The following issues were found

tools/testing/selftests/bpf/prog_tests/test_bprm_opts.c
2 issues
execle - This causes a new program to execute and is difficult to use safely
Security

Line: 69 Column: 3 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              		 * If the value of TMPDIR is set, the bash command returns 10
		 * and if the value is unset, it returns 20.
		 */
		execle("/bin/bash", "bash", "-c",
		       "[[ -z \"${TMPDIR}\" ]] || exit 10 && exit 20", NULL,
		       bash_envp);
		exit(errno);
	} else if (child_pid > 0) {
		waitpid(child_pid, &child_status, 0);

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 46 Column: 13 CWE codes: 362 

              
	child_pid = fork();
	if (child_pid == 0) {
		null_fd = open("/dev/null", O_WRONLY);
		if (null_fd == -1)
			exit(errno);
		dup2(null_fd, STDOUT_FILENO);
		dup2(null_fd, STDERR_FILENO);
		close(null_fd);

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/test_global_funcs.c
2 issues
vprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 15 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

              
	if (level != LIBBPF_WARN ||
	    strcmp(format, "libbpf: \n%s\n")) {
		vprintf(format, args);
		return 0;
	}

	log_buf = va_arg(args, char *);
	if (!log_buf)

Reported by FlawFinder.

printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 25 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	if (err_str && strstr(log_buf, err_str) == 0)
		found = true;
out:
	printf(format, log_buf);
	return 0;
}

extern int extra_prog_load_log_flags;

Reported by FlawFinder.

tools/bpf/bpftool/xlated_dumper.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 13 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
struct kernel_sym {
	unsigned long address;
	char name[SYM_MAX_NAME];
};

struct dump_data {
	unsigned long address_call_base;
	struct kernel_sym *sym_mapping;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 26 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	void *func_info;
	__u32 finfo_rec_size;
	const struct bpf_prog_linfo *prog_linfo;
	char scratch_buff[SYM_MAX_NAME + 8];
};

void kernel_syms_load(struct dump_data *dd);
void kernel_syms_destroy(struct dump_data *dd);
struct kernel_sym *kernel_syms_search(struct dump_data *dd, unsigned long key);

Reported by FlawFinder.

tools/perf/tests/cpumap.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 103 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int cpu_map_print(const char *str)
{
	struct perf_cpu_map *map = perf_cpu_map__new(str);
	char buf[100];

	if (!map)
		return -1;

	cpu_map__snprint(map, buf, sizeof(buf));

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 131 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct perf_cpu_map *a = perf_cpu_map__new("4,2,1");
	struct perf_cpu_map *b = perf_cpu_map__new("4,5,7");
	struct perf_cpu_map *c = perf_cpu_map__merge(a, b);
	char buf[100];

	TEST_ASSERT_VAL("failed to merge map: bad nr", c->nr == 5);
	cpu_map__snprint(c, buf, sizeof(buf));
	TEST_ASSERT_VAL("failed to merge map: bad result", !strcmp(buf, "1-2,4-5,7"));
	perf_cpu_map__put(b);

Reported by FlawFinder.

tools/perf/util/trace-event-parse.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 152 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              void parse_saved_cmdline(struct tep_handle *pevent,
			 char *file, unsigned int size __maybe_unused)
{
	char comm[17]; /* Max comm length in the kernel is 16. */
	char *line;
	char *next = NULL;
	int pid;

	line = strtok_r(file, "\n", &next);

Reported by FlawFinder.

sscanf - It's unclear if the %s limit in the format string is small enough
Security

Line: 159 Column: 7 CWE codes: 120
Suggestion: Check that the limit is sufficiently small, or use a different input function 

              
	line = strtok_r(file, "\n", &next);
	while (line) {
		if (sscanf(line, "%d %16s", &pid, comm) == 2)
			tep_register_comm(pevent, comm, pid);
		line = strtok_r(NULL, "\n", &next);
	}
}

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/test_overhead.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 24 Column: 7 CWE codes: 362 

              	char buf[] = "test_overhead";
	__u64 start_time;

	fd = open("/proc/self/comm", O_WRONLY|O_TRUNC);
	if (CHECK(fd < 0, "open /proc", "err %d", errno))
		return -1;
	start_time = time_get_ns();
	for (i = 0; i < MAX_CNT; i++) {
		err = write(fd, buf, sizeof(buf));

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 70 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	struct bpf_object *obj;
	struct bpf_link *link;
	int err, duration = 0;
	char comm[16] = {};

	if (CHECK_FAIL(prctl(PR_GET_NAME, comm, 0L, 0L, 0L)))
		return;

	obj = bpf_object__open_file("./test_overhead.o", NULL);

Reported by FlawFinder.

tools/lib/traceevent/trace-seq.h
2 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 43 Column: 26 CWE codes: 134
Suggestion: Use a constant for the format specification 

              void trace_seq_destroy(struct trace_seq *s);

extern int trace_seq_printf(struct trace_seq *s, const char *fmt, ...)
	__attribute__ ((format (printf, 2, 3)));
extern int trace_seq_vprintf(struct trace_seq *s, const char *fmt, va_list args)
	__attribute__ ((format (printf, 2, 0)));

extern int trace_seq_puts(struct trace_seq *s, const char *str);
extern int trace_seq_putc(struct trace_seq *s, unsigned char c);

Reported by FlawFinder.

printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 45 Column: 26 CWE codes: 134
Suggestion: Use a constant for the format specification 

              extern int trace_seq_printf(struct trace_seq *s, const char *fmt, ...)
	__attribute__ ((format (printf, 2, 3)));
extern int trace_seq_vprintf(struct trace_seq *s, const char *fmt, va_list args)
	__attribute__ ((format (printf, 2, 0)));

extern int trace_seq_puts(struct trace_seq *s, const char *str);
extern int trace_seq_putc(struct trace_seq *s, unsigned char c);

extern void trace_seq_terminate(struct trace_seq *s);

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/trace_printk.c
2 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 37 Column: 7 CWE codes: 362 

              	if (CHECK(err, "skel_attach", "skeleton attach failed: %d\n", err))
		goto cleanup;

	fp = fopen(TRACEBUF, "r");
	if (CHECK(fp == NULL, "could not open trace buffer",
		  "error %d opening %s", errno, TRACEBUF))
		goto cleanup;

	/* We do not want to wait forever if this test fails... */

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 46 Column: 2 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              	fcntl(fileno(fp), F_SETFL, O_NONBLOCK);

	/* wait for tracepoint to trigger */
	usleep(1);
	trace_printk__detach(skel);

	if (CHECK(bss->trace_printk_ran == 0,
		  "bpf_trace_printk never ran",
		  "ran == %d", bss->trace_printk_ran))

Reported by FlawFinder.

tools/testing/selftests/bpf/prog_tests/trampoline_count.c
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 20 Column: 7 CWE codes: 362 

              	int fd, duration = 0, err;
	char buf[] = "test_overhead";

	fd = open("/proc/self/comm", O_WRONLY|O_TRUNC);
	if (CHECK(fd < 0, "open /proc", "err %d", errno))
		return -1;
	err = write(fd, buf, sizeof(buf));
	if (err < 0) {
		CHECK(err < 0, "task rename", "err %d", errno);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 53 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int err, i = 0, duration = 0;
	struct bpf_object *obj;
	struct bpf_link *link;
	char comm[16] = {};

	/* attach 'allowed' trampoline programs */
	for (i = 0; i < MAX_TRAMP_PROGS; i++) {
		obj = bpf_object__open_file(object, NULL);
		if (!ASSERT_OK_PTR(obj, "obj_open_file")) {

Reported by FlawFinder.

tools/lib/subcmd/subcmd-util.h
2 issues
vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 14 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              static inline void report(const char *prefix, const char *err, va_list params)
{
	char msg[1024];
	vsnprintf(msg, sizeof(msg), err, params);
	fprintf(stderr, " %s%s\n", prefix, msg);
}

static NORETURN inline void die(const char *err, ...)
{

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 13 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static inline void report(const char *prefix, const char *err, va_list params)
{
	char msg[1024];
	vsnprintf(msg, sizeof(msg), err, params);
	fprintf(stderr, " %s%s\n", prefix, msg);
}

static NORETURN inline void die(const char *err, ...)

Reported by FlawFinder.