The following issues were found
tools/testing/selftests/arm64/mte/check_mmap_options.c
2 issues
Line: 141
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mte_switch_mode(mode, MTE_ALLOW_NON_ZERO_TAG);
for (run = 0; run < total; run++) {
map_size = sizes[run] + OVERFLOW + UNDERFLOW;
ptr = (char *)mte_allocate_memory_tag_range(sizes[run], mem_type, mapping,
UNDERFLOW, OVERFLOW);
if (check_allocated_memory_range(ptr, sizes[run], mem_type,
UNDERFLOW, OVERFLOW) != KSFT_PASS)
return KSFT_FAIL;
map_ptr = ptr - UNDERFLOW;
Reported by FlawFinder.
Line: 162
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fd = create_temp_file();
if (fd == -1)
return KSFT_FAIL;
ptr = (char *)mte_allocate_file_memory_tag_range(sizes[run], mem_type, mapping,
UNDERFLOW, OVERFLOW, fd);
if (check_allocated_memory_range(ptr, sizes[run], mem_type,
UNDERFLOW, OVERFLOW) != KSFT_PASS) {
close(fd);
return KSFT_FAIL;
Reported by FlawFinder.
tools/perf/arch/powerpc/tests/dwarf-unwind.c
2 issues
Line: 42
CWE codes:
401
memcpy(buf, (void *) sp, stack_size);
stack->data = (char *) buf;
stack->size = stack_size;
return 0;
}
int test__arch_unwind_sample(struct perf_sample *sample,
struct thread *thread)
{
Reported by Cppcheck.
Line: 39
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stack_size = map->end - sp;
stack_size = stack_size > STACK_SIZE ? STACK_SIZE : stack_size;
memcpy(buf, (void *) sp, stack_size);
stack->data = (char *) buf;
stack->size = stack_size;
return 0;
}
Reported by FlawFinder.
tools/testing/selftests/arm64/mte/check_user_mem.c
2 issues
Line: 46
Column: 13
CWE codes:
120
20
}
mte_initialize_current_context(mode, (uintptr_t)ptr, len);
/* Copy from file into buffer with valid tag */
read_len = read(fd, ptr, len);
mte_wait_after_trig();
if (cur_mte_cxt.fault_valid || read_len < len)
goto usermem_acc_err;
/* Verify same pattern is read */
for (i = 0; i < len; i++)
Reported by FlawFinder.
Line: 64
Column: 13
CWE codes:
120
20
lseek(fd, 0, 0);
/* Copy from file into buffer with invalid tag */
read_len = read(fd, ptr, len);
mte_wait_after_trig();
/*
* Accessing user memory in kernel with invalid tag should fail in sync
* mode without fault but may not fail in async mode as per the
* implemented MTE userspace support in Arm64 kernel.
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/test_sysctl_loop2.c
2 issues
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static __attribute__((noinline)) int is_tcp_mem(struct bpf_sysctl *ctx)
{
unsigned char i;
char name[sizeof(tcp_mem_name)];
int ret;
memset(name, 0, sizeof(name));
ret = bpf_sysctl_get_name(ctx, name, sizeof(name), 0);
if (ret < 0 || ret != sizeof(tcp_mem_name) - 1)
Reported by FlawFinder.
Line: 46
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int sysctl_tcp_mem(struct bpf_sysctl *ctx)
{
unsigned long tcp_mem[TCP_MEM_LOOPS] = {};
char value[MAX_VALUE_STR_LEN];
unsigned char i, off = 0;
int ret;
if (ctx->write)
return 0;
Reported by FlawFinder.
tools/perf/arch/powerpc/util/sym-handling.c
2 issues
Line: 25
Column: 6
CWE codes:
126
#endif
/* Avoid "SyS" kernel syscall aliases */
if (strlen(sym) >= 3 && !strncmp(sym, "SyS", 3))
return SYMBOL_B;
if (strlen(sym) >= 10 && !strncmp(sym, "compat_SyS", 10))
return SYMBOL_B;
return SYMBOL_A;
Reported by FlawFinder.
Line: 27
Column: 6
CWE codes:
126
/* Avoid "SyS" kernel syscall aliases */
if (strlen(sym) >= 3 && !strncmp(sym, "SyS", 3))
return SYMBOL_B;
if (strlen(sym) >= 10 && !strncmp(sym, "compat_SyS", 10))
return SYMBOL_B;
return SYMBOL_A;
}
Reported by FlawFinder.
tools/perf/arch/s390/annotate/instructions.c
2 issues
Line: 149
Column: 8
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
* cpuid string format:
* "IBM,family,model-capacity,model[,cpum_cf-version,cpum_cf-authorization]"
*/
ret = sscanf(cpuid, "%*[^,],%u,%[^,],%[^,],%[^,],%s", &family, model_c,
model, cpumf_v, cpumf_a);
if (ret >= 2) {
arch->family = family;
arch->model = 0;
return 0;
Reported by FlawFinder.
Line: 142
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int s390__cpuid_parse(struct arch *arch, char *cpuid)
{
unsigned int family;
char model[16], model_c[16], cpumf_v[16], cpumf_a[16];
int ret;
/*
* cpuid string format:
* "IBM,family,model-capacity,model[,cpum_cf-version,cpum_cf-authorization]"
Reported by FlawFinder.
tools/perf/arch/csky/util/dwarf-regs.c
2 issues
Line: 10
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(__CSKYABIV2__)
#define CSKY_MAX_REGS 73
const char *csky_dwarf_regs_table[CSKY_MAX_REGS] = {
/* r0 ~ r8 */
"%a0", "%a1", "%a2", "%a3", "%regs0", "%regs1", "%regs2", "%regs3",
/* r9 ~ r15 */
"%regs4", "%regs5", "%regs6", "%regs7", "%regs8", "%regs9", "%sp",
"%lr",
Reported by FlawFinder.
Line: 31
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
#else
#define CSKY_MAX_REGS 57
const char *csky_dwarf_regs_table[CSKY_MAX_REGS] = {
/* r0 ~ r8 */
"%sp", "%regs9", "%a0", "%a1", "%a2", "%a3", "%regs0", "%regs1",
/* r9 ~ r15 */
"%regs2", "%regs3", "%regs4", "%regs5", "%regs6", "%regs7", "%regs8",
"%lr",
Reported by FlawFinder.
tools/perf/arch/s390/util/machine.c
2 issues
Line: 15
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int arch__fix_module_text_start(u64 *start, u64 *size, const char *name)
{
u64 m_start = *start;
char path[PATH_MAX];
snprintf(path, PATH_MAX, "module/%.*s/sections/.text",
(int)strlen(name) - 2, name + 1);
if (sysfs__read_ull(path, (unsigned long long *)start) < 0) {
pr_debug2("Using module %s start:%#lx\n", path, m_start);
Reported by FlawFinder.
Line: 18
Column: 10
CWE codes:
126
char path[PATH_MAX];
snprintf(path, PATH_MAX, "module/%.*s/sections/.text",
(int)strlen(name) - 2, name + 1);
if (sysfs__read_ull(path, (unsigned long long *)start) < 0) {
pr_debug2("Using module %s start:%#lx\n", path, m_start);
*start = m_start;
} else {
/* Successful read of the modules segment text start address.
Reported by FlawFinder.
tools/testing/selftests/arm64/pauth/pac.c
2 issues
Line: 146
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
close(new_stdout[0]);
close(new_stdout[1]);
ret = execl("exec_target", "exec_target", (char *)NULL);
if (ret == -1) {
perror("exec returned error");
exit(1);
}
}
Reported by FlawFinder.
tools/perf/arch/x86/tests/dwarf-unwind.c
2 issues
Line: 49
CWE codes:
401
#endif
stack->data = (char *) buf;
stack->size = stack_size;
return 0;
}
int test__arch_unwind_sample(struct perf_sample *sample,
struct thread *thread)
{
Reported by Cppcheck.
Line: 39
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stack_size = map->end - sp;
stack_size = stack_size > STACK_SIZE ? STACK_SIZE : stack_size;
memcpy(buf, (void *) sp, stack_size);
#ifdef MEMORY_SANITIZER
/*
* Copying the stack may copy msan poison, avoid false positives in the
* unwinder by removing the poison here.
*/
Reported by FlawFinder.