The following issues were found

tools/perf/tests/mem.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 13 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int check(union perf_mem_data_src data_src,
		  const char *string)
{
	char out[100];
	char failure[100];
	struct mem_info mi = { .data_src = data_src };

	int n;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 14 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		  const char *string)
{
	char out[100];
	char failure[100];
	struct mem_info mi = { .data_src = data_src };

	int n;

	n = perf_mem__snp_scnprintf(out, sizeof out, &mi);

Reported by FlawFinder.

tools/include/uapi/drm/i915_drm.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 2207 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               */
struct drm_i915_perf_oa_config {
	/** String formatted like "%08x-%04x-%04x-%04x-%012x" */
	char uuid[36];

	__u32 n_mux_regs;
	__u32 n_boolean_regs;
	__u32 n_flex_regs;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 2445 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		 *
		 * String formatted like "%08x-%04x-%04x-%04x-%012x"
		 */
		char uuid[36];
	};

	/*
	 * Unused for now. Must be cleared to zero.
	 */

Reported by FlawFinder.

tools/power/cpupower/bench/main.c
2 issues
getopt_long - Some older implementations do not protect against internal buffer overflows
Security

Line: 75 Column: 7 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              		return EXIT_FAILURE;

	while (1) {
		c = getopt_long (argc, argv, "hg:o:s:l:vc:p:f:n:r:x:y:",
				long_options, &option_index);
		if (c == -1)
			break;

		switch (c) {

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 105 Column: 4 CWE codes: 120 

              			dprintf("user cpu -> %s\n", optarg);
			break;
		case 'g':
			strncpy(config->governor, optarg, 14);
			dprintf("user governor -> %s\n", optarg);
			break;
		case 'p':
			if (string_to_prio(optarg) != SCHED_ERR) {
				config->prio = string_to_prio(optarg);

Reported by FlawFinder.

tools/power/cpupower/bench/benchmark.c
2 issues
usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 127 Column: 4 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		/* do some sleep/load cycles with the performance governor */
		for (cycle = 0; cycle < config->cycles; cycle++) {
			now = get_time();
			usleep(sleep_time);
			ROUNDS(calculations);
			then = get_time();
			performance_time += then - now - sleep_time;
			if (config->verbose)
				printf("performance cycle took %lius, "

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 153 Column: 4 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              		 * powersave governor */
		for (cycle = 0; cycle < config->cycles; cycle++) {
			now = get_time();
			usleep(sleep_time);
			ROUNDS(calculations);
			then = get_time();
			powersave_time += then - now - sleep_time;
			if (config->verbose)
				printf("powersave cycle took %lius, "

Reported by FlawFinder.

tools/power/acpi/os_specific/service_layers/osunixmap.c
2 issues
There is an unknown macro here somewhere. Configuration is required. If ACPI_MODULE_NAME is a macro then please configure it.
Error

Line: 18 

              #endif

#define _COMPONENT          ACPI_OS_SERVICES
ACPI_MODULE_NAME("osunixmap")

#ifndef O_BINARY
#define O_BINARY 0
#endif
#if defined(_dragon_fly) || defined(_free_BSD) || defined(_QNX)

Reported by Cppcheck.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 70 Column: 7 CWE codes: 362 

              	acpi_size page_size;
	int fd;

	fd = open(SYSTEM_MEMORY, O_RDONLY | O_BINARY);
	if (fd < 0) {
		fprintf(stderr, "Cannot open %s\n", SYSTEM_MEMORY);
		return (NULL);
	}

Reported by FlawFinder.

tools/pcmcia/crc32hash.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 30 Column: 27 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		printf("no string passed as argument\n");
		return -1;
	}
	result = crc32((unsigned char const *)argv[1], strlen(argv[1]));
	printf("0x%x\n", result);
	return 0;
}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 30 Column: 49 CWE codes: 126 

              		printf("no string passed as argument\n");
		return -1;
	}
	result = crc32((unsigned char const *)argv[1], strlen(argv[1]));
	printf("0x%x\n", result);
	return 0;
}

Reported by FlawFinder.

tools/lib/vsprintf.c
2 issues
vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 8 Column: 16 CWE codes: 134
Suggestion: Use a constant for the format specification 

              
int vscnprintf(char *buf, size_t size, const char *fmt, va_list args)
{
       int i = vsnprintf(buf, size, fmt, args);
       ssize_t ssize = size;

       return (i >= ssize) ? (ssize - 1) : i;
}

Reported by FlawFinder.

vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 21 Column: 12 CWE codes: 134
Suggestion: Use a constant for the format specification 

                     int i;

       va_start(args, fmt);
       i = vsnprintf(buf, size, fmt, args);
       va_end(args);

       return (i >= ssize) ? (ssize - 1) : i;
}

Reported by FlawFinder.

tools/bpf/runqslower/runqslower.c
2 issues
vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 88 Column: 9 CWE codes: 134
Suggestion: Use a constant for the format specification 

              {
	if (level == LIBBPF_DEBUG && !env.verbose)
		return 0;
	return vfprintf(stderr, format, args);
}

static int bump_memlock_rlimit(void)
{
	struct rlimit rlim_new = {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 105 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	const struct event *e = data;
	struct tm *tm;
	char ts[32];
	time_t t;

	time(&t);
	tm = localtime(&t);
	strftime(ts, sizeof(ts), "%H:%M:%S", tm);

Reported by FlawFinder.

tools/perf/arch/arm/tests/dwarf-unwind.c
2 issues
Memory leak: buf
Error

Line: 42 CWE codes: 401 

              	memcpy(buf, (void *) sp, stack_size);
	stack->data = (char *) buf;
	stack->size = stack_size;
	return 0;
}

int test__arch_unwind_sample(struct perf_sample *sample,
			     struct thread *thread)
{

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 39 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	stack_size = map->end - sp;
	stack_size = stack_size > STACK_SIZE ? STACK_SIZE : stack_size;

	memcpy(buf, (void *) sp, stack_size);
	stack->data = (char *) buf;
	stack->size = stack_size;
	return 0;
}

Reported by FlawFinder.

tools/perf/tests/dwarf-unwind.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 60 Column: 15 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	unsigned long *cnt = (unsigned long *) arg;
	char *symbol = entry->ms.sym ? entry->ms.sym->name : NULL;
	static const char *funcs[MAX_STACK] = {
		"test__arch_unwind_sample",
		"test_dwarf_unwind__thread",
		"test_dwarf_unwind__compare",
		"bsearch",
		"test_dwarf_unwind__krava_3",

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 91 Column: 23 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	(*cnt)++;
	pr_debug("got: %s 0x%" PRIx64 ", expecting %s\n",
		 symbol, entry->ip, funcs[idx]);
	return strcmp((const char *) symbol, funcs[idx]);
}

noinline int test_dwarf_unwind__thread(struct thread *thread)
{
	struct perf_sample sample;

Reported by FlawFinder.