The following issues were found
tools/lib/perf/include/internal/tests.h
2 issues
Line: 61
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
fputc('\n', stderr); \
tests_verbose++; \
} \
fprintf(stderr, ##__VA_ARGS__); \
} \
} while (0)
#endif /* __LIBPERF_INTERNAL_TESTS_H */
Reported by FlawFinder.
Line: 16
Column: 14
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
int c;
int verbose = 0;
while ((c = getopt(argc, argv, "v")) != -1) {
switch (c)
{
case 'v':
verbose = 1;
break;
Reported by FlawFinder.
tools/perf/builtin-buildid-list.c
2 issues
Line: 25
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int sysfs__fprintf_build_id(FILE *fp)
{
char sbuild_id[SBUILD_ID_SIZE];
int ret;
ret = sysfs__sprintf_build_id("/", sbuild_id);
if (ret != sizeof(sbuild_id))
return ret < 0 ? ret : -EINVAL;
Reported by FlawFinder.
Line: 37
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int filename__fprintf_build_id(const char *name, FILE *fp)
{
char sbuild_id[SBUILD_ID_SIZE];
int ret;
ret = filename__sprintf_build_id(name, sbuild_id);
if (ret != sizeof(sbuild_id))
return ret < 0 ? ret : -EINVAL;
Reported by FlawFinder.
tools/perf/arch/x86/util/mem-events.c
2 issues
Line: 6
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "map_symbol.h"
#include "mem-events.h"
static char mem_loads_name[100];
static bool mem_loads_name__init;
static char mem_stores_name[100];
#define MEM_LOADS_AUX 0x8203
#define MEM_LOADS_AUX_NAME "{%s/mem-loads-aux/,%s/mem-loads,ldlat=%u/}:P"
Reported by FlawFinder.
Line: 8
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char mem_loads_name[100];
static bool mem_loads_name__init;
static char mem_stores_name[100];
#define MEM_LOADS_AUX 0x8203
#define MEM_LOADS_AUX_NAME "{%s/mem-loads-aux/,%s/mem-loads,ldlat=%u/}:P"
#define E(t, n, s) { .tag = t, .name = n, .sysfs_name = s }
Reported by FlawFinder.
tools/lib/bpf/nlattr.h
2 issues
Line: 62
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ifinfomsg ifinfo;
struct tcmsg tc;
};
char buf[128];
};
/**
* @ingroup attr
* Iterate over a stream of attributes
Reported by FlawFinder.
Line: 143
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nla->nla_type = type;
nla->nla_len = NLA_HDRLEN + len;
if (data)
memcpy(nla_data(nla), data, len);
req->nh.nlmsg_len = NLMSG_ALIGN(req->nh.nlmsg_len) + NLA_ALIGN(nla->nla_len);
return 0;
}
static inline struct nlattr *nlattr_begin_nested(struct libbpf_nla_req *req, int type)
Reported by FlawFinder.
tools/perf/util/dsos.c
2 issues
Line: 115
CWE codes:
476
struct rb_node *parent = NULL;
if (!name)
name = dso->long_name;
/*
* Find node with the matching name
*/
while (*p) {
struct dso *this = rb_entry(*p, struct dso, rb_node);
Reported by Cppcheck.
Line: 290
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t ret = 0;
list_for_each_entry(pos, head, node) {
char sbuild_id[SBUILD_ID_SIZE];
if (skip && skip(pos, parm))
continue;
build_id__sprintf(&pos->bid, sbuild_id);
ret += fprintf(fp, "%-40s %s\n", sbuild_id, pos->long_name);
Reported by FlawFinder.
tools/lib/bpf/bpf_prog_linfo.c
2 issues
Line: 130
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prog_linfo->raw_linfo = malloc(data_sz);
if (!prog_linfo->raw_linfo)
goto err_free;
memcpy(prog_linfo->raw_linfo, (void *)(long)info->line_info, data_sz);
nr_jited_func = info->nr_jited_ksyms;
if (!nr_jited_func ||
!info->jited_line_info ||
info->nr_jited_line_info != nr_linfo ||
Reported by FlawFinder.
Line: 150
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prog_linfo->raw_jited_linfo = malloc(data_sz);
if (!prog_linfo->raw_jited_linfo)
goto err_free;
memcpy(prog_linfo->raw_jited_linfo,
(void *)(long)info->jited_line_info, data_sz);
/* Number of jited_line_info per jited func */
prog_linfo->nr_jited_linfo_per_func = malloc(nr_jited_func *
sizeof(__u32));
Reported by FlawFinder.
tools/perf/arch/arm/util/auxtrace.c
2 issues
Line: 33
Column: 9
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
}
for (i = 0; i < nr_cpus; i++) {
ret = sprintf(arm_spe_pmu_name, "%s%d", ARM_SPE_PMU_NAME, i);
if (ret < 0) {
pr_err("sprintf failed\n");
*err = -ENOMEM;
return NULL;
}
Reported by FlawFinder.
Line: 23
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_pmu **arm_spe_pmus = NULL;
int ret, i, nr_cpus = sysconf(_SC_NPROCESSORS_CONF);
/* arm_spe_xxxxxxxxx\0 */
char arm_spe_pmu_name[sizeof(ARM_SPE_PMU_NAME) + 10];
arm_spe_pmus = zalloc(sizeof(struct perf_pmu *) * nr_cpus);
if (!arm_spe_pmus) {
pr_err("spes alloc failed\n");
*err = -ENOMEM;
Reported by FlawFinder.
tools/perf/util/levenshtein.c
2 issues
Line: 47
Column: 13
CWE codes:
126
int levenshtein(const char *string1, const char *string2,
int w, int s, int a, int d)
{
int len1 = strlen(string1), len2 = strlen(string2);
int *row0 = malloc(sizeof(int) * (len2 + 1));
int *row1 = malloc(sizeof(int) * (len2 + 1));
int *row2 = malloc(sizeof(int) * (len2 + 1));
int i, j;
Reported by FlawFinder.
Line: 47
Column: 37
CWE codes:
126
int levenshtein(const char *string1, const char *string2,
int w, int s, int a, int d)
{
int len1 = strlen(string1), len2 = strlen(string2);
int *row0 = malloc(sizeof(int) * (len2 + 1));
int *row1 = malloc(sizeof(int) * (len2 + 1));
int *row2 = malloc(sizeof(int) * (len2 + 1));
int i, j;
Reported by FlawFinder.
tools/perf/util/env.c
2 issues
Line: 375
char *arch_name;
if (!env || !env->arch) { /* Assume local operation */
static struct utsname uts = { .machine[0] = '\0', };
if (uts.machine[0] == '\0' && uname(&uts) < 0)
return NULL;
arch_name = uts.machine;
} else
arch_name = env->arch;
Reported by Cppcheck.
Line: 289
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int perf_env__read_cpuid(struct perf_env *env)
{
char cpuid[128];
int err = get_cpuid(cpuid, sizeof(cpuid));
if (err)
return err;
Reported by FlawFinder.
tools/testing/selftests/bpf/progs/kfree_skb.c
2 issues
Line: 47
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* order of the fields doesn't matter */
refcount_t users;
unsigned char *data;
char __pkt_type_offset[0];
char cb[48];
};
struct meta {
int ifindex;
Reported by FlawFinder.
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
refcount_t users;
unsigned char *data;
char __pkt_type_offset[0];
char cb[48];
};
struct meta {
int ifindex;
__u32 cb32_0;
Reported by FlawFinder.