The following issues were found
tools/testing/selftests/bpf/prog_tests/cls_redirect.c
2 issues
Line: 403
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (j = 0; j < ARRAY_SIZE(families); j++) {
struct tuple *tuple = &tuples[test->type][j];
char input[256];
char tmp[256];
test_str(tmp, sizeof(tmp), test, tuple->family);
if (!test__start_subtest(tmp))
continue;
Reported by FlawFinder.
Line: 404
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (j = 0; j < ARRAY_SIZE(families); j++) {
struct tuple *tuple = &tuples[test->type][j];
char input[256];
char tmp[256];
test_str(tmp, sizeof(tmp), test, tuple->family);
if (!test__start_subtest(tmp))
continue;
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/core_autosize.c
2 issues
Line: 108
Column: 7
CWE codes:
377
err = err ?: btf__add_field(btf, "val4", char_id, 144, 0);
ASSERT_OK(err, "struct_fields");
fd = mkstemp(btf_file);
if (CHECK(fd < 0, "btf_tmp", "failed to create file: %d\n", fd))
goto cleanup;
f = fdopen(fd, "w");
if (!ASSERT_OK_PTR(f, "btf_fdopen"))
goto cleanup;
Reported by FlawFinder.
Line: 165
Column: 2
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
if (!ASSERT_OK_PTR(skel->links.handle_probed, "prog_attach"))
goto cleanup;
usleep(1);
bss_map = bpf_object__find_map_by_name(skel->obj, "test_cor.bss");
if (!ASSERT_OK_PTR(bss_map, "bss_map_find"))
goto cleanup;
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/core_extern.c
2 issues
Line: 132
for (i = 0; i < ARRAY_SIZE(test_cases); i++) {
struct test_case *t = &test_cases[i];
DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts,
.kconfig = t->cfg,
);
if (!test__start_subtest(t->name))
continue;
Reported by Cppcheck.
Line: 154
Column: 3
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
if (CHECK(err, "attach_raw_tp", "failed attach: %d\n", err))
goto cleanup;
usleep(1);
t->data.kern_ver = kern_ver;
t->data.missing_val = 0xDEADC0DE;
got = (uint64_t *)skel->data;
exp = (uint64_t *)&t->data;
Reported by FlawFinder.
tools/perf/examples/bpf/augmented_syscalls.c
2 issues
Line: 34
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct augmented_filename {
unsigned int size;
int reserved;
char value[256];
};
#define augmented_filename_syscall(syscall) \
struct augmented_enter_##syscall##_args { \
struct syscall_enter_##syscall##_args args; \
Reported by FlawFinder.
Line: 82
Column: 28
CWE codes:
362
long mode;
};
augmented_filename_syscall(open);
struct syscall_enter_inotify_add_watch_args {
unsigned long long common_tp_fields;
long syscall_nr;
long fd;
Reported by FlawFinder.
tools/testing/selftests/futex/functional/futex_wait_wouldblock.c
2 issues
Line: 46
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int res, ret = RET_PASS;
int c;
while ((c = getopt(argc, argv, "cht:v:")) != -1) {
switch (c) {
case 'c':
log_color(1);
break;
case 'h':
Reported by FlawFinder.
Line: 55
Column: 18
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
usage(basename(argv[0]));
exit(0);
case 'v':
log_verbosity(atoi(optarg));
break;
default:
usage(basename(argv[0]));
exit(1);
}
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/fexit_stress.c
2 issues
Line: 10
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void test_fexit_stress(void)
{
char test_skb[128] = {};
int fexit_fd[CNT] = {};
int link_fd[CNT] = {};
__u32 duration = 0;
char error[4096];
__u32 prog_ret;
Reported by FlawFinder.
Line: 14
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int fexit_fd[CNT] = {};
int link_fd[CNT] = {};
__u32 duration = 0;
char error[4096];
__u32 prog_ret;
int err, i, filter_fd;
const struct bpf_insn trace_program[] = {
BPF_MOV64_IMM(BPF_REG_0, 0),
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/global_data.c
2 issues
Line: 43
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void test_global_data_string(struct bpf_object *obj, __u32 duration)
{
int i, err, map_fd;
char str[32];
map_fd = bpf_find_map(__func__, obj, "result_string");
if (CHECK_FAIL(map_fd < 0))
return;
Reported by FlawFinder.
Line: 52
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct {
char *name;
uint32_t key;
char str[32];
} tests[] = {
{ "relocate .rodata reference", 0, "abcdefghijklmnopqrstuvwxyz" },
{ "relocate .data reference", 1, "abcdefghijklmnopqrstuvwxyz" },
{ "relocate .bss reference", 2, "" },
{ "relocate .data reference", 3, "abcdexghijklmnopqrstuvwxyz" },
Reported by FlawFinder.
tools/perf/ui/util.c
2 issues
Line: 12
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
static int perf_stdio__error(const char *format, va_list args)
{
fprintf(stderr, "Error:\n");
vfprintf(stderr, format, args);
return 0;
}
static int perf_stdio__warning(const char *format, va_list args)
{
Reported by FlawFinder.
Line: 19
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
static int perf_stdio__warning(const char *format, va_list args)
{
fprintf(stderr, "Warning:\n");
vfprintf(stderr, format, args);
return 0;
}
static struct perf_error_ops default_eops =
{
Reported by FlawFinder.
tools/testing/selftests/bpf/prog_tests/kfree_skb.c
2 issues
Line: 15
__u32 cb32[5];
__u8 cb8[20];
} cb = {
.cb32[0] = 0x81828384,
};
static void on_sample(void *ctx, int cpu, void *data, __u32 size)
{
struct meta *meta = (struct meta *)data;
Reported by Cppcheck.
Line: 120
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!ASSERT_OK_PTR(pb, "perf_buf__new"))
goto close_prog;
memcpy(skb.cb, &cb, sizeof(cb));
err = bpf_prog_test_run_xattr(&tattr);
duration = tattr.duration;
CHECK(err || tattr.retval, "ipv6",
"err %d errno %d retval %d duration %d\n",
err, errno, tattr.retval, duration);
Reported by FlawFinder.
tools/perf/util/annotate.h
2 issues
Line: 213
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
int (*set_color)(void *obj, int color);
void (*set_percent_color)(void *obj, double percent, bool current);
int (*set_jumps_percent_color)(void *obj, int nr, bool current);
void (*printf)(void *obj, const char *fmt, ...);
void (*write_graph)(void *obj, int graph);
};
void annotation_line__write(struct annotation_line *al, struct annotation *notes,
struct annotation_write_ops *ops,
Reported by FlawFinder.
Line: 169
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline const char *percent_type_str(unsigned int type)
{
static const char *str[PERCENT_MAX] = {
"local hits",
"global hits",
"local period",
"global period",
};
Reported by FlawFinder.