The following issues were found

samples/bpf/test_overhead_tp_kern.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 14 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct task_rename {
	__u64 pad;
	__u32 pid;
	char oldcomm[16];
	char newcomm[16];
	__u16 oom_score_adj;
};
SEC("tracepoint/task/task_rename")
int prog(struct task_rename *ctx)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 15 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	__u64 pad;
	__u32 pid;
	char oldcomm[16];
	char newcomm[16];
	__u16 oom_score_adj;
};
SEC("tracepoint/task/task_rename")
int prog(struct task_rename *ctx)
{

Reported by FlawFinder.

net/sched/act_bpf.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 109 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (nla == NULL)
		return -EMSGSIZE;

	memcpy(nla_data(nla), prog->bpf_ops, nla_len(nla));

	return 0;
}

static int tcf_bpf_dump_ebpf_info(const struct tcf_bpf *prog,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 130 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (nla == NULL)
		return -EMSGSIZE;

	memcpy(nla_data(nla), prog->filter->tag, nla_len(nla));

	return 0;
}

static int tcf_bpf_dump(struct sk_buff *skb, struct tc_action *act,

Reported by FlawFinder.

samples/bpf/test_cgrp2_tc_kern.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
/* copy of 'struct ethhdr' without __packed */
struct eth_hdr {
	unsigned char   h_dest[ETH_ALEN];
	unsigned char   h_source[ETH_ALEN];
	unsigned short  h_proto;
};

#define PIN_GLOBAL_NS		2

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 18 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              /* copy of 'struct ethhdr' without __packed */
struct eth_hdr {
	unsigned char   h_dest[ETH_ALEN];
	unsigned char   h_source[ETH_ALEN];
	unsigned short  h_proto;
};

#define PIN_GLOBAL_NS		2
struct bpf_elf_map {

Reported by FlawFinder.

samples/bpf/test_cgrp2_sock2.c
2 issues
atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 46 Column: 15 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              		return usage(argv[0]);

	if (argc > 3)
		filter_id = atoi(argv[3]);

	cg_fd = open(argv[1], O_DIRECTORY | O_RDONLY);
	if (cg_fd < 0) {
		printf("Failed to open cgroup path: '%s'\n", strerror(errno));
		return ret;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 48 Column: 10 CWE codes: 362 

              	if (argc > 3)
		filter_id = atoi(argv[3]);

	cg_fd = open(argv[1], O_DIRECTORY | O_RDONLY);
	if (cg_fd < 0) {
		printf("Failed to open cgroup path: '%s'\n", strerror(errno));
		return ret;
	}

Reported by FlawFinder.

sound/drivers/pcsp/pcsp_mixer.c
2 issues
sprintf - Does not check for buffer overflows
Security

Line: 54 Column: 2 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

              	uinfo->value.enumerated.items = chip->max_treble + 1;
	if (uinfo->value.enumerated.item > chip->max_treble)
		uinfo->value.enumerated.item = chip->max_treble;
	sprintf(uinfo->value.enumerated.name, "%lu",
		(unsigned long)PCSP_CALC_RATE(uinfo->value.enumerated.item));
	return 0;
}

static int pcsp_treble_get(struct snd_kcontrol *kcontrol,

Reported by FlawFinder.

strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 161 Column: 2 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              	if (err < 0)
		return err;

	strcpy(card->mixername, "PC-Speaker");

	return 0;
}

Reported by FlawFinder.

samples/bpf/test_cgrp2_array_pin.c
2 issues
getopt - Some older implementations do not protect against internal buffer overflows
Security

Line: 35 Column: 16 CWE codes: 120 20
Suggestion: Check implementation on installation, or limit the size of all string inputs 

              	int ret = -1;
	int opt;

	while ((opt = getopt(argc, argv, "F:U:v:")) != -1) {
		switch (opt) {
		/* General args */
		case 'F':
			pinned_file = optarg;
			break;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 59 Column: 11 CWE codes: 362 

              		goto out;
	}

	cg2_fd = open(cg2, O_RDONLY);
	if (cg2_fd < 0) {
		fprintf(stderr, "open(%s,...): %s(%d)\n",
			cg2, strerror(errno), errno);
		goto out;
	}

Reported by FlawFinder.

net/sched/act_api.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 950 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct nlattr *tb[TCA_ACT_MAX + 1];
	struct tc_action_ops *a_o;
	char act_name[IFNAMSIZ];
	struct nlattr *kind;
	int err;

	if (name == NULL) {
		err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla,

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1684 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		nla_nest_end(skb, nest);
		ret = skb->len;
		act_count = cb->args[1];
		memcpy(nla_data(count_attr), &act_count, sizeof(u32));
		cb->args[1] = 0;
	} else
		nlmsg_trim(skb, b);

	nlh->nlmsg_len = skb_tail_pointer(skb) - b;

Reported by FlawFinder.

scripts/sorttable.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 93 Column: 1 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
#define ERRSTR_MAXSZ	256

char g_err[ERRSTR_MAXSZ];
int *g_orc_ip_table;
struct orc_entry *g_orc_table;

pthread_t orc_sort_thread;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 163 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		idxs[i] = i;
		tmp_orc_ip_table[i] = g_orc_ip_table[i] + i * sizeof(int);
	}
	memcpy(tmp_orc_table, g_orc_table, orc_size);

	qsort(idxs, num_entries, sizeof(int), orc_sort_cmp);

	for (i = 0; i < num_entries; i++) {
		if (idxs[i] == i)

Reported by FlawFinder.

sound/firewire/amdtp-stream-trace.h
2 issues
Syntax Error: AST broken, 'if' doesn't have two operands.
Error

Line: 44 

              			__entry->src = fw_parent_device(s->unit)->card->node_id;
			__entry->dest = fw_parent_device(s->unit)->node_id;
		}
		if (cip_header) {
			memcpy(__get_dynamic_array(cip_header), cip_header,
			       __get_dynamic_array_len(cip_header));
		}
		__entry->payload_quadlets = payload_length / sizeof(__be32);
		__entry->data_blocks = data_blocks;

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 45 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			__entry->dest = fw_parent_device(s->unit)->node_id;
		}
		if (cip_header) {
			memcpy(__get_dynamic_array(cip_header), cip_header,
			       __get_dynamic_array_len(cip_header));
		}
		__entry->payload_quadlets = payload_length / sizeof(__be32);
		__entry->data_blocks = data_blocks;
		__entry->data_block_counter = data_block_counter,

Reported by FlawFinder.

sound/firewire/bebob/bebob_command.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 95 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              avc_bridgeco_fill_extension_addr(u8 *buf, u8 *addr)
{
	buf[1] = addr[0];
	memcpy(buf + 4, addr + 1, 5);
}

static inline void
avc_bridgeco_fill_plug_info_extension_command(u8 *buf, u8 *addr,
					      unsigned int itype)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 282 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	if (err < 0)
		goto end;

	memcpy(input, buf + 10, 5);
	err = 0;
end:
	kfree(buf);
	return err;
}

Reported by FlawFinder.