The following issues were found
tools/perf/tests/openat-syscall-all-cpus.c
2 issues
Line: 30
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int nr_openat_calls = 111, i;
cpu_set_t cpu_set;
struct perf_thread_map *threads = thread_map__new(-1, getpid(), UINT_MAX);
char sbuf[STRERR_BUFSIZE];
char errbuf[BUFSIZ];
if (threads == NULL) {
pr_debug("thread_map__new\n");
return -1;
Reported by FlawFinder.
Line: 31
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
cpu_set_t cpu_set;
struct perf_thread_map *threads = thread_map__new(-1, getpid(), UINT_MAX);
char sbuf[STRERR_BUFSIZE];
char errbuf[BUFSIZ];
if (threads == NULL) {
pr_debug("thread_map__new\n");
return -1;
}
Reported by FlawFinder.
tools/perf/ui/gtk/progress.c
2 issues
Line: 35
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
gtk_progress_bar_set_fraction(GTK_PROGRESS_BAR(progress), fraction);
snprintf(buf, sizeof(buf), "%"PRIu64" / %"PRIu64, p->curr, p->total);
gtk_progress_bar_set_text(GTK_PROGRESS_BAR(progress), buf);
/* we didn't call gtk_main yet, so do it manually */
while (gtk_events_pending())
gtk_main_iteration();
Reported by FlawFinder.
Line: 13
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void gtk_ui_progress__update(struct ui_progress *p)
{
double fraction = p->total ? 1.0 * p->curr / p->total : 0.0;
char buf[1024];
if (dialog == NULL) {
GtkWidget *vbox = gtk_vbox_new(TRUE, 5);
GtkWidget *label = gtk_label_new(p->title);
Reported by FlawFinder.
tools/build/feature/test-cplus-demangle.c
2 issues
Line: 2
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
// SPDX-License-Identifier: GPL-2.0
extern int printf(const char *format, ...);
extern char *cplus_demangle(const char *, int);
int main(void)
{
char symbol[4096] = "FieldName__9ClassNameFd";
char *tmp;
Reported by FlawFinder.
Line: 7
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(void)
{
char symbol[4096] = "FieldName__9ClassNameFd";
char *tmp;
tmp = cplus_demangle(symbol, 0);
printf("demangled symbol: {%s}\n", tmp);
Reported by FlawFinder.
tools/testing/selftests/kvm/kvm_page_table_test.c
2 issues
Line: 477
Column: 16
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
guest_modes_append_default();
while ((opt = getopt(argc, argv, "hp:m:b:v:s:")) != -1) {
switch (opt) {
case 'p':
p.phys_offset = strtoull(optarg, NULL, 0);
break;
case 'm':
Reported by FlawFinder.
Line: 489
Column: 15
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
p.test_mem_size = parse_size(optarg);
break;
case 'v':
nr_vcpus = atoi(optarg);
TEST_ASSERT(nr_vcpus > 0 && nr_vcpus <= max_vcpus,
"Invalid number of vcpus, must be between 1 and %d", max_vcpus);
break;
case 's':
p.src_type = parse_backing_src_type(optarg);
Reported by FlawFinder.
tools/perf/ui/helpline.c
2 issues
Line: 48
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
char *s;
if (vasprintf(&s, fmt, ap) < 0)
vfprintf(stderr, fmt, ap);
else {
ui_helpline__push(s);
free(s);
}
}
Reported by FlawFinder.
Line: 9
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "helpline.h"
#include "ui.h"
char ui_helpline__current[512];
static void nop_helpline__pop(void)
{
}
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/cgroup_attach_autodetach.c
2 issues
Line: 63
Column: 17
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
prog_ids, &prog_cnt),
"prog_query", "errno=%d\n", errno))
goto err;
if (CHECK_FAIL(system(PING_CMD)))
goto err;
/* allocate some memory (4Mb) to pin the original cgroup */
ptr = malloc(4 * (1 << 20));
if (CHECK_FAIL(!ptr))
Reported by FlawFinder.
Line: 9
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PING_CMD "ping -q -c1 -w1 127.0.0.1 > /dev/null"
static char bpf_log_buf[BPF_LOG_BUF_SIZE];
static int prog_load(void)
{
struct bpf_insn prog[] = {
BPF_MOV64_IMM(BPF_REG_0, 1), /* r0 = 1 */
Reported by FlawFinder.
tools/testing/selftests/kvm/include/kvm_util.h
2 issues
Line: 341
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define sync_global_to_guest(vm, g) ({ \
typeof(g) *_p = addr_gva2hva(vm, (vm_vaddr_t)&(g)); \
memcpy(_p, &(g), sizeof(g)); \
})
#define sync_global_from_guest(vm, g) ({ \
typeof(g) *_p = addr_gva2hva(vm, (vm_vaddr_t)&(g)); \
memcpy(&(g), _p, sizeof(g)); \
Reported by FlawFinder.
Line: 346
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define sync_global_from_guest(vm, g) ({ \
typeof(g) *_p = addr_gva2hva(vm, (vm_vaddr_t)&(g)); \
memcpy(&(g), _p, sizeof(g)); \
})
void assert_on_unhandled_exception(struct kvm_vm *vm, uint32_t vcpuid);
/* Common ucalls */
Reported by FlawFinder.
tools/testing/selftests/kvm/hardware_disable_test.c
2 issues
Line: 61
Column: 8
CWE codes:
362
int fd;
while (true) {
fd = open("/dev/null", O_RDWR);
close(fd);
}
TEST_ASSERT(false, "%s: exited\n", __func__);
pthread_exit(NULL);
}
Reported by FlawFinder.
Line: 184
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
wait_for_child_setup(pid);
r = (rand() % DELAY_US_MAX) + 1;
pr_debug("%s: [%d] waiting %dus\n", __func__, i, r);
usleep(r);
r = waitpid(pid, &s, WNOHANG);
TEST_ASSERT(r != pid,
"%s: [%d] child exited unexpectedly status: [%d]",
__func__, i, s);
pr_debug("%s: [%d] killing child\n", __func__, i);
Reported by FlawFinder.
tools/testing/selftests/kselftest_harness.h
2 issues
Line: 130
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
* and runs "statement", which is usually "return" or "goto skip".
*/
#define SKIP(statement, fmt, ...) do { \
snprintf(_metadata->results->reason, \
sizeof(_metadata->results->reason), fmt, ##__VA_ARGS__); \
if (TH_LOG_ENABLED) { \
fprintf(TH_LOG_STREAM, "# SKIP %s\n", \
_metadata->results->reason); \
} \
Reported by FlawFinder.
Line: 775
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct __test_results {
char reason[1024]; /* Reason for test result */
};
struct __test_metadata;
struct __fixture_variant_metadata;
Reported by FlawFinder.
tools/testing/selftests/kcmp/kcmp_test.c
2 issues
Line: 42
Column: 8
CWE codes:
362
int status;
int fddup;
fd1 = open(kpath, O_RDWR | O_CREAT | O_TRUNC, 0644);
pid1 = getpid();
if (fd1 < 0) {
perror("Can't create file");
ksft_exit_fail();
Reported by FlawFinder.
Line: 91
Column: 9
CWE codes:
362
int pid2 = getpid();
int ret;
fd2 = open(kpath, O_RDWR, 0644);
if (fd2 < 0) {
perror("Can't open file");
ksft_exit_fail();
}
Reported by FlawFinder.