The following issues were found

tools/perf/ui/gtk/util.c
3 issues
vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 39 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	if (!perf_gtk__is_active_context(pgctx) ||
	    vasprintf(&msg, format, args) < 0) {
		fprintf(stderr, "Error:\n");
		vfprintf(stderr, format, args);
		fprintf(stderr, "\n");
		return -1;
	}

	dialog = gtk_message_dialog_new_with_markup(GTK_WINDOW(pgctx->main_window),

Reported by FlawFinder.

vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 64 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	if (!perf_gtk__is_active_context(pgctx) ||
	    vasprintf(&msg, format, args) < 0) {
		fprintf(stderr, "Warning:\n");
		vfprintf(stderr, format, args);
		fprintf(stderr, "\n");
		return -1;
	}

	gtk_label_set_text(GTK_LABEL(pgctx->message_label), msg);

Reported by FlawFinder.

vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 85 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	if (!perf_gtk__is_active_context(pgctx) ||
	    vasprintf(&msg, format, args) < 0) {
		fprintf(stderr, "Warning:\n");
		vfprintf(stderr, format, args);
		fprintf(stderr, "\n");
		return -1;
	}

	gtk_statusbar_pop(GTK_STATUSBAR(pgctx->statbar),

Reported by FlawFinder.

tools/testing/selftests/sgx/main.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 120 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	Elf64_Sym *sgx_enter_enclave_sym = NULL;
	struct vdso_symtab symtab;
	struct encl_segment *seg;
	char maps_line[256];
	FILE *maps_file;
	unsigned int i;
	void *addr;

	if (!encl_load("test_encl.elf", &self->encl)) {

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 172 Column: 14 CWE codes: 362 

              	memset(&self->run, 0, sizeof(self->run));
	self->run.tcs = self->encl.encl_base;

	maps_file = fopen("/proc/self/maps", "r");
	if (maps_file != NULL)  {
		while (fgets(maps_line, sizeof(maps_line), maps_file) != NULL) {
			maps_line[strlen(maps_line) - 1] = '\0';

			if (strstr(maps_line, "/dev/sgx_enclave"))

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 175 Column: 14 CWE codes: 126 

              	maps_file = fopen("/proc/self/maps", "r");
	if (maps_file != NULL)  {
		while (fgets(maps_line, sizeof(maps_line), maps_file) != NULL) {
			maps_line[strlen(maps_line) - 1] = '\0';

			if (strstr(maps_line, "/dev/sgx_enclave"))
				TH_LOG("%s", maps_line);
		}

Reported by FlawFinder.

tools/perf/tests/genelf.c
3 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 31 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	char path[PATH_MAX];
	int fd, ret;

	strcpy(path, TEMPL);

	fd = mkstemp(path);
	if (fd < 0) {
		perror("mkstemp failed");
		return TEST_FAIL;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 28 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		0xB8, 0x01, 0x00, 0x00, 0x00, /* movl $1, %eax */
		0xCD, 0x80            /* int $0x80 */
	};
	char path[PATH_MAX];
	int fd, ret;

	strcpy(path, TEMPL);

	fd = mkstemp(path);

Reported by FlawFinder.

mkstemp - Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library
Security

Line: 33 Column: 7 CWE codes: 377 

              
	strcpy(path, TEMPL);

	fd = mkstemp(path);
	if (fd < 0) {
		perror("mkstemp failed");
		return TEST_FAIL;
	}

Reported by FlawFinder.

tools/perf/tests/backward-ring-buffer.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 25 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int i;

	for (i = 0; i < NR_ITERS; i++) {
		char proc_name[15];

		snprintf(proc_name, sizeof(proc_name), "p:%d\n", i);
		prctl(PR_SET_NAME, proc_name);
	}
}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 66 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		   int *sample_count, int *comm_count)
{
	int err;
	char sbuf[STRERR_BUFSIZE];

	err = evlist__mmap(evlist, mmap_pages);
	if (err < 0) {
		pr_debug("evlist__mmap: %s\n",
			 str_error_r(errno, sbuf, sizeof(sbuf)));

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 88 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              int test__backward_ring_buffer(struct test *test __maybe_unused, int subtest __maybe_unused)
{
	int ret = TEST_SKIP, err, sample_count = 0, comm_count = 0;
	char pid[16], sbuf[STRERR_BUFSIZE];
	struct evlist *evlist;
	struct evsel *evsel __maybe_unused;
	struct parse_events_error parse_error;
	struct record_opts opts = {
		.target = {

Reported by FlawFinder.

tools/testing/selftests/net/txring_overwrite.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 142 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static int read_verify_pkt(int fdr, char payload_char)
{
	char buf[100];
	int ret;

	ret = read(fdr, buf, sizeof(buf));
	if (ret != sizeof(buf))
		error(1, errno, "read");

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 128 Column: 3 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              	int ret;

	while (header->tp_status != TP_STATUS_AVAILABLE)
		usleep(1000);

	build_packet(slot + eth_off, cfg_frame_size, payload_char);

	header->tp_len = cfg_frame_size;
	header->tp_status = TP_STATUS_SEND_REQUEST;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 145 Column: 8 CWE codes: 120 20 

              	char buf[100];
	int ret;

	ret = read(fdr, buf, sizeof(buf));
	if (ret != sizeof(buf))
		error(1, errno, "read");

	if (buf[60] != payload_char) {
		printf("wrong pattern: 0x%x != 0x%x\n", buf[60], payload_char);

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/task_fd_query_tp.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 14 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	__u32 len, prog_id, fd_type;
	struct bpf_object *obj = NULL;
	__u32 duration = 0;
	char buf[256];

	err = bpf_prog_load(file, BPF_PROG_TYPE_TRACEPOINT, &obj, &prog_fd);
	if (CHECK(err, "bpf_prog_load", "err %d errno %d\n", err, errno))
		goto close_prog;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 22 Column: 8 CWE codes: 362 

              
	snprintf(buf, sizeof(buf),
		 "/sys/kernel/debug/tracing/events/%s/id", probe_name);
	efd = open(buf, O_RDONLY, 0);
	if (CHECK(efd < 0, "open", "err %d errno %d\n", efd, errno))
		goto close_prog;
	bytes = read(efd, buf, sizeof(buf));
	close(efd);
	if (CHECK(bytes <= 0 || bytes >= sizeof(buf), "read",

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 25 Column: 10 CWE codes: 120 20 

              	efd = open(buf, O_RDONLY, 0);
	if (CHECK(efd < 0, "open", "err %d errno %d\n", efd, errno))
		goto close_prog;
	bytes = read(efd, buf, sizeof(buf));
	close(efd);
	if (CHECK(bytes <= 0 || bytes >= sizeof(buf), "read",
		  "bytes %d errno %d\n", bytes, errno))
		goto close_prog;

Reported by FlawFinder.

tools/testing/selftests/proc/thread-self.c
3 issues
readlink - This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL.
Security

Line: 37 Column: 7 CWE codes: 362 20
Suggestion: Reconsider approach 

              	tid = sys_gettid();
	snprintf(buf1, sizeof(buf1), "%u/task/%u", pid, tid);

	rv = readlink("/proc/thread-self", buf2, sizeof(buf2));
	assert(rv == strlen(buf1));
	buf2[rv] = '\0';
	assert(streq(buf1, buf2));

	if (arg)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 29 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
int f(void *arg)
{
	char buf1[64], buf2[64];
	pid_t pid, tid;
	ssize_t rv;

	pid = sys_getpid();
	tid = sys_gettid();

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 38 Column: 15 CWE codes: 126 

              	snprintf(buf1, sizeof(buf1), "%u/task/%u", pid, tid);

	rv = readlink("/proc/thread-self", buf2, sizeof(buf2));
	assert(rv == strlen(buf1));
	buf2[rv] = '\0';
	assert(streq(buf1, buf2));

	if (arg)
		exit(0);

Reported by FlawFinder.

sound/xen/xen_snd_front_cfg.h
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 26 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };

struct xen_front_cfg_pcm_instance {
	char name[80];
	int device_id;
	struct snd_pcm_hardware pcm_hw;
	int  num_streams_pb;
	struct xen_front_cfg_stream *streams_pb;
	int  num_streams_cap;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 36 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };

struct xen_front_cfg_card {
	char name_short[32];
	char name_long[80];
	struct snd_pcm_hardware pcm_hw;
	int num_pcm_instances;
	struct xen_front_cfg_pcm_instance *pcm_instances;
};

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 37 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct xen_front_cfg_card {
	char name_short[32];
	char name_long[80];
	struct snd_pcm_hardware pcm_hw;
	int num_pcm_instances;
	struct xen_front_cfg_pcm_instance *pcm_instances;
};

Reported by FlawFinder.

tools/testing/selftests/arm64/mte/check_ksm_options.c
3 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 104 Column: 6 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              	int err, ret;

	err = KSFT_FAIL;
	if (access(PATH_KSM, F_OK) == -1) {
		ksft_print_msg("ERR: Kernel KSM config not enabled\n");
		return err;
	}

	mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 31 Column: 6 CWE codes: 362 

              	FILE *f;
	unsigned long val = 0;

	f = fopen(str, "r");
	if (!f) {
		ksft_print_msg("ERR: missing %s\n", str);
		return 0;
	}
	if (fscanf(f, "%lu", &val) != 1) {

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 48 Column: 6 CWE codes: 362 

              {
	FILE *f;

	f = fopen(str, "w");
	if (!f) {
		ksft_print_msg("ERR: missing %s\n", str);
		return;
	}
	fprintf(f, "%lu", val);

Reported by FlawFinder.

tools/perf/util/unwind-libunwind-local.c
3 issues
Dangerous assignment - the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.
Error

Line: 268 CWE codes: 562 

              
	*fde_count  = dw_read_encoded_value(enc, end, hdr.fde_count_enc);
	*segbase    = offset;
	*table_data = (enc - (u8 *) &hdr) + offset;
	return 0;
}

static int read_unwind_spec_eh_frame(struct dso *dso, struct machine *machine,
				     u64 *table_data, u64 *segbase,

Reported by Cppcheck.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 319 Column: 9 CWE codes: 362 

              		}

		if (ofs <= 0) {
			fd = open(dso->symsrc_filename, O_RDONLY);
			if (fd >= 0) {
				ofs = elf_section_offset(fd, ".debug_frame");
				close(fd);
			}
		}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 334 Column: 10 CWE codes: 362 

              				dso, DSO_BINARY_TYPE__DEBUGLINK,
				machine->root_dir, debuglink, PATH_MAX);
			if (!ret) {
				fd = open(debuglink, O_RDONLY);
				if (fd >= 0) {
					ofs = elf_section_offset(fd,
							".debug_frame");
					close(fd);
				}

Reported by FlawFinder.