The following issues were found

tools/perf/util/arm-spe.c
2 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 843 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	if (!dump_trace)
		return;

	fprintf(stdout, arm_spe_info_fmts[ARM_SPE_PMU_TYPE], arr[ARM_SPE_PMU_TYPE]);
}

struct arm_spe_synth {
	struct perf_tool dummy_tool;
	struct perf_session *session;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 99 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct arm_spe_pkt packet;
	size_t pos = 0;
	int ret, pkt_len, i;
	char desc[ARM_SPE_PKT_DESC_MAX];
	const char *color = PERF_COLOR_BLUE;

	color_fprintf(stdout, color,
		      ". ... ARM SPE data: size %zu bytes\n",
		      len);

Reported by FlawFinder.

tools/testing/selftests/bpf/progs/test_tracepoint.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 10 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              /* taken from /sys/kernel/debug/tracing/events/sched/sched_switch/format */
struct sched_switch_args {
	unsigned long long pad;
	char prev_comm[16];
	int prev_pid;
	int prev_prio;
	long long prev_state;
	char next_comm[16];
	int next_pid;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 14 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int prev_pid;
	int prev_prio;
	long long prev_state;
	char next_comm[16];
	int next_pid;
	int next_prio;
};

SEC("tracepoint/sched/sched_switch")

Reported by FlawFinder.

tools/testing/selftests/futex/functional/futex_requeue_pi_mismatched_ops.c
2 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 60 Column: 14 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	pthread_t child;
	int c;

	while ((c = getopt(argc, argv, "chv:")) != -1) {
		switch (c) {
		case 'c':
			log_color(1);
			break;
		case 'h':

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 69 Column: 18 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              			usage(basename(argv[0]));
			exit(0);
		case 'v':
			log_verbosity(atoi(optarg));
			break;
		default:
			usage(basename(argv[0]));
			exit(1);
		}

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #include <sys/fcntl.h>

#define STACK_SIZE (1024 * 1024)
static char child_stack[STACK_SIZE];

static int test_current_pid_tgid(void *args)
{
	struct test_ns_current_pid_tgid__bss  *bss;
	struct test_ns_current_pid_tgid *skel;

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 49 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		goto cleanup;

	/* trigger tracepoint */
	usleep(1);
	ASSERT_EQ(bss->user_pid, pid, "pid");
	ASSERT_EQ(bss->user_tgid, tgid, "tgid");
	err = 0;

cleanup:

Reported by FlawFinder.

tools/testing/selftests/exec/recursion-depth.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 55 Column: 19 CWE codes: 126 

              		return 1;
	}
#define S "#!" FILENAME "\n"
	if (write(fd, S, strlen(S)) != strlen(S)) {
		fprintf(stderr, "error: write, errno %d\n", errno);
		return 1;
	}
	close(fd);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 55 Column: 33 CWE codes: 126 

              		return 1;
	}
#define S "#!" FILENAME "\n"
	if (write(fd, S, strlen(S)) != strlen(S)) {
		fprintf(stderr, "error: write, errno %d\n", errno);
		return 1;
	}
	close(fd);

Reported by FlawFinder.

tools/bpf/bpftool/json_writer.c
2 issues
vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 165 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              {
	jsonw_eor(self);
	putc('"', self->out);
	vfprintf(self->out, fmt, ap);
	putc('"', self->out);
}

void jsonw_printf(json_writer_t *self, const char *fmt, ...)
{

Reported by FlawFinder.

vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 175 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              
	va_start(ap, fmt);
	jsonw_eor(self);
	vfprintf(self->out, fmt, ap);
	va_end(ap);
}

/* Collections */
void jsonw_start_object(json_writer_t *self)

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/probe_user.c
2 issues
syntax error
Error

Line: 8 

              {
	const char *prog_name = "kprobe/__sys_connect";
	const char *obj_file = "./test_probe_user.o";
	DECLARE_LIBBPF_OPTS(bpf_object_open_opts, opts, );
	int err, results_map_fd, sock_fd, duration = 0;
	struct sockaddr curr, orig, tmp;
	struct sockaddr_in *in = (struct sockaddr_in *)&curr;
	struct bpf_link *kprobe_link = NULL;
	struct bpf_program *kprobe_prog;

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 43 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	in->sin_family = AF_INET;
	in->sin_port = htons(5555);
	in->sin_addr.s_addr = inet_addr("255.255.255.255");
	memcpy(&orig, &curr, sizeof(curr));

	sock_fd = socket(AF_INET, SOCK_STREAM, 0);
	if (CHECK(sock_fd < 0, "create_sock_fd", "err %d\n", sock_fd))
		goto cleanup;

Reported by FlawFinder.

tools/include/linux/lockdep.h
2 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 52 Column: 29 CWE codes: 134
Suggestion: Use a constant for the format specification 

              
#define KSYM_NAME_LEN 128
#define printk(...) dprintf(STDOUT_FILENO, __VA_ARGS__)
#define pr_err(format, ...) fprintf (stderr, format, ## __VA_ARGS__)
#define pr_warn pr_err
#define pr_cont pr_err

#define list_del_rcu list_del

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 34 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	gfp_t lockdep_reclaim_gfp;
	int pid;
	int state;
	char comm[17];
};

#define TASK_RUNNING 0

extern struct task_struct *__curr(void);

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/raw_tp_test_run.c
2 issues
syntax error
Error

Line: 22 

              	DECLARE_LIBBPF_OPTS(bpf_test_run_opts, opts,
			    .ctx_in = args,
			    .ctx_size_in = sizeof(args),
			    .flags = BPF_F_TEST_RUN_ON_CPU,
		);

	err = parse_cpu_mask_file("/sys/devices/system/cpu/online", &online,
				  &nr_online);
	if (CHECK(err, "parse_cpu_mask_file", "err %d\n", err))

Reported by Cppcheck.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 38 Column: 12 CWE codes: 362 

              	if (CHECK(err, "skel_attach", "skeleton attach failed: %d\n", err))
		goto cleanup;

	comm_fd = open("/proc/self/comm", O_WRONLY|O_TRUNC);
	if (CHECK(comm_fd < 0, "open /proc/self/comm", "err %d\n", errno))
		goto cleanup;

	err = write(comm_fd, buf, sizeof(buf));
	CHECK(err < 0, "task rename", "err %d", errno);

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/raw_tp_writable_test_run.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 9 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              void test_raw_tp_writable_test_run(void)
{
	__u32 duration = 0;
	char error[4096];

	const struct bpf_insn trace_program[] = {
		BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 0),
		BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
		BPF_MOV64_IMM(BPF_REG_0, 42),

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 55 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		  "failed: %d errno %d\n", tp_fd, errno))
		goto out_filterfd;

	char test_skb[128] = {
		0,
	};

	__u32 prog_ret;
	int err = bpf_prog_test_run(filter_fd, 1, test_skb, sizeof(test_skb), 0,

Reported by FlawFinder.