The following issues were found
tools/testing/selftests/net/tcp_inq.c
3 issues
Line: 108
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int server_fd, fd;
char *buf;
while ((c = getopt(argc, argv, "46p:")) != -1) {
switch (c) {
case '4':
family = PF_INET;
addr_len = sizeof(struct sockaddr_in);
break;
Reported by FlawFinder.
Line: 101
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sockaddr_storage listen_addr, addr;
int c, one = 1, inq = -1;
pthread_t server_thread;
char cmsgbuf[CMSG_SIZE];
struct iovec iov[1];
struct cmsghdr *cm;
struct msghdr msg;
int server_fd, fd;
char *buf;
Reported by FlawFinder.
Line: 119
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
addr_len = sizeof(struct sockaddr_in6);
break;
case 'p':
port = atoi(optarg);
break;
}
}
server_fd = socket(family, SOCK_STREAM, 0);
Reported by FlawFinder.
tools/perf/util/event.h
2 issues
Line: 152
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u16 ins_lat;
u16 p_stage_cyc;
bool no_hw_idx; /* No hw_idx collected in branch_stack */
char insn[MAX_INSN];
void *raw_data;
struct ip_callchain *callchain;
struct branch_stack *branch_stack;
struct regs_dump user_regs;
struct regs_dump intr_regs;
Reported by FlawFinder.
Line: 159
Column: 21
CWE codes:
120
20
struct regs_dump user_regs;
struct regs_dump intr_regs;
struct stack_dump user_stack;
struct sample_read read;
struct aux_sample aux_sample;
};
#define PERF_MEM_DATA_SRC_NONE \
(PERF_MEM_S(OP, NA) |\
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/netif_receive_skb.c
2 issues
Line: 54
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if __has_builtin(__builtin_btf_type_id)
#define TEST_BTF(_str, _type, _flags, _expected, ...) \
do { \
static const char _expectedval[EXPECTED_STRSIZE] = \
_expected; \
static const char _ptrtype[64] = #_type; \
__u64 _hflags = _flags | BTF_F_COMPACT; \
static _type _ptrdata = __VA_ARGS__; \
static struct btf_ptr _ptr = { }; \
Reported by FlawFinder.
Line: 56
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
do { \
static const char _expectedval[EXPECTED_STRSIZE] = \
_expected; \
static const char _ptrtype[64] = #_type; \
__u64 _hflags = _flags | BTF_F_COMPACT; \
static _type _ptrdata = __VA_ARGS__; \
static struct btf_ptr _ptr = { }; \
int _cmp; \
\
Reported by FlawFinder.
tools/testing/selftests/splice/splice_read.c
2 issues
Line: 23
Column: 7
CWE codes:
362
return EXIT_FAILURE;
}
fd = open(argv[1], O_RDONLY);
if (fd < 0) {
perror(argv[1]);
return EXIT_FAILURE;
}
Reported by FlawFinder.
Line: 30
Column: 10
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
if (argc == 3)
size = atol(argv[2]);
else {
struct stat statbuf;
if (fstat(fd, &statbuf) < 0) {
perror(argv[1]);
Reported by FlawFinder.
tools/lib/traceevent/parse-utils.c
2 issues
Line: 21
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
errno = 0;
fprintf(stderr, " ");
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
}
void __warning(const char *fmt, ...)
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
void __vpr_stat(const char *fmt, va_list ap)
{
vprintf(fmt, ap);
printf("\n");
}
void __pr_stat(const char *fmt, ...)
{
Reported by FlawFinder.
tools/perf/util/thread.c
2 issues
Line: 277
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int thread__set_comm_from_proc(struct thread *thread)
{
char path[64];
char *comm = NULL;
size_t sz;
int err = -1;
if (!(snprintf(path, sizeof(path), "%d/task/%d/comm",
Reported by FlawFinder.
Line: 320
Column: 22
CWE codes:
126
const char *comm = thread__comm_str(thread);
if (!comm)
return 0;
thread->comm_len = strlen(comm);
}
return thread->comm_len;
}
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/strobemeta.h
2 issues
Line: 187
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* (and so on); str_lens[i], key_lens[i] and val_lens[i] determines
* value length
*/
char payload[STROBE_MAX_PAYLOAD];
};
struct strobelight_bpf_sample {
uint64_t ktime;
char comm[TASK_COMM_LEN];
Reported by FlawFinder.
Line: 192
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct strobelight_bpf_sample {
uint64_t ktime;
char comm[TASK_COMM_LEN];
pid_t pid;
int user_stack_id;
int kernel_stack_id;
int has_meta;
struct strobemeta_payload metadata;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_core_extern.c
2 issues
Line: 21
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern uint16_t CONFIG_USHORT __kconfig __weak;
extern int CONFIG_INT __kconfig __weak;
extern uint64_t CONFIG_ULONG __kconfig __weak;
extern const char CONFIG_STR[8] __kconfig __weak;
extern uint64_t CONFIG_MISSING __kconfig __weak;
uint64_t kern_ver = -1;
uint64_t bpf_syscall = -1;
uint64_t tristate_val = -1;
Reported by FlawFinder.
Line: 32
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint64_t ushort_val = -1;
uint64_t int_val = -1;
uint64_t ulong_val = -1;
char str_val[8] = {-1, -1, -1, -1, -1, -1, -1, -1};
uint64_t missing_val = -1;
SEC("raw_tp/sys_enter")
int handle_sys_enter(struct pt_regs *ctx)
{
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_core_reloc_bitfields_direct.c
2 issues
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char _license[] SEC("license") = "GPL";
struct {
char in[256];
char out[256];
} data = {};
struct core_reloc_bitfields {
/* unsigned bitfields */
Reported by FlawFinder.
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char in[256];
char out[256];
} data = {};
struct core_reloc_bitfields {
/* unsigned bitfields */
uint8_t ub1: 1;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_core_reloc_bitfields_probed.c
2 issues
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char _license[] SEC("license") = "GPL";
struct {
char in[256];
char out[256];
} data = {};
struct core_reloc_bitfields {
/* unsigned bitfields */
Reported by FlawFinder.
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char in[256];
char out[256];
} data = {};
struct core_reloc_bitfields {
/* unsigned bitfields */
uint8_t ub1: 1;
Reported by FlawFinder.