st);
} else if (runtime_stat_n(st, STAT_NSECS, cpu, &rsd) != 0) {
char unit = ' ';
char unit_buf[10] = "/sec";
total = runtime_stat_avg(st, STAT_NSECS, cpu, &rsd);
if (total)
ratio = convert_unit_double(1000000000.0 * avg / total, &unit);
Reported by FlawFinder.
tools/testing/selftests/kvm/lib/sparsebit.c
3 issues
Line: 1566
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
* have been printed, else print the range.
*/
if (!stream)
sz = snprintf(NULL, 0, fmt_str, low, high);
else
sz = fprintf(stream, fmt_str, low, high);
return sz;
}
Reported by FlawFinder.
Line: 1568
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!stream)
sz = snprintf(NULL, 0, fmt_str, low, high);
else
sz = fprintf(stream, fmt_str, low, high);
return sz;
}
Reported by FlawFinder.
tools/perf/util/bpf_counter.c
3 issues
Line: 316
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
BPF_PERF_DEFAULT_ATTR_MAP_PATH);
}
if (access(path, F_OK)) {
map_fd = bpf_create_map(BPF_MAP_TYPE_HASH,
sizeof(struct perf_event_attr),
sizeof(struct perf_event_attr_map_entry),
ATTR_MAP_SIZE, 0);
if (map_fd < 0)
Reported by FlawFinder.
Line: 306
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int bperf_lock_attr_map(struct target *target)
{
char path[PATH_MAX];
int map_fd, err;
if (target->attr_map) {
scnprintf(path, PATH_MAX, "%s", target->attr_map);
} else {
Reported by FlawFinder.
Line: 794
Column: 33
CWE codes:
120
20
{
if (bpf_counter_skip(evsel))
return -EAGAIN;
return evsel->bpf_counter_ops->read(evsel);
}
void bpf_counter__destroy(struct evsel *evsel)
{
if (bpf_counter_skip(evsel))
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_core_reloc_type_based.c
3 issues
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char _license[] SEC("license") = "GPL";
struct {
char in[256];
char out[256];
bool skip;
} data = {};
struct a_struct {
Reported by FlawFinder.
Line: 14
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char in[256];
char out[256];
bool skip;
} data = {};
struct a_struct {
int x;
Reported by FlawFinder.
Line: 49
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef int (*func_proto_typedef)(long);
typedef char arr_typedef[20];
struct core_reloc_type_based_output {
bool struct_exists;
bool union_exists;
bool enum_exists;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_core_reloc_type_id.c
3 issues
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char _license[] SEC("license") = "GPL";
struct {
char in[256];
char out[256];
bool skip;
} data = {};
/* some types are shared with test_core_reloc_type_based.c */
Reported by FlawFinder.
Line: 14
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char in[256];
char out[256];
bool skip;
} data = {};
/* some types are shared with test_core_reloc_type_based.c */
struct a_struct {
Reported by FlawFinder.
Line: 38
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef int (*func_proto_typedef)(long);
typedef char arr_typedef[20];
struct core_reloc_type_id_output {
int local_anon_struct;
int local_anon_union;
int local_anon_enum;
Reported by FlawFinder.
tools/bpf/bpftool/btf.c
3 issues
Line: 404
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
static void __printf(2, 0) btf_dump_printf(void *ctx,
const char *fmt, va_list args)
{
vfprintf(stdout, fmt, args);
}
static int dump_btf_c(const struct btf *btf,
__u32 *root_type_ids, int root_type_cnt)
{
Reported by FlawFinder.
Line: 22
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "json_writer.h"
#include "main.h"
static const char * const btf_kind_str[NR_BTF_KINDS] = {
[BTF_KIND_UNKN] = "UNKNOWN",
[BTF_KIND_INT] = "INT",
[BTF_KIND_PTR] = "PTR",
[BTF_KIND_ARRAY] = "ARRAY",
[BTF_KIND_STRUCT] = "STRUCT",
Reported by FlawFinder.
Line: 862
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct bpf_btf_info info;
__u32 len = sizeof(info);
char name[64];
int err;
memset(&info, 0, sizeof(info));
err = bpf_obj_get_info_by_fd(fd, &info, &len);
if (err) {
Reported by FlawFinder.
tools/perf/util/find-map.c
3 issues
Line: 5
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int find_map(void **start, void **end, const char *name)
{
FILE *maps;
char line[128];
int found = 0;
maps = fopen("/proc/self/maps", "r");
if (!maps) {
fprintf(stderr, "cannot open maps\n");
Reported by FlawFinder.
Line: 8
Column: 9
CWE codes:
362
char line[128];
int found = 0;
maps = fopen("/proc/self/maps", "r");
if (!maps) {
fprintf(stderr, "cannot open maps\n");
return -1;
}
Reported by FlawFinder.
Line: 24
Column: 32
CWE codes:
126
if (m < 0)
continue;
if (!strncmp(&line[m], name, strlen(name)))
found = 1;
}
fclose(maps);
return !found;
Reported by FlawFinder.
tools/testing/selftests/bpf/test_netcnt.c
3 issues
Line: 71
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
goto err;
}
if (system("which ping6 &>/dev/null") == 0)
assert(!system("ping6 ::1 -c 10000 -f -q > /dev/null"));
else
assert(!system("ping -6 ::1 -c 10000 -f -q > /dev/null"));
if (bpf_prog_query(cgroup_fd, BPF_CGROUP_INET_EGRESS, 0, NULL, NULL,
Reported by FlawFinder.
Line: 72
Column: 11
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
if (system("which ping6 &>/dev/null") == 0)
assert(!system("ping6 ::1 -c 10000 -f -q > /dev/null"));
else
assert(!system("ping -6 ::1 -c 10000 -f -q > /dev/null"));
if (bpf_prog_query(cgroup_fd, BPF_CGROUP_INET_EGRESS, 0, NULL, NULL,
&prog_cnt)) {
Reported by FlawFinder.
Line: 74
Column: 11
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (system("which ping6 &>/dev/null") == 0)
assert(!system("ping6 ::1 -c 10000 -f -q > /dev/null"));
else
assert(!system("ping -6 ::1 -c 10000 -f -q > /dev/null"));
if (bpf_prog_query(cgroup_fd, BPF_CGROUP_INET_EGRESS, 0, NULL, NULL,
&prog_cnt)) {
printf("Failed to query attached programs");
goto err;
Reported by FlawFinder.
tools/testing/selftests/bpf/map_tests/lpm_trie_map_batch_ops.c
3 issues
Line: 29
char buff[16] = { 0 };
DECLARE_LIBBPF_OPTS(bpf_map_batch_opts, opts,
.elem_flags = 0,
.flags = 0,
);
for (i = 0; i < max_entries; i++) {
keys[i].prefix = 32;
snprintf(buff, 16, "192.168.1.%d", i + 1);
Reported by Cppcheck.
Line: 26
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
__u32 i;
int err;
char buff[16] = { 0 };
DECLARE_LIBBPF_OPTS(bpf_map_batch_opts, opts,
.elem_flags = 0,
.flags = 0,
);
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void map_batch_verify(int *visited, __u32 max_entries,
struct test_lpm_key *keys, int *values)
{
char buff[16] = { 0 };
int lower_byte = 0;
__u32 i;
memset(visited, 0, max_entries * sizeof(*visited));
for (i = 0; i < max_entries; i++) {
Reported by FlawFinder.