The following issues were found
tools/gpio/gpio-utils.c
2 issues
Line: 85
Column: 2
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
req.offsets[i] = lines[i];
req.config = *config;
strcpy(req.consumer, consumer);
req.num_lines = num_lines;
ret = ioctl(fd, GPIO_V2_GET_LINE_IOCTL, &req);
if (ret == -1) {
ret = -errno;
Reported by FlawFinder.
Line: 72
Column: 7
CWE codes:
362
if (ret < 0)
return -ENOMEM;
fd = open(chrdev_name, 0);
if (fd == -1) {
ret = -errno;
fprintf(stderr, "Failed to open %s, %s\n",
chrdev_name, strerror(errno));
goto exit_free_name;
Reported by FlawFinder.
tools/arch/arm64/include/asm/barrier.h
2 issues
Line: 29
Column: 28
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define smp_store_release(p, v) \
do { \
union { typeof(*p) __val; char __c[1]; } __u = \
{ .__val = (v) }; \
\
switch (sizeof(*p)) { \
case 1: \
asm volatile ("stlrb %w1, %0" \
Reported by FlawFinder.
Line: 66
Column: 28
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define smp_load_acquire(p) \
({ \
union { typeof(*p) __val; char __c[1]; } __u = \
{ .__c = { 0 } }; \
\
switch (sizeof(*p)) { \
case 1: \
asm volatile ("ldarb %w0, %1" \
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c
2 issues
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sk_stg {
__u32 pid;
__u32 last_notclose_state;
char comm[16];
};
struct {
__uint(type, BPF_MAP_TYPE_SK_STORAGE);
__uint(map_flags, BPF_F_NO_PREALLOC);
Reported by FlawFinder.
Line: 30
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__type(value, int);
} del_sk_stg_map SEC(".maps");
char task_comm[16] = "";
SEC("tp_btf/inet_sock_set_state")
int BPF_PROG(trace_inet_sock_set_state, struct sock *sk, int oldstate,
int newstate)
{
Reported by FlawFinder.
sound/xen/xen_snd_front_cfg.c
2 issues
Line: 393
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ret, i, num_streams;
int num_pb, num_cap;
int cur_pb, cur_cap;
char node[3];
device_path = kasprintf(GFP_KERNEL, "%s/%d", path, node_index);
if (!device_path)
return -ENOMEM;
Reported by FlawFinder.
Line: 481
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct xenbus_device *xb_dev = front_info->xb_dev;
struct xen_front_cfg_card *cfg = &front_info->cfg;
int ret, num_devices, i;
char node[3];
*stream_cnt = 0;
num_devices = 0;
do {
snprintf(node, sizeof(node), "%d", num_devices);
Reported by FlawFinder.
tools/testing/selftests/powerpc/benchmarks/mmap_bench.c
2 issues
Line: 66
Column: 7
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
while (1) {
int option_index = 0;
c = getopt_long(argc, argv, "", options, &option_index);
if (c == -1)
break;
switch (c) {
Reported by FlawFinder.
Line: 80
Column: 17
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
exit(1);
break;
case 'i':
iterations = atoi(optarg);
break;
default:
usage();
exit(1);
}
Reported by FlawFinder.
tools/testing/selftests/pidfd/pidfd_wait.c
2 issues
Line: 56
Column: 10
CWE codes:
362
.si_signo = 0,
};
pidfd = open("/proc/self", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
ASSERT_GE(pidfd, 0);
pid = sys_waitid(P_PIDFD, pidfd, &info, WEXITED, NULL);
ASSERT_NE(pid, 0);
EXPECT_EQ(close(pidfd), 0);
Reported by FlawFinder.
Line: 64
Column: 10
CWE codes:
362
EXPECT_EQ(close(pidfd), 0);
pidfd = -1;
pidfd = open("/dev/null", O_RDONLY | O_CLOEXEC);
ASSERT_GE(pidfd, 0);
pid = sys_waitid(P_PIDFD, pidfd, &info, WEXITED, NULL);
ASSERT_NE(pid, 0);
EXPECT_EQ(close(pidfd), 0);
Reported by FlawFinder.
tools/testing/selftests/openat2/resolve_test.c
2 issues
Line: 59
Column: 8
CWE codes:
362
/* Make the top-level directory. */
if (!mkdtemp(dirname))
ksft_exit_fail_msg("setup_testdir: failed to create tmpdir\n");
dfd = open(dirname, O_PATH | O_DIRECTORY);
if (dfd < 0)
ksft_exit_fail_msg("setup_testdir: failed to open tmpdir\n");
/* A sub-directory which is actually used for tests. */
E_mkdirat(dfd, "root", 0755);
Reported by FlawFinder.
Line: 131
Column: 17
CWE codes:
362
E_asprintf(&procselfexe, "/proc/%d/exe", getpid());
rootfd = setup_testdir();
hardcoded_fd = open("/dev/null", O_RDONLY);
E_assert(hardcoded_fd >= 0, "open fd to hardcode");
E_asprintf(&hardcoded_fdpath, "self/fd/%d", hardcoded_fd);
struct basic_test tests[] = {
/** RESOLVE_BENEATH **/
Reported by FlawFinder.
tools/testing/selftests/powerpc/pmu/ebb/trace.c
2 issues
Line: 135
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
e->type = TRACE_TYPE_STRING;
p = (char *)e->data;
memcpy(p, str, len);
p += len;
*p = '\0';
return 0;
}
Reported by FlawFinder.
Line: 126
Column: 8
CWE codes:
126
char *p;
int len;
len = strlen(str);
/* We NULL terminate to make printing easier */
e = trace_alloc_entry(tb, len + 1);
if (!e)
return -ENOSPC;
Reported by FlawFinder.
tools/testing/selftests/openat2/helpers.h
2 issues
Line: 73
Column: 30
CWE codes:
362
Suggestion:
Use fchmod( ) instead
} while (0)
#define E_asprintf(...) E_func(asprintf, __VA_ARGS__)
#define E_chmod(...) E_func(chmod, __VA_ARGS__)
#define E_dup2(...) E_func(dup2, __VA_ARGS__)
#define E_fchdir(...) E_func(fchdir, __VA_ARGS__)
#define E_fstatat(...) E_func(fstatat, __VA_ARGS__)
#define E_kill(...) E_func(kill, __VA_ARGS__)
#define E_mkdirat(...) E_func(mkdirat, __VA_ARGS__)
Reported by FlawFinder.
Line: 81
Column: 33
CWE codes:
362
20
Suggestion:
Reconsider approach
#define E_mkdirat(...) E_func(mkdirat, __VA_ARGS__)
#define E_mount(...) E_func(mount, __VA_ARGS__)
#define E_prctl(...) E_func(prctl, __VA_ARGS__)
#define E_readlink(...) E_func(readlink, __VA_ARGS__)
#define E_setresuid(...) E_func(setresuid, __VA_ARGS__)
#define E_symlinkat(...) E_func(symlinkat, __VA_ARGS__)
#define E_touchat(...) E_func(touchat, __VA_ARGS__)
#define E_unshare(...) E_func(unshare, __VA_ARGS__)
Reported by FlawFinder.
tools/testing/kunit/qemu_configs/alpha.py
2 issues
Line: 1
Column: 1
from ..qemu_config import QemuArchParams
QEMU_ARCH = QemuArchParams(linux_arch='alpha',
kconfig='''
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y''',
qemu_arch='alpha',
kernel_path='arch/alpha/boot/vmlinux',
kernel_command_line='console=ttyS0',
Reported by Pylint.
Line: 1
Column: 1
from ..qemu_config import QemuArchParams
QEMU_ARCH = QemuArchParams(linux_arch='alpha',
kconfig='''
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y''',
qemu_arch='alpha',
kernel_path='arch/alpha/boot/vmlinux',
kernel_command_line='console=ttyS0',
Reported by Pylint.