The following issues were found
samples/bpf/tracex5_user.c
2 issues
Line: 89
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
install_accept_all_seccomp();
f = popen("dd if=/dev/zero of=/dev/null count=5", "r");
(void) f;
read_trace_pipe();
cleanup:
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bpf_object *obj;
int key, fd, progs_fd;
const char *section;
char filename[256];
FILE *f;
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
obj = bpf_object__open_file(filename, NULL);
if (libbpf_get_error(obj)) {
Reported by FlawFinder.
sound/core/memory.c
2 issues
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(__i386__) || defined(CONFIG_SPARC32)
return copy_to_user(dst, (const void __force*)src, count) ? -EFAULT : 0;
#else
char buf[256];
while (count) {
size_t c = count;
if (c > sizeof(buf))
c = sizeof(buf);
memcpy_fromio(buf, (void __iomem *)src, c);
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(__i386__) || defined(CONFIG_SPARC32)
return copy_from_user((void __force *)dst, src, count) ? -EFAULT : 0;
#else
char buf[256];
while (count) {
size_t c = count;
if (c > sizeof(buf))
c = sizeof(buf);
if (copy_from_user(buf, src, c))
Reported by FlawFinder.
sound/core/misc.c
2 issues
Line: 76
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Ignore KERN_CONT. We print filename:line for each piece. */
if (kern_level >= '0' && kern_level <= '7') {
memcpy(verbose_fmt, vaf.fmt, end_of_header - vaf.fmt);
level_found = true;
}
vaf.fmt = end_of_header;
}
Reported by FlawFinder.
Line: 84
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (!level_found && level)
memcpy(verbose_fmt, KERN_DEBUG, sizeof(KERN_DEBUG) - 1);
printk(verbose_fmt, sanity_file_name(path), line, &vaf);
#else
vprintk(format, args);
#endif
Reported by FlawFinder.
sound/core/oss/linear.c
2 issues
Line: 48
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int tmp = 0;
unsigned char *p = (unsigned char *)&tmp;
memcpy(p + data->copy_ofs, src + data->src_ofs, data->copy_bytes);
if (data->cvt_endian)
tmp = swab32(tmp);
tmp ^= data->flip;
memcpy(dst, p + data->dst_ofs, data->dst_bytes);
}
Reported by FlawFinder.
Line: 52
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (data->cvt_endian)
tmp = swab32(tmp);
tmp ^= data->flip;
memcpy(dst, p + data->dst_ofs, data->dst_bytes);
}
static void convert(struct snd_pcm_plugin *plugin,
const struct snd_pcm_plugin_channel *src_channels,
struct snd_pcm_plugin_channel *dst_channels,
Reported by FlawFinder.
sound/core/oss/mulaw.c
2 issues
Line: 164
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sample = swab16(sample);
if (data->native_bytes > data->copy_bytes)
memset(dst, 0, data->native_bytes);
memcpy(dst + data->native_ofs, (char *)&sample + data->copy_ofs,
data->copy_bytes);
}
static void mulaw_decode(struct snd_pcm_plugin *plugin,
const struct snd_pcm_plugin_channel *src_channels,
Reported by FlawFinder.
Line: 206
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned char *src)
{
u16 sample = 0;
memcpy((char *)&sample + data->copy_ofs, src + data->native_ofs,
data->copy_bytes);
if (data->cvt_endian)
sample = swab16(sample);
sample ^= data->flip;
return (signed short)sample;
Reported by FlawFinder.
samples/bpf/tracex1_user.c
2 issues
Line: 41
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
goto cleanup;
}
f = popen("taskset 1 ping -c5 localhost", "r");
(void) f;
read_trace_pipe();
cleanup:
Reported by FlawFinder.
Line: 12
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct bpf_link *link = NULL;
struct bpf_program *prog;
struct bpf_object *obj;
char filename[256];
FILE *f;
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
obj = bpf_object__open_file(filename, NULL);
if (libbpf_get_error(obj)) {
Reported by FlawFinder.
samples/bpf/tracex1_kern.c
2 issues
Line: 26
* Number of arguments and their positions can change, etc.
* In such case this bpf+kprobe example will no longer be meaningful
*/
SEC("kprobe/__netif_receive_skb_core")
int bpf_prog1(struct pt_regs *ctx)
{
/* attaches to kprobe __netif_receive_skb_core,
* looks for packets on loobpack device and prints them
*/
Reported by Cppcheck.
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* attaches to kprobe __netif_receive_skb_core,
* looks for packets on loobpack device and prints them
*/
char devname[IFNAMSIZ];
struct net_device *dev;
struct sk_buff *skb;
int len;
/* non-portable! works for the given kernel only */
Reported by FlawFinder.
samples/bpf/trace_output_user.c
2 issues
Line: 95
Column: 6
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return 1;
}
f = popen("taskset 1 dd if=/dev/zero of=/dev/null", "r");
(void) f;
start_time = time_get_ns();
while ((ret = perf_buffer__poll(pb, 1000)) >= 0 && cnt < MAX_CNT) {
}
Reported by FlawFinder.
Line: 52
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct perf_buffer *pb;
struct bpf_object *obj;
int map_fd, ret = 0;
char filename[256];
FILE *f;
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
obj = bpf_object__open_file(filename, NULL);
if (libbpf_get_error(obj)) {
Reported by FlawFinder.
sound/core/pcm_param_trace.h
2 issues
Line: 50
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->type = type;
__entry->index = index;
__entry->total = substream->runtime->hw_constraints.rules_num;
memcpy(__entry->prev_bits, prev->bits, sizeof(__u32) * 8);
memcpy(__entry->curr_bits, curr->bits, sizeof(__u32) * 8);
),
TP_printk("pcmC%dD%d%s:%d %03d/%03d %s %08x%08x%08x%08x %08x%08x%08x%08x",
__entry->card,
__entry->device,
Reported by FlawFinder.
Line: 51
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__entry->index = index;
__entry->total = substream->runtime->hw_constraints.rules_num;
memcpy(__entry->prev_bits, prev->bits, sizeof(__u32) * 8);
memcpy(__entry->curr_bits, curr->bits, sizeof(__u32) * 8);
),
TP_printk("pcmC%dD%d%s:%d %03d/%03d %s %08x%08x%08x%08x %08x%08x%08x%08x",
__entry->card,
__entry->device,
__entry->direction ? "c" : "p",
Reported by FlawFinder.
sound/core/rawmidi_compat.c
2 issues
Line: 17
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u32 avail_min;
unsigned int no_active_sensing; /* avoid bit-field */
unsigned int mode;
unsigned char reserved[12];
} __attribute__((packed));
static int snd_rawmidi_ioctl_params_compat(struct snd_rawmidi_file *rfile,
struct snd_rawmidi_params32 __user *src)
{
Reported by FlawFinder.
Line: 53
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
s64 tstamp_nsec;
u32 avail;
u32 xruns;
unsigned char reserved[16];
} __attribute__((packed));
static int snd_rawmidi_ioctl_status_compat64(struct snd_rawmidi_file *rfile,
struct compat_snd_rawmidi_status64 __user *src)
{
Reported by FlawFinder.