Line: 568 Column: 10 CWE codes: 134
Suggestion: Use a constant for the format specification

              
#define BTF_PRINT_ARG(...)						\
	do {								\
		pos += snprintf(func_sig + pos, size - pos,		\
				__VA_ARGS__);				\
		if (pos >= size)					\
			return -1;					\
	} while (0)
#define BTF_PRINT_TYPE(type)					\

            

Line: 42 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct btf *prog_btf = NULL;
	struct bpf_prog_info *info;
	int prog_fd, func_sig_len;
	char prog_str[1024];

	/* Get the ptr's func_proto */
	func_sig_len = btf_dump_func(d->btf, prog_str, func_proto, NULL, 0,
				     sizeof(prog_str));
	if (func_sig_len == -1)

            

Line: 327 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	bits_to_copy = bit_offset + nr_bits;
	bytes_to_copy = BITS_ROUNDUP_BYTES(bits_to_copy);

	memcpy(print_num, data, bytes_to_copy);
#if defined(__BIG_ENDIAN_BITFIELD)
	left_shift_bits = bit_offset;
#elif defined(__LITTLE_ENDIAN_BITFIELD)
	left_shift_bits = 128 - bits_to_copy;
#else

            

Line: 35 Column: 9 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs

              	char *endptr;

	do {
		ret = getopt_long(argc, argv, "d:e:ED:", info_opts, NULL);
		if (ret == -1)
			break;
		switch (ret) {
		case '?':
			param = '?';

            

Line: 50 Column: 16 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)

              				break;
			}
			param = ret;
			idlestate = atoi(optarg);
			break;
		case 'e':
			if (param) {
				param = -1;
				cont = 0;

            

Line: 59 Column: 16 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)

              				break;
			}
			param = ret;
			idlestate = atoi(optarg);
			break;
		case 'D':
			if (param) {
				param = -1;
				cont = 0;

            

Line: 59 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification

              		jsonw_name(json_wtr, name);		\
		jsonw_start_array(json_wtr);		\
	} else {					\
		fprintf(stdout, fmt_str, name);		\
	}						\
}

#define NET_END_ARRAY(endstr)				\
{							\

            

Line: 76 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification

              	if (json_output)				\
		jsonw_uint_field(json_wtr, name, val);	\
	else						\
		fprintf(stdout, fmt_str, val);		\
}

#define NET_DUMP_STR(name, fmt_str, str)		\
{							\
	if (json_output)				\

            

Line: 84 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification

              	if (json_output)				\
		jsonw_string_field(json_wtr, name, str);\
	else						\
		fprintf(stdout, fmt_str, str);		\
}

#define NET_DUMP_STR_ONLY(str)				\
{							\
	if (json_output)				\

            

Line: 23 Column: 9 CWE codes: 126

              
static inline int check_prefix(const char *str, const char *prefix)
{
	return strlen(str) > strlen(prefix) &&
		strncmp(str, prefix, strlen(prefix)) == 0;
}

int gpiotools_request_line(const char *device_name,
			   unsigned int *lines,

            

Line: 23 Column: 23 CWE codes: 126

              
static inline int check_prefix(const char *str, const char *prefix)
{
	return strlen(str) > strlen(prefix) &&
		strncmp(str, prefix, strlen(prefix)) == 0;
}

int gpiotools_request_line(const char *device_name,
			   unsigned int *lines,

            

Line: 24 Column: 24 CWE codes: 126

              static inline int check_prefix(const char *str, const char *prefix)
{
	return strlen(str) > strlen(prefix) &&
		strncmp(str, prefix, strlen(prefix)) == 0;
}

int gpiotools_request_line(const char *device_name,
			   unsigned int *lines,
			   unsigned int num_lines,

            

Line: 18 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              struct sk_stg {
	__u32 pid;
	__u32 last_notclose_state;
	char comm[16];
};

static struct test_sk_storage_tracing *skel;
static __u32 duration;
static pid_t my_pid;

            

Line: 74 Column: 8 CWE codes: 120 20

              		goto out;

	shutdown(active_fd, SHUT_WR);
	err = read(passive_fd, &abyte, 1);
	if (!ASSERT_OK(err, "read(passive_fd)"))
		goto out;

	shutdown(passive_fd, SHUT_WR);
	err = read(active_fd, &abyte, 1);

            

Line: 79 Column: 8 CWE codes: 120 20

              		goto out;

	shutdown(passive_fd, SHUT_WR);
	err = read(active_fd, &abyte, 1);
	if (!ASSERT_OK(err, "read(active_fd)"))
		goto out;

	err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.del_sk_stg_map),
				  &active_fd, &value);

            

Line: 33 Column: 22 CWE codes: 134
Suggestion: Use a constant for the format specification

              #include <err.h>

#define printinfo(fmt, arg...) \
	do { if (__verbose) printf(fmt, ## arg); } while (0)

static unsigned int nthreads = 0;
static unsigned int nsecs    = 8;
static bool done, __verbose, randomize;


            

Line: 161 Column: 40 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values

              
static inline void do_random_epoll_op(struct worker *w)
{
	unsigned long rnd1 = random(), rnd2 = random();
	int op, fd;

	fd = w->fdmap[rnd1 % nfds];
	op = rnd2 % EPOLL_NR_OPS;


            

Line: 161 Column: 23 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values

              
static inline void do_random_epoll_op(struct worker *w)
{
	unsigned long rnd1 = random(), rnd2 = random();
	int op, fd;

	fd = w->fdmap[rnd1 % nfds];
	op = rnd2 % EPOLL_NR_OPS;


            

Line: 51 Column: 13 CWE codes: 362 20
Suggestion: Reconsider approach

              {
	char *buf = calloc(PATH_MAX, sizeof(char));

	if (buf && readlink("/proc/self/exe", buf, PATH_MAX - 1) < 0) {
		pr_debug("Failed to get correct path of perf\n");
		free(buf);
		return NULL;
	}
	return buf;

            

Line: 90 Column: 12 CWE codes: 120/785!
Suggestion: Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN

              		goto error;
	}
	/* Note that buildid_dir must be an absolute path */
	tempdir = realpath(__tempdir, NULL);
	if (tempdir == NULL)
		goto error_rmdir;

	/* At first, scan itself */
	set_buildid_dir(tempdir);

            

Line: 30 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              /* Copied from builtin-buildid-cache.c */
static int build_id_cache__add_file(const char *filename)
{
	char sbuild_id[SBUILD_ID_SIZE];
	struct build_id bid;
	int err;

	err = filename__read_build_id(filename, &bid);
	if (err < 0) {

            

Line: 49 Column: 11 CWE codes: 120 20

              
	pid = fork();
	if (pid == 0) {
		FAIL_IF(read(p2c[0], &c, 1) != 1);

		pid = getpid();
		printf("child writing  %p = %d\n", p, pid);
		*p = pid;


            

Line: 56 Column: 11 CWE codes: 120 20

              		*p = pid;

		FAIL_IF(write(c2p[1], &c, 1) != 1);
		FAIL_IF(read(p2c[0], &c, 1) != 1);
		exit(0);
	}

	c = 0;
	FAIL_IF(write(p2c[1], &c, 1) != 1);

            

Line: 62 Column: 10 CWE codes: 120 20

              
	c = 0;
	FAIL_IF(write(p2c[1], &c, 1) != 1);
	FAIL_IF(read(c2p[0], &c, 1) != 1);

	// Prevent compiler optimisation
	barrier();

	rc = 0;

            

Line: 177 Column: 14 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs

              
	memset(&config, 0, sizeof(config));
	config.flags = GPIO_V2_LINE_FLAG_INPUT;
	while ((c = getopt(argc, argv, "c:n:o:b:dsrfw?")) != -1) {
		switch (c) {
		case 'c':
			loops = strtoul(optarg, NULL, 10);
			break;
		case 'n':

            

Line: 44 Column: 8 CWE codes: 362

              	if (ret < 0)
		return -ENOMEM;

	cfd = open(chrdev_name, 0);
	if (cfd == -1) {
		ret = -errno;
		fprintf(stderr, "Failed to open %s\n", chrdev_name);
		goto exit_free_name;
	}

            

Line: 92 Column: 9 CWE codes: 120 20

              	while (1) {
		struct gpio_v2_line_event event;

		ret = read(lfd, &event, sizeof(event));
		if (ret == -1) {
			if (errno == -EAGAIN) {
				fprintf(stderr, "nothing available\n");
				continue;
			} else {

            

Line: 30 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	memset(src, POISON, BUFLEN);
	memset(dst, POISON, BUFLEN);
	memcpy(srcp, fill, len);

	ret = COPY_LOOP(dstp, srcp, len);
	if (ret && ret != (unsigned long)dstp) {
		printf("(%p,%p,%ld) returned %ld\n", dstp, srcp, len, ret);
		abort();

            

Line: 69 Column: 8 CWE codes: 676
Suggestion: Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient

              	unsigned long len, src_off, dst_off;
	unsigned long i;

	src = memalign(BUFLEN, BUFLEN);
	dst = memalign(BUFLEN, BUFLEN);
	redzone = malloc(BUFLEN);
	fill = malloc(BUFLEN);

	if (!src || !dst || !redzone || !fill) {

            

Line: 70 Column: 8 CWE codes: 676
Suggestion: Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient

              	unsigned long i;

	src = memalign(BUFLEN, BUFLEN);
	dst = memalign(BUFLEN, BUFLEN);
	redzone = malloc(BUFLEN);
	fill = malloc(BUFLEN);

	if (!src || !dst || !redzone || !fill) {
		fprintf(stderr, "malloc failed\n");