The following issues were found

tools/testing/selftests/net/psock_lib.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 113 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static __maybe_unused void pair_udp_send_char(int fds[], int num, char payload)
{
	char buf[DATA_LEN], rbuf[DATA_LEN];

	memset(buf, payload, sizeof(buf));
	while (num--) {
		/* Should really handle EINTR and EAGAIN */
		if (write(fds[0], buf, sizeof(buf)) != sizeof(buf)) {

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 122 Column: 7 CWE codes: 120 20 

              			fprintf(stderr, "ERROR: send failed left=%d\n", num);
			exit(1);
		}
		if (read(fds[1], rbuf, sizeof(rbuf)) != sizeof(rbuf)) {
			fprintf(stderr, "ERROR: recv failed left=%d\n", num);
			exit(1);
		}
		if (memcmp(buf, rbuf, sizeof(buf))) {
			fprintf(stderr, "ERROR: data failed left=%d\n", num);

Reported by FlawFinder.

tools/testing/selftests/net/psock_fanout.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 145 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static void sock_fanout_set_ebpf(int fd)
{
	static char log_buf[65536];

	const int len_off = __builtin_offsetof(struct __sk_buff, len);
	struct bpf_insn prog[] = {
		{ BPF_ALU64 | BPF_MOV | BPF_X,   6, 1, 0, 0 },
		{ BPF_LDX   | BPF_W   | BPF_MEM, 0, 6, len_off, 0 },

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 411 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              			 const int expect1[], const int expect2[])
{
	const int expect0[] = { 0, 0 };
	char *rings[2];
	uint8_t type = typeflags & 0xFF;
	int fds[2], fds_udp[2][2], ret;

	fprintf(stderr, "\ntest: datapath 0x%hx ports %hu,%hu\n",
		typeflags, (uint16_t)PORT_BASE,

Reported by FlawFinder.

tools/testing/selftests/proc/proc-subset-pid.c
2 issues
readlink - This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL.
Security

Line: 114 Column: 11 CWE codes: 362 20
Suggestion: Reconsider approach 

              	}

	char c;
	int rv = readlink("/proc/cpuinfo", &c, 1);
	assert(rv == -1 && errno == ENOENT);

	int fd = open("/proc/cpuinfo", O_RDONLY);
	assert(fd == -1 && errno == ENOENT);

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 117 Column: 11 CWE codes: 362 

              	int rv = readlink("/proc/cpuinfo", &c, 1);
	assert(rv == -1 && errno == ENOENT);

	int fd = open("/proc/cpuinfo", O_RDONLY);
	assert(fd == -1 && errno == ENOENT);

	return 0;
}

Reported by FlawFinder.

tools/build/feature/test-reallocarray.c
2 issues
Return value of allocation function 'reallocarray' is not stored.
Error

Line: 7 CWE codes: 771 

              
int main(void)
{
	return !!reallocarray(NULL, 1, 1);
}

#undef _GNU_SOURCE

Reported by Cppcheck.

Return value of allocation function 'reallocarray' is not stored.
Error

Line: 7 CWE codes: 771 

              
int main(void)
{
	return !!reallocarray(NULL, 1, 1);
}

#undef _GNU_SOURCE

Reported by Cppcheck.

tools/perf/arch/x86/tests/insn-x86.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 56 Column: 18 CWE codes: 126 

              	};
	struct val_data *val;

	if (!op_str || !strlen(op_str))
		return 0;

	for (val = vals; val->name; val++) {
		if (!strcmp(val->name, op_str))
			return val->val;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 83 Column: 22 CWE codes: 126 

              	};
	struct val_data *val;

	if (!branch_str || !strlen(branch_str))
		return 0;

	for (val = vals; val->name; val++) {
		if (!strcmp(val->name, branch_str))
			return val->val;

Reported by FlawFinder.

tools/include/linux/compiler-gcc.h
2 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 39 Column: 46 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #ifndef __aligned
#define __aligned(x)	__attribute__((aligned(x)))
#endif
#define __printf(a, b)	__attribute__((format(printf, a, b)))
#define __scanf(a, b)	__attribute__((format(scanf, a, b)))

#if GCC_VERSION >= 50100
#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
#endif

Reported by FlawFinder.

scanf - The scanf() family's %s operation, without a limit specification, permits buffer overflows
Security

Line: 40 Column: 45 CWE codes: 120 20
Suggestion: Specify a limit to %s, or use a different input function 

              #define __aligned(x)	__attribute__((aligned(x)))
#endif
#define __printf(a, b)	__attribute__((format(printf, a, b)))
#define __scanf(a, b)	__attribute__((format(scanf, a, b)))

#if GCC_VERSION >= 50100
#define COMPILER_HAS_GENERIC_BUILTIN_OVERFLOW 1
#endif

Reported by FlawFinder.

tools/testing/radix-tree/main.c
2 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 290 Column: 16 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	int opt;
	unsigned int seed = time(NULL);

	while ((opt = getopt(argc, argv, "ls:v")) != -1) {
		if (opt == 'l')
			long_run = true;
		else if (opt == 's')
			seed = strtoul(optarg, NULL, 0);
		else if (opt == 'v')

Reported by FlawFinder.

srand - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 300 Column: 2 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              	}

	printf("random seed %u\n", seed);
	srand(seed);

	printf("running tests\n");

	rcu_register_thread();
	radix_tree_init();

Reported by FlawFinder.

tools/testing/selftests/net/hwtstamp_config.c
2 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 114 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              		return 1;
	}

	strcpy(ifr.ifr_name, argv[1]);
	ifr.ifr_data = (caddr_t)&config;

	if (ioctl(sock, (argc == 2) ? SIOCGHWTSTAMP : SIOCSHWTSTAMP, &ifr)) {
		perror("ioctl");
		return 1;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 93 Column: 35 CWE codes: 126 

              	const char *name;
	int sock;

	if ((argc != 2 && argc != 4) || (strlen(argv[1]) >= IFNAMSIZ)) {
		usage();
		return 2;
	}

	if (argc == 4) {

Reported by FlawFinder.

sound/usb/usx2y/usx2yhwdeppcm.c
2 issues
sprintf - Potential format string problem
Security

Line: 756 Column: 2 CWE codes: 134
Suggestion: Make format string constant 

              	pcm->private_data = usx2y(card)->subs;
	pcm->info_flags = 0;

	sprintf(pcm->name, NAME_ALLCAPS" hwdep Audio");
	snd_pcm_set_managed_buffer(pcm->streams[SNDRV_PCM_STREAM_PLAYBACK].substream,
				   SNDRV_DMA_TYPE_CONTINUOUS,
				   NULL,
				   64*1024, 128*1024);
	snd_pcm_set_managed_buffer(pcm->streams[SNDRV_PCM_STREAM_CAPTURE].substream,

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 744 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	hw->ops.release = snd_usx2y_hwdep_pcm_release;
	hw->ops.mmap = snd_usx2y_hwdep_pcm_mmap;
	hw->exclusive = 1;
	sprintf(hw->name, "/dev/bus/usb/%03d/%03d/hwdeppcm", dev->bus->busnum, dev->devnum);

	err = snd_pcm_new(card, NAME_ALLCAPS" hwdep Audio", 2, 1, 1, &pcm);
	if (err < 0)
		return err;

Reported by FlawFinder.

tools/testing/selftests/bpf/progs/test_stack_var_off.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 8 Column: 1 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
int probe_res;

char input[4] = {};
int test_pid;

SEC("tracepoint/syscalls/sys_enter_nanosleep")
int probe(void *ctx)
{

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	/* This BPF program performs variable-offset reads and writes on a
	 * stack-allocated buffer.
	 */
	char stack_buf[16];
	unsigned long len;
	unsigned long last;

	if ((bpf_get_current_pid_tgid() >> 32) != test_pid)
		return 0;

Reported by FlawFinder.