The following issues were found
tools/testing/selftests/bpf/progs/test_d_path.c
2 issues
Line: 13
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pid_t my_pid = 0;
__u32 cnt_stat = 0;
__u32 cnt_close = 0;
char paths_stat[MAX_FILES][MAX_PATH_LEN] = {};
char paths_close[MAX_FILES][MAX_PATH_LEN] = {};
int rets_stat[MAX_FILES] = {};
int rets_close[MAX_FILES] = {};
int called_stat = 0;
Reported by FlawFinder.
Line: 14
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__u32 cnt_stat = 0;
__u32 cnt_close = 0;
char paths_stat[MAX_FILES][MAX_PATH_LEN] = {};
char paths_close[MAX_FILES][MAX_PATH_LEN] = {};
int rets_stat[MAX_FILES] = {};
int rets_close[MAX_FILES] = {};
int called_stat = 0;
int called_close = 0;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_global_func1.c
2 issues
Line: 20
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__attribute__ ((noinline))
int f1(struct __sk_buff *skb)
{
volatile char buf[MAX_STACK] = {};
return f0(0, skb) + skb->len;
}
int f3(int, struct __sk_buff *skb, int);
Reported by FlawFinder.
Line: 36
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__attribute__ ((noinline))
int f3(int val, struct __sk_buff *skb, int var)
{
volatile char buf[MAX_STACK] = {};
return skb->ifindex * val * var;
}
SEC("classifier/test")
Reported by FlawFinder.
tools/perf/util/target.c
2 issues
Line: 175
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
case TARGET_ERRNO__INVALID_UID:
case TARGET_ERRNO__USER_NOT_FOUND:
snprintf(buf, buflen, msg, target->uid_str);
break;
default:
/* cannot reach here */
break;
Reported by FlawFinder.
Line: 100
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum target_errno target__parse_uid(struct target *target)
{
struct passwd pwd, *result;
char buf[1024];
const char *str = target->uid_str;
target->uid = UINT_MAX;
if (str == NULL)
return TARGET_ERRNO__SUCCESS;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_pkt_access.c
2 issues
Line: 55
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__attribute__ ((noinline))
int get_skb_len(struct __sk_buff *skb)
{
volatile char buf[MAX_STACK] = {};
return skb->len;
}
__attribute__ ((noinline))
Reported by FlawFinder.
Line: 77
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__attribute__ ((noinline))
int get_skb_ifindex(int val, struct __sk_buff *skb, int var)
{
volatile char buf[MAX_STACK] = {};
return skb->ifindex * val * var;
}
__attribute__ ((noinline))
Reported by FlawFinder.
tools/bpf/bpftool/pids.c
2 issues
Line: 93
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int build_obj_refs_table(struct obj_refs_table *table, enum bpf_obj_type type)
{
struct pid_iter_entry *e;
char buf[4096 / sizeof(*e) * sizeof(*e)];
struct pid_iter_bpf *skel;
int err, ret, fd = -1, i;
libbpf_print_fn_t default_print;
hash_init(table->table);
Reported by FlawFinder.
Line: 135
Column: 9
CWE codes:
120
20
}
while (true) {
ret = read(fd, buf, sizeof(buf));
if (ret < 0) {
if (errno == EAGAIN)
continue;
err = -errno;
p_err("failed to read PID iterator output: %d", err);
Reported by FlawFinder.
tools/perf/util/strfilter.c
2 issues
Line: 292
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
default:
len = strlen(node->p);
if (buf)
strcpy(buf, node->p);
}
return len;
}
Reported by FlawFinder.
Line: 290
Column: 9
CWE codes:
126
len += rlen;
break;
default:
len = strlen(node->p);
if (buf)
strcpy(buf, node->p);
}
return len;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_seg6_loop.c
2 issues
Line: 50
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sr6_tlv_t {
unsigned char type;
unsigned char len;
unsigned char value[0];
} BPF_PACKET_HEADER;
static __always_inline struct ip6_srh_t *get_srh(struct __sk_buff *skb)
{
void *cursor, *data_end;
Reported by FlawFinder.
Line: 101
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (new_pad > 0) {
char pad_tlv_buf[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0};
struct sr6_tlv_t *pad_tlv = (struct sr6_tlv_t *) pad_tlv_buf;
pad_tlv->type = SR6_TLV_PADDING;
pad_tlv->len = new_pad - 2;
Reported by FlawFinder.
tools/perf/util/stream.c
2 issues
Line: 228
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct callchain_node *base_cnode = base_stream->cnode;
struct callchain_node *pair_cnode = base_stream->pair_cnode;
struct callchain_list *base_chain, *pair_chain;
char buf1[512], buf2[512], cbuf1[256], cbuf2[256];
char *s1, *s2;
double pct;
printf("\nhot chain pair %d:\n", idx);
Reported by FlawFinder.
Line: 272
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct callchain_node *cnode = stream->cnode;
struct callchain_list *chain;
char buf[512], cbuf[256], *s;
double pct;
printf("\nhot chain %d:\n", idx);
pct = (double)cnode->hit / (double)es->streams_hits;
Reported by FlawFinder.
tools/testing/selftests/powerpc/math/fpu_denormal.c
2 issues
Line: 26
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* try to induce lfs <denormal> ; stfd */
m32 = 0x00715fcf; /* random denormal */
memcpy((float *)&f, &m32, sizeof(f));
d = f;
memcpy(&m64, (double *)&d, sizeof(d));
FAIL_IF((long)(m64 != 0x380c57f3c0000000)); /* renormalised value */
Reported by FlawFinder.
Line: 28
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m32 = 0x00715fcf; /* random denormal */
memcpy((float *)&f, &m32, sizeof(f));
d = f;
memcpy(&m64, (double *)&d, sizeof(d));
FAIL_IF((long)(m64 != 0x380c57f3c0000000)); /* renormalised value */
return 0;
}
Reported by FlawFinder.
tools/gpio/gpio-watch.c
2 issues
Line: 35
Column: 7
CWE codes:
362
if (argc < 3)
goto err_usage;
fd = open(argv[1], O_RDWR | O_CLOEXEC);
if (fd < 0) {
perror("unable to open gpiochip");
return EXIT_FAILURE;
}
Reported by FlawFinder.
Line: 65
Column: 9
CWE codes:
120
20
return EXIT_FAILURE;
} else if (ret > 0) {
memset(&chg, 0, sizeof(chg));
rd = read(pfd.fd, &chg, sizeof(chg));
if (rd < 0 || rd != sizeof(chg)) {
if (rd != sizeof(chg))
errno = EIO;
perror("error reading line change event");
Reported by FlawFinder.