The following issues were found
tools/testing/selftests/timens/timerfd.c
2 issues
Line: 81
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char *argv[])
{
int ret, status, len, fd;
char buf[4096];
pid_t pid;
struct timespec btime_now, mtime_now;
nscheck();
Reported by FlawFinder.
Line: 100
Column: 7
CWE codes:
362
len = snprintf(buf, sizeof(buf), "%d %d 0\n%d %d 0",
CLOCK_MONOTONIC, 70 * 24 * 3600,
CLOCK_BOOTTIME, 9 * 24 * 3600);
fd = open("/proc/self/timens_offsets", O_WRONLY);
if (fd < 0)
return pr_perror("/proc/self/timens_offsets");
if (write(fd, buf, len) != len)
return pr_perror("/proc/self/timens_offsets");
Reported by FlawFinder.
tools/testing/selftests/timens/timer.c
2 issues
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int main(int argc, char *argv[])
{
int ret, status, len, fd;
char buf[4096];
pid_t pid;
struct timespec btime_now, mtime_now;
nscheck();
Reported by FlawFinder.
Line: 93
Column: 7
CWE codes:
362
len = snprintf(buf, sizeof(buf), "%d %d 0\n%d %d 0",
CLOCK_MONOTONIC, 70 * 24 * 3600,
CLOCK_BOOTTIME, 9 * 24 * 3600);
fd = open("/proc/self/timens_offsets", O_WRONLY);
if (fd < 0)
return pr_perror("/proc/self/timens_offsets");
if (write(fd, buf, len) != len)
return pr_perror("/proc/self/timens_offsets");
Reported by FlawFinder.
tools/testing/selftests/timens/timens.c
2 issues
Line: 66
Column: 15
CWE codes:
362
struct stat st1, st2;
if (parent_ns == -1) {
parent_ns = open(path, O_RDONLY);
if (parent_ns <= 0)
return pr_perror("Unable to open %s", path);
}
if (fstat(parent_ns, &st1))
Reported by FlawFinder.
Line: 77
Column: 13
CWE codes:
362
if (unshare_timens())
return -1;
child_ns = open(path, O_RDONLY);
if (child_ns <= 0)
return pr_perror("Unable to open %s", path);
if (fstat(child_ns, &st2))
return pr_perror("Unable to stat the timens");
Reported by FlawFinder.
tools/testing/selftests/x86/ldt_gdt.c
2 issues
Line: 656
Column: 3
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
pid_t child = fork();
if (child == 0) {
execl("/proc/self/exe", "ldt_gdt_test_exec", NULL);
printf("[FAIL]\tCould not exec self\n");
exit(1); /* exec failed */
} else {
int status;
if (waitpid(child, &status, 0) != child ||
Reported by FlawFinder.
Line: 478
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *handler; /* the real type is nasty */
unsigned long sa_flags;
void (*sa_restorer)(void);
unsigned char sigset[8];
};
static void fix_sa_restorer(int sig)
{
struct fake_ksigaction ksa;
Reported by FlawFinder.
tools/usb/usbip/src/usbip_network.h
2 issues
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define OP_REP_DEVINFO (OP_REPLY | OP_DEVINFO)
struct op_devinfo_request {
char busid[SYSFS_BUS_ID_SIZE];
} __attribute__((packed));
struct op_devinfo_reply {
struct usbip_usb_device udev;
struct usbip_usb_interface uinf[];
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define OP_REP_IMPORT (OP_REPLY | OP_IMPORT)
struct op_import_request {
char busid[SYSFS_BUS_ID_SIZE];
} __attribute__((packed));
struct op_import_reply {
struct usbip_usb_device udev;
// struct usbip_usb_interface uinf[];
Reported by FlawFinder.
tools/testing/selftests/vDSO/vdso_config.h
2 issues
Line: 62
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define VDSO_32BIT 1
#endif
static const char *versions[6] = {
"LINUX_2.6",
"LINUX_2.6.15",
"LINUX_2.6.29",
"LINUX_2.6.39",
"LINUX_4",
Reported by FlawFinder.
Line: 71
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
"LINUX_4.15",
};
static const char *names[2][6] = {
{
"__kernel_gettimeofday",
"__kernel_clock_gettime",
"__kernel_time",
"__kernel_clock_getres",
Reported by FlawFinder.
tools/thermal/tmon/tmon.h
2 issues
Line: 48
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct cdev_info {
char type[64];
int instance;
unsigned long max_state;
unsigned long cur_state;
unsigned long flag;
};
Reported by FlawFinder.
Line: 74
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* change at runtime.
*/
struct tz_info {
char type[256]; /* e.g. acpitz */
int instance;
int passive; /* active zone has passive node to force passive mode */
int nr_cdev; /* number of cooling device binded */
int nr_trip_pts;
struct trip_point tp[MAX_NR_TRIP];
Reported by FlawFinder.
tools/testing/selftests/x86/sysret_rip.c
2 issues
Line: 80
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
_exit(1);
}
memcpy(&ctx->uc_mcontext.gregs, &initial_regs, sizeof(gregset_t));
printf("[OK]\tGot SIGSEGV at RIP=0x%lx\n", rip);
}
static void sigusr1(int sig, siginfo_t *info, void *ctx_void)
Reported by FlawFinder.
Line: 89
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
ucontext_t *ctx = (ucontext_t*)ctx_void;
memcpy(&initial_regs, &ctx->uc_mcontext.gregs, sizeof(gregset_t));
/* Set IP and CX to match so that SYSRET can happen. */
ctx->uc_mcontext.gregs[REG_RIP] = rip;
ctx->uc_mcontext.gregs[REG_RCX] = rip;
Reported by FlawFinder.
arch/mips/sni/setup.c
2 issues
Line: 82
Column: 4
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
break;
}
if (baud)
strcpy(options, baud);
if (strncmp(cdev, "tty552", 6) == 0)
add_preferred_console("ttyS", port,
baud ? options : NULL);
else
add_preferred_console("ttySC", port,
Reported by FlawFinder.
Line: 65
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *cdev;
char *baud;
int port;
static char options[8] __initdata;
cdev = prom_getenv("console_dev");
if (strncmp(cdev, "tty", 3) == 0) {
ctype = prom_getenv("console");
switch (*ctype) {
Reported by FlawFinder.
arch/alpha/include/asm/core_wildfire.h
2 issues
Line: 15
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define WILDFIRE_NR_IRQS \
(WILDFIRE_MAX_QBB * WILDFIRE_PCA_PER_QBB * WILDFIRE_IRQ_PER_PCA)
extern unsigned char wildfire_hard_qbb_map[WILDFIRE_MAX_QBB];
extern unsigned char wildfire_soft_qbb_map[WILDFIRE_MAX_QBB];
#define QBB_MAP_EMPTY 0xff
extern unsigned long wildfire_hard_qbb_mask;
extern unsigned long wildfire_soft_qbb_mask;
Reported by FlawFinder.
Line: 16
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(WILDFIRE_MAX_QBB * WILDFIRE_PCA_PER_QBB * WILDFIRE_IRQ_PER_PCA)
extern unsigned char wildfire_hard_qbb_map[WILDFIRE_MAX_QBB];
extern unsigned char wildfire_soft_qbb_map[WILDFIRE_MAX_QBB];
#define QBB_MAP_EMPTY 0xff
extern unsigned long wildfire_hard_qbb_mask;
extern unsigned long wildfire_soft_qbb_mask;
extern unsigned long wildfire_gp_mask;
Reported by FlawFinder.