The following issues were found

tools/power/cpupower/debug/i386/dump_psb.c
3 issues
getopt_long - Some older implementations do not protect against internal buffer overflows
Security

Line: 158 Column: 9 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	char *p;

	do {
		ret = getopt_long(argc, argv, "hr:n:", info_opts, NULL);
		switch (ret){
		case '?':
		case 'h':
			print_help();
			cont = 0;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 41 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };

struct psb_header {
	char signature[10];
	u_char version;
	u_char flags;
	u_short settlingtime;
	u_char res1;
	u_char numpst;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 178 Column: 7 CWE codes: 362 

              
	} while(cont);

	fd = open("/dev/mem", O_RDONLY);
	if (fd < 0) {
		printf ("Couldn't open /dev/mem. Are you root?\n");
		exit(1);
	}

Reported by FlawFinder.

tools/testing/selftests/powerpc/benchmarks/null_syscall.c
3 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 109 Column: 13 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
	fclose(f);

	override = getenv("FREQUENCY");
	if (override)
		clock_frequency = strtoull(override, NULL, 10);

	if (timebase_frequency)
		timebase_multiplier = (double)clock_frequency

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 68 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void get_proc_frequency(void)
{
	FILE *f;
	char line[128];
	char *p, *end;
	unsigned long v;
	double d;
	char *override;

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 77 Column: 6 CWE codes: 362 

              	/* Try to get out of low power/low frequency mode */
	cpu_soak_usecs(0.25 * 1000000);

	f = fopen("/proc/cpuinfo", "r");
	if (f == NULL)
		return;

	timebase_frequency = 0;

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/snprintf.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 98 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (!skel)
		return -EINVAL;

	memcpy(skel->rodata->fmt, fmt, min(strlen(fmt) + 1, 10));

	ret = test_snprintf_single__load(skel);
	test_snprintf_single__destroy(skel);

	return ret;

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 52 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		goto cleanup;

	/* trigger tracepoint */
	usleep(1);

	ASSERT_STREQ(skel->bss->num_out, EXP_NUM_OUT, "num_out");
	ASSERT_EQ(skel->bss->num_ret, EXP_NUM_RET, "num_ret");

	ASSERT_STREQ(skel->bss->ip_out, EXP_IP_OUT, "ip_out");

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 98 Column: 37 CWE codes: 126 

              	if (!skel)
		return -EINVAL;

	memcpy(skel->rodata->fmt, fmt, min(strlen(fmt) + 1, 10));

	ret = test_snprintf_single__load(skel);
	test_snprintf_single__destroy(skel);

	return ret;

Reported by FlawFinder.

tools/testing/selftests/kvm/x86_64/xen_shinfo_test.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 103 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static long get_run_delay(void)
{
        char path[64];
        long val[2];
        FILE *fp;

        sprintf(path, "/proc/%ld/schedstat", syscall(SYS_gettid));
        fp = fopen(path, "r");

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 107 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

                      long val[2];
        FILE *fp;

        sprintf(path, "/proc/%ld/schedstat", syscall(SYS_gettid));
        fp = fopen(path, "r");
        fscanf(fp, "%ld %ld ", &val[0], &val[1]);
        fclose(fp);

        return val[1];

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 108 Column: 14 CWE codes: 362 

                      FILE *fp;

        sprintf(path, "/proc/%ld/schedstat", syscall(SYS_gettid));
        fp = fopen(path, "r");
        fscanf(fp, "%ld %ld ", &val[0], &val[1]);
        fclose(fp);

        return val[1];
}

Reported by FlawFinder.

tools/perf/tests/parse-events.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 2136 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int test_pmu(void)
{
	struct stat st;
	char path[PATH_MAX];
	int ret;

	snprintf(path, PATH_MAX, "%s/bus/event_source/devices/cpu/format/",
		 sysfs__mountpoint());

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 2151 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int test_pmu_events(void)
{
	struct stat st;
	char path[PATH_MAX];
	struct dirent *ent;
	DIR *dir;
	int ret;

	snprintf(path, PATH_MAX, "%s/bus/event_source/devices/cpu/events/",

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 2173 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	while (!ret && (ent = readdir(dir))) {
		struct evlist_test e = { .id = 0, };
		char name[2 * NAME_MAX + 1 + 12 + 3];

		/* Names containing . are special and cannot be used directly */
		if (strchr(ent->d_name, '.'))
			continue;

Reported by FlawFinder.

tools/testing/selftests/powerpc/nx-gzip/gzip_vas.c
3 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 57 Column: 7 CWE codes: 362 

              	void *addr;
	struct vas_tx_win_open_attr txattr;

	fd = open(devname, O_RDWR);
	if (fd < 0) {
		fprintf(stderr, " open device name %s\n", devname);
		return -errno;
	}

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 164 Column: 4 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		 */
		if ((__ppc_get_timebase() - t) > USLEEP_TH) {
			cpu_pri_default();
			usleep(1);
		}

		if (poll > CSB_MAX_POLL)
			break;

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 250 Column: 5 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              					prt_err("%d, failed pid= %d\n", retries,
						getpid());
				}
				usleep(1);
			}
			continue;
		}
	}

Reported by FlawFinder.

tools/testing/selftests/powerpc/nx-gzip/include/nx_dbg.h
3 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 36 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	pthread_mutex_lock(&mutex_log);					\
	flock(nx_gzip_log->_fileno, LOCK_EX);				\
	time_t t; struct tm *m; time(&t); m = localtime(&t);		\
	fprintf(nx_gzip_log, "[%04d/%02d/%02d %02d:%02d:%02d] "		\
		"pid %d: " fmt,	\
		(int)m->tm_year + 1900, (int)m->tm_mon+1, (int)m->tm_mday, \
		(int)m->tm_hour, (int)m->tm_min, (int)m->tm_sec,	\
		(int)getpid(), ## __VA_ARGS__);				\
	fflush(nx_gzip_log);						\

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 76 Column: 4 CWE codes: 134
Suggestion: Use a constant for the format specification 

              /* Trace zlib hardware implementation */
#define hw_trace(fmt, ...) do {						\
		if (nx_gzip_hw_trace_enabled())				\
			fprintf(nx_gzip_log, "hhh " fmt, ## __VA_ARGS__); \
	} while (0)

/* Trace zlib software implementation */
#define sw_trace(fmt, ...) do {						\
		if (nx_gzip_sw_trace_enabled())				\

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 82 Column: 4 CWE codes: 134
Suggestion: Use a constant for the format specification 

              /* Trace zlib software implementation */
#define sw_trace(fmt, ...) do {						\
		if (nx_gzip_sw_trace_enabled())				\
			fprintf(nx_gzip_log, "sss " fmt, ## __VA_ARGS__); \
	} while (0)


/**
 * str_to_num - Convert string into number and copy with endings like

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/sockmap_basic.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 147 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct test_sockmap_update *skel;
	struct bpf_map *dst_map;
	const __u32 zero = 0;
	char dummy[14] = {0};
	__s64 sk;

	sk = connected_socket_v4();
	if (CHECK(sk == -1, "connected_socket_v4", "cannot connect\n"))
		return;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 209 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	__s64 *sock_fd = NULL;
	struct bpf_link *link;
	struct bpf_map *src;
	char buf[64];

	skel = bpf_iter_sockmap__open_and_load();
	if (CHECK(!skel, "bpf_iter_sockmap__open_and_load", "skeleton open_and_load failed\n"))
		return;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 256 Column: 16 CWE codes: 120 20 

              		goto free_link;

	/* do some tests */
	while ((len = read(iter_fd, buf, sizeof(buf))) > 0)
		;
	if (CHECK(len < 0, "read", "failed: %s\n", strerror(errno)))
		goto close_iter;

	/* test results */

Reported by FlawFinder.

tools/testing/selftests/openat2/openat2_test.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 30 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct open_how_ext {
	struct open_how inner;
	uint32_t extra1;
	char pad1[128];
	uint32_t extra2;
	char pad2[128];
	uint32_t extra3;
};

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 32 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	uint32_t extra1;
	char pad1[128];
	uint32_t extra2;
	char pad2[128];
	uint32_t extra3;
};

struct struct_test {
	const char *name;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 113 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              				copy = malloc(misalign + sizeof(how_ext));
				how_copy = copy + misalign;
				memset(copy, 0xff, misalign);
				memcpy(how_copy, &how_ext, sizeof(how_ext));
			}

			fd = raw_openat2(AT_FDCWD, ".", how_copy, test->size);
			if (test->err >= 0)
				failed = (fd < 0);

Reported by FlawFinder.

tools/testing/selftests/seccomp/seccomp_benchmark.c
3 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 149 Column: 2 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              	setbuf(stdout, NULL);

	printf("Running on:\n");
	system("uname -a");

	printf("Current BPF sysctl settings:\n");
	/* Avoid using "sysctl" which may not be installed. */
	system("grep -H . /proc/sys/net/core/bpf_jit_enable");
	system("grep -H . /proc/sys/net/core/bpf_jit_harden");

Reported by FlawFinder.

system - This causes a new program to execute and is difficult to use safely
Security

Line: 153 Column: 2 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              
	printf("Current BPF sysctl settings:\n");
	/* Avoid using "sysctl" which may not be installed. */
	system("grep -H . /proc/sys/net/core/bpf_jit_enable");
	system("grep -H . /proc/sys/net/core/bpf_jit_harden");

	if (argc > 1)
		samples = strtoull(argv[1], NULL, 0);
	else

Reported by FlawFinder.

system - This causes a new program to execute and is difficult to use safely
Security

Line: 154 Column: 2 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              	printf("Current BPF sysctl settings:\n");
	/* Avoid using "sysctl" which may not be installed. */
	system("grep -H . /proc/sys/net/core/bpf_jit_enable");
	system("grep -H . /proc/sys/net/core/bpf_jit_harden");

	if (argc > 1)
		samples = strtoull(argv[1], NULL, 0);
	else
		samples = calibrate();

Reported by FlawFinder.