Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bluez-5.55/android/a2dp-sink.c
Examining data/bluez-5.55/android/a2dp-sink.h
Examining data/bluez-5.55/android/a2dp.c
Examining data/bluez-5.55/android/a2dp.h
Examining data/bluez-5.55/android/audio-msg.h
Examining data/bluez-5.55/android/audio_utils/resampler.c
Examining data/bluez-5.55/android/audio_utils/resampler.h
Examining data/bluez-5.55/android/avctp.c
Examining data/bluez-5.55/android/avctp.h
Examining data/bluez-5.55/android/avdtp.c
Examining data/bluez-5.55/android/avdtp.h
Examining data/bluez-5.55/android/avdtptest.c
Examining data/bluez-5.55/android/avrcp-lib.c
Examining data/bluez-5.55/android/avrcp-lib.h
Examining data/bluez-5.55/android/avrcp.c
Examining data/bluez-5.55/android/avrcp.h
Examining data/bluez-5.55/android/bluetooth.c
Examining data/bluez-5.55/android/bluetooth.h
Examining data/bluez-5.55/android/bluetoothd-snoop.c
Examining data/bluez-5.55/android/bluetoothd-wrapper.c
Examining data/bluez-5.55/android/client/haltest.c
Examining data/bluez-5.55/android/client/history.c
Examining data/bluez-5.55/android/client/history.h
Examining data/bluez-5.55/android/client/if-audio.c
Examining data/bluez-5.55/android/client/if-av-sink.c
Examining data/bluez-5.55/android/client/if-av.c
Examining data/bluez-5.55/android/client/if-bt.c
Examining data/bluez-5.55/android/client/if-gatt.c
Examining data/bluez-5.55/android/client/if-hf-client.c
Examining data/bluez-5.55/android/client/if-hf.c
Examining data/bluez-5.55/android/client/if-hh.c
Examining data/bluez-5.55/android/client/if-hl.c
Examining data/bluez-5.55/android/client/if-main.h
Examining data/bluez-5.55/android/client/if-mce.c
Examining data/bluez-5.55/android/client/if-pan.c
Examining data/bluez-5.55/android/client/if-rc-ctrl.c
Examining data/bluez-5.55/android/client/if-rc.c
Examining data/bluez-5.55/android/client/if-sco.c
Examining data/bluez-5.55/android/client/if-sock.c
Examining data/bluez-5.55/android/client/pollhandler.c
Examining data/bluez-5.55/android/client/pollhandler.h
Examining data/bluez-5.55/android/client/tabcompletion.c
Examining data/bluez-5.55/android/client/terminal.c
Examining data/bluez-5.55/android/client/terminal.h
Examining data/bluez-5.55/android/compat/readline/history.h
Examining data/bluez-5.55/android/compat/readline/readline.h
Examining data/bluez-5.55/android/compat/wordexp.h
Examining data/bluez-5.55/android/cutils/properties.h
Examining data/bluez-5.55/android/gatt.c
Examining data/bluez-5.55/android/gatt.h
Examining data/bluez-5.55/android/hal-a2dp-sink.c
Examining data/bluez-5.55/android/hal-a2dp.c
Examining data/bluez-5.55/android/hal-audio-aptx.c
Examining data/bluez-5.55/android/hal-audio-sbc.c
Examining data/bluez-5.55/android/hal-audio.c
Examining data/bluez-5.55/android/hal-audio.h
Examining data/bluez-5.55/android/hal-avrcp-ctrl.c
Examining data/bluez-5.55/android/hal-avrcp.c
Examining data/bluez-5.55/android/hal-bluetooth.c
Examining data/bluez-5.55/android/hal-gatt.c
Examining data/bluez-5.55/android/hal-handsfree-client.c
Examining data/bluez-5.55/android/hal-handsfree.c
Examining data/bluez-5.55/android/hal-health.c
Examining data/bluez-5.55/android/hal-hidhost.c
Examining data/bluez-5.55/android/hal-ipc.c
Examining data/bluez-5.55/android/hal-ipc.h
Examining data/bluez-5.55/android/hal-log.h
Examining data/bluez-5.55/android/hal-map-client.c
Examining data/bluez-5.55/android/hal-msg.h
Examining data/bluez-5.55/android/hal-pan.c
Examining data/bluez-5.55/android/hal-sco.c
Examining data/bluez-5.55/android/hal-socket.c
Examining data/bluez-5.55/android/hal-utils.c
Examining data/bluez-5.55/android/hal-utils.h
Examining data/bluez-5.55/android/hal.h
Examining data/bluez-5.55/android/handsfree-client.c
Examining data/bluez-5.55/android/handsfree-client.h
Examining data/bluez-5.55/android/handsfree.c
Examining data/bluez-5.55/android/handsfree.h
Examining data/bluez-5.55/android/hardware/audio.h
Examining data/bluez-5.55/android/hardware/audio_effect.h
Examining data/bluez-5.55/android/hardware/bluetooth.h
Examining data/bluez-5.55/android/hardware/bt_av.h
Examining data/bluez-5.55/android/hardware/bt_gatt.h
Examining data/bluez-5.55/android/hardware/bt_gatt_client.h
Examining data/bluez-5.55/android/hardware/bt_gatt_server.h
Examining data/bluez-5.55/android/hardware/bt_gatt_types.h
Examining data/bluez-5.55/android/hardware/bt_hf.h
Examining data/bluez-5.55/android/hardware/bt_hf_client.h
Examining data/bluez-5.55/android/hardware/bt_hh.h
Examining data/bluez-5.55/android/hardware/bt_hl.h
Examining data/bluez-5.55/android/hardware/bt_mce.h
Examining data/bluez-5.55/android/hardware/bt_pan.h
Examining data/bluez-5.55/android/hardware/bt_rc.h
Examining data/bluez-5.55/android/hardware/bt_sock.h
Examining data/bluez-5.55/android/hardware/hardware.c
Examining data/bluez-5.55/android/hardware/hardware.h
Examining data/bluez-5.55/android/health.c
Examining data/bluez-5.55/android/health.h
Examining data/bluez-5.55/android/hidhost.c
Examining data/bluez-5.55/android/hidhost.h
Examining data/bluez-5.55/android/ipc-common.h
Examining data/bluez-5.55/android/ipc-tester.c
Examining data/bluez-5.55/android/ipc.c
Examining data/bluez-5.55/android/ipc.h
Examining data/bluez-5.55/android/log.c
Examining data/bluez-5.55/android/main.c
Examining data/bluez-5.55/android/map-client.c
Examining data/bluez-5.55/android/map-client.h
Examining data/bluez-5.55/android/pan.c
Examining data/bluez-5.55/android/pan.h
Examining data/bluez-5.55/android/sco-msg.h
Examining data/bluez-5.55/android/sco.c
Examining data/bluez-5.55/android/sco.h
Examining data/bluez-5.55/android/socket.c
Examining data/bluez-5.55/android/socket.h
Examining data/bluez-5.55/android/system-emulator.c
Examining data/bluez-5.55/android/system/audio.h
Examining data/bluez-5.55/android/test-ipc.c
Examining data/bluez-5.55/android/tester-a2dp.c
Examining data/bluez-5.55/android/tester-avrcp.c
Examining data/bluez-5.55/android/tester-bluetooth.c
Examining data/bluez-5.55/android/tester-gatt.c
Examining data/bluez-5.55/android/tester-hdp.c
Examining data/bluez-5.55/android/tester-hidhost.c
Examining data/bluez-5.55/android/tester-main.h
Examining data/bluez-5.55/android/tester-map-client.c
Examining data/bluez-5.55/android/tester-pan.c
Examining data/bluez-5.55/android/tester-socket.c
Examining data/bluez-5.55/android/utils.h
Examining data/bluez-5.55/android/tester-main.c
Examining data/bluez-5.55/attrib/att-database.h
Examining data/bluez-5.55/attrib/att.h
Examining data/bluez-5.55/attrib/gatt-service.c
Examining data/bluez-5.55/attrib/gatt-service.h
Examining data/bluez-5.55/attrib/gatt.c
Examining data/bluez-5.55/attrib/gatt.h
Examining data/bluez-5.55/attrib/gattrib.c
Examining data/bluez-5.55/attrib/gattrib.h
Examining data/bluez-5.55/attrib/gatttool.c
Examining data/bluez-5.55/attrib/gatttool.h
Examining data/bluez-5.55/attrib/interactive.c
Examining data/bluez-5.55/attrib/utils.c
Examining data/bluez-5.55/attrib/att.c
Examining data/bluez-5.55/btio/btio.c
Examining data/bluez-5.55/btio/btio.h
Examining data/bluez-5.55/client/advertising.c
Examining data/bluez-5.55/client/advertising.h
Examining data/bluez-5.55/client/agent.c
Examining data/bluez-5.55/client/agent.h
Examining data/bluez-5.55/client/display.c
Examining data/bluez-5.55/client/display.h
Examining data/bluez-5.55/client/gatt.c
Examining data/bluez-5.55/client/gatt.h
Examining data/bluez-5.55/client/main.c
Examining data/bluez-5.55/emulator/amp.c
Examining data/bluez-5.55/emulator/amp.h
Examining data/bluez-5.55/emulator/b1ee.c
Examining data/bluez-5.55/emulator/btdev.h
Examining data/bluez-5.55/emulator/bthost.c
Examining data/bluez-5.55/emulator/bthost.h
Examining data/bluez-5.55/emulator/hciemu.c
Examining data/bluez-5.55/emulator/hciemu.h
Examining data/bluez-5.55/emulator/hfp.c
Examining data/bluez-5.55/emulator/le.c
Examining data/bluez-5.55/emulator/le.h
Examining data/bluez-5.55/emulator/main.c
Examining data/bluez-5.55/emulator/phy.c
Examining data/bluez-5.55/emulator/phy.h
Examining data/bluez-5.55/emulator/serial.c
Examining data/bluez-5.55/emulator/serial.h
Examining data/bluez-5.55/emulator/server.c
Examining data/bluez-5.55/emulator/server.h
Examining data/bluez-5.55/emulator/smp.c
Examining data/bluez-5.55/emulator/vhci.c
Examining data/bluez-5.55/emulator/vhci.h
Examining data/bluez-5.55/emulator/btdev.c
Examining data/bluez-5.55/gdbus/client.c
Examining data/bluez-5.55/gdbus/gdbus.h
Examining data/bluez-5.55/gdbus/mainloop.c
Examining data/bluez-5.55/gdbus/object.c
Examining data/bluez-5.55/gdbus/polkit.c
Examining data/bluez-5.55/gdbus/watch.c
Examining data/bluez-5.55/gobex/gobex-apparam.c
Examining data/bluez-5.55/gobex/gobex-apparam.h
Examining data/bluez-5.55/gobex/gobex-debug.h
Examining data/bluez-5.55/gobex/gobex-defs.c
Examining data/bluez-5.55/gobex/gobex-defs.h
Examining data/bluez-5.55/gobex/gobex-header.c
Examining data/bluez-5.55/gobex/gobex-header.h
Examining data/bluez-5.55/gobex/gobex-packet.c
Examining data/bluez-5.55/gobex/gobex-packet.h
Examining data/bluez-5.55/gobex/gobex-transfer.c
Examining data/bluez-5.55/gobex/gobex.c
Examining data/bluez-5.55/gobex/gobex.h
Examining data/bluez-5.55/lib/a2mp.h
Examining data/bluez-5.55/lib/amp.h
Examining data/bluez-5.55/lib/bluetooth.c
Examining data/bluez-5.55/lib/bluetooth.h
Examining data/bluez-5.55/lib/bnep.h
Examining data/bluez-5.55/lib/cmtp.h
Examining data/bluez-5.55/lib/hci.c
Examining data/bluez-5.55/lib/hci.h
Examining data/bluez-5.55/lib/hci_lib.h
Examining data/bluez-5.55/lib/hidp.h
Examining data/bluez-5.55/lib/l2cap.h
Examining data/bluez-5.55/lib/mgmt.h
Examining data/bluez-5.55/lib/rfcomm.h
Examining data/bluez-5.55/lib/sco.h
Examining data/bluez-5.55/lib/sdp.c
Examining data/bluez-5.55/lib/sdp.h
Examining data/bluez-5.55/lib/sdp_lib.h
Examining data/bluez-5.55/lib/uuid.c
Examining data/bluez-5.55/lib/uuid.h
Examining data/bluez-5.55/mesh/agent.c
Examining data/bluez-5.55/mesh/agent.h
Examining data/bluez-5.55/mesh/appkey.c
Examining data/bluez-5.55/mesh/appkey.h
Examining data/bluez-5.55/mesh/cfgmod-server.c
Examining data/bluez-5.55/mesh/cfgmod.h
Examining data/bluez-5.55/mesh/crypto.c
Examining data/bluez-5.55/mesh/crypto.h
Examining data/bluez-5.55/mesh/dbus.c
Examining data/bluez-5.55/mesh/dbus.h
Examining data/bluez-5.55/mesh/error.h
Examining data/bluez-5.55/mesh/friend.c
Examining data/bluez-5.55/mesh/friend.h
Examining data/bluez-5.55/mesh/keyring.c
Examining data/bluez-5.55/mesh/keyring.h
Examining data/bluez-5.55/mesh/main.c
Examining data/bluez-5.55/mesh/manager.c
Examining data/bluez-5.55/mesh/manager.h
Examining data/bluez-5.55/mesh/mesh-config-json.c
Examining data/bluez-5.55/mesh/mesh-config.h
Examining data/bluez-5.55/mesh/mesh-defs.h
Examining data/bluez-5.55/mesh/mesh-io-api.h
Examining data/bluez-5.55/mesh/mesh-io-generic.c
Examining data/bluez-5.55/mesh/mesh-io-generic.h
Examining data/bluez-5.55/mesh/mesh-io.c
Examining data/bluez-5.55/mesh/mesh-io.h
Examining data/bluez-5.55/mesh/mesh-mgmt.c
Examining data/bluez-5.55/mesh/mesh-mgmt.h
Examining data/bluez-5.55/mesh/mesh.c
Examining data/bluez-5.55/mesh/mesh.h
Examining data/bluez-5.55/mesh/model.c
Examining data/bluez-5.55/mesh/model.h
Examining data/bluez-5.55/mesh/net-keys.c
Examining data/bluez-5.55/mesh/net-keys.h
Examining data/bluez-5.55/mesh/net.c
Examining data/bluez-5.55/mesh/net.h
Examining data/bluez-5.55/mesh/node.c
Examining data/bluez-5.55/mesh/node.h
Examining data/bluez-5.55/mesh/pb-adv.c
Examining data/bluez-5.55/mesh/pb-adv.h
Examining data/bluez-5.55/mesh/prov-acceptor.c
Examining data/bluez-5.55/mesh/prov-initiator.c
Examining data/bluez-5.55/mesh/prov.h
Examining data/bluez-5.55/mesh/provision.h
Examining data/bluez-5.55/mesh/rpl.c
Examining data/bluez-5.55/mesh/rpl.h
Examining data/bluez-5.55/mesh/util.c
Examining data/bluez-5.55/mesh/util.h
Examining data/bluez-5.55/monitor/a2dp.c
Examining data/bluez-5.55/monitor/a2dp.h
Examining data/bluez-5.55/monitor/analyze.c
Examining data/bluez-5.55/monitor/analyze.h
Examining data/bluez-5.55/monitor/avctp.h
Examining data/bluez-5.55/monitor/avdtp.c
Examining data/bluez-5.55/monitor/avdtp.h
Examining data/bluez-5.55/monitor/bnep.c
Examining data/bluez-5.55/monitor/bnep.h
Examining data/bluez-5.55/monitor/broadcom.c
Examining data/bluez-5.55/monitor/broadcom.h
Examining data/bluez-5.55/monitor/bt.h
Examining data/bluez-5.55/monitor/control.c
Examining data/bluez-5.55/monitor/control.h
Examining data/bluez-5.55/monitor/crc.c
Examining data/bluez-5.55/monitor/crc.h
Examining data/bluez-5.55/monitor/display.c
Examining data/bluez-5.55/monitor/display.h
Examining data/bluez-5.55/monitor/ellisys.c
Examining data/bluez-5.55/monitor/ellisys.h
Examining data/bluez-5.55/monitor/hcidump.c
Examining data/bluez-5.55/monitor/hcidump.h
Examining data/bluez-5.55/monitor/hwdb.c
Examining data/bluez-5.55/monitor/hwdb.h
Examining data/bluez-5.55/monitor/intel.c
Examining data/bluez-5.55/monitor/intel.h
Examining data/bluez-5.55/monitor/jlink.c
Examining data/bluez-5.55/monitor/jlink.h
Examining data/bluez-5.55/monitor/keys.c
Examining data/bluez-5.55/monitor/keys.h
Examining data/bluez-5.55/monitor/l2cap.c
Examining data/bluez-5.55/monitor/l2cap.h
Examining data/bluez-5.55/monitor/ll.h
Examining data/bluez-5.55/monitor/lmp.c
Examining data/bluez-5.55/monitor/lmp.h
Examining data/bluez-5.55/monitor/main.c
Examining data/bluez-5.55/monitor/packet.c
Examining data/bluez-5.55/monitor/packet.h
Examining data/bluez-5.55/monitor/rfcomm.c
Examining data/bluez-5.55/monitor/rfcomm.h
Examining data/bluez-5.55/monitor/sdp.c
Examining data/bluez-5.55/monitor/sdp.h
Examining data/bluez-5.55/monitor/tty.h
Examining data/bluez-5.55/monitor/vendor.c
Examining data/bluez-5.55/monitor/vendor.h
Examining data/bluez-5.55/monitor/avctp.c
Examining data/bluez-5.55/monitor/ll.c
Examining data/bluez-5.55/obexd/client/bluetooth.c
Examining data/bluez-5.55/obexd/client/bluetooth.h
Examining data/bluez-5.55/obexd/client/driver.c
Examining data/bluez-5.55/obexd/client/driver.h
Examining data/bluez-5.55/obexd/client/ftp.c
Examining data/bluez-5.55/obexd/client/ftp.h
Examining data/bluez-5.55/obexd/client/manager.c
Examining data/bluez-5.55/obexd/client/manager.h
Examining data/bluez-5.55/obexd/client/map-event.c
Examining data/bluez-5.55/obexd/client/map-event.h
Examining data/bluez-5.55/obexd/client/map.c
Examining data/bluez-5.55/obexd/client/map.h
Examining data/bluez-5.55/obexd/client/mns.c
Examining data/bluez-5.55/obexd/client/opp.c
Examining data/bluez-5.55/obexd/client/opp.h
Examining data/bluez-5.55/obexd/client/pbap.c
Examining data/bluez-5.55/obexd/client/pbap.h
Examining data/bluez-5.55/obexd/client/session.c
Examining data/bluez-5.55/obexd/client/session.h
Examining data/bluez-5.55/obexd/client/sync.c
Examining data/bluez-5.55/obexd/client/sync.h
Examining data/bluez-5.55/obexd/client/transfer.c
Examining data/bluez-5.55/obexd/client/transfer.h
Examining data/bluez-5.55/obexd/client/transport.c
Examining data/bluez-5.55/obexd/client/transport.h
Examining data/bluez-5.55/obexd/plugins/filesystem.c
Examining data/bluez-5.55/obexd/plugins/filesystem.h
Examining data/bluez-5.55/obexd/plugins/ftp.c
Examining data/bluez-5.55/obexd/plugins/ftp.h
Examining data/bluez-5.55/obexd/plugins/irmc.c
Examining data/bluez-5.55/obexd/plugins/mas.c
Examining data/bluez-5.55/obexd/plugins/messages-dummy.c
Examining data/bluez-5.55/obexd/plugins/messages-tracker.c
Examining data/bluez-5.55/obexd/plugins/messages.h
Examining data/bluez-5.55/obexd/plugins/opp.c
Examining data/bluez-5.55/obexd/plugins/pbap.c
Examining data/bluez-5.55/obexd/plugins/phonebook-dummy.c
Examining data/bluez-5.55/obexd/plugins/phonebook-ebook.c
Examining data/bluez-5.55/obexd/plugins/phonebook-tracker.c
Examining data/bluez-5.55/obexd/plugins/phonebook.h
Examining data/bluez-5.55/obexd/plugins/syncevolution.c
Examining data/bluez-5.55/obexd/plugins/vcard.c
Examining data/bluez-5.55/obexd/plugins/vcard.h
Examining data/bluez-5.55/obexd/plugins/bluetooth.c
Examining data/bluez-5.55/obexd/plugins/pcsuite.c
Examining data/bluez-5.55/obexd/src/log.c
Examining data/bluez-5.55/obexd/src/log.h
Examining data/bluez-5.55/obexd/src/main.c
Examining data/bluez-5.55/obexd/src/manager.h
Examining data/bluez-5.55/obexd/src/map_ap.h
Examining data/bluez-5.55/obexd/src/mimetype.c
Examining data/bluez-5.55/obexd/src/mimetype.h
Examining data/bluez-5.55/obexd/src/obex-priv.h
Examining data/bluez-5.55/obexd/src/obex.c
Examining data/bluez-5.55/obexd/src/obex.h
Examining data/bluez-5.55/obexd/src/obexd.h
Examining data/bluez-5.55/obexd/src/plugin.c
Examining data/bluez-5.55/obexd/src/plugin.h
Examining data/bluez-5.55/obexd/src/server.c
Examining data/bluez-5.55/obexd/src/server.h
Examining data/bluez-5.55/obexd/src/service.c
Examining data/bluez-5.55/obexd/src/service.h
Examining data/bluez-5.55/obexd/src/transport.c
Examining data/bluez-5.55/obexd/src/transport.h
Examining data/bluez-5.55/obexd/src/manager.c
Examining data/bluez-5.55/peripheral/attach.c
Examining data/bluez-5.55/peripheral/attach.h
Examining data/bluez-5.55/peripheral/efivars.c
Examining data/bluez-5.55/peripheral/efivars.h
Examining data/bluez-5.55/peripheral/gap.c
Examining data/bluez-5.55/peripheral/gap.h
Examining data/bluez-5.55/peripheral/gatt.c
Examining data/bluez-5.55/peripheral/gatt.h
Examining data/bluez-5.55/peripheral/log.c
Examining data/bluez-5.55/peripheral/log.h
Examining data/bluez-5.55/peripheral/main.c
Examining data/bluez-5.55/plugins/autopair.c
Examining data/bluez-5.55/plugins/external-dummy.c
Examining data/bluez-5.55/plugins/hostname.c
Examining data/bluez-5.55/plugins/neard.c
Examining data/bluez-5.55/plugins/sixaxis.c
Examining data/bluez-5.55/plugins/wiimote.c
Examining data/bluez-5.55/plugins/policy.c
Examining data/bluez-5.55/profiles/audio/a2dp-codecs.h
Examining data/bluez-5.55/profiles/audio/a2dp.c
Examining data/bluez-5.55/profiles/audio/a2dp.h
Examining data/bluez-5.55/profiles/audio/avctp.c
Examining data/bluez-5.55/profiles/audio/avctp.h
Examining data/bluez-5.55/profiles/audio/avdtp.c
Examining data/bluez-5.55/profiles/audio/avdtp.h
Examining data/bluez-5.55/profiles/audio/avrcp.c
Examining data/bluez-5.55/profiles/audio/avrcp.h
Examining data/bluez-5.55/profiles/audio/control.c
Examining data/bluez-5.55/profiles/audio/control.h
Examining data/bluez-5.55/profiles/audio/media.c
Examining data/bluez-5.55/profiles/audio/media.h
Examining data/bluez-5.55/profiles/audio/player.c
Examining data/bluez-5.55/profiles/audio/player.h
Examining data/bluez-5.55/profiles/audio/sink.c
Examining data/bluez-5.55/profiles/audio/sink.h
Examining data/bluez-5.55/profiles/audio/source.c
Examining data/bluez-5.55/profiles/audio/source.h
Examining data/bluez-5.55/profiles/audio/transport.c
Examining data/bluez-5.55/profiles/audio/transport.h
Examining data/bluez-5.55/profiles/battery/bas.c
Examining data/bluez-5.55/profiles/battery/bas.h
Examining data/bluez-5.55/profiles/battery/battery.c
Examining data/bluez-5.55/profiles/cups/cups.h
Examining data/bluez-5.55/profiles/cups/hcrp.c
Examining data/bluez-5.55/profiles/cups/main.c
Examining data/bluez-5.55/profiles/cups/sdp.c
Examining data/bluez-5.55/profiles/cups/spp.c
Examining data/bluez-5.55/profiles/deviceinfo/deviceinfo.c
Examining data/bluez-5.55/profiles/deviceinfo/dis.c
Examining data/bluez-5.55/profiles/deviceinfo/dis.h
Examining data/bluez-5.55/profiles/gap/gas.c
Examining data/bluez-5.55/profiles/health/hdp.c
Examining data/bluez-5.55/profiles/health/hdp.h
Examining data/bluez-5.55/profiles/health/hdp_main.c
Examining data/bluez-5.55/profiles/health/hdp_manager.c
Examining data/bluez-5.55/profiles/health/hdp_manager.h
Examining data/bluez-5.55/profiles/health/hdp_types.h
Examining data/bluez-5.55/profiles/health/hdp_util.c
Examining data/bluez-5.55/profiles/health/hdp_util.h
Examining data/bluez-5.55/profiles/health/mcap.h
Examining data/bluez-5.55/profiles/health/mcap.c
Examining data/bluez-5.55/profiles/iap/main.c
Examining data/bluez-5.55/profiles/input/device.c
Examining data/bluez-5.55/profiles/input/device.h
Examining data/bluez-5.55/profiles/input/hidp_defs.h
Examining data/bluez-5.55/profiles/input/hog-lib.c
Examining data/bluez-5.55/profiles/input/hog-lib.h
Examining data/bluez-5.55/profiles/input/hog.c
Examining data/bluez-5.55/profiles/input/manager.c
Examining data/bluez-5.55/profiles/input/server.c
Examining data/bluez-5.55/profiles/input/server.h
Examining data/bluez-5.55/profiles/input/sixaxis.h
Examining data/bluez-5.55/profiles/input/suspend-none.c
Examining data/bluez-5.55/profiles/input/suspend.h
Examining data/bluez-5.55/profiles/input/uhid_copy.h
Examining data/bluez-5.55/profiles/input/suspend-dummy.c
Examining data/bluez-5.55/profiles/midi/libmidi.c
Examining data/bluez-5.55/profiles/midi/libmidi.h
Examining data/bluez-5.55/profiles/midi/midi.c
Examining data/bluez-5.55/profiles/network/bnep.c
Examining data/bluez-5.55/profiles/network/bnep.h
Examining data/bluez-5.55/profiles/network/connection.c
Examining data/bluez-5.55/profiles/network/connection.h
Examining data/bluez-5.55/profiles/network/manager.c
Examining data/bluez-5.55/profiles/network/server.c
Examining data/bluez-5.55/profiles/network/server.h
Examining data/bluez-5.55/profiles/sap/main.c
Examining data/bluez-5.55/profiles/sap/manager.c
Examining data/bluez-5.55/profiles/sap/manager.h
Examining data/bluez-5.55/profiles/sap/sap-dummy.c
Examining data/bluez-5.55/profiles/sap/sap.h
Examining data/bluez-5.55/profiles/sap/server.c
Examining data/bluez-5.55/profiles/sap/server.h
Examining data/bluez-5.55/profiles/scanparam/scan.c
Examining data/bluez-5.55/profiles/scanparam/scpp.c
Examining data/bluez-5.55/profiles/scanparam/scpp.h
Examining data/bluez-5.55/src/adapter.h
Examining data/bluez-5.55/src/advertising.c
Examining data/bluez-5.55/src/advertising.h
Examining data/bluez-5.55/src/agent.h
Examining data/bluez-5.55/src/attrib-server.c
Examining data/bluez-5.55/src/attrib-server.h
Examining data/bluez-5.55/src/backtrace.c
Examining data/bluez-5.55/src/backtrace.h
Examining data/bluez-5.55/src/dbus-common.c
Examining data/bluez-5.55/src/dbus-common.h
Examining data/bluez-5.55/src/device.c
Examining data/bluez-5.55/src/device.h
Examining data/bluez-5.55/src/eir.c
Examining data/bluez-5.55/src/eir.h
Examining data/bluez-5.55/src/error.c
Examining data/bluez-5.55/src/error.h
Examining data/bluez-5.55/src/gatt-client.c
Examining data/bluez-5.55/src/gatt-client.h
Examining data/bluez-5.55/src/gatt-database.c
Examining data/bluez-5.55/src/gatt-database.h
Examining data/bluez-5.55/src/hcid.h
Examining data/bluez-5.55/src/log.c
Examining data/bluez-5.55/src/log.h
Examining data/bluez-5.55/src/main.c
Examining data/bluez-5.55/src/oui.c
Examining data/bluez-5.55/src/oui.h
Examining data/bluez-5.55/src/plugin.c
Examining data/bluez-5.55/src/plugin.h
Examining data/bluez-5.55/src/profile.c
Examining data/bluez-5.55/src/profile.h
Examining data/bluez-5.55/src/rfkill.c
Examining data/bluez-5.55/src/sdp-client.c
Examining data/bluez-5.55/src/sdp-client.h
Examining data/bluez-5.55/src/sdp-xml.c
Examining data/bluez-5.55/src/sdp-xml.h
Examining data/bluez-5.55/src/sdpd-database.c
Examining data/bluez-5.55/src/sdpd-request.c
Examining data/bluez-5.55/src/sdpd-server.c
Examining data/bluez-5.55/src/sdpd-service.c
Examining data/bluez-5.55/src/sdpd.h
Examining data/bluez-5.55/src/service.c
Examining data/bluez-5.55/src/service.h
Examining data/bluez-5.55/src/shared/ad.c
Examining data/bluez-5.55/src/shared/ad.h
Examining data/bluez-5.55/src/shared/att-types.h
Examining data/bluez-5.55/src/shared/att.c
Examining data/bluez-5.55/src/shared/att.h
Examining data/bluez-5.55/src/shared/btp.c
Examining data/bluez-5.55/src/shared/btp.h
Examining data/bluez-5.55/src/shared/btsnoop.c
Examining data/bluez-5.55/src/shared/btsnoop.h
Examining data/bluez-5.55/src/shared/crypto.c
Examining data/bluez-5.55/src/shared/crypto.h
Examining data/bluez-5.55/src/shared/ecc.c
Examining data/bluez-5.55/src/shared/ecc.h
Examining data/bluez-5.55/src/shared/gap.c
Examining data/bluez-5.55/src/shared/gap.h
Examining data/bluez-5.55/src/shared/gatt-client.h
Examining data/bluez-5.55/src/shared/gatt-db.c
Examining data/bluez-5.55/src/shared/gatt-db.h
Examining data/bluez-5.55/src/shared/gatt-helpers.c
Examining data/bluez-5.55/src/shared/gatt-helpers.h
Examining data/bluez-5.55/src/shared/gatt-server.c
Examining data/bluez-5.55/src/shared/gatt-server.h
Examining data/bluez-5.55/src/shared/hci-crypto.c
Examining data/bluez-5.55/src/shared/hci-crypto.h
Examining data/bluez-5.55/src/shared/hci.c
Examining data/bluez-5.55/src/shared/hci.h
Examining data/bluez-5.55/src/shared/hfp.c
Examining data/bluez-5.55/src/shared/hfp.h
Examining data/bluez-5.55/src/shared/io-ell.c
Examining data/bluez-5.55/src/shared/io-glib.c
Examining data/bluez-5.55/src/shared/io-mainloop.c
Examining data/bluez-5.55/src/shared/io.h
Examining data/bluez-5.55/src/shared/log.c
Examining data/bluez-5.55/src/shared/log.h
Examining data/bluez-5.55/src/shared/mainloop-ell.c
Examining data/bluez-5.55/src/shared/mainloop-glib.c
Examining data/bluez-5.55/src/shared/mainloop-notify.c
Examining data/bluez-5.55/src/shared/mainloop-notify.h
Examining data/bluez-5.55/src/shared/mainloop.c
Examining data/bluez-5.55/src/shared/mainloop.h
Examining data/bluez-5.55/src/shared/mgmt.c
Examining data/bluez-5.55/src/shared/mgmt.h
Examining data/bluez-5.55/src/shared/pcap.c
Examining data/bluez-5.55/src/shared/pcap.h
Examining data/bluez-5.55/src/shared/queue.c
Examining data/bluez-5.55/src/shared/queue.h
Examining data/bluez-5.55/src/shared/ringbuf.c
Examining data/bluez-5.55/src/shared/ringbuf.h
Examining data/bluez-5.55/src/shared/shell.c
Examining data/bluez-5.55/src/shared/shell.h
Examining data/bluez-5.55/src/shared/tester.c
Examining data/bluez-5.55/src/shared/tester.h
Examining data/bluez-5.55/src/shared/timeout-ell.c
Examining data/bluez-5.55/src/shared/timeout-glib.c
Examining data/bluez-5.55/src/shared/timeout-mainloop.c
Examining data/bluez-5.55/src/shared/timeout.h
Examining data/bluez-5.55/src/shared/tty.h
Examining data/bluez-5.55/src/shared/uhid.c
Examining data/bluez-5.55/src/shared/uhid.h
Examining data/bluez-5.55/src/shared/util.h
Examining data/bluez-5.55/src/shared/util.c
Examining data/bluez-5.55/src/shared/gatt-client.c
Examining data/bluez-5.55/src/storage.c
Examining data/bluez-5.55/src/storage.h
Examining data/bluez-5.55/src/textfile.c
Examining data/bluez-5.55/src/textfile.h
Examining data/bluez-5.55/src/uinput.h
Examining data/bluez-5.55/src/uuid-helper.c
Examining data/bluez-5.55/src/uuid-helper.h
Examining data/bluez-5.55/src/agent.c
Examining data/bluez-5.55/src/adapter.c
Examining data/bluez-5.55/tools/3dsp.c
Examining data/bluez-5.55/tools/advtest.c
Examining data/bluez-5.55/tools/amptest.c
Examining data/bluez-5.55/tools/avinfo.c
Examining data/bluez-5.55/tools/avtest.c
Examining data/bluez-5.55/tools/bccmd.c
Examining data/bluez-5.55/tools/bcmfw.c
Examining data/bluez-5.55/tools/bdaddr.c
Examining data/bluez-5.55/tools/bluemoon.c
Examining data/bluez-5.55/tools/bluetooth-player.c
Examining data/bluez-5.55/tools/bnep-tester.c
Examining data/bluez-5.55/tools/bneptest.c
Examining data/bluez-5.55/tools/btattach.c
Examining data/bluez-5.55/tools/btconfig.c
Examining data/bluez-5.55/tools/btgatt-client.c
Examining data/bluez-5.55/tools/btgatt-server.c
Examining data/bluez-5.55/tools/btinfo.c
Examining data/bluez-5.55/tools/btiotest.c
Examining data/bluez-5.55/tools/btmgmt.c
Examining data/bluez-5.55/tools/btmon-logger.c
Examining data/bluez-5.55/tools/btproxy.c
Examining data/bluez-5.55/tools/btsnoop.c
Examining data/bluez-5.55/tools/check-selftest.c
Examining data/bluez-5.55/tools/cltest.c
Examining data/bluez-5.55/tools/create-image.c
Examining data/bluez-5.55/tools/csr.c
Examining data/bluez-5.55/tools/csr.h
Examining data/bluez-5.55/tools/csr_3wire.c
Examining data/bluez-5.55/tools/csr_bcsp.c
Examining data/bluez-5.55/tools/csr_h4.c
Examining data/bluez-5.55/tools/csr_hci.c
Examining data/bluez-5.55/tools/csr_usb.c
Examining data/bluez-5.55/tools/eddystone.c
Examining data/bluez-5.55/tools/gap-tester.c
Examining data/bluez-5.55/tools/gatt-service.c
Examining data/bluez-5.55/tools/hci-tester.c
Examining data/bluez-5.55/tools/hciattach.c
Examining data/bluez-5.55/tools/hciattach.h
Examining data/bluez-5.55/tools/hciattach_ath3k.c
Examining data/bluez-5.55/tools/hciattach_bcm43xx.c
Examining data/bluez-5.55/tools/hciattach_intel.c
Examining data/bluez-5.55/tools/hciattach_qualcomm.c
Examining data/bluez-5.55/tools/hciattach_st.c
Examining data/bluez-5.55/tools/hciattach_ti.c
Examining data/bluez-5.55/tools/hciattach_tialt.c
Examining data/bluez-5.55/tools/hciconfig.c
Examining data/bluez-5.55/tools/hcidump.c
Examining data/bluez-5.55/tools/hcieventmask.c
Examining data/bluez-5.55/tools/hcisecfilter.c
Examining data/bluez-5.55/tools/hcitool.c
Examining data/bluez-5.55/tools/hex2hcd.c
Examining data/bluez-5.55/tools/hid2hci.c
Examining data/bluez-5.55/tools/hwdb.c
Examining data/bluez-5.55/tools/ibeacon.c
Examining data/bluez-5.55/tools/l2cap-tester.c
Examining data/bluez-5.55/tools/l2ping.c
Examining data/bluez-5.55/tools/mcaptest.c
Examining data/bluez-5.55/tools/mesh-cfgclient.c
Examining data/bluez-5.55/tools/mesh-gatt/config-client.c
Examining data/bluez-5.55/tools/mesh-gatt/config-server.c
Examining data/bluez-5.55/tools/mesh-gatt/crypto.c
Examining data/bluez-5.55/tools/mesh-gatt/crypto.h
Examining data/bluez-5.55/tools/mesh-gatt/gatt.c
Examining data/bluez-5.55/tools/mesh-gatt/gatt.h
Examining data/bluez-5.55/tools/mesh-gatt/keys.h
Examining data/bluez-5.55/tools/mesh-gatt/mesh-net.h
Examining data/bluez-5.55/tools/mesh-gatt/net.c
Examining data/bluez-5.55/tools/mesh-gatt/net.h
Examining data/bluez-5.55/tools/mesh-gatt/node.c
Examining data/bluez-5.55/tools/mesh-gatt/node.h
Examining data/bluez-5.55/tools/mesh-gatt/onoff-model.c
Examining data/bluez-5.55/tools/mesh-gatt/onoff-model.h
Examining data/bluez-5.55/tools/mesh-gatt/prov-db.c
Examining data/bluez-5.55/tools/mesh-gatt/prov-db.h
Examining data/bluez-5.55/tools/mesh-gatt/prov.c
Examining data/bluez-5.55/tools/mesh-gatt/prov.h
Examining data/bluez-5.55/tools/mesh-gatt/util.c
Examining data/bluez-5.55/tools/mesh-gatt/util.h
Examining data/bluez-5.55/tools/mesh/agent.c
Examining data/bluez-5.55/tools/mesh/agent.h
Examining data/bluez-5.55/tools/mesh/cfgcli.c
Examining data/bluez-5.55/tools/mesh/cfgcli.h
Examining data/bluez-5.55/tools/mesh/config-model.h
Examining data/bluez-5.55/tools/mesh/keys.c
Examining data/bluez-5.55/tools/mesh/keys.h
Examining data/bluez-5.55/tools/mesh/mesh-db.c
Examining data/bluez-5.55/tools/mesh/mesh-db.h
Examining data/bluez-5.55/tools/mesh/model.h
Examining data/bluez-5.55/tools/mesh/remote.c
Examining data/bluez-5.55/tools/mesh/remote.h
Examining data/bluez-5.55/tools/mesh/util.c
Examining data/bluez-5.55/tools/mesh/util.h
Examining data/bluez-5.55/tools/meshctl.c
Examining data/bluez-5.55/tools/mgmt-tester.c
Examining data/bluez-5.55/tools/mpris-proxy.c
Examining data/bluez-5.55/tools/nokfw.c
Examining data/bluez-5.55/tools/obex-client-tool.c
Examining data/bluez-5.55/tools/obex-server-tool.c
Examining data/bluez-5.55/tools/obexctl.c
Examining data/bluez-5.55/tools/oobtest.c
Examining data/bluez-5.55/tools/parser/amp.c
Examining data/bluez-5.55/tools/parser/avctp.c
Examining data/bluez-5.55/tools/parser/avdtp.c
Examining data/bluez-5.55/tools/parser/bnep.c
Examining data/bluez-5.55/tools/parser/bpa.c
Examining data/bluez-5.55/tools/parser/capi.c
Examining data/bluez-5.55/tools/parser/cmtp.c
Examining data/bluez-5.55/tools/parser/csr.c
Examining data/bluez-5.55/tools/parser/ericsson.c
Examining data/bluez-5.55/tools/parser/hcrp.c
Examining data/bluez-5.55/tools/parser/hidp.c
Examining data/bluez-5.55/tools/parser/l2cap.h
Examining data/bluez-5.55/tools/parser/lmp.c
Examining data/bluez-5.55/tools/parser/obex.c
Examining data/bluez-5.55/tools/parser/parser.c
Examining data/bluez-5.55/tools/parser/parser.h
Examining data/bluez-5.55/tools/parser/ppp.c
Examining data/bluez-5.55/tools/parser/rfcomm.c
Examining data/bluez-5.55/tools/parser/rfcomm.h
Examining data/bluez-5.55/tools/parser/sap.c
Examining data/bluez-5.55/tools/parser/sdp.c
Examining data/bluez-5.55/tools/parser/sdp.h
Examining data/bluez-5.55/tools/parser/tcpip.c
Examining data/bluez-5.55/tools/parser/att.c
Examining data/bluez-5.55/tools/parser/avrcp.c
Examining data/bluez-5.55/tools/parser/hci.c
Examining data/bluez-5.55/tools/parser/l2cap.c
Examining data/bluez-5.55/tools/parser/smp.c
Examining data/bluez-5.55/tools/rfcomm-tester.c
Examining data/bluez-5.55/tools/rfcomm.c
Examining data/bluez-5.55/tools/rtlfw.c
Examining data/bluez-5.55/tools/sco-tester.c
Examining data/bluez-5.55/tools/scotest.c
Examining data/bluez-5.55/tools/sdptool.c
Examining data/bluez-5.55/tools/seq2bseq.c
Examining data/bluez-5.55/tools/smp-tester.c
Examining data/bluez-5.55/tools/test-runner.c
Examining data/bluez-5.55/tools/ubcsp.c
Examining data/bluez-5.55/tools/ubcsp.h
Examining data/bluez-5.55/tools/userchan-tester.c
Examining data/bluez-5.55/tools/ciptool.c
Examining data/bluez-5.55/tools/btpclient.c
Examining data/bluez-5.55/tools/l2test.c
Examining data/bluez-5.55/tools/rctest.c
Examining data/bluez-5.55/unit/test-avctp.c
Examining data/bluez-5.55/unit/test-avdtp.c
Examining data/bluez-5.55/unit/test-avrcp.c
Examining data/bluez-5.55/unit/test-crc.c
Examining data/bluez-5.55/unit/test-crypto.c
Examining data/bluez-5.55/unit/test-ecc.c
Examining data/bluez-5.55/unit/test-eir.c
Examining data/bluez-5.55/unit/test-gatt.c
Examining data/bluez-5.55/unit/test-gattrib.c
Examining data/bluez-5.55/unit/test-gdbus-client.c
Examining data/bluez-5.55/unit/test-gobex-apparam.c
Examining data/bluez-5.55/unit/test-gobex-header.c
Examining data/bluez-5.55/unit/test-gobex-packet.c
Examining data/bluez-5.55/unit/test-gobex-transfer.c
Examining data/bluez-5.55/unit/test-gobex.c
Examining data/bluez-5.55/unit/test-hfp.c
Examining data/bluez-5.55/unit/test-hog.c
Examining data/bluez-5.55/unit/test-lib.c
Examining data/bluez-5.55/unit/test-mesh-crypto.c
Examining data/bluez-5.55/unit/test-mgmt.c
Examining data/bluez-5.55/unit/test-midi.c
Examining data/bluez-5.55/unit/test-queue.c
Examining data/bluez-5.55/unit/test-ringbuf.c
Examining data/bluez-5.55/unit/test-sdp.c
Examining data/bluez-5.55/unit/test-textfile.c
Examining data/bluez-5.55/unit/test-uhid.c
Examining data/bluez-5.55/unit/test-uuid.c
Examining data/bluez-5.55/unit/util.c
Examining data/bluez-5.55/unit/util.h
FINAL RESULTS:
data/bluez-5.55/src/sdpd-server.c:146:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(SDP_UNIX_PATH, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
data/bluez-5.55/tools/btproxy.c:663:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(path, 0666) < 0)
data/bluez-5.55/android/bluetooth.c:5262:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(path, sizeof(path), DUT_MODE_FILE, adapter.index);
data/bluez-5.55/android/client/if-gatt.c:330:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{%s,%d}", gatt_uuid_t2str(&char_id->uuid, uuid_buf),
data/bluez-5.55/android/client/if-gatt.c:365:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{%s,%d,%d}", gatt_uuid_t2str(&srvc_id->id.uuid, uuid_buf),
data/bluez-5.55/android/client/if-gatt.c:436:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{bda=%s, srvc_id=%s, char_id=%s, val=%s, is_notify=%u}",
data/bluez-5.55/android/client/if-gatt.c:459:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "{srvc_id=%s, char_id=%s, descr_id=%s, val=%s value_type=%d, status=%d}",
data/bluez-5.55/android/client/if-hf-client.c:150:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(features_str, "BTHF_CLIENT_PEER_FEAT_3WAY: %s,\n"
data/bluez-5.55/android/client/if-hf-client.c:178:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(features_str,
data/bluez-5.55/android/client/if-hh.c:88:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(connected_device_addr, addr);
data/bluez-5.55/android/client/if-main.h:150:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/bluez-5.55/android/client/if-main.h:151:64: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int haltest_info(const char *format, ...)__attribute__((format(printf, 1, 2)));
data/bluez-5.55/android/client/if-main.h:152:64: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int haltest_warn(const char *format, ...)__attribute__((format(printf, 1, 2)));
data/bluez-5.55/android/client/if-rc.c:258:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)attrs.text, argv[4]);
data/bluez-5.55/android/client/tabcompletion.c:140:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix, enum_name);
data/bluez-5.55/android/client/terminal.c:162:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line_buf, p);
data/bluez-5.55/android/client/terminal.c:198:8: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ret = vprintf(format, args);
data/bluez-5.55/android/hal-log.h:28:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ALOG(pri, tag, fmt, arg...) fprintf(stderr, tag pri": " fmt"\n", ##arg)
data/bluez-5.55/android/hal-utils.c:270:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, bdaddr2str(addr));
data/bluez-5.55/android/hal-utils.c:287:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, btuuid2str(uuid->uu));
data/bluez-5.55/android/hal-utils.c:303:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
str += sprintf(str, "Privacy supported: %s,\n",
data/bluez-5.55/android/hal-utils.c:309:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
str += sprintf(str, "PRA offloading support: %s,\n",
data/bluez-5.55/android/hal-utils.c:323:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
str += sprintf(str, "Activity & energy report support: %s\n",
data/bluez-5.55/android/hal-utils.c:336:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p = buf + sprintf(buf, "type=%s len=%d val=",
data/bluez-5.55/android/hal-utils.c:347:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "%s", bdaddr2str((bt_bdaddr_t *) property->val));
data/bluez-5.55/android/hal-utils.c:353:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "%s", bt_device_type_t2str(
data/bluez-5.55/android/hal-utils.c:360:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "%s",
data/bluez-5.55/android/hal-utils.c:374:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "{%s, %d, %s}", btuuid2str(rec->uuid.uu),
data/bluez-5.55/android/hal-utils.c:403:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(key, sizeof(key), PROP_PREFIX"%s", config_key);
data/bluez-5.55/android/hal-utils.c:409:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(key, sizeof(key), PROP_PREFIX_RO"%s", config_key);
data/bluez-5.55/android/handsfree-client.c:867:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(&buf[offset], c);
data/bluez-5.55/android/handsfree-client.c:1652:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bac, codecs_string);
data/bluez-5.55/android/handsfree.c:1263:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "(\"%s\",(%d%c%d)),",
data/bluez-5.55/android/hardware/hardware.c:33:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ALOG(pri, tag, fmt, arg...) fprintf(stderr, tag pri": " fmt"\n", ##arg)
data/bluez-5.55/client/display.c:61:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/bluez-5.55/client/display.c:133:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(prompt, sizeof(prompt), COLOR_RED "[%s]" COLOR_OFF " %s ",
data/bluez-5.55/client/display.h:32:60: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void rl_printf(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
data/bluez-5.55/emulator/amp.c:730:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path + 1, path);
data/bluez-5.55/emulator/amp.c:757:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path + 1, path);
data/bluez-5.55/emulator/server.c:282:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, path);
data/bluez-5.55/gdbus/gdbus.h:244:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5)));
data/bluez-5.55/gdbus/gdbus.h:251:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/bluez-5.55/gdbus/gdbus.h:264:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5)));
data/bluez-5.55/gdbus/object.c:1439:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str, sizeof(str), format, args);
data/bluez-5.55/lib/bluetooth.c:142:8: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
len = vprintf(format, ap);
data/bluez-5.55/lib/bluetooth.c:154:8: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
len = vfprintf(stream, format, ap);
data/bluez-5.55/lib/bluetooth.c:166:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(str, (~0U) >> 1, format, ap);
data/bluez-5.55/lib/bluetooth.c:178:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(str, size, format, ap);
data/bluez-5.55/lib/hci.c:69:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%s ", m->str);
data/bluez-5.55/lib/hci.c:110:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%s", m->str);
data/bluez-5.55/lib/hci.c:220:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%s ", m->str);
data/bluez-5.55/lib/hci.c:329:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, s);
data/bluez-5.55/lib/hci.c:632:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%s", pref);
data/bluez-5.55/lib/hci.c:641:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "\n%s", pref ? pref : "");
data/bluez-5.55/lib/hci.c:644:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "'%s' ", m->str);
data/bluez-5.55/lib/hci.c:817:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%s", pref);
data/bluez-5.55/lib/hci.c:827:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "\n%s",
data/bluez-5.55/lib/hci.c:831:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ptr += sprintf(ptr, "%s ", m->str);
data/bluez-5.55/lib/sdp.c:52:29: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
#define SDPINF(fmt, arg...) syslog(LOG_INFO, fmt "\n", ## arg)
data/bluez-5.55/lib/sdp.c:2210:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, sdpdata->val.str);
data/bluez-5.55/lib/sdp.c:4661:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sa.sun_path, SDP_UNIX_PATH);
data/bluez-5.55/monitor/display.c:144:4: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(pager, pager, NULL);
data/bluez-5.55/monitor/display.c:145:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh", "sh", "-c", pager, NULL);
data/bluez-5.55/monitor/display.c:148:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("pager", "pager", NULL);
data/bluez-5.55/monitor/display.c:149:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("less", "less", NULL);
data/bluez-5.55/monitor/display.c:150:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("more", "more", NULL);
data/bluez-5.55/monitor/packet.c:307:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(ts_str + ts_pos, "%s", COLOR_CHANNEL_LABEL);
data/bluez-5.55/monitor/packet.c:312:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(ts_str + ts_pos, " {%s}", channel);
data/bluez-5.55/monitor/packet.c:320:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(ts_str + ts_pos, "%s", COLOR_FRAME_LABEL);
data/bluez-5.55/monitor/packet.c:336:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(ts_str + ts_pos, "%s", COLOR_INDEX_LABEL);
data/bluez-5.55/monitor/packet.c:355:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(ts_str + ts_pos, "%s", COLOR_TIMESTAMP);
data/bluez-5.55/monitor/packet.c:389:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(ts_str + ts_pos, "%s", COLOR_OFF);
data/bluez-5.55/monitor/packet.c:395:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(line + pos, "%s", color);
data/bluez-5.55/monitor/packet.c:400:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(line + pos, "%c %s", ident, label ? label : "");
data/bluez-5.55/monitor/packet.c:428:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(line + pos, "%s", COLOR_OFF);
data/bluez-5.55/monitor/packet.c:434:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(line + pos, " %s", extra);
data/bluez-5.55/monitor/packet.c:10963:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(details, "(%s,%s,%s)", hci_typetostr(type),
data/bluez-5.55/monitor/packet.c:10993:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(details, "(%s)", bt_compidtostr(manufacturer));
data/bluez-5.55/monitor/packet.c:11509:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(details, "%sversion %u.%u",
data/bluez-5.55/obexd/client/map.c:455:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(handle, sizeof(handle), "%" PRIx64, msg->handle);
data/bluez-5.55/obexd/client/map.c:753:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(handle, sizeof(handle), "%" PRIx64, msg->handle);
data/bluez-5.55/obexd/plugins/vcard.c:96:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/bluez-5.55/obexd/src/log.h:24:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void info(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/bluez-5.55/obexd/src/log.h:25:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void error(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/bluez-5.55/obexd/src/log.h:27:64: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void obex_debug(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/bluez-5.55/profiles/audio/a2dp.c:867:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s",
data/bluez-5.55/profiles/audio/a2dp.c:1975:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(value, "%02hhx:%02hhx:%02hhx:%s", &type, &codec,
data/bluez-5.55/profiles/audio/a2dp.c:1978:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(value, "%02hhx:%02hhx:%s", &type, &codec,
data/bluez-5.55/profiles/audio/a2dp.c:2050:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s",
data/bluez-5.55/profiles/audio/a2dp.c:2676:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s",
data/bluez-5.55/profiles/audio/avctp.c:1205:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev.name + len, suffix);
data/bluez-5.55/profiles/audio/media.c:1480:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(valstr, 20, "%" PRIu64, value);
data/bluez-5.55/profiles/input/device.c:1059:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", src_addr,
data/bluez-5.55/src/adapter.c:517:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/settings",
data/bluez-5.55/src/adapter.c:3603:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(rand, "%" PRIu64, <k->rand);
data/bluez-5.55/src/adapter.c:3753:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/identity",
data/bluez-5.55/src/adapter.c:4459:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(dirname, PATH_MAX, STORAGEDIR "/%s",
data/bluez-5.55/src/adapter.c:4488:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/adapter.c:5435:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", address, str);
data/bluez-5.55/src/adapter.c:5652:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s",
data/bluez-5.55/src/adapter.c:5660:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/adapter.c:5688:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s", address, file);
data/bluez-5.55/src/adapter.c:5758:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", local, peer);
data/bluez-5.55/src/adapter.c:5806:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s", src_addr, dst_addr);
data/bluez-5.55/src/adapter.c:5832:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/attributes", src_addr,
data/bluez-5.55/src/adapter.c:5884:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/attributes", address,
data/bluez-5.55/src/adapter.c:5890:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
ret = sscanf(*service, "%04hX#%04hX#%s", &start, &end,
data/bluez-5.55/src/adapter.c:5916:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info", address, key);
data/bluez-5.55/src/adapter.c:5957:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s", src_addr, dst_addr);
data/bluez-5.55/src/adapter.c:5963:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/ccc", src_addr,
data/bluez-5.55/src/adapter.c:6004:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s", src_addr, dst_addr);
data/bluez-5.55/src/adapter.c:6010:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/gatt", src_addr,
data/bluez-5.55/src/adapter.c:6050:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s", src_addr, key);
data/bluez-5.55/src/adapter.c:6056:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/proximity", src_addr,
data/bluez-5.55/src/adapter.c:6081:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/names", address);
data/bluez-5.55/src/adapter.c:6097:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/primaries", address);
data/bluez-5.55/src/adapter.c:6113:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/sdp", address);
data/bluez-5.55/src/adapter.c:6117:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/ccc", address);
data/bluez-5.55/src/adapter.c:6124:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/gatt", address);
data/bluez-5.55/src/adapter.c:6128:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/proximity", address);
data/bluez-5.55/src/adapter.c:6144:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(config_path, PATH_MAX, STORAGEDIR "/%s/config", address);
data/bluez-5.55/src/adapter.c:6178:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/config", address);
data/bluez-5.55/src/adapter.c:6187:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/names", address);
data/bluez-5.55/src/adapter.c:6190:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/aliases", address);
data/bluez-5.55/src/adapter.c:6193:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/trusts", address);
data/bluez-5.55/src/adapter.c:6196:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/blocked", address);
data/bluez-5.55/src/adapter.c:6199:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/profiles", address);
data/bluez-5.55/src/adapter.c:6202:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/primaries", address);
data/bluez-5.55/src/adapter.c:6205:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/linkkeys", address);
data/bluez-5.55/src/adapter.c:6208:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/longtermkeys", address);
data/bluez-5.55/src/adapter.c:6211:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/classes", address);
data/bluez-5.55/src/adapter.c:6214:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/did", address);
data/bluez-5.55/src/adapter.c:6217:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/sdp", address);
data/bluez-5.55/src/adapter.c:6220:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/ccc", address);
data/bluez-5.55/src/adapter.c:6223:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/appearances", address);
data/bluez-5.55/src/adapter.c:6226:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/gatt", address);
data/bluez-5.55/src/adapter.c:6229:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/proximity", address);
data/bluez-5.55/src/adapter.c:6242:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/settings",
data/bluez-5.55/src/adapter.c:7922:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/adapter.c:8012:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/adapter.c:8143:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/adapter.c:8214:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/adapter.c:8302:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/adapter.c:8903:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/device.c:404:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/device.c:534:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s",
data/bluez-5.55/src/device.c:2258:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/attributes",
data/bluez-5.55/src/device.c:2341:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%04hx:%s", saver->ext_props, uuid_str);
data/bluez-5.55/src/device.c:2343:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%s", uuid_str);
data/bluez-5.55/src/device.c:2377:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(value, GATT_CHARAC_UUID_STR ":%04hx:%02hhx:"
data/bluez-5.55/src/device.c:2387:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(value, GATT_CHARAC_UUID_STR ":%04hx:%02hhx:%s",
data/bluez-5.55/src/device.c:2391:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(value, GATT_CHARAC_UUID_STR ":%04hx:%02hhx:%s",
data/bluez-5.55/src/device.c:2423:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(value, GATT_INCLUDE_UUID_STR ":%04hx:%04hx:%s", start,
data/bluez-5.55/src/device.c:2454:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%s:%04hx:%s", type, end, uuid_str);
data/bluez-5.55/src/device.c:2482:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s",
data/bluez-5.55/src/device.c:3113:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", local, peer);
data/bluez-5.55/src/device.c:3212:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info", adapter_addr,
data/bluez-5.55/src/device.c:3245:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(device->name, str);
data/bluez-5.55/src/device.c:3372:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/attributes", local,
data/bluez-5.55/src/device.c:3505:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(value, "%04hx:%s", &val, uuid_str) != 2) {
data/bluez-5.55/src/device.c:3506:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(value, "%s", uuid_str) != 1)
data/bluez-5.55/src/device.c:3555:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(value, GATT_CHARAC_UUID_STR ":%04hx:%02hx:%32s:%s",
data/bluez-5.55/src/device.c:3557:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(value, GATT_CHARAC_UUID_STR ":%04hx:%02hx:%s",
data/bluez-5.55/src/device.c:3599:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(value, GATT_INCLUDE_UUID_STR ":%04hx:%04hx:%s", &start, &end,
data/bluez-5.55/src/device.c:3633:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(value, "%[^:]:%04hx:%s", type, &end, uuid_str) != 3)
data/bluez-5.55/src/device.c:3758:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", local, peer);
data/bluez-5.55/src/device.c:4143:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(device->name, str);
data/bluez-5.55/src/device.c:4319:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->name, dup->name);
data/bluez-5.55/src/device.c:4423:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s",
data/bluez-5.55/src/device.c:4428:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s",
data/bluez-5.55/src/device.c:4814:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sdp_file, PATH_MAX, STORAGEDIR "/%s/cache/%s", srcaddr,
data/bluez-5.55/src/device.c:4820:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(att_file, PATH_MAX, STORAGEDIR "/%s/%s/attributes", srcaddr,
data/bluez-5.55/src/device.c:5762:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/device.c:5807:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/%s/info",
data/bluez-5.55/src/device.c:6666:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, PATH_MAX, STORAGEDIR "/%s/cache/%s", local, peer);
data/bluez-5.55/src/log.h:26:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void info(const char *format, ...) __attribute__((format(printf, 1, 2)));
data/bluez-5.55/src/log.h:29:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/bluez-5.55/src/log.h:32:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/bluez-5.55/src/log.h:34:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/bluez-5.55/src/log.h:36:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/bluez-5.55/src/log.h:38:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/bluez-5.55/src/sdpd-server.c:132:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(unaddr.sun_path, SDP_UNIX_PATH);
data/bluez-5.55/src/shared/hfp.h:100:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/bluez-5.55/src/shared/ringbuf.h:48:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/bluez-5.55/src/shared/shell.c:54:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(color fmt COLOR_OFF "\n", ## args)
data/bluez-5.55/src/shared/shell.c:56:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLOR_HIGHLIGHT "%s %-*s " COLOR_OFF "%s\n", \
data/bluez-5.55/src/shared/shell.c:59:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLOR_BLUE "%s %-*s " COLOR_OFF "%s\n", \
data/bluez-5.55/src/shared/shell.c:538:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/bluez-5.55/src/shared/shell.c:555:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/bluez-5.55/src/shared/shell.h:83:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
...) __attribute__((format(printf, 1, 2)));
data/bluez-5.55/src/shared/tester.c:159:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/bluez-5.55/src/shared/tester.c:168:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/bluez-5.55/src/shared/tester.h:35:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/bluez-5.55/src/shared/tester.h:37:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/bluez-5.55/src/shared/tester.h:39:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/bluez-5.55/src/shared/util.c:68:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str, sizeof(str), format, ap);
data/bluez-5.55/src/shared/util.h:106:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/bluez-5.55/src/storage.c:141:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, str);
data/bluez-5.55/src/textfile.c:147:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s %s\n", key, value);
data/bluez-5.55/tools/btgatt-client.c:53:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__VA_ARGS__); print_prompt();
data/bluez-5.55/tools/btgatt-client.c:77:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLOR_BLUE "[GATT client]" COLOR_OFF "# ");
data/bluez-5.55/tools/btgatt-client.c:331:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLOR_RED "service" COLOR_OFF " - start: 0x%04x, "
data/bluez-5.55/tools/btgatt-server.c:58:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(__VA_ARGS__); \
data/bluez-5.55/tools/btgatt-server.c:102:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLOR_BLUE "[GATT server]" COLOR_OFF "# ");
data/bluez-5.55/tools/btgatt-server.c:966:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLOR_RED "service" COLOR_OFF " - start: 0x%04x, "
data/bluez-5.55/tools/btmgmt.c:116:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(str, sizeof(str),
data/bluez-5.55/tools/btmgmt.c:879:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
off = vsnprintf(msg, sizeof(msg), fmt, ap);
data/bluez-5.55/tools/btmgmt.c:4698:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(str, "%2hhx%n:%2hhx%n:%s", &pattern->ad_type, &type_len,
data/bluez-5.55/tools/create-image.c:121:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, HDR_FMT, HDR_MAGIC, ino, mode, 0, 0, 1, 0,
data/bluez-5.55/tools/csr_usb.c:84:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = fscanf(file, hex_number ? "%d" : "%04x", &value);
data/bluez-5.55/tools/hciattach.c:1314:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dev, opt);
data/bluez-5.55/tools/hciattach_qualcomm.c:54:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ##args); \
data/bluez-5.55/tools/hciattach_ti.c:48:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DPRINTF(x...) printf(x)
data/bluez-5.55/tools/hciattach_ti.c:201:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(firmware_file_name, FIRMWARE_DIRECTORY "TIInit_%d.%d.%d.bts", chip, maj_ver, min_ver);
data/bluez-5.55/tools/hciattach_tialt.c:53:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ##args); \
data/bluez-5.55/tools/hciattach_tialt.c:237:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fw, "/etc/firmware/%s.bin", c_brf_chip[brf_chip]);
data/bluez-5.55/tools/mesh-gatt/prov.c:356:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(in_oob_display, "%s %d on device\n",
data/bluez-5.55/tools/mesh-gatt/prov.c:380:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(in_oob_display,
data/bluez-5.55/tools/mesh-gatt/util.c:58:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%s ", prefix);
data/bluez-5.55/tools/meshctl.c:1963:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesh_local_config_filename, "%s", mesh_dir);
data/bluez-5.55/tools/meshctl.c:1968:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesh_local_config_filename + len + extra, "%s",
data/bluez-5.55/tools/meshctl.c:1978:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesh_prov_db_filename, "%s", mesh_dir);
data/bluez-5.55/tools/meshctl.c:1986:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesh_prov_db_filename + len + extra, "%s", "prov_db.json");
data/bluez-5.55/tools/parser/lmp.c:572:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
printf("M_access %d\n", access & 0x0f);
data/bluez-5.55/tools/parser/lmp.c:575:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
printf("access scheme 0x%2.2x\n", access >> 4);
data/bluez-5.55/tools/parser/lmp.c:604:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
printf("M_access %d\n", access & 0x0f);
data/bluez-5.55/tools/parser/lmp.c:607:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
printf("access scheme 0x%2.2x\n", access >> 4);
data/bluez-5.55/tools/rfcomm.c:108:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(addr, "%s", dst);
data/bluez-5.55/tools/rfcomm.c:110:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(addr, "%s -> %s", src, dst);
data/bluez-5.55/tools/rfcomm.c:241:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
i = execvp(cmdargv[0], cmdargv);
data/bluez-5.55/tools/test-runner.c:285:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chrdev, "socket,path=%s,id=bt%d", path, i);
data/bluez-5.55/android/avdtptest.c:813:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "d:hi:s:c:v:lrfp",
data/bluez-5.55/android/client/haltest.c:375:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "inhv", main_options, NULL);
data/bluez-5.55/android/cutils/properties.h:43:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
prop = getenv("BLUETOOTH_MODE");
data/bluez-5.55/android/cutils/properties.h:46:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
prop = getenv("BLUETOOTH_HANDSFREE_MODE");
data/bluez-5.55/emulator/b1ee.c:273:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "s:p:vh", main_options, NULL);
data/bluez-5.55/emulator/le.c:522:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/bluez-5.55/emulator/main.c:102:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "Ssl::LBAU::T::vh",
data/bluez-5.55/emulator/phy.c:183:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/bluez-5.55/emulator/phy.c:184:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
phy->id = random();
data/bluez-5.55/lib/hci.h:1650:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint64_t random;
data/bluez-5.55/lib/hci.h:1657:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint64_t random;
data/bluez-5.55/lib/hci.h:2199:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint64_t random;
data/bluez-5.55/mesh/main.c:199:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "i:s:c:ndbh", main_options, NULL);
data/bluez-5.55/mesh/prov-initiator.c:266:48: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
static void calc_local_material(const uint8_t *random)
data/bluez-5.55/mesh/prov-initiator.c:270:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
prov->rand_auth_workspace, random,
data/bluez-5.55/monitor/display.c:106:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pager = getenv("PAGER");
data/bluez-5.55/monitor/main.c:135:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "r:w:a:s:p:i:d:B:V:MtTSAE:PJ:R:vh",
data/bluez-5.55/monitor/packet.c:3760:66: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void packet_print_addr(const char *label, const void *data, bool random)
data/bluez-5.55/monitor/packet.c:3762:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
print_addr(label ? : "Address", data, random ? 0x01 : 0x00);
data/bluez-5.55/monitor/packet.h:53:66: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void packet_print_addr(const char *label, const void *data, bool random);
data/bluez-5.55/obexd/plugins/filesystem.c:111:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
t = realpath(path, NULL);
data/bluez-5.55/obexd/plugins/messages-dummy.c:218:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmp = getenv("MAP_ROOT");
data/bluez-5.55/obexd/plugins/messages-dummy.c:224:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmp = getenv("HOME");
data/bluez-5.55/obexd/plugins/pcsuite.c:130:30: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
filename = g_build_filename(g_get_home_dir(), ".pcsuite", NULL);
data/bluez-5.55/obexd/plugins/phonebook-dummy.c:95:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
root_folder = g_build_filename(getenv("HOME"), "phonebook", NULL);
data/bluez-5.55/obexd/src/main.c:295:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *home = getenv("HOME");
data/bluez-5.55/plugins/autopair.c:217:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/bluez-5.55/profiles/cups/main.c:765:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
uri = getenv("DEVICE_URI");
data/bluez-5.55/profiles/cups/main.c:800:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cups_class = getenv("CLASS");
data/bluez-5.55/profiles/health/hdp.c:1502:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/bluez-5.55/profiles/health/mcap.c:2140:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/bluez-5.55/src/adapter.c:9682:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("MGMT_DEBUG"))
data/bluez-5.55/src/shared/mainloop-notify.c:75:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sock = getenv("NOTIFY_SOCKET");
data/bluez-5.55/src/shared/mainloop-notify.c:100:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
watchdog_usec = getenv("WATCHDOG_USEC");
data/bluez-5.55/src/shared/shell.c:992:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dir = getenv("XDG_CACHE_HOME");
data/bluez-5.55/src/shared/shell.c:999:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dir = getenv("HOME");
data/bluez-5.55/src/shared/shell.c:1006:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dir = getenv("PWD");
data/bluez-5.55/src/shared/shell.c:1089:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, optstr, options, &index)) != -1) {
data/bluez-5.55/tools/3dsp.c:578:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "DGi:rvh", main_options, NULL);
data/bluez-5.55/tools/advtest.c:382:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "vh", main_options, NULL);
data/bluez-5.55/tools/avinfo.c:935:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+i:h", main_options, NULL)) != -1) {
data/bluez-5.55/tools/avtest.c:785:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+i:r:s:f:hcFCw:",
data/bluez-5.55/tools/bccmd.c:219:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt_long(argc, argv, "+h", help_options, NULL)) != EOF) {
data/bluez-5.55/tools/bccmd.c:598:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt_long(argc, argv, "+s:rh", pskey_options, NULL)) != EOF) {
data/bluez-5.55/tools/bccmd.c:1173:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt_long(argc, argv, "+t:d:i:b:h", main_options, NULL)) != EOF) {
data/bluez-5.55/tools/bcmfw.c:140:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "vh", main_options, NULL);
data/bluez-5.55/tools/bdaddr.c:347:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt_long(argc, argv, "+i:rth", main_options, NULL)) != -1) {
data/bluez-5.55/tools/bluemoon.c:931:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "A::DF::C:TRBEi:rvh",
data/bluez-5.55/tools/bneptest.c:582:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv,
data/bluez-5.55/tools/btattach.c:241:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "B:A:P:S:NRvh",
data/bluez-5.55/tools/btconfig.c:83:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "vh",
data/bluez-5.55/tools/btconfig.c:113:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("MGMT_DEBUG"))
data/bluez-5.55/tools/btgatt-client.c:688:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+ws", write_value_options,
data/bluez-5.55/tools/btgatt-client.c:818:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+r", write_long_value_options,
data/bluez-5.55/tools/btgatt-client.c:931:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv , "s:", write_prepare_options,
data/bluez-5.55/tools/btgatt-client.c:1524:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+hvs:m:t:d:i:",
data/bluez-5.55/tools/btgatt-server.c:602:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/bluez-5.55/tools/btgatt-server.c:771:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+i", notify_options,
data/bluez-5.55/tools/btgatt-server.c:1146:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+hvrs:t:m:i:",
data/bluez-5.55/tools/btinfo.c:234:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "i:rRvh", main_options, NULL);
data/bluez-5.55/tools/btmgmt.c:2213:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+t:h", disconnect_options,
data/bluez-5.55/tools/btmgmt.c:2347:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+lbu:r:h",
data/bluez-5.55/tools/btmgmt.c:2440:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+lbLh", find_options,
data/bluez-5.55/tools/btmgmt.c:2512:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+lbh", stop_find_options,
data/bluez-5.55/tools/btmgmt.c:2622:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+c:t:h", pair_options,
data/bluez-5.55/tools/btmgmt.c:2712:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+t:h", cancel_pair_options,
data/bluez-5.55/tools/btmgmt.c:2794:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+t:h", unpair_options,
data/bluez-5.55/tools/btmgmt.c:2933:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+l:f:h",
data/bluez-5.55/tools/btmgmt.c:3037:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+t:h", block_options,
data/bluez-5.55/tools/btmgmt.c:3085:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+t:h", block_options,
data/bluez-5.55/tools/btmgmt.c:3290:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+t:r:R:h:H:",
data/bluez-5.55/tools/btmgmt.c:3531:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+t:h", conn_info_options,
data/bluez-5.55/tools/btmgmt.c:3705:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+a:t:h", add_device_options,
data/bluez-5.55/tools/btmgmt.c:3776:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+t:h", del_device_options,
data/bluez-5.55/tools/btmgmt.c:4036:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+cglmphna",
data/bluez-5.55/tools/btmgmt.c:4212:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+u:d:s:t:D:P:cglmphna",
data/bluez-5.55/tools/btmgmt.c:5093:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("MGMT_DEBUG"))
data/bluez-5.55/tools/btmon-logger.c:289:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "b:l:c:vhp", main_options,
data/bluez-5.55/tools/btpclient.c:3163:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+hs:vq", options, NULL)) != -1) {
data/bluez-5.55/tools/btproxy.c:804:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "rc:l::u::p:i:aezdvh",
data/bluez-5.55/tools/btsnoop.c:546:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "m:e:t:vh", main_options, NULL);
data/bluez-5.55/tools/ciptool.c:451:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+i:h", main_options, NULL)) != -1) {
data/bluez-5.55/tools/create-image.c:166:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "o:vh", main_options, NULL);
data/bluez-5.55/tools/eddystone.c:252:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "i:vh", main_options, NULL);
data/bluez-5.55/tools/hciattach.c:1253:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt(argc, argv, "bnpt:s:lr")) != EOF) {
data/bluez-5.55/tools/hciconfig.c:2002:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "ah", main_options, NULL)) != -1) {
data/bluez-5.55/tools/hcidump.c:680:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv,
data/bluez-5.55/tools/hcieventmask.c:50:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt_long(argc, argv, "+i:", main_options, NULL)) != -1) {
data/bluez-5.55/tools/hcitool.c:73:52: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define for_each_opt(opt, long, short) while ((opt=getopt_long(argc, argv, short ? short:"+", long, NULL)) != -1)
data/bluez-5.55/tools/hcitool.c:3456:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt_long(argc, argv, "+i:h", main_options, NULL)) != -1) {
data/bluez-5.55/tools/hex2hcd.c:406:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "To:vh", main_options, NULL);
data/bluez-5.55/tools/hid2hci.c:339:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
option = getopt_long(argc, argv, "m:p:M:h", options, NULL);
data/bluez-5.55/tools/ibeacon.c:245:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "i:vh", main_options, NULL);
data/bluez-5.55/tools/l2ping.c:272:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt(argc,argv,"i:d:s:c:t:frv")) != EOF) {
data/bluez-5.55/tools/l2test.c:1352:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "a:b:cde:g:i:mnpqrstuwxyz"
data/bluez-5.55/tools/mcaptest.c:372:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+i:c:C:D:e:f:dghunab",
data/bluez-5.55/tools/mesh-cfgclient.c:1956:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("XDG_CONFIG_HOME");
data/bluez-5.55/tools/mesh-cfgclient.c:1961:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/bluez-5.55/tools/meshctl.c:1922:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("XDG_CONFIG_HOME");
data/bluez-5.55/tools/meshctl.c:1928:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/bluez-5.55/tools/nokfw.c:223:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "vh", main_options, NULL);
data/bluez-5.55/tools/oobtest.c:1034:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "BLSOPRYDC012IAvh",
data/bluez-5.55/tools/rctest.c:714:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt(argc,argv,"rdscuwmna:b:i:P:U:B:O:N:MAESL:W:C:D:Y:T")) != EOF) {
data/bluez-5.55/tools/rfcomm.c:696:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "+i:rahAESML:", main_options, NULL)) != -1) {
data/bluez-5.55/tools/rtlfw.c:168:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "vh", main_options, NULL);
data/bluez-5.55/tools/scotest.c:427:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "rdscmnb:W:V:")) != EOF) {
data/bluez-5.55/tools/sdptool.c:54:52: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define for_each_opt(opt, long, short) while ((opt=getopt_long(argc, argv, short ? short:"+", long, 0)) != -1)
data/bluez-5.55/tools/sdptool.c:4385:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt_long(argc, argv, "+i:h", main_options, NULL)) != -1) {
data/bluez-5.55/tools/seq2bseq.c:180:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "o:vh", main_options, NULL);
data/bluez-5.55/tools/test-runner.c:805:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "audq:k:vh", main_options, NULL);
data/bluez-5.55/unit/test-midi.c:593:30: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
midi_write_init(&midi_out, g_random_int_range(5, 512));
data/bluez-5.55/android/a2dp.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/a2dp.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/a2dp.c:554:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(codec->data, preset->data, preset->len);
data/bluez-5.55/android/a2dp.c:686:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/a2dp.c:825:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/a2dp.c:937:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(codec->data, cap->data, cap->len);
data/bluez-5.55/android/a2dp.c:1503:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp->preset->data, setup->preset->data, setup->preset->len);
data/bluez-5.55/android/audio_utils/resampler.c:117:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsmp->in_buf + rsmp->frames_in * rsmp->channel_count,
data/bluez-5.55/android/avctp.c:1031:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/uinput", O_RDWR);
data/bluez-5.55/android/avctp.c:1033:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/input/uinput", O_RDWR);
data/bluez-5.55/android/avctp.c:1035:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/misc/uinput", O_RDWR);
data/bluez-5.55/android/avdtp.c:492:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf, &single, sizeof(single));
data/bluez-5.55/android/avdtp.c:493:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf + sizeof(single), data, len);
data/bluez-5.55/android/avdtp.c:518:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf, &start, sizeof(start));
data/bluez-5.55/android/avdtp.c:519:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf + sizeof(start), data,
data/bluez-5.55/android/avdtp.c:547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf, &cont, sizeof(cont));
data/bluez-5.55/android/avdtp.c:548:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf + sizeof(cont), data + sent, to_copy);
data/bluez-5.55/android/avdtp.c:814:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (lsep && lsep->cfm && lsep->cfm->open)
data/bluez-5.55/android/avdtp.c:815:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lsep->cfm->open(session, lsep, stream, &err,
data/bluez-5.55/android/avdtp.c:1146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cap, data, 2 + length);
data/bluez-5.55/android/avdtp.c:1176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*p, &sep->info, sizeof(struct seid_info));
data/bluez-5.55/android/avdtp.c:1242:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, cap, cap->length + 2);
data/bluez-5.55/android/avdtp.c:1412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, cap, cap->length + 2);
data/bluez-5.55/android/avdtp.c:1525:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sep->ind && sep->ind->open) {
data/bluez-5.55/android/avdtp.c:1526:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!sep->ind->open(session, sep, stream, &err,
data/bluez-5.55/android/avdtp.c:1969:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->in.buf + session->in.data_size, payload, payload_size);
data/bluez-5.55/android/avdtp.c:2285:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (lsep && lsep->cfm && lsep->cfm->open)
data/bluez-5.55/android/avdtp.c:2286:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lsep->cfm->open(session, lsep, stream, &averr,
data/bluez-5.55/android/avdtp.c:2420:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->data, buffer, size);
data/bluez-5.55/android/avdtp.c:2552:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stream->open_acp && sep->cfm && sep->cfm->open)
data/bluez-5.55/android/avdtp.c:2553:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sep->cfm->open(session, sep, stream, NULL, sep->user_data);
data/bluez-5.55/android/avdtp.c:2777:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sep && sep->cfm && sep->cfm->open)
data/bluez-5.55/android/avdtp.c:2778:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sep->cfm->open(session, sep, stream, &err,
data/bluez-5.55/android/avdtp.c:3015:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cap->data, data, length);
data/bluez-5.55/android/avdtp.c:3173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, cap, cap->length + 2);
data/bluez-5.55/android/avdtp.h:137:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (*open) (struct avdtp *session, struct avdtp_local_sep *lsep,
data/bluez-5.55/android/avdtp.h:179:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gboolean (*open) (struct avdtp *session, struct avdtp_local_sep *lsep,
data/bluez-5.55/android/avdtptest.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UINT16_MAX];
data/bluez-5.55/android/avdtptest.c:818:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &src);
data/bluez-5.55/android/avrcp-lib.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/bluez-5.55/android/avrcp-lib.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/bluez-5.55/android/avrcp-lib.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[0];
data/bluez-5.55/android/avrcp-lib.c:1078:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(continuing->pdu.iov_base,
data/bluez-5.55/android/avrcp-lib.c:1085:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(continuing->pdu.iov_base + continuing->pdu.iov_len,
data/bluez-5.55/android/avrcp-lib.c:1998:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *text[AVRCP_ATTRIBUTE_LAST];
data/bluez-5.55/android/avrcp-lib.c:2117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *text[AVRCP_ATTRIBUTE_LAST];
data/bluez-5.55/android/avrcp-lib.c:2525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *text[AVRCP_MEDIA_ATTRIBUTE_LAST];
data/bluez-5.55/android/avrcp-lib.c:2853:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *text[AVRCP_MEDIA_ATTRIBUTE_LAST];
data/bluez-5.55/android/avrcp.c:191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu, text, text_len);
data/bluez-5.55/android/avrcp.c:841:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/avrcp.c:888:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/avrcp.c:1019:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/avrcp.c:1141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:340:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str + (j * 2), "%2.2X", u[j]);
data/bluez-5.55/android/bluetooth.c:363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:516:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->props[0].val, val, len);
data/bluez-5.55/android/bluetooth.c:682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[33];
data/bluez-5.55/android/bluetooth.c:728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:744:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str + (i * 2), "%2.2X", key[i]);
data/bluez-5.55/android/bluetooth.c:923:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->props[0].val, val, len);
data/bluez-5.55/android/bluetooth.c:936:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, l->data, sizeof(uint128_t));
data/bluez-5.55/android/bluetooth.c:995:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uuid128, tmp, sizeof(uuid_t));
data/bluez-5.55/android/bluetooth.c:1003:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_uuid, &uuid128.value.uuid128,
data/bluez-5.55/android/bluetooth.c:1102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prop->name, name, name_len);
data/bluez-5.55/android/bluetooth.c:1123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[256];
data/bluez-5.55/android/bluetooth.c:1209:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bdaddr, addr, sizeof(*bdaddr));
data/bluez-5.55/android/bluetooth.c:1226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/android/bluetooth.c:1275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/android/bluetooth.c:1314:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.name, dev->name, strlen(dev->name));
data/bluez-5.55/android/bluetooth.c:1329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/android/bluetooth.c:1357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/android/bluetooth.c:1383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/android/bluetooth.c:1567:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prop->val, val, len);
data/bluez-5.55/android/bluetooth.c:1971:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:2001:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:2039:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:2220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[33];
data/bluez-5.55/android/bluetooth.c:2222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:2241:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str + (i * 2), "%2.2X", key[i]);
data/bluez-5.55/android/bluetooth.c:2265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/android/bluetooth.c:2302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[33];
data/bluez-5.55/android/bluetooth.c:2303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:2318:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str + (i * 2), "%2.2X",
data/bluez-5.55/android/bluetooth.c:2329:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str + (i * 2), "%2.2X",
data/bluez-5.55/android/bluetooth.c:2351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/android/bluetooth.c:2366:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->local_csrk, ev->key.val, 16);
data/bluez-5.55/android/bluetooth.c:2373:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->remote_csrk, ev->key.val, 16);
data/bluez-5.55/android/bluetooth.c:2393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[33];
data/bluez-5.55/android/bluetooth.c:2394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:2408:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str + (i * 2), "%2.2X", val[i]);
data/bluez-5.55/android/bluetooth.c:2425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18], rpa[18];
data/bluez-5.55/android/bluetooth.c:2580:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, keys->data, sizeof(*key));
data/bluez-5.55/android/bluetooth.c:2625:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ltk, l->data, sizeof(*ltk));
data/bluez-5.55/android/bluetooth.c:2661:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irk, irks->data, sizeof(*irk));
data/bluez-5.55/android/bluetooth.c:2692:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &uuid->value.uuid128, sizeof(uint128_t));
data/bluez-5.55/android/bluetooth.c:2764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[32];
data/bluez-5.55/android/bluetooth.c:2892:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.name, name, len);
data/bluez-5.55/android/bluetooth.c:2921:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&adapter.discoverable_timeout, timeout, sizeof(uint32_t));
data/bluez-5.55/android/bluetooth.c:2998:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dev->gatt_ccc = atoi(str);
data/bluez-5.55/android/bluetooth.c:3938:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uuids[i], &uuid->value.uuid128, sizeof(uint128_t));
data/bluez-5.55/android/bluetooth.c:4083:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, adv_data, adv_data_len);
data/bluez-5.55/android/bluetooth.c:4089:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, sr_data, sr_data_len);
data/bluez-5.55/android/bluetooth.c:4277:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, dev->local_csrk, 16);
data/bluez-5.55/android/bluetooth.c:4286:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, dev->remote_csrk, 16);
data/bluez-5.55/android/bluetooth.c:4307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:4649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:4669:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp.pin_code, cmd->pin_code, rp.pin_len);
data/bluez-5.55/android/bluetooth.c:4756:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/bluetooth.c:4927:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uuids[i], l->data, sizeof(uint128_t));
data/bluez-5.55/android/bluetooth.c:5256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[FILENAME_MAX];
data/bluez-5.55/android/bluetooth.c:5264:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY);
data/bluez-5.55/android/bluetooth.c:5328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/bluetoothd-snoop.c:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[32];
data/bluez-5.55/android/bluetoothd-wrapper.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_argv[7];
data/bluez-5.55/android/bluetoothd-wrapper.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_envp[3];
data/bluez-5.55/android/bluetoothd-wrapper.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_argv[4];
data/bluez-5.55/android/bluetoothd-wrapper.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_envp[1];
data/bluez-5.55/android/bluetoothd-wrapper.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[PROPERTY_VALUE_MAX];
data/bluez-5.55/android/bluetoothd-wrapper.c:74:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(!strcasecmp(value, "true") || atoi(value) > 0))
data/bluez-5.55/android/bluetoothd-wrapper.c:78:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(!strcasecmp(value, "true") || atoi(value) > 0)) {
data/bluez-5.55/android/bluetoothd-wrapper.c:84:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(!strcasecmp(value, "true") || atoi(value) > 0))
data/bluez-5.55/android/client/haltest.c:194:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(name, O_RDONLY);
data/bluez-5.55/android/client/haltest.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[50];
data/bluez-5.55/android/client/haltest.c:317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/bluez-5.55/android/client/haltest.c:425:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[4];
data/bluez-5.55/android/client/history.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lines[HISTORY_DEPTH][LINE_SIZE];
data/bluez-5.55/android/client/history.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000];
data/bluez-5.55/android/client/history.c:42:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rt");
data/bluez-5.55/android/client/if-audio.c:253:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(fname, "r");
data/bluez-5.55/android/client/if-audio.c:502:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stream_out->common.set_sample_rate(&stream_out->common, atoi(argv[2]));
data/bluez-5.55/android/client/if-av-sink.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-av.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-bt.c:48:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (bt_scan_mode_t) atoi(str);
data/bluez-5.55/android/client/if-bt.c:59:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (bt_ssp_variant_t) atoi(str);
data/bluez-5.55/android/client/if-bt.c:70:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (bt_property_type_t) atoi(str);
data/bluez-5.55/android/client/if-bt.c:150:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-bt.c:233:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_remote_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-bt.c:247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pin.pin, reply, pin_len);
data/bluez-5.55/android/client/if-bt.c:283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prompt[50];
data/bluez-5.55/android/client/if-bt.c:295:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prompt, "Does other device show %d [Y/n] ?", pass_key);
data/bluez-5.55/android/client/if-bt.c:304:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prompt, "Consent pairing [Y/n] ?");
data/bluez-5.55/android/client/if-bt.c:435:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = module->methods->open(module, BT_HARDWARE_MODULE_ID, &bt_device);
data/bluez-5.55/android/client/if-bt.c:563:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
property.val = (char *) argv[3];
data/bluez-5.55/android/client/if-bt.c:573:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[3]);
data/bluez-5.55/android/client/if-bt.c:665:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
property.val = (char *) argv[4];
data/bluez-5.55/android/client/if-bt.c:754:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
transport = atoi(argv[3]);
data/bluez-5.55/android/client/if-bt.c:812:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pin.pin, argv[3], pin_len);
data/bluez-5.55/android/client/if-bt.c:859:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
accept = atoi(argv[4]);
data/bluez-5.55/android/client/if-bt.c:863:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
passkey = atoi(argv[4]);
data/bluez-5.55/android/client/if-gatt.c:237:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + j * 2 + shift, "%02x", uuid->uu[i]);
data/bluez-5.55/android/client/if-gatt.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, GATT_BASE_UUID, sizeof(bt_uuid_t));
data/bluez-5.55/android/client/if-gatt.c:328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_buf[MAX_UUID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&char_id->uuid, &GATT_BASE_UUID, sizeof(bt_uuid_t));
data/bluez-5.55/android/client/if-gatt.c:356:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
char_id->inst_id = atoi(buf);
data/bluez-5.55/android/client/if-gatt.c:363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_buf[MAX_UUID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:375:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&srvc_id->id.uuid, &GATT_BASE_UUID, sizeof(bt_uuid_t));
data/bluez-5.55/android/client/if-gatt.c:392:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srvc_id->id.inst_id = atoi(buf);
data/bluez-5.55/android/client/if-gatt.c:401:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srvc_id->is_primary = atoi(buf);
data/bluez-5.55/android/client/if-gatt.c:417:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + 2 * i, "%02x", v[i]);
data/bluez-5.55/android/client/if-gatt.c:421:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + 2 * i, "...");
data/bluez-5.55/android/client/if-gatt.c:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvc_id[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_id[MAX_CHAR_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MAX_HEX_VAL_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvc_id[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_id[MAX_CHAR_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descr_id[MAX_UUID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MAX_HEX_VAL_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:471:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char client_if_str[20];
data/bluez-5.55/android/client/if-gatt.c:472:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char conn_id_str[20];
data/bluez-5.55/android/client/if-gatt.c:474:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_UUID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:492:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvc_id_buf[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvc_id_buf[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_id_buf[MAX_CHAR_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_UUID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvc_id_buf[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_id_buf[MAX_CHAR_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:581:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvc_id_buf[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:582:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char incl_srvc_id_buf[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvc_id_buf[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_id_buf[MAX_CHAR_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_NOTIFY_PARAMS_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:625:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_READ_PARAMS_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_READ_PARAMS_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:771:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valbuf[600];
data/bluez-5.55/android/client/if-gatt.c:790:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:838:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char server_if_str[20];
data/bluez-5.55/android/client/if-gatt.c:844:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_UUID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:892:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_SRVC_ID_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:956:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:957:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valbuf[100];
data/bluez-5.55/android/client/if-gatt.c:969:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-gatt.c:2593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[200];
data/bluez-5.55/android/client/if-hf-client.c:24:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hf-client.c:144:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char features_str[512];
data/bluez-5.55/android/client/if-hf-client.c:525:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
volume = atoi(argv[3]);
data/bluez-5.55/android/client/if-hf-client.c:556:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
EXEC(if_hf_client->dial_memory, atoi(argv[2]));
data/bluez-5.55/android/client/if-hf-client.c:590:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(argv[3]);
data/bluez-5.55/android/client/if-hf.c:119:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hf.c:412:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_hf_clients = atoi(argv[2]);
data/bluez-5.55/android/client/if-hf.c:570:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
volume = atoi(argv[3]);
data/bluez-5.55/android/client/if-hf.c:624:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
signal = atoi(argv[4]);
data/bluez-5.55/android/client/if-hf.c:631:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
batt_chg = atoi(argv[5]);
data/bluez-5.55/android/client/if-hf.c:693:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
svc = atoi(argv[2]);
data/bluez-5.55/android/client/if-hf.c:700:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_active = atoi(argv[3]);
data/bluez-5.55/android/client/if-hf.c:707:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_held = atoi(argv[4]);
data/bluez-5.55/android/client/if-hf.c:721:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
signal = atoi(argv[6]);
data/bluez-5.55/android/client/if-hf.c:728:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
roam = atoi(argv[7]);
data/bluez-5.55/android/client/if-hf.c:735:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
batt_chg = atoi(argv[8]);
data/bluez-5.55/android/client/if-hf.c:805:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
error_code = atoi(argv[3]);
data/bluez-5.55/android/client/if-hf.c:859:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(argv[2]);
data/bluez-5.55/android/client/if-hf.c:972:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_active = atoi(argv[2]);
data/bluez-5.55/android/client/if-hf.c:979:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_held = atoi(argv[3]);
data/bluez-5.55/android/client/if-hh.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char connected_device_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hh.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hh.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hh.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hh.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hh.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hh.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hh.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hh.c:354:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reportId = (uint8_t) atoi(argv[4]);
data/bluez-5.55/android/client/if-hh.c:360:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bufferSize = atoi(argv[5]);
data/bluez-5.55/android/client/if-hh.c:398:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXEC(if_hh->set_report, &addr, reportType, (char *) argv[4]);
data/bluez-5.55/android/client/if-hh.c:424:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXEC(if_hh->send_data, &addr, (char *) argv[3]);
data/bluez-5.55/android/client/if-hl.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-hl.c:186:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc != ((atoi(argv[6]) * 4) + 7)) {
data/bluez-5.55/android/client/if-hl.c:202:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reg.number_of_mdeps = atoi(argv[6]);
data/bluez-5.55/android/client/if-hl.c:215:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reg.mdep_cfg[i].data_type = atoi(argv[mdep_argc_off + 1]);
data/bluez-5.55/android/client/if-hl.c:248:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
app_id = (uint32_t) atoi(argv[2]);
data/bluez-5.55/android/client/if-hl.c:275:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
app_id = (uint32_t) atoi(argv[2]);
data/bluez-5.55/android/client/if-hl.c:276:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mdep_cfg_index = (uint32_t) atoi(argv[4]);
data/bluez-5.55/android/client/if-hl.c:295:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channel_id = (uint32_t) atoi(argv[2]);
data/bluez-5.55/android/client/if-hl.c:325:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
app_id = (uint32_t) atoi(argv[2]);
data/bluez-5.55/android/client/if-hl.c:331:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = (uint8_t) atoi(argv[3]);
data/bluez-5.55/android/client/if-hl.c:337:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channel_id = atoi(argv[4]);
data/bluez-5.55/android/client/if-pan.c:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_used_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-pan.c:109:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_role = atoi(argv[2]);
data/bluez-5.55/android/client/if-pan.c:156:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_role = atoi(argv[3]);
data/bluez-5.55/android/client/if-pan.c:165:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_role = atoi(argv[4]);
data/bluez-5.55/android/client/if-rc-ctrl.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-rc-ctrl.c:93:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key_code = (uint8_t) atoi(argv[3]);
data/bluez-5.55/android/client/if-rc-ctrl.c:100:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key_state = (uint8_t) atoi(argv[4]);
data/bluez-5.55/android/client/if-rc.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_addr[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-rc.c:222:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
song_len = (uint32_t) atoi(argv[3]);
data/bluez-5.55/android/client/if-rc.c:223:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
song_pos = (uint32_t) atoi(argv[4]);
data/bluez-5.55/android/client/if-rc.c:256:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_attr = (uint8_t) atoi(argv[2]);
data/bluez-5.55/android/client/if-rc.c:281:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
volume = (uint8_t) atoi(argv[2]);
data/bluez-5.55/android/client/if-rc.c:350:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg.track, &track, sizeof(btrc_uid_t));
data/bluez-5.55/android/client/if-rc.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(®.song_pos, &song_pos, sizeof(uint32_t));
data/bluez-5.55/android/client/if-sco.c:353:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(fname, "r");
data/bluez-5.55/android/client/if-sco.c:441:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(fname, "w");
data/bluez-5.55/android/client/if-sco.c:515:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->sample_rate = atoi(argv[2]);
data/bluez-5.55/android/client/if-sco.c:587:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->sample_rate = atoi(argv[2]);
data/bluez-5.55/android/client/if-sco.c:777:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stream_out->common.set_sample_rate(&stream_out->common, atoi(argv[2]));
data/bluez-5.55/android/client/if-sock.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/bluez-5.55/android/client/if-sock.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[sizeof(buf) * 4 + 2];
data/bluez-5.55/android/client/if-sock.c:71:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf + i * 3, "%02X ",
data/bluez-5.55/android/client/if-sock.c:75:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf + 48 + i, "%c",
data/bluez-5.55/android/client/if-sock.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-sock.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(1)];
data/bluez-5.55/android/client/if-sock.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/client/if-sock.c:225:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(argv[2]);
data/bluez-5.55/android/client/if-sock.c:242:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channel = argc > 5 ? atoi(argv[5]) : 0;
data/bluez-5.55/android/client/if-sock.c:245:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flags = argc > 6 ? atoi(argv[6]) : 0;
data/bluez-5.55/android/client/if-sock.c:304:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(argv[3]);
data/bluez-5.55/android/client/if-sock.c:318:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channel = atoi(argv[5]);
data/bluez-5.55/android/client/if-sock.c:321:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flags = argc <= 6 ? 0 : atoi(argv[6]);
data/bluez-5.55/android/client/tabcompletion.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntcopy[1]; /* null terminated copy of argument */
data/bluez-5.55/android/client/tabcompletion.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[128] = {0};
data/bluez-5.55/android/client/tabcompletion.c:313:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[argc];
data/bluez-5.55/android/client/terminal.c:107:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char current_sequence[MAX_ASCII_SEQUENCE];
data/bluez-5.55/android/client/terminal.c:111:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line_buf[LINE_BUF_MAX];
data/bluez-5.55/android/client/terminal.c:120:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prompt_buf[10] = "> ";
data/bluez-5.55/android/client/terminal.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[line_buf_ix + 1];
data/bluez-5.55/android/client/terminal.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2] = { c, 0 };
data/bluez-5.55/android/cutils/properties.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/bluez-5.55/android/cutils/properties.h:78:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, SYSTEM_SOCKET_PATH, sizeof(SYSTEM_SOCKET_PATH));
data/bluez-5.55/android/gatt.c:578:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bda[18];
data/bluez-5.55/android/gatt.c:1628:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/gatt.c:1700:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bda[18];
data/bluez-5.55/android/gatt.c:1712:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->adv_data, eir, ev->len);
data/bluez-5.55/android/gatt.c:1860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/gatt.c:2272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bda[18];
data/bluez-5.55/android/gatt.c:2554:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ev.char_id, charac, sizeof(struct hal_gatt_gatt_id));
data/bluez-5.55/android/gatt.c:2563:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ev.srvc_id, service, sizeof(struct hal_gatt_srvc_id));
data/bluez-5.55/android/gatt.c:3679:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->value, pdu + data_offset, len - data_offset);
data/bluez-5.55/android/gatt.c:4377:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value[2], val->value, val->length);
data/bluez-5.55/android/gatt.c:4433:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value[4], val->value, val->length);
data/bluez-5.55/android/gatt.c:4639:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp_data->value, value, length);
data/bluez-5.55/android/gatt.c:4848:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->value, value, len);
data/bluez-5.55/android/gatt.c:4941:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.uuid, cmd->uuid, sizeof(cmd->uuid));
data/bluez-5.55/android/gatt.c:4994:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.uuid, cmd->uuid, sizeof(cmd->uuid));
data/bluez-5.55/android/gatt.c:5580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/gatt.c:6345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value[2], &type->value, len);
data/bluez-5.55/android/gatt.c:6390:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request_data->filter_value, find_data->search_value,
data/bluez-5.55/android/gatt.c:6807:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/gatt.c:7183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/gatt.c:7209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/hal-audio-aptx.c:131:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(preset->data, &aptx_presets[i], preset->len);
data/bluez-5.55/android/hal-audio-aptx.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aptx_data->aptx, preset->data, preset->len);
data/bluez-5.55/android/hal-audio-sbc.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(preset->data, &sbc_presets[i], preset->len);
data/bluez-5.55/android/hal-audio-sbc.c:275:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sbc_data->sbc, preset->data, preset->len);
data/bluez-5.55/android/hal-audio.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof(int))];
data/bluez-5.55/android/hal-audio.c:282:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd, CMSG_DATA(cmsg), sizeof(int));
data/bluez-5.55/android/hal-audio.c:314:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->uuid, a2dp_src_uuid, sizeof(a2dp_src_uuid));
data/bluez-5.55/android/hal-audio.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BLUEZ_AUDIO_MTU];
data/bluez-5.55/android/hal-audio.c:370:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*caps, &rsp->preset, buf_len);
data/bluez-5.55/android/hal-audio.c:1523:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, BLUEZ_AUDIO_SK_PATH,
data/bluez-5.55/android/hal-avrcp.c:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-avrcp.c:279:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->attrs, p_attrs, num_attr);
data/bluez-5.55/android/hal-avrcp.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-avrcp.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->values, p_vals, num_val);
data/bluez-5.55/android/hal-avrcp.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-avrcp.c:363:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value->text, text, value->len);
data/bluez-5.55/android/hal-avrcp.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-avrcp.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-avrcp.c:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-avrcp.c:499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-avrcp.c:506:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, play_status, cmd->len);
data/bluez-5.55/android/hal-avrcp.c:518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-avrcp.c:525:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, track, cmd->len);
data/bluez-5.55/android/hal-avrcp.c:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-avrcp.c:570:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, song_pos, cmd->len);
data/bluez-5.55/android/hal-avrcp.c:582:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-bluetooth.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, property->val, property->len);
data/bluez-5.55/android/hal-bluetooth.c:192:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e.name, p->name, p->name_len);
data/bluez-5.55/android/hal-bluetooth.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[PROPERTY_VALUE_MAX];
data/bluez-5.55/android/hal-bluetooth.c:451:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hal_prop->val, prop, hal_prop->len);
data/bluez-5.55/android/hal-bluetooth.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-bluetooth.c:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prop[PROPERTY_VALUE_MAX];
data/bluez-5.55/android/hal-bluetooth.c:650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-bluetooth.c:709:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-bluetooth.c:724:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->val, property->val, property->len);
data/bluez-5.55/android/hal-bluetooth.c:950:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_buf[IPC_MTU];
data/bluez-5.55/android/hal-bluetooth.c:961:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, buf, cmd->len);
data/bluez-5.55/android/hal-bluetooth.c:971:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_buf[IPC_MTU];
data/bluez-5.55/android/hal-bluetooth.c:982:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, buf, cmd->len);
data/bluez-5.55/android/hal-gatt.c:46:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to->uuid, &from->uuid, sizeof(from->uuid));
data/bluez-5.55/android/hal-gatt.c:60:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to->uuid, &from->id.uuid, sizeof(from->id.uuid));
data/bluez-5.55/android/hal-gatt.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(params.value, ev->value, ev->len);
data/bluez-5.55/android/hal-gatt.c:235:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶ms.value.value, ev->data.value, ev->data.len);
data/bluez-5.55/android/hal-gatt.c:280:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶ms.value.value, ev->data.value, ev->data.len);
data/bluez-5.55/android/hal-gatt.c:812:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uuid, uuid, sizeof(*uuid));
data/bluez-5.55/android/hal-gatt.c:869:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:901:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:930:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:938:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:950:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->filter_uuid, filter_uuid, sizeof(*filter_uuid));
data/bluez-5.55/android/hal-gatt.c:963:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:989:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:1016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:1065:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:1080:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->value, p_value, len);
data/bluez-5.55/android/hal-gatt.c:1115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:1131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->value, p_value, len);
data/bluez-5.55/android/hal-gatt.c:1165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:1187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:1206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:1223:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:1243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:1271:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, manufacturer_data, manufacturer_len);
data/bluez-5.55/android/hal-gatt.c:1276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, service_data, service_data_len);
data/bluez-5.55/android/hal-gatt.c:1281:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, service_uuid, service_uuid_len);
data/bluez-5.55/android/hal-gatt.c:1331:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bda1, params->bda1, sizeof(*params->bda1));
data/bluez-5.55/android/hal-gatt.c:1332:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uuid1, params->uuid1, sizeof(*params->uuid1));
data/bluez-5.55/android/hal-gatt.c:1390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:1410:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->uuid, p_uuid, sizeof(*p_uuid));
data/bluez-5.55/android/hal-gatt.c:1411:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->uuid_mask, p_uuid_mask, sizeof(*p_uuid_mask));
data/bluez-5.55/android/hal-gatt.c:1412:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->address, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:1416:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data_mask, p_data, data_len);
data/bluez-5.55/android/hal-gatt.c:1419:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data_mask + data_len, p_mask, mask_len);
data/bluez-5.55/android/hal-gatt.c:1484:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.address, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:1567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:1597:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data_service_uuid, manufacturer_data,
data/bluez-5.55/android/hal-gatt.c:1603:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data_service_uuid + off, service_data,
data/bluez-5.55/android/hal-gatt.c:1609:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data_service_uuid + off, service_uuid,
data/bluez-5.55/android/hal-gatt.c:1713:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uuid, uuid, sizeof(*uuid));
data/bluez-5.55/android/hal-gatt.c:1745:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:1777:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-gatt.c:1831:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uuid, uuid, sizeof(*uuid));
data/bluez-5.55/android/hal-gatt.c:1850:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uuid, uuid, sizeof(*uuid));
data/bluez-5.55/android/hal-gatt.c:1937:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:1950:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->value, p_value, len);
data/bluez-5.55/android/hal-gatt.c:1960:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-gatt.c:1977:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, response->attr_value.value, cmd->len);
data/bluez-5.55/android/hal-handsfree-client.c:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-handsfree-client.c:501:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->number, number, cmd->number_len);
data/bluez-5.55/android/hal-handsfree.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[PROPERTY_VALUE_MAX];
data/bluez-5.55/android/hal-handsfree.c:558:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-handsfree.c:577:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->buf, cops, cmd->len);
data/bluez-5.55/android/hal-handsfree.c:650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-handsfree.c:668:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->buf, rsp, cmd->len);
data/bluez-5.55/android/hal-handsfree.c:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-handsfree.c:756:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->number, number, cmd->number_len);
data/bluez-5.55/android/hal-handsfree.c:798:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-handsfree.c:814:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->number, number, cmd->number_len);
data/bluez-5.55/android/hal-health.c:113:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, reg->application_name, len);
data/bluez-5.55/android/hal-health.c:119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data + off, reg->provider_name, len);
data/bluez-5.55/android/hal-health.c:126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data + off, reg->srv_name, len);
data/bluez-5.55/android/hal-health.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data + off, reg->srv_desp, len);
data/bluez-5.55/android/hal-health.c:156:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mdep->descr, reg->mdep_cfg[i].mdep_description,
data/bluez-5.55/android/hal-hidhost.c:58:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.dsc_list, ev->descr, info.dl_len);
data/bluez-5.55/android/hal-hidhost.c:211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.descr, hid_info.dsc_list, cmd.descr_len);
data/bluez-5.55/android/hal-hidhost.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, report, cmd->len);
data/bluez-5.55/android/hal-hidhost.c:330:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, data, cmd->len);
data/bluez-5.55/android/hal-ipc.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof(int))];
data/bluez-5.55/android/hal-ipc.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/hal-ipc.c:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fd, CMSG_DATA(cmsg), sizeof(int));
data/bluez-5.55/android/hal-ipc.c:286:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, path, size);
data/bluez-5.55/android/hal-ipc.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof(int))];
data/bluez-5.55/android/hal-ipc.c:459:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd, CMSG_DATA(cmsg), sizeof(int));
data/bluez-5.55/android/hal-map-client.c:108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, bd_addr, sizeof(*bd_addr));
data/bluez-5.55/android/hal-sco.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof(int))];
data/bluez-5.55/android/hal-sco.c:265:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fd, CMSG_DATA(cmsg), sizeof(int));
data/bluez-5.55/android/hal-sco.c:395:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cache + out->cache_len, buffer,
data/bluez-5.55/android/hal-sco.c:402:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->cache, buffer + written,
data/bluez-5.55/android/hal-sco.c:1428:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, BLUEZ_SCO_SK_PATH, sizeof(BLUEZ_SCO_SK_PATH));
data/bluez-5.55/android/hal-socket.c:53:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.name, service_name, strlen(service_name));
data/bluez-5.55/android/hal-utils.c:42:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
return strcpy(buf, "NULL");
data/bluez-5.55/android/hal-utils.c:54:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + i * 2 + shift, "%02x", uuid[i]);
data/bluez-5.55/android/hal-utils.c:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_UUID_STR_LEN];
data/bluez-5.55/android/hal-utils.c:196:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
return strcpy(buf, "NULL");
data/bluez-5.55/android/hal-utils.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, BT_BASE_UUID, sizeof(bt_uuid_t));
data/bluez-5.55/android/hal-utils.c:257:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_ADDR_STR_LEN];
data/bluez-5.55/android/hal-utils.c:272:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, ", ");
data/bluez-5.55/android/hal-utils.c:289:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, ", ");
data/bluez-5.55/android/hal-utils.c:301:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
str += sprintf(str, "{\n");
data/bluez-5.55/android/hal-utils.c:306:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
str += sprintf(str, "Num of advertising instances: %u,\n",
data/bluez-5.55/android/hal-utils.c:312:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
str += sprintf(str, "Num of offloaded IRKs: %u,\n",
data/bluez-5.55/android/hal-utils.c:315:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
str += sprintf(str, "Num of offloaded scan filters: %u,\n",
data/bluez-5.55/android/hal-utils.c:321:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
str += sprintf(str, "Num of offloaded scan results: %u,\n", scan_num);
data/bluez-5.55/android/hal-utils.c:333:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4096];
data/bluez-5.55/android/hal-utils.c:350:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%06x", *((int *) property->val));
data/bluez-5.55/android/hal-utils.c:357:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%d", *((char *) property->val));
data/bluez-5.55/android/hal-utils.c:364:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%d", *((int *) property->val));
data/bluez-5.55/android/hal-utils.c:385:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%p", property->val);
data/bluez-5.55/android/hal-utils.c:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[PROPERTY_KEY_MAX];
data/bluez-5.55/android/handsfree-client.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/handsfree-client.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/handsfree-client.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/handsfree-client.c:852:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/bluez-5.55/android/handsfree-client.c:860:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
l = sprintf(c, "%d,", dev->codecs[i].type);
data/bluez-5.55/android/handsfree-client.c:1096:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[33];
data/bluez-5.55/android/handsfree-client.c:1106:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->number, number, ev->number_len);
data/bluez-5.55/android/handsfree-client.c:1138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codecs_string[8];
data/bluez-5.55/android/handsfree-client.c:1201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char feat[3];
data/bluez-5.55/android/handsfree-client.c:1566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255];
data/bluez-5.55/android/handsfree-client.c:1644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codecs_string[8];
data/bluez-5.55/android/handsfree-client.c:1645:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bac[16];
data/bluez-5.55/android/handsfree-client.c:1649:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bac, "AT+BAC=");
data/bluez-5.55/android/handsfree-client.c:1841:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/handsfree-client.c:1879:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/handsfree.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/handsfree.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/handsfree.c:326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->buf, command, ev->len);
data/bluez-5.55/android/handsfree.c:518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/handsfree.c:709:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2];
data/bluez-5.55/android/handsfree.c:1260:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr = buf + sprintf(buf, "+CIND:");
data/bluez-5.55/android/handsfree.c:1493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/handsfree.c:1702:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/handsfree.c:2687:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/hardware/audio.h:655:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return module->methods->open(module, AUDIO_HARDWARE_INTERFACE,
data/bluez-5.55/android/hardware/audio_effect.h:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[EFFECT_STRING_LEN_MAX]; // human readable effect name
data/bluez-5.55/android/hardware/audio_effect.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char implementor[EFFECT_STRING_LEN_MAX]; // human readable effect implementor name
data/bluez-5.55/android/hardware/bluetooth.h:132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; // what's the maximum length
data/bluez-5.55/android/hardware/hardware.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/android/hardware/hardware.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX/2];
data/bluez-5.55/android/hardware/hardware.h:151:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(const struct hw_module_t* module, const char* id,
data/bluez-5.55/android/health.c:950:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mdep->descr, cmd->descr, cmd->descr_len);
data/bluez-5.55/android/hidhost.c:223:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req + 1, output->data, req_size - 1);
data/bluez-5.55/android/hidhost.c:261:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.u.input.data, &buf[1], ev.u.input.size);
data/bluez-5.55/android/hidhost.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/hidhost.c:325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/hidhost.c:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/hidhost.c:387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->data, buf + 1, ev->len);
data/bluez-5.55/android/hidhost.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->data, buf + 2, ev->len);
data/bluez-5.55/android/hidhost.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/hidhost.c:529:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.descr, dev->rd_data, ev.descr_len);
data/bluez-5.55/android/hidhost.c:549:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) ev.u.create.name, "bluez-input-device");
data/bluez-5.55/android/hidhost.c:875:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/hidhost.c:1426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/hidhost.c:1504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/ipc-tester.c:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exec_dir[PATH_MAX];
data/bluez-5.55/android/ipc-tester.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/ipc-tester.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prg_name[PATH_MAX + 11];
data/bluez-5.55/android/ipc-tester.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[8];
data/bluez-5.55/android/ipc-tester.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_argv[4];
data/bluez-5.55/android/ipc-tester.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bluez-5.55/android/ipc-tester.c:259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, SYSTEM_SOCKET_PATH, sizeof(SYSTEM_SOCKET_PATH));
data/bluez-5.55/android/ipc-tester.c:338:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, BLUEZ_HAL_SK_PATH, sizeof(BLUEZ_HAL_SK_PATH));
data/bluez-5.55/android/ipc-tester.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bluez-5.55/android/ipc.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MTU];
data/bluez-5.55/android/ipc.c:224:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, path, size);
data/bluez-5.55/android/ipc.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof(int))];
data/bluez-5.55/android/ipc.c:368:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
data/bluez-5.55/android/log.c:155:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_fd = open("/dev/log/system", O_WRONLY);
data/bluez-5.55/android/log.c:177:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(addr.sun_path, "/dev/socket/logdw");
data/bluez-5.55/android/main.c:344:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prop, val, len);
data/bluez-5.55/android/map-client.c:60:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inst->name, name, name_len);
data/bluez-5.55/android/pan.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface[16];
data/bluez-5.55/android/pan.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/pan.c:268:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.name, BNEP_BRIDGE, sizeof(BNEP_BRIDGE));
data/bluez-5.55/android/pan.c:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.name, dev->iface, sizeof(dev->iface));
data/bluez-5.55/android/pan.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/pan.c:539:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/sco.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/socket.c:495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof(int))];
data/bluez-5.55/android/socket.c:513:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmsg), &send_fd, sizeof(send_fd));
data/bluez-5.55/android/socket.c:691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/socket.c:789:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[32];
data/bluez-5.55/android/socket.c:1060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/socket.c:1187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/android/socket.c:1189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[32];
data/bluez-5.55/android/system-emulator.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exec_dir[PATH_MAX];
data/bluez-5.55/android/system-emulator.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_argv[6];
data/bluez-5.55/android/system-emulator.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_envp[3];
data/bluez-5.55/android/system-emulator.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_argv[3];
data/bluez-5.55/android/system-emulator.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_envp[1];
data/bluez-5.55/android/system-emulator.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prg_name[PATH_MAX + 11];
data/bluez-5.55/android/system-emulator.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prg_name[PATH_MAX + 17];
data/bluez-5.55/android/system-emulator.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_argv[3];
data/bluez-5.55/android/system-emulator.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_envp[1];
data/bluez-5.55/android/system-emulator.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/bluez-5.55/android/system-emulator.c:237:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, SYSTEM_SOCKET_PATH, sizeof(SYSTEM_SOCKET_PATH));
data/bluez-5.55/android/system/audio.h:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tags[AUDIO_ATTRIBUTES_TAGS_MAX_SIZE]; /* UTF8 */
data/bluez-5.55/android/system/audio.h:878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[AUDIO_DEVICE_MAX_ADDRESS_LEN]; /* device address. "" if N/A */
data/bluez-5.55/android/system/audio.h:941:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[AUDIO_DEVICE_MAX_ADDRESS_LEN];
data/bluez-5.55/android/system/audio.h:1403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char param[kSize];
data/bluez-5.55/android/test-ipc.c:187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, HAL_SK_PATH, sizeof(HAL_SK_PATH));
data/bluez-5.55/android/tester-avrcp.c:210:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exp_attrs[0].text, data + 22, 19);
data/bluez-5.55/android/tester-avrcp.c:212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exp_attrs[1].text, data + 49, 6);
data/bluez-5.55/android/tester-avrcp.c:345:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg.track, &track, sizeof(btrc_uid_t));
data/bluez-5.55/android/tester-gatt.c:1838:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->srvc_id, set_param_data->srvc_id,
data/bluez-5.55/android/tester-gatt.c:1842:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->char_id, set_param_data->char_id,
data/bluez-5.55/android/tester-gatt.c:1846:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->descr_id, set_param_data->descr_id,
data/bluez-5.55/android/tester-gatt.c:1854:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->value.value, set_param_data->value,
data/bluez-5.55/android/tester-gatt.c:1873:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->srvc_id, set_param_data->srvc_id,
data/bluez-5.55/android/tester-gatt.c:1877:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->char_id, set_param_data->char_id,
data/bluez-5.55/android/tester-gatt.c:1881:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->descr_id, set_param_data->descr_id,
data/bluez-5.55/android/tester-gatt.c:1902:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->srvc_id, set_param_data->srvc_id,
data/bluez-5.55/android/tester-gatt.c:1906:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->char_id, set_param_data->char_id,
data/bluez-5.55/android/tester-gatt.c:1912:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->bda, set_param_data->bdaddr, sizeof(bt_bdaddr_t));
data/bluez-5.55/android/tester-gatt.c:1914:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m->value, set_param_data->value, param->len);
data/bluez-5.55/android/tester-main.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exec_dir[PATH_MAX + 1];
data/bluez-5.55/android/tester-main.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prg_name[PATH_MAX + 1 + 11];
data/bluez-5.55/android/tester-main.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[8];
data/bluez-5.55/android/tester-main.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *prg_argv[5];
data/bluez-5.55/android/tester-main.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bluez-5.55/android/tester-main.c:296:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, SYSTEM_SOCKET_PATH, sizeof(SYSTEM_SOCKET_PATH));
data/bluez-5.55/android/tester-main.c:357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/android/tester-main.c:1053:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exp->store_srvc_handle,
data/bluez-5.55/android/tester-main.c:1058:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exp->store_char_handle,
data/bluez-5.55/android/tester-main.c:2218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bluez-5.55/android/tester-main.c:2267:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = module->methods->open(module, BT_HARDWARE_MODULE_ID, &device);
data/bluez-5.55/attrib/att.c:222:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, list->data[i], list->len);
data/bluez-5.55/attrib/att.c:267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->data[i], ptr, list->len);
data/bluez-5.55/attrib/att.c:299:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu[7], value, vlen);
data/bluez-5.55/attrib/att.c:330:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, pdu + 7, *vlen);
data/bluez-5.55/attrib/att.c:467:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, list->data[i], l);
data/bluez-5.55/attrib/att.c:511:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->data[i], ptr, list->len);
data/bluez-5.55/attrib/att.c:533:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu[3], value, vlen);
data/bluez-5.55/attrib/att.c:558:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, pdu + min_len, len - min_len);
data/bluez-5.55/attrib/att.c:583:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu[hdr_len], value, vlen);
data/bluez-5.55/attrib/att.c:615:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, pdu + hdr_len, *vlen);
data/bluez-5.55/attrib/att.c:617:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signature, pdu + hdr_len + *vlen, ATT_SIGNATURE_LEN);
data/bluez-5.55/attrib/att.c:637:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu[3], value, vlen);
data/bluez-5.55/attrib/att.c:664:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, pdu + min_len, *vlen);
data/bluez-5.55/attrib/att.c:780:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + 1, value, vlen);
data/bluez-5.55/attrib/att.c:797:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + 1, &value[offset], vlen);
data/bluez-5.55/attrib/att.c:817:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, pdu + 1, len - 1);
data/bluez-5.55/attrib/att.c:896:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, list->data[i], list->len);
data/bluez-5.55/attrib/att.c:937:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->data[i], ptr, list->len);
data/bluez-5.55/attrib/att.c:957:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu[3], value, vlen);
data/bluez-5.55/attrib/att.c:975:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu[3], value, vlen);
data/bluez-5.55/attrib/att.c:1000:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, &pdu[3], dlen);
data/bluez-5.55/attrib/att.c:1102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu[5], value, vlen);
data/bluez-5.55/attrib/att.c:1132:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, pdu + min_len, *vlen);
data/bluez-5.55/attrib/att.c:1155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu[5], value, vlen);
data/bluez-5.55/attrib/att.c:1184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, pdu + min_len, *vlen);
data/bluez-5.55/attrib/gatt-service.c:89:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&info->uuid, va_arg(args, bt_uuid_t *),
data/bluez-5.55/attrib/gatt-service.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuidstr[MAX_LEN_UUID_STR];
data/bluez-5.55/attrib/gatt.c:783:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp[long_read->size], &rpdu[1], rlen - 1);
data/bluez-5.55/attrib/gatt.c:826:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(long_read->buffer, rpdu, rlen);
data/bluez-5.55/attrib/gatt.c:1257:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim_uuid, &uuid, sizeof(uuid_t));
data/bluez-5.55/attrib/gatt.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/attrib/gatt.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/attrib/gatt.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/attrib/gatt.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/attrib/gattrib.c:245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, pdu, length);
data/bluez-5.55/attrib/utils.c:60:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(src + 3), &sba);
data/bluez-5.55/attrib/utils.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3];
data/bluez-5.55/attrib/utils.c:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, str + (i * 2), 2);
data/bluez-5.55/btio/btio.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/btio/btio.c:980:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev_class, info.dev_class, 3);
data/bluez-5.55/btio/btio.c:1210:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(va_arg(args, uint8_t *), dev_class, 3);
data/bluez-5.55/btio/btio.c:1268:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev_class, info.dev_class, 3);
data/bluez-5.55/btio/btio.c:1375:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(va_arg(args, uint8_t *), dev_class, 3);
data/bluez-5.55/btio/btio.c:1422:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev_class, info.dev_class, 3);
data/bluez-5.55/btio/btio.c:1481:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(va_arg(args, uint8_t *), dev_class, 3);
data/bluez-5.55/btio/btio.c:1700:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/client/advertising.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[26];
data/bluez-5.55/client/agent.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passkey_full[7];
data/bluez-5.55/client/display.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[68];
data/bluez-5.55/client/display.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[256];
data/bluez-5.55/client/gatt.c:673:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi(argv[1]);
data/bluez-5.55/client/gatt.c:822:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data.offset = atoi(argv[2]);
data/bluez-5.55/client/gatt.c:1499:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
service->handle = atoi(argv[2]);
data/bluez-5.55/client/gatt.c:2111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst_value + offset, src_val, src_len);
data/bluez-5.55/client/gatt.c:2591:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chrc->handle = atoi(argv[3]);
data/bluez-5.55/client/gatt.c:2868:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
desc->handle = atoi(argv[3]);
data/bluez-5.55/client/gatt.c:2983:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *flags[17];
data/bluez-5.55/client/main.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[26];
data/bluez-5.55/client/main.c:1396:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
filter.rssi = atoi(argv[1]);
data/bluez-5.55/client/main.c:1414:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
filter.pathloss = atoi(argv[1]);
data/bluez-5.55/emulator/amp.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phylink_path[32];
data/bluez-5.55/emulator/amp.c:193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt_data + 1 + sizeof(*hdr), data, len);
data/bluez-5.55/emulator/amp.c:223:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt_data + 1 + sizeof(*hdr) + sizeof(*cc), data, len);
data/bluez-5.55/emulator/amp.c:261:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(amp->event_mask, cmd->mask, 8);
data/bluez-5.55/emulator/amp.c:301:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.commands, amp->commands, 64);
data/bluez-5.55/emulator/amp.c:312:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.features, amp->features, 8);
data/bluez-5.55/emulator/amp.c:590:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(amp->event_mask + 8, cmd->mask, 8);
data/bluez-5.55/emulator/amp.c:711:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.assoc_fragment, amp->local_assoc + len_so_far,
data/bluez-5.55/emulator/amp.c:834:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(amp->phylink_path, "amp");
data/bluez-5.55/emulator/amp.c:844:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(amp->local_assoc + 1, amp->phylink_path,
data/bluez-5.55/emulator/amp.c:860:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(amp->phylink_path, cmd->assoc_fragment + 1,
data/bluez-5.55/emulator/amp.c:982:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/bluez-5.55/emulator/amp.c:1001:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char setup_cmd[2];
data/bluez-5.55/emulator/amp.c:1010:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
amp->vhci_fd = open("/dev/vhci", O_RDWR);
data/bluez-5.55/emulator/b1ee.c:85:6: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atol(str) > 65535)
data/bluez-5.55/emulator/b1ee.c:166:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(server_pkt_data + server_pkt_len,
data/bluez-5.55/emulator/b1ee.c:179:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(server_pkt_data + server_pkt_len, ptr, count);
data/bluez-5.55/emulator/b1ee.c:189:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/bluez-5.55/emulator/b1ee.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[INET6_ADDRSTRLEN];
data/bluez-5.55/emulator/b1ee.c:317:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vhci_fd = open("/dev/vhci", O_RDWR | O_NONBLOCK);
data/bluez-5.55/emulator/btdev.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[68];
data/bluez-5.55/emulator/btdev.c:944:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt_data + 1, data, len);
data/bluez-5.55/emulator/btdev.c:991:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ir.bdaddr, btdev_list[i]->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:994:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
data/bluez-5.55/emulator/btdev.c:997:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ir.data, btdev_list[i]->ext_inquiry_rsp, 240);
data/bluez-5.55/emulator/btdev.c:1009:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ir.bdaddr, btdev_list[i]->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1012:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
data/bluez-5.55/emulator/btdev.c:1023:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ir.bdaddr, btdev_list[i]->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1027:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ir.dev_class, btdev_list[i]->dev_class, 3);
data/bluez-5.55/emulator/btdev.c:1159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc.bdaddr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc.bdaddr, btdev->conn->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1226:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc.bdaddr, btdev->conn->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + sizeof(struct bt_hci_evt_le_conn_complete)];
data/bluez-5.55/emulator/btdev.c:1259:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->peer_addr, btdev->random_addr, 6);
data/bluez-5.55/emulator/btdev.c:1261:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->peer_addr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1274:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->peer_addr, lecc->peer_addr, 6);
data/bluez-5.55/emulator/btdev.c:1284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + sizeof(struct bt_hci_evt_le_enhanced_conn_complete)];
data/bluez-5.55/emulator/btdev.c:1306:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->peer_addr, btdev->random_addr, 6);
data/bluez-5.55/emulator/btdev.c:1308:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->peer_addr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1321:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->peer_addr, leecc->peer_addr, 6);
data/bluez-5.55/emulator/btdev.c:1426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(evt.cig_sync_delay, dev->le_cig.params.m_interval,
data/bluez-5.55/emulator/btdev.c:1428:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(evt.cis_sync_delay, dev->le_cig.params.s_interval,
data/bluez-5.55/emulator/btdev.c:1430:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(evt.m_latency, &dev->le_cig.params.m_latency,
data/bluez-5.55/emulator/btdev.c:1432:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(evt.s_latency, &dev->le_cig.params.s_latency,
data/bluez-5.55/emulator/btdev.c:1479:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr.bdaddr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1480:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr.dev_class, btdev->dev_class, 3);
data/bluez-5.55/emulator/btdev.c:1596:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->link_key, link_key, 16);
data/bluez-5.55/emulator/btdev.c:1635:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io_req.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1641:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pin_req.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1691:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->link_key, key, 16);
data/bluez-5.55/emulator/btdev.c:1693:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1694:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.link_key, key, 16);
data/bluez-5.55/emulator/btdev.c:1724:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->pin, pin_code, pin_len);
data/bluez-5.55/emulator/btdev.c:1730:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pin_req.bdaddr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1812:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nc.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1819:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nc.name, remote->name, 248);
data/bluez-5.55/emulator/btdev.c:1835:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rfc.features, btdev->conn->features, 8);
data/bluez-5.55/emulator/btdev.c:1872:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(refc.features, btdev->conn->features, 8);
data/bluez-5.55/emulator/btdev.c:1973:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.bdaddr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1983:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfm.bdaddr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1989:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfm.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:1999:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:2010:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:2042:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iev.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:2043:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aev.bdaddr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:2047:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iev.bdaddr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:2048:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aev.bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:2083:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(meta_event.lar.addr, adv_addr(remote), 6);
data/bluez-5.55/emulator/btdev.c:2088:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(meta_event.lar.data, remote->le_scan_data,
data/bluez-5.55/emulator/btdev.c:2092:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(meta_event.lar.data, remote->le_adv_data,
data/bluez-5.55/emulator/btdev.c:2119:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(meta_event.lear.addr, adv_addr(remote), 6);
data/bluez-5.55/emulator/btdev.c:2129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(meta_event.lear.data, remote->le_scan_data,
data/bluez-5.55/emulator/btdev.c:2133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(meta_event.lear.data, remote->le_adv_data,
data/bluez-5.55/emulator/btdev.c:2309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + sizeof(struct bt_hci_evt_le_remote_features_complete)];
data/bluez-5.55/emulator/btdev.c:2326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev->features, remote->le_features, 8);
data/bluez-5.55/emulator/btdev.c:2334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + sizeof(struct bt_hci_evt_le_long_term_key_request)];
data/bluez-5.55/emulator/btdev.c:2633:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lkrr_rsp.bdaddr, data, 6);
data/bluez-5.55/emulator/btdev.c:2641:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lkrnr_rsp.bdaddr, data, 6);
data/bluez-5.55/emulator/btdev.c:2649:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcrr_rsp.bdaddr, data, 6);
data/bluez-5.55/emulator/btdev.c:2657:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcrnr_rsp.bdaddr, data, 6);
data/bluez-5.55/emulator/btdev.c:2684:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rnrc_rsp.bdaddr, rnrc->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:2729:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->event_mask, sem->mask, 8);
data/bluez-5.55/emulator/btdev.c:2778:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->name, wln->name, 248);
data/bluez-5.55/emulator/btdev.c:2787:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rln.name, btdev->name, 248);
data/bluez-5.55/emulator/btdev.c:2918:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rcod.dev_class, btdev->dev_class, 3);
data/bluez-5.55/emulator/btdev.c:2926:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->dev_class, wcod->dev_class, 3);
data/bluez-5.55/emulator/btdev.c:3036:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reir.data, btdev->ext_inquiry_rsp, 240);
data/bluez-5.55/emulator/btdev.c:3045:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->ext_inquiry_rsp, weir->data, 240);
data/bluez-5.55/emulator/btdev.c:3090:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ucrr_rsp.bdaddr, data, 6);
data/bluez-5.55/emulator/btdev.c:3099:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ucrnr_rsp.bdaddr, data, 6);
data/bluez-5.55/emulator/btdev.c:3197:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rlc.commands, btdev->commands, 64);
data/bluez-5.55/emulator/btdev.c:3203:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rlf.features, btdev->features, 8);
data/bluez-5.55/emulator/btdev.c:3226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rlef.features, btdev->features, 8);
data/bluez-5.55/emulator/btdev.c:3234:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rlef.features, btdev->feat_page_2, 8);
data/bluez-5.55/emulator/btdev.c:3261:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rba.bdaddr, btdev->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:3378:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->event_mask_page2, semp2->mask, 8);
data/bluez-5.55/emulator/btdev.c:3387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->le_event_mask, lsem->mask, 8);
data/bluez-5.55/emulator/btdev.c:3405:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lrlf.features, btdev->le_features, 8);
data/bluez-5.55/emulator/btdev.c:3413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->random_addr, lsra->addr, 6);
data/bluez-5.55/emulator/btdev.c:3432:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->le_adv_direct_addr, lsap->direct_addr, 6);
data/bluez-5.55/emulator/btdev.c:3582:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lrss.states, btdev->le_states, 8);
data/bluez-5.55/emulator/btdev.c:3591:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->le_adv_data, lsad->data, 31);
data/bluez-5.55/emulator/btdev.c:3601:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->le_scan_data, lssrd->data, 31);
data/bluez-5.55/emulator/btdev.c:3616:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->le_ltk, lse->ltk, 16);
data/bluez-5.55/emulator/btdev.c:3624:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->le_ltk, llrr->ltk, 16);
data/bluez-5.55/emulator/btdev.c:3718:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->random_addr, lsasra->bdaddr, 6);
data/bluez-5.55/emulator/btdev.c:3737:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->le_adv_direct_addr, lseap->peer_addr, 6);
data/bluez-5.55/emulator/btdev.c:3766:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->le_adv_data, lsead->data, 31);
data/bluez-5.55/emulator/btdev.c:3777:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(btdev->le_scan_data, lsesrd->data, 31);
data/bluez-5.55/emulator/btdev.c:3871:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&btdev->le_cig, data, len);
data/bluez-5.55/emulator/bthost.c:67:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char rfcomm_crc_table[256] = {
data/bluez-5.55/emulator/bthost.c:487:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data + cmd->len, iov[i].iov_base, iov[i].iov_len);
data/bluez-5.55/emulator/bthost.c:755:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bthost->bdaddr, ev->bdaddr, 6);
data/bluez-5.55/emulator/bthost.c:786:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bthost->features, ev->features, 8);
data/bluez-5.55/emulator/bthost.c:892:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, ev->bdaddr, sizeof(ev->bdaddr));
data/bluez-5.55/emulator/bthost.c:910:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->bdaddr, bdaddr, 6);
data/bluez-5.55/emulator/bthost.c:1019:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.bdaddr, ev->bdaddr, 6);
data/bluez-5.55/emulator/bthost.c:1021:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.pin_code, bthost->pin, bthost->pin_len);
data/bluez-5.55/emulator/bthost.c:1028:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.bdaddr, ev->bdaddr, 6);
data/bluez-5.55/emulator/bthost.c:1044:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.bdaddr, ev->bdaddr, 6);
data/bluez-5.55/emulator/bthost.c:1111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.bdaddr, ev->bdaddr, 6);
data/bluez-5.55/emulator/bthost.c:2443:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(adv_cp.data, data, len);
data/bluez-5.55/emulator/bthost.c:2466:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(adv_cp->data, data, len);
data/bluez-5.55/emulator/bthost.c:2551:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.ltk, ltk, 16);
data/bluez-5.55/emulator/bthost.c:2604:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bthost->pin, pin, pin_len);
data/bluez-5.55/emulator/bthost.c:2764:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uih_frame + sizeof(*hdr) + 1, data, len);
data/bluez-5.55/emulator/bthost.c:2767:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uih_frame + sizeof(*hdr), data, len);
data/bluez-5.55/emulator/hciemu.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdaddr_str[18];
data/bluez-5.55/emulator/hciemu.c:129:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/bluez-5.55/emulator/hciemu.c:173:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/bluez-5.55/emulator/hciemu.c:239:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/vhci", O_RDWR | O_NONBLOCK | O_CLOEXEC);
data/bluez-5.55/emulator/hciemu.c:409:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hciemu->bdaddr_str, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
data/bluez-5.55/emulator/hfp.c:71:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sun_path, SOCKET_PATH, sizeof(SOCKET_PATH));
data/bluez-5.55/emulator/le.c:197:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &hci->le_resolv_list[i][1], 6);
data/bluez-5.55/emulator/le.c:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, peer_addr, 6);
data/bluez-5.55/emulator/le.c:456:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hci->scan_cache[hci->scan_cache_count].addr, addr, 6);
data/bluez-5.55/emulator/le.c:500:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt.tx_addr, hci->bdaddr, 6);
data/bluez-5.55/emulator/le.c:504:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt.tx_addr, hci->le_random_addr, 6);
data/bluez-5.55/emulator/le.c:508:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt.rx_addr, hci->le_adv_direct_addr, 6);
data/bluez-5.55/emulator/le.c:651:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt_data + sizeof(*cc), data, len);
data/bluez-5.55/emulator/le.c:682:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt_data + 1, data, len);
data/bluez-5.55/emulator/le.c:698:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hci->event_mask, cmd->mask, 8);
data/bluez-5.55/emulator/le.c:722:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hci->event_mask + 8, cmd->mask, 8);
data/bluez-5.55/emulator/le.c:750:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.commands, hci->commands, 64);
data/bluez-5.55/emulator/le.c:761:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.features, hci->features, 8);
data/bluez-5.55/emulator/le.c:785:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.bdaddr, hci->bdaddr, 6);
data/bluez-5.55/emulator/le.c:796:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hci->le_event_mask, cmd->mask, 8);
data/bluez-5.55/emulator/le.c:821:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.features, hci->le_features, 8);
data/bluez-5.55/emulator/le.c:833:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hci->le_random_addr, cmd->addr, 6);
data/bluez-5.55/emulator/le.c:942:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hci->le_adv_direct_addr, cmd->direct_addr, 6);
data/bluez-5.55/emulator/le.c:976:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hci->le_adv_data, cmd->data, 31);
data/bluez-5.55/emulator/le.c:996:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hci->le_scan_rsp_data, cmd->data, 31);
data/bluez-5.55/emulator/le.c:1184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hci->le_conn_peer_addr, cmd->peer_addr, 6);
data/bluez-5.55/emulator/le.c:1286:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hci->le_white_list[pos][1], cmd->addr, 6);
data/bluez-5.55/emulator/le.c:1358:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rsp.number, value, 8);
data/bluez-5.55/emulator/le.c:1369:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.states, hci->le_states, 8);
data/bluez-5.55/emulator/le.c:1541:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hci->le_resolv_list[pos][1], cmd->addr, 6);
data/bluez-5.55/emulator/le.c:1542:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hci->le_resolv_list[pos][7], cmd->peer_irk, 16);
data/bluez-5.55/emulator/le.c:1543:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hci->le_resolv_list[pos][23], cmd->local_irk, 16);
data/bluez-5.55/emulator/le.c:1938:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/bluez-5.55/emulator/le.c:1994:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(evt->addr, tx_addr, 6);
data/bluez-5.55/emulator/le.c:1996:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(*evt), data + sizeof(*pkt),
data/bluez-5.55/emulator/le.c:2009:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(evt->addr, tx_addr, 6);
data/bluez-5.55/emulator/le.c:2011:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(*evt), data + sizeof(*pkt) +
data/bluez-5.55/emulator/le.c:2024:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char setup_cmd[2];
data/bluez-5.55/emulator/le.c:2037:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hci->vhci_fd = open("/dev/vhci", O_RDWR);
data/bluez-5.55/emulator/main.c:116:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vhci_count = atoi(optarg);
data/bluez-5.55/emulator/main.c:131:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
letest_count = atoi(optarg);
data/bluez-5.55/emulator/main.c:137:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
amptest_count = atoi(optarg);
data/bluez-5.55/emulator/phy.c:67:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/bluez-5.55/emulator/phy.c:87:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/bluez-5.55/emulator/serial.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/emulator/serial.c:142:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(serial->pkt_data + serial->pkt_len,
data/bluez-5.55/emulator/serial.c:153:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(serial->pkt_data + serial->pkt_len, ptr, count);
data/bluez-5.55/emulator/server.c:165:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client->pkt_data + client->pkt_len,
data/bluez-5.55/emulator/server.c:176:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client->pkt_data + client->pkt_len, ptr, count);
data/bluez-5.55/emulator/smp.c:237:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, conn->ia, 6);
data/bluez-5.55/emulator/smp.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, conn->ra, 6);
data/bluez-5.55/emulator/smp.c:245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io_cap, &conn->preq[1], 3);
data/bluez-5.55/emulator/smp.c:249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io_cap, &conn->prsp[1], 3);
data/bluez-5.55/emulator/smp.c:272:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, conn->ia, 6);
data/bluez-5.55/emulator/smp.c:273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, conn->ra, 6);
data/bluez-5.55/emulator/smp.c:409:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], conn->ia, 6);
data/bluez-5.55/emulator/smp.c:412:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], conn->ra, 6);
data/bluez-5.55/emulator/smp.c:446:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&conn->prsp[1], &rsp, sizeof(rsp));
data/bluez-5.55/emulator/smp.c:515:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->pcnf, data + 1, 16);
data/bluez-5.55/emulator/smp.c:563:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->rrnd, data + 1, 16);
data/bluez-5.55/emulator/smp.c:621:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->remote_pk, data + 1, 64);
data/bluez-5.55/emulator/smp.c:654:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, &conn->ia, 6);
data/bluez-5.55/emulator/smp.c:655:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, &conn->ra, 6);
data/bluez-5.55/emulator/smp.c:662:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io_cap, &conn->prsp[1], 3);
data/bluez-5.55/emulator/smp.c:666:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io_cap, &conn->preq[1], 3);
data/bluez-5.55/emulator/smp.c:704:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&conn->preq[1], &req, sizeof(req));
data/bluez-5.55/emulator/smp.c:802:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ltk, conn->ltk, 16);
data/bluez-5.55/emulator/smp.c:870:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->ia, ia, 6);
data/bluez-5.55/emulator/smp.c:871:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conn->ra, ra, 6);
data/bluez-5.55/emulator/vhci.c:78:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/bluez-5.55/emulator/vhci.c:103:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char setup_cmd[2];
data/bluez-5.55/emulator/vhci.c:132:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vhci->fd = open("/dev/vhci", O_RDWR | O_NONBLOCK);
data/bluez-5.55/gdbus/client.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[2] = { type, '\0' };
data/bluez-5.55/gdbus/client.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_sig[2] = { type, '\0' };
data/bluez-5.55/gdbus/client.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array_sig[3] = { DBUS_TYPE_ARRAY, type, '\0' };
data/bluez-5.55/gdbus/object.c:1432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/bluez-5.55/gdbus/watch.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rule[DBUS_MAXIMUM_MATCH_RULE_LENGTH];
data/bluez-5.55/gdbus/watch.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rule[DBUS_MAXIMUM_MATCH_RULE_LENGTH];
data/bluez-5.55/gobex/gobex-apparam.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[0];
data/bluez-5.55/gobex/gobex-apparam.c:59:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag->value.data, data, len);
data/bluez-5.55/gobex/gobex-apparam.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, tag, count);
data/bluez-5.55/gobex/gobex-apparam.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) value)[G_MAXUINT8 - 1] = '\0';
data/bluez-5.55/gobex/gobex-header.c:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, from, count);
data/bluez-5.55/gobex/gobex-header.c:85:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, from, count);
data/bluez-5.55/gobex/gobex-packet.c:315:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, from, count);
data/bluez-5.55/gobex/gobex-packet.c:407:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], &u16, sizeof(u16));
data/bluez-5.55/gobex/gobex-packet.c:430:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[3], pkt->data.buf_ref, pkt->data_len);
data/bluez-5.55/gobex/gobex-packet.c:432:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[3], pkt->data.buf, pkt->data_len);
data/bluez-5.55/gobex/gobex-packet.c:464:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], &u16, sizeof(u16));
data/bluez-5.55/gobex/gobex.c:568:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data->mtu, &u16, sizeof(u16));
data/bluez-5.55/lib/bluetooth.c:58:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
data/bluez-5.55/lib/bluetooth.c:80:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(str, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
data/bluez-5.55/lib/bluetooth.c:87:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(str, "%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x",
data/bluez-5.55/lib/bluetooth.c:108:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(str, "%2.2X-%2.2X-%2.2X", ba->b[5], ba->b[4], ba->b[3]);
data/bluez-5.55/lib/bluetooth.h:347:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(bdaddr_t));
data/bluez-5.55/lib/bluetooth.h:390:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(uint128_t));
data/bluez-5.55/lib/bluetooth.h:418:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(uint128_t));
data/bluez-5.55/lib/bnep.h:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[16]; /* Name of the Ethernet device */
data/bluez-5.55/lib/bnep.h:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[16];
data/bluez-5.55/lib/hci.c:216:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf(ptr, "DOWN ");
data/bluez-5.55/lib/hci.c:321:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "SLAVE ");
data/bluez-5.55/lib/hci.c:932:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(str + 3);
data/bluez-5.55/lib/hci.c:1019:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ir->lap, lap, 3);
data/bluez-5.55/lib/hci.c:1036:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) *ii, buf + sizeof(*ir), size);
data/bluez-5.55/lib/hci.c:1127:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[HCI_MAX_EVENT_SIZE], *ptr;
data/bluez-5.55/lib/hci.c:1208:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->rparam, ptr, r->rlen);
data/bluez-5.55/lib/hci.c:1221:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->rparam, ptr, r->rlen);
data/bluez-5.55/lib/hci.c:1235:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->rparam, ptr, r->rlen);
data/bluez-5.55/lib/hci.c:1246:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->rparam, me->data, r->rlen);
data/bluez-5.55/lib/hci.c:1254:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->rparam, ptr, r->rlen);
data/bluez-5.55/lib/hci.c:1454:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.peer_irk, peer_irk, 16);
data/bluez-5.55/lib/hci.c:1456:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.local_irk, local_irk, 16);
data/bluez-5.55/lib/hci.c:1750:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(features, rp.features, 8);
data/bluez-5.55/lib/hci.c:1788:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(features, rp.features, 8);
data/bluez-5.55/lib/hci.c:1870:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(commands, rp.commands, 64);
data/bluez-5.55/lib/hci.c:1895:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(features, rp.features, 8);
data/bluez-5.55/lib/hci.c:1929:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(features, rp.features, 8);
data/bluez-5.55/lib/hci.c:1978:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cls, rp.dev_class, 3);
data/bluez-5.55/lib/hci.c:2056:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lap, rp.lap, rp.num_current_iac * 3);
data/bluez-5.55/lib/hci.c:2067:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cp.lap, lap, num_iac * 3);
data/bluez-5.55/lib/hci.c:2098:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[WRITE_STORED_LINK_KEY_CP_SIZE + 6 + 16];
data/bluez-5.55/lib/hci.c:2104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 7, key, 16);
data/bluez-5.55/lib/hci.c:2476:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, rp.data, HCI_MAX_EIR_LENGTH);
data/bluez-5.55/lib/hci.c:2489:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.data, data, HCI_MAX_EIR_LENGTH);
data/bluez-5.55/lib/hci.c:2580:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, rp.hash, 16);
data/bluez-5.55/lib/hci.c:2581:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(randomizer, rp.randomizer, 16);
data/bluez-5.55/lib/hci.c:2789:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.map, map, 10);
data/bluez-5.55/lib/hci.c:2884:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map, rp.map, 10);
data/bluez-5.55/lib/hci.c:3124:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(features, rp.features, 8);
data/bluez-5.55/lib/hci.h:2385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/bluez-5.55/lib/hidp.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128]; /* Device name */
data/bluez-5.55/lib/hidp.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/bluez-5.55/lib/sdp.c:294:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data0, &uuid->value.uuid128.data[0], 4);
data/bluez-5.55/lib/sdp.c:295:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data1, &uuid->value.uuid128.data[4], 2);
data/bluez-5.55/lib/sdp.c:296:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data2, &uuid->value.uuid128.data[6], 2);
data/bluez-5.55/lib/sdp.c:297:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data3, &uuid->value.uuid128.data[8], 2);
data/bluez-5.55/lib/sdp.c:298:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data4, &uuid->value.uuid128.data[10], 4);
data/bluez-5.55/lib/sdp.c:299:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data5, &uuid->value.uuid128.data[14], 2);
data/bluez-5.55/lib/sdp.c:342:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data0, &uuid->value.uuid128.data[0], 4);
data/bluez-5.55/lib/sdp.c:343:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data1, &uuid->value.uuid128.data[4], 2);
data/bluez-5.55/lib/sdp.c:344:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data2, &uuid->value.uuid128.data[6], 2);
data/bluez-5.55/lib/sdp.c:345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data3, &uuid->value.uuid128.data[8], 2);
data/bluez-5.55/lib/sdp.c:346:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data4, &uuid->value.uuid128.data[10], 4);
data/bluez-5.55/lib/sdp.c:347:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data5, &uuid->value.uuid128.data[14], 2);
data/bluez-5.55/lib/sdp.c:407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d->val.uint128.data, value, sizeof(uint128_t));
data/bluez-5.55/lib/sdp.c:411:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d->val.int128.data, value, sizeof(uint128_t));
data/bluez-5.55/lib/sdp.c:443:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->val.str, value, length);
data/bluez-5.55/lib/sdp.c:895:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data + buf->data_size, src, data_size);
data/bluez-5.55/lib/sdp.c:1206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, p, n);
data/bluez-5.55/lib/sdp.c:2661:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u->value.uuid128, val, sizeof(uint128_t));
data/bluez-5.55/lib/sdp.c:2723:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data1, &bluetooth_base_uuid.data[2], 2);
data/bluez-5.55/lib/sdp.c:2729:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uuid128->value.uuid128.data[2], &data1, 2);
data/bluez-5.55/lib/sdp.c:2745:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data0, &bluetooth_base_uuid.data[0], 4);
data/bluez-5.55/lib/sdp.c:2751:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uuid128->value.uuid128.data[0], &data0, 4);
data/bluez-5.55/lib/sdp.c:2794:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, u->data, 4);
data/bluez-5.55/lib/sdp.c:2851:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->data + dst->data_size, data, len);
data/bluez-5.55/lib/sdp.c:2936:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, data, size);
data/bluez-5.55/lib/sdp.c:3159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, pdu.data, pdu.data_size);
data/bluez-5.55/lib/sdp.c:3335:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, buf.data, buf.data_size);
data/bluez-5.55/lib/sdp.c:3358:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/bluez-5.55/lib/sdp.c:3370:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdata, cstate->data, len);
data/bluez-5.55/lib/sdp.c:3693:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(targetPtr, pdata, rsp_count);
data/bluez-5.55/lib/sdp.c:4249:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcsrc, &tcsrc, sizeof(tcsrc));
data/bluez-5.55/lib/sdp.c:4327:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(targetPtr, pdata, rsp_count);
data/bluez-5.55/lib/sdp.c:4549:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(targetPtr, pdata, rsp_count);
data/bluez-5.55/lib/uuid.c:57:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst->value.u128.data[BASE_UUID16_OFFSET], &be16, sizeof(be16));
data/bluez-5.55/lib/uuid.c:73:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst->value.u128.data[BASE_UUID32_OFFSET], &be32, sizeof(be32));
data/bluez-5.55/lib/uuid.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data0, &data[0], 4);
data/bluez-5.55/lib/uuid.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data1, &data[4], 2);
data/bluez-5.55/lib/uuid.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data2, &data[6], 2);
data/bluez-5.55/lib/uuid.c:162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data3, &data[8], 2);
data/bluez-5.55/lib/uuid.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data4, &data[10], 4);
data/bluez-5.55/lib/uuid.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data5, &data[14], 2);
data/bluez-5.55/lib/uuid.c:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/bluez-5.55/lib/uuid.c:253:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[0], &data0, 4);
data/bluez-5.55/lib/uuid.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[4], &data1, 2);
data/bluez-5.55/lib/uuid.c:255:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[6], &data2, 2);
data/bluez-5.55/lib/uuid.c:256:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[8], &data3, 2);
data/bluez-5.55/lib/uuid.c:257:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[10], &data4, 4);
data/bluez-5.55/lib/uuid.c:258:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[14], &data5, 2);
data/bluez-5.55/mesh/appkey.c:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(is_new ? key->new_key : key->key, key_value, 16);
data/bluez-5.55/mesh/cfgmod-server.c:167:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db_pub.virt_addr, pub_addr, 16);
data/bluez-5.55/mesh/cfgmod-server.c:193:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n + 1, pkt, size);
data/bluez-5.55/mesh/cfgmod-server.c:218:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db_sub.addr.label, label, 16);
data/bluez-5.55/mesh/cfgmod-server.c:263:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n + 1, pkt, 8);
data/bluez-5.55/mesh/cfgmod-server.c:266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n + 1, pkt, 6);
data/bluez-5.55/mesh/cfgmod-server.c:364:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n + 1, pkt, size);
data/bluez-5.55/mesh/cfgmod-server.c:399:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n + 1, pkt, size);
data/bluez-5.55/mesh/cfgmod-server.c:624:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n + 1, &pkt[0], 3);
data/bluez-5.55/mesh/cfgmod-server.c:652:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n + 1, &pkt[0], 2);
data/bluez-5.55/mesh/cfgmod-server.c:735:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, comp, len);
data/bluez-5.55/mesh/crypto.c:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage, p, p_len);
data/bluez-5.55/mesh/crypto.c:192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage, output, 16);
data/bluez-5.55/mesh/crypto.c:193:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage + 16, p, p_len);
data/bluez-5.55/mesh/crypto.c:199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(enc_key, output, 16);
data/bluez-5.55/mesh/crypto.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage, output, 16);
data/bluez-5.55/mesh/crypto.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage + 16, p, p_len);
data/bluez-5.55/mesh/crypto.c:208:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(priv_key, output, 16);
data/bluez-5.55/mesh/crypto.c:219:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool crypto_128(const uint8_t n[16], const char *s, uint8_t out128[16])
data/bluez-5.55/mesh/crypto.c:248:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 6, id + 8, 8);
data/bluez-5.55/mesh/crypto.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(id, tmp + 8, 8);
data/bluez-5.55/mesh/crypto.c:283:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out64, tmp + 8, 8);
data/bluez-5.55/mesh/crypto.c:319:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + 1, network_id, 8);
data/bluez-5.55/mesh/crypto.c:411:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nonce, tmp + 3, 13);
data/bluez-5.55/mesh/crypto.c:428:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, conf_salt, 16);
data/bluez-5.55/mesh/crypto.c:429:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 16, prov_rand, 16);
data/bluez-5.55/mesh/crypto.c:430:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 32, dev_rand, 16);
data/bluez-5.55/mesh/crypto.c:481:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(privacy_counter + 9, payload, 7);
data/bluez-5.55/mesh/crypto.c:581:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet + n, payload, payload_len);
data/bluez-5.55/mesh/crypto.c:594:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet + n, payload, payload_len);
data/bluez-5.55/mesh/crypto.c:777:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, payload, payload_len);
data/bluez-5.55/mesh/crypto.c:930:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, packet, packet_len);
data/bluez-5.55/mesh/friend.c:585:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_list, frnd->u.active.grp_list,
data/bluez-5.55/mesh/friend.c:625:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frnd->u.active.grp_list[i],
data/bluez-5.55/mesh/keyring.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_file[PATH_MAX];
data/bluez-5.55/mesh/keyring.c:67:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(key_file, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
data/bluez-5.55/mesh/keyring.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_file[PATH_MAX];
data/bluez-5.55/mesh/keyring.c:100:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(key_file, O_RDWR);
data/bluez-5.55/mesh/keyring.c:113:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(key_file, O_WRONLY | O_CREAT | O_TRUNC,
data/bluez-5.55/mesh/keyring.c:141:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key.old_key, key.new_key, 16);
data/bluez-5.55/mesh/keyring.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_dir[PATH_MAX];
data/bluez-5.55/mesh/keyring.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_file[PATH_MAX];
data/bluez-5.55/mesh/keyring.c:217:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(key_file, O_WRONLY | O_CREAT | O_TRUNC,
data/bluez-5.55/mesh/keyring.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_file[PATH_MAX];
data/bluez-5.55/mesh/keyring.c:246:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(key_file, O_RDONLY);
data/bluez-5.55/mesh/keyring.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_file[PATH_MAX];
data/bluez-5.55/mesh/keyring.c:272:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(key_file, O_RDONLY);
data/bluez-5.55/mesh/keyring.c:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_file[PATH_MAX];
data/bluez-5.55/mesh/keyring.c:302:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(key_file, O_RDONLY);
data/bluez-5.55/mesh/keyring.c:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_file[PATH_MAX];
data/bluez-5.55/mesh/keyring.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_file[PATH_MAX];
data/bluez-5.55/mesh/keyring.c:354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_file[PATH_MAX];
data/bluez-5.55/mesh/manager.c:266:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(add_pending->uuid, uuid, 16);
data/bluez-5.55/mesh/manager.c:483:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key.old_key, new_key, 16);
data/bluez-5.55/mesh/manager.c:484:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key.new_key, new_key, 16);
data/bluez-5.55/mesh/manager.c:628:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(app_key.old_key, new_key, 16);
data/bluez-5.55/mesh/manager.c:629:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(app_key.new_key, new_key, 16);
data/bluez-5.55/mesh/manager.c:769:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key.old_key, key.new_key, 16);
data/bluez-5.55/mesh/mesh-config-json.c:76:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(fname, "w");
data/bluez-5.55/mesh/mesh-config-json.c:108:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool add_u64_value(json_object *jobj, const char *desc,
data/bluez-5.55/mesh/mesh-config-json.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexstr[17];
data/bluez-5.55/mesh/mesh-config-json.c:124:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool add_key_value(json_object *jobj, const char *desc,
data/bluez-5.55/mesh/mesh-config-json.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexstr[33];
data/bluez-5.55/mesh/mesh-config-json.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9];
data/bluez-5.55/mesh/mesh-config-json.c:832:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/bluez-5.55/mesh/mesh-config-json.c:877:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/bluez-5.55/mesh/mesh-config-json.c:1432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/bluez-5.55/mesh/mesh-config-json.c:1447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9];
data/bluez-5.55/mesh/mesh-config-json.c:1617:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static struct mesh_config *create_config(const char *cfg_path,
data/bluez-5.55/mesh/mesh-config-json.c:1711:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfg->uuid, uuid, 16);
data/bluez-5.55/mesh/mesh-config-json.c:1720:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct mesh_config *mesh_config_create(const char *cfgdir_name,
data/bluez-5.55/mesh/mesh-config-json.c:1723:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_buf[33];
data/bluez-5.55/mesh/mesh-config-json.c:1724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[PATH_MAX];
data/bluez-5.55/mesh/mesh-config-json.c:1913:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/bluez-5.55/mesh/mesh-config-json.c:1976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_buf[3];
data/bluez-5.55/mesh/mesh-config-json.c:2024:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[33];
data/bluez-5.55/mesh/mesh-config-json.c:2074:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[33];
data/bluez-5.55/mesh/mesh-config-json.c:2293:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool load_node(const char *fname, const uint8_t uuid[16],
data/bluez-5.55/mesh/mesh-config-json.c:2311:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, O_RDONLY);
data/bluez-5.55/mesh/mesh-config-json.c:2349:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfg->uuid, uuid, 16);
data/bluez-5.55/mesh/mesh-config-json.c:2525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[33];
data/bluez-5.55/mesh/mesh-config.h:131:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct mesh_config *mesh_config_create(const char *cfgdir_name,
data/bluez-5.55/mesh/mesh-io-generic.c:563:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.data + 1, tx->pkt, tx->len);
data/bluez-5.55/mesh/mesh-io-generic.c:743:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tx->pkt, data, len);
data/bluez-5.55/mesh/mesh-io-generic.c:843:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rx_reg->filter, filter, len);
data/bluez-5.55/mesh/model.c:696:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(virt->label, v, 16);
data/bluez-5.55/mesh/net-keys.c:114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->master, master, 16);
data/bluez-5.55/mesh/net-keys.c:201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(master, key->master, sizeof(key->master));
data/bluez-5.55/mesh/net-keys.c:242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache_pkt, pkt, len);
data/bluez-5.55/mesh/net-keys.c:338:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snb + 3, key->network, 8);
data/bluez-5.55/mesh/net-keys.c:486:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->snb.beacon, beacon, sizeof(beacon));
data/bluez-5.55/mesh/net.c:448:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_list, grp_list,
data/bluez-5.55/mesh/net.c:451:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_list[frnd->u.active.grp_cnt], list,
data/bluez-5.55/mesh/net.c:478:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&grp_list[i], &grp_list[i + 1],
data/bluez-5.55/mesh/net.c:1271:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt, rx, size);
data/bluez-5.55/mesh/net.c:1329:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frnd_msg->u.s12[i].data, data, 12);
data/bluez-5.55/mesh/net.c:1352:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frnd_msg->u.one[0].data + 1, data, size);
data/bluez-5.55/mesh/net.c:1356:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frnd_msg->u.one[0].data, data, size);
data/bluez-5.55/mesh/net.c:1872:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frnd_msg->u.s12[cnt].data, data, size);
data/bluez-5.55/mesh/net.c:1993:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sar_in->buf + seg_off, data, size);
data/bluez-5.55/mesh/net.c:2221:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet + 1, data, size);
data/bluez-5.55/mesh/net.c:2275:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tx->packet, packet, size);
data/bluez-5.55/mesh/net.c:2294:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet + 2, data, size);
data/bluez-5.55/mesh/net.c:3135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload->buf, msg, msg_len);
data/bluez-5.55/mesh/node.c:385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[33];
data/bluez-5.55/mesh/node.c:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_name[PATH_MAX];
data/bluez-5.55/mesh/node.c:452:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->dev_key, db_node->dev_key, 16);
data/bluez-5.55/mesh/node.c:453:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->token, db_node->token, 8);
data/bluez-5.55/mesh/node.c:575:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->token, token, 8);
data/bluez-5.55/mesh/node.c:885:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page->data, data, len);
data/bluez-5.55/mesh/node.c:951:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[33];
data/bluez-5.55/mesh/node.c:1261:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->dev_key, dev_key, 16);
data/bluez-5.55/mesh/node.c:1558:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_key.new_key, net_key.old_key,
data/bluez-5.55/mesh/node.c:1670:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void node_import(const char *app_root, const char *sender, const uint8_t *uuid,
data/bluez-5.55/mesh/node.c:1670:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void node_import(const char *app_root, const char *sender, const uint8_t *uuid,
data/bluez-5.55/mesh/node.c:1687:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->import->dev_key, dev_key, 16);
data/bluez-5.55/mesh/node.c:1688:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->import->net_key, net_key, 16);
data/bluez-5.55/mesh/node.c:1927:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4, key.old_key, 16);
data/bluez-5.55/mesh/node.c:1929:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4, key.new_key, 16);
data/bluez-5.55/mesh/node.c:1935:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4, key.new_key, 16);
data/bluez-5.55/mesh/node.c:1990:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4, app_key.old_key, 16);
data/bluez-5.55/mesh/node.c:1992:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4, app_key.new_key, 16);
data/bluez-5.55/mesh/node.c:1998:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4, app_key.new_key, 16);
data/bluez-5.55/mesh/node.h:90:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void node_import(const char *app_root, const char *sender, const uint8_t *uuid,
data/bluez-5.55/mesh/node.h:90:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void node_import(const char *app_root, const char *sender, const uint8_t *uuid,
data/bluez-5.55/mesh/pb-adv.c:127:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rx->data, data, len);
data/bluez-5.55/mesh/pb-adv.c:165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 10, data, init_size);
data/bluez-5.55/mesh/pb-adv.c:184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 7, data + consumed, seg_size);
data/bluez-5.55/mesh/pb-adv.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(open_req.uuid, session->uuid, 16);
data/bluez-5.55/mesh/pb-adv.c:433:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->sar, pkt + 3, len - 3);
data/bluez-5.55/mesh/pb-adv.c:448:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->sar + offset, pkt, len);
data/bluez-5.55/mesh/pb-adv.c:513:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->uuid, uuid, 16);
data/bluez-5.55/mesh/prov-acceptor.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, pub, 64);
data/bluez-5.55/mesh/prov-acceptor.c:290:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth_workspace + 16, key, 16);
data/bluez-5.55/mesh/prov-acceptor.c:291:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth_workspace + 32, key, 16);
data/bluez-5.55/mesh/prov-acceptor.c:315:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->private_key, key, 32);
data/bluez-5.55/mesh/prov-acceptor.c:338:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.caps, &prov->conf_inputs.caps,
data/bluez-5.55/mesh/prov-acceptor.c:447:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->conf_inputs.prv_pub_key, data, 64);
data/bluez-5.55/mesh/prov-acceptor.c:534:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->confirm, data, 16);
data/bluez-5.55/mesh/prov-acceptor.c:549:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth_workspace + 16, data, 16);
data/bluez-5.55/mesh/prov-acceptor.c:587:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->device_key, prov->calc_key, 16);
data/bluez-5.55/mesh/prov-acceptor.c:588:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->net_key, prov->rand_auth_workspace, 16);
data/bluez-5.55/mesh/prov-acceptor.c:686:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(beacon + 2, uuid, 16);
data/bluez-5.55/mesh/prov-initiator.c:138:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.device_key, prov->calc_key, 16);
data/bluez-5.55/mesh/prov-initiator.c:200:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, pub, 64);
data/bluez-5.55/mesh/prov-initiator.c:329:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth_workspace + 16, key, 16);
data/bluez-5.55/mesh/prov-initiator.c:330:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth_workspace + 32, key, 16);
data/bluez-5.55/mesh/prov-initiator.c:340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg.pub_key, prov->conf_inputs.prv_pub_key, 64);
data/bluez-5.55/mesh/prov-initiator.c:361:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->conf_inputs.dev_pub_key, key, 64);
data/bluez-5.55/mesh/prov-initiator.c:426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prov_data.data.net_key, key.new_key, 16);
data/bluez-5.55/mesh/prov-initiator.c:429:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prov_data.data.net_key, key.old_key, 16);
data/bluez-5.55/mesh/prov-initiator.c:464:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[17];
data/bluez-5.55/mesh/prov-initiator.c:485:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth_workspace + 16, tmp, size);
data/bluez-5.55/mesh/prov-initiator.c:486:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth_workspace + 32, tmp, size);
data/bluez-5.55/mesh/prov-initiator.c:700:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + 1, &prov->conf_inputs.start,
data/bluez-5.55/mesh/prov-initiator.c:716:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->conf_inputs.dev_pub_key, data, 64);
data/bluez-5.55/mesh/prov-initiator.c:740:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->confirm, data, 16);
data/bluez-5.55/mesh/prov-initiator.c:750:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth_workspace + 16, data, 16);
data/bluez-5.55/mesh/prov-initiator.c:895:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->uuid, uuid, 16);
data/bluez-5.55/mesh/rpl.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_file[PATH_MAX];
data/bluez-5.55/mesh/rpl.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_txt[7];
data/bluez-5.55/mesh/rpl.c:74:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(src_file, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
data/bluez-5.55/mesh/rpl.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rpl_path[PATH_MAX];
data/bluez-5.55/mesh/rpl.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_path[PATH_MAX];
data/bluez-5.55/mesh/rpl.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_txt[7];
data/bluez-5.55/mesh/rpl.c:167:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(src_path, O_RDONLY);
data/bluez-5.55/mesh/rpl.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/mesh/rpl.c:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/mesh/util.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1], *prev, *next;
data/bluez-5.55/monitor/analyze.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->bdaddr, ni->bdaddr, 6);
data/bluez-5.55/monitor/analyze.c:188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->bdaddr, rsp->bdaddr, 6);
data/bluez-5.55/monitor/analyze.c:352:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BTSNOOP_MAX_PACKET_SIZE];
data/bluez-5.55/monitor/avctp.c:1234:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attrval[UINT8_MAX] = {0};
data/bluez-5.55/monitor/avctp.c:1252:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&attrval[idx], "%1c",
data/bluez-5.55/monitor/avctp.c:1269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attrval[UINT8_MAX] = {0};
data/bluez-5.55/monitor/avctp.c:1298:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&attrval[idx], "%1c", isprint(c) ? c : '.');
data/bluez-5.55/monitor/bnep.c:74:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%02x:%02x:%02x:%02x:%02x:%02x",
data/bluez-5.55/monitor/bnep.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_addr[20], dest_addr[20];
data/bluez-5.55/monitor/bnep.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start_addr[20], end_addr[20];
data/bluez-5.55/monitor/bnep.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_addr[20];
data/bluez-5.55/monitor/bnep.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_addr[20];
data/bluez-5.55/monitor/broadcom.c:472:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[41];
data/bluez-5.55/monitor/broadcom.c:476:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 5), " 0x%2.2x", features_array[i]);
data/bluez-5.55/monitor/control.c:70:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BTSNOOP_MAX_PACKET_SIZE];
data/bluez-5.55/monitor/control.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:438:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:581:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:645:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18], rpa[18];
data/bluez-5.55/monitor/control.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/monitor/control.c:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/monitor/control.c:746:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/monitor/control.c:919:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[64];
data/bluez-5.55/monitor/control.c:1373:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR | O_NOCTTY | O_NONBLOCK);
data/bluez-5.55/monitor/control.c:1478:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BTSNOOP_MAX_PACKET_SIZE];
data/bluez-5.55/monitor/hcidump.c:113:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[HCI_MAX_FRAME_SIZE * 2];
data/bluez-5.55/monitor/hcidump.c:114:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[64];
data/bluez-5.55/monitor/hcidump.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, di.name, 8);
data/bluez-5.55/monitor/hcidump.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18], name[8] = "";
data/bluez-5.55/monitor/hcidump.c:313:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[HCI_MAX_FRAME_SIZE];
data/bluez-5.55/monitor/hcidump.c:314:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[32];
data/bluez-5.55/monitor/hcidump.c:325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18], name[8] = "";
data/bluez-5.55/monitor/hwdb.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modalias[11];
data/bluez-5.55/monitor/hwdb.c:93:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(modalias, "OUI:%2.2X%2.2X%2.2X",
data/bluez-5.55/monitor/intel.c:338:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(features, data + 12, 8);
data/bluez-5.55/monitor/intel.c:341:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(features, data + 20, 1);
data/bluez-5.55/monitor/jlink.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/bluez-5.55/monitor/jlink.c:77:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
jlink_open_func open;
data/bluez-5.55/monitor/jlink.c:119:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!jlink.emu_selectbyusbsn || !jlink.open || !jlink.execcommand ||
data/bluez-5.55/monitor/jlink.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/bluez-5.55/monitor/jlink.c:145:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
serial_no = atoi(tok);
data/bluez-5.55/monitor/jlink.c:161:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed = atoi(tok);
data/bluez-5.55/monitor/jlink.c:170:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (jlink.open() < 0) {
data/bluez-5.55/monitor/jlink.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[64];
data/bluez-5.55/monitor/keys.c:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irk->key, key, 16);
data/bluez-5.55/monitor/keys.c:76:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irk->key, key, 16);
data/bluez-5.55/monitor/keys.c:88:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irk->addr, addr, 6);
data/bluez-5.55/monitor/keys.c:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irk->addr, addr, 6);
data/bluez-5.55/monitor/keys.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ident, irk->addr, 6);
data/bluez-5.55/monitor/l2cap.c:2142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[len * 2 + 1];
data/bluez-5.55/monitor/l2cap.c:2148:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 2), "%2.2x", data[i]);
data/bluez-5.55/monitor/l2cap.c:2156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuidstr[MAX_LEN_UUID_STR];
data/bluez-5.55/monitor/l2cap.c:2168:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuidstr, "%8.8x-%4.4x-%4.4x-%4.4x-%8.8x%4.4x",
data/bluez-5.55/monitor/l2cap.c:2911:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[27];
data/bluez-5.55/monitor/l2cap.c:2914:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "<none> ");
data/bluez-5.55/monitor/l2cap.c:2918:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "EncKey ");
data/bluez-5.55/monitor/l2cap.c:2920:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "IdKey ");
data/bluez-5.55/monitor/l2cap.c:2922:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "Sign ");
data/bluez-5.55/monitor/l2cap.c:2924:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "LinkKey ");
data/bluez-5.55/monitor/l2cap.c:3397:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(index_list[index][in].frag_buf, data, size);
data/bluez-5.55/monitor/l2cap.c:3417:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(index_list[index][in].frag_buf +
data/bluez-5.55/monitor/ll.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char access_str[12];
data/bluez-5.55/monitor/ll.c:349:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(access_str, "0x%8.8x", access_addr);
data/bluez-5.55/monitor/ll.c:629:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, cmd->m_interval, sizeof(cmd->m_interval));
data/bluez-5.55/monitor/ll.c:631:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, cmd->s_interval, sizeof(cmd->s_interval));
data/bluez-5.55/monitor/ll.c:639:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, cmd->sub_interval, sizeof(cmd->sub_interval));
data/bluez-5.55/monitor/ll.c:647:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, cmd->offset_min, sizeof(cmd->offset_min));
data/bluez-5.55/monitor/ll.c:649:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, cmd->offset_max, sizeof(cmd->offset_max));
data/bluez-5.55/monitor/ll.c:660:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, rsp->offset_min, sizeof(rsp->offset_min));
data/bluez-5.55/monitor/ll.c:662:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, rsp->offset_max, sizeof(rsp->offset_max));
data/bluez-5.55/monitor/ll.c:674:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, ind->cis_offset, sizeof(ind->cis_offset));
data/bluez-5.55/monitor/ll.c:677:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, ind->cig_sync_delay, sizeof(ind->cig_sync_delay));
data/bluez-5.55/monitor/ll.c:680:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&interval, ind->cis_sync_delay, sizeof(ind->cis_sync_delay));
data/bluez-5.55/monitor/lmp.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[15];
data/bluez-5.55/monitor/lmp.c:71:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, pdu->fragment, 14);
data/bluez-5.55/monitor/lmp.c:548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[21];
data/bluez-5.55/monitor/lmp.c:552:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 2), "%2.2x", pdu->classification[i]);
data/bluez-5.55/monitor/main.c:169:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
packet_select_index(atoi(str));
data/bluez-5.55/monitor/main.c:175:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tty_speed = tty_get_speed(atoi(optarg));
data/bluez-5.55/monitor/main.c:183:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
packet_set_fallback_manufacturer(atoi(str));
data/bluez-5.55/monitor/packet.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/bluez-5.55/monitor/packet.c:144:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ctrl_list[i].name, "null");
data/bluez-5.55/monitor/packet.c:259:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
priority_level = atoi(priority);
data/bluez-5.55/monitor/packet.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], ts_str[96];
data/bluez-5.55/monitor/packet.c:325:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(ts_str + ts_pos, " #%zu", index_list[index].frame);
data/bluez-5.55/monitor/packet.c:341:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(ts_str + ts_pos, " [hci%d]", index);
data/bluez-5.55/monitor/packet.c:361:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(ts_str + ts_pos, " %04d-%02d-%02d",
data/bluez-5.55/monitor/packet.c:370:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(ts_str + ts_pos, " %02d:%02d:%02d.%06lu",
data/bluez-5.55/monitor/packet.c:379:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(ts_str + ts_pos, " %lu.%06lu",
data/bluez-5.55/monitor/packet.c:1741:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[len * 2 + 1];
data/bluez-5.55/monitor/packet.c:1747:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 2), "%2.2x", data[i]);
data/bluez-5.55/monitor/packet.c:1764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[pin_len + 1];
data/bluez-5.55/monitor/packet.c:1768:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + i, "%c", (const char) pin_code[i]);
data/bluez-5.55/monitor/packet.c:2264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[249];
data/bluez-5.55/monitor/packet.c:2266:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, name, 248);
data/bluez-5.55/monitor/packet.c:2275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[21];
data/bluez-5.55/monitor/packet.c:2279:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 2), "%2.2x", map[i]);
data/bluez-5.55/monitor/packet.c:2637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[41];
data/bluez-5.55/monitor/packet.c:2641:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 5), " 0x%2.2x", features_array[i]);
data/bluez-5.55/monitor/packet.c:2794:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *str[3] = { NULL, };
data/bluez-5.55/monitor/packet.c:2822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[11];
data/bluez-5.55/monitor/packet.c:2826:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 2), "%2.2x", map[i]);
data/bluez-5.55/monitor/packet.c:3069:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier[100];
data/bluez-5.55/monitor/packet.c:3166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modalias[26], *vendor_str, *product_str;
data/bluez-5.55/monitor/packet.c:3180:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(modalias, "bluetooth:v%04Xp%04Xd%04X",
data/bluez-5.55/monitor/packet.c:3185:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(modalias, "usb:v%04Xp%04Xd%04X",
data/bluez-5.55/monitor/packet.c:3257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuidstr[MAX_LEN_UUID_STR];
data/bluez-5.55/monitor/packet.c:3264:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuidstr, "%8.8x-%4.4x-%4.4x-%4.4x-%8.8x%4.4x",
data/bluez-5.55/monitor/packet.c:3529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[239], label[100];
data/bluez-5.55/monitor/packet.c:3602:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, data, data_len);
data/bluez-5.55/monitor/packet.c:3608:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, data, data_len);
data/bluez-5.55/monitor/packet.c:3673:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "Service Data (UUID 0x%4.4x)",
data/bluez-5.55/monitor/packet.c:3748:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "Unknown EIR field 0x%2.2x", eir[1]);
data/bluez-5.55/monitor/packet.c:3830:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[68];
data/bluez-5.55/monitor/packet.c:3875:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(str, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
data/bluez-5.55/monitor/packet.c:3886:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18], extra_str[24];
data/bluez-5.55/monitor/packet.c:3908:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(index_list[index].bdaddr, ni->bdaddr, 6);
data/bluez-5.55/monitor/packet.c:3920:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "00:00:00:00:00:00");
data/bluez-5.55/monitor/packet.c:3952:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "00:00:00:00:00:00");
data/bluez-5.55/monitor/packet.c:3960:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "00:00:00:00:00:00");
data/bluez-5.55/monitor/packet.c:3969:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(index_list[index].bdaddr, ii->bdaddr, 6);
data/bluez-5.55/monitor/packet.c:4018:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "(code %d len %d)", opcode, size);
data/bluez-5.55/monitor/packet.c:4029:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/bluez-5.55/monitor/packet.c:4034:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%u MHz", frequency);
data/bluez-5.55/monitor/packet.c:5874:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(index_list[index_current].bdaddr, rsp->bdaddr, 6);
data/bluez-5.55/monitor/packet.c:6969:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void print_ext_slot_625(const char *label, const uint8_t value[3])
data/bluez-5.55/monitor/packet.c:7805:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&offset, rsp->offset, sizeof(rsp->offset));
data/bluez-5.55/monitor/packet.c:7841:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void print_usec_interval(const char *prefix, const uint8_t interval[3])
data/bluez-5.55/monitor/packet.c:7845:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u24, interval, 3);
data/bluez-5.55/monitor/packet.c:9314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_str[150];
data/bluez-5.55/monitor/packet.c:9409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_str[150];
data/bluez-5.55/monitor/packet.c:10764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_str[150];
data/bluez-5.55/monitor/packet.c:10961:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char details[48];
data/bluez-5.55/monitor/packet.c:10991:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char details[128];
data/bluez-5.55/monitor/packet.c:11003:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra_str[16];
data/bluez-5.55/monitor/packet.c:11005:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "(len %d)", size);
data/bluez-5.55/monitor/packet.c:11058:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_str[140];
data/bluez-5.55/monitor/packet.c:11085:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/bluez-5.55/monitor/packet.c:11090:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "re");
data/bluez-5.55/monitor/packet.c:11131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra_str[25], vendor_str[150];
data/bluez-5.55/monitor/packet.c:11142:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "(len %d)", size);
data/bluez-5.55/monitor/packet.c:11198:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "(0x%2.2x|0x%4.4x) plen %d", ogf, ocf, hdr->plen);
data/bluez-5.55/monitor/packet.c:11238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra_str[25];
data/bluez-5.55/monitor/packet.c:11250:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "(len %d)", size);
data/bluez-5.55/monitor/packet.c:11278:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "(0x%2.2x) plen %d", hdr->evt, hdr->plen);
data/bluez-5.55/monitor/packet.c:11319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle_str[16], extra_str[32];
data/bluez-5.55/monitor/packet.c:11342:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle_str, "Handle %d", acl_handle(handle));
data/bluez-5.55/monitor/packet.c:11343:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "flags 0x%2.2x dlen %d", flags, dlen);
data/bluez-5.55/monitor/packet.c:11368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle_str[16], extra_str[32];
data/bluez-5.55/monitor/packet.c:11391:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle_str, "Handle %d", acl_handle(handle));
data/bluez-5.55/monitor/packet.c:11392:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "flags 0x%2.2x dlen %d", flags, hdr->dlen);
data/bluez-5.55/monitor/packet.c:11415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle_str[16], extra_str[32];
data/bluez-5.55/monitor/packet.c:11438:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle_str, "Handle %d", acl_handle(handle));
data/bluez-5.55/monitor/packet.c:11439:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "flags 0x%2.2x dlen %d", flags, hdr->dlen);
data/bluez-5.55/monitor/packet.c:11461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channel[11];
data/bluez-5.55/monitor/packet.c:11476:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(channel, "0x%4.4x", cookie);
data/bluez-5.55/monitor/packet.c:11485:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char details[48];
data/bluez-5.55/monitor/packet.c:11531:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[7];
data/bluez-5.55/monitor/packet.c:11535:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "0x%4.4x", format);
data/bluez-5.55/monitor/packet.c:11549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channel[11], label[22];
data/bluez-5.55/monitor/packet.c:11564:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(channel, "0x%4.4x", cookie);
data/bluez-5.55/monitor/packet.c:11579:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "0x%4.4x", format);
data/bluez-5.55/monitor/packet.c:13975:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channel[11], extra_str[25];
data/bluez-5.55/monitor/packet.c:13990:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(channel, "0x%4.4x", cookie);
data/bluez-5.55/monitor/packet.c:13995:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[7];
data/bluez-5.55/monitor/packet.c:13997:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "0x%4.4x", format);
data/bluez-5.55/monitor/packet.c:14035:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "(0x%4.4x) plen %d", opcode, size);
data/bluez-5.55/monitor/packet.c:14069:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channel[11], extra_str[25];
data/bluez-5.55/monitor/packet.c:14084:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(channel, "0x%4.4x", cookie);
data/bluez-5.55/monitor/packet.c:14089:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[7];
data/bluez-5.55/monitor/packet.c:14091:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "0x%4.4x", format);
data/bluez-5.55/monitor/packet.c:14129:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "(0x%4.4x) plen %d", opcode, size);
data/bluez-5.55/monitor/sdp.c:424:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tid->cont, data, size);
data/bluez-5.55/monitor/sdp.c:496:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cont_list[n].data + cont_list[n].size, data, bytes);
data/bluez-5.55/monitor/sdp.c:510:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cont_list[i].cont, data + bytes, data[bytes] + 1);
data/bluez-5.55/obexd/client/bluetooth.c:273:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[0], &data0, 4);
data/bluez-5.55/obexd/client/bluetooth.c:274:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[4], &data1, 2);
data/bluez-5.55/obexd/client/bluetooth.c:275:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[6], &data2, 2);
data/bluez-5.55/obexd/client/bluetooth.c:276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[8], &data3, 2);
data/bluez-5.55/obexd/client/bluetooth.c:277:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[10], &data4, 4);
data/bluez-5.55/obexd/client/bluetooth.c:278:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[14], &data5, 2);
data/bluez-5.55/obexd/client/ftp.c:123:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (key = (char *) names[i]; key; key = (char *) names[++i]) {
data/bluez-5.55/obexd/client/ftp.c:123:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (key = (char *) names[i]; key; key = (char *) names[++i]) {
data/bluez-5.55/obexd/client/map.c:446:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[17];
data/bluez-5.55/obexd/client/map.c:739:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contents[1];
data/bluez-5.55/obexd/client/map.c:740:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[17];
data/bluez-5.55/obexd/client/map.c:1624:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contents[1];
data/bluez-5.55/obexd/client/map.c:1949:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contents[1];
data/bluez-5.55/obexd/client/pbap.c:302:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbap->primary, data, len);
data/bluez-5.55/obexd/client/pbap.c:316:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbap->secondary, data, len);
data/bluez-5.55/obexd/client/pbap.c:339:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbap->databaseid, data, len);
data/bluez-5.55/obexd/client/pbap.c:1114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[33];
data/bluez-5.55/obexd/client/pbap.c:1137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[33];
data/bluez-5.55/obexd/client/pbap.c:1152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[33];
data/bluez-5.55/obexd/client/transfer.c:520:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(transfer->filename, flags, mode);
data/bluez-5.55/obexd/plugins/bluetooth.c:399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/obexd/plugins/bluetooth.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/obexd/plugins/filesystem.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perm[51], atime[18], ctime[18], mtime[18];
data/bluez-5.55/obexd/plugins/filesystem.c:174:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, oflag, mode);
data/bluez-5.55/obexd/plugins/filesystem.c:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/bluez-5.55/obexd/plugins/filesystem.c:410:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[2];
data/bluez-5.55/obexd/plugins/filesystem.c:606:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, string->str, len);
data/bluez-5.55/obexd/plugins/irmc.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[DID_LEN];
data/bluez-5.55/obexd/plugins/irmc.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char did[DID_LEN];
data/bluez-5.55/obexd/plugins/irmc.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manu[DID_LEN];
data/bluez-5.55/obexd/plugins/irmc.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[DID_LEN];
data/bluez-5.55/obexd/plugins/messages-dummy.c:442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/bluez-5.55/obexd/plugins/messages-dummy.c:494:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mld->fp = fopen(path, "r");
data/bluez-5.55/obexd/plugins/messages-dummy.c:499:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mld->fp = fopen(path, "r");
data/bluez-5.55/obexd/plugins/pcsuite.c:132:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, 0644);
data/bluez-5.55/obexd/plugins/pcsuite.c:147:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, 0644);
data/bluez-5.55/obexd/plugins/pcsuite.c:296:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
obj->fd = open(filename,obj->oflag,obj->mode);
data/bluez-5.55/obexd/plugins/phonebook-dummy.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/bluez-5.55/obexd/plugins/phonebook-dummy.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/bluez-5.55/obexd/plugins/phonebook-dummy.c:527:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localdate[32];
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:1005:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->index = atoi(reply[0]);
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:1539:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nmissed = atoi(reply[0]);
data/bluez-5.55/obexd/plugins/syncevolution.c:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transport[36], transport_description[24];
data/bluez-5.55/obexd/plugins/vcard.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bluez-5.55/obexd/plugins/vcard.c:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escaped[LEN_MAX];
data/bluez-5.55/obexd/plugins/vcard.c:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[LEN_MAX];
data/bluez-5.55/obexd/plugins/vcard.c:464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LEN_MAX], field[LEN_MAX];
data/bluez-5.55/obexd/plugins/vcard.c:525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LEN_MAX], field[LEN_MAX];
data/bluez-5.55/obexd/plugins/vcard.c:559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LEN_MAX], field[LEN_MAX];
data/bluez-5.55/obexd/plugins/vcard.c:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LEN_MAX], field[LEN_MAX];
data/bluez-5.55/obexd/plugins/vcard.c:678:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fields, field_esc[LEN_MAX];
data/bluez-5.55/obexd/plugins/vcard.c:680:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LEN_MAX], *address_fields[ADDR_FIELD_AMOUNT];
data/bluez-5.55/obexd/plugins/vcard.c:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LEN_MAX];
data/bluez-5.55/obexd/src/main.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3] = { root_setup, root, NULL };
data/bluez-5.55/obexd/src/mimetype.h:33:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *(*open) (const char *name, int oflag, mode_t mode,
data/bluez-5.55/obexd/src/obex.c:524:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(os->buf + os->pending, buf, size);
data/bluez-5.55/obexd/src/obex.c:698:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
object = os->driver->open(filename, O_RDONLY, 0, os->service_data,
data/bluez-5.55/obexd/src/obex.c:722:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
os->object = os->driver->open(filename, O_WRONLY | O_CREAT | O_TRUNC,
data/bluez-5.55/peripheral/attach.c:47:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR | O_NOCTTY);
data/bluez-5.55/peripheral/efivars.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[PATH_MAX];
data/bluez-5.55/peripheral/efivars.c:78:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY | O_CLOEXEC);
data/bluez-5.55/peripheral/efivars.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[PATH_MAX];
data/bluez-5.55/peripheral/efivars.c:114:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC,
data/bluez-5.55/peripheral/efivars.c:121:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &attributes, sizeof(attributes));
data/bluez-5.55/peripheral/efivars.c:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(attributes), data, size);
data/bluez-5.55/peripheral/gap.c:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp->data, ad, sizeof(ad));
data/bluez-5.55/peripheral/gatt.c:260:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.l2_bdaddr, static_addr, 6);
data/bluez-5.55/peripheral/log.c:43:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
kmsg_fd = open("/dev/kmsg", O_WRONLY | O_NOCTTY | O_CLOEXEC);
data/bluez-5.55/plugins/autopair.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/plugins/autopair.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pinstr[7];
data/bluez-5.55/plugins/autopair.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[25];
data/bluez-5.55/plugins/autopair.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pinbuf, pincode, strlen(pincode));
data/bluez-5.55/plugins/autopair.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pinbuf, "0000", 4);
data/bluez-5.55/plugins/autopair.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pinbuf, "0000", 4);
data/bluez-5.55/plugins/autopair.c:148:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pinbuf, pinstr, 6);
data/bluez-5.55/plugins/autopair.c:154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pinbuf, "0000", 4);
data/bluez-5.55/plugins/autopair.c:163:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pinbuf, "0000", 4);
data/bluez-5.55/plugins/autopair.c:198:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/bluez-5.55/plugins/hostname.c:228:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(contents);
data/bluez-5.55/plugins/sixaxis.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char master_addr[18], adapter_addr[18], device_addr[18];
data/bluez-5.55/plugins/sixaxis.c:356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/plugins/sixaxis.c:445:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(udev_device_get_devnode(udevice), O_RDWR);
data/bluez-5.55/plugins/wiimote.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18], name[25];
data/bluez-5.55/plugins/wiimote.c:110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pinbuf, btd_adapter_get_address(adapter), 6);
data/bluez-5.55/profiles/audio/a2dp.c:707:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(codec_caps->data, capabilities, length);
data/bluez-5.55/profiles/audio/a2dp.c:859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/profiles/audio/a2dp.c:860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_addr[18];
data/bluez-5.55/profiles/audio/a2dp.c:861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[6];
data/bluez-5.55/profiles/audio/a2dp.c:873:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%02hhx:%02hhx", lseid, rseid);
data/bluez-5.55/profiles/audio/a2dp.c:1564:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cap->data, caps, size);
data/bluez-5.55/profiles/audio/a2dp.c:1962:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char caps[256];
data/bluez-5.55/profiles/audio/a2dp.c:2043:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/profiles/audio/a2dp.c:2044:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_addr[18];
data/bluez-5.55/profiles/audio/a2dp.c:2264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/audio/a2dp.c:2644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seid[4], value[256];
data/bluez-5.55/profiles/audio/a2dp.c:2650:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seid, "%02hhx", avdtp_get_seid(sep->sep));
data/bluez-5.55/profiles/audio/a2dp.c:2652:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
offset = sprintf(value, "%02hhx:%02hhx:%02hhx:",
data/bluez-5.55/profiles/audio/a2dp.c:2657:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
offset += sprintf(value + offset, "%02hhx", codec->data[i]);
data/bluez-5.55/profiles/audio/a2dp.c:2665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/profiles/audio/a2dp.c:2666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_addr[18];
data/bluez-5.55/profiles/audio/avctp.c:584:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/audio/avctp.c:1172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[18];
data/bluez-5.55/profiles/audio/avctp.c:1174:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/uinput", O_RDWR);
data/bluez-5.55/profiles/audio/avctp.c:1176:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/input/uinput", O_RDWR);
data/bluez-5.55/profiles/audio/avctp.c:1178:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/misc/uinput", O_RDWR);
data/bluez-5.55/profiles/audio/avctp.c:1252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[UINPUT_MAX_NAME_SIZE];
data/bluez-5.55/profiles/audio/avctp.c:1327:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/audio/avctp.c:1385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/audio/avctp.c:1580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/audio/avdtp.c:508:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf, &single, sizeof(single));
data/bluez-5.55/profiles/audio/avdtp.c:509:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf + sizeof(single), data, len);
data/bluez-5.55/profiles/audio/avdtp.c:534:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf, &start, sizeof(start));
data/bluez-5.55/profiles/audio/avdtp.c:535:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf + sizeof(start), data,
data/bluez-5.55/profiles/audio/avdtp.c:563:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf, &cont, sizeof(cont));
data/bluez-5.55/profiles/audio/avdtp.c:564:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->buf + sizeof(cont), data + sent, to_copy);
data/bluez-5.55/profiles/audio/avdtp.c:804:50: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stream->open_acp && sep->cfm && sep->cfm->open) {
data/bluez-5.55/profiles/audio/avdtp.c:807:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sep->cfm->open(session, sep, NULL, &err,
data/bluez-5.55/profiles/audio/avdtp.c:845:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stream->open_acp && sep->cfm && sep->cfm->open)
data/bluez-5.55/profiles/audio/avdtp.c:846:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sep->cfm->open(session, sep, stream, NULL, sep->user_data);
data/bluez-5.55/profiles/audio/avdtp.c:915:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (lsep && lsep->cfm && lsep->cfm->open)
data/bluez-5.55/profiles/audio/avdtp.c:916:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lsep->cfm->open(session, lsep, stream, &err,
data/bluez-5.55/profiles/audio/avdtp.c:1111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/audio/avdtp.c:1288:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cap, data, 2 + length);
data/bluez-5.55/profiles/audio/avdtp.c:1318:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*p, &sep->info, sizeof(struct seid_info));
data/bluez-5.55/profiles/audio/avdtp.c:1384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, cap, cap->length + 2);
data/bluez-5.55/profiles/audio/avdtp.c:1577:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, cap, cap->length + 2);
data/bluez-5.55/profiles/audio/avdtp.c:1690:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sep->ind && sep->ind->open) {
data/bluez-5.55/profiles/audio/avdtp.c:1691:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!sep->ind->open(session, sep, stream, &err,
data/bluez-5.55/profiles/audio/avdtp.c:2129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->in.buf + session->in.data_size, payload, payload_size);
data/bluez-5.55/profiles/audio/avdtp.c:2291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/audio/avdtp.c:2507:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (lsep && lsep->cfm && lsep->cfm->open)
data/bluez-5.55/profiles/audio/avdtp.c:2508:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lsep->cfm->open(session, lsep, stream, &averr,
data/bluez-5.55/profiles/audio/avdtp.c:2653:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->data, buffer, size);
data/bluez-5.55/profiles/audio/avdtp.c:3010:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sep && sep->cfm && sep->cfm->open)
data/bluez-5.55/profiles/audio/avdtp.c:3011:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sep->cfm->open(session, sep, stream, &err,
data/bluez-5.55/profiles/audio/avdtp.c:3244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cap->data, data, length);
data/bluez-5.55/profiles/audio/avdtp.c:3443:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, cap, cap->length + 2);
data/bluez-5.55/profiles/audio/avdtp.h:148:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (*open) (struct avdtp *session, struct avdtp_local_sep *lsep,
data/bluez-5.55/profiles/audio/avdtp.h:192:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gboolean (*open) (struct avdtp *session, struct avdtp_local_sep *lsep,
data/bluez-5.55/profiles/audio/avrcp.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/bluez-5.55/profiles/audio/avrcp.c:815:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu->params[1], data, sizeof(uint64_t));
data/bluez-5.55/profiles/audio/avrcp.c:827:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu->params[1], &player->id, sizeof(uint16_t));
data/bluez-5.55/profiles/audio/avrcp.c:828:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu->params[3], &player->uid_counter, sizeof(uint16_t));
data/bluez-5.55/profiles/audio/avrcp.c:931:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*pos], value, len);
data/bluez-5.55/profiles/audio/avrcp.c:1501:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu->params[0], &duration, 4);
data/bluez-5.55/profiles/audio/avrcp.c:1502:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu->params[4], &position, 4);
data/bluez-5.55/profiles/audio/avrcp.c:1638:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu->params[1], &uid, sizeof(uint64_t));
data/bluez-5.55/profiles/audio/avrcp.c:1987:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&item->features, &default_features,
data/bluez-5.55/profiles/audio/avrcp.c:1995:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->name, name, namelen);
data/bluez-5.55/profiles/audio/avrcp.c:2080:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu->params, &status, (sizeof(status)));
data/bluez-5.55/profiles/audio/avrcp.c:2172:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&duration, pdu->params, sizeof(uint32_t));
data/bluez-5.55/profiles/audio/avrcp.c:2176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&position, pdu->params + 4, sizeof(uint32_t));
data/bluez-5.55/profiles/audio/avrcp.c:2180:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&status, pdu->params + 8, sizeof(uint8_t));
data/bluez-5.55/profiles/audio/avrcp.c:2280:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu->params + 1, attrs, count);
data/bluez-5.55/profiles/audio/avrcp.c:2483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255];
data/bluez-5.55/profiles/audio/avrcp.c:2493:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, &operands[13], namelen);
data/bluez-5.55/profiles/audio/avrcp.c:2516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255];
data/bluez-5.55/profiles/audio/avrcp.c:2530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, &operands[14], namelen);
data/bluez-5.55/profiles/audio/avrcp.c:2654:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu->params[10], &attribute, sizeof(uint32_t));
data/bluez-5.55/profiles/audio/avrcp.c:2766:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu->params, &id, 2);
data/bluez-5.55/profiles/audio/avrcp.c:2902:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu->params, &id, 2);
data/bluez-5.55/profiles/audio/avrcp.c:3197:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu->params[4], string, stringlen);
data/bluez-5.55/profiles/audio/avrcp.c:3502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255];
data/bluez-5.55/profiles/audio/avrcp.c:3538:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, &operands[28], namelen);
data/bluez-5.55/profiles/audio/avrcp.c:4458:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdu->params[1], data, sizeof(uint8_t));
data/bluez-5.55/profiles/audio/media.c:797:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(endpoint->capabilities, capabilities, size);
data/bluez-5.55/profiles/audio/media.c:1464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstr[20];
data/bluez-5.55/profiles/audio/media.c:1491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstr[20];
data/bluez-5.55/profiles/audio/player.c:115:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t num = atoi(value);
data/bluez-5.55/profiles/audio/player.c:1767:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t num = atoi(value);
data/bluez-5.55/profiles/audio/transport.c:872:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(transport->configuration, configuration, size);
data/bluez-5.55/profiles/battery/battery.c:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/profiles/battery/battery.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/battery/battery.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/battery/battery.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/cups/hcrp.c:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/bluez-5.55/profiles/cups/hcrp.c:93:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &hdr, HCRP_PDU_HDR_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:94:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + HCRP_PDU_HDR_SIZE, &cp, HCRP_CREDIT_GRANT_CP_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr, buf, HCRP_PDU_HDR_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rp, buf + HCRP_PDU_HDR_SIZE, HCRP_CREDIT_GRANT_RP_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:118:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/bluez-5.55/profiles/cups/hcrp.c:124:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &hdr, HCRP_PDU_HDR_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr, buf, HCRP_PDU_HDR_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rp, buf + HCRP_PDU_HDR_SIZE, HCRP_CREDIT_REQUEST_RP_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:151:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/bluez-5.55/profiles/cups/hcrp.c:157:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &hdr, HCRP_PDU_HDR_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hdr, buf, HCRP_PDU_HDR_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rp, buf + HCRP_PDU_HDR_SIZE, HCRP_GET_LPT_STATUS_RP_SIZE);
data/bluez-5.55/profiles/cups/hcrp.c:193:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/bluez-5.55/profiles/cups/main.c:710:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, str[3], device[18], service[13];
data/bluez-5.55/profiles/cups/main.c:758:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[6], O_RDONLY)) < 0) {
data/bluez-5.55/profiles/cups/main.c:762:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/bluez-5.55/profiles/cups/main.c:780:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
data/bluez-5.55/profiles/cups/main.c:796:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(service, "auto");
data/bluez-5.55/profiles/cups/spp.c:44:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/bluez-5.55/profiles/deviceinfo/deviceinfo.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/profiles/deviceinfo/deviceinfo.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/gap/gas.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8_name[HCI_MAX_NAME_LENGTH + 2];
data/bluez-5.55/profiles/gap/gas.c:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/profiles/gap/gas.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/gap/gas.c:228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/gap/gas.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/health/mcap.c:419:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, data, len);
data/bluez-5.55/profiles/health/mcap.c:1813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstaddr[18];
data/bluez-5.55/profiles/health/mcap.c:2026:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18], srcstr[18];
data/bluez-5.55/profiles/iap/main.c:112:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/profiles/input/device.c:189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg[1], data, size);
data/bluez-5.55/profiles/input/device.c:249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.u.get_report_reply.data, data, size);
data/bluez-5.55/profiles/input/device.c:307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev.u.input.data, data, size);
data/bluez-5.55/profiles/input/device.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/input/device.c:568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/input/device.c:609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/input/device.c:763:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdesc[sizeof(req->name) / 2];
data/bluez-5.55/profiles/input/device.c:766:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[sizeof(req->name) / 2];
data/bluez-5.55/profiles/input/device.c:812:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->rd_data, d->val.str, d->unitSize);
data/bluez-5.55/profiles/input/device.c:1043:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_addr[18], dst_addr[18];
data/bluez-5.55/profiles/input/device.c:1044:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/profiles/input/device.c:1046:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[11], *str;
data/bluez-5.55/profiles/input/device.c:1061:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle, "0x%8.8X", idev->handle);
data/bluez-5.55/profiles/input/hog-lib.c:315:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, pdu, len);
data/bluez-5.55/profiles/input/hog-lib.c:319:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pdu, len);
data/bluez-5.55/profiles/input/hog-lib.c:830:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsp.u.get_report_reply.data, pdu, len);
data/bluez-5.55/profiles/input/hog-lib.c:925:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, " %02x", buf[i]);
data/bluez-5.55/profiles/input/hog-lib.c:932:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " ...");
data/bluez-5.55/profiles/input/hog-lib.c:945:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itemstr[20]; /* 5x3 (data) + 4 (continuation) + 1 (null) */
data/bluez-5.55/profiles/input/hog.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[248];
data/bluez-5.55/profiles/input/hog.c:88:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "bluez-hog-device");
data/bluez-5.55/profiles/input/server.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/input/server.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/input/suspend-dummy.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[12];
data/bluez-5.55/profiles/input/suspend-dummy.c:95:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(HOG_SUSPEND_FIFO, O_RDONLY | O_NONBLOCK);
data/bluez-5.55/profiles/midi/libmidi.c:45:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->data + buffer->len, data, size);
data/bluez-5.55/profiles/midi/midi.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/profiles/midi/midi.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/midi/midi.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/midi/midi.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/midi/midi.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[MAX_NAME_LENGTH + 11]; /* 11 = " Bluetooth\0"*/
data/bluez-5.55/profiles/midi/midi.c:335:53: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
err = snd_seq_create_simple_port(midi->seq_handle, strcat(device_name, " Bluetooth"),
data/bluez-5.55/profiles/midi/midi.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/network/bnep.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface[16];
data/bluez-5.55/profiles/network/bnep.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkt[BNEP_MTU];
data/bluez-5.55/profiles/network/bnep.c:302:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pkt[BNEP_MTU];
data/bluez-5.55/profiles/network/connection.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[16]; /* Interface name */
data/bluez-5.55/profiles/network/connection.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/profiles/network/connection.c:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/profiles/network/server.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[16]; /* Interface name */
data/bluez-5.55/profiles/network/server.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/profiles/sap/server.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:740:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:773:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param->val, apdu, length);
data/bluez-5.55/profiles/sap/server.c:786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:819:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param->val, atr, length);
data/bluez-5.55/profiles/sap/server.c:831:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:857:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:883:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:911:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:949:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:1100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SAP_BUF_SIZE];
data/bluez-5.55/profiles/sap/server.c:1217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstaddr[18];
data/bluez-5.55/profiles/scanparam/scan.c:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/profiles/scanparam/scan.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/scanparam/scan.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/profiles/scanparam/scan.c:252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:145:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[16];
data/bluez-5.55/src/adapter.c:468:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dir[25];
data/bluez-5.55/src/adapter.c:471:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dir, "static-");
data/bluez-5.55/src/adapter.c:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxname[MAX_NAME_LENGTH];
data/bluez-5.55/src/adapter.c:900:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid128, uuid, sizeof(*uuid));
data/bluez-5.55/src/adapter.c:2328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuidstr[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/src/adapter.c:2646:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:3095:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuidstr[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/src/adapter.c:3712:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_irk_out[33];
data/bluez-5.55/src/adapter.c:3732:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_irk_out + (i * 2), "%02x", irk[i]);
data/bluez-5.55/src/adapter.c:3748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:3807:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.irk, irk, 16);
data/bluez-5.55/src/adapter.c:3891:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->val, info->key, 16);
data/bluez-5.55/src/adapter.c:3985:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->val, info->val, sizeof(info->val));
data/bluez-5.55/src/adapter.c:4450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[PATH_MAX];
data/bluez-5.55/src/adapter.c:4472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:4612:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:4633:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:4776:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/src/adapter.c:4951:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:5000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:5040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:5115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:5175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:5201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:5424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:5635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:5685:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:5725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[6], uuid_str[33];
data/bluez-5.55/src/adapter.c:5730:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str, "%4.4X", uuid.value.uuid16);
data/bluez-5.55/src/adapter.c:5733:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str, "%8.8X", uuid.value.uuid32);
data/bluez-5.55/src/adapter.c:5737:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str + (i * 2), "%2.2X",
data/bluez-5.55/src/adapter.c:5744:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle, "%hu", start);
data/bluez-5.55/src/adapter.c:5752:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:5754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle_str[11];
data/bluez-5.55/src/adapter.c:5763:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle_str, "0x%8.8X", handle);
data/bluez-5.55/src/adapter.c:5780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_addr[18];
data/bluez-5.55/src/adapter.c:5783:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:5861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:5865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/src/adapter.c:5937:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_addr[18];
data/bluez-5.55/src/adapter.c:5941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:5944:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group[6];
data/bluez-5.55/src/adapter.c:5968:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(group, "%hu", handle);
data/bluez-5.55/src/adapter.c:5984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_addr[18];
data/bluez-5.55/src/adapter.c:5988:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:5991:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group[6];
data/bluez-5.55/src/adapter.c:6015:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(group, "%hu", handle);
data/bluez-5.55/src/adapter.c:6032:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:6075:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:6076:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/src/adapter.c:6135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/src/adapter.c:6136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_NAME_LENGTH + 1];
data/bluez-5.55/src/adapter.c:6137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_path[PATH_MAX];
data/bluez-5.55/src/adapter.c:6172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:6173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/src/adapter.c:6236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:6421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:6615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:6792:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7280:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.pin_code, pin, pin_len);
data/bluez-5.55/src/adapter.c:7304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7523:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pin[17];
data/bluez-5.55/src/adapter.c:7525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7588:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7763:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:7823:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/src/adapter.c:7912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/adapter.c:7913:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:7916:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[33];
data/bluez-5.55/src/adapter.c:7928:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str + (i * 2), "%2.2X", key[i]);
data/bluez-5.55/src/adapter.c:7951:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/src/adapter.c:7997:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/adapter.c:7998:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:8000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[33];
data/bluez-5.55/src/adapter.c:8021:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str + (i * 2), "%2.2X", key[i]);
data/bluez-5.55/src/adapter.c:8049:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/src/adapter.c:8110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/adapter.c:8111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:8113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[33];
data/bluez-5.55/src/adapter.c:8150:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str + (i * 2), "%2.2X", key[i]);
data/bluez-5.55/src/adapter.c:8173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/src/adapter.c:8204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/adapter.c:8205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:8208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[33];
data/bluez-5.55/src/adapter.c:8220:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 2), "%2.2X", key[i]);
data/bluez-5.55/src/adapter.c:8242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18], rpa[18];
data/bluez-5.55/src/adapter.c:8292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/adapter.c:8293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:8332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/src/adapter.c:8399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:8406:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.hash192, hash, 16);
data/bluez-5.55/src/adapter.c:8409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.rand192, randomizer, 16);
data/bluez-5.55/src/adapter.c:8423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:8731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:8785:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:8807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:8849:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:8895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/adapter.c:8896:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/adapter.c:8930:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/adapter.c:8990:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfg[7];
data/bluez-5.55/src/advertising.c:844:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp->data, adv_data, adv_data_len);
data/bluez-5.55/src/advertising.c:845:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp->data + adv_data_len, scan_rsp, scan_rsp_len);
data/bluez-5.55/src/attrib-server.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/attrib-server.c:523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value[4], cur->data, cur->len);
data/bluez-5.55/src/attrib-server.c:612:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value[2], a->data, a->len);
data/bluez-5.55/src/attrib-server.c:768:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group[6];
data/bluez-5.55/src/attrib-server.c:782:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(group, "%hu", handle);
data/bluez-5.55/src/attrib-server.c:914:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group[6], value[5];
data/bluez-5.55/src/attrib-server.c:929:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(group, "%hu", handle);
data/bluez-5.55/src/attrib-server.c:930:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%hX", cccval);
data/bluez-5.55/src/attrib-server.c:1533:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuidstr[MAX_LEN_UUID_STR];
data/bluez-5.55/src/attrib-server.c:1587:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->data, value, len);
data/bluez-5.55/src/device.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LENGTH + 1];
data/bluez-5.55/src/device.c:354:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *list[2];
data/bluez-5.55/src/device.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[33];
data/bluez-5.55/src/device.c:384:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key + (i * 2), "%2.2X", csrk->key[i]);
data/bluez-5.55/src/device.c:394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/device.c:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char class[9];
data/bluez-5.55/src/device.c:420:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(class, "0x%6.6x", device->class & 0xffffff);
data/bluez-5.55/src/device.c:427:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(class, "0x%4.4x", device->appearance);
data/bluez-5.55/src/device.c:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_addr[18];
data/bluez-5.55/src/device.c:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstaddr[18];
data/bluez-5.55/src/device.c:803:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstaddr[18];
data/bluez-5.55/src/device.c:1276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:1669:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:2236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:2237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_addr[18];
data/bluez-5.55/src/device.c:2265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[6], uuid_str[33];
data/bluez-5.55/src/device.c:2268:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle, "%hu", primary->range.start);
data/bluez-5.55/src/device.c:2275:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str, "%4.4X", uuid.value.uuid16);
data/bluez-5.55/src/device.c:2278:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str, "%8.8X", uuid.value.uuid32);
data/bluez-5.55/src/device.c:2282:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str + (i * 2), "%2.2X",
data/bluez-5.55/src/device.c:2328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[6], value[100], uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:2334:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle, "%04hx", handle_num);
data/bluez-5.55/src/device.c:2352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[6], value[100], uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:2364:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle, "%04hx", handle_num);
data/bluez-5.55/src/device.c:2404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[6], value[100], uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:2419:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle, "%04hx", handle_num);
data/bluez-5.55/src/device.c:2433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR], handle[6], value[256];
data/bluez-5.55/src/device.c:2445:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle, "%04hx", start);
data/bluez-5.55/src/device.c:2464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:2465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_addr[18];
data/bluez-5.55/src/device.c:2647:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:2712:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:2873:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:2976:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:3105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:3185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:3186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adapter_addr[18];
data/bluez-5.55/src/device.c:3187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/device.c:3360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:3366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3];
data/bluez-5.55/src/device.c:3405:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prim->range.start = atoi(*handle);
data/bluez-5.55/src/device.c:3421:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, str + (i * 2), 2);
data/bluez-5.55/src/device.c:3433:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->uuid, service_uuid, MAX_LEN_UUID_STR);
data/bluez-5.55/src/device.c:3495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:3544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:3546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val_str[32];
data/bluez-5.55/src/device.c:3592:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:3626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[MAX_LEN_UUID_STR], uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:3663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **handle, *value, type[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:3707:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:3750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **keys, filename[PATH_MAX];
data/bluez-5.55/src/device.c:3824:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:3862:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:3887:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/device.c:4123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18];
data/bluez-5.55/src/device.c:4153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstaddr[18];
data/bluez-5.55/src/device.c:4361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:4403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/device.c:4404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:4498:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:4676:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:4695:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle_str[11];
data/bluez-5.55/src/device.c:4700:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle_str, "0x%8.8X", rec->handle);
data/bluez-5.55/src/device.c:4710:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 2), "%02X", buf.data[i]);
data/bluez-5.55/src/device.c:4724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handle[6], uuid_str[33];
data/bluez-5.55/src/device.c:4739:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(handle, "%hu", start);
data/bluez-5.55/src/device.c:4742:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str, "%4.4X", uuid.value.uuid16);
data/bluez-5.55/src/device.c:4745:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str, "%8.8X", uuid.value.uuid32);
data/bluez-5.55/src/device.c:4749:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuid_str + (i * 2), "%2.2X",
data/bluez-5.55/src/device.c:4803:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcaddr[18], dstaddr[18];
data/bluez-5.55/src/device.c:4804:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdp_file[PATH_MAX];
data/bluez-5.55/src/device.c:4805:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char att_file[PATH_MAX];
data/bluez-5.55/src/device.c:4970:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:5269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstaddr[18];
data/bluez-5.55/src/device.c:5433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:5754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:5755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/device.c:5802:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/device.c:5803:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_addr[18];
data/bluez-5.55/src/device.c:6332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:6551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/device.c:6655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[18], peer[18];
data/bluez-5.55/src/device.c:6656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/eir.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8_name[HCI_MAX_NAME_LENGTH + 2];
data/bluez-5.55/src/eir.c:174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msd->data, data + 2, msd->data_len);
data/bluez-5.55/src/eir.c:192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sd->data, data, sd->data_len);
data/bluez-5.55/src/eir.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad->data, data, len);
data/bluez-5.55/src/eir.c:395:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&eir->addr, eir_data, sizeof(bdaddr_t));
data/bluez-5.55/src/eir.c:484:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, addr, sizeof(bdaddr_t));
data/bluez-5.55/src/eir.c:497:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, class, sizeof(class));
data/bluez-5.55/src/eir.c:507:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, hash, 16);
data/bluez-5.55/src/eir.c:517:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, randomizer, 16);
data/bluez-5.55/src/eir.c:536:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + 2, name, name_len);
data/bluez-5.55/src/gatt-client.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devaddr[18];
data/bluez-5.55/src/gatt-client.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/src/gatt-client.c:726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/src/gatt-client.c:1781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[MAX_LEN_UUID_STR + 1];
data/bluez-5.55/src/gatt-client.c:2177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/gatt-database.c:779:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuidstr[MAX_LEN_UUID_STR];
data/bluez-5.55/src/gatt-database.c:1333:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->pending, notify, sizeof(*notify));
data/bluez-5.55/src/gatt-database.c:1335:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->pending->value, notify->value, notify->len);
data/bluez-5.55/src/gatt-database.c:2886:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/gatt-database.c:3052:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/gatt-database.c:3125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/oui.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modalias[11], *comp = NULL;
data/bluez-5.55/src/oui.c:42:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(modalias, "OUI:%2.2X%2.2X%2.2X", ba->b[5], ba->b[4], ba->b[3]);
data/bluez-5.55/src/profile.c:836:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/profile.c:1083:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/profile.c:1137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/profile.c:1176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/profile.c:1225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/profile.c:1964:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR], svc_str[MAX_LEN_UUID_STR], psm[30];
data/bluez-5.55/src/rfkill.c:73:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/bluez-5.55/src/rfkill.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysname[PATH_MAX];
data/bluez-5.55/src/rfkill.c:114:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(sysname, O_RDONLY);
data/bluez-5.55/src/rfkill.c:130:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(sysname + 3);
data/bluez-5.55/src/rfkill.c:152:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/rfkill", O_RDWR);
data/bluez-5.55/src/sdp-xml.c:112:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf, elem->text, elem->size);
data/bluez-5.55/src/sdp-xml.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/bluez-5.55/src/sdp-xml.c:307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/bluez-5.55/src/sdp-xml.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3], *decoded;
data/bluez-5.55/src/sdp-xml.c:497:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx_data->stack_head->text + curlen,
data/bluez-5.55/src/sdp-xml.c:654:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRBUFSIZE];
data/bluez-5.55/src/sdp-xml.c:655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[MAXINDENT];
data/bluez-5.55/src/sdp-xml.c:719:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&buf[i * 2], "%02x",
data/bluez-5.55/src/sdp-xml.c:764:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&buf[i * 2], "%02x",
data/bluez-5.55/src/sdp-xml.c:874:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&strBuf[i*sizeof(char)*2],
data/bluez-5.55/src/sdp-xml.c:982:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRBUFSIZE];
data/bluez-5.55/src/sdpd-request.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, buf->data, buf->data_size);
data/bluez-5.55/src/sdpd-request.c:279:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdata, cstate, sizeof(sdp_cont_state_t));
data/bluez-5.55/src/sdpd-request.c:317:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*cstate, buffer, sizeof(sdp_cont_state_t));
data/bluez-5.55/src/sdpd-request.c:518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdata, pCacheBuffer + i * sizeof(uint32_t), sizeof(uint32_t));
data/bluez-5.55/src/sdpd-request.c:544:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newState, cstate, sizeof(sdp_cont_state_t));
data/bluez-5.55/src/sdpd-request.c:608:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data, pdu.data, pdu.data_size);
data/bluez-5.55/src/sdpd-request.c:646:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data, cache->data + cstate->cStateValue.maxBytesSent, sent);
data/bluez-5.55/src/sdpd-service.c:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[32];
data/bluez-5.55/src/service.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/service.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/service.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/service.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/service.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/shared/ad.c:152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data->data, data, len);
data/bluez-5.55/src/shared/ad.c:165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data->data, data, len);
data/bluez-5.55/src/shared/ad.c:372:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *pos, data->data, data->len);
data/bluez-5.55/src/shared/ad.c:410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *pos, data->data, data->len);
data/bluez-5.55/src/shared/ad.c:435:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *pos, name, len);
data/bluez-5.55/src/shared/ad.c:461:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *pos, data->data, data->len);
data/bluez-5.55/src/shared/ad.c:596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data->data, data, len);
data/bluez-5.55/src/shared/ad.c:610:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data->data, data, len);
data/bluez-5.55/src/shared/ad.c:732:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data->data, data, len);
data/bluez-5.55/src/shared/ad.c:747:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data->data, data, len);
data/bluez-5.55/src/shared/att.c:313:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op->pdu + 1, pdu, length);
data/bluez-5.55/src/shared/att.c:1840:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*sign)->key, key, 16);
data/bluez-5.55/src/shared/btp.c:310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr->data, param, length);
data/bluez-5.55/src/shared/btsnoop.c:96:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
btsnoop->fd = open(path, O_RDONLY | O_CLOEXEC);
data/bluez-5.55/src/shared/btsnoop.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/bluez-5.55/src/shared/btsnoop.c:166:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
btsnoop->fd = open(real_path, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
data/bluez-5.55/src/shared/btsnoop.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.id, btsnoop_id, sizeof(btsnoop_id));
data/bluez-5.55/src/shared/btsnoop.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/src/shared/btsnoop.c:245:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
btsnoop->fd = open(path, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
data/bluez-5.55/src/shared/btsnoop.c:250:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.id, btsnoop_id, sizeof(btsnoop_id));
data/bluez-5.55/src/shared/btsnoop.h:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/bluez-5.55/src/shared/crypto.c:91:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/bluez-5.55/src/shared/crypto.c:109:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_type, "skcipher");
data/bluez-5.55/src/shared/crypto.c:110:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_name, "ecb(aes)");
data/bluez-5.55/src/shared/crypto.c:131:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_type, "hash");
data/bluez-5.55/src/shared/crypto.c:132:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_name, "cmac(aes)");
data/bluez-5.55/src/shared/crypto.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[CMSG_SPACE(sizeof(alg_op))];
data/bluez-5.55/src/shared/crypto.c:241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmsg), &alg_op, sizeof(alg_op));
data/bluez-5.55/src/shared/crypto.c:284:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, m, m_len);
data/bluez-5.55/src/shared/crypto.c:325:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signature, tmp + 4, ATT_SIGN_LEN);
data/bluez-5.55/src/shared/crypto.c:438:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, r, 3);
data/bluez-5.55/src/shared/crypto.c:446:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, encrypted, 3);
data/bluez-5.55/src/shared/crypto.c:460:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pp, p, 16);
data/bluez-5.55/src/shared/crypto.c:461:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&qq, q, 16);
data/bluez-5.55/src/shared/crypto.c:466:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, &rr, 16);
data/bluez-5.55/src/shared/crypto.c:532:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1 + 2, preq, 7);
data/bluez-5.55/src/shared/crypto.c:533:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1 + 9, pres, 7);
data/bluez-5.55/src/shared/crypto.c:536:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2, ra, 6);
data/bluez-5.55/src/shared/crypto.c:537:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2 + 6, ia, 6);
data/bluez-5.55/src/shared/crypto.c:589:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, r2, 8);
data/bluez-5.55/src/shared/crypto.c:590:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res + 8, r1, 8);
data/bluez-5.55/src/shared/crypto.c:639:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[1], v, 32);
data/bluez-5.55/src/shared/crypto.c:640:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[33], u, 32);
data/bluez-5.55/src/shared/crypto.c:658:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[0], length, 2);
data/bluez-5.55/src/shared/crypto.c:659:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[2], a2, 7);
data/bluez-5.55/src/shared/crypto.c:660:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[9], a1, 7);
data/bluez-5.55/src/shared/crypto.c:661:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[16], n2, 16);
data/bluez-5.55/src/shared/crypto.c:662:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[32], n1, 16);
data/bluez-5.55/src/shared/crypto.c:663:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[48], btle, 4);
data/bluez-5.55/src/shared/crypto.c:679:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[0], a2, 7);
data/bluez-5.55/src/shared/crypto.c:680:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[7], a1, 7);
data/bluez-5.55/src/shared/crypto.c:681:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[14], io_cap, 3);
data/bluez-5.55/src/shared/crypto.c:682:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[17], r, 16);
data/bluez-5.55/src/shared/crypto.c:683:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[33], n2, 16);
data/bluez-5.55/src/shared/crypto.c:684:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[49], n1, 16);
data/bluez-5.55/src/shared/crypto.c:694:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[0], y, 16);
data/bluez-5.55/src/shared/crypto.c:695:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[16], v, 32);
data/bluez-5.55/src/shared/crypto.c:696:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m[48], u, 32);
data/bluez-5.55/src/shared/ecc.c:85:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
data/bluez-5.55/src/shared/ecc.c:87:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
data/bluez-5.55/src/shared/gap.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gap->static_addr, addr, 6);
data/bluez-5.55/src/shared/gap.c:248:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gap->local_irk, key, 16);
data/bluez-5.55/src/shared/gap.c:266:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irk->addr, addr, 6);
data/bluez-5.55/src/shared/gap.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irk->key, key, 16);
data/bluez-5.55/src/shared/gatt-client.c:538:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/shared/gatt-client.c:849:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/shared/gatt-client.c:943:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/shared/gatt-client.c:1118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/src/shared/gatt-client.c:2835:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op->iov.iov_base + op->iov.iov_len, data, len);
data/bluez-5.55/src/shared/gatt-client.c:2999:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + 2, value, length);
data/bluez-5.55/src/shared/gatt-client.c:3080:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + 2, value, length);
data/bluez-5.55/src/shared/gatt-client.c:3142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + 4, op->value + op->index, op->cur_length);
data/bluez-5.55/src/shared/gatt-client.c:3351:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op->value, value, length);
data/bluez-5.55/src/shared/gatt-client.c:3381:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + 4, op->value, op->cur_length);
data/bluez-5.55/src/shared/gatt-client.c:3529:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + 4, value, length);
data/bluez-5.55/src/shared/gatt-client.c:3546:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op->pdu, pdu, length);
data/bluez-5.55/src/shared/gatt-db.c:227:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attribute->value, val, len);
data/bluez-5.55/src/shared/gatt-db.c:322:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 4, attr->value, attr->value_len);
data/bluez-5.55/src/shared/gatt-db.c:1081:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value[len], include->value, include->value_len);
data/bluez-5.55/src/shared/gatt-db.c:1996:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&attrib->value[offset], value, len);
data/bluez-5.55/src/shared/gatt-helpers.c:70:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->pdu, pdu, pdu_len);
data/bluez-5.55/src/shared/gatt-helpers.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, bt_base_uuid, sizeof(bt_base_uuid));
data/bluez-5.55/src/shared/gatt-helpers.c:350:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, tmp.value.u128.data, 16);
data/bluez-5.55/src/shared/gatt-helpers.c:1007:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read_pdu, data->result->pdu + data->pos + 2, sizeof(uint16_t));
data/bluez-5.55/src/shared/gatt-helpers.c:1028:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu, data->result->pdu + 2, sizeof(uint16_t));
data/bluez-5.55/src/shared/gatt-server.c:248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + iter + 4, value.iov_base, data_val_len);
data/bluez-5.55/src/shared/gatt-server.c:392:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op->pdu + op->pdu_len + 2, value, op->value_len);
data/bluez-5.55/src/shared/gatt-server.c:1079:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->rsp_data + data->length, value, length);
data/bluez-5.55/src/shared/gatt-server.c:1220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val + prep_data->length, value, length);
data/bluez-5.55/src/shared/gatt-server.c:1374:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pwcd->pdu, pdu, length);
data/bluez-5.55/src/shared/gatt-server.c:1787:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->pdu + data->offset, value, length);
data/bluez-5.55/src/shared/gatt-server.c:1862:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + 2, value, pdu_len - 2);
data/bluez-5.55/src/shared/hci-crypto.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.key, key, 16);
data/bluez-5.55/src/shared/hci-crypto.c:66:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.plaintext, plaintext, 16);
data/bluez-5.55/src/shared/hci-crypto.c:153:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, r, 8);
data/bluez-5.55/src/shared/hci-crypto.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, r, 3);
data/bluez-5.55/src/shared/hci.c:474:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, data, cmd->size);
data/bluez-5.55/src/shared/hfp.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lookup_prefix[18];
data/bluez-5.55/src/shared/hfp.c:515:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, str, len);
data/bluez-5.55/src/shared/hfp.c:516:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + len, str2, len2);
data/bluez-5.55/src/shared/hfp.c:1078:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lookup_prefix[18] = {};
data/bluez-5.55/src/shared/hfp.c:1212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, str, len);
data/bluez-5.55/src/shared/hfp.c:1213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + len, str2, count);
data/bluez-5.55/src/shared/mainloop-notify.c:104:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msec = atoi(watchdog_usec) / 1000;
data/bluez-5.55/src/shared/mgmt.c:557:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request->buf + MGMT_HDR_SIZE, param, length);
data/bluez-5.55/src/shared/pcap.c:80:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pcap->fd = open(path, O_RDONLY | O_CLOEXEC);
data/bluez-5.55/src/shared/ringbuf.c:247:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ringbuf->buffer + offset, str, end);
data/bluez-5.55/src/shared/ringbuf.c:255:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ringbuf->buffer, str + end, len - end);
data/bluez-5.55/src/shared/shell.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char history[256];
data/bluez-5.55/src/shared/shell.c:1069:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optstr[256];
data/bluez-5.55/src/shared/shell.c:1074:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options, main_options, sizeof(struct option) * offset);
data/bluez-5.55/src/shared/shell.c:1077:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options + offset, opt->options,
data/bluez-5.55/src/shared/shell.c:1102:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data.timeout = atoi(optarg);
data/bluez-5.55/src/shared/tester.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[16];
data/bluez-5.55/src/shared/uhid.c:109:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(UHID_DEVICE_FILE, O_RDWR | O_CLOEXEC);
data/bluez-5.55/src/shared/util.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[78];
data/bluez-5.55/src/shared/util.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[68];
data/bluez-5.55/src/shared/util.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/bluez-5.55/src/storage.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/src/storage.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX], *str;
data/bluez-5.55/src/storage.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX], *str;
data/bluez-5.55/src/storage.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX], *str;
data/bluez-5.55/src/storage.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX], *str;
data/bluez-5.55/src/storage.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3];
data/bluez-5.55/src/storage.c:160:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, str + (i * 2), 2);
data/bluez-5.55/src/textfile.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1], *prev, *next;
data/bluez-5.55/src/textfile.c:83:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDWR | O_CREAT, mode);
data/bluez-5.55/src/textfile.c:187:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDWR);
data/bluez-5.55/src/textfile.c:269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, end, len);
data/bluez-5.55/src/textfile.c:310:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY);
data/bluez-5.55/src/textfile.c:389:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY);
data/bluez-5.55/src/textfile.c:429:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, off, len);
data/bluez-5.55/src/textfile.c:456:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, off, len);
data/bluez-5.55/src/uinput.h:704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[UINPUT_MAX_NAME_SIZE];
data/bluez-5.55/src/uuid-helper.c:89:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uuid128, uuid, sizeof(uuid_t));
data/bluez-5.55/src/uuid-helper.c:96:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data0, &uuid128.value.uuid128.data[0], 4);
data/bluez-5.55/src/uuid-helper.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data1, &uuid128.value.uuid128.data[4], 2);
data/bluez-5.55/src/uuid-helper.c:98:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data2, &uuid128.value.uuid128.data[6], 2);
data/bluez-5.55/src/uuid-helper.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data3, &uuid128.value.uuid128.data[8], 2);
data/bluez-5.55/src/uuid-helper.c:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data4, &uuid128.value.uuid128.data[10], 4);
data/bluez-5.55/src/uuid-helper.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data5, &uuid128.value.uuid128.data[14], 2);
data/bluez-5.55/src/uuid-helper.c:229:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[0], &data0, 4);
data/bluez-5.55/src/uuid-helper.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[4], &data1, 2);
data/bluez-5.55/src/uuid-helper.c:231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[6], &data2, 2);
data/bluez-5.55/src/uuid-helper.c:232:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[8], &data3, 2);
data/bluez-5.55/src/uuid-helper.c:233:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[10], &data4, 4);
data/bluez-5.55/src/uuid-helper.c:234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val[14], &data5, 2);
data/bluez-5.55/tools/3dsp.c:152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, evt->bdaddr, 6);
data/bluez-5.55/tools/3dsp.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.map, evt->map, 10);
data/bluez-5.55/tools/3dsp.c:186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, evt->bdaddr, 6);
data/bluez-5.55/tools/3dsp.c:195:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.map, evt->map, 10);
data/bluez-5.55/tools/3dsp.c:216:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, evt->bdaddr, 6);
data/bluez-5.55/tools/3dsp.c:233:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, evt->bdaddr, 6);
data/bluez-5.55/tools/3dsp.c:277:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, evt->bdaddr, 6);
data/bluez-5.55/tools/3dsp.c:388:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, evt->bdaddr, 6);
data/bluez-5.55/tools/3dsp.c:426:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.data, inqdata, sizeof(inqdata));
data/bluez-5.55/tools/3dsp.c:457:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bcastdata + 3, &msg, sizeof(msg));
data/bluez-5.55/tools/3dsp.c:598:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(str);
data/bluez-5.55/tools/advtest.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irk, ADV_IRK, 16);
data/bluez-5.55/tools/advtest.c:81:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irk, ADV_IRK, 16);
data/bluez-5.55/tools/advtest.c:148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd1.addr, PEER_ADDR, 6);
data/bluez-5.55/tools/advtest.c:150:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd1.local_irk, ADV_IRK, 16);
data/bluez-5.55/tools/advtest.c:176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd4.direct_addr, PEER_ADDR, 6);
data/bluez-5.55/tools/amptest.c:190:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(assoc_data, rp.fragment, *assoc_len);
data/bluez-5.55/tools/amptest.c:218:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.fragment, assoc_data, assoc_len);
data/bluez-5.55/tools/avinfo.c:347:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf(" 0x%.02x", ((unsigned char *)vendor)[i]);
data/bluez-5.55/tools/avinfo.c:779:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/bluez-5.55/tools/avinfo.c:810:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/bluez-5.55/tools/avinfo.c:939:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &src);
data/bluez-5.55/tools/avtest.c:206:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[672];
data/bluez-5.55/tools/avtest.c:268:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[3], media_transport,
data/bluez-5.55/tools/avtest.c:275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], media_transport,
data/bluez-5.55/tools/avtest.c:282:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], media_transport,
data/bluez-5.55/tools/avtest.c:288:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[2], media_transport,
data/bluez-5.55/tools/avtest.c:416:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[672];
data/bluez-5.55/tools/avtest.c:558:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[672];
data/bluez-5.55/tools/avtest.c:591:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[4], media_transport, sizeof(media_transport));
data/bluez-5.55/tools/avtest.c:692:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[672];
data/bluez-5.55/tools/avtest.c:706:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[AVCTP_HEADER_LENGTH], play_pressed, sizeof(play_pressed));
data/bluez-5.55/tools/avtest.c:768:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(arg);
data/bluez-5.55/tools/avtest.c:790:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &src);
data/bluez-5.55/tools/avtest.c:822:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wait_before_exit = atoi(optarg);
data/bluez-5.55/tools/bccmd.c:276:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/bluez-5.55/tools/bccmd.c:487:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channel = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:516:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
freq = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:521:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(argv[1]);
data/bluez-5.55/tools/bccmd.c:541:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
freq = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:546:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(argv[1]);
data/bluez-5.55/tools/bccmd.c:548:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test = atoi(argv[2]);
data/bluez-5.55/tools/bccmd.c:624:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*stores = atoi(optarg);
data/bluez-5.55/tools/bccmd.c:659:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pskey = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:734:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pskey = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:781:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:796:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val32 = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:814:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
array[i + 6] = atoi(argv[i]);
data/bluez-5.55/tools/bccmd.c:837:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pskey = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:914:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str, val[7];
data/bluez-5.55/tools/bccmd.c:962:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val, "0x%04x", pskey);
data/bluez-5.55/tools/bccmd.c:983:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str, val[7];
data/bluez-5.55/tools/bccmd.c:996:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val, "0x%04x", pskey);
data/bluez-5.55/tools/bccmd.c:1058:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mux = atoi(argv[0]);
data/bluez-5.55/tools/bccmd.c:1199:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bcsp_rate = tty_get_speed(atoi(optarg));
data/bluez-5.55/tools/bcmfw.c:87:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY | O_CLOEXEC);
data/bluez-5.55/tools/bdaddr.c:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.flash_data, flash_data, flash_length);
data/bluez-5.55/tools/bdaddr.c:121:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/bdaddr.c:138:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/bdaddr.c:171:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/bdaddr.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/bdaddr.c:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18], *comp;
data/bluez-5.55/tools/bluemoon.c:286:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, rsp->bdaddr, 6);
data/bluez-5.55/tools/bluemoon.c:384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, rsp->bdaddr, 6);
data/bluez-5.55/tools/bluemoon.c:387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.features, rsp->features, 8);
data/bluez-5.55/tools/bluemoon.c:492:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/bluez-5.55/tools/bluemoon.c:677:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw_name[PATH_MAX];
data/bluez-5.55/tools/bluemoon.c:773:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/bluez-5.55/tools/bluemoon.c:979:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_index = atoi(str);
data/bluez-5.55/tools/bnep-tester.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/bneptest.c:68:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iface[16];
data/bluez-5.55/tools/bneptest.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bridge[16];
data/bluez-5.55/tools/bneptest.c:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame[1], dst_hw_addr, sizeof(dst_hw_addr));
data/bluez-5.55/tools/bneptest.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame[7], src_hw_addr, sizeof(src_hw_addr));
data/bluez-5.55/tools/bneptest.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame[15], general_frame_payload,
data/bluez-5.55/tools/bneptest.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame[1], dst_hw_addr, sizeof(dst_hw_addr));
data/bluez-5.55/tools/bneptest.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame[7], src_hw_addr, sizeof(src_hw_addr));
data/bluez-5.55/tools/bneptest.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame[15], general_frame_payload,
data/bluez-5.55/tools/bneptest.c:237:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->list, &ntw_proto_down_range,
data/bluez-5.55/tools/bneptest.c:239:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->list + sizeof(ntw_proto_down_range),
data/bluez-5.55/tools/bneptest.c:251:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->list, mcast_addr_down_range,
data/bluez-5.55/tools/bneptest.c:253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->list + sizeof(mcast_addr_down_range),
data/bluez-5.55/tools/bneptest.c:421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[18];
data/bluez-5.55/tools/bneptest.c:470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdastr[18];
data/bluez-5.55/tools/bneptest.c:588:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &src_addr);
data/bluez-5.55/tools/bneptest.c:601:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctrl_msg_type = atoi(optarg);
data/bluez-5.55/tools/bneptest.c:605:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bnep_msg_type = atoi(optarg);
data/bluez-5.55/tools/bneptest.c:616:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
send_frame_timeout = atoi(optarg);
data/bluez-5.55/tools/bneptest.c:619:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ntw_proto_down_range = htons(atoi(optarg));
data/bluez-5.55/tools/bneptest.c:622:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ntw_proto_up_range = htons(atoi(optarg));
data/bluez-5.55/tools/bneptest.c:635:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_role = atoi(optarg);
data/bluez-5.55/tools/bneptest.c:638:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_role = atoi(optarg);
data/bluez-5.55/tools/bneptest.c:647:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(iface, "\%d");
data/bluez-5.55/tools/bneptest.c:655:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctrl_msg_retransmition_nb = atoi(optarg);
data/bluez-5.55/tools/bneptest.c:658:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bnep_msg_retransmission_nb = atoi(optarg);
data/bluez-5.55/tools/btattach.c:58:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR | O_NOCTTY);
data/bluez-5.55/tools/btattach.c:257:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed = tty_get_speed(atoi(optarg));
data/bluez-5.55/tools/btgatt-client.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/tools/btgatt-client.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/tools/btgatt-client.c:423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/bluez-5.55/tools/btgatt-client.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[512];
data/bluez-5.55/tools/btgatt-client.c:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/bluez-5.55/tools/btgatt-client.c:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/bluez-5.55/tools/btgatt-client.c:665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argvbuf[516];
data/bluez-5.55/tools/btgatt-client.c:795:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argvbuf[516];
data/bluez-5.55/tools/btgatt-client.c:905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argvbuf[516];
data/bluez-5.55/tools/btgatt-client.c:940:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(optarg);
data/bluez-5.55/tools/btgatt-client.c:1033:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argvbuf[516];
data/bluez-5.55/tools/btgatt-client.c:1123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/bluez-5.55/tools/btgatt-client.c:1163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/bluez-5.55/tools/btgatt-client.c:1202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/bluez-5.55/tools/btgatt-client.c:1251:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool convert_sign_key(char *optarg, uint8_t key[16])
data/bluez-5.55/tools/btgatt-client.c:1287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/bluez-5.55/tools/btgatt-client.c:1425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcaddr_str[18], dstaddr_str[18];
data/bluez-5.55/tools/btgatt-client.c:1550:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
arg = atoi(optarg);
data/bluez-5.55/tools/btgatt-server.c:193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(server->device_name + offset, value, len);
data/bluez-5.55/tools/btgatt-server.c:577:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(server->device_name, test_device_name, name_len);
data/bluez-5.55/tools/btgatt-server.c:659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ba[18];
data/bluez-5.55/tools/btgatt-server.c:754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argvbuf[516];
data/bluez-5.55/tools/btgatt-server.c:893:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[MAX_LEN_UUID_STR];
data/bluez-5.55/tools/btgatt-server.c:982:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool convert_sign_key(char *optarg, uint8_t key[16])
data/bluez-5.55/tools/btgatt-server.c:1021:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/bluez-5.55/tools/btgatt-server.c:1184:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
arg = atoi(optarg);
data/bluez-5.55/tools/btinfo.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/bluez-5.55/tools/btinfo.c:248:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(str);
data/bluez-5.55/tools/btiotest.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btiotest.c:149:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(addr, "(unknown)");
data/bluez-5.55/tools/btiotest.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:92:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mgmt_index = atoi(&arg[3]);
data/bluez-5.55/tools/btmgmt.c:94:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mgmt_index = atoi(arg);
data/bluez-5.55/tools/btmgmt.c:104:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*val = atoi(argv[1]);
data/bluez-5.55/tools/btmgmt.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/bluez-5.55/tools/btmgmt.c:149:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (i * 2), "%02x", buf[i]);
data/bluez-5.55/tools/btmgmt.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[33];
data/bluez-5.55/tools/btmgmt.c:227:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "r");
data/bluez-5.55/tools/btmgmt.c:321:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[256];
data/bluez-5.55/tools/btmgmt.c:373:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[256];
data/bluez-5.55/tools/btmgmt.c:423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:657:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18], *name;
data/bluez-5.55/tools/btmgmt.c:712:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.pin_code, pin, len);
data/bluez-5.55/tools/btmgmt.c:758:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cp.addr, addr, sizeof(*addr));
data/bluez-5.55/tools/btmgmt.c:782:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cp.addr, addr, sizeof(*addr));
data/bluez-5.55/tools/btmgmt.c:806:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cp.addr, addr, sizeof(*addr));
data/bluez-5.55/tools/btmgmt.c:831:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cp.addr, addr, sizeof(*addr));
data/bluez-5.55/tools/btmgmt.c:853:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(input));
data/bluez-5.55/tools/btmgmt.c:870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/bluez-5.55/tools/btmgmt.c:876:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prompt.addr, addr, sizeof(*addr));
data/bluez-5.55/tools/btmgmt.c:892:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:911:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:936:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:954:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:1276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:1330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:1758:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.uuid, uuid, 16);
data/bluez-5.55/tools/btmgmt.c:2002:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp.val = atoi(argv[1]);
data/bluez-5.55/tools/btmgmt.c:2005:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp.timeout = htobs(atoi(argv[2]));
data/bluez-5.55/tools/btmgmt.c:2055:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(argv[1]);
data/bluez-5.55/tools/btmgmt.c:2109:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/bluez-5.55/tools/btmgmt.c:2158:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
class[0] = atoi(argv[1]);
data/bluez-5.55/tools/btmgmt.c:2159:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
class[1] = atoi(argv[2]);
data/bluez-5.55/tools/btmgmt.c:2176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:2268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:2322:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid128, uuid, sizeof(*uuid));
data/bluez-5.55/tools/btmgmt.c:2377:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rssi = atoi(optarg);
data/bluez-5.55/tools/btmgmt.c:2581:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:2618:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:2674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:2757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:2922:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/tools/btmgmt.c:2944:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_index = atoi(optarg + 3);
data/bluez-5.55/tools/btmgmt.c:2946:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_index = atoi(optarg);
data/bluez-5.55/tools/btmgmt.c:2999:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:3153:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp.svc_hint = atoi(argv[2]);
data/bluez-5.55/tools/btmgmt.c:3208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[33];
data/bluez-5.55/tools/btmgmt.c:3258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:3489:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const struct mgmt_rp_get_conn_info *rp = param; char addr[18];
data/bluez-5.55/tools/btmgmt.c:3701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:3772:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/btmgmt.c:3911:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[256];
data/bluez-5.55/tools/btmgmt.c:4350:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp->data + 2, uuids, uuid_bytes - 2);
data/bluez-5.55/tools/btmgmt.c:4353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp->data + uuid_bytes, adv_data, adv_len);
data/bluez-5.55/tools/btmgmt.c:4354:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp->data + uuid_bytes + adv_len, scan_rsp, scan_rsp_len);
data/bluez-5.55/tools/btmgmt.c:4475:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[256];
data/bluez-5.55/tools/btmgmt.c:4604:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[512];
data/bluez-5.55/tools/btmgmt.c:4695:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern_str[62] = { 0 };
data/bluez-5.55/tools/btmon-logger.c:65:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[64];
data/bluez-5.55/tools/btpclient.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[18];
data/bluez-5.55/tools/btpclient.c:1078:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad.local_name, ad_data, ad_len);
data/bluez-5.55/tools/btpclient.c:1095:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sd->data.data, ad_data + 2, sd->data.len);
data/bluez-5.55/tools/btpclient.c:1102:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ad.local_appearance, ad_data, ad_len);
data/bluez-5.55/tools/btpclient.c:1114:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&md->id, ad_data, 2);
data/bluez-5.55/tools/btpclient.c:1116:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(md->data.data, ad_data + 2, md->data.len);
data/bluez-5.55/tools/btpclient.c:1591:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_addr[18];
data/bluez-5.55/tools/btproxy.c:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1 + sizeof(*hdr) + 1, data, len);
data/bluez-5.55/tools/btproxy.c:191:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(proxy->event_mask, lsem->mask, 8);
data/bluez-5.55/tools/btproxy.c:733:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/vhci", O_RDWR | O_CLOEXEC);
data/bluez-5.55/tools/btproxy.c:836:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tcp_port = atoi(optarg);
data/bluez-5.55/tools/btproxy.c:847:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_index = atoi(str);
data/bluez-5.55/tools/btsnoop.c:73:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
data/bluez-5.55/tools/btsnoop.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.id, btsnoop_id, sizeof(btsnoop_id));
data/bluez-5.55/tools/btsnoop.c:100:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY | O_CLOEXEC);
data/bluez-5.55/tools/btsnoop.c:136:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/bluez-5.55/tools/btsnoop.c:279:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/bluez-5.55/tools/btsnoop.c:352:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/bluez-5.55/tools/btsnoop.c:426:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/bluez-5.55/tools/btsnoop.c:487:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu_buf, buf + 9, len - 9);
data/bluez-5.55/tools/btsnoop.c:490:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu_buf + pdu_len, buf + 5, len - 5);
data/bluez-5.55/tools/check-selftest.c:51:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(pathname, "re");
data/bluez-5.55/tools/check-selftest.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[32], *ptr;
data/bluez-5.55/tools/ciptool.c:75:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[100] = "";
data/bluez-5.55/tools/ciptool.c:80:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "loopback");
data/bluez-5.55/tools/ciptool.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/ciptool.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/ciptool.c:246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(class, (info+i)->dev_class, 3);
data/bluez-5.55/tools/ciptool.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/ciptool.c:292:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psm = atoi(argv[2]);
data/bluez-5.55/tools/ciptool.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/ciptool.c:361:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psm = atoi(argv[2]);
data/bluez-5.55/tools/ciptool.c:455:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &bdaddr);
data/bluez-5.55/tools/cltest.c:93:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/tools/cltest.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/tools/cltest.c:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/cltest.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/cltest.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_src[18], addr_dst[18];
data/bluez-5.55/tools/create-image.c:96:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY | O_CLOEXEC);
data/bluez-5.55/tools/create-image.c:195:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(output_pathname, "we");
data/bluez-5.55/tools/csr.c:564:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[12];
data/bluez-5.55/tools/csr.c:2361:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr.c:2366:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr.c:2407:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr.c:2412:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr.c:2413:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 11, value, length);
data/bluez-5.55/tools/csr.c:2446:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr.c:2451:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr.c:2452:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 11, value, length);
data/bluez-5.55/tools/csr.c:2476:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, rp + 11, length);
data/bluez-5.55/tools/csr.c:2487:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr.c:2492:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr.c:2527:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr.c:2532:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr.c:2569:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr.c:2574:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr.c:2598:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, rp + 17, length);
data/bluez-5.55/tools/csr.c:2611:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr.c:2616:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr.c:2618:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 17, value, length);
data/bluez-5.55/tools/csr.c:2702:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->value, value, size);
data/bluez-5.55/tools/csr.c:2732:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, item->value, item->size);
data/bluez-5.55/tools/csr.c:2783:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/bluez-5.55/tools/csr.c:2835:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str, val[7];
data/bluez-5.55/tools/csr.c:2844:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(val, "0x%04x", pskey);
data/bluez-5.55/tools/csr_bcsp.c:59:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device, O_RDWR | O_NOCTTY);
data/bluez-5.55/tools/csr_bcsp.c:152:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr_bcsp.c:176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 4, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr_bcsp.c:177:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 14, value, length);
data/bluez-5.55/tools/csr_bcsp.c:185:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_packet.payload, cp, (size * 2) + 4);
data/bluez-5.55/tools/csr_bcsp.c:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, receive_packet.payload,
data/bluez-5.55/tools/csr_bcsp.c:239:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, rp + 13, length);
data/bluez-5.55/tools/csr_h4.c:50:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device, O_RDWR | O_NOCTTY);
data/bluez-5.55/tools/csr_h4.c:87:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr_h4.c:111:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 5, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr_h4.c:112:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 15, value, length);
data/bluez-5.55/tools/csr_h4.c:148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, rp + 14, length);
data/bluez-5.55/tools/csr_hci.c:89:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr_hci.c:109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 1, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr_hci.c:110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 11, value, length);
data/bluez-5.55/tools/csr_hci.c:142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, rp + 11, length);
data/bluez-5.55/tools/csr_usb.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/tools/csr_usb.c:80:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "r");
data/bluez-5.55/tools/csr_usb.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/tools/csr_usb.c:170:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = open(path, O_RDWR, O_CLOEXEC | O_NONBLOCK);
data/bluez-5.55/tools/csr_usb.c:229:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[254], rp[254];
data/bluez-5.55/tools/csr_usb.c:252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 4, cmd, sizeof(cmd));
data/bluez-5.55/tools/csr_usb.c:253:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 14, value, length);
data/bluez-5.55/tools/csr_usb.c:285:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, rp + 13, length);
data/bluez-5.55/tools/eddystone.c:266:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(str);
data/bluez-5.55/tools/eddystone.c:284:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
urandom_fd = open("/dev/urandom", O_RDONLY);
data/bluez-5.55/tools/gatt-service.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service_path[100] = {0,};
data/bluez-5.55/tools/hci-tester.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(user->bdaddr_lt, rsp->bdaddr, 6);
data/bluez-5.55/tools/hci-tester.c:118:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(user->bdaddr_ut, rsp->bdaddr, 6);
data/bluez-5.55/tools/hci-tester.c:441:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keys->local_pk, evt->local_pk256, 64);
data/bluez-5.55/tools/hci-tester.c:514:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keys->local_pk, evt->local_pk256, 64);
data/bluez-5.55/tools/hci-tester.c:716:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, evt->bdaddr, 6);
data/bluez-5.55/tools/hci-tester.c:789:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.bdaddr, user->bdaddr_lt, 6);
data/bluez-5.55/tools/hciattach.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[5];
data/bluez-5.55/tools/hciattach.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[5];
data/bluez-5.55/tools/hciattach.c:308:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bcsp_sync_pkt[10] = {0xc0,0x00,0x41,0x00,0xbe,0xda,0xdc,0xed,0xed,0xc0};
data/bluez-5.55/tools/hciattach.c:326:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bcsp_conf_pkt[10] = {0xc0,0x00,0x41,0x00,0xbe,0xad,0xef,0xac,0xed,0xc0};
data/bluez-5.55/tools/hciattach.c:344:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte, bcsph[4], bcspp[4],
data/bluez-5.55/tools/hciattach.c:480:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[30]; /* Command */
data/bluez-5.55/tools/hciattach.c:481:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[30]; /* Response */
data/bluez-5.55/tools/hciattach.c:541:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[512];
data/bluez-5.55/tools/hciattach.c:544:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp + (i*3), "-%02X", resp[i]);
data/bluez-5.55/tools/hciattach.c:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[512];
data/bluez-5.55/tools/hciattach.c:587:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp + (i*3), "-%02X", resp[i]);
data/bluez-5.55/tools/hciattach.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[512];
data/bluez-5.55/tools/hciattach.c:625:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp + (i*3), "-%02X", cmd[i]);
data/bluez-5.55/tools/hciattach.c:650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[10], rsp[100];
data/bluez-5.55/tools/hciattach.c:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[5];
data/bluez-5.55/tools/hciattach.c:807:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[10];
data/bluez-5.55/tools/hciattach.c:860:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[30], resp[30];
data/bluez-5.55/tools/hciattach.c:1149:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dev, O_RDWR | O_NOCTTY);
data/bluez-5.55/tools/hciattach.c:1247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[PATH_MAX];
data/bluez-5.55/tools/hciattach.c:1268:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
to = atoi(optarg);
data/bluez-5.55/tools/hciattach.c:1272:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
init_speed = atoi(optarg);
data/bluez-5.55/tools/hciattach.c:1307:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dev, "/dev/");
data/bluez-5.55/tools/hciattach.c:1334:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u->speed = atoi(argv[optind]);
data/bluez-5.55/tools/hciattach_ath3k.c:202:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd[HCI_PS_CMD_HDR_LEN], ps_list[i].data,
data/bluez-5.55/tools/hciattach_ath3k.c:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/bluez-5.55/tools/hciattach_ath3k.c:364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_SIZE_MAX + 1];
data/bluez-5.55/tools/hciattach_ath3k.c:474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_byte[3];
data/bluez-5.55/tools/hciattach_ath3k.c:507:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char byte[3];
data/bluez-5.55/tools/hciattach_ath3k.c:508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptr[MAX_PATCH_CMD + 1];
data/bluez-5.55/tools/hciattach_ath3k.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patch_loc[PATCH_LOC_STRING_LEN + 1];
data/bluez-5.55/tools/hciattach_ath3k.c:549:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd[HCI_PS_CMD_HDR_LEN], patch.data, patch.len);
data/bluez-5.55/tools/hciattach_ath3k.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbyte[3];
data/bluez-5.55/tools/hciattach_ath3k.c:792:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdaddr[PATH_MAX];
data/bluez-5.55/tools/hciattach_ath3k.c:793:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdaddr_file[PATH_MAX];
data/bluez-5.55/tools/hciattach_ath3k.c:798:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(bdaddr_file, "r");
data/bluez-5.55/tools/hciattach_ath3k.c:816:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patch_file[PATH_MAX];
data/bluez-5.55/tools/hciattach_ath3k.c:817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps_file[PATH_MAX];
data/bluez-5.55/tools/hciattach_ath3k.c:843:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(ps_file, "r");
data/bluez-5.55/tools/hciattach_ath3k.c:858:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(patch_file, "r");
data/bluez-5.55/tools/hciattach_ath3k.c:930:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MAX_CMD_LEN], rsp[HCI_MAX_EVENT_SIZE];
data/bluez-5.55/tools/hciattach_ath3k.c:970:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MAX_CMD_LEN], rsp[HCI_MAX_EVENT_SIZE];
data/bluez-5.55/tools/hciattach_bcm43xx.c:104:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[CC_MIN_SIZE];
data/bluez-5.55/tools/hciattach_bcm43xx.c:129:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[CC_MIN_SIZE];
data/bluez-5.55/tools/hciattach_bcm43xx.c:161:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[CC_MIN_SIZE];
data/bluez-5.55/tools/hciattach_bcm43xx.c:192:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[CC_MIN_SIZE];
data/bluez-5.55/tools/hciattach_bcm43xx.c:234:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[CC_MIN_SIZE];
data/bluez-5.55/tools/hciattach_bcm43xx.c:235:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_buf[1024];
data/bluez-5.55/tools/hciattach_bcm43xx.c:240:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_fw = open(fw, O_RDONLY);
data/bluez-5.55/tools/hciattach_bcm43xx.c:323:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/tools/hciattach_bcm43xx.c:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip_name[20];
data/bluez-5.55/tools/hciattach_bcm43xx.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw_path[PATH_MAX];
data/bluez-5.55/tools/hciattach_intel.c:74:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[PATCH_MAX_LEN];
data/bluez-5.55/tools/hciattach_intel.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patch_file[PATH_MAX];
data/bluez-5.55/tools/hciattach_intel.c:264:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctx->fd = open(patch_file, O_RDONLY);
data/bluez-5.55/tools/hciattach_intel.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw_ver[INTEL_VER_PARAM_LEN * 2];
data/bluez-5.55/tools/hciattach_intel.c:337:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&fw_ver[i*2], "%02x", entry.data[7+i]);
data/bluez-5.55/tools/hciattach_intel.c:515:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[5];
data/bluez-5.55/tools/hciattach_intel.c:516:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char evt[7];
data/bluez-5.55/tools/hciattach_qualcomm.c:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vsevent[512];
data/bluez-5.55/tools/hciattach_qualcomm.c:104:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fw = open(firmware, O_RDONLY);
data/bluez-5.55/tools/hciattach_qualcomm.c:115:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1024];
data/bluez-5.55/tools/hciattach_qualcomm.c:116:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmdp[1 + sizeof(hci_command_hdr)];
data/bluez-5.55/tools/hciattach_qualcomm.c:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[3], &bdaddr, sizeof(bdaddr_t));
data/bluez-5.55/tools/hciattach_qualcomm.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[5];
data/bluez-5.55/tools/hciattach_qualcomm.c:171:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[100]; /* Response */
data/bluez-5.55/tools/hciattach_qualcomm.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw[100];
data/bluez-5.55/tools/hciattach_st.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cp[260], rp[260];
data/bluez-5.55/tools/hciattach_st.c:57:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp + 4, cparam, clen);
data/bluez-5.55/tools/hciattach_st.c:114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rparam, rp + offset, size);
data/bluez-5.55/tools/hciattach_st.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[PATH_MAX], filename[PATH_MAX + NAME_MAX + 1], prefix[20];
data/bluez-5.55/tools/hciattach_st.c:124:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[256];
data/bluez-5.55/tools/hciattach_st.c:125:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/bluez-5.55/tools/hciattach_st.c:134:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pathname, "/lib/firmware");
data/bluez-5.55/tools/hciattach_st.c:168:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/bluez-5.55/tools/hciattach_st.c:200:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[16];
data/bluez-5.55/tools/hciattach_st.c:201:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[254];
data/bluez-5.55/tools/hciattach_st.c:255:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[16];
data/bluez-5.55/tools/hciattach_st.c:256:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[254];
data/bluez-5.55/tools/hciattach_ti.c:118:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file_name, "rb");
data/bluez-5.55/tools/hciattach_ti.c:190:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char firmware_file_name[PATH_MAX] = {0};
data/bluez-5.55/tools/hciattach_ti.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[1024] = {0};
data/bluez-5.55/tools/hciattach_ti.c:274:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char response[1024] = {0};
data/bluez-5.55/tools/hciattach_ti.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[4];
data/bluez-5.55/tools/hciattach_ti.c:448:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[100]; /* Response */
data/bluez-5.55/tools/hciattach_tialt.c:106:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fw = open(firmware, O_RDONLY);
data/bluez-5.55/tools/hciattach_tialt.c:117:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1024];
data/bluez-5.55/tools/hciattach_tialt.c:118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmdp[1 + sizeof(hci_command_hdr)];
data/bluez-5.55/tools/hciattach_tialt.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[4];
data/bluez-5.55/tools/hciattach_tialt.c:168:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[100]; /* Response */
data/bluez-5.55/tools/hciattach_tialt.c:214:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *c_brf_chip[8] = {
data/bluez-5.55/tools/hciattach_tialt.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw[100];
data/bluez-5.55/tools/hciconfig.c:262:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adv_params_cp.advtype = atoi(opt);
data/bluez-5.55/tools/hciconfig.c:677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[249];
data/bluez-5.55/tools/hciconfig.c:808:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cls_str[48];
data/bluez-5.55/tools/hciconfig.c:1189:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int8_t level = atoi(opt);
data/bluez-5.55/tools/hciconfig.c:1224:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t mode = atoi(opt);
data/bluez-5.55/tools/hciconfig.c:1274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3];
data/bluez-5.55/tools/hciconfig.c:1285:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, opt + (i * 2), 2);
data/bluez-5.55/tools/hciconfig.c:1379:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t type = atoi(opt);
data/bluez-5.55/tools/hciconfig.c:1625:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t mode = atoi(opt);
data/bluez-5.55/tools/hciconfig.c:1660:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint8_t mode = atoi(opt);
data/bluez-5.55/tools/hciconfig.c:1687:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[102];
data/bluez-5.55/tools/hciconfig.c:1734:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[102];
data/bluez-5.55/tools/hciconfig.c:1870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/hciconfig.c:2030:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
di.dev_id = atoi(argv[0] + 3);
data/bluez-5.55/tools/hcidump.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctrl[100];
data/bluez-5.55/tools/hcidump.c:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dir, CMSG_DATA(cmsg), sizeof(int));
data/bluez-5.55/tools/hcidump.c:233:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frm.ts, CMSG_DATA(cmsg),
data/bluez-5.55/tools/hcidump.c:441:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BTSNOOP_HDR_SIZE];
data/bluez-5.55/tools/hcidump.c:450:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, open_flags, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
data/bluez-5.55/tools/hcidump.c:497:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr->id, btsnoop_id, sizeof(btsnoop_id));
data/bluez-5.55/tools/hcidump.c:686:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
device = atoi(optarg + 3);
data/bluez-5.55/tools/hcidump.c:692:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snap_len = atoi(optarg);
data/bluez-5.55/tools/hcidump.c:696:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
defpsm = atoi(optarg);
data/bluez-5.55/tools/hcidump.c:700:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
defcompid = atoi(optarg);
data/bluez-5.55/tools/hcidump.c:734:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_proto(0, atoi(optarg), 0, SDP_UUID_CMTP);
data/bluez-5.55/tools/hcidump.c:738:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_proto(0, atoi(optarg), 0, SDP_UUID_HARDCOPY_CONTROL_CHANNEL);
data/bluez-5.55/tools/hcidump.c:742:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obex_port = atoi(optarg);
data/bluez-5.55/tools/hcidump.c:750:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_proto(0, 0, atoi(optarg), SDP_UUID_LAN_ACCESS_PPP);
data/bluez-5.55/tools/hcidump.c:754:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_proto(0, 0, atoi(optarg), SDP_UUID_SIM_ACCESS);
data/bluez-5.55/tools/hcitool.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/hcitool.c:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/hcitool.c:338:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cls_str[48]; cls_str[0] = 0;
data/bluez-5.55/tools/hcitool.c:491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/hcitool.c:501:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = atoi(optarg);
data/bluez-5.55/tools/hcitool.c:505:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_rsp = atoi(optarg);
data/bluez-5.55/tools/hcitool.c:580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18], name[249], *comp;
data/bluez-5.55/tools/hcitool.c:594:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = atoi(optarg);
data/bluez-5.55/tools/hcitool.c:598:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_rsp = atoi(optarg);
data/bluez-5.55/tools/hcitool.c:686:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "n/a");
data/bluez-5.55/tools/hcitool.c:706:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oui[9];
data/bluez-5.55/tools/hcitool.c:759:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cls, (info+i)->dev_class, 3);
data/bluez-5.55/tools/hcitool.c:822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[248];
data/bluez-5.55/tools/hcitool.c:872:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[249], *comp, *tmp;
data/bluez-5.55/tools/hcitool.c:942:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oui[9];
data/bluez-5.55/tools/hcitool.c:1040:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.lap, lap, 3);
data/bluez-5.55/tools/hcitool.c:1117:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[HCI_MAX_EVENT_SIZE], *ptr = buf;
data/bluez-5.55/tools/hcitool.c:1310:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reason = (argc > 1) ? atoi(argv[1]) : HCI_OE_USER_ENDED_CONNECTION;
data/bluez-5.55/tools/hcitool.c:1383:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
role = atoi(argv[1]);
data/bluez-5.55/tools/hcitool.c:1574:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = (argc > 1) ? atoi(argv[1]) : 0;
data/bluez-5.55/tools/hcitool.c:2075:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encrypt = (argc > 1) ? atoi(argv[1]) : 1;
data/bluez-5.55/tools/hcitool.c:2287:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = (argc > 1) ? atoi(argv[1]) : 0x01;
data/bluez-5.55/tools/hcitool.c:2397:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &eir[2], name_len);
data/bluez-5.55/tools/hcitool.c:2411:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[HCI_MAX_EVENT_SIZE], *ptr;
data/bluez-5.55/tools/hcitool.c:2440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/hcitool.c:2464:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/bluez-5.55/tools/hcitool.c:3273:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle = atoi(argv[0]);
data/bluez-5.55/tools/hcitool.c:3275:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reason = (argc > 1) ? atoi(argv[1]) : HCI_OE_USER_ENDED_CONNECTION;
data/bluez-5.55/tools/hex2hcd.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3];
data/bluez-5.55/tools/hex2hcd.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buffer[line_size];
data/bluez-5.55/tools/hex2hcd.c:171:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path + (ptr - input_path), ".hcd");
data/bluez-5.55/tools/hex2hcd.c:182:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
data/bluez-5.55/tools/hex2hcd.c:203:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(input_path, "r");
data/bluez-5.55/tools/hex2hcd.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/bluez-5.55/tools/hex2hcd.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char major[4];
data/bluez-5.55/tools/hex2hcd.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minor[4];
data/bluez-5.55/tools/hex2hcd.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char build[4];
data/bluez-5.55/tools/hex2hcd.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy1[5], dummy2[5];
data/bluez-5.55/tools/hex2hcd.c:272:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ver->num = atoi(ver->build) + (atoi(ver->minor) << 8) +
data/bluez-5.55/tools/hex2hcd.c:272:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ver->num = atoi(ver->build) + (atoi(ver->minor) << 8) +
data/bluez-5.55/tools/hex2hcd.c:273:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(ver->major) << 13);
data/bluez-5.55/tools/hex2hcd.c:306:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY);
data/bluez-5.55/tools/hid2hci.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[256];
data/bluez-5.55/tools/hid2hci.c:136:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disconnect.driver, "usbfs");
data/bluez-5.55/tools/hid2hci.c:206:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDWR);
data/bluez-5.55/tools/hid2hci.c:245:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disconnect.driver, "usbfs");
data/bluez-5.55/tools/hid2hci.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/bluez-5.55/tools/hid2hci.c:288:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR, O_CLOEXEC);
data/bluez-5.55/tools/hid2hci.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syspath[PATH_MAX];
data/bluez-5.55/tools/ibeacon.c:259:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(str);
data/bluez-5.55/tools/ibeacon.c:277:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
urandom_fd = open("/dev/urandom", O_RDONLY);
data/bluez-5.55/tools/l2cap-tester.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/l2cap-tester.c:748:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.pin_code, test->pin, test->pin_len);
data/bluez-5.55/tools/l2cap-tester.c:904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bluez-5.55/tools/l2cap-tester.c:927:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bluez-5.55/tools/l2ping.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/tools/l2ping.c:276:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &bdaddr);
data/bluez-5.55/tools/l2ping.c:282:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay = atoi(optarg);
data/bluez-5.55/tools/l2ping.c:300:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(optarg);
data/bluez-5.55/tools/l2ping.c:304:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(optarg);
data/bluez-5.55/tools/l2ping.c:308:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(optarg);
data/bluez-5.55/tools/l2test.c:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bfr[80];
data/bluez-5.55/tools/l2test.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ba[18];
data/bluez-5.55/tools/l2test.c:838:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[30];
data/bluez-5.55/tools/l2test.c:909:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ts, "[%ld.%ld] ",
data/bluez-5.55/tools/l2test.c:957:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/bluez-5.55/tools/l2test.c:1104:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[48];
data/bluez-5.55/tools/l2test.c:1420:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data_size = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1425:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &bdaddr);
data/bluez-5.55/tools/l2test.c:1431:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psm = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1435:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imtu = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1439:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
omtu = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1443:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
linger = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1447:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
defer_setup = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1455:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_frames = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1459:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1463:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
send_delay = atoi(optarg) * 1000;
data/bluez-5.55/tools/l2test.c:1467:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
recv_delay = atoi(optarg) * 1000;
data/bluez-5.55/tools/l2test.c:1493:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
priority = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1497:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fcs = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1533:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_transmit = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1537:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
txwin_size = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1541:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cid = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1545:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rcvbuf = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1560:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seq_start = atoi(optarg);
data/bluez-5.55/tools/l2test.c:1564:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
disc_delay = atoi(optarg) * 1000;
data/bluez-5.55/tools/mcaptest.c:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdastr[18];
data/bluez-5.55/tools/mcaptest.c:377:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &src);
data/bluez-5.55/tools/mcaptest.c:405:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mcl_disconnect_timeout = atoi(optarg);
data/bluez-5.55/tools/mcaptest.c:410:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mdl_disconnect_timeout = atoi(optarg);
data/bluez-5.55/tools/mcaptest.c:430:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ccpsm = atoi(optarg);
data/bluez-5.55/tools/mcaptest.c:435:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dcpsm = atoi(optarg);
data/bluez-5.55/tools/mesh-cfgclient.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/bluez-5.55/tools/mesh-cfgclient.c:452:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob_data, buf, len);
data/bluez-5.55/tools/mesh-gatt/config-client.c:527:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n, key, 16);
data/bluez-5.55/tools/mesh-gatt/config-client.c:606:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n, key, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[CMSG_SPACE(sizeof(alg_op))];
data/bluez-5.55/tools/mesh-gatt/crypto.c:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmsg), &alg_op, sizeof(alg_op));
data/bluez-5.55/tools/mesh-gatt/crypto.c:119:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_type, "skcipher");
data/bluez-5.55/tools/mesh-gatt/crypto.c:120:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_name, "ecb(aes)");
data/bluez-5.55/tools/mesh-gatt/crypto.c:175:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_type, "hash");
data/bluez-5.55/tools/mesh-gatt/crypto.c:176:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_name, "cmac(aes)");
data/bluez-5.55/tools/mesh-gatt/crypto.c:269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmsg + 1, nonce, 13);
data/bluez-5.55/tools/mesh-gatt/crypto.c:282:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmsg + 1, nonce, 13);
data/bluez-5.55/tools/mesh-gatt/crypto.c:346:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmsg + 1, nonce, 13);
data/bluez-5.55/tools/mesh-gatt/crypto.c:371:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmsg + 1, nonce, 13);
data/bluez-5.55/tools/mesh-gatt/crypto.c:389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_msg + msg_len, mic, mic_size);
data/bluez-5.55/tools/mesh-gatt/crypto.c:433:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmsg + 1, nonce, 13);
data/bluez-5.55/tools/mesh-gatt/crypto.c:446:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmsg + 1, nonce, 13);
data/bluez-5.55/tools/mesh-gatt/crypto.c:496:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmsg + 1, nonce, 13);
data/bluez-5.55/tools/mesh-gatt/crypto.c:508:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_msg + (j * 16), msg, last_blk);
data/bluez-5.55/tools/mesh-gatt/crypto.c:526:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmsg + 1, nonce, 13);
data/bluez-5.55/tools/mesh-gatt/crypto.c:538:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_msg + (j * 16), msg, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:614:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage, p, p_len);
data/bluez-5.55/tools/mesh-gatt/crypto.c:622:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage, output, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:623:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage + 16, p, p_len);
data/bluez-5.55/tools/mesh-gatt/crypto.c:629:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(enc_key, output, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:631:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage, output, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:632:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stage + 16, p, p_len);
data/bluez-5.55/tools/mesh-gatt/crypto.c:638:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(priv_key, output, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:649:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool crypto_128(const uint8_t n[16], const char *s, uint8_t out128[16])
data/bluez-5.55/tools/mesh-gatt/crypto.c:678:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 6, id + 8, 8);
data/bluez-5.55/tools/mesh-gatt/crypto.c:681:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(id + 8, tmp + 6, 8);
data/bluez-5.55/tools/mesh-gatt/crypto.c:690:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(id, tmp + 8, 8);
data/bluez-5.55/tools/mesh-gatt/crypto.c:726:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out64, tmp + 8, 8);
data/bluez-5.55/tools/mesh-gatt/crypto.c:762:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + 1, network_id, 8);
data/bluez-5.55/tools/mesh-gatt/crypto.c:940:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nonce, tmp + 3, 13);
data/bluez-5.55/tools/mesh-gatt/crypto.c:960:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, conf_salt, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:961:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 16, prov_rand, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:962:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 32, dev_rand, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:1056:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(privacy_counter + 9, packet + 7, 7);
data/bluez-5.55/tools/mesh-gatt/crypto.c:1082:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(privacy_counter + 9, packet + 7, 7);
data/bluez-5.55/tools/mesh-gatt/crypto.c:1087:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, packet, packet_len);
data/bluez-5.55/tools/mesh-gatt/crypto.c:1157:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/bluez-5.55/tools/mesh-gatt/gatt.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gatt_pkt + gatt_size, data, size);
data/bluez-5.55/tools/mesh-gatt/gatt.c:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gatt_pkt + gatt_size, data, size);
data/bluez-5.55/tools/mesh-gatt/net.c:401:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(app_key->new.key, key, 16);
data/bluez-5.55/tools/mesh-gatt/net.c:415:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(app_key->current.key, key, 16);
data/bluez-5.55/tools/mesh-gatt/net.c:442:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_key->new.net_key, key, 16);
data/bluez-5.55/tools/mesh-gatt/net.c:471:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_key->current.net_key, key, 16);
data/bluez-5.55/tools/mesh-gatt/net.c:667:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, buf, 16);
data/bluez-5.55/tools/mesh-gatt/net.c:1145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(decode->packet, tmp, decode->size);
data/bluez-5.55/tools/mesh-gatt/net.c:1313:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PKT_TRANS(data) + 4,
data/bluez-5.55/tools/mesh-gatt/net.c:1325:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PKT_TRANS(data) + 1,
data/bluez-5.55/tools/mesh-gatt/net.c:1523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trans, out_msg, len);
data/bluez-5.55/tools/mesh-gatt/net.c:1840:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sar->data + 1 + (12 * segO), trans + 4, 12);
data/bluez-5.55/tools/mesh-gatt/net.c:2091:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sar_ctl.data, buf, len);
data/bluez-5.55/tools/mesh-gatt/node.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->dev_uuid, prov->dev_uuid, 16);
data/bluez-5.55/tools/mesh-gatt/node.c:342:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->dev_key, key, 16);
data/bluez-5.55/tools/mesh-gatt/node.c:878:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(model->pub, pub, (sizeof(struct mesh_publication)));
data/bluez-5.55/tools/mesh-gatt/prov-db.c:68:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename,O_RDONLY);
data/bluez-5.55/tools/mesh-gatt/prov-db.c:104:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(out_filename, "wr");
data/bluez-5.55/tools/mesh-gatt/prov-db.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/bluez-5.55/tools/mesh-gatt/prov-db.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9];
data/bluez-5.55/tools/mesh-gatt/prov-db.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/bluez-5.55/tools/mesh-gatt/prov-db.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9];
data/bluez-5.55/tools/mesh-gatt/prov-db.c:544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexstr[33];
data/bluez-5.55/tools/mesh-gatt/prov.c:265:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth + 16, buf, len);
data/bluez-5.55/tools/mesh-gatt/prov.c:272:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth +
data/bluez-5.55/tools/mesh-gatt/prov.c:292:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *in_action[3] = {
data/bluez-5.55/tools/mesh-gatt/prov.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_oob_display[100];
data/bluez-5.55/tools/mesh-gatt/prov.c:310:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, prov->conf_in.dev_pub_key, 64);
data/bluez-5.55/tools/mesh-gatt/prov.c:379:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth + 16, in_ascii, size);
data/bluez-5.55/tools/mesh-gatt/prov.c:401:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + 2, prov->conf_in.prv_pub_key, 64);
data/bluez-5.55/tools/mesh-gatt/prov.c:413:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->conf_in.dev_pub_key, buf, 64);
data/bluez-5.55/tools/mesh-gatt/prov.c:467:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prov->conf_in.caps, buf, len);
data/bluez-5.55/tools/mesh-gatt/prov.c:552:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + 2, &prov->conf_in.start, 5);
data/bluez-5.55/tools/mesh-gatt/prov.c:569:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->conf_in.dev_pub_key, buf + 1, 64);
data/bluez-5.55/tools/mesh-gatt/prov.c:585:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->mesh_conf, buf + 1, 16);
data/bluez-5.55/tools/mesh-gatt/prov.c:588:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + 2, prov->rand_auth, 16);
data/bluez-5.55/tools/mesh-gatt/prov.c:607:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prov->rand_auth, buf + 1, 16);
data/bluez-5.55/tools/mesh-gatt/util.c:62:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bytes, "%2.2x ", data[i]);
data/bluez-5.55/tools/mesh/agent.c:107:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bt_put_be32(atoi(input), buf);
data/bluez-5.55/tools/mesh/cfgcli.c:1409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n, grp->label, 16);
data/bluez-5.55/tools/mesh/cfgcli.c:1512:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + n, grp->label, 16);
data/bluez-5.55/tools/mesh/cfgcli.c:1817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[33];
data/bluez-5.55/tools/mesh/mesh-db.c:67:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(fname, "w");
data/bluez-5.55/tools/mesh/mesh-db.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/bluez-5.55/tools/mesh/mesh-db.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9];
data/bluez-5.55/tools/mesh/mesh-db.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[33];
data/bluez-5.55/tools/mesh/mesh-db.c:271:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool add_u8_8(json_object *jobj, const char *desc,
data/bluez-5.55/tools/mesh/mesh-db.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[17];
data/bluez-5.55/tools/mesh/mesh-db.c:286:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool add_u8_16(json_object *jobj, const char *desc,
data/bluez-5.55/tools/mesh/mesh-db.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[33];
data/bluez-5.55/tools/mesh/mesh-db.c:801:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/bluez-5.55/tools/mesh/mesh-db.c:1193:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(token, cfg->token, 8);
data/bluez-5.55/tools/mesh/mesh-db.c:1328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/bluez-5.55/tools/mesh/mesh-db.c:1395:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool mesh_db_create(const char *fname, const uint8_t token[8],
data/bluez-5.55/tools/mesh/mesh-db.c:1414:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfg->token, token, 8);
data/bluez-5.55/tools/mesh/mesh-db.c:1472:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, O_RDONLY);
data/bluez-5.55/tools/mesh/mesh-db.h:24:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool mesh_db_create(const char *fname, const uint8_t token[8],
data/bluez-5.55/tools/mesh/mesh-db.h:44:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool mesh_db_add_provisioner(const char *name, uint8_t uuid[16],
data/bluez-5.55/tools/mesh/remote.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rmt->uuid, uuid, 16);
data/bluez-5.55/tools/meshctl.c:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt_uuid[16 * 2 + 1];
data/bluez-5.55/tools/meshctl.c:366:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt_uuid + (i * 2), "%2.2x", prov_data->dev_uuid[i]);
data/bluez-5.55/tools/meshctl.c:533:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[26];
data/bluez-5.55/tools/meshctl.c:594:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/bluez-5.55/tools/meshctl.c:693:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->dev_uuid, prov_data.dev_uuid, 16);
data/bluez-5.55/tools/meshctl.c:1131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data, len);
data/bluez-5.55/tools/meshctl.c:1966:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mesh_local_config_filename + len , "%c", '/');
data/bluez-5.55/tools/meshctl.c:1984:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mesh_prov_db_filename + len , "%c", '/');
data/bluez-5.55/tools/mgmt-tester.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/mgmt-tester.c:1765:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char set_adv_set_local_name_param[260] = { 'T', 'e', 's', 't', ' ',
data/bluez-5.55/tools/mgmt-tester.c:1915:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char set_local_name_param[260] = { 'T', 'e', 's', 't', ' ',
data/bluez-5.55/tools/mgmt-tester.c:1917:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_local_name_hci[248] = { 'T', 'e', 's', 't', ' ',
data/bluez-5.55/tools/mgmt-tester.c:1919:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_eir_local_name_hci_1[241] = { 0x00,
data/bluez-5.55/tools/mgmt-tester.c:2258:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_eir_uuid16_hci[241] = { 0x00,
data/bluez-5.55/tools/mgmt-tester.c:2260:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_eir_multi_uuid16_hci_1[241] = { 0x00,
data/bluez-5.55/tools/mgmt-tester.c:2263:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_eir_multi_uuid16_hci_2[241] = { 0x00,
data/bluez-5.55/tools/mgmt-tester.c:2310:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_eir_uuid32_hci[241] = { 0x00,
data/bluez-5.55/tools/mgmt-tester.c:2313:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_eir_uuid32_multi_hci[241] = { 0x00,
data/bluez-5.55/tools/mgmt-tester.c:2356:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_eir_uuid128_hci[241] = { 0x00,
data/bluez-5.55/tools/mgmt-tester.c:2360:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_eir_uuid128_multi_hci[241] = { 0x00,
data/bluez-5.55/tools/mgmt-tester.c:2397:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char write_eir_uuid_mix_hci[241] = { 0x00,
data/bluez-5.55/tools/mgmt-tester.c:2636:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char load_ltks_invalid_param_4[22] = { 0x1d, 0x07 };
data/bluez-5.55/tools/mgmt-tester.c:2699:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, hciemu_get_client_bdaddr(data->hciemu), 6);
data/bluez-5.55/tools/mgmt-tester.c:2720:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, hciemu_get_client_bdaddr(data->hciemu), 6);
data/bluez-5.55/tools/mgmt-tester.c:2806:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bdaddr, hciemu_get_client_bdaddr(data->hciemu), 6);
data/bluez-5.55/tools/mgmt-tester.c:2938:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, hciemu_get_client_bdaddr(data->hciemu), 6);
data/bluez-5.55/tools/mgmt-tester.c:2939:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(¶m[6], test->expect_hci_param, 3);
data/bluez-5.55/tools/mgmt-tester.c:3463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, hciemu_get_client_bdaddr(data->hciemu), 6);
data/bluez-5.55/tools/mgmt-tester.c:3812:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, hciemu_get_client_bdaddr(data->hciemu), 6);
data/bluez-5.55/tools/mgmt-tester.c:3825:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, hciemu_get_client_bdaddr(data->hciemu), 6);
data/bluez-5.55/tools/mgmt-tester.c:3844:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, hciemu_get_client_bdaddr(data->hciemu), 6);
data/bluez-5.55/tools/mgmt-tester.c:3873:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param, hciemu_get_client_bdaddr(data->hciemu), 6);
data/bluez-5.55/tools/mgmt-tester.c:5474:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uuid_param[12], &val, sizeof(val));
data/bluez-5.55/tools/mgmt-tester.c:5573:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uuid_param[12], &val, sizeof(val));
data/bluez-5.55/tools/mgmt-tester.c:5679:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:5701:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:5727:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:5829:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:5856:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:5902:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:5928:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:5960:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:5985:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:6048:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.pin_code, test->pin, test->pin_len);
data/bluez-5.55/tools/mgmt-tester.c:7962:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:8000:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adv_param[sizeof(*cp) + TESTER_ADD_ADV_DATA_LEN];
data/bluez-5.55/tools/mgmt-tester.c:8762:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cp.addr.bdaddr, client_bdaddr, 6);
data/bluez-5.55/tools/mpris-proxy.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[2] = { type, '\0' };
data/bluez-5.55/tools/mpris-proxy.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_sig[2] = { type, '\0' };
data/bluez-5.55/tools/mpris-proxy.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array_sig[3] = { DBUS_TYPE_ARRAY, type, '\0' };
data/bluez-5.55/tools/nokfw.c:170:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY | O_CLOEXEC);
data/bluez-5.55/tools/obex-client-tool.c:133:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_RDONLY | O_NOCTTY, 0);
data/bluez-5.55/tools/obex-client-tool.c:176:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[1], O_WRONLY | O_CREAT | O_NOCTTY, 0600);
data/bluez-5.55/tools/obex-server-tool.c:145:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data->fd = open(name, O_WRONLY | O_CREAT | O_NOCTTY, 0600);
data/bluez-5.55/tools/obex-server-tool.c:204:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data->fd = open(name, O_RDONLY | O_NOCTTY, 0);
data/bluez-5.55/tools/oobtest.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/tools/oobtest.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/tools/oobtest.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/tools/oobtest.c:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/tools/oobtest.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/tools/oobtest.c:267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.hash192, hash192, 16);
data/bluez-5.55/tools/oobtest.c:269:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.rand192, rand192, 16);
data/bluez-5.55/tools/oobtest.c:277:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.hash256, hash256, 16);
data/bluez-5.55/tools/oobtest.c:278:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp.rand256, rand256, 16);
data/bluez-5.55/tools/oobtest.c:417:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/tools/oobtest.c:695:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/bluez-5.55/tools/parser/bnep.c:65:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[20];
data/bluez-5.55/tools/parser/bnep.c:68:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%02x:%02x:%02x:%02x:%02x:%02x",
data/bluez-5.55/tools/parser/cmtp.c:77:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, msg->data, msg->data_len);
data/bluez-5.55/tools/parser/cmtp.c:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + msg->data_len, frm->ptr, len);
data/bluez-5.55/tools/parser/csr.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/csr.c:132:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char features[8];
data/bluez-5.55/tools/parser/csr.c:135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(features, frm->ptr, 8);
data/bluez-5.55/tools/parser/csr.c:146:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char commands[64];
data/bluez-5.55/tools/parser/csr.c:149:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(commands, frm->ptr, frm->len);
data/bluez-5.55/tools/parser/csr.c:598:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *event_str[EVENT_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:132:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ev_le_meta_str[LE_EV_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:142:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cmd_linkctl_str[CMD_LINKCTL_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:207:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cmd_linkpol_str[CMD_LINKPOL_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:229:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cmd_hostctl_str[CMD_HOSTCTL_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:343:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cmd_info_str[CMD_INFO_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:358:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cmd_status_str[CMD_STATUS_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:374:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cmd_testing_str[CMD_TESTING_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:383:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cmd_le_str[CMD_LE_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:419:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *error_code_str[ERROR_CODE_NUM + 1] = {
data/bluez-5.55/tools/parser/hci.c:712:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *eventmask2str(const uint8_t mask[8])
data/bluez-5.55/tools/parser/hci.c:741:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *lefeatures2str(const uint8_t features[8])
data/bluez-5.55/tools/parser/hci.c:858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18], *str;
data/bluez-5.55/tools/parser/hci.c:959:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:972:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:985:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18], pin[17];
data/bluez-5.55/tools/parser/hci.c:993:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pin, cp->pin_code, cp->pin_len);
data/bluez-5.55/tools/parser/hci.c:1000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1017:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1027:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1037:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1089:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1281:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev_class, cp->condition, 3);
data/bluez-5.55/tools/parser/hci.c:1282:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev_mask, cp->condition + 3, 3);
data/bluez-5.55/tools/parser/hci.c:1322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, frm->ptr + 6, 16);
data/bluez-5.55/tools/parser/hci.c:1357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[249];
data/bluez-5.55/tools/parser/hci.c:1511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1607:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:1618:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:2037:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:2203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[249];
data/bluez-5.55/tools/parser/hci.c:3040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3061:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3079:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18], name[249];
data/bluez-5.55/tools/parser/hci.c:3233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3507:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3539:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3576:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/hci.c:3594:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/l2cap.c:1586:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fr->data, frm->ptr, frm->len);
data/bluez-5.55/tools/parser/l2cap.c:1620:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fr->data + fr->len, frm->ptr, frm->len);
data/bluez-5.55/tools/parser/lmp.c:107:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pairing_data.in_rand, val, 16);
data/bluez-5.55/tools/parser/lmp.c:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pairing_data.comb_key_m, val, 16);
data/bluez-5.55/tools/parser/lmp.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pairing_data.comb_key_s, val, 16);
data/bluez-5.55/tools/parser/lmp.c:141:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pairing_data.au_rand_m, val, 16);
data/bluez-5.55/tools/parser/lmp.c:145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pairing_data.au_rand_s, val, 16);
data/bluez-5.55/tools/parser/lmp.c:165:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pairing_data.sres_m, val, 4);
data/bluez-5.55/tools/parser/lmp.c:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pairing_data.sres_s, val, 4);
data/bluez-5.55/tools/parser/lmp.c:927:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/parser.c:176:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, fr->ptr, fr->len);
data/bluez-5.55/tools/parser/parser.c:179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + fr->len, frm->ptr, frm->len);
data/bluez-5.55/tools/parser/parser.h:157:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%2.2X:%2.2X:%2.2X:*:*:*", b[0], b[1], b[2]);
data/bluez-5.55/tools/parser/sdp.c:634:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, fr->data, len);
data/bluez-5.55/tools/parser/sdp.c:635:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + len, frm->ptr, count);
data/bluez-5.55/tools/parser/sdp.c:637:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, frm->ptr, count);
data/bluez-5.55/tools/parser/smp.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/parser/tcpip.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/bluez-5.55/tools/parser/tcpip.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[50], dst[50];
data/bluez-5.55/tools/parser/tcpip.c:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sai.sin_addr, &ip->ip_src, sizeof(struct in_addr));
data/bluez-5.55/tools/parser/tcpip.c:90:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sai.sin_addr, &ip->ip_dst, sizeof(struct in_addr));
data/bluez-5.55/tools/parser/tcpip.c:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sai6.sin6_addr, &ip6->ip6_src, sizeof(struct in6_addr));
data/bluez-5.55/tools/parser/tcpip.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sai6.sin6_addr, &ip6->ip6_dst, sizeof(struct in6_addr));
data/bluez-5.55/tools/rctest.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ba[18];
data/bluez-5.55/tools/rctest.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[30];
data/bluez-5.55/tools/rctest.c:516:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ts, "[%ld.%ld] ",
data/bluez-5.55/tools/rctest.c:562:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/bluez-5.55/tools/rctest.c:639:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[18];
data/bluez-5.55/tools/rctest.c:647:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
save_fd = open(savefile, O_CREAT | O_WRONLY,
data/bluez-5.55/tools/rctest.c:757:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &auto_bdaddr);
data/bluez-5.55/tools/rctest.c:763:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data_size = atoi(optarg);
data/bluez-5.55/tools/rctest.c:768:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &bdaddr);
data/bluez-5.55/tools/rctest.c:774:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channel = atoi(optarg);
data/bluez-5.55/tools/rctest.c:783:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uuid = atoi(optarg);
data/bluez-5.55/tools/rctest.c:803:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
linger = atoi(optarg);
data/bluez-5.55/tools/rctest.c:807:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
defer_setup = atoi(optarg);
data/bluez-5.55/tools/rctest.c:819:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_frames = atoi(optarg);
data/bluez-5.55/tools/rctest.c:823:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(optarg);
data/bluez-5.55/tools/rctest.c:827:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay = atoi(optarg) * 1000;
data/bluez-5.55/tools/rctest.c:831:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
priority = atoi(optarg);
data/bluez-5.55/tools/rfcomm-tester.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/rfcomm-tester.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[248];
data/bluez-5.55/tools/rfcomm-tester.c:582:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bluez-5.55/tools/rfcomm.c:83:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[100];
data/bluez-5.55/tools/rfcomm.c:89:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "reuse-dlc ");
data/bluez-5.55/tools/rfcomm.c:92:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "release-on-hup ");
data/bluez-5.55/tools/rfcomm.c:95:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "tty-attached");
data/bluez-5.55/tools/rfcomm.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[18], dst[18], addr[40];
data/bluez-5.55/tools/rfcomm.c:162:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
req.channel = atoi(argv[2]);
data/bluez-5.55/tools/rfcomm.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18], devname[MAXPATHLEN];
data/bluez-5.55/tools/rfcomm.c:299:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
raddr.rc_channel = atoi(argv[2]);
data/bluez-5.55/tools/rfcomm.c:353:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
data/bluez-5.55/tools/rfcomm.c:360:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
data/bluez-5.55/tools/rfcomm.c:436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[18], devname[MAXPATHLEN];
data/bluez-5.55/tools/rfcomm.c:441:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
laddr.rc_channel = (argc < 2) ? 1 : atoi(argv[1]);
data/bluez-5.55/tools/rfcomm.c:511:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
data/bluez-5.55/tools/rfcomm.c:518:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
data/bluez-5.55/tools/rfcomm.c:619:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
struct rfcomm_dev_info di = { .id = atoi(argv[0]) };
data/bluez-5.55/tools/rfcomm.c:700:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &bdaddr);
data/bluez-5.55/tools/rfcomm.c:734:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
linger = atoi(optarg);
data/bluez-5.55/tools/rfcomm.c:767:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dev_id = atoi(argv[1] + 11);
data/bluez-5.55/tools/rfcomm.c:769:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dev_id = atoi(argv[1] + 6);
data/bluez-5.55/tools/rfcomm.c:771:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dev_id = atoi(argv[1]);
data/bluez-5.55/tools/rtlfw.c:115:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY | O_CLOEXEC);
data/bluez-5.55/tools/sco-tester.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/scotest.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ba[18];
data/bluez-5.55/tools/scotest.c:454:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data_size = atoi(optarg);
data/bluez-5.55/tools/scotest.c:458:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
defer_setup = atoi(optarg);
data/bluez-5.55/tools/sdptool.c:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char UUID_str[MAX_LEN_UUID_STR];
data/bluez-5.55/tools/sdptool.c:431:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data0, &uuid->value.uuid128.data[0], 4);
data/bluez-5.55/tools/sdptool.c:432:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data1, &uuid->value.uuid128.data[4], 2);
data/bluez-5.55/tools/sdptool.c:433:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data2, &uuid->value.uuid128.data[6], 2);
data/bluez-5.55/tools/sdptool.c:434:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data3, &uuid->value.uuid128.data[8], 2);
data/bluez-5.55/tools/sdptool.c:435:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data4, &uuid->value.uuid128.data[10], 4);
data/bluez-5.55/tools/sdptool.c:436:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data5, &uuid->value.uuid128.data[14], 2);
data/bluez-5.55/tools/sdptool.c:1060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ServiceClassUUID_str[MAX_LEN_SERVICECLASS_UUID_STR];
data/bluez-5.55/tools/sdptool.c:1073:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_LEN_PROTOCOL_UUID_STR];
data/bluez-5.55/tools/sdptool.c:1143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_LEN_PROFILEDESCRIPTOR_UUID_STR];
data/bluez-5.55/tools/sdptool.c:3752:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
si.handle = atoi(optarg);
data/bluez-5.55/tools/sdptool.c:3758:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
si.psm = atoi(optarg);
data/bluez-5.55/tools/sdptool.c:3764:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
si.channel = atoi(optarg);
data/bluez-5.55/tools/sdptool.c:3770:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
si.network = atoi(optarg);
data/bluez-5.55/tools/sdptool.c:3898:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/bluez-5.55/tools/sdptool.c:3958:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sub_context, context, sizeof(struct search_context));
data/bluez-5.55/tools/sdptool.c:4157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/bluez-5.55/tools/sdptool.c:4389:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hci_devba(atoi(optarg + 3), &interface);
data/bluez-5.55/tools/seq2bseq.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3];
data/bluez-5.55/tools/seq2bseq.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buffer[line_size];
data/bluez-5.55/tools/seq2bseq.c:93:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path + (ptr - input_path), ".bseq");
data/bluez-5.55/tools/seq2bseq.c:104:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
data/bluez-5.55/tools/seq2bseq.c:125:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(input_path, "r");
data/bluez-5.55/tools/smp-tester.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/smp-tester.c:573:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], data->prnd, 16);
data/bluez-5.55/tools/smp-tester.c:577:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], data->local_pk, 64);
data/bluez-5.55/tools/smp-tester.c:660:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_data->pcnf, data + 1, 16);
data/bluez-5.55/tools/smp-tester.c:663:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_data->rrnd, data + 1, 16);
data/bluez-5.55/tools/smp-tester.c:673:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_data->remote_pk, data + 1, 64);
data/bluez-5.55/tools/smp-tester.c:822:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cp.addr.bdaddr, data->ra, sizeof(data->ra));
data/bluez-5.55/tools/test-runner.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX/2], initcmd[PATH_MAX], testargs[PATH_MAX];
data/bluez-5.55/tools/test-runner.c:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[CMDLINE_MAX];
data/bluez-5.55/tools/test-runner.c:269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argv, qemu_argv, sizeof(qemu_argv));
data/bluez-5.55/tools/test-runner.c:288:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(serdev, "pci-serial,chardev=bt%d", i);
data/bluez-5.55/tools/test-runner.c:306:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR | O_NOCTTY);
data/bluez-5.55/tools/test-runner.c:397:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/etc/dbus-1/system.conf", "we");
data/bluez-5.55/tools/test-runner.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3], *envp[1];
data/bluez-5.55/tools/test-runner.c:482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3], *envp[2];
data/bluez-5.55/tools/test-runner.c:552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[9], *envp[3];
data/bluez-5.55/tools/test-runner.c:599:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
argv[0] = (char *) test_table[idx];
data/bluez-5.55/tools/test-runner.c:704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[CMDLINE_MAX], *ptr, *cmds, *home = NULL;
data/bluez-5.55/tools/test-runner.c:707:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/proc/cmdline", "re");
data/bluez-5.55/tools/userchan-tester.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/bluez-5.55/tools/userchan-tester.c:259:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char param[1];
data/bluez-5.55/unit/test-avctp.c:155:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/unit/test-avdtp.c:187:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDWR, 0);
data/bluez-5.55/unit/test-avdtp.c:199:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/unit/test-avdtp.c:301:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(codec_caps->data, cap, sizeof(cap));
data/bluez-5.55/unit/test-avdtp.c:637:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(codec_caps->data, cap, sizeof(cap));
data/bluez-5.55/unit/test-avdtp.c:722:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cap->data, data, sizeof(data));
data/bluez-5.55/unit/test-avrcp.c:197:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/unit/test-avrcp.c:235:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/unit/test-avrcp.c:386:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *text[number];
data/bluez-5.55/unit/test-avrcp.c:411:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *text[number];
data/bluez-5.55/unit/test-avrcp.c:672:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *folders[1] = { "Filesystem" };
data/bluez-5.55/unit/test-eir.c:534:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[HCI_MAX_EIR_LENGTH];
data/bluez-5.55/unit/test-gatt.c:438:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/unit/test-gattrib.c:228:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->pdu, pdu, len);
data/bluez-5.55/unit/test-gdbus-client.c:423:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *value[2] = { "value1", "value2" };
data/bluez-5.55/unit/test-gobex-packet.c:168:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data, sizeof(data));
data/bluez-5.55/unit/test-gobex-transfer.c:218:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY | O_NOCTTY, 0);
data/bluez-5.55/unit/test-gobex-transfer.c:251:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, body_data, sizeof(body_data));
data/bluez-5.55/unit/test-gobex-transfer.c:270:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, body_data, sizeof(body_data));
data/bluez-5.55/unit/test-gobex-transfer.c:1116:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY | O_NOCTTY, 0);
data/bluez-5.55/unit/test-gobex.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/bluez-5.55/unit/test-gobex.c:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/bluez-5.55/unit/test-gobex.c:495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/bluez-5.55/unit/test-gobex.c:639:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data, sizeof(data));
data/bluez-5.55/unit/test-hfp.c:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/bluez-5.55/unit/test-hfp.c:414:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/bluez-5.55/unit/test-hfp.c:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/bluez-5.55/unit/test-hfp.c:462:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/bluez-5.55/unit/test-hfp.c:580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3];
data/bluez-5.55/unit/test-hfp.c:597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3];
data/bluez-5.55/unit/test-hfp.c:614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/bluez-5.55/unit/test-hog.c:149:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/unit/test-hog.c:202:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
data/bluez-5.55/unit/test-mesh-crypto.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *net_nonce[32];
data/bluez-5.55/unit/test-mesh-crypto.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *priv_rand[32];
data/bluez-5.55/unit/test-mesh-crypto.c:89:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *trans_pkt[32];
data/bluez-5.55/unit/test-mesh-crypto.c:90:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *net_msg[32];
data/bluez-5.55/unit/test-mesh-crypto.c:94:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *packet[32];
data/bluez-5.55/unit/test-mesh-crypto.c:1282:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_clr, pkt, pkt_len);
data/bluez-5.55/unit/test-mesh-crypto.c:1589:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(app_msg + (12 * i), net_msg + 6,
data/bluez-5.55/unit/test-mesh-crypto.c:1623:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(app_msg + (12 * i), net_msg + 3,
data/bluez-5.55/unit/test-mesh-crypto.c:1765:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(beacon + 2, net_id, 8);
data/bluez-5.55/unit/test-mesh-crypto.c:1802:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash_input + 6, rand, 8);
data/bluez-5.55/unit/test-mesh-crypto.c:1811:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(beacon + 1, hash + 8, 8);
data/bluez-5.55/unit/test-mesh-crypto.c:1812:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(beacon + 9, rand, 8);
data/bluez-5.55/unit/test-mgmt.c:117:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/unit/test-sdp.c:233:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/bluez-5.55/unit/test-sdp.c:256:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->cont_data, buf + rsp_pdu->raw_size,
data/bluez-5.55/unit/test-textfile.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[512];
data/bluez-5.55/unit/test-textfile.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[18], *str;
data/bluez-5.55/unit/test-textfile.c:96:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "11:11:11:11:11:11");
data/bluez-5.55/unit/test-textfile.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[18], value[512], *str;
data/bluez-5.55/unit/test-textfile.c:111:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:00");
data/bluez-5.55/unit/test-textfile.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[18], value[512], *str;
data/bluez-5.55/unit/test-textfile.c:132:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:00");
data/bluez-5.55/unit/test-textfile.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[18], value[512], *str;
data/bluez-5.55/unit/test-textfile.c:176:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:%02X", i);
data/bluez-5.55/unit/test-textfile.c:194:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:%02X", max);
data/bluez-5.55/unit/test-textfile.c:211:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:%02X", 1);
data/bluez-5.55/unit/test-textfile.c:229:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:%02X", i);
data/bluez-5.55/unit/test-textfile.c:244:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:%02X", 2);
data/bluez-5.55/unit/test-textfile.c:247:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:%02X", max - 3);
data/bluez-5.55/unit/test-textfile.c:252:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:%02X", 1);
data/bluez-5.55/unit/test-textfile.c:255:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:%02X", max);
data/bluez-5.55/unit/test-textfile.c:258:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "00:00:00:00:00:%02X", max + 1);
data/bluez-5.55/unit/test-uhid.c:157:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(struct uhid_event)];
data/bluez-5.55/unit/test-uuid.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/bluez-5.55/unit/util.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65535];
data/bluez-5.55/android/avctp.c:864:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(sock, buf, browsing->imtu);
data/bluez-5.55/android/avctp.c:947:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(sock, buf, control->imtu);
data/bluez-5.55/android/avctp.c:1047:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev.name, name, UINPUT_MAX_NAME_SIZE - 1);
data/bluez-5.55/android/avdtp.c:2006:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, session->buf, session->imtu);
data/bluez-5.55/android/avdtptest.c:256:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buf, imtu);
data/bluez-5.55/android/avrcp-lib.c:3158:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text[i]);
data/bluez-5.55/android/avrcp-lib.c:3232:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text[i]);
data/bluez-5.55/android/avrcp-lib.c:3440:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len[i] = strlen(folders[i]);
data/bluez-5.55/android/avrcp-lib.c:3526:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text[i]);
data/bluez-5.55/android/bluetooth.c:526:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((const char *) name), name);
data/bluez-5.55/android/bluetooth.c:1179:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name_buf);
data/bluez-5.55/android/bluetooth.c:1264:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dev->name), dev->name);
data/bluez-5.55/android/bluetooth.c:1314:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(ev.name, dev->name, strlen(dev->name));
data/bluez-5.55/android/bluetooth.c:1813:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (eir->name && strlen(eir->name)) {
data/bluez-5.55/android/bluetooth.c:1820:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dev->name), dev->name);
data/bluez-5.55/android/bluetooth.c:1827:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dev->friendly_name),
data/bluez-5.55/android/bluetooth.c:1876:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (eir->name && strlen(eir->name) && strcmp(dev->name, eir->name)) {
data/bluez-5.55/android/bluetooth.c:1880:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dev->name), dev->name);
data/bluez-5.55/android/bluetooth.c:1887:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dev->friendly_name),
data/bluez-5.55/android/bluetooth.c:3053:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || strlen(str) != 32)
data/bluez-5.55/android/bluetooth.c:3089:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!key || strlen(key) != 32)
data/bluez-5.55/android/bluetooth.c:3129:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || strlen(str) != 32)
data/bluez-5.55/android/bluetooth.c:3412:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_adapter_name((uint8_t *)adapter.name, strlen(adapter.name));
data/bluez-5.55/android/bluetooth.c:3900:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(adapter.name), adapter.name);
data/bluez-5.55/android/bluetooth.c:4845:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dev->friendly_name), dev->friendly_name);
data/bluez-5.55/android/bluetooth.c:4915:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dev->name), dev->name);
data/bluez-5.55/android/bluetooth.c:4921:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dev->friendly_name),
data/bluez-5.55/android/bluetooth.c:5481:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_adapter_name((uint8_t *)adapter.name, strlen(adapter.name));
data/bluez-5.55/android/client/haltest.c:320:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int count = read(fd_stack[fd_stack_pointer - 1], buf, 10);
data/bluez-5.55/android/client/history.c:49:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(line);
data/bluez-5.55/android/client/history.c:66:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line == NULL || strlen(line) == 0)
data/bluez-5.55/android/client/history.c:73:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&lines[last_line][0], line, LINE_SIZE - 1);
data/bluez-5.55/android/client/history.c:92:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf,
data/bluez-5.55/android/client/if-audio.c:210:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500);
data/bluez-5.55/android/client/if-bt.c:241:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pin_len = strlen(reply);
data/bluez-5.55/android/client/if-bt.c:562:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
property.len = strlen(argv[3]) + 1;
data/bluez-5.55/android/client/if-bt.c:664:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
property.len = strlen(argv[4]);
data/bluez-5.55/android/client/if-bt.c:811:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pin_len = strlen(argv[3]);
data/bluez-5.55/android/client/if-gatt.c:292:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = str + ((len >= 0) ? len : (int) strlen(str));
data/bluez-5.55/android/client/if-gatt.c:347:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = buf + strlen(buf);
data/bluez-5.55/android/client/if-gatt.c:354:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = buf + strlen(buf);
data/bluez-5.55/android/client/if-gatt.c:383:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = buf + strlen(buf);
data/bluez-5.55/android/client/if-gatt.c:390:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = buf + strlen(buf);
data/bluez-5.55/android/client/if-gatt.c:399:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = buf + strlen(buf);
data/bluez-5.55/android/client/if-gatt.c:1044:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
data/bluez-5.55/android/client/if-sco.c:162:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return stream_in->read(stream_in, buffer, buffer_size_in);
data/bluez-5.55/android/client/if-sco.c:232:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500);
data/bluez-5.55/android/client/if-sco.c:308:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500);
data/bluez-5.55/android/client/if-sco.c:796:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
STD_METHOD(read),
data/bluez-5.55/android/client/if-sock.c:100:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(pollfd->fd, &cs, sizeof(cs));
data/bluez-5.55/android/client/if-sock.c:256:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(sock_fd, &channel, 4);
data/bluez-5.55/android/client/if-sock.c:329:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(sock_fd, &channel, 4);
data/bluez-5.55/android/client/tabcompletion.c:75:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *e = p + (size > 0 ? size : (int) strlen(p));
data/bluez-5.55/android/client/tabcompletion.c:89:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(arg->ntcopy, arg->origin, len);
data/bluez-5.55/android/client/tabcompletion.c:125:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(name);
data/bluez-5.55/android/client/tabcompletion.c:141:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(prefix);
data/bluez-5.55/android/client/tabcompletion.c:248:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*e = p + strlen(p);
data/bluez-5.55/android/client/tabcompletion.c:281:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg1_size = strlen(arg1) + 1;
data/bluez-5.55/android/client/terminal.c:159:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(p);
data/bluez-5.55/android/client/terminal.c:213:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(line_buf);
data/bluez-5.55/android/client/terminal.c:235:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen(line_buf);
data/bluez-5.55/android/cutils/properties.h:52:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value, prop, PROPERTY_VALUE_MAX);
data/bluez-5.55/android/cutils/properties.h:56:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(value);
data/bluez-5.55/android/gatt.c:6853:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name));
data/bluez-5.55/android/gatt.c:6928:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gatt_db_attribute_read_result(attrib, id, 0, user_data, strlen(buf));
data/bluez-5.55/android/hal-audio-sbc.c:355:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/bluez-5.55/android/hal-audio-sbc.c:362:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < 0) {
data/bluez-5.55/android/hal-audio-sbc.c:364:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
frame_count, read);
data/bluez-5.55/android/hal-audio-sbc.c:369:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
consumed += read;
data/bluez-5.55/android/hal-audio.c:670:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/bluez-5.55/android/hal-audio.c:694:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read <= 0)
data/bluez-5.55/android/hal-audio.c:768:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
samples = read / (2 * popcount(out->cfg.channels));
data/bluez-5.55/android/hal-audio.c:770:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
consumed += read;
data/bluez-5.55/android/hal-bluetooth.c:450:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hal_prop->len = strlen(prop) + 1;
data/bluez-5.55/android/hal-handsfree-client.c:500:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->number_len = strlen(number) + 1;
data/bluez-5.55/android/hal-handsfree.c:576:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->len = strlen(cops) + 1;
data/bluez-5.55/android/hal-handsfree.c:667:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->len = strlen(rsp) + 1;
data/bluez-5.55/android/hal-handsfree.c:755:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->number_len = strlen(number) + 1;
data/bluez-5.55/android/hal-handsfree.c:813:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->number_len = strlen(number) + 1;
data/bluez-5.55/android/hal-health.c:112:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(reg->application_name) + 1;
data/bluez-5.55/android/hal-health.c:118:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(reg->provider_name) + 1;
data/bluez-5.55/android/hal-health.c:125:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(reg->srv_name) + 1;
data/bluez-5.55/android/hal-health.c:132:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(reg->srv_desp) + 1;
data/bluez-5.55/android/hal-health.c:155:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(reg->mdep_cfg[i].mdep_description) + 1;
data/bluez-5.55/android/hal-hidhost.c:305:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->len = strlen(report);
data/bluez-5.55/android/hal-hidhost.c:329:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->len = strlen(data);
data/bluez-5.55/android/hal-sco.c:1028:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(sco_fd, buffer + read_bytes, len);
data/bluez-5.55/android/hal-socket.c:53:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(cmd.name, service_name, strlen(service_name));
data/bluez-5.55/android/hal-utils.c:267:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "{");
data/bluez-5.55/android/hal-utils.c:276:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "}");
data/bluez-5.55/android/hal-utils.c:284:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "{");
data/bluez-5.55/android/hal-utils.c:293:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "}");
data/bluez-5.55/android/hal-utils.c:326:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(str, "}");
data/bluez-5.55/android/hal-utils.c:400:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(config_key) + sizeof(PROP_PREFIX) > sizeof(key))
data/bluez-5.55/android/handsfree-client.c:984:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ev->number_len = strlen((char *) ev->number) + 1;
data/bluez-5.55/android/handsfree-client.c:1034:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ev->name_len = strlen((char *) &ev->name[0]) + 1;
data/bluez-5.55/android/handsfree-client.c:1085:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ev->name_len = strlen((char *) &ev->name[0]) + 1;
data/bluez-5.55/android/handsfree-client.c:1105:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ev->number_len = strlen(number) + 1;
data/bluez-5.55/android/handsfree.c:319:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ev->len = strlen(command) + 1;
data/bluez-5.55/android/handsfree.c:532:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ev->number_len = strlen((char *) ev->number);
data/bluez-5.55/android/handsfree.c:1251:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("+CIND:") + 1;
data/bluez-5.55/android/handsfree.c:1254:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen("(\"\",(X,X)),");
data/bluez-5.55/android/handsfree.c:1255:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(dev->inds[i].name);
data/bluez-5.55/android/hardware/audio.h:412:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t (*read)(struct audio_stream_in *stream, void* buffer,
data/bluez-5.55/android/health.c:1152:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/android/hidhost.c:246:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bread = read(fd, buf, sizeof(buf));
data/bluez-5.55/android/hidhost.c:448:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bread = read(fd, buf, sizeof(buf));
data/bluez-5.55/android/ipc-tester.c:273:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/android/ipc-tester.c:439:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(cmd_sk, &response, sizeof(response)) < 0)
data/bluez-5.55/android/ipc-tester.c:486:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(signal_fd[0], buf, sizeof(buf));
data/bluez-5.55/android/ipc.c:167:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buf, sizeof(buf));
data/bluez-5.55/android/log.c:100:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vec[cnt + 2].iov_len = strlen(msg) + 1;
data/bluez-5.55/android/main.c:564:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/bluez-5.55/android/pan.c:92:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, BNEP_BRIDGE, IFNAMSIZ - 1);
data/bluez-5.55/android/pan.c:144:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, BNEP_BRIDGE, IF_NAMESIZE - 1);
data/bluez-5.55/android/pan.c:558:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev->iface, BNEP_NAP_INTERFACE, 16);
data/bluez-5.55/android/socket.c:582:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(rfsock->jv_sock, rfsock->buf, rfsock->buf_size);
data/bluez-5.55/android/socket.c:621:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(rfsock->bt_sock, rfsock->buf, rfsock->buf_size);
data/bluez-5.55/android/system-emulator.c:167:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/android/system-emulator.c:248:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0177);
data/bluez-5.55/android/test-ipc.c:105:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert(read(sk, buf, sizeof(buf)) == sizeof(struct ipc_hdr));
data/bluez-5.55/android/tester-main.c:197:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/bluez-5.55/android/tester-main.c:309:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/android/tester-main.c:530:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(exp_inst->p_name))) {
data/bluez-5.55/android/tester-main.c:1384:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *) bd_name->name));
data/bluez-5.55/android/tester-main.c:1415:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *) bd_name->name));
data/bluez-5.55/android/tester-main.c:2184:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(instances[i].p_name));
data/bluez-5.55/android/tester-main.c:2246:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(signal_fd[0], buf, sizeof(buf));
data/bluez-5.55/android/tester-socket.c:191:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sock_fd, &channel, sizeof(channel));
data/bluez-5.55/android/tester-socket.c:258:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(*action_data->fd, &channel, sizeof(channel));
data/bluez-5.55/attrib/interactive.c:881:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bluez-5.55/attrib/interactive.c:932:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/bluez-5.55/attrib/utils.c:110:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(str) / 2;
data/bluez-5.55/btio/btio.c:1559:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(sock, &c, 1) < 0) {
data/bluez-5.55/client/advertising.c:228:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ad.type && strlen(ad.type) > 0)
data/bluez-5.55/client/advertising.c:562:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/advertising.c:633:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/advertising.c:679:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/advertising.c:734:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/agent.c:193:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (entered > strlen(passkey_full))
data/bluez-5.55/client/agent.c:194:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entered = strlen(passkey_full);
data/bluez-5.55/client/gatt.c:530:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(uuid) == 4 && !strncasecmp(value + 4, uuid, 4))
data/bluez-5.55/client/main.c:450:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribute ? attribute + strlen(path) : "");
data/bluez-5.55/client/main.c:889:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:1356:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:1389:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:1406:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:1424:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:1442:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:1465:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:1488:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:1564:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bluez-5.55/client/main.c:1583:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!name || !strlen(name) || !strcmp("all", name))
data/bluez-5.55/client/main.c:1607:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1]))
data/bluez-5.55/client/main.c:1625:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:2089:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/client/main.c:2328:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bluez-5.55/client/main.c:2359:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bluez-5.55/client/main.c:2402:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bluez-5.55/client/main.c:2687:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1]))
data/bluez-5.55/emulator/amp.c:845:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(amp->phylink_path) + 1);
data/bluez-5.55/emulator/amp.c:846:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
amp->local_assoc_len = strlen(amp->phylink_path) + 2;
data/bluez-5.55/emulator/amp.c:988:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(amp->vhci_fd, buf, sizeof(buf));
data/bluez-5.55/emulator/b1ee.c:195:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/emulator/hciemu.c:138:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/emulator/hciemu.c:182:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/emulator/le.c:1944:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(hci->vhci_fd, buf, sizeof(buf));
data/bluez-5.55/emulator/phy.c:71:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, num_bytes);
data/bluez-5.55/emulator/serial.c:102:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(serial->fd, buf + serial->pkt_offset,
data/bluez-5.55/emulator/vhci.c:84:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(vhci->fd, buf, sizeof(buf));
data/bluez-5.55/gdbus/client.c:476:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path);
data/bluez-5.55/gdbus/object.c:712:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(parent_path))
data/bluez-5.55/gobex/gobex-apparam.c:233:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value) + 1;
data/bluez-5.55/gobex/gobex.c:69:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gboolean (*read) (GObex *obex, GError **err);
data/bluez-5.55/gobex/gobex.c:1345:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!obex->read(obex, &err))
data/bluez-5.55/lib/bluetooth.c:116:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) != 17)
data/bluez-5.55/lib/hci.c:621:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(m->str) + (pref ? strlen(pref) : 0) + 3;
data/bluez-5.55/lib/hci.c:621:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(m->str) + (pref ? strlen(pref) : 0) + 3;
data/bluez-5.55/lib/hci.c:640:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(off) + strlen(m->str) > maxwidth) {
data/bluez-5.55/lib/hci.c:640:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(off) + strlen(m->str) > maxwidth) {
data/bluez-5.55/lib/hci.c:804:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(m->str) +
data/bluez-5.55/lib/hci.c:805:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(pref ? strlen(pref) : 0) + 1;
data/bluez-5.55/lib/hci.c:826:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(off) + strlen(m->str) > maxwidth) {
data/bluez-5.55/lib/hci.c:826:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(off) + strlen(m->str) > maxwidth) {
data/bluez-5.55/lib/hci.c:931:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(str, "hci", 3) && strlen(str) >= 4) {
data/bluez-5.55/lib/hci.c:1182:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(dd, buf, sizeof(buf))) < 0) {
data/bluez-5.55/lib/hci.c:1603:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, (char *) rp.name, len);
data/bluez-5.55/lib/hci.c:1613:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) cp.name, name, sizeof(cp.name) - 1);
data/bluez-5.55/lib/hci.c:1659:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, (char *) rn.name, len);
data/bluez-5.55/lib/sdp.c:491:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen((char *) value);
data/bluez-5.55/lib/sdp.c:2209:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(sdpdata->val.str) < valuelen) {
data/bluez-5.55/lib/uuid.c:176:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(string) == 36 &&
data/bluez-5.55/lib/uuid.c:198:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(string) == 8 || strlen(string) == 10);
data/bluez-5.55/lib/uuid.c:198:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(string) == 8 || strlen(string) == 10);
data/bluez-5.55/lib/uuid.c:203:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(string) == 4 || strlen(string) == 6);
data/bluez-5.55/lib/uuid.c:203:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(string) == 4 || strlen(string) == 6);
data/bluez-5.55/mesh/keyring.c:58:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(net_key_dir) + 1 + 3 >= PATH_MAX)
data/bluez-5.55/mesh/keyring.c:58:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(net_key_dir) + 1 + 3 >= PATH_MAX)
data/bluez-5.55/mesh/keyring.c:91:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(app_key_dir) + 1 + 3 >= PATH_MAX)
data/bluez-5.55/mesh/keyring.c:91:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(app_key_dir) + 1 + 3 >= PATH_MAX)
data/bluez-5.55/mesh/keyring.c:104:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &old_key, sizeof(old_key)) == sizeof(old_key)) {
data/bluez-5.55/mesh/keyring.c:136:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &key, sizeof(key)) != sizeof(key) ||
data/bluez-5.55/mesh/keyring.c:164:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(app_key_dir) + 1 >= PATH_MAX)
data/bluez-5.55/mesh/keyring.c:164:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(app_key_dir) + 1 >= PATH_MAX)
data/bluez-5.55/mesh/keyring.c:206:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(dev_key_dir) + 1 + 4 >= PATH_MAX)
data/bluez-5.55/mesh/keyring.c:206:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(dev_key_dir) + 1 + 4 >= PATH_MAX)
data/bluez-5.55/mesh/keyring.c:248:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, key, sizeof(*key)) == sizeof(*key))
data/bluez-5.55/mesh/keyring.c:274:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, key, sizeof(*key)) == sizeof(*key))
data/bluez-5.55/mesh/keyring.c:304:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, dev_key, 16) == 16)
data/bluez-5.55/mesh/main.c:153:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optarg += strlen("generic");
data/bluez-5.55/mesh/main.c:250:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0077);
data/bluez-5.55/mesh/mesh-config-json.c:84:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(str, sizeof(char), strlen(str), outfile) < strlen(str))
data/bluez-5.55/mesh/mesh-config-json.c:84:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(str, sizeof(char), strlen(str), outfile) < strlen(str))
data/bluez-5.55/mesh/mesh-config-json.c:392:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(str, strlen(str), token, 8))
data/bluez-5.55/mesh/mesh-config-json.c:410:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(str, strlen(str), key_buf, 16))
data/bluez-5.55/mesh/mesh-config-json.c:437:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(str);
data/bluez-5.55/mesh/mesh-config-json.c:500:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(str, strlen(str), appkey->new_key, 16))
data/bluez-5.55/mesh/mesh-config-json.c:506:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(str, strlen(str), appkey->key, 16))
data/bluez-5.55/mesh/mesh-config-json.c:553:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(str, strlen(str), netkey->new_key, 16))
data/bluez-5.55/mesh/mesh-config-json.c:571:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(str, strlen(str), netkey->key, 16))
data/bluez-5.55/mesh/mesh-config-json.c:974:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/mesh/mesh-config-json.c:1051:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/mesh/mesh-config-json.c:1103:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/mesh/mesh-config-json.c:1222:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(str, "disabled", strlen("disabled")))
data/bluez-5.55/mesh/mesh-config-json.c:1225:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(str, "enabled", strlen("enabled")))
data/bluez-5.55/mesh/mesh-config-json.c:1228:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(str, "unsupported", strlen("unsupported")))
data/bluez-5.55/mesh/mesh-config-json.c:1726:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t max_len = strlen(cfgnode_name) + strlen(bak_ext);
data/bluez-5.55/mesh/mesh-config-json.c:1726:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t max_len = strlen(cfgnode_name) + strlen(bak_ext);
data/bluez-5.55/mesh/mesh-config-json.c:1733:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_buf) + max_len >= PATH_MAX)
data/bluez-5.55/mesh/mesh-config-json.c:2003:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(str + 2);
data/bluez-5.55/mesh/mesh-config-json.c:2326:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sz = read(fd, str, st.st_size);
data/bluez-5.55/mesh/mesh-config-json.c:2469:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(cfgdir_name) + strlen(cfgnode_name) +
data/bluez-5.55/mesh/mesh-config-json.c:2469:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(cfgdir_name) + strlen(cfgnode_name) +
data/bluez-5.55/mesh/mesh-config-json.c:2470:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(bak_ext);
data/bluez-5.55/mesh/mesh-config-json.c:2489:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node_len = strlen(entry->d_name);
data/bluez-5.55/mesh/node.c:396:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dir_name) >= PATH_MAX)
data/bluez-5.55/mesh/rpl.c:59:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(rpl_dir) + 15 >= PATH_MAX)
data/bluez-5.55/mesh/rpl.c:59:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(rpl_dir) + 15 >= PATH_MAX)
data/bluez-5.55/mesh/rpl.c:108:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(rpl_dir) + 15 >= PATH_MAX)
data/bluez-5.55/mesh/rpl.c:108:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(rpl_dir) + 15 >= PATH_MAX)
data/bluez-5.55/mesh/rpl.c:172:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, seq_txt, 6) == 6 &&
data/bluez-5.55/mesh/rpl.c:213:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(node_path) + strlen(rpl_dir) + 15;
data/bluez-5.55/mesh/rpl.c:213:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(node_path) + strlen(rpl_dir) + 15;
data/bluez-5.55/mesh/rpl.c:256:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(rpl_dir) + 15 >= PATH_MAX)
data/bluez-5.55/mesh/rpl.c:256:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(rpl_dir) + 15 >= PATH_MAX)
data/bluez-5.55/mesh/rpl.c:273:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(entry->d_name) != 8)
data/bluez-5.55/mesh/rpl.c:294:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(rpl_dir) + 15 >= PATH_MAX)
data/bluez-5.55/mesh/rpl.c:294:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node_path) + strlen(rpl_dir) + 15 >= PATH_MAX)
data/bluez-5.55/mesh/util.c:114:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dir, "/");
data/bluez-5.55/mesh/util.c:128:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dir, prev + 1, next - prev);
data/bluez-5.55/monitor/control.c:1178:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/bluez-5.55/monitor/control.c:1194:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, len - 1);
data/bluez-5.55/monitor/control.c:1357:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(data->fd, data->buf + data->offset,
data/bluez-5.55/monitor/jlink.c:144:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok))
data/bluez-5.55/monitor/jlink.c:150:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok)) {
data/bluez-5.55/monitor/jlink.c:160:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok))
data/bluez-5.55/monitor/jlink.c:216:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok)) {
data/bluez-5.55/monitor/jlink.c:224:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok))
data/bluez-5.55/monitor/jlink.c:230:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok))
data/bluez-5.55/monitor/jlink.c:253:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100);
data/bluez-5.55/monitor/main.c:151:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > sizeof(addr.sun_path) - 1) {
data/bluez-5.55/monitor/main.c:161:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
data/bluez-5.55/monitor/packet.c:141:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctrl_list[i].name, name, 19);
data/bluez-5.55/monitor/packet.c:163:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, ctrl_list[i].name, 20);
data/bluez-5.55/monitor/packet.c:407:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int extra_len = extra ? strlen(extra) : 0;
data/bluez-5.55/monitor/sdp.c:152:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, (const char *) data, size);
data/bluez-5.55/obexd/client/map.c:1228:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!subfolder || strlen(subfolder) == 0)
data/bluez-5.55/obexd/client/pbap.c:221:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(location) == 3)
data/bluez-5.55/obexd/client/pbap.c:532:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filterstr) < 4 || strlen(filterstr) > 5
data/bluez-5.55/obexd/client/pbap.c:532:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filterstr) < 4 || strlen(filterstr) > 5
data/bluez-5.55/obexd/client/session.c:1078:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur) == 0 || delim == NULL ||
data/bluez-5.55/obexd/client/session.c:1128:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((next = data->remaining[data->index]) && strlen(next) == 0)
data/bluez-5.55/obexd/client/session.c:1180:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->remaining = g_strsplit(strlen(path) ? path : "/", "/", 0);
data/bluez-5.55/obexd/client/transfer.c:755:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(transfer->fd, buf, len);
data/bluez-5.55/obexd/client/transfer.c:825:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(transfer->type) + 1);
data/bluez-5.55/obexd/client/transfer.c:867:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(transfer->type) + 1);
data/bluez-5.55/obexd/client/transfer.c:957:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(transfer->fd, *contents, st.st_size);
data/bluez-5.55/obexd/plugins/filesystem.c:239:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(GPOINTER_TO_INT(object), buf, count);
data/bluez-5.55/obexd/plugins/filesystem.c:380:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(object->err, buf, sizeof(buf)) > 0)
data/bluez-5.55/obexd/plugins/filesystem.c:627:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(obj->output, buf, count);
data/bluez-5.55/obexd/plugins/ftp.c:264:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == 0) {
data/bluez-5.55/obexd/plugins/ftp.c:369:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (is_valid_path(filename + strlen(obex_option_root_folder())))
data/bluez-5.55/obexd/plugins/irmc.c:173:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(irmc->sn, "12345", sizeof(irmc->sn) - 1);
data/bluez-5.55/obexd/plugins/irmc.c:174:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(irmc->manu, "obex", sizeof(irmc->manu) - 1);
data/bluez-5.55/obexd/plugins/irmc.c:175:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(irmc->model, "mymodel", sizeof(irmc->model) - 1);
data/bluez-5.55/obexd/plugins/mas.c:369:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
yesorno(entry->read));
data/bluez-5.55/obexd/plugins/messages-dummy.c:447:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/bluez-5.55/obexd/plugins/messages-tracker.c:254:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path == NULL || strlen(path) == 0)
data/bluez-5.55/obexd/plugins/messages.h:77:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gboolean read;
data/bluez-5.55/obexd/plugins/opp.c:91:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name == NULL || strlen(name) == 0) {
data/bluez-5.55/obexd/plugins/pbap.c:126:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) == 0)
data/bluez-5.55/obexd/plugins/pbap.c:547:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!name || strlen(name) == 0) {
data/bluez-5.55/obexd/plugins/pcsuite.c:436:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(obj->fd, buf, count);
data/bluez-5.55/obexd/plugins/phonebook-dummy.c:340:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read(dummy->fd, buffer, sizeof(buffer));
data/bluez-5.55/obexd/plugins/phonebook-dummy.c:376:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
child = (new_folder && strlen(new_folder) != 0);
data/bluez-5.55/obexd/plugins/phonebook-dummy.c:482:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
folder = g_strndup(filename, strlen(filename) - 4);
data/bluez-5.55/obexd/plugins/phonebook-ebook.c:257:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = vcard ? strlen(vcard) : 0;
data/bluez-5.55/obexd/plugins/phonebook-ebook.c:290:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(value))
data/bluez-5.55/obexd/plugins/phonebook-ebook.c:461:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
child = (new_folder && strlen(new_folder) != 0);
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:849:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (phone == NULL || strlen(phone) == 0)
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:868:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (address == NULL || strlen(address) == 0)
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:913:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (address == NULL || strlen(address) < ADDR_FIELD_AMOUNT)
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:961:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (url_val == NULL || strlen(url_val) == 0)
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:1021:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*field) > 0 || value == NULL || strlen(value) == 0)
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:1021:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*field) > 0 || value == NULL || strlen(value) == 0)
data/bluez-5.55/obexd/plugins/phonebook-tracker.c:1456:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
child = (new_folder && strlen(new_folder) != 0);
data/bluez-5.55/obexd/plugins/vcard.c:99:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_number = strlen(buf) / line_delimit + 1;
data/bluez-5.55/obexd/plugins/vcard.c:102:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_temp = MIN(line_delimit, strlen(buf) - line_delimit * i);
data/bluez-5.55/obexd/plugins/vcard.c:195:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_escape(format, escaped, field, LEN_MAX, strlen(field));
data/bluez-5.55/obexd/plugins/vcard.c:299:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
param_len = strlen(desc) + strlen(encoding) + strlen(charset) + 1;
data/bluez-5.55/obexd/plugins/vcard.c:299:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
param_len = strlen(desc) + strlen(encoding) + strlen(charset) + 1;
data/bluez-5.55/obexd/plugins/vcard.c:299:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
param_len = strlen(desc) + strlen(encoding) + strlen(charset) + 1;
data/bluez-5.55/obexd/plugins/vcard.c:305:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, size = strlen(field);
data/bluez-5.55/obexd/plugins/vcard.c:384:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->family && strlen(contact->family) > 0)
data/bluez-5.55/obexd/plugins/vcard.c:387:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->given && strlen(contact->given) > 0)
data/bluez-5.55/obexd/plugins/vcard.c:390:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->additional && strlen(contact->additional) > 0)
data/bluez-5.55/obexd/plugins/vcard.c:393:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->prefix && strlen(contact->prefix) > 0)
data/bluez-5.55/obexd/plugins/vcard.c:396:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->suffix && strlen(contact->suffix) > 0)
data/bluez-5.55/obexd/plugins/vcard.c:445:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!text || strlen(text) == 0) {
data/bluez-5.55/obexd/plugins/vcard.c:455:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_escape(format, field, text, LEN_MAX, strlen(text));
data/bluez-5.55/obexd/plugins/vcard.c:467:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!number || !strlen(number) || !type) {
data/bluez-5.55/obexd/plugins/vcard.c:527:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tag == NULL || strlen(tag) == 0)
data/bluez-5.55/obexd/plugins/vcard.c:530:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fld == NULL || (len = strlen(fld)) == 0) {
data/bluez-5.55/obexd/plugins/vcard.c:535:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (category && strlen(category)) {
data/bluez-5.55/obexd/plugins/vcard.c:562:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!address || !(len = strlen(address))) {
data/bluez-5.55/obexd/plugins/vcard.c:604:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!url || strlen(url) == 0) {
data/bluez-5.55/obexd/plugins/vcard.c:637:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_escape(format, field, url, LEN_MAX, strlen(url));
data/bluez-5.55/obexd/plugins/vcard.c:643:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->company && strlen(contact->company))
data/bluez-5.55/obexd/plugins/vcard.c:646:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (contact->department && strlen(contact->department))
data/bluez-5.55/obexd/plugins/vcard.c:737:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(field));
data/bluez-5.55/obexd/src/main.c:71:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/bluez-5.55/obexd/src/mimetype.h:38:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t (*read) (void *object, void *buf, size_t count);
data/bluez-5.55/obexd/src/obex.c:366:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = os->driver->read(os->object, buf, size);
data/bluez-5.55/obexd/src/plugin.c:119:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(PLUGINDIR) == 0)
data/bluez-5.55/plugins/autopair.c:106:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(pinbuf, pincode, strlen(pincode));
data/bluez-5.55/plugins/autopair.c:107:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(pincode);
data/bluez-5.55/plugins/autopair.c:206:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, &seed, sizeof(seed));
data/bluez-5.55/profiles/audio/a2dp.c:1987:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, size = strlen(caps); i < size; i += 2) {
data/bluez-5.55/profiles/audio/avctp.c:1024:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(sock, buf, browsing->imtu);
data/bluez-5.55/profiles/audio/avctp.c:1093:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(sock, buf, control->imtu);
data/bluez-5.55/profiles/audio/avctp.c:1191:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev.name, name, UINPUT_MAX_NAME_SIZE);
data/bluez-5.55/profiles/audio/avctp.c:1198:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dev.name);
data/bluez-5.55/profiles/audio/avctp.c:1199:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(suffix);
data/bluez-5.55/profiles/audio/avctp.c:1208:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev.name + len, suffix, slen);
data/bluez-5.55/profiles/audio/avdtp.c:2163:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, session->buf, session->imtu);
data/bluez-5.55/profiles/audio/avrcp.c:920:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_len = strlen(value);
data/bluez-5.55/profiles/audio/avrcp.c:1993:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name);
data/bluez-5.55/profiles/cups/hcrp.c:99:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, sizeof(buf));
data/bluez-5.55/profiles/cups/hcrp.c:129:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, sizeof(buf));
data/bluez-5.55/profiles/cups/hcrp.c:162:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, sizeof(buf));
data/bluez-5.55/profiles/cups/hcrp.c:343:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read(fd, buf, (credit > mtu) ? mtu : credit);
data/bluez-5.55/profiles/cups/main.c:111:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(data);
data/bluez-5.55/profiles/cups/main.c:776:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, ptr, 2);
data/bluez-5.55/profiles/cups/main.c:787:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(service, ptr + 1, 12);
data/bluez-5.55/profiles/cups/spp.c:104:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(fd, buf, sizeof(buf))) > 0) {
data/bluez-5.55/profiles/gap/gas.c:80:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(utf8_name, (char *) name, len);
data/bluez-5.55/profiles/health/hdp.c:876:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/profiles/health/hdp.c:1528:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/profiles/health/mcap.c:1788:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, sizeof(buf));
data/bluez-5.55/profiles/iap/main.c:123:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/profiles/iap/main.c:358:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/bluez-5.55/profiles/input/device.c:329:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, data, sizeof(data));
data/bluez-5.55/profiles/input/device.c:530:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, data, sizeof(data));
data/bluez-5.55/profiles/input/device.c:949:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) ev.u.create.name, req->name, sizeof(ev.u.create.name));
data/bluez-5.55/profiles/input/hog-lib.c:1010:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) ev.u.create.name, hog->name,
data/bluez-5.55/profiles/midi/midi.c:307:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(device_name, addr, sizeof(device_name));
data/bluez-5.55/profiles/network/bnep.c:123:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(req.device, dev, 16);
data/bluez-5.55/profiles/network/bnep.c:136:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev, req.device, 16);
data/bluez-5.55/profiles/network/bnep.c:160:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, devname, IF_NAMESIZE - 1);
data/bluez-5.55/profiles/network/bnep.c:184:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, devname, IF_NAMESIZE - 1);
data/bluez-5.55/profiles/network/bnep.c:236:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(sk, pkt, sizeof(pkt) - 1);
data/bluez-5.55/profiles/network/bnep.c:356:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(session->iface, iface, 16);
data/bluez-5.55/profiles/network/bnep.c:454:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1);
data/bluez-5.55/profiles/network/bnep.c:486:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1);
data/bluez-5.55/profiles/network/bnep.c:611:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sk, setup_data, len);
data/bluez-5.55/profiles/network/connection.c:142:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nc->dev, BNEP_INTERFACE, 16);
data/bluez-5.55/profiles/network/server.c:376:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(na->setup->dev, BNEP_INTERFACE, 16);
data/bluez-5.55/src/adapter.c:781:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(adapter->current_alias));
data/bluez-5.55/src/adapter.c:810:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(maxname, name, MAX_NAME_LENGTH - 1);
data/bluez-5.55/src/adapter.c:819:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) cp.name, maxname, sizeof(cp.name) - 1);
data/bluez-5.55/src/adapter.c:3498:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = MIN((strlen(str) / 2), blen);
data/bluez-5.55/src/adapter.c:3526:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || strlen(str) < 32)
data/bluez-5.55/src/adapter.c:3561:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!key || strlen(key) < 32)
data/bluez-5.55/src/adapter.c:3658:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || strlen(str) < 32)
data/bluez-5.55/src/adapter.c:3770:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str_irk) != 32 || str2buf(str_irk, irk, 16)) {
data/bluez-5.55/src/adapter.c:5794:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ret = sscanf(key, "%17s#%hhu#%08X", dst_addr, &type, &handle);
data/bluez-5.55/src/adapter.c:5796:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ret = sscanf(key, "%17s#%08X", dst_addr, &handle);
data/bluez-5.55/src/adapter.c:5948:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ret = sscanf(key, "%17s#%hhu#%04hX", dst_addr, &type, &handle);
data/bluez-5.55/src/adapter.c:5995:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ret = sscanf(key, "%17s#%hhu#%04hX", dst_addr, &type, &handle);
data/bluez-5.55/src/adapter.c:6590:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pattern_len = strlen(filter->pattern);
data/bluez-5.55/src/agent.c:506:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pin);
data/bluez-5.55/src/device.c:809:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(device->name) > 0) {
data/bluez-5.55/src/device.c:3122:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/src/device.c:3408:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(str)) {
data/bluez-5.55/src/device.c:4180:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(device->name, name, MAX_NAME_LENGTH);
data/bluez-5.55/src/device.c:4197:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, device->name, len - 1);
data/bluez-5.55/src/device.c:6271:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pin, pin ? strlen(pin) : 0);
data/bluez-5.55/src/eir.c:149:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(utf8_name, (char *) name, len);
data/bluez-5.55/src/eir.c:523:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/bluez-5.55/src/gatt-database.c:670:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(device_name);
data/bluez-5.55/src/gatt-database.c:2407:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(fd, buf, sizeof(buf));
data/bluez-5.55/src/main.c:897:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0077);
data/bluez-5.55/src/plugin.c:147:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(PLUGINDIR) == 0)
data/bluez-5.55/src/profile.c:1303:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rec = sdp_xml_parse_record(record, strlen(record));
data/bluez-5.55/src/profile.c:1975:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(svc_str, uuid_str, sizeof(svc_str));
data/bluez-5.55/src/rfkill.c:87:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/src/rfkill.c:120:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, sysname, sizeof(sysname) - 1) < 4) {
data/bluez-5.55/src/sdp-xml.c:132:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0, i = 0; i < strlen(data);) {
data/bluez-5.55/src/sdp-xml.c:156:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(data);
data/bluez-5.55/src/sdp-xml.c:330:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(data);
data/bluez-5.55/src/sdp-xml.c:490:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = strlen(ctx_data->stack_head->text);
data/bluez-5.55/src/sdp-xml.c:491:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int attrlen = strlen(attribute_values[i]);
data/bluez-5.55/src/shared/ad.c:256:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 2 + strlen(name);
data/bluez-5.55/src/shared/ad.c:426:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/bluez-5.55/src/shared/att.c:999:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(chan->fd, chan->buf, chan->mtu);
data/bluez-5.55/src/shared/btp.c:76:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1);
data/bluez-5.55/src/shared/btp.c:131:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(l_io_get_fd(btp->io), btp->buf, sizeof(btp->buf));
data/bluez-5.55/src/shared/btsnoop.c:104:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(btsnoop->fd, &hdr, BTSNOOP_HDR_SIZE);
data/bluez-5.55/src/shared/btsnoop.c:391:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(btsnoop->fd, &pkt, PKLG_PKT_SIZE);
data/bluez-5.55/src/shared/btsnoop.c:458:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(btsnoop->fd, data, toread);
data/bluez-5.55/src/shared/btsnoop.c:520:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(btsnoop->fd, &pkt, BTSNOOP_PKT_SIZE);
data/bluez-5.55/src/shared/btsnoop.c:548:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(btsnoop->fd, &pkt_type, 1);
data/bluez-5.55/src/shared/btsnoop.c:569:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(btsnoop->fd, data, toread);
data/bluez-5.55/src/shared/crypto.c:205:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(crypto->urandom, buf, num_bytes);
data/bluez-5.55/src/shared/crypto.c:253:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, outbuf, outlen);
data/bluez-5.55/src/shared/crypto.c:305:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, out, 16);
data/bluez-5.55/src/shared/crypto.c:617:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, out, 16);
data/bluez-5.55/src/shared/crypto.c:736:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, res, 16);
data/bluez-5.55/src/shared/ecc.c:95:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, ptr, left);
data/bluez-5.55/src/shared/hci.c:277:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/src/shared/hfp.c:210:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(data + context.offset) < 3)
data/bluez-5.55/src/shared/hfp.c:1088:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(data + context.offset) < 2)
data/bluez-5.55/src/shared/log.c:78:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdr.ident_len = strlen(label) + 1;
data/bluez-5.55/src/shared/log.c:154:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/src/shared/mainloop-notify.c:89:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, sock, sizeof(addr.sun_path) - 1);
data/bluez-5.55/src/shared/mainloop-notify.c:129:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = send(notify_fd, state, strlen(state), MSG_NOSIGNAL);
data/bluez-5.55/src/shared/mainloop-notify.c:145:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/bluez-5.55/src/shared/mainloop.c:255:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(data->fd, &expired, sizeof(expired));
data/bluez-5.55/src/shared/mgmt.c:324:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(mgmt->fd, mgmt->buf, mgmt->len);
data/bluez-5.55/src/shared/pcap.c:86:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(pcap->fd, &hdr, PCAP_HDR_SIZE);
data/bluez-5.55/src/shared/pcap.c:158:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(pcap->fd, &pkt, PCAP_PKT_SIZE);
data/bluez-5.55/src/shared/pcap.c:167:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(pcap->fd, data, toread);
data/bluez-5.55/src/shared/pcap.c:195:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(pcap->fd, &pkt, PCAP_PKT_SIZE);
data/bluez-5.55/src/shared/pcap.c:204:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(pcap->fd, &ppi, PCAP_PPI_SIZE);
data/bluez-5.55/src/shared/pcap.c:215:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(pcap->fd, data, toread - PCAP_PPI_SIZE);
data/bluez-5.55/src/shared/shell.c:57:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd, (int)(CMD_LENGTH - strlen(cmd)), args, desc)
data/bluez-5.55/src/shared/shell.c:60:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd, (int)(CMD_LENGTH - strlen(cmd)), "", desc)
data/bluez-5.55/src/shared/shell.c:128:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(entry->cmd) < 8 ? "\t" : "", entry->desc);
data/bluez-5.55/src/shared/shell.c:139:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(entry->cmd) < 8 ? "\t" : "",
data/bluez-5.55/src/shared/shell.c:177:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bluez-5.55/src/shared/shell.c:199:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/src/shared/shell.c:204:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
menu = find_menu(argv[1], strlen(argv[1]));
data/bluez-5.55/src/shared/shell.c:487:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(argv[0]);
data/bluez-5.55/src/shared/shell.c:491:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
submenu = find_menu(argv[0], strlen(argv[0]));
data/bluez-5.55/src/shared/shell.c:694:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(input))
data/bluez-5.55/src/shared/shell.c:728:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bluez-5.55/src/shared/shell.c:788:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = find_cmd(text + strlen(menu->name) + 1, menu->entries, &index);
data/bluez-5.55/src/shared/shell.c:815:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/bluez-5.55/src/shared/uhid.c:92:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, &ev, sizeof(ev));
data/bluez-5.55/src/shared/util.c:1058:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uuid);
data/bluez-5.55/src/shared/util.c:1213:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/src/shared/util.c:1214:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix_len = strlen(suffix);
data/bluez-5.55/src/storage.c:119:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mode, str, length);
data/bluez-5.55/src/storage.c:138:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/src/storage.c:155:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(str)/2;
data/bluez-5.55/src/textfile.c:54:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dir, "/");
data/bluez-5.55/src/textfile.c:68:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dir, prev + 1, next - prev);
data/bluez-5.55/src/textfile.c:141:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(key) + strlen(value) + 2;
data/bluez-5.55/src/textfile.c:141:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(key) + strlen(value) + 2;
data/bluez-5.55/src/textfile.c:218:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/bluez-5.55/src/textfile.c:237:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (value && ((ssize_t) strlen(value) == end - off - len - 1) &&
data/bluez-5.55/src/textfile.c:332:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/bluez-5.55/src/textfile.c:352:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, off + len + 1, end - off - len - 1);
data/bluez-5.55/src/uuid-helper.c:157:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(string) == 36 &&
data/bluez-5.55/src/uuid-helper.c:166:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(string);
data/bluez-5.55/tools/3dsp.c:590:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
data/bluez-5.55/tools/amptest.c:273:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/tools/amptest.c:445:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/tools/amptest.c:473:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/tools/avtest.c:212:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, sizeof(buf));
data/bluez-5.55/tools/avtest.c:422:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, sizeof(buf));
data/bluez-5.55/tools/avtest.c:677:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, sizeof(buf));
data/bluez-5.55/tools/avtest.c:710:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, sizeof(buf));
data/bluez-5.55/tools/bccmd.c:1072:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/bluez-5.55/tools/bccmd.c:1150:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(storage[i].str) + 1;
data/bluez-5.55/tools/bluemoon.c:514:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, firmware_data, st.st_size);
data/bluez-5.55/tools/bluemoon.c:792:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, firmware_data, st.st_size);
data/bluez-5.55/tools/bluemoon.c:971:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
data/bluez-5.55/tools/bneptest.c:93:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, bridge, IFNAMSIZ);
data/bluez-5.55/tools/bneptest.c:641:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bridge, optarg, 16);
data/bluez-5.55/tools/bneptest.c:646:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iface, optarg, 14);
data/bluez-5.55/tools/btattach.c:151:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(250 * 1000);
data/bluez-5.55/tools/btgatt-client.c:1255:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) != 32) {
data/bluez-5.55/tools/btgatt-client.c:1358:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/bluez-5.55/tools/btgatt-client.c:1373:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read <= 1) {
data/bluez-5.55/tools/btgatt-server.c:545:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(test_device_name);
data/bluez-5.55/tools/btgatt-server.c:812:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]) != 2) {
data/bluez-5.55/tools/btgatt-server.c:986:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) != 32) {
data/bluez-5.55/tools/btgatt-server.c:1074:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/bluez-5.55/tools/btgatt-server.c:1087:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < 0)
data/bluez-5.55/tools/btgatt-server.c:1090:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read <= 1) {
data/bluez-5.55/tools/btinfo.c:240:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
data/bluez-5.55/tools/btmgmt.c:91:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(arg) > 3 && !strncasecmp(arg, "hci", 3))
data/bluez-5.55/tools/btmgmt.c:134:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = MIN((strlen(hexstr) / 2), buflen);
data/bluez-5.55/tools/btmgmt.c:144:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen)
data/bluez-5.55/tools/btmgmt.c:148:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < buflen && i < (strlen / 2); i++)
data/bluez-5.55/tools/btmgmt.c:841:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(input);
data/bluez-5.55/tools/btmgmt.c:851:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(input) > 0)
data/bluez-5.55/tools/btmgmt.c:2115:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, cp.irk, sizeof(cp.irk)) != sizeof(cp.irk)) {
data/bluez-5.55/tools/btmgmt.c:2565:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) cp.name, argv[1], HCI_MAX_NAME_LENGTH);
data/bluez-5.55/tools/btmgmt.c:2567:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) cp.short_name, argv[2],
data/bluez-5.55/tools/btmgmt.c:2942:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 3 &&
data/bluez-5.55/tools/btmgmt.c:4161:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(optarg);
data/bluez-5.55/tools/btmgmt.c:4703:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(pattern_str);
data/bluez-5.55/tools/btmon-logger.c:297:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) > PATH_MAX) {
data/bluez-5.55/tools/btproxy.c:315:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(proxy->host_fd, proxy->host_buf + proxy->host_len,
data/bluez-5.55/tools/btproxy.c:445:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(proxy->dev_fd, proxy->dev_buf + proxy->dev_len,
data/bluez-5.55/tools/btproxy.c:633:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/bluez-5.55/tools/btproxy.c:649:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1);
data/bluez-5.55/tools/btproxy.c:827:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(unix_path) >
data/bluez-5.55/tools/btproxy.c:839:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
data/bluez-5.55/tools/btsnoop.c:106:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, &hdr, BTSNOOP_HDR_SIZE);
data/bluez-5.55/tools/btsnoop.c:176:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(input_fd[i], &input_pkt[i], BTSNOOP_PKT_SIZE);
data/bluez-5.55/tools/btsnoop.c:209:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(input_fd[select_input], buf, toread);
data/bluez-5.55/tools/btsnoop.c:259:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(input_fd[select_input],
data/bluez-5.55/tools/btsnoop.c:296:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, &pkt, BTSNOOP_PKT_SIZE);
data/bluez-5.55/tools/btsnoop.c:305:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, toread);
data/bluez-5.55/tools/btsnoop.c:369:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, &pkt, BTSNOOP_PKT_SIZE);
data/bluez-5.55/tools/btsnoop.c:378:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, toread);
data/bluez-5.55/tools/btsnoop.c:446:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, &pkt, BTSNOOP_PKT_SIZE);
data/bluez-5.55/tools/btsnoop.c:452:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, toread);
data/bluez-5.55/tools/check-selftest.c:48:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(25 * 1000);
data/bluez-5.55/tools/ciptool.c:77:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "[");
data/bluez-5.55/tools/ciptool.c:82:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "]");
data/bluez-5.55/tools/create-image.c:84:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, pad, namelen = strlen(name);
data/bluez-5.55/tools/csr.c:2815:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, off, end - off);
data/bluez-5.55/tools/csr_bcsp.c:126:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay * 100);
data/bluez-5.55/tools/csr_bcsp.c:146:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int res = read(fd, ch, 1);
data/bluez-5.55/tools/csr_bcsp.c:219:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay * 100);
data/bluez-5.55/tools/csr_h4.c:126:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, rp, 1) < 1)
data/bluez-5.55/tools/csr_h4.c:130:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, rp + 1, 2) < 2)
data/bluez-5.55/tools/csr_h4.c:134:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, rp + offset, sizeof(rp) - offset);
data/bluez-5.55/tools/eddystone.c:84:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(urandom_fd, cmd.addr, sizeof(cmd.addr));
data/bluez-5.55/tools/eddystone.c:258:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
data/bluez-5.55/tools/gatt-service.c:807:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/bluez-5.55/tools/hciattach.c:118:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, buf, 1);
data/bluez-5.55/tools/hciattach.c:128:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, buf + count, 3 - count);
data/bluez-5.55/tools/hciattach.c:141:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, buf + count, remain - (count - 3));
data/bluez-5.55/tools/hciattach.c:287:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(fd, buf, count);
data/bluez-5.55/tools/hciattach.c:701:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, rsp, sizeof(rsp));
data/bluez-5.55/tools/hciattach.c:1185:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/bluez-5.55/tools/hciattach.c:1309:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(opt) > PATH_MAX - (strlen(dev) + 1)) {
data/bluez-5.55/tools/hciattach.c:1309:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(opt) > PATH_MAX - (strlen(dev) + 1)) {
data/bluez-5.55/tools/hciattach_ath3k.c:339:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, &ptr[info->char_cnt], 2);
data/bluez-5.55/tools/hciattach_ath3k.c:344:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, &ptr[info->char_cnt], 2);
data/bluez-5.55/tools/hciattach_ath3k.c:516:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) <= 1)
data/bluez-5.55/tools/hciattach_ath3k.c:519:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(patch_loc, &ptr[sizeof(PATCH_LOC_KEY) - 1],
data/bluez-5.55/tools/hciattach_bcm43xx.c:90:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, (char *) &resp[7], MIN(name_len, size));
data/bluez-5.55/tools/hciattach_bcm43xx.c:268:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(fd_fw, &tx_buf[1], 3))) {
data/bluez-5.55/tools/hciattach_bcm43xx.c:278:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd_fw, &tx_buf[4], len) < 0) {
data/bluez-5.55/tools/hciattach_bcm43xx.c:333:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp(chip_name, entry->d_name, strlen(chip_name))) {
data/bluez-5.55/tools/hciattach_bcm43xx.c:334:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int name_len = strlen(entry->d_name);
data/bluez-5.55/tools/hciattach_intel.c:155:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &rb, 1) <= 0)
data/bluez-5.55/tools/hciattach_intel.c:164:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &entry->data[1], 3) < 0)
data/bluez-5.55/tools/hciattach_intel.c:169:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &entry->data[4], size) < 0)
data/bluez-5.55/tools/hciattach_intel.c:179:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &entry->data[1], 2) < 0)
data/bluez-5.55/tools/hciattach_intel.c:184:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &entry->data[3], size) < 0)
data/bluez-5.55/tools/hciattach_intel.c:547:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(300000);
data/bluez-5.55/tools/hciattach_qualcomm.c:120:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nr = read(fw, cmdp, sizeof(cmdp));
data/bluez-5.55/tools/hciattach_qualcomm.c:129:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FAILIF(read(fw, data, cmd->plen) != cmd->plen,
data/bluez-5.55/tools/hciattach_st.c:71:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, rp, 1) < 1)
data/bluez-5.55/tools/hciattach_st.c:75:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, rp + 1, 2) < 2)
data/bluez-5.55/tools/hciattach_st.c:79:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, rp + offset, sizeof(rp) - offset);
data/bluez-5.55/tools/hciattach_st.c:137:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pathname, ".");
data/bluez-5.55/tools/hciattach_st.c:149:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(d->d_name + strlen(d->d_name) - strlen(suffix),
data/bluez-5.55/tools/hciattach_st.c:149:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(d->d_name + strlen(d->d_name) - strlen(suffix),
data/bluez-5.55/tools/hciattach_st.c:150:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix, strlen(suffix)))
data/bluez-5.55/tools/hciattach_st.c:153:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(d->d_name, prefix, strlen(prefix)))
data/bluez-5.55/tools/hciattach_st.c:175:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, cmd + 1, 254);
data/bluez-5.55/tools/hciattach_ti.c:208:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000 * delay->msec);
data/bluez-5.55/tools/hciattach_tialt.c:121:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nr = read(fw, cmdp, sizeof(cmdp));
data/bluez-5.55/tools/hciattach_tialt.c:127:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FAILIF(read(fw, data, cmd->plen) != cmd->plen,
data/bluez-5.55/tools/hciconfig.c:814:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cls_str, "Keyboard", sizeof(cls_str));
data/bluez-5.55/tools/hciconfig.c:817:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cls_str, "Pointing device", sizeof(cls_str));
data/bluez-5.55/tools/hciconfig.c:820:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cls_str, "Combo keyboard/pointing device", sizeof(cls_str));
data/bluez-5.55/tools/hciconfig.c:823:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((minor & 15) && (strlen(cls_str) > 0))
data/bluez-5.55/tools/hciconfig.c:824:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cls_str, "/");
data/bluez-5.55/tools/hciconfig.c:830:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Joystick",
data/bluez-5.55/tools/hciconfig.c:831:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hciconfig.c:834:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Gamepad",
data/bluez-5.55/tools/hciconfig.c:835:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hciconfig.c:838:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Remote control",
data/bluez-5.55/tools/hciconfig.c:839:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hciconfig.c:842:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Sensing device",
data/bluez-5.55/tools/hciconfig.c:843:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hciconfig.c:846:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Digitizer tablet",
data/bluez-5.55/tools/hciconfig.c:847:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hciconfig.c:850:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Card reader",
data/bluez-5.55/tools/hciconfig.c:851:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hciconfig.c:854:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "(reserved)",
data/bluez-5.55/tools/hciconfig.c:855:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hciconfig.c:858:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cls_str) > 0)
data/bluez-5.55/tools/hciconfig.c:1280:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (strlen(opt) + 1) / 2;
data/bluez-5.55/tools/hciconfig.c:2041:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*argv, strlen(command[i].cmd)))
data/bluez-5.55/tools/hcidump.c:110:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((w = read(fd, buf, len)) < 0) {
data/bluez-5.55/tools/hcidump.c:457:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, BTSNOOP_HDR_SIZE);
data/bluez-5.55/tools/hcitool.c:88:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = MIN((strlen(str) / 2), blen);
data/bluez-5.55/tools/hcitool.c:342:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cls_str, "Keyboard", sizeof(cls_str));
data/bluez-5.55/tools/hcitool.c:345:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cls_str, "Pointing device", sizeof(cls_str));
data/bluez-5.55/tools/hcitool.c:348:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cls_str, "Combo keyboard/pointing device", sizeof(cls_str));
data/bluez-5.55/tools/hcitool.c:351:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((minor & 15) && (strlen(cls_str) > 0))
data/bluez-5.55/tools/hcitool.c:352:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cls_str, "/");
data/bluez-5.55/tools/hcitool.c:358:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Joystick",
data/bluez-5.55/tools/hcitool.c:359:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hcitool.c:362:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Gamepad",
data/bluez-5.55/tools/hcitool.c:363:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hcitool.c:366:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Remote control",
data/bluez-5.55/tools/hcitool.c:367:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hcitool.c:370:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Sensing device",
data/bluez-5.55/tools/hcitool.c:371:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hcitool.c:374:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Digitizer tablet",
data/bluez-5.55/tools/hcitool.c:375:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hcitool.c:378:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "Card reader",
data/bluez-5.55/tools/hcitool.c:379:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hcitool.c:382:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cls_str, "(reserved)",
data/bluez-5.55/tools/hcitool.c:383:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(cls_str) - strlen(cls_str) - 1);
data/bluez-5.55/tools/hcitool.c:386:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cls_str) > 0)
data/bluez-5.55/tools/hcitool.c:755:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > 0)
data/bluez-5.55/tools/hcitool.c:795:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/bluez-5.55/tools/hcitool.c:996:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/bluez-5.55/tools/hcitool.c:1170:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(dd, buf, sizeof(buf));
data/bluez-5.55/tools/hcitool.c:2442:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(dd, buf, sizeof(buf))) < 0) {
data/bluez-5.55/tools/hcitool.c:2684:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/bluez-5.55/tools/hcitool.c:3489:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argv[0], strlen(command[i].cmd)))
data/bluez-5.55/tools/hex2hcd.c:56:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/bluez-5.55/tools/hex2hcd.c:170:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, input_path, ptr - input_path);
data/bluez-5.55/tools/hex2hcd.c:252:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pathname) < 7)
data/bluez-5.55/tools/ibeacon.c:84:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(urandom_fd, cmd.addr, sizeof(cmd.addr));
data/bluez-5.55/tools/ibeacon.c:251:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 3 && !strncmp(optarg, "hci", 3))
data/bluez-5.55/tools/l2cap-tester.c:908:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(sk, buf, l2data->data_len) != l2data->data_len) {
data/bluez-5.55/tools/l2cap-tester.c:931:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(sk, buf, l2data->data_len) != l2data->data_len) {
data/bluez-5.55/tools/l2test.c:788:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, data_size);
data/bluez-5.55/tools/l2test.c:809:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, data_size);
data/bluez-5.55/tools/l2test.c:848:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, data_size);
data/bluez-5.55/tools/l2test.c:857:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(recv_delay);
data/bluez-5.55/tools/l2test.c:965:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, buf, data_size);
data/bluez-5.55/tools/l2test.c:983:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(send_delay);
data/bluez-5.55/tools/l2test.c:1010:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(send_delay);
data/bluez-5.55/tools/l2test.c:1019:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(disc_delay);
data/bluez-5.55/tools/l2test.c:1093:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500);
data/bluez-5.55/tools/mesh-cfgclient.c:508:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/tools/mesh-cfgclient.c:512:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/tools/mesh-cfgclient.c:518:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen(action_table[i].action) &&
data/bluez-5.55/tools/mesh-cfgclient.c:1338:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!argv[1] || (strlen(argv[1]) != 32)) {
data/bluez-5.55/tools/mesh-gatt/crypto.c:101:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, outbuf, outlen);
data/bluez-5.55/tools/mesh-gatt/crypto.c:202:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, res, 16);
data/bluez-5.55/tools/mesh-gatt/crypto.c:1161:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, num_bytes);
data/bluez-5.55/tools/mesh-gatt/prov-db.c:83:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sz = read(fd, str, st.st_size);
data/bluez-5.55/tools/mesh-gatt/prov-db.c:113:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(out_str, sizeof(char), strlen(out_str), outfile);
data/bluez-5.55/tools/mesh-gatt/prov-db.c:257:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/tools/mesh-gatt/prov-db.c:394:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/tools/mesh-gatt/prov-db.c:463:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/tools/mesh-gatt/prov-db.c:1383:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(value_str, strlen(value_str), key, 16))
data/bluez-5.55/tools/mesh-gatt/prov-db.c:1569:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(value_str, strlen(value_str), key, 16)) {
data/bluez-5.55/tools/mesh-gatt/prov-db.c:1613:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str2hex(value_str, strlen(value_str), key, 16);
data/bluez-5.55/tools/mesh-gatt/util.c:57:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line = g_malloc(strlen(prefix) + (16 * 3) + 2);
data/bluez-5.55/tools/mesh-gatt/util.c:59:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = line + strlen(prefix) + 1;
data/bluez-5.55/tools/mesh-gatt/util.c:67:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = line + strlen(prefix) + 1;
data/bluez-5.55/tools/mesh/agent.c:86:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(input, strlen(input), buf, pending_request.len) ) {
data/bluez-5.55/tools/mesh/agent.c:104:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(input) > pending_request.len)
data/bluez-5.55/tools/mesh/agent.c:119:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pending_request.cb(ASCII, (uint8_t *) input, strlen(input),
data/bluez-5.55/tools/mesh/mesh-db.c:76:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(str, sizeof(char), strlen(str), outfile) < strlen(str))
data/bluez-5.55/tools/mesh/mesh-db.c:76:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(str, sizeof(char), strlen(str), outfile) < strlen(str))
data/bluez-5.55/tools/mesh/mesh-db.c:261:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) != 32)
data/bluez-5.55/tools/mesh/mesh-db.c:324:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str2hex(str, strlen(str), token, 8))
data/bluez-5.55/tools/mesh/mesh-db.c:400:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/bluez-5.55/tools/mesh/mesh-db.c:445:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) != 32)
data/bluez-5.55/tools/mesh/mesh-db.c:869:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) != 10)
data/bluez-5.55/tools/mesh/mesh-db.c:879:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr_len = strlen(str);
data/bluez-5.55/tools/mesh/mesh-db.c:1487:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sz = read(fd, str, st.st_size);
data/bluez-5.55/tools/meshctl.c:1334:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/tools/meshctl.c:1643:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc < 2 || !strlen(argv[1])) {
data/bluez-5.55/tools/meshctl.c:1784:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[1]);
data/bluez-5.55/tools/meshctl.c:1947:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mesh_dir);
data/bluez-5.55/tools/meshctl.c:1954:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mesh_local_config_filename = g_malloc(len + strlen("local_node.json")
data/bluez-5.55/tools/meshctl.c:1959:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mesh_prov_db_filename = g_malloc(len + strlen("prov_db.json") + 2);
data/bluez-5.55/tools/meshctl.c:1970:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = len + extra + strlen("local_node.json");
data/bluez-5.55/tools/meshctl.c:1979:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mesh_dir);
data/bluez-5.55/tools/obex-client-tool.c:119:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(data->fd, buf, len);
data/bluez-5.55/tools/obex-server-tool.c:168:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(data->fd, buf, len);
data/bluez-5.55/tools/rctest.c:458:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(sk, buf, data_size)) > 0)
data/bluez-5.55/tools/rctest.c:474:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(sk, b, data_size)) > 0) {
data/bluez-5.55/tools/rctest.c:568:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, data_size);
data/bluez-5.55/tools/rctest.c:591:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay);
data/bluez-5.55/tools/rctest.c:627:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500);
data/bluez-5.55/tools/rfcomm-tester.c:419:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(sk, buf, cli->data_len);
data/bluez-5.55/tools/rfcomm-tester.c:588:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(sk, buf, srv->data_len);
data/bluez-5.55/tools/rfcomm.c:86:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "[");
data/bluez-5.55/tools/rfcomm.c:97:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, "]");
data/bluez-5.55/tools/rfcomm.c:363:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/bluez-5.55/tools/rfcomm.c:521:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/bluez-5.55/tools/rfcomm.c:597:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/bluez-5.55/tools/scotest.c:259:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, data_size);
data/bluez-5.55/tools/scotest.c:268:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(sk, buf, data_size)) > 0)
data/bluez-5.55/tools/scotest.c:287:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(sk, buf, data_size);
data/bluez-5.55/tools/scotest.c:360:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1);
data/bluez-5.55/tools/sdptool.c:518:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sdpdata->unitSize > (int) strlen(sdpdata->val.str)) {
data/bluez-5.55/tools/sdptool.c:4364:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(service[i].name) + 1;
data/bluez-5.55/tools/seq2bseq.c:92:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, input_path, ptr - input_path);
data/bluez-5.55/tools/seq2bseq.c:140:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur += strlen(str);
data/bluez-5.55/tools/test-runner.c:244:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd, "/");
data/bluez-5.55/tools/test-runner.c:284:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chrdev = alloca(32 + strlen(path));
data/bluez-5.55/tools/test-runner.c:465:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(25 * 1000);
data/bluez-5.55/unit/test-avctp.c:169:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/unit/test-avdtp.c:212:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/unit/test-avrcp.c:213:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/unit/test-avrcp.c:251:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/unit/test-gatt.c:452:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/unit/test-gatt.c:1353:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.len = strlen(string), \
data/bluez-5.55/unit/test-gatt.c:1373:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.len = strlen(string), \
data/bluez-5.55/unit/test-gatt.c:1462:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.len = strlen(string), \
data/bluez-5.55/unit/test-gatt.c:1473:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.len = strlen(string), \
data/bluez-5.55/unit/test-gattrib.c:181:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/unit/test-gobex-packet.c:222:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
G_OBEX_HDR_TYPE, "foo/bar", strlen("foo/bar") + 1,
data/bluez-5.55/unit/test-gobex-transfer.c:226:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buf, len);
data/bluez-5.55/unit/test-gobex-transfer.c:1124:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buf, len);
data/bluez-5.55/unit/test-hfp.c:226:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int cmd_len = strlen(command);
data/bluez-5.55/unit/test-hog.c:164:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/unit/test-mesh-crypto.c:756:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *printable = l_malloc(strlen(sample) + 1);
data/bluez-5.55/unit/test-mesh-crypto.c:1829:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_data("Salt Input", 0, keys->salt, strlen(keys->salt));
data/bluez-5.55/unit/test-mesh-crypto.c:1830:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mesh_crypto_s1(keys->salt, strlen(keys->salt), salt_out);
data/bluez-5.55/unit/test-mesh-crypto.c:1850:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_data("Salt Input", 0, keys->salt, strlen(keys->salt));
data/bluez-5.55/unit/test-mesh-crypto.c:1851:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mesh_crypto_s1(keys->salt, strlen(keys->salt), salt);
data/bluez-5.55/unit/test-mesh-crypto.c:1856:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_data("Info", 0, keys->info, strlen(keys->info));
data/bluez-5.55/unit/test-mesh-crypto.c:1891:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_data("Salt Input", 0, keys->salt, strlen(keys->salt));
data/bluez-5.55/unit/test-mesh-crypto.c:1892:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mesh_crypto_s1(keys->salt, strlen(keys->salt), salt);
data/bluez-5.55/unit/test-mesh-crypto.c:1897:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_data("Info Input", 0, keys->info, strlen(keys->info));
data/bluez-5.55/unit/test-mesh-crypto.c:1898:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mesh_crypto_s1(keys->info, strlen(keys->info), info);
data/bluez-5.55/unit/test-mesh-crypto.c:1983:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_data("Salt Input", 0, keys->salt, strlen(keys->salt));
data/bluez-5.55/unit/test-mesh-crypto.c:1984:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mesh_crypto_s1(keys->salt, strlen(keys->salt), tmp);
data/bluez-5.55/unit/test-mesh-crypto.c:1989:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_data("Info", 0, keys->info, strlen(keys->info));
data/bluez-5.55/unit/test-mesh-crypto.c:2016:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_data("Salt Input", 0, keys->salt, strlen(keys->salt));
data/bluez-5.55/unit/test-mesh-crypto.c:2017:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mesh_crypto_s1(keys->salt, strlen(keys->salt), tmp);
data/bluez-5.55/unit/test-mesh-crypto.c:2022:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
show_data("Info", 0, keys->info, strlen(keys->info));
data/bluez-5.55/unit/test-mgmt.c:126:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, buf, sizeof(buf));
data/bluez-5.55/unit/test-sdp.c:244:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/bluez-5.55/unit/test-textfile.c:165:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(strlen(value) == len);
data/bluez-5.55/unit/test-textfile.c:237:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(strlen(str) == max);
data/bluez-5.55/unit/test-textfile.c:239:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(strlen(str) == i);
data/bluez-5.55/unit/test-uhid.c:171:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
ANALYSIS SUMMARY:
Hits = 3971
Lines analyzed = 487775 in approximately 10.46 seconds (46627 lines/second)
Physical Source Lines of Code (SLOC) = 367092
Hits@level = [0] 4389 [1] 750 [2] 2879 [3] 111 [4] 229 [5] 2
Hits@level+ = [0+] 8360 [1+] 3971 [2+] 3221 [3+] 342 [4+] 231 [5+] 2
Hits/KSLOC@level+ = [0+] 22.7736 [1+] 10.8175 [2+] 8.77437 [3+] 0.931647 [4+] 0.62927 [5+] 0.00544823
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.