Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cgminer-4.9.2/A1-board-selector-CCD.c
Examining data/cgminer-4.9.2/A1-board-selector-CCR.c
Examining data/cgminer-4.9.2/A1-board-selector.h
Examining data/cgminer-4.9.2/A1-common.h
Examining data/cgminer-4.9.2/A1-desk-board-selector.c
Examining data/cgminer-4.9.2/A1-trimpot-mcp4x.c
Examining data/cgminer-4.9.2/A1-trimpot-mcp4x.h
Examining data/cgminer-4.9.2/api-example.c
Examining data/cgminer-4.9.2/api.c
Examining data/cgminer-4.9.2/arg-nonnull.h
Examining data/cgminer-4.9.2/bench_block.h
Examining data/cgminer-4.9.2/bitforce-firmware-flash.c
Examining data/cgminer-4.9.2/c++defs.h
Examining data/cgminer-4.9.2/ccan/compiler/compiler.h
Examining data/cgminer-4.9.2/ccan/compiler/test/compile_fail-printf.c
Examining data/cgminer-4.9.2/ccan/compiler/test/run-is_compile_constant.c
Examining data/cgminer-4.9.2/ccan/opt/helpers.c
Examining data/cgminer-4.9.2/ccan/opt/opt.c
Examining data/cgminer-4.9.2/ccan/opt/opt.h
Examining data/cgminer-4.9.2/ccan/opt/parse.c
Examining data/cgminer-4.9.2/ccan/opt/private.h
Examining data/cgminer-4.9.2/ccan/opt/test/compile_ok-const-arg.c
Examining data/cgminer-4.9.2/ccan/opt/test/run-checkopt.c
Examining data/cgminer-4.9.2/ccan/opt/test/run-correct-reporting.c
Examining data/cgminer-4.9.2/ccan/opt/test/run-helpers.c
Examining data/cgminer-4.9.2/ccan/opt/test/run-iter.c
Examining data/cgminer-4.9.2/ccan/opt/test/run-no-options.c
Examining data/cgminer-4.9.2/ccan/opt/test/run-usage.c
Examining data/cgminer-4.9.2/ccan/opt/test/run.c
Examining data/cgminer-4.9.2/ccan/opt/test/utils.c
Examining data/cgminer-4.9.2/ccan/opt/test/utils.h
Examining data/cgminer-4.9.2/ccan/opt/usage.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_fail-cast_if_type-promotable.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_fail-typesafe_cb-int.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_fail-typesafe_cb.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_fail-typesafe_cb_cast-multi.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_fail-typesafe_cb_cast.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_fail-typesafe_cb_postargs.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_fail-typesafe_cb_preargs.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_ok-typesafe_cb-NULL.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_ok-typesafe_cb-undefined.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_ok-typesafe_cb-vars.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/compile_ok-typesafe_cb_cast.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/test/run.c
Examining data/cgminer-4.9.2/ccan/typesafe_cb/typesafe_cb.h
Examining data/cgminer-4.9.2/compat.h
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/dump.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/error.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable.h
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable_seed.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/jansson.h
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/jansson_private.h
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/load.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/lookup3.h
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/memory.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/pack_unpack.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/strbuffer.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/strbuffer.h
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/strconv.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/utf.c
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/utf.h
Examining data/cgminer-4.9.2/compat/jansson-2.6/src/value.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/core.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/hotplug.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/hotplug.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/io.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/libusb.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/libusbi.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/darwin_usb.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/darwin_usb.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_netlink.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_udev.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_posix.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/threads_posix.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/threads_posix.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/threads_windows.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/threads_windows.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/sync.c
Examining data/cgminer-4.9.2/compat/libusb-1.0/libusb/version.h
Examining data/cgminer-4.9.2/crc.h
Examining data/cgminer-4.9.2/crc16.c
Examining data/cgminer-4.9.2/driver-SPI-bitmine-A1.c
Examining data/cgminer-4.9.2/driver-avalon.c
Examining data/cgminer-4.9.2/driver-avalon.h
Examining data/cgminer-4.9.2/driver-avalon2.c
Examining data/cgminer-4.9.2/driver-avalon2.h
Examining data/cgminer-4.9.2/driver-avalon4.c
Examining data/cgminer-4.9.2/driver-avalon4.h
Examining data/cgminer-4.9.2/driver-bab.c
Examining data/cgminer-4.9.2/driver-bflsc.c
Examining data/cgminer-4.9.2/driver-bflsc.h
Examining data/cgminer-4.9.2/driver-bitforce.c
Examining data/cgminer-4.9.2/driver-bitfury.c
Examining data/cgminer-4.9.2/driver-bitfury.h
Examining data/cgminer-4.9.2/driver-bitmain.c
Examining data/cgminer-4.9.2/driver-bitmain.h
Examining data/cgminer-4.9.2/driver-blockerupter.c
Examining data/cgminer-4.9.2/driver-blockerupter.h
Examining data/cgminer-4.9.2/driver-cointerra.c
Examining data/cgminer-4.9.2/driver-cointerra.h
Examining data/cgminer-4.9.2/driver-drillbit.c
Examining data/cgminer-4.9.2/driver-drillbit.h
Examining data/cgminer-4.9.2/driver-hashfast.c
Examining data/cgminer-4.9.2/driver-hashfast.h
Examining data/cgminer-4.9.2/driver-hashratio.c
Examining data/cgminer-4.9.2/driver-hashratio.h
Examining data/cgminer-4.9.2/driver-icarus.c
Examining data/cgminer-4.9.2/driver-klondike.c
Examining data/cgminer-4.9.2/driver-knc.c
Examining data/cgminer-4.9.2/driver-minion.c
Examining data/cgminer-4.9.2/driver-modminer.c
Examining data/cgminer-4.9.2/driver-spondoolies-sp10-p.c
Examining data/cgminer-4.9.2/driver-spondoolies-sp10-p.h
Examining data/cgminer-4.9.2/driver-spondoolies-sp10.c
Examining data/cgminer-4.9.2/driver-spondoolies-sp10.h
Examining data/cgminer-4.9.2/driver-spondoolies-sp30-p.c
Examining data/cgminer-4.9.2/driver-spondoolies-sp30-p.h
Examining data/cgminer-4.9.2/driver-spondoolies-sp30.c
Examining data/cgminer-4.9.2/driver-spondoolies-sp30.h
Examining data/cgminer-4.9.2/elist.h
Examining data/cgminer-4.9.2/fpgautils.c
Examining data/cgminer-4.9.2/fpgautils.h
Examining data/cgminer-4.9.2/hexdump.c
Examining data/cgminer-4.9.2/hf_protocol.h
Examining data/cgminer-4.9.2/hf_protocol_be.h
Examining data/cgminer-4.9.2/i2c-context.c
Examining data/cgminer-4.9.2/i2c-context.h
Examining data/cgminer-4.9.2/klist.c
Examining data/cgminer-4.9.2/klist.h
Examining data/cgminer-4.9.2/knc-asic.c
Examining data/cgminer-4.9.2/knc-asic.h
Examining data/cgminer-4.9.2/knc-transport-spi.c
Examining data/cgminer-4.9.2/knc-transport.h
Examining data/cgminer-4.9.2/lib/dummy.c
Examining data/cgminer-4.9.2/lib/memchr.c
Examining data/cgminer-4.9.2/lib/memmem.c
Examining data/cgminer-4.9.2/lib/sig-handler.h
Examining data/cgminer-4.9.2/lib/sigaction.c
Examining data/cgminer-4.9.2/lib/signal.in.h
Examining data/cgminer-4.9.2/lib/sigprocmask.c
Examining data/cgminer-4.9.2/lib/stddef.in.h
Examining data/cgminer-4.9.2/lib/stdint.in.h
Examining data/cgminer-4.9.2/lib/str-two-way.h
Examining data/cgminer-4.9.2/lib/string.in.h
Examining data/cgminer-4.9.2/libbitfury.c
Examining data/cgminer-4.9.2/libbitfury.h
Examining data/cgminer-4.9.2/logging.c
Examining data/cgminer-4.9.2/logging.h
Examining data/cgminer-4.9.2/mcp2210.c
Examining data/cgminer-4.9.2/mcp2210.h
Examining data/cgminer-4.9.2/miner.h
Examining data/cgminer-4.9.2/noncedup.c
Examining data/cgminer-4.9.2/sha2.c
Examining data/cgminer-4.9.2/sha2.h
Examining data/cgminer-4.9.2/spi-context.c
Examining data/cgminer-4.9.2/spi-context.h
Examining data/cgminer-4.9.2/usbutils.h
Examining data/cgminer-4.9.2/uthash.h
Examining data/cgminer-4.9.2/util.c
Examining data/cgminer-4.9.2/util.h
Examining data/cgminer-4.9.2/warn-on-use.h
Examining data/cgminer-4.9.2/usbutils.c
Examining data/cgminer-4.9.2/cgminer.c
FINAL RESULTS:
data/cgminer-4.9.2/api.c:1561:11: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
uint64_t gets;
data/cgminer-4.9.2/api.c:1849:10: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
info->gets,
data/cgminer-4.9.2/usbutils.c:3898:7: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
if (!SetSecurityDescriptorDacl(sec_des, TRUE, NULL, FALSE)) {
data/cgminer-4.9.2/usbutils.c:3898:7: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
if (!SetSecurityDescriptorDacl(sec_des, TRUE, NULL, FALSE)) {
data/cgminer-4.9.2/api-example.c:122:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(WSAbuf, "Socket Error: (%d) %s", id, WSAErrors[i].code);
data/cgminer-4.9.2/api.c:118:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(WSAbuf, "Socket Error: (%d) %s", id, WSAErrors[i].code);
data/cgminer-4.9.2/api.c:909:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char*)(api_data->data), (char *)data);
data/cgminer-4.9.2/api.c:1226:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%"PRIu32, *((uint32_t *)(root->data)));
data/cgminer-4.9.2/api.c:1238:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%"PRIu64, *((uint64_t *)(root->data)));
data/cgminer-4.9.2/api.c:1241:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%"PRId64, *((int64_t *)(root->data)));
data/cgminer-4.9.2/api.c:1446:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, paramid);
data/cgminer-4.9.2/api.c:1449:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, paramid, pools[paramid]->rpc_url);
data/cgminer-4.9.2/api.c:1454:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, paramid, pga - 1);
data/cgminer-4.9.2/api.c:1460:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, paramid, asc - 1);
data/cgminer-4.9.2/api.c:1464:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, total_pools);
data/cgminer-4.9.2/api.c:1467:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, paramid, total_pools - 1);
data/cgminer-4.9.2/api.c:1477:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description
data/cgminer-4.9.2/api.c:1487:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, JSON_COMMAND);
data/cgminer-4.9.2/api.c:1490:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, param2);
data/cgminer-4.9.2/api.c:1493:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, paramid, param2);
data/cgminer-4.9.2/api.c:1496:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, paramid ? TRUESTR : FALSESTR);
data/cgminer-4.9.2/api.c:1499:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, codes[i].description, param2, paramid);
data/cgminer-4.9.2/api.c:1503:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, codes[i].description);
data/cgminer-4.9.2/api.c:3316:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(id, "%s%d", cgpu->drv->name, cgpu->device_id);
data/cgminer-4.9.2/api.c:3371:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(id, "%s%d", cgpu->drv->name, cgpu->device_id);
data/cgminer-4.9.2/api.c:4070:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
bool found, access;
data/cgminer-4.9.2/api.c:4084:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmdbuf, "|%s|", param);
data/cgminer-4.9.2/api.c:4096:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
root = api_add_const(root, "Access", access ? YES : NO, false);
data/cgminer-4.9.2/api.c:4151:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, io_data->ptr);
data/cgminer-4.9.2/api.c:4154:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, JSON_CLOSE);
data/cgminer-4.9.2/api.c:4157:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, JSON_END);
data/cgminer-4.9.2/api.c:4250:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, api_groups);
data/cgminer-4.9.2/api.c:4305:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmdbuf, "|%s|", cmds[i].name);
data/cgminer-4.9.2/api.c:4307:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd, cmds[i].name);
data/cgminer-4.9.2/api.c:4325:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmdbuf, "|%s|", cmds[i].name);
data/cgminer-4.9.2/api.c:4327:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd, cmds[i].name);
data/cgminer-4.9.2/api.c:4338:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, commands);
data/cgminer-4.9.2/api.c:4347:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd, cmds[i].name);
data/cgminer-4.9.2/api.c:4356:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, commands);
data/cgminer-4.9.2/api.c:4383:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, opt_api_allow);
data/cgminer-4.9.2/api.c:4566:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "::ffff:%s", *connectaddr);
data/cgminer-4.9.2/api.c:5058:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmdbuf, "|%s|", cmdptr);
data/cgminer-4.9.2/api.c:5064:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmdsbuf, cmdptr);
data/cgminer-4.9.2/bitforce-firmware-flash.c:24:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/cgminer-4.9.2/ccan/opt/helpers.c:15:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(str, fmt, arg);
data/cgminer-4.9.2/ccan/opt/opt.c:12:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, fmt, __VA_ARGS__); \
data/cgminer-4.9.2/ccan/opt/opt.c:234:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/cgminer-4.9.2/ccan/opt/opt.c:244:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/cgminer-4.9.2/ccan/opt/opt.c:253:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "Invalid argument '%s'", arg);
data/cgminer-4.9.2/ccan/opt/test/run-checkopt.c:30:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, p);
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:13:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf saved_printf
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:16:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define fprintf saved_fprintf
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:19:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define vfprintf(f, fmt, ap) saved_vprintf(fmt, ap)
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:46:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, p);
data/cgminer-4.9.2/ccan/opt/test/utils.c:46:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(err_output, p);
data/cgminer-4.9.2/ccan/opt/usage.c:68:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "Usage: %s", argv0);
data/cgminer-4.9.2/ccan/opt/usage.c:79:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, " %s", extra);
data/cgminer-4.9.2/ccan/opt/usage.c:86:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s:\n", opt_table[i].desc);
data/cgminer-4.9.2/ccan/opt/usage.c:89:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(p, "%s", opt_table[i].names);
data/cgminer-4.9.2/ccan/opt/usage.c:99:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len += sprintf(p + len, "%s", opt_table[i].desc);
data/cgminer-4.9.2/ccan/opt/usage.c:104:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len += sprintf(p + len, " (default: %s)", buf);
data/cgminer-4.9.2/cgminer.c:554:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(exit_buf, sizeof(exit_buf), fmt, ap);
data/cgminer-4.9.2/cgminer.c:1818:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(json_error, siz, JSON_LOAD_ERROR, arg, err.text);
data/cgminer-4.9.2/cgminer.c:1844:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(cnfbuf, R_OK))
data/cgminer-4.9.2/cgminer.c:2722:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/cgminer.c:2727:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/cgminer.c:3274:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(gbt_block, varint); // +8 max
data/cgminer-4.9.2/cgminer.c:3275:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(gbt_block, work->coinbase);
data/cgminer-4.9.2/cgminer.c:3278:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "{\"id\": 0, \"method\": \"submitblock\", \"params\": [\"%s", gbt_block);
data/cgminer-4.9.2/cgminer.c:3719:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&(item[j]), commas[BENCHWORK_DIFFBITS]);
data/cgminer-4.9.2/cgminer.c:3929:2: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(initial_args[0], (EXECV_2ND_ARG_TYPE)initial_args);
data/cgminer-4.9.2/cgminer.c:4602:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_hash, hexstr);
data/cgminer-4.9.2/cgminer.c:4673:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->hash, hexstr);
data/cgminer-4.9.2/cgminer.c:5392:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, default_config);
data/cgminer-4.9.2/cgminer.c:5398:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, getenv("HOME"));
data/cgminer-4.9.2/cgminer.c:5408:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, def_conf);
data/cgminer-4.9.2/cgminer.c:5435:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, str);
data/cgminer-4.9.2/cgminer.c:8790:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/bash", "/bin/bash", "-c", opt_stderr_cmd, (char*)NULL);
data/cgminer-4.9.2/cgminer.c:9317:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opt_kernel_path, CGMINER_PREFIX);
data/cgminer-4.9.2/cgminer.c:9320:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cgminer_path, dirname(s));
data/cgminer-4.9.2/cgminer.c:9332:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_hash, block->hash);
data/cgminer-4.9.2/compat/jansson-2.6/src/dump.c:214:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size = snprintf(buffer, MAX_INTEGER_STR_LENGTH,
data/cgminer-4.9.2/compat/jansson-2.6/src/error.c:28:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(error->source, source);
data/cgminer-4.9.2/compat/jansson-2.6/src/error.c:32:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(error->source + 3, source + extra);
data/cgminer-4.9.2/compat/jansson-2.6/src/error.c:61:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(error->text, JSON_ERROR_TEXT_LENGTH, msg, ap);
data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable.c:243:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pair->key, key);
data/cgminer-4.9.2/compat/jansson-2.6/src/jansson_private.h:94:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/cgminer-4.9.2/compat/jansson-2.6/src/jansson_private.h:94:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/cgminer-4.9.2/compat/jansson-2.6/src/jansson_private.h:95:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/cgminer-4.9.2/compat/jansson-2.6/src/load.c:92:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg_text, JSON_ERROR_TEXT_LENGTH, msg, ap);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/core.c:1937:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stream, format, args);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:990:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(priv->sysfs_dir, sysfs_dir);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:72:12: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int _snprintf(char *buffer, size_t count, const char *format, ...);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h:54:12: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int _snprintf(char *buffer, size_t count, const char *format, ...);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h:70:22: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define safe_sprintf _snprintf
data/cgminer-4.9.2/driver-SPI-bitmine-A1.c:106:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pos += sprintf(pos, "%s: %d bytes:", prefix, len);
data/cgminer-4.9.2/driver-avalon.c:1611:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%"PRIu8".%"PRIu8".%"PRIu8,
data/cgminer-4.9.2/driver-avalon.c:1649:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "%s cannot set millivolts", avalon->drv->name);
data/cgminer-4.9.2/driver-avalon.c:1660:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid millivolts: '%s' valid range %d-%d",
data/cgminer-4.9.2/driver-avalon.c:1681:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid freq: '%s' valid range %d-%d",
data/cgminer-4.9.2/driver-avalon.c:1690:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "Unknown option: %s", option);
data/cgminer-4.9.2/driver-avalon2.c:657:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mm_version[i], AVA2_MM_VERNULL);
data/cgminer-4.9.2/driver-avalon2.c:704:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->mm_version[i], mm_version[i]);
data/cgminer-4.9.2/driver-avalon4.c:1563:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Ver[%s]", info->mm_version[i]);
data/cgminer-4.9.2/driver-avalon4.c:1564:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1579:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1588:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1611:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1620:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1640:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1650:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1661:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1698:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1705:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1715:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1722:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1729:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1749:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1759:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1766:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1773:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statbuf[i], buf);
data/cgminer-4.9.2/driver-avalon4.c:1960:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "Unknown option: %s", option);
data/cgminer-4.9.2/driver-bab.c:1185:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(buf);
data/cgminer-4.9.2/driver-bab.c:2440:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2449:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2499:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-bab.c:2503:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2505:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Nonces "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2510:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-bab.c:2514:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2516:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Good "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2521:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-bab.c:2525:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2527:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Bad "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2536:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2538:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Conf "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2547:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2549:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Fast "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2558:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2560:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Spie "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2569:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2571:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Miso "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2584:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2586:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "HW%% "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2601:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2604:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "GHs "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2607:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Sum GHs "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2612:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-bab.c:2616:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2618:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Cont-Bad "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2623:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-bab.c:2627:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2629:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Max-Bad "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2634:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-bab.c:2638:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2640:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "History Good "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2645:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-bab.c:2649:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2651:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "History Bad "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2664:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2666:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "History HW%% "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2685:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2699:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "History GHs "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2702:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "Sum History GHs "FMT_RANGE, i, to);
data/cgminer-4.9.2/driver-bab.c:2777:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp + len, buf);
data/cgminer-4.9.2/driver-bab.c:2829:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2882:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2963:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-bab.c:2968:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bab.c:2970:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-bab.c:2974:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-bflsc.c:1499:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "INPROCESS:%d\n%s", in_process, pbuf);
data/cgminer-4.9.2/driver-bflsc.c:1879:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "OK:QUEUED %d:%s", &queued, ptr) != 2) {
data/cgminer-4.9.2/driver-bflsc.c:2114:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data, BFLSC_FAN4);
data/cgminer-4.9.2/driver-bflsc.c:2117:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data, BFLSC_FANAUTO);
data/cgminer-4.9.2/driver-bflsc.c:2182:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid volt: '%s' valid range 0-9",
data/cgminer-4.9.2/driver-bflsc.c:2200:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid clock: '%s' valid range 0-15",
data/cgminer-4.9.2/driver-bflsc.c:2210:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "Unknown option: %s", option);
data/cgminer-4.9.2/driver-bflsc.c:2298:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(data+off, sizeof(data)-off,
data/cgminer-4.9.2/driver-bflsc.c:2316:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(data+off, sizeof(data)-off,
data/cgminer-4.9.2/driver-bitfury.c:1436:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "work %s %x\n", hexwork, work->subid);
data/cgminer-4.9.2/driver-bitmain.c:1173:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s%d: ", bitmain->drv->name, bitmain->device_id);
data/cgminer-4.9.2/driver-bitmain.c:1179:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msg, tmp);
data/cgminer-4.9.2/driver-bitmain.c:1187:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msg, tmp);
data/cgminer-4.9.2/driver-bitmain.c:1190:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msg, tmp);
data/cgminer-4.9.2/driver-bitmain.c:3019:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(needptr, len, "%s%"PRIu64,
data/cgminer-4.9.2/driver-bitmain.c:3044:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(needptr, len, "%s%"PRIu64,
data/cgminer-4.9.2/driver-bitmain.c:3054:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(needptr, len, "%s%"PRIu64,
data/cgminer-4.9.2/driver-bitmain.c:3067:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(needptr, len, "%s%"PRIu64,
data/cgminer-4.9.2/driver-bitmain.c:3074:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(needptr, len, " %"PRIu64, info->need_over);
data/cgminer-4.9.2/driver-drillbit.c:937:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
amount = sprintf(buf, "%s %d: S/E/T", drillbit->drv->name, drillbit->device_id);
data/cgminer-4.9.2/driver-hashratio.c:616:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->mm_version, mm_version);
data/cgminer-4.9.2/driver-icarus.c:2364:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(data+off, sizeof(data)-off,
data/cgminer-4.9.2/driver-icarus.c:2431:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid clock: '%s' valid range %d-%d",
data/cgminer-4.9.2/driver-icarus.c:2443:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "Unknown option: %s", option);
data/cgminer-4.9.2/driver-klondike.c:1488:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, one);
data/cgminer-4.9.2/driver-klondike.c:1496:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, one);
data/cgminer-4.9.2/driver-minion.c:998:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(pindir, sizeof(pindir), MINION_GPIO_SYS MINION_GPIO_PIN, gpionum);
data/cgminer-4.9.2/driver-minion.c:1009:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ena, sizeof(ena), MINION_GPIO_SYS MINION_GPIO_ENA);
data/cgminer-4.9.2/driver-minion.c:1018:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(pin, sizeof(pin), MINION_GPIO_ENA_VAL, gpionum);
data/cgminer-4.9.2/driver-minion.c:1045:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(dir, sizeof(dir), MINION_GPIO_SYS MINION_GPIO_PIN MINION_GPIO_DIR, gpionum);
data/cgminer-4.9.2/driver-minion.c:1069:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(gpiointvalue, sizeof(gpiointvalue),
data/cgminer-4.9.2/driver-minion.c:2137:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(buf);
data/cgminer-4.9.2/driver-minion.c:2245:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(pindir, sizeof(pindir), MINION_GPIO_SYS MINION_GPIO_PIN,
data/cgminer-4.9.2/driver-minion.c:2258:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ena, sizeof(ena), MINION_GPIO_SYS MINION_GPIO_ENA);
data/cgminer-4.9.2/driver-minion.c:2268:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(pin, sizeof(pin), MINION_GPIO_ENA_VAL, MINION_GPIO_RESULT_INT_PIN);
data/cgminer-4.9.2/driver-minion.c:2297:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(dir, sizeof(dir), MINION_GPIO_SYS MINION_GPIO_PIN MINION_GPIO_DIR,
data/cgminer-4.9.2/driver-minion.c:2324:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(edge, sizeof(edge), MINION_GPIO_SYS MINION_GPIO_PIN MINION_GPIO_EDGE,
data/cgminer-4.9.2/driver-minion.c:2350:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(act, sizeof(act), MINION_GPIO_SYS MINION_GPIO_PIN MINION_GPIO_ACT,
data/cgminer-4.9.2/driver-minion.c:2376:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(minioninfo->gpiointvalue, sizeof(minioninfo->gpiointvalue),
data/cgminer-4.9.2/driver-minion.c:2726:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid reset: chip '%s' valid range 0-%d",
data/cgminer-4.9.2/driver-minion.c:2762:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid freq: chip '%s' valid range 0-%d",
data/cgminer-4.9.2/driver-minion.c:2776:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid freq: '%s' valid range %d-%d",
data/cgminer-4.9.2/driver-minion.c:2809:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid ledcount: '%s' valid range 0-100",
data/cgminer-4.9.2/driver-minion.c:2826:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid ledlimit: GHs '%s' valid range 0-200",
data/cgminer-4.9.2/driver-minion.c:2843:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid spidelay: ms '%s' valid range 0-9999",
data/cgminer-4.9.2/driver-minion.c:2868:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid spireset: '%s' must start with i or s",
data/cgminer-4.9.2/driver-minion.c:2874:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid spireset: %c '%s' valid range 0-9999",
data/cgminer-4.9.2/driver-minion.c:2894:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid spisleep: ms '%s' valid range 0-9999",
data/cgminer-4.9.2/driver-minion.c:2911:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid spiusec: '%s' valid range 0-9999",
data/cgminer-4.9.2/driver-minion.c:2920:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "Unknown option: %s", option);
data/cgminer-4.9.2/driver-minion.c:5085:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
nlen = snprintf(data+datalen, sizeof(data)-datalen,
data/cgminer-4.9.2/driver-minion.c:5123:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5130:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5134:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5141:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5145:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5152:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5156:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5163:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5167:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5174:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5178:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5185:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5189:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5196:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5200:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5207:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5215:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5329:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5333:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-minion.c:5347:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/cgminer-4.9.2/driver-minion.c:5351:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, buf);
data/cgminer-4.9.2/driver-modminer.c:460:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(devmsg, modminer->device_path);
data/cgminer-4.9.2/driver-modminer.c:1110:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "invalid clock: '%s' valid range %d-%d and a multiple of 2",
data/cgminer-4.9.2/driver-modminer.c:1119:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "Set clock failed: %s", ret);
data/cgminer-4.9.2/driver-modminer.c:1125:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(replybuf, "Unknown option: %s", option);
data/cgminer-4.9.2/driver-spondoolies-sp10.c:111:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(address.sun_path, MINERGATE_SOCKET_FILE);
data/cgminer-4.9.2/driver-spondoolies-sp30.c:111:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(address.sun_path, MINERGATE_SOCKET_FILE_SP30);
data/cgminer-4.9.2/fpgautils.c:100:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(devfile, de->d_name);
data/cgminer-4.9.2/fpgautils.c:462:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullpath, path);
data/cgminer-4.9.2/fpgautils.c:465:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullpath, subdir);
data/cgminer-4.9.2/fpgautils.c:468:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullpath, filename);
data/cgminer-4.9.2/knc-transport-spi.c:52:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dev_name, SPI_DEVICE_TEMPLATE,
data/cgminer-4.9.2/logging.h:40:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/logging.h:50:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/logging.h:60:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/logging.h:70:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/logging.h:79:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/logging.h:88:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/logging.h:97:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt IN_FMT_FFL, \
data/cgminer-4.9.2/logging.h:107:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt IN_FMT_FFL, \
data/cgminer-4.9.2/logging.h:118:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/logging.h:124:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp42, sizeof(tmp42), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/miner.h:1451:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp13, sizeof(tmp13), fmt, ##__VA_ARGS__); \
data/cgminer-4.9.2/miner.h:1455:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, tmp13); \
data/cgminer-4.9.2/spi-context.c:30:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dev_fname, SPI_DEVICE_TEMPLATE, config->bus, config->cs_line);
data/cgminer-4.9.2/usbutils.c:1156:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*buf + *off, append);
data/cgminer-4.9.2/usbutils.c:1167:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " ** dev %d: Failed to set config descriptor to %d, err %d",
data/cgminer-4.9.2/usbutils.c:1175:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " ** dev %d: Failed to get active config descriptor set to %d, err %d",
data/cgminer-4.9.2/usbutils.c:1181:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " ** dev %d: Set & Got active config descriptor to %d, err %d",
data/cgminer-4.9.2/usbutils.c:1204:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL ".USB dev %d: Failed to get descriptor, err %d",
data/cgminer-4.9.2/usbutils.c:1230:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL ".USB dev %d: Bus %d Device %d ID: %04x:%04x",
data/cgminer-4.9.2/usbutils.c:1234:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL ".USB dev %d: Bus %d Device %d Device Descriptor:" EOL "\tLength: %d" EOL
data/cgminer-4.9.2/usbutils.c:1250:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " ** dev %d: Failed to open, err %d", (int)(*count), err);
data/cgminer-4.9.2/usbutils.c:1265:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " Manufacturer: '%s'" EOL " Product: '%s'", man, prod);
data/cgminer-4.9.2/usbutils.c:1271:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " * dev %d: kernel attached", (int)(*count));
data/cgminer-4.9.2/usbutils.c:1280:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " ** dev %d: Failed to set config descriptor to %d or %d",
data/cgminer-4.9.2/usbutils.c:1287:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " dev %d: Active Config:" EOL "\tDescriptorType: %s" EOL
data/cgminer-4.9.2/usbutils.c:1299:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " _dev %d: Interface Descriptor %d:" EOL
data/cgminer-4.9.2/usbutils.c:1314:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " __dev %d: Interface %d Endpoint %d:" EOL
data/cgminer-4.9.2/usbutils.c:1339:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(tmp, sizeof(tmp), EOL " dev %d: More Info:" EOL "\tManufacturer: '%s'" EOL
data/cgminer-4.9.2/usbutils.c:2608:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, MODE_NONE_STR);
data/cgminer-4.9.2/usbutils.c:2613:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, MODE_CTRL_READ_STR);
data/cgminer-4.9.2/usbutils.c:2619:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, MODE_SEP_STR);
data/cgminer-4.9.2/usbutils.c:2620:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, MODE_CTRL_WRITE_STR);
data/cgminer-4.9.2/usbutils.c:2626:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, MODE_SEP_STR);
data/cgminer-4.9.2/usbutils.c:2627:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, MODE_BULK_READ_STR);
data/cgminer-4.9.2/usbutils.c:2633:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, MODE_SEP_STR);
data/cgminer-4.9.2/usbutils.c:2634:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, MODE_BULK_WRITE_STR);
data/cgminer-4.9.2/uthash.h:277:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
data/cgminer-4.9.2/util.c:633:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(user_agent_hdr, "User-Agent: %s", PACKAGE_STRING);
data/cgminer-4.9.2/util.c:837:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pool->rpc_proxy, url + plen);
data/cgminer-4.9.2/util.c:1902:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pool->sockbuf, s);
data/cgminer-4.9.2/util.c:2344:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "{\"id\": %d, \"method\": \"mining.authorize\", \"params\": [\"%s\", \"%s\"]}",
data/cgminer-4.9.2/util.c:2830:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "{\"id\": %d, \"method\": \"mining.subscribe\", \"params\": [\""PACKAGE"/"VERSION"\", \"%s\"]}", swork_id++, pool->sessionid);
data/cgminer-4.9.2/util.c:3021:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ret, "%s%s", ptr, s);
data/cgminer-4.9.2/util.c:3024:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ret, "%s", s);
data/cgminer-4.9.2/ccan/opt/parse.c:38:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("POSIXLY_CORRECT")) {
data/cgminer-4.9.2/cgminer.c:5397:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HOME") && *getenv("HOME")) {
data/cgminer-4.9.2/cgminer.c:5397:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HOME") && *getenv("HOME")) {
data/cgminer-4.9.2/cgminer.c:5398:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(filename, getenv("HOME"));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/core.c:1672:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *dbg = getenv("LIBUSB_DEBUG");
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:138:4: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&_poll_fd[i].mutex);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:155:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&_poll_fd[i].mutex);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:223:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&_poll_fd[i].mutex);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:282:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&_poll_fd[i].mutex);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:360:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&_poll_fd[i].mutex);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:449:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&_poll_fd[i].mutex);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:475:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&_poll_fd[i].mutex);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:501:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&_poll_fd[i].mutex);
data/cgminer-4.9.2/driver-minion.c:4134:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(int)(random() % MINION_STATS_UPDATE_RAND_mS);
data/cgminer-4.9.2/A1-desk-board-selector.c:74:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
board_ctx.file = open("/dev/i2c-1", O_RDWR);
data/cgminer-4.9.2/A1-trimpot-mcp4x.c:94:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int file = open("/dev/i2c-1", O_RDWR);
data/cgminer-4.9.2/api-example.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char WSAbuf[1024];
data/cgminer-4.9.2/api-example.c:330:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(ptr);
data/cgminer-4.9.2/api.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char WSAbuf[1024];
data/cgminer-4.9.2/api.c:748:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io_data->cur, buf, len + 1);
data/cgminer-4.9.2/api.c:968:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(api_data->data, data, sizeof(struct timeval));
data/cgminer-4.9.2/api.c:1141:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + old_siz, str, siz + 1);
data/cgminer-4.9.2/api.c:1148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cgminer-4.9.2/api.c:1409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TMPBUFSIZ];
data/cgminer-4.9.2/api.c:1410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char severity[2];
data/cgminer-4.9.2/api.c:1523:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", messageid);
data/cgminer-4.9.2/api.c:2030:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mhsname[27];
data/cgminer-4.9.2/api.c:2031:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mhsname, "MHS %ds", opt_log_interval);
data/cgminer-4.9.2/api.c:2117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mhsname[27];
data/cgminer-4.9.2/api.c:2118:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mhsname, "MHS %ds", opt_log_interval);
data/cgminer-4.9.2/api.c:2230:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
howoldsec = (time_t)atoi(param);
data/cgminer-4.9.2/api.c:2314:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:2350:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:2415:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:2459:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:2598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mhsname[27];
data/cgminer-4.9.2/api.c:2599:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mhsname, "MHS %ds", opt_log_interval);
data/cgminer-4.9.2/api.c:2678:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:2791:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:2841:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(ptr);
data/cgminer-4.9.2/api.c:2902:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:2909:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
quota = atoi(comma);
data/cgminer-4.9.2/api.c:2935:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:2976:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:3162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/cgminer-4.9.2/api.c:3171:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcfg = fopen(param, "w");
data/cgminer-4.9.2/api.c:3232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char details[256];
data/cgminer-4.9.2/api.c:3298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[20];
data/cgminer-4.9.2/api.c:3324:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "POOL%d", j);
data/cgminer-4.9.2/api.c:3337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[20];
data/cgminer-4.9.2/api.c:3343:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
howoldsec = (time_t)atoi(param);
data/cgminer-4.9.2/api.c:3535:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TMPBUFSIZ];
data/cgminer-4.9.2/api.c:3556:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(param);
data/cgminer-4.9.2/api.c:3648:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(param);
data/cgminer-4.9.2/api.c:3683:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:3719:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:3784:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:3828:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(param);
data/cgminer-4.9.2/api.c:3877:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TMPBUFSIZ];
data/cgminer-4.9.2/api.c:3898:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi(param);
data/cgminer-4.9.2/api.c:4069:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[100];
data/cgminer-4.9.2/api.c:4242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commands[TMPBUFSIZ];
data/cgminer-4.9.2/api.c:4243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[100];
data/cgminer-4.9.2/api.c:4377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64], original[64];
data/cgminer-4.9.2/api.c:4445:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mask = atoi(slash);
data/cgminer-4.9.2/api.c:4557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[30];
data/cgminer-4.9.2/api.c:4616:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_s[10], came_from_port[10];
data/cgminer-4.9.2/api.c:4622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cgminer-4.9.2/api.c:4623:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char replybuf[1024];
data/cgminer-4.9.2/api.c:4625:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port_s, "%d", opt_api_mcast_port);
data/cgminer-4.9.2/api.c:4683:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&grp.ipv6mr_multiaddr, &(((struct sockaddr_in6 *)(host->ai_addr))->sin6_addr),
data/cgminer-4.9.2/api.c:4733:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reply_port = atoi(&buf[expect_code_len]);
data/cgminer-4.9.2/api.c:4814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TMPBUFSIZ];
data/cgminer-4.9.2/api.c:4815:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char param_buf[TMPBUFSIZ];
data/cgminer-4.9.2/api.c:4822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_s[10];
data/cgminer-4.9.2/api.c:4825:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[100];
data/cgminer-4.9.2/api.c:4872:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port_s, "%d", port);
data/cgminer-4.9.2/api.c:5022:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_buf, "%d", (int)json_integer_value(json_val));
data/cgminer-4.9.2/api.c:5025:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_buf, "%f", (double)json_real_value(json_val));
data/cgminer-4.9.2/bench_block.h:7:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char bench_hidiffs[16][324] = {
data/cgminer-4.9.2/bench_block.h:89:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char bench_lodiffs[16][324] = {
data/cgminer-4.9.2/bitforce-firmware-flash.c:49:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *FW = fopen(argv[2], "r");
data/cgminer-4.9.2/bitforce-firmware-flash.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0x20];
data/cgminer-4.9.2/bitforce-firmware-flash.c:62:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *BFL = fopen(argv[1], "r+");
data/cgminer-4.9.2/ccan/opt/helpers.c:147:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_bool(char buf[OPT_SHOW_LEN], const bool *b)
data/cgminer-4.9.2/ccan/opt/helpers.c:152:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_invbool(char buf[OPT_SHOW_LEN], const bool *b)
data/cgminer-4.9.2/ccan/opt/helpers.c:157:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_charp(char buf[OPT_SHOW_LEN], char *const *p)
data/cgminer-4.9.2/ccan/opt/helpers.c:170:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_intval(char buf[OPT_SHOW_LEN], const int *i)
data/cgminer-4.9.2/ccan/opt/helpers.c:175:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_floatval(char buf[OPT_SHOW_LEN], const float *f)
data/cgminer-4.9.2/ccan/opt/helpers.c:180:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_uintval(char buf[OPT_SHOW_LEN], const unsigned int *ui)
data/cgminer-4.9.2/ccan/opt/helpers.c:185:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_longval(char buf[OPT_SHOW_LEN], const long *l)
data/cgminer-4.9.2/ccan/opt/helpers.c:190:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_ulongval(char buf[OPT_SHOW_LEN], const unsigned long *ul)
data/cgminer-4.9.2/ccan/opt/opt.c:159:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void _opt_register(const char *names, enum opt_type type,
data/cgminer-4.9.2/ccan/opt/opt.c:160:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(*cb)(void *arg),
data/cgminer-4.9.2/ccan/opt/opt.c:161:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(*cb_arg)(const char *optarg, void *arg),
data/cgminer-4.9.2/ccan/opt/opt.c:161:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(*cb_arg)(const char *optarg, void *arg),
data/cgminer-4.9.2/ccan/opt/opt.c:162:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void (*show)(char buf[OPT_SHOW_LEN], const void *arg),
data/cgminer-4.9.2/ccan/opt/opt.h:268:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_bool(char buf[OPT_SHOW_LEN], const bool *b);
data/cgminer-4.9.2/ccan/opt/opt.h:271:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_invbool(char buf[OPT_SHOW_LEN], const bool *b);
data/cgminer-4.9.2/ccan/opt/opt.h:277:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_charp(char buf[OPT_SHOW_LEN], char *const *p);
data/cgminer-4.9.2/ccan/opt/opt.h:281:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_intval(char buf[OPT_SHOW_LEN], const int *i);
data/cgminer-4.9.2/ccan/opt/opt.h:283:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_floatval(char buf[OPT_SHOW_LEN], const float *f);
data/cgminer-4.9.2/ccan/opt/opt.h:285:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_uintval(char buf[OPT_SHOW_LEN], const unsigned int *ui);
data/cgminer-4.9.2/ccan/opt/opt.h:287:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_longval(char buf[OPT_SHOW_LEN], const long *l);
data/cgminer-4.9.2/ccan/opt/opt.h:289:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void opt_show_ulongval(char buf[OPT_SHOW_LEN], const unsigned long *ul);
data/cgminer-4.9.2/ccan/opt/opt.h:316:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void (*show)(char buf[OPT_SHOW_LEN], const void *arg);
data/cgminer-4.9.2/ccan/opt/opt.h:356:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void _opt_register(const char *names, enum opt_type type,
data/cgminer-4.9.2/ccan/opt/opt.h:357:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(*cb)(void *arg),
data/cgminer-4.9.2/ccan/opt/opt.h:358:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(*cb_arg)(const char *optarg, void *arg),
data/cgminer-4.9.2/ccan/opt/opt.h:358:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(*cb_arg)(const char *optarg, void *arg),
data/cgminer-4.9.2/ccan/opt/opt.h:359:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void (*show)(char buf[OPT_SHOW_LEN], const void *arg),
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:169:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:170:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu", ULONG_MAX);
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OPT_SHOW_LEN+2] = { 0 };
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:305:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OPT_SHOW_LEN+2] = { 0 };
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[OPT_SHOW_LEN*2], *p;
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OPT_SHOW_LEN+2] = { 0 };
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:327:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "short");
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OPT_SHOW_LEN+2] = { 0 };
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OPT_SHOW_LEN+2] = { 0 };
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OPT_SHOW_LEN+2] = { 0 };
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OPT_SHOW_LEN+2] = { 0 };
data/cgminer-4.9.2/ccan/opt/test/utils.c:25:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void show_arg(char buf[OPT_SHOW_LEN], const char *arg)
data/cgminer-4.9.2/ccan/opt/test/utils.h:13:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void show_arg(char buf[OPT_SHOW_LEN], const char *arg);
data/cgminer-4.9.2/ccan/opt/usage.c:9:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char opt_hidden[1];
data/cgminer-4.9.2/ccan/opt/usage.c:69:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, " [-");
data/cgminer-4.9.2/ccan/opt/usage.c:93:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf(p + len, " <arg>");
data/cgminer-4.9.2/ccan/opt/usage.c:94:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf(p + len, "%.*s",
data/cgminer-4.9.2/ccan/opt/usage.c:101:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OPT_SHOW_LEN + sizeof("...")];
data/cgminer-4.9.2/ccan/opt/usage.c:102:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf + OPT_SHOW_LEN, "...");
data/cgminer-4.9.2/cgminer.c:134:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char packagename[256];
data/cgminer-4.9.2/cgminer.c:403:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_hash[68];
data/cgminer-4.9.2/cgminer.c:404:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prev_block[12];
data/cgminer-4.9.2/cgminer.c:405:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char current_block[32];
data/cgminer-4.9.2/cgminer.c:407:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char datestamp[40];
data/cgminer-4.9.2/cgminer.c:408:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char blocktime[32];
data/cgminer-4.9.2/cgminer.c:410:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char best_share[8] = "0";
data/cgminer-4.9.2/cgminer.c:412:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char block_diff[8];
data/cgminer-4.9.2/cgminer.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[68];
data/cgminer-4.9.2/cgminer.c:547:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exit_buf[512];
data/cgminer-4.9.2/cgminer.c:604:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/cgminer-4.9.2/cgminer.c:893:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(httpinput, "stratum+tcp://");
data/cgminer-4.9.2/cgminer.c:925:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
quota = atoi(arg);
data/cgminer-4.9.2/cgminer.c:1040:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sharelog_file = fopen(arg, "a");
data/cgminer-4.9.2/cgminer.c:1057:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(arg);
data/cgminer-4.9.2/cgminer.c:1074:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(nextptr);
data/cgminer-4.9.2/cgminer.c:1694:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char err_buf[200];
data/cgminer-4.9.2/cgminer.c:1964:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[64];
data/cgminer-4.9.2/cgminer.c:2045:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char merkle_sha[64];
data/cgminer-4.9.2/cgminer.c:2098:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char merkleroot[32];
data/cgminer-4.9.2/cgminer.c:2161:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash_swap[32];
data/cgminer-4.9.2/cgminer.c:2283:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char binswap[32];
data/cgminer-4.9.2/cgminer.c:2330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashhex[68];
data/cgminer-4.9.2/cgminer.c:2344:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char scriptsig_header_bin[41];
data/cgminer-4.9.2/cgminer.c:2350:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash_swap[32];
data/cgminer-4.9.2/cgminer.c:2356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[228];
data/cgminer-4.9.2/cgminer.c:2564:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char statusline[256];
data/cgminer-4.9.2/cgminer.c:2606:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[2] = "";
data/cgminer-4.9.2/cgminer.c:2687:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displayed_hashes[16], displayed_rolling[16];
data/cgminer-4.9.2/cgminer.c:2721:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[CURBUFSIZ]; \
data/cgminer-4.9.2/cgminer.c:2726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[CURBUFSIZ]; \
data/cgminer-4.9.2/cgminer.c:2799:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[256], unique_id[12];
data/cgminer-4.9.2/cgminer.c:2833:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unique_id, "%-8d", cgpu->device_id);
data/cgminer-4.9.2/cgminer.c:2858:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displayed_hashes[16], displayed_rolling[16];
data/cgminer-4.9.2/cgminer.c:2877:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displayed_hashes[16], displayed_rolling[16];
data/cgminer-4.9.2/cgminer.c:3133:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[20];
data/cgminer-4.9.2/cgminer.c:3134:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disposition[36] = "reject";
data/cgminer-4.9.2/cgminer.c:3135:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[32];
data/cgminer-4.9.2/cgminer.c:3199:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rhash[32];
data/cgminer-4.9.2/cgminer.c:3200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diffdisp[16];
data/cgminer-4.9.2/cgminer.c:3223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[256];
data/cgminer-4.9.2/cgminer.c:3248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashshow[64 + 4] = "";
data/cgminer-4.9.2/cgminer.c:3249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worktime[200] = "";
data/cgminer-4.9.2/cgminer.c:3252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gbt_block[1024], varint[12];
data/cgminer-4.9.2/cgminer.c:3253:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[80];
data/cgminer-4.9.2/cgminer.c:3266:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gbt_block, "fd"); // +2
data/cgminer-4.9.2/cgminer.c:3271:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(gbt_block, "fe"); // +2
data/cgminer-4.9.2/cgminer.c:3324:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workclone[20];
data/cgminer-4.9.2/cgminer.c:3385:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[256];
data/cgminer-4.9.2/cgminer.c:3586:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bench_hidiff_bins[16][160];
data/cgminer-4.9.2/cgminer.c:3587:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bench_lodiff_bins[16][160];
data/cgminer-4.9.2/cgminer.c:3588:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bench_target[32];
data/cgminer-4.9.2/cgminer.c:3606:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cgminer-4.9.2/cgminer.c:3629:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cgminer-4.9.2/cgminer.c:3630:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[1024];
data/cgminer-4.9.2/cgminer.c:3635:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
benchfile_in = fopen(opt_benchfile, "r");
data/cgminer-4.9.2/cgminer.c:3666:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *commas[BENCHWORK_COUNT];
data/cgminer-4.9.2/cgminer.c:3701:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(item, "0000000%c", commas[BENCHWORK_VERSION][0]);
data/cgminer-4.9.2/cgminer.c:3705:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&(item[j]), "%.8s", &commas[BENCHWORK_PREVHASH][i]);
data/cgminer-4.9.2/cgminer.c:3710:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&(item[j]), "%.8s", &commas[BENCHWORK_MERKLEROOT][i]);
data/cgminer-4.9.2/cgminer.c:3714:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nonce_time = atol(commas[BENCHWORK_NONCETIME]);
data/cgminer-4.9.2/cgminer.c:3716:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&(item[j]), "%08lx", nonce_time);
data/cgminer-4.9.2/cgminer.c:3952:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bin[4];
data/cgminer-4.9.2/cgminer.c:4179:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bin[4];
data/cgminer-4.9.2/cgminer.c:4352:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char swap[80];
data/cgminer-4.9.2/cgminer.c:4354:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash1[32];
data/cgminer-4.9.2/cgminer.c:4655:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bedata[32];
data/cgminer-4.9.2/cgminer.c:4656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexstr[68];
data/cgminer-4.9.2/cgminer.c:4807:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi(cvar);
data/cgminer-4.9.2/cgminer.c:5403:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, ".cgminer/");
data/cgminer-4.9.2/cgminer.c:5427:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str, filename[PATH_MAX], prompt[PATH_MAX + 50];
data/cgminer-4.9.2/cgminer.c:5446:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcfg = fopen(filename, "w");
data/cgminer-4.9.2/cgminer.c:5793:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[256];
data/cgminer-4.9.2/cgminer.c:5829:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displayed_hashes[16], displayed_rolling[16];
data/cgminer-4.9.2/cgminer.c:5830:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displayed_r1[16], displayed_r5[16], displayed_r15[16];
data/cgminer-4.9.2/cgminer.c:5869:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashshow[64];
data/cgminer-4.9.2/cgminer.c:6097:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[16];
data/cgminer-4.9.2/cgminer.c:6204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[16];
data/cgminer-4.9.2/cgminer.c:6216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char noncehex[12], nonce2hex[20], s[1024];
data/cgminer-4.9.2/cgminer.c:6219:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce2[8];
data/cgminer-4.9.2/cgminer.c:6377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/cgminer-4.9.2/cgminer.c:6705:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash1[32];
data/cgminer-4.9.2/cgminer.c:6713:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char target[32];
data/cgminer-4.9.2/cgminer.c:6803:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char merkle_root[32], merkle_sha[64];
data/cgminer-4.9.2/cgminer.c:6939:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char merkle_root[32], merkle_sha[64];
data/cgminer-4.9.2/cgminer.c:7807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[16];
data/cgminer-4.9.2/cgminer.c:7920:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[16];
data/cgminer-4.9.2/cgminer.c:7923:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lpreq[1024];
data/cgminer-4.9.2/cgminer.c:7957:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lpreq, "{\"id\": 0, \"method\": \"getblockcount\"}\n");
data/cgminer-4.9.2/cgminer.c:7982:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lpreq, "{\"id\": 0, \"method\": \"getblockhash\", \"params\": [%d]}\n", height);
data/cgminer-4.9.2/cgminer.c:8383:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_str[8];
data/cgminer-4.9.2/cgminer.c:8434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[255];
data/cgminer-4.9.2/cgminer.c:8604:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(input, "-1");
data/cgminer-4.9.2/cgminer.c:9003:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4];
data/cgminer-4.9.2/cgminer.c:9355:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pool->rpc_url, "Benchfile");
data/cgminer-4.9.2/cgminer.c:9357:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pool->rpc_url, "Benchmark");
data/cgminer-4.9.2/compat/jansson-2.6/src/dump.c:96:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[13];
data/cgminer-4.9.2/compat/jansson-2.6/src/dump.c:148:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seq, "\\u%04x", codepoint);
data/cgminer-4.9.2/compat/jansson-2.6/src/dump.c:161:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seq, "\\u%04x\\u%04x", first, last);
data/cgminer-4.9.2/compat/jansson-2.6/src/dump.c:211:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_INTEGER_STR_LENGTH];
data/cgminer-4.9.2/compat/jansson-2.6/src/dump.c:225:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_REAL_STR_LENGTH];
data/cgminer-4.9.2/compat/jansson-2.6/src/dump.c:458:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *output = fopen(path, "w");
data/cgminer-4.9.2/compat/jansson-2.6/src/error.c:31:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(error->source, "...");
data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable.h:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1];
data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable_seed.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[sizeof(uint32_t)];
data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable_seed.c:71:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
urandom = open("/dev/urandom", O_RDONLY);
data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable_seed.c:80:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
urandom = fopen("/dev/urandom", "rb");
data/cgminer-4.9.2/compat/jansson-2.6/src/jansson.h:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[JSON_ERROR_SOURCE_LENGTH];
data/cgminer-4.9.2/compat/jansson-2.6/src/jansson.h:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[JSON_ERROR_TEXT_LENGTH];
data/cgminer-4.9.2/compat/jansson-2.6/src/jansson_private.h:31:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define va_copy(a, b) memcpy(&(a), &(b), sizeof(va_list))
data/cgminer-4.9.2/compat/jansson-2.6/src/load.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[5];
data/cgminer-4.9.2/compat/jansson-2.6/src/load.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_text[JSON_ERROR_TEXT_LENGTH];
data/cgminer-4.9.2/compat/jansson-2.6/src/load.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_with_context[JSON_ERROR_TEXT_LENGTH];
data/cgminer-4.9.2/compat/jansson-2.6/src/load.c:384:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/cgminer-4.9.2/compat/jansson-2.6/src/load.c:432:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, buffer, length);
data/cgminer-4.9.2/compat/jansson-2.6/src/load.c:1010:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "rb");
data/cgminer-4.9.2/compat/jansson-2.6/src/load.c:1028:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_BUF_LEN];
data/cgminer-4.9.2/compat/jansson-2.6/src/memory.c:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_str, str, len + 1);
data/cgminer-4.9.2/compat/jansson-2.6/src/strbuffer.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strbuff->value + strbuff->length, data, size);
data/cgminer-4.9.2/compat/jansson-2.6/src/value.c:428:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest[dpos], &src[spos], count * sizeof(json_t *));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/core.c:1028:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
r = usbi_backend->open(_handle);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/core.c:1693:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctx->debug = atoi(dbg);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:63:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, 2);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:77:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dp, sp, 4);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:172:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extra, begin, len);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:277:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char *) ifp->extra, begin, len);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:430:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char *) config->extra, begin, len);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:482:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char *) desc, (unsigned char *) &dev->device_descriptor,
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:505:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[8];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:570:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[8];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:632:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[6];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/descriptor.c:711:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tbuf[255]; /* Some devices choke on size > 255 */
data/cgminer-4.9.2/compat/libusb-1.0/libusb/libusbi.h:602:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct libusb_device_handle *handle);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/darwin_usb.h:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sys_path[21];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_netlink.c:187:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:502:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, priv->dev_descriptor, DEVICE_DESC_LENGTH);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:514:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:534:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:605:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, priv->config_descriptor, len);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:613:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4] = {0, 0, 0, 0};
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:658:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[6];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:691:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[6];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:756:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, tmp, to_copy);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:883:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:903:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[8];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:1025:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:1027:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:1182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirpath[PATH_MAX];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:1202:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
devaddr = atoi(entry->d_name);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:1248:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
busnum = atoi(entry->d_name);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:1329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:1334:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hpriv->fd = open(filename, O_RDWR);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[USBFS_MAXDRIVERNAME + 1];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.h:118:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char port[127]; /* port to device num mapping */
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnode[16];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnode[16];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:149:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(devnode, O_RDONLY)) < 0) {
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:208:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dpriv->fd = open(dpriv->devnode, O_RDWR);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:210:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dpriv->fd = open(dpriv->devnode, O_RDONLY);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:248:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &dpriv->ddesc, DEVICE_DESC_LENGTH);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, dpriv->cdesc, len);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:288:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dpriv->devnode, O_RDONLY);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:664:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, devnode[16];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:683:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = open(devnode, O_RDWR)) < 0) && (errno == ENXIO))
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:684:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(devnode, mode)) < 0)
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:384:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&poll_fd[i], &wfd, sizeof(struct winfd));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:455:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wfd, &poll_fd[i], sizeof(struct winfd));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:481:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wfd, &poll_fd[i], sizeof(struct winfd));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_windows.c:507:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wfd, &poll_fd[i], sizeof(struct winfd));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:117:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char guid_string[MAX_GUID_STRING_LENGTH];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:120:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(guid_string, "{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}",
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:134:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char err_string[ERR_BUFFER_SIZE];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:506:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(htab_table[idx].str, str, safe_strlen(str)+1);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH_LENGTH];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:594:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char sep_str[2] = {LIST_SEPARATOR, 0};
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:601:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_str, driver, len+1);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:697:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sem_name[11+1+8]; // strlen(libusb_init)+'\0'+(32-bit hex PID)
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:699:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sem_name, "libusb_init%08X", (unsigned int)GetCurrentProcessId()&0xFFFFFFFF);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:953:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(priv->config_descriptor[i], cd_data, cd_data->wTotalLength);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:1030:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&priv->dev_descriptor, &(conn_info.DeviceDescriptor), sizeof(USB_DEVICE_DESCRIPTOR));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:1183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH_LENGTH];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:1184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[MAX_PATH_LENGTH];
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:1516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sem_name[11+1+8]; // strlen(libusb_init)+'\0'+(32-bit hex PID)
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:1518:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sem_name, "libusb_init%08X", (unsigned int)GetCurrentProcessId()&0xFFFFFFFF);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:1572:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &(priv->dev_descriptor), DEVICE_DESC_LENGTH);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:1594:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, priv->config_descriptor[config_index], size);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:1623:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return priv->apib->open(dev_handle);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:2149:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PRINT_UNSUPPORTED_API(open);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.c:2846:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
r = usb_api_backend[api].open(dev_handle);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h:62:50: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define safe_strcp(dst, dst_max, src, count) do {memcpy(dst, src, safe_min(count, dst_max)); \
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h:128:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct libusb_device_handle *dev_handle);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[MAX_KEY_LENGTH+1];// REG_MULTI_SZ list of services (driver) names
data/cgminer-4.9.2/compat/libusb-1.0/libusb/sync.c:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + LIBUSB_CONTROL_SETUP_SIZE, data, wLength);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/sync.c:119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, libusb_control_transfer_get_data(transfer),
data/cgminer-4.9.2/driver-SPI-bitmine-A1.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[256];
data/cgminer-4.9.2/driver-SPI-bitmine-A1.c:113:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(pos, "%.2X ", buff[i]);
data/cgminer-4.9.2/driver-SPI-bitmine-A1.c:147:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a1->spi_tx + 2, data, len);
data/cgminer-4.9.2/driver-SPI-bitmine-A1.c:242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a1->spi_rx, ret, 8);
data/cgminer-4.9.2/driver-SPI-bitmine-A1.c:251:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a1->spi_tx, job, WRITE_JOB_LENGTH);
data/cgminer-4.9.2/driver-SPI-bitmine-A1.c:644:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nonce, ret + 2, 4);
data/cgminer-4.9.2/driver-SPI-bitmine-A1.c:1104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[10];
data/cgminer-4.9.2/driver-avalon.c:127:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at->midstate, work->midstate, 32);
data/cgminer-4.9.2/driver-avalon.c:128:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at->data, work->data + 64, 12);
data/cgminer-4.9.2/driver-avalon.c:165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, at, AVALON_WRITE_SIZE);
data/cgminer-4.9.2/driver-avalon.c:235:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, at, AVALON_WRITE_SIZE);
data/cgminer-4.9.2/driver-avalon.c:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[AVALON_READBUF_SIZE];
data/cgminer-4.9.2/driver-avalon.c:313:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[total], &readbuf[ofs], cp);
data/cgminer-4.9.2/driver-avalon.c:410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ+1];
data/cgminer-4.9.2/driver-avalon.c:446:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(buf);
data/cgminer-4.9.2/driver-avalon.c:471:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon);
data/cgminer-4.9.2/driver-avalon.c:486:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon2);
data/cgminer-4.9.2/driver-avalon.c:504:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon3);
data/cgminer-4.9.2/driver-avalon.c:518:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon4);
data/cgminer-4.9.2/driver-avalon.c:527:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon5);
data/cgminer-4.9.2/driver-avalon.c:1004:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[AVALON_READBUF_SIZE];
data/cgminer-4.9.2/driver-avalon.c:1007:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[16];
data/cgminer-4.9.2/driver-avalon.c:1013:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[rsize];
data/cgminer-4.9.2/driver-avalon.c:1043:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&readbuf[offset], &buf, ret);
data/cgminer-4.9.2/driver-avalon.c:1142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[16];
data/cgminer-4.9.2/driver-avalon.c:1231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[16];
data/cgminer-4.9.2/driver-avalon.c:1581:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cgminer-4.9.2/driver-avalon.c:1604:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mcw[24];
data/cgminer-4.9.2/driver-avalon.c:1606:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mcw, "match_work_count%d", i + 1);
data/cgminer-4.9.2/driver-avalon.c:1641:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "freq: range %d-%d millivolts: range %d-%d",
data/cgminer-4.9.2/driver-avalon.c:1654:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing millivolts setting");
data/cgminer-4.9.2/driver-avalon.c:1658:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-avalon.c:1668:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "Set millivolts failed");
data/cgminer-4.9.2/driver-avalon.c:1675:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing freq setting");
data/cgminer-4.9.2/driver-avalon.c:1679:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-avalon.h:190:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define ASSERT1(condition) __maybe_unused static char sizeof_uint32_t_must_be_4[(condition)?1:-1]
data/cgminer-4.9.2/driver-avalon2.c:41:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define ASSERT1(condition) __maybe_unused static char sizeof_uint32_t_must_be_4[(condition)?1:-1]
data/cgminer-4.9.2/driver-avalon2.c:296:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)ar, pkg, AVA2_READ_SIZE);
data/cgminer-4.9.2/driver-avalon2.c:309:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&modular_id, ar->data + 28, 4);
data/cgminer-4.9.2/driver-avalon2.c:317:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&miner, ar->data + 0, 4);
data/cgminer-4.9.2/driver-avalon2.c:318:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pool_no, ar->data + 4, 4);
data/cgminer-4.9.2/driver-avalon2.c:319:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nonce2, ar->data + 8, 4);
data/cgminer-4.9.2/driver-avalon2.c:321:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nonce, ar->data + 16, 4);
data/cgminer-4.9.2/driver-avalon2.c:322:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_id, ar->data + 20, 4);
data/cgminer-4.9.2/driver-avalon2.c:357:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, ar->data, 4);
data/cgminer-4.9.2/driver-avalon2.c:362:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, ar->data + 4, 4);
data/cgminer-4.9.2/driver-avalon2.c:367:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->get_frequency[modular_id]), ar->data + 8, 4);
data/cgminer-4.9.2/driver-avalon2.c:368:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->get_voltage[modular_id]), ar->data + 12, 4);
data/cgminer-4.9.2/driver-avalon2.c:369:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->local_work[modular_id]), ar->data + 16, 4);
data/cgminer-4.9.2/driver-avalon2.c:370:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->hw_work[modular_id]), ar->data + 20, 4);
data/cgminer-4.9.2/driver-avalon2.c:371:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->power_good[modular_id]), ar->data + 24, 4);
data/cgminer-4.9.2/driver-avalon2.c:445:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pkg, AVA2_WRITE_SIZE);
data/cgminer-4.9.2/driver-avalon2.c:461:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char target[32];
data/cgminer-4.9.2/driver-avalon2.c:482:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:485:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 4, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:489:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 8, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:492:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 12, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:495:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 16, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:498:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 20, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:501:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 24, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:508:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, target, 32);
data/cgminer-4.9.2/driver-avalon2.c:540:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, coinbase_prehash, 32);
data/cgminer-4.9.2/driver-avalon2.c:546:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->coinbase + coinbase_len_prehash + i * 32 - 32, 32);
data/cgminer-4.9.2/driver-avalon2.c:553:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->coinbase + coinbase_len_prehash + i * 32 - 32, b);
data/cgminer-4.9.2/driver-avalon2.c:563:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->coinbase + i * 32, 32);
data/cgminer-4.9.2/driver-avalon2.c:570:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->coinbase + i * 32, b);
data/cgminer-4.9.2/driver-avalon2.c:582:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->swork.merkle_bin[i], 32);
data/cgminer-4.9.2/driver-avalon2.c:591:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->header_bin + i * 32, 32);
data/cgminer-4.9.2/driver-avalon2.c:642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mm_version[AVA2_DEFAULT_MODULARS][16];
data/cgminer-4.9.2/driver-avalon2.c:661:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(detect_pkg.data + 28, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:676:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mm_version[i], ret_pkg.data, 15);
data/cgminer-4.9.2/driver-avalon2.c:759:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 12, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:762:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 28, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:797:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pool_stratum->coinbase, pool->coinbase, coinbase_len);
data/cgminer-4.9.2/driver-avalon2.c:806:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pool_stratum->swork.merkle_bin[i], pool->swork.merkle_bin[i], 32);
data/cgminer-4.9.2/driver-avalon2.c:883:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:892:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 4, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:895:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 8, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:905:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 12, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:908:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 16, &tmp, 4);
data/cgminer-4.9.2/driver-avalon2.c:964:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/cgminer-4.9.2/driver-avalon2.c:971:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "ID%d MM Version", i + 1);
data/cgminer-4.9.2/driver-avalon2.c:990:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Match work count%02d", j+1);
data/cgminer-4.9.2/driver-avalon2.c:999:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Local works%d", i + 1);
data/cgminer-4.9.2/driver-avalon2.c:1005:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Hardware error works%d", i + 1);
data/cgminer-4.9.2/driver-avalon2.c:1015:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Device hardware error%d%%", i + 1);
data/cgminer-4.9.2/driver-avalon2.c:1021:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Temperature%d", i + 1);
data/cgminer-4.9.2/driver-avalon2.c:1027:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Fan%d", i + 1);
data/cgminer-4.9.2/driver-avalon2.c:1033:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Voltage%d", i + 1);
data/cgminer-4.9.2/driver-avalon2.c:1039:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Frequency%d", i + 1);
data/cgminer-4.9.2/driver-avalon2.c:1045:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Power good %02x", i + 1);
data/cgminer-4.9.2/driver-avalon2.c:1051:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Led %02x", i + 1);
data/cgminer-4.9.2/driver-avalon2.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mm_version[AVA2_DEFAULT_MODULARS][16];
data/cgminer-4.9.2/driver-avalon4.c:189:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val1 = atoi(arg);
data/cgminer-4.9.2/driver-avalon4.c:200:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val2 = atoi(colon1);
data/cgminer-4.9.2/driver-avalon4.c:206:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val3 = atoi(colon2);
data/cgminer-4.9.2/driver-avalon4.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&miner, ar->data + 0, 4);
data/cgminer-4.9.2/driver-avalon4.c:391:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pool_no, ar->data + 4, 4);
data/cgminer-4.9.2/driver-avalon4.c:392:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nonce2, ar->data + 8, 4);
data/cgminer-4.9.2/driver-avalon4.c:393:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ntime, ar->data + 12, 4);
data/cgminer-4.9.2/driver-avalon4.c:394:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nonce, ar->data + 16, 4);
data/cgminer-4.9.2/driver-avalon4.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_id, ar->data + 20, 4);
data/cgminer-4.9.2/driver-avalon4.c:456:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, ar->data, 4);
data/cgminer-4.9.2/driver-avalon4.c:460:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, ar->data + 4, 4);
data/cgminer-4.9.2/driver-avalon4.c:464:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->get_frequency[modular_id]), ar->data + 8, 4);
data/cgminer-4.9.2/driver-avalon4.c:465:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->get_voltage[modular_id]), ar->data + 12, 4);
data/cgminer-4.9.2/driver-avalon4.c:466:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->local_work[modular_id]), ar->data + 16, 4);
data/cgminer-4.9.2/driver-avalon4.c:467:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->hw_work[modular_id]), ar->data + 20, 4);
data/cgminer-4.9.2/driver-avalon4.c:468:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->power_good[modular_id]), ar->data + 24, 4);
data/cgminer-4.9.2/driver-avalon4.c:557:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iic_pkg + 8, buf, wlen);
data/cgminer-4.9.2/driver-avalon4.c:660:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ver, rbuf + 4, AVA4_AUC_VER_LEN);
data/cgminer-4.9.2/driver-avalon4.c:741:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)ret, rbuf + 4, AVA4_READ_SIZE);
data/cgminer-4.9.2/driver-avalon4.c:765:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char target[32];
data/cgminer-4.9.2/driver-avalon4.c:782:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:785:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 4, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:789:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 8, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:792:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 12, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:795:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 16, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:798:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 20, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:801:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 24, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:808:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, target, 32);
data/cgminer-4.9.2/driver-avalon4.c:839:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, coinbase_prehash, 32);
data/cgminer-4.9.2/driver-avalon4.c:847:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->coinbase + coinbase_len_prehash + i * 32 - 32, 32);
data/cgminer-4.9.2/driver-avalon4.c:854:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->coinbase + coinbase_len_prehash + i * 32 - 32, b);
data/cgminer-4.9.2/driver-avalon4.c:864:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->swork.merkle_bin[i], 32);
data/cgminer-4.9.2/driver-avalon4.c:873:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->header_bin + i * 32, 32);
data/cgminer-4.9.2/driver-avalon4.c:887:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auc_ver[AVA4_AUC_VER_LEN];
data/cgminer-4.9.2/driver-avalon4.c:912:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->auc_version, auc_ver, AVA4_AUC_VER_LEN);
data/cgminer-4.9.2/driver-avalon4.c:990:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(detect_pkg.data + 28, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1014:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->mm_dna[i], ret_pkg.data, AVA4_MM_DNA_LEN);
data/cgminer-4.9.2/driver-avalon4.c:1016:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->mm_version[i], ret_pkg.data + AVA4_MM_DNA_LEN, AVA4_MM_VER_LEN);
data/cgminer-4.9.2/driver-avalon4.c:1067:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1074:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 4, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1147:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pool_stratum->coinbase, pool->coinbase, coinbase_len);
data/cgminer-4.9.2/driver-avalon4.c:1156:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pool_stratum->swork.merkle_bin[i], pool->swork.merkle_bin[i], 32);
data/cgminer-4.9.2/driver-avalon4.c:1204:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 2 * ((4 + i / 5 * 5) - i + (i / 5 * 5)), &tmp, 2);
data/cgminer-4.9.2/driver-avalon4.c:1241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 4, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1247:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 8, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1273:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1284:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 4, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1288:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 8, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1298:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 12, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1301:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 16, &tmp, 4);
data/cgminer-4.9.2/driver-avalon4.c:1553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/cgminer-4.9.2/driver-avalon4.c:1554:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statbuf[AVA4_DEFAULT_MODULARS][STATBUFLEN];
data/cgminer-4.9.2/driver-avalon4.c:1570:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " DNA[%02x%02x%02x%02x%02x%02x%02x%02x]",
data/cgminer-4.9.2/driver-avalon4.c:1587:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Elapsed[%.0f]", tdiff(&now, &(info->elapsed[i])));
data/cgminer-4.9.2/driver-avalon4.c:1604:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(statbuf[i], " MW[");
data/cgminer-4.9.2/driver-avalon4.c:1607:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%"PRIu64" ", info->local_works_i[i][j]);
data/cgminer-4.9.2/driver-avalon4.c:1609:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d ", info->matching_work[i][j]);
data/cgminer-4.9.2/driver-avalon4.c:1619:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " LW[%"PRIu64"]", info->local_works[i]);
data/cgminer-4.9.2/driver-avalon4.c:1637:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(statbuf[i], " MH[");
data/cgminer-4.9.2/driver-avalon4.c:1639:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%"PRIu64" ", info->hw_works_i[i][j]);
data/cgminer-4.9.2/driver-avalon4.c:1649:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " HW[%"PRIu64"]", info->hw_works[i]);
data/cgminer-4.9.2/driver-avalon4.c:1660:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " DH[%.3f%%]", hwp);
data/cgminer-4.9.2/driver-avalon4.c:1697:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " GHS5m[%.2f] DH5m[%.3f%%]", ((double)a - (double)b) * 4.295 / diff, hwp);
data/cgminer-4.9.2/driver-avalon4.c:1701:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(statbuf[i], " MDH5m[");
data/cgminer-4.9.2/driver-avalon4.c:1704:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.3f%% ", hwp);
data/cgminer-4.9.2/driver-avalon4.c:1714:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Temp[%d]", info->temp[i]);
data/cgminer-4.9.2/driver-avalon4.c:1721:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Fan[%d]", info->fan[i]);
data/cgminer-4.9.2/driver-avalon4.c:1728:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Vol[%.4f]", (float)info->get_voltage[i] / 10000);
data/cgminer-4.9.2/driver-avalon4.c:1746:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(statbuf[i], " MVol[");
data/cgminer-4.9.2/driver-avalon4.c:1748:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.4f ", (float)info->set_voltage_i[i][j] / 10000);
data/cgminer-4.9.2/driver-avalon4.c:1758:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Freq[%.2f]", (float)info->get_frequency[i] / 1000);
data/cgminer-4.9.2/driver-avalon4.c:1765:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " PG[%d]", info->power_good[i]);
data/cgminer-4.9.2/driver-avalon4.c:1772:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " Led[%d]", info->led_red[i]);
data/cgminer-4.9.2/driver-avalon4.c:1779:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "MM ID%d", i);
data/cgminer-4.9.2/driver-avalon4.c:1799:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "led|fan|voltage|frequency|pdelay");
data/cgminer-4.9.2/driver-avalon4.c:1805:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing polling delay setting");
data/cgminer-4.9.2/driver-avalon4.c:1809:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-avalon4.c:1811:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "invalid polling delay: %d, valid range 1-65535", val);
data/cgminer-4.9.2/driver-avalon4.c:1825:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing fan value");
data/cgminer-4.9.2/driver-avalon4.c:1830:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "invalid fan value, valid range 0-100");
data/cgminer-4.9.2/driver-avalon4.c:1843:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing frequency value");
data/cgminer-4.9.2/driver-avalon4.c:1848:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "invalid frequency value, valid range %d-%d",
data/cgminer-4.9.2/driver-avalon4.c:1862:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing module_id setting");
data/cgminer-4.9.2/driver-avalon4.c:1866:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-avalon4.c:1868:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "invalid module_id: %d, valid range 1-%d", val, AVA4_DEFAULT_MODULARS);
data/cgminer-4.9.2/driver-avalon4.c:1873:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "the current module was disabled %d", val);
data/cgminer-4.9.2/driver-avalon4.c:1890:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing voltage value");
data/cgminer-4.9.2/driver-avalon4.c:1897:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "invalid module_id or voltage value, valid module_id range %d-%d, valid voltage range %d-%d",
data/cgminer-4.9.2/driver-avalon4.c:1904:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "invalid miner_id, valid miner_id range %d-%d",
data/cgminer-4.9.2/driver-avalon4.c:1911:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "invalid val_offset, valid val_offset range %d-%d",
data/cgminer-4.9.2/driver-avalon4.c:1918:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "the current module was disabled %d", val_mod);
data/cgminer-4.9.2/driver-avalon4.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auc_version[AVA4_AUC_VER_LEN + 1];
data/cgminer-4.9.2/driver-avalon4.h:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mm_version[AVA4_DEFAULT_MODULARS][AVA4_MM_VER_LEN + 1];
data/cgminer-4.9.2/driver-bab.c:326:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *chip_speed_names[BAB_CHIP_SPEEDS] =
data/cgminer-4.9.2/driver-bab.c:877:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(DATAS(item)->wbuf[now_used]), data, siz);
data/cgminer-4.9.2/driver-bab.c:1056:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(babinfo->chip_results[i]),
data/cgminer-4.9.2/driver-bab.c:1063:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(when, &(DATAS(item)->work_start), sizeof(*when));
data/cgminer-4.9.2/driver-bab.c:1178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cgminer-4.9.2/driver-bab.c:1194:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
memfd = open(bab_memory, O_RDWR | O_SYNC);
data/cgminer-4.9.2/driver-bab.c:1217:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
babinfo->spifd = open(buf, O_RDWR);
data/cgminer-4.9.2/driver-bab.c:1367:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(ptr);
data/cgminer-4.9.2/driver-bab.c:1386:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(ptr);
data/cgminer-4.9.2/driver-bab.c:1403:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(ptr);
data/cgminer-4.9.2/driver-bab.c:1442:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(ptr);
data/cgminer-4.9.2/driver-bab.c:1454:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(ptr);
data/cgminer-4.9.2/driver-bab.c:1466:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lval = atol(ptr);
data/cgminer-4.9.2/driver-bab.c:1671:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(DATAW(witem)->work_start), &(DATAS(sitem)->work_start),
data/cgminer-4.9.2/driver-bab.c:1678:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(babinfo->first_work[chip]), &send, sizeof(send));
data/cgminer-4.9.2/driver-bab.c:1705:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(babinfo->last_sent_work), &send, sizeof(start));
data/cgminer-4.9.2/driver-bab.c:1757:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(DATAN(item)->found), when, sizeof(*when));
data/cgminer-4.9.2/driver-bab.c:2182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(DATAW(witem)->chip_input.midstate[0]),
data/cgminer-4.9.2/driver-bab.c:2185:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(DATAW(witem)->chip_input.merkle7),
data/cgminer-4.9.2/driver-bab.c:2221:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(DATAR(ritem)->when), &when, sizeof(when));
data/cgminer-4.9.2/driver-bab.c:2260:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(&(babinfo->chip_prev[chip])),
data/cgminer-4.9.2/driver-bab.c:2414:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2048];
data/cgminer-4.9.2/driver-bab.c:2415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/cgminer-4.9.2/driver-bflsc.c:66:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xlink, " master");
data/cgminer-4.9.2/driver-bflsc.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xlink[17];
data/cgminer-4.9.2/driver-bflsc.c:253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.payloadData, send1, send1_len);
data/cgminer-4.9.2/driver-bflsc.c:278:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.payloadData, send2, send2_len);
data/cgminer-4.9.2/driver-bflsc.c:336:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.payloadData, send, send_len);
data/cgminer-4.9.2/driver-bflsc.c:387:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.payloadData, buf, buflen);
data/cgminer-4.9.2/driver-bflsc.c:395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:558:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:631:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sc_dev.engines = atoi(fields[0]);
data/cgminer-4.9.2/driver-bflsc.c:650:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sc_info->sc_count = atoi(fields[0]);
data/cgminer-4.9.2/driver-bflsc.c:675:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sc_info->sc_devs[0]), &sc_dev, sizeof(sc_dev));
data/cgminer-4.9.2/driver-bflsc.c:694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:985:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:986:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[16];
data/cgminer-4.9.2/driver-bflsc.c:1017:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:1018:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[16];
data/cgminer-4.9.2/driver-bflsc.c:1049:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:1114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:1115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volt_buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:1119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xlink[17];
data/cgminer-4.9.2/driver-bflsc.c:1217:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = temp1 = (float)atoi(fields[0]);
data/cgminer-4.9.2/driver-bflsc.c:1218:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp2 = (float)atoi(fields[1]);
data/cgminer-4.9.2/driver-bflsc.c:1236:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vcc1 = (float)atoi(fields[0]) / 1000.0;
data/cgminer-4.9.2/driver-bflsc.c:1237:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vcc2 = (float)atoi(fields[1]) / 1000.0;
data/cgminer-4.9.2/driver-bflsc.c:1238:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vmain = (float)atoi(fields[2]) / 1000.0;
data/cgminer-4.9.2/driver-bflsc.c:1402:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(fields[sc_info->que_noncecount]);
data/cgminer-4.9.2/driver-bflsc.c:1419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char midstate[MIDSTATE_BYTES] = {}, blockdata[MERKLE_BYTES] = {};
data/cgminer-4.9.2/driver-bflsc.c:1421:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!hex2bin((unsigned char *)midstate, fields[QUE_MIDSTATE], MIDSTATE_BYTES) ||
data/cgminer-4.9.2/driver-bflsc.c:1422:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
!hex2bin((unsigned char *)blockdata, fields[QUE_BLOCKDATA], MERKLE_BYTES)) {
data/cgminer-4.9.2/driver-bflsc.c:1489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xlink[17];
data/cgminer-4.9.2/driver-bflsc.c:1539:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
que = atoi(fields[0]);
data/cgminer-4.9.2/driver-bflsc.c:1586:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:1689:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:1725:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.midState, work->midstate, MIDSTATE_BYTES);
data/cgminer-4.9.2/driver-bflsc.c:1726:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.blockData, work->data + MERKLE_OFFSET, MERKLE_BYTES);
data/cgminer-4.9.2/driver-bflsc.c:1841:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_pack, "WX", 2);
data/cgminer-4.9.2/driver-bflsc.c:1851:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_pack + offset, work->midstate, MIDSTATE_BYTES);
data/cgminer-4.9.2/driver-bflsc.c:1853:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_pack + offset, work->data + MERKLE_OFFSET, MERKLE_BYTES);
data/cgminer-4.9.2/driver-bflsc.c:2104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BFLSC_BUFSIZ+1];
data/cgminer-4.9.2/driver-bflsc.c:2105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16+1];
data/cgminer-4.9.2/driver-bflsc.c:2165:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(replybuf, "no set options available");
data/cgminer-4.9.2/driver-bflsc.c:2170:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "volt: range 0-9 clock: range 0-15");
data/cgminer-4.9.2/driver-bflsc.c:2176:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing volt setting");
data/cgminer-4.9.2/driver-bflsc.c:2180:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-bflsc.c:2194:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing clock setting");
data/cgminer-4.9.2/driver-bflsc.c:2198:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-bflsc.c:2242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4096];
data/cgminer-4.9.2/driver-bflsc.c:2243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/cgminer-4.9.2/driver-bflsc.c:2309:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Cortex %02x-%02x Nonces", i, i+15);
data/cgminer-4.9.2/driver-bflsc.c:2327:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Cortex %02x-%02x HW Errors", i, i+15);
data/cgminer-4.9.2/driver-bflsc.c:2332:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Core%d Nonces", i);
data/cgminer-4.9.2/driver-bflsc.c:2336:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Core%d HW Errors", i);
data/cgminer-4.9.2/driver-bflsc.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getinfo[(BFLSC_BUFSIZ+4)*4];
data/cgminer-4.9.2/driver-bitforce.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BITFORCE_BUFSIZ+1];
data/cgminer-4.9.2/driver-bitforce.c:344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BITFORCE_BUFSIZ+1];
data/cgminer-4.9.2/driver-bitforce.c:427:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ob[70];
data/cgminer-4.9.2/driver-bitforce.c:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BITFORCE_BUFSIZ+1];
data/cgminer-4.9.2/driver-bitforce.c:477:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)ob, ">>>>>>>>");
data/cgminer-4.9.2/driver-bitforce.c:478:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ob + 8, work->midstate, 32);
data/cgminer-4.9.2/driver-bitforce.c:479:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ob + 8 + 32, work->data + 64, 12);
data/cgminer-4.9.2/driver-bitforce.c:481:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)ob + 8 + 32 + 12, ">>>>>>>>");
data/cgminer-4.9.2/driver-bitforce.c:494:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)ob + 8 + 32 + 12 + 8, ">>>>>>>>");
data/cgminer-4.9.2/driver-bitforce.c:543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BITFORCE_BUFSIZ+1];
data/cgminer-4.9.2/driver-bitfury.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-bitfury.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/cgminer-4.9.2/driver-bitfury.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/cgminer-4.9.2/driver-bitfury.c:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/cgminer-4.9.2/driver-bitfury.c:234:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "debug-mode %d\n", opt_bxf_debug);
data/cgminer-4.9.2/driver-bitfury.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/cgminer-4.9.2/driver-bitfury.c:242:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "led-mode %d\n", opt_osm_led_mode);
data/cgminer-4.9.2/driver-bitfury.c:264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-bitfury.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/cgminer-4.9.2/driver-bitfury.c:278:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "flush\n");
data/cgminer-4.9.2/driver-bitfury.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-bitfury.c:292:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "version\n");
data/cgminer-4.9.2/driver-bitfury.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/driver-bitfury.c:441:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info->product, "NF%u", info->chips);
data/cgminer-4.9.2/driver-bitfury.c:621:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/cgminer-4.9.2/driver-bitfury.c:693:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4] = { 0 };
data/cgminer-4.9.2/driver-bitfury.c:708:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4] = { 0 };
data/cgminer-4.9.2/driver-bitfury.c:723:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20] = { 0 };
data/cgminer-4.9.2/driver-bitfury.c:724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rst_buf[8] = {0xFF, 0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, 0x00};
data/cgminer-4.9.2/driver-bitfury.c:950:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cgminer-4.9.2/driver-bitfury.c:953:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "clock %d %d\n", clockspeed, clockspeed);
data/cgminer-4.9.2/driver-bitfury.c:1088:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[24], buf[512];
data/cgminer-4.9.2/driver-bitfury.c:1095:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "target ffffffff\n");
data/cgminer-4.9.2/driver-bitfury.c:1195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[512], buf[45];
data/cgminer-4.9.2/driver-bitfury.c:1425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/cgminer-4.9.2/driver-bitfury.c:1427:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "maxroll %d\n", maxroll);
data/cgminer-4.9.2/driver-bitfury.c:1433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512], hexwork[156];
data/cgminer-4.9.2/driver-bitfury.c:1496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[16];
data/cgminer-4.9.2/driver-bitfury.c:1502:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(serial, "%08x", info->serial);
data/cgminer-4.9.2/driver-bitfury.c:1514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/cgminer-4.9.2/driver-bitfury.c:1517:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d.%d", info->ver_major, info->ver_minor);
data/cgminer-4.9.2/driver-bitfury.c:1528:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Core%d hwerror", i);
data/cgminer-4.9.2/driver-bitfury.c:1530:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Core%d jobs", i);
data/cgminer-4.9.2/driver-bitfury.c:1532:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Core%d submits", i);
data/cgminer-4.9.2/driver-bitfury.c:1542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/cgminer-4.9.2/driver-bitfury.c:1547:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Core%d submits", i);
data/cgminer-4.9.2/driver-bitfury.h:55:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char midstate[32];
data/cgminer-4.9.2/driver-bitfury.h:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[8];
data/cgminer-4.9.2/driver-bitfury.h:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spibuf[SPIBUF_SIZE];
data/cgminer-4.9.2/driver-bitmain.c:79:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bit_swap_table[256] =
data/cgminer-4.9.2/driver-bitmain.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ+1];
data/cgminer-4.9.2/driver-bitmain.c:228:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(buf);
data/cgminer-4.9.2/driver-bitmain.c:253:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon);
data/cgminer-4.9.2/driver-bitmain.c:268:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon2);
data/cgminer-4.9.2/driver-bitmain.c:282:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon3);
data/cgminer-4.9.2/driver-bitmain.c:295:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon4);
data/cgminer-4.9.2/driver-bitmain.c:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ+1];
data/cgminer-4.9.2/driver-bitmain.c:357:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(buf);
data/cgminer-4.9.2/driver-bitmain.c:382:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon);
data/cgminer-4.9.2/driver-bitmain.c:397:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon2);
data/cgminer-4.9.2/driver-bitmain.c:493:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->reg_data, reg_data, 4);
data/cgminer-4.9.2/driver-bitmain.c:582:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->works[cursentcount].midstate, DATAW(witem)->work->midstate, 32);
data/cgminer-4.9.2/driver-bitmain.c:583:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->works[cursentcount].data2, DATAW(witem)->work->data + 64, 12);
data/cgminer-4.9.2/driver-bitmain.c:644:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuf+datalen-2, &crc, 2);
data/cgminer-4.9.2/driver-bitmain.c:748:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm, data, sizeof(struct bitmain_rxstatus_data));
data/cgminer-4.9.2/driver-bitmain.c:762:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(bm->crc), data+datalen-2, 2);
data/cgminer-4.9.2/driver-bitmain.c:787:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->chain_asic_status, data+20, bm->chain_num*4);
data/cgminer-4.9.2/driver-bitmain.c:788:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->chain_asic_num, data+20+bm->chain_num*4, bm->chain_num);
data/cgminer-4.9.2/driver-bitmain.c:793:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->temp, data+20+bm->chain_num*5, bm->temp_num);
data/cgminer-4.9.2/driver-bitmain.c:795:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->fan, data+20+bm->chain_num*5+bm->temp_num, bm->fan_num);
data/cgminer-4.9.2/driver-bitmain.c:809:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm, data, 28);
data/cgminer-4.9.2/driver-bitmain.c:830:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(bm->crc), data+datalen-2, 2);
data/cgminer-4.9.2/driver-bitmain.c:851:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->chain_asic_num,
data/cgminer-4.9.2/driver-bitmain.c:865:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)bm->chain_asic_exist+i*32, data+dataindex, asic_num*4);
data/cgminer-4.9.2/driver-bitmain.c:878:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)bm->chain_asic_status+i*32, data+dataindex, asic_num*4);
data/cgminer-4.9.2/driver-bitmain.c:896:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->temp, data+dataindex, bm->temp_num);
data/cgminer-4.9.2/driver-bitmain.c:900:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm->fan, data+dataindex, bm->fan_num);
data/cgminer-4.9.2/driver-bitmain.c:954:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bm, data, sizeof(struct bitmain_rxnonce_data));
data/cgminer-4.9.2/driver-bitmain.c:985:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(bm->crc), data+datalen-2, 2);
data/cgminer-4.9.2/driver-bitmain.c:1168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64] = {0};
data/cgminer-4.9.2/driver-bitmain.c:1169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[10240] = {0};
data/cgminer-4.9.2/driver-bitmain.c:1176:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, ", ");
data/cgminer-4.9.2/driver-bitmain.c:1178:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "Fan%d: %d/m", i+1, info->fan[i]);
data/cgminer-4.9.2/driver-bitmain.c:1181:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, " ");
data/cgminer-4.9.2/driver-bitmain.c:1184:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, ", ");
data/cgminer-4.9.2/driver-bitmain.c:1186:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "Temp%d: %dC", i+1, info->temp[i]);
data/cgminer-4.9.2/driver-bitmain.c:1189:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ", TempMAX: %dC", info->temp_max);
data/cgminer-4.9.2/driver-bitmain.c:1479:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packethead, buf+i, sizeof(struct bitmain_packet_head));
data/cgminer-4.9.2/driver-bitmain.c:1513:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->chain_asic_exist, rxstatusdata.chain_asic_exist, BITMAIN_MAX_CHAIN_NUM*32);
data/cgminer-4.9.2/driver-bitmain.c:1514:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->chain_asic_status, rxstatusdata.chain_asic_status, BITMAIN_MAX_CHAIN_NUM*32);
data/cgminer-4.9.2/driver-bitmain.c:1608:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packethead, buf+i, sizeof(struct bitmain_packet_head));
data/cgminer-4.9.2/driver-bitmain.c:1751:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[BITMAIN_READBUF_SIZE];
data/cgminer-4.9.2/driver-bitmain.c:1753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[24];
data/cgminer-4.9.2/driver-bitmain.c:1760:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[rsize];
data/cgminer-4.9.2/driver-bitmain.c:1836:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(readbuf+offset, buf, ret);
data/cgminer-4.9.2/driver-bitmain.c:2012:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packethead, data+i, sizeof(struct bitmain_packet_head));
data/cgminer-4.9.2/driver-bitmain.c:2053:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->chain_asic_exist,
data/cgminer-4.9.2/driver-bitmain.c:2056:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->chain_asic_status,
data/cgminer-4.9.2/driver-bitmain.c:2213:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->reg_data, reg_data, 4);
data/cgminer-4.9.2/driver-bitmain.c:2223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ+1];
data/cgminer-4.9.2/driver-bitmain.c:2234:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(buf);
data/cgminer-4.9.2/driver-bitmain.c:2241:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
freq = atoi(colon);
data/cgminer-4.9.2/driver-bitmain.c:2251:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->reg_data, reg_data, len/2);
data/cgminer-4.9.2/driver-bitmain.c:2258:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char v[2];
data/cgminer-4.9.2/driver-bitmain.c:2411:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
info->device_fd = open(opt_bitmain_dev, O_RDWR|O_EXCL|O_NONBLOCK);
data/cgminer-4.9.2/driver-bitmain.c:2857:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char needbuf[16 * (BITMAIN_MAX_WORK_NUM + 1)], *needptr;
data/cgminer-4.9.2/driver-bitmain.c:2858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fillbuf[64];
data/cgminer-4.9.2/driver-bitmain.c:2859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rollbuf[64];
data/cgminer-4.9.2/driver-bitmain.c:2860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regbuf[16];
data/cgminer-4.9.2/driver-bitmain.c:2879:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[8];
data/cgminer-4.9.2/driver-bitmain.h:317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain_asic_status_t[BITMAIN_MAX_CHAIN_NUM][40];
data/cgminer-4.9.2/driver-bitmain.h:328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chain_asic_status_t[BITMAIN_MAX_CHAIN_NUM][320];
data/cgminer-4.9.2/driver-bitmain.h:486:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define ASSERT1(condition) __maybe_unused static char sizeof_uint32_t_must_be_4[(condition)?1:-1]
data/cgminer-4.9.2/driver-blockerupter.c:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/cgminer-4.9.2/driver-blockerupter.c:301:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Board%02d accepted", i);
data/cgminer-4.9.2/driver-blockerupter.c:303:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Board%02d nonces", i);
data/cgminer-4.9.2/driver-blockerupter.c:305:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Board%02d hwerror", i);
data/cgminer-4.9.2/driver-blockerupter.c:307:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Board%02d hashrate", i);
data/cgminer-4.9.2/driver-blockerupter.c:335:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&info->works[info->work_idx],work,sizeof(struct work));
data/cgminer-4.9.2/driver-blockerupter.c:391:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(work.data + 4 + 32 + 32, resp->ntime, 4);
data/cgminer-4.9.2/driver-cointerra.c:22:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, cointerra_hdr, 2);
data/cgminer-4.9.2/driver-cointerra.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CTA_MSG_SIZE];
data/cgminer-4.9.2/driver-cointerra.c:336:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rhash[32];
data/cgminer-4.9.2/driver-cointerra.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outhash[16];
data/cgminer-4.9.2/driver-cointerra.c:393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuf[CTA_MSG_SIZE];
data/cgminer-4.9.2/driver-cointerra.c:406:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char midstate[32], wdata[12];
data/cgminer-4.9.2/driver-cointerra.c:407:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexmidstate[68], hexwdata[28];
data/cgminer-4.9.2/driver-cointerra.c:410:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wid, &info->work_id, 2);
data/cgminer-4.9.2/driver-cointerra.c:427:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuf + 3, buf + 3, CTA_MSG_SIZE - 3);
data/cgminer-4.9.2/driver-cointerra.c:728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[24];
data/cgminer-4.9.2/driver-cointerra.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CTA_READBUF_SIZE];
data/cgminer-4.9.2/driver-cointerra.c:816:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CTA_MSG_SIZE];
data/cgminer-4.9.2/driver-cointerra.c:865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CTA_MSG_SIZE];
data/cgminer-4.9.2/driver-cointerra.c:899:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CTA_DRIVER_TAG, &info->work_id, 2);
data/cgminer-4.9.2/driver-cointerra.c:902:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CTA_WORK_MIDSTATE, swab, 32);
data/cgminer-4.9.2/driver-cointerra.c:905:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CTA_WORK_DATA, swab, 12);
data/cgminer-4.9.2/driver-cointerra.c:908:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CTA_WORK_NROLL, &nroll_limit, 2);
data/cgminer-4.9.2/driver-cointerra.c:910:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CTA_WORK_DIFFBITS, &diffbits, 1);
data/cgminer-4.9.2/driver-cointerra.c:933:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CTA_MSG_SIZE];
data/cgminer-4.9.2/driver-cointerra.c:1001:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CTA_MSG_SIZE];
data/cgminer-4.9.2/driver-cointerra.c:1156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bitmaphex[36];
data/cgminer-4.9.2/driver-cointerra.c:1158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cgminer-4.9.2/driver-cointerra.c:1168:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%u.%u.%u", info->fwrev[0], info->fwrev[1], info->fwrev[2]);
data/cgminer-4.9.2/driver-cointerra.c:1170:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%04u-%02u-%02u", info->fw_year, info->fw_month, info->fw_day);
data/cgminer-4.9.2/driver-cointerra.c:1178:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "CoreTemp%d", i);
data/cgminer-4.9.2/driver-cointerra.c:1185:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "PumpRPM%d", i);
data/cgminer-4.9.2/driver-cointerra.c:1189:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "FanRPM%d", i);
data/cgminer-4.9.2/driver-cointerra.c:1193:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "CoreFreqs%d", i);
data/cgminer-4.9.2/driver-cointerra.c:1198:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "CoreVolts%d", i);
data/cgminer-4.9.2/driver-cointerra.c:1208:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "CorePerfMode%d", i);
data/cgminer-4.9.2/driver-cointerra.c:1212:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "FanSpeed%d", i);
data/cgminer-4.9.2/driver-cointerra.c:1217:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "PipesEnabled%d", i);
data/cgminer-4.9.2/driver-cointerra.c:1224:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "HWErrors%d", i);
data/cgminer-4.9.2/driver-cointerra.c:1261:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Core%d hashrate", i);
data/cgminer-4.9.2/driver-cointerra.c:1268:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bitmapcount[40], asiccore[12];
data/cgminer-4.9.2/driver-cointerra.c:1271:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(asiccore, "Asic%dCore%d", asic, core);
data/cgminer-4.9.2/driver-cointerra.c:1298:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/cgminer-4.9.2/driver-cointerra.c:1299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/cgminer-4.9.2/driver-cointerra.c:1302:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IRVIN%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1305:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IRIIN%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1308:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IRVOUT%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1311:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IRIOUT%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1314:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IRTEMP1_%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1317:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IRTEMP2_%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1320:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IRPOUT%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1323:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IRPIN%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1326:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IREFFICIENCY%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1329:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"IRSTATUS%d",core+1);
data/cgminer-4.9.2/driver-cointerra.c:1331:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"0x%04X",info->irstat_status[core]);
data/cgminer-4.9.2/driver-cointerra.c:1336:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "CoreFmatch%d", i);
data/cgminer-4.9.2/driver-cointerra.h:228:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pipe_bitmap[128];
data/cgminer-4.9.2/driver-drillbit.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[8];
data/cgminer-4.9.2/driver-drillbit.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[9];
data/cgminer-4.9.2/driver-drillbit.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-drillbit.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_SERIALISED_IDENTITY];
data/cgminer-4.9.2/driver-drillbit.c:288:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info->product, "Thumb");
data/cgminer-4.9.2/driver-drillbit.c:290:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info->product, "Eight");
data/cgminer-4.9.2/driver-drillbit.c:292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->product, identity.product, sizeof(identity.product));
data/cgminer-4.9.2/driver-drillbit.c:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char search_key[9];
data/cgminer-4.9.2/driver-drillbit.c:342:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(search_key, "%08x", info->serial);
data/cgminer-4.9.2/driver-drillbit.c:390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_SERIALISED_BOARDCONFIG+1];
data/cgminer-4.9.2/driver-drillbit.c:496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[9];
data/cgminer-4.9.2/driver-drillbit.c:498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clksrc[4];
data/cgminer-4.9.2/driver-drillbit.c:530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_setting->config, &parsed_config, sizeof(BoardConfig));
data/cgminer-4.9.2/driver-drillbit.c:531:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_setting->key, key, 8);
data/cgminer-4.9.2/driver-drillbit.c:682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_SERIALISED_AUTOTUNEREQUEST+1];
data/cgminer-4.9.2/driver-drillbit.c:740:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_SERIALISED_WORKRESULT];
data/cgminer-4.9.2/driver-drillbit.c:848:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SZ_SERIALISED_WORKREQUEST+1];
data/cgminer-4.9.2/driver-drillbit.c:895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/cgminer-4.9.2/driver-drillbit.c:976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[16];
data/cgminer-4.9.2/driver-drillbit.c:982:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(serial, "%08x", info->serial);
data/cgminer-4.9.2/driver-drillbit.c:1028:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[offset], &FIELD, sizeof(FIELD)); \
data/cgminer-4.9.2/driver-drillbit.c:1041:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[offset], work->midstate, 32);
data/cgminer-4.9.2/driver-drillbit.c:1043:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[offset], work->data + 64, 12);
data/cgminer-4.9.2/driver-drillbit.h:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[8];
data/cgminer-4.9.2/driver-hashfast.c:68:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char crc8_table[256]; /* CRC-8 table */
data/cgminer-4.9.2/driver-hashfast.c:200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet[sizeof(struct hf_header)], data, len);
data/cgminer-4.9.2/driver-hashfast.c:224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet[sizeof(struct hf_header)], data, len);
data/cgminer-4.9.2/driver-hashfast.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HFA_GET_HEADER_BUFSIZE];
data/cgminer-4.9.2/driver-hashfast.c:304:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h, header, orig_len);
data/cgminer-4.9.2/driver-hashfast.c:357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/cgminer-4.9.2/driver-hashfast.c:386:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info->op_name, "%08x", info->serial_number);
data/cgminer-4.9.2/driver-hashfast.c:392:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(info->op_name, "%lx", (long unsigned int)usecs);
data/cgminer-4.9.2/driver-hashfast.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cgminer-4.9.2/driver-hashfast.c:628:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-hashfast.c:775:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cgminer-4.9.2/driver-hashfast.c:1066:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ds++, d++, sizeof(struct hf_g1_die_data));
data/cgminer-4.9.2/driver-hashfast.c:1292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threadname[16];
data/cgminer-4.9.2/driver-hashfast.c:1298:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-hashfast.c:1834:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op_hash_data.merkle_residual, work->data + 64, 4);
data/cgminer-4.9.2/driver-hashfast.c:1890:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cgminer-4.9.2/driver-hashfast.c:1931:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char which[16];
data/cgminer-4.9.2/driver-hashfast.h:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char op_name[36];
data/cgminer-4.9.2/driver-hashratio.c:158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)ar, pkg, HRTO_READ_SIZE);
data/cgminer-4.9.2/driver-hashratio.c:175:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&miner, ar->data + 0, 4);
data/cgminer-4.9.2/driver-hashratio.c:176:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pool_no, ar->data + 4, 4);
data/cgminer-4.9.2/driver-hashratio.c:177:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nonce2, ar->data + 8, 4);
data/cgminer-4.9.2/driver-hashratio.c:179:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nonce, ar->data + 12, 4);
data/cgminer-4.9.2/driver-hashratio.c:180:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_id, ar->data + 16, 4);
data/cgminer-4.9.2/driver-hashratio.c:209:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, ar->data, 4);
data/cgminer-4.9.2/driver-hashratio.c:217:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, ar->data + 4, 4);
data/cgminer-4.9.2/driver-hashratio.c:223:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, ar->data + 8, 4);
data/cgminer-4.9.2/driver-hashratio.c:229:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, ar->data + 12, 4);
data/cgminer-4.9.2/driver-hashratio.c:286:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_copy, buf_back + i, HRTO_READ_SIZE - i);
data/cgminer-4.9.2/driver-hashratio.c:287:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_copy + HRTO_READ_SIZE - i, buf_tmp, i);
data/cgminer-4.9.2/driver-hashratio.c:288:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_back, buf_copy, HRTO_READ_SIZE);
data/cgminer-4.9.2/driver-hashratio.c:307:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pkg, HRTO_WRITE_SIZE);
data/cgminer-4.9.2/driver-hashratio.c:342:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char target[32];
data/cgminer-4.9.2/driver-hashratio.c:356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:359:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 4, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:362:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 8, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:365:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 12, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:368:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 16, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:371:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 20, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:374:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data + 24, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:381:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, target, 32);
data/cgminer-4.9.2/driver-hashratio.c:409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->coinbase + i * 32, 32);
data/cgminer-4.9.2/driver-hashratio.c:419:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->coinbase + i * 32, b);
data/cgminer-4.9.2/driver-hashratio.c:429:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->swork.merkle_bin[i], 32);
data/cgminer-4.9.2/driver-hashratio.c:438:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkg.data, pool->header_bin + i * 32, 32);
data/cgminer-4.9.2/driver-hashratio.c:561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mm_version[16];
data/cgminer-4.9.2/driver-hashratio.c:575:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mm_version, "NONE");
data/cgminer-4.9.2/driver-hashratio.c:600:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mm_version, ret_pkg.data, 15);
data/cgminer-4.9.2/driver-hashratio.c:659:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pool_stratum->coinbase, pool->coinbase, coinbase_len);
data/cgminer-4.9.2/driver-hashratio.c:668:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pool_stratum->swork.merkle_bin[i], pool->swork.merkle_bin[i], 32);
data/cgminer-4.9.2/driver-hashratio.c:726:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:730:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 4, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:738:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 8, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:741:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(send_pkg.data + 12, &tmp, 4);
data/cgminer-4.9.2/driver-hashratio.c:772:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/cgminer-4.9.2/driver-hashratio.c:773:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[256];
data/cgminer-4.9.2/driver-hashratio.c:778:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "MM Version");
data/cgminer-4.9.2/driver-hashratio.c:782:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Asic Freq (MHz)");
data/cgminer-4.9.2/driver-hashratio.c:787:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Match work Modular %02d", i + 1);
data/cgminer-4.9.2/driver-hashratio.c:814:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Local works");
data/cgminer-4.9.2/driver-hashratio.c:818:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Hardware error works");
data/cgminer-4.9.2/driver-hashratio.c:823:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Device hardware error%%");
data/cgminer-4.9.2/driver-hashratio.c:827:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Temperature");
data/cgminer-4.9.2/driver-hashratio.c:832:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Fan%d", i+1);
data/cgminer-4.9.2/driver-hashratio.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mm_version[16];
data/cgminer-4.9.2/driver-icarus.c:66:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define ASSERT1(condition) __maybe_unused static char sizeof_uint32_t_must_be_4[(condition)?1:-1]
data/cgminer-4.9.2/driver-icarus.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rock_init[64];
data/cgminer-4.9.2/driver-icarus.c:673:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ+1];
data/cgminer-4.9.2/driver-icarus.c:754:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->read_time_limit = atoi(&buf[strlen(MODE_SHORT_STREQ)]);
data/cgminer-4.9.2/driver-icarus.c:772:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->read_time_limit = atoi(&buf[strlen(MODE_LONG_STREQ)]);
data/cgminer-4.9.2/driver-icarus.c:783:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->read_time = atoi(eq+1) * ICARUS_WAIT_TIMEOUT;
data/cgminer-4.9.2/driver-icarus.c:799:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->read_time = atoi(eq+1) * ICARUS_WAIT_TIMEOUT;
data/cgminer-4.9.2/driver-icarus.c:854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ+1];
data/cgminer-4.9.2/driver-icarus.c:921:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(buf);
data/cgminer-4.9.2/driver-icarus.c:940:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon);
data/cgminer-4.9.2/driver-icarus.c:950:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(colon2);
data/cgminer-4.9.2/driver-icarus.c:966:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char crcin[5] = {1, 1, 1, 1, 1};
data/cgminer-4.9.2/driver-icarus.c:967:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char crcout[5] = {1, 1, 1, 1, 1};
data/cgminer-4.9.2/driver-icarus.c:990:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(crcin, crcout, 5);
data/cgminer-4.9.2/driver-icarus.c:1066:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd_buf[4], rdreg_buf[4];
data/cgminer-4.9.2/driver-icarus.c:1068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-icarus.c:1119:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char voltage_data[2], cmd_buf[4];
data/cgminer-4.9.2/driver-icarus.c:1120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volt_buf[8];
data/cgminer-4.9.2/driver-icarus.c:1130:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(volt_buf, "%04d", opt_au3_volt);
data/cgminer-4.9.2/driver-icarus.c:1167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-icarus.c:1193:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_bin[ICARUS_READ_SIZE];
data/cgminer-4.9.2/driver-icarus.c:1436:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(intmp, info, sizeof(struct ICARUS_INFO));
data/cgminer-4.9.2/driver-icarus.c:1511:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_bin[ROCK_READ_SIZE];
data/cgminer-4.9.2/driver-icarus.c:1640:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&nonce, nonce_bin, ICARUS_READ_SIZE);
data/cgminer-4.9.2/driver-icarus.c:1800:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(workdata.midstate), work->midstate, ICARUS_MIDSTATE_SIZE);
data/cgminer-4.9.2/driver-icarus.c:1801:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(workdata.work), work->data + ICARUS_WORK_DATA_OFFSET, ICARUS_WORK_SIZE);
data/cgminer-4.9.2/driver-icarus.c:1887:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(info->history[i]),
data/cgminer-4.9.2/driver-icarus.c:1965:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_bin[ICARUS_BUF_SIZE];
data/cgminer-4.9.2/driver-icarus.c:2001:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(workdata.midstate), work->midstate, ICARUS_MIDSTATE_SIZE);
data/cgminer-4.9.2/driver-icarus.c:2002:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(workdata.work), work->data + ICARUS_WORK_DATA_OFFSET, ICARUS_WORK_SIZE);
data/cgminer-4.9.2/driver-icarus.c:2079:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&nonce, nonce_bin, ICARUS_READ_SIZE);
data/cgminer-4.9.2/driver-icarus.c:2101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&nonce, icarus->usbdev->buffer, sizeof(nonce_bin));
data/cgminer-4.9.2/driver-icarus.c:2142:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_bin[ICARUS_BUF_SIZE];
data/cgminer-4.9.2/driver-icarus.c:2246:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&nonce, nonce_bin, ICARUS_READ_SIZE);
data/cgminer-4.9.2/driver-icarus.c:2318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4096];
data/cgminer-4.9.2/driver-icarus.c:2413:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(replybuf, "no set options available");
data/cgminer-4.9.2/driver-icarus.c:2418:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "clock: range %d-%d",
data/cgminer-4.9.2/driver-icarus.c:2425:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing clock setting");
data/cgminer-4.9.2/driver-icarus.c:2429:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-klondike.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/cgminer-4.9.2/driver-klondike.c:610:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(&(klninfo->status[dev])),
data/cgminer-4.9.2/driver-klondike.c:702:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(&(klninfo->status[0])), (void *)kitem, sizeof(klninfo->status[0]));
data/cgminer-4.9.2/driver-klondike.c:728:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(klninfo->cfg[dev]), kitem, sizeof(klninfo->cfg[dev]));
data/cgminer-4.9.2/driver-klondike.c:928:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(klninfo->tv_last_nonce_received), &(kitem->tv_when),
data/cgminer-4.9.2/driver-klondike.c:1147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(klninfo->status[dev]),
data/cgminer-4.9.2/driver-klondike.c:1233:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kline.wt.midstate, work->midstate, MIDSTATE_BYTES);
data/cgminer-4.9.2/driver-klondike.c:1234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kline.wt.merkle, work->data + MERKLE_OFFSET, MERKLE_BYTES);
data/cgminer-4.9.2/driver-klondike.c:1251:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(klninfo->status[dev]), kitem, sizeof(klninfo->status[dev]));
data/cgminer-4.9.2/driver-klondike.c:1451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/cgminer-4.9.2/driver-klondike.c:1462:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Temp %d", dev);
data/cgminer-4.9.2/driver-klondike.c:1466:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Clock %d", dev);
data/cgminer-4.9.2/driver-klondike.c:1470:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Fan Percent %d", dev);
data/cgminer-4.9.2/driver-klondike.c:1476:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Fan RPM %d", dev);
data/cgminer-4.9.2/driver-klondike.c:1480:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2048];
data/cgminer-4.9.2/driver-klondike.c:1481:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char one[32];
data/cgminer-4.9.2/driver-klondike.c:1484:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Nonces / Chip %d", dev);
data/cgminer-4.9.2/driver-klondike.c:1492:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Errors / Chip %d", dev);
data/cgminer-4.9.2/driver-knc.c:781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[256];
data/cgminer-4.9.2/driver-knc.c:834:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coremap[die->cores+1];
data/cgminer-4.9.2/driver-minion.c:831:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpiointvalue[64];
data/cgminer-4.9.2/driver-minion.c:870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_interrupt[64];
data/cgminer-4.9.2/driver-minion.c:992:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pindir[64], ena[64], pin[8], dir[64];
data/cgminer-4.9.2/driver-minion.c:993:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpiointvalue[64];
data/cgminer-4.9.2/driver-minion.c:1010:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open(ena, O_WRONLY | O_SYNC);
data/cgminer-4.9.2/driver-minion.c:1046:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open(dir, O_WRONLY | O_SYNC);
data/cgminer-4.9.2/driver-minion.c:1072:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(gpiointvalue, O_WRONLY);
data/cgminer-4.9.2/driver-minion.c:1153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(when, &(DATA_RES(item)->when), sizeof(*when));
data/cgminer-4.9.2/driver-minion.c:1268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/cgminer-4.9.2/driver-minion.c:1397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dataw[DATA_ALL], datar[DATA_ALL];
data/cgminer-4.9.2/driver-minion.c:1418:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dataw[DATA_OFF], &obuf[0], osiz);
data/cgminer-4.9.2/driver-minion.c:1577:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rbuf[0], &datar[DATA_OFF], osiz);
data/cgminer-4.9.2/driver-minion.c:1656:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(head->data[0]), task->wbuf, task->wsiz);
data/cgminer-4.9.2/driver-minion.c:2122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cgminer-4.9.2/driver-minion.c:2129:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
minioninfo->spifd = open(minioncgpu->device_path, O_RDWR);
data/cgminer-4.9.2/driver-minion.c:2147:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
minioninfo->spifd = open(buf, O_RDWR);
data/cgminer-4.9.2/driver-minion.c:2187:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
memfd = open(minion_memory, O_RDWR | O_SYNC);
data/cgminer-4.9.2/driver-minion.c:2240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pindir[64], ena[64], pin[8], dir[64], edge[64], act[64];
data/cgminer-4.9.2/driver-minion.c:2259:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open(ena, O_WRONLY | O_SYNC);
data/cgminer-4.9.2/driver-minion.c:2299:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open(dir, O_WRONLY | O_SYNC);
data/cgminer-4.9.2/driver-minion.c:2326:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open(edge, O_WRONLY | O_SYNC);
data/cgminer-4.9.2/driver-minion.c:2352:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open(act, O_WRONLY | O_SYNC);
data/cgminer-4.9.2/driver-minion.c:2379:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
minioninfo->gpiointfd = open(minioninfo->gpiointvalue, O_RDONLY);
data/cgminer-4.9.2/driver-minion.c:2430:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(opt_minion_spireset+1);
data/cgminer-4.9.2/driver-minion.c:2450:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last_freq = (int)(round((double)atoi(freq) / (double)MINION_FREQ_FACTOR)) * MINION_FREQ_FACTOR;
data/cgminer-4.9.2/driver-minion.c:2478:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last_temp = atoi(temp);
data/cgminer-4.9.2/driver-minion.c:2522:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
core1 = atoi(core);
data/cgminer-4.9.2/driver-minion.c:2531:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
core2 = atoi(minus);
data/cgminer-4.9.2/driver-minion.c:2565:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->init_cores[i][0]), &(last_cores[0]), sizeof(last_cores));
data/cgminer-4.9.2/driver-minion.c:2575:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-minion.c:2708:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "reset: chip 0-%d freq: 0-%d:%d-%d "
data/cgminer-4.9.2/driver-minion.c:2720:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing chip to reset");
data/cgminer-4.9.2/driver-minion.c:2724:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chip = atoi(setting);
data/cgminer-4.9.2/driver-minion.c:2733:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "unable to reset chip %d - chip disabled",
data/cgminer-4.9.2/driver-minion.c:2744:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing chip:freq");
data/cgminer-4.9.2/driver-minion.c:2750:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing ':' for chip:freq");
data/cgminer-4.9.2/driver-minion.c:2756:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing freq in chip:freq");
data/cgminer-4.9.2/driver-minion.c:2760:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chip = atoi(setting);
data/cgminer-4.9.2/driver-minion.c:2769:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "unable to modify chip %d - chip not enabled",
data/cgminer-4.9.2/driver-minion.c:2774:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(colon);
data/cgminer-4.9.2/driver-minion.c:2803:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing ledcount value");
data/cgminer-4.9.2/driver-minion.c:2807:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-minion.c:2820:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing ledlimit value");
data/cgminer-4.9.2/driver-minion.c:2824:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-minion.c:2837:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing spidelay value");
data/cgminer-4.9.2/driver-minion.c:2841:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-minion.c:2856:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing spireset value");
data/cgminer-4.9.2/driver-minion.c:2872:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting+1);
data/cgminer-4.9.2/driver-minion.c:2888:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing spisleep value");
data/cgminer-4.9.2/driver-minion.c:2892:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-minion.c:2905:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing spiusec value");
data/cgminer-4.9.2/driver-minion.c:2909:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-minion.c:3485:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(DATA_RES(item)->when), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:3862:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(DATA_HIST(item)->when), when, sizeof(*when));
data/cgminer-4.9.2/driver-minion.c:4131:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->chip_status[chip].last), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4136:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->chip_status[chip].last), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4272:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(que->midstate[0]), &(DATA_WORK(witem)->work->midstate[0]), MIDSTATE_BYTES);
data/cgminer-4.9.2/driver-minion.c:4273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(que->merkle7[0]), &(DATA_WORK(witem)->work->data[MERKLE7_OFFSET]), MERKLE_BYTES);
data/cgminer-4.9.2/driver-minion.c:4680:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->chip_status[chip].idle_rpt), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4696:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cgminer-4.9.2/driver-minion.c:4697:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res_err_msg[2];
data/cgminer-4.9.2/driver-minion.c:4700:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ghs2_display[64];
data/cgminer-4.9.2/driver-minion.c:4707:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->chip_chk), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4708:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->chip_rpt), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4760:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->chip_chk), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4764:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->chip_rpt), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4800:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(DATA_PERF(pitem)->when), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4824:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->chip_chk), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4896:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(minioninfo->last_reset[chip]), &now, sizeof(now));
data/cgminer-4.9.2/driver-minion.c:4986:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cores[MINION_CORES+1];
data/cgminer-4.9.2/driver-minion.c:4987:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2048];
data/cgminer-4.9.2/driver-minion.c:4988:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/cgminer-4.9.2/driver-modminer.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0x100+1];
data/cgminer-4.9.2/driver-modminer.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0x100+1];
data/cgminer-4.9.2/driver-modminer.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[32];
data/cgminer-4.9.2/driver-modminer.c:191:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(devpath, "%d:%d:%d",
data/cgminer-4.9.2/driver-modminer.c:263:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char siz[2];
data/cgminer-4.9.2/driver-modminer.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/cgminer-4.9.2/driver-modminer.c:334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0x100], *p;
data/cgminer-4.9.2/driver-modminer.c:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devmsg[64];
data/cgminer-4.9.2/driver-modminer.c:612:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6], buf[1];
data/cgminer-4.9.2/driver-modminer.c:687:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2], buf[4];
data/cgminer-4.9.2/driver-modminer.c:748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[48];
data/cgminer-4.9.2/driver-modminer.c:753:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd[2], work->midstate, 32);
data/cgminer-4.9.2/driver-modminer.c:754:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd[34], work->data + 64, 12);
data/cgminer-4.9.2/driver-modminer.c:789:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2], temperature[2];
data/cgminer-4.9.2/driver-modminer.c:872:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2];
data/cgminer-4.9.2/driver-modminer.c:1097:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "clock: range %d-%d and a multiple of 2",
data/cgminer-4.9.2/driver-modminer.c:1104:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(replybuf, "missing clock setting");
data/cgminer-4.9.2/driver-modminer.c:1108:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(setting);
data/cgminer-4.9.2/driver-spondoolies-sp10.c:232:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(work->midstate, cg_work->midstate, 32);
data/cgminer-4.9.2/driver-spondoolies-sp10.c:328:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/var/run/mg_rate_temp", "r");
data/cgminer-4.9.2/driver-spondoolies-sp30.c:236:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(work->midstate, cg_work->midstate, 32);
data/cgminer-4.9.2/driver-spondoolies-sp30.c:365:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/var/run/mg_rate_temp", "r");
data/cgminer-4.9.2/fpgautils.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[sizeof(udevdir) + 1 + NAME_MAX];
data/cgminer-4.9.2/fpgautils.c:95:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(devpath, udevdir, sizeof(udevdir) - 1);
data/cgminer-4.9.2/fpgautils.c:366:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fdDev = open(devpath, O_RDWR | O_CLOEXEC | O_NOCTTY);
data/cgminer-4.9.2/fpgautils.c:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[PATH_MAX];
data/cgminer-4.9.2/fpgautils.c:469:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(fullpath, "rb");
data/cgminer-4.9.2/hexdump.c:34:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char v, line[BYTES_PER_LINE * 5];
data/cgminer-4.9.2/i2c-context.c:82:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int file = open(i2c_bus, O_RDWR);
data/cgminer-4.9.2/knc-asic.c:324:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, request, request_length);
data/cgminer-4.9.2/knc-asic.c:442:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response, response_buf, response_length);
data/cgminer-4.9.2/knc-asic.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char want_work[KNC_MAX_CORES_PER_DIE];
data/cgminer-4.9.2/knc-transport-spi.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/cgminer-4.9.2/knc-transport-spi.c:56:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (0 > (ctx->fd = open(dev_name, O_RDWR))) {
data/cgminer-4.9.2/libbitfury.c:209:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char otmp[3];
data/cgminer-4.9.2/libbitfury.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1] = {0x81}; // will send this waveform: - _ _ _ _ _ _ -
data/cgminer-4.9.2/libbitfury.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cgminer-4.9.2/logging.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datetime[64];
data/cgminer-4.9.2/logging.h:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[LOGBUFSIZ]; \
data/cgminer-4.9.2/logging.h:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[LOGBUFSIZ]; \
data/cgminer-4.9.2/logging.h:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[_SIZ]; \
data/cgminer-4.9.2/logging.h:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[LOGBUFSIZ]; \
data/cgminer-4.9.2/logging.h:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[LOGBUFSIZ]; \
data/cgminer-4.9.2/logging.h:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[LOGBUFSIZ]; \
data/cgminer-4.9.2/logging.h:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[LOGBUFSIZ]; \
data/cgminer-4.9.2/logging.h:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[LOGBUFSIZ]; \
data/cgminer-4.9.2/logging.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[LOGBUFSIZ]; \
data/cgminer-4.9.2/logging.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp42[LOGBUFSIZ]; \
data/cgminer-4.9.2/mcp2210.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MCP2210_BUFFER_LENGTH];
data/cgminer-4.9.2/mcp2210.c:329:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, data + offset, *length);
data/cgminer-4.9.2/mcp2210.c:341:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + offset, buf + 4, *length);
data/cgminer-4.9.2/miner.h:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char init[40];
data/cgminer-4.9.2/miner.h:1175:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char current_hash[68];
data/cgminer-4.9.2/miner.h:1214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diff[8];
data/cgminer-4.9.2/miner.h:1276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_block[32];
data/cgminer-4.9.2/miner.h:1307:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char previousblockhash[32];
data/cgminer-4.9.2/miner.h:1308:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gbt_target[32];
data/cgminer-4.9.2/miner.h:1321:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char merklebin[16 * 32];
data/cgminer-4.9.2/miner.h:1324:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scriptsig_base[100];
data/cgminer-4.9.2/miner.h:1325:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char script_pubkey[25 + 3];
data/cgminer-4.9.2/miner.h:1335:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header_bin[128];
data/cgminer-4.9.2/miner.h:1337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_hash[68];
data/cgminer-4.9.2/miner.h:1338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbversion[12];
data/cgminer-4.9.2/miner.h:1339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbit[12];
data/cgminer-4.9.2/miner.h:1340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntime[12];
data/cgminer-4.9.2/miner.h:1355:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[128];
data/cgminer-4.9.2/miner.h:1356:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char midstate[32];
data/cgminer-4.9.2/miner.h:1357:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char target[32];
data/cgminer-4.9.2/miner.h:1358:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/cgminer-4.9.2/miner.h:1425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char next_work_cmd[46];
data/cgminer-4.9.2/miner.h:1449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp13[TAILBUFSIZ]; \
data/cgminer-4.9.2/noncedup.c:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(DATAN(item)->when), &now, sizeof(now));
data/cgminer-4.9.2/sha2.c:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/cgminer-4.9.2/sha2.c:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 6],
data/cgminer-4.9.2/sha2.h:57:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[2 * SHA256_BLOCK_SIZE];
data/cgminer-4.9.2/spi-context.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_fname[PATH_MAX];
data/cgminer-4.9.2/spi-context.c:32:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(dev_fname, O_RDWR);
data/cgminer-4.9.2/usbutils.c:1162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[512];
data/cgminer-4.9.2/usbutils.c:1196:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char man[STRBUFLEN+1];
data/cgminer-4.9.2/usbutils.c:1197:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prod[STRBUFLEN+1];
data/cgminer-4.9.2/usbutils.c:1198:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ser[STRBUFLEN+1];
data/cgminer-4.9.2/usbutils.c:1199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[512];
data/cgminer-4.9.2/usbutils.c:1370:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "USB all: found %d devices", (int)count);
data/cgminer-4.9.2/usbutils.c:1637:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char manuf[256], prod[256];
data/cgminer-4.9.2/usbutils.c:2050:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char man[STRBUFLEN+1], prod[STRBUFLEN+1];
data/cgminer-4.9.2/usbutils.c:2055:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char strbuf[STRBUFLEN+1];
data/cgminer-4.9.2/usbutils.c:2056:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[32];
data/cgminer-4.9.2/usbutils.c:2057:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devstr[STRBUFLEN+1];
data/cgminer-4.9.2/usbutils.c:2653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modes_s[32];
data/cgminer-4.9.2/usbutils.c:3004:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/cgminer-4.9.2/usbutils.c:3128:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *ptr, usbbuf[USB_READ_BUFSIZE];
data/cgminer-4.9.2/usbutils.c:3383:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[70];
data/cgminer-4.9.2/usbutils.c:3423:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/cgminer-4.9.2/usbutils.c:3493:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tbuf[64];
data/cgminer-4.9.2/usbutils.c:3548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2], ret;
data/cgminer-4.9.2/usbutils.c:3778:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total_limit = atoi(opt_usb_select+1);
data/cgminer-4.9.2/usbutils.c:3801:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bus = atoi(ptr);
data/cgminer-4.9.2/usbutils.c:3808:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dev = atoi(colon);
data/cgminer-4.9.2/usbutils.c:3837:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lim = atoi(colon);
data/cgminer-4.9.2/usbutils.c:3945:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/cgminer-4.9.2/usbutils.c:4018:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/cgminer-4.9.2/usbutils.c:4025:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_CREAT|O_RDONLY, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
data/cgminer-4.9.2/usbutils.c:4053:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/cgminer-4.9.2/usbutils.c:4076:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/cgminer-4.9.2/usbutils.h:228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[USB_MAX_READ];
data/cgminer-4.9.2/util.c:512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curl_err_str[CURL_ERROR_SIZE];
data/cgminer-4.9.2/util.c:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len_hdr[64], user_agent_hdr[128];
data/cgminer-4.9.2/util.c:571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curl_err_str[CURL_ERROR_SIZE];
data/cgminer-4.9.2/util.c:631:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(len_hdr, "Content-Length: %lu",
data/cgminer-4.9.2/util.c:641:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ghashrate[255];
data/cgminer-4.9.2/util.c:643:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ghashrate, "X-Mining-Hashrate: %llu", global_hashrate);
data/cgminer-4.9.2/util.c:851:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
data/cgminer-4.9.2/util.c:1019:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b58bin[25];
data/cgminer-4.9.2/util.c:1102:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash_swap[32], target_swap[32];
data/cgminer-4.9.2/util.c:1649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url_address[256], port[6];
data/cgminer-4.9.2/util.c:1694:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(port, "80");
data/cgminer-4.9.2/util.c:1880:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[RBUFSIZE];
data/cgminer-4.9.2/util.c:1968:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *job_id, *prev_hash, *coinbase1, *coinbase2, *bbversion, *nbit,
data/cgminer-4.9.2/util.c:2151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *url, *port, address[256];
data/cgminer-4.9.2/util.c:2182:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port, "%d", port_no);
data/cgminer-4.9.2/util.c:2215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[RBUFSIZE];
data/cgminer-4.9.2/util.c:2222:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "{\"id\": %d, \"result\": \""PACKAGE"/"VERSION"\", \"error\": null}", id);
data/cgminer-4.9.2/util.c:2232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[RBUFSIZE];
data/cgminer-4.9.2/util.c:2239:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "{\"id\": %d, \"result\": \"pong\", \"error\": null}", id);
data/cgminer-4.9.2/util.c:2340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[RBUFSIZE], *sret = NULL;
data/cgminer-4.9.2/util.c:2387:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "{\"id\": %d, \"method\": \"mining.suggest_difficulty\", \"params\": [%d]}",
data/cgminer-4.9.2/util.c:2408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cgminer-4.9.2/util.c:2466:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[515];
data/cgminer-4.9.2/util.c:2491:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(pool->stratum_port);
data/cgminer-4.9.2/util.c:2527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[515];
data/cgminer-4.9.2/util.c:2532:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(pool->stratum_port);
data/cgminer-4.9.2/util.c:2535:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&buf[8], "CGMINER");
data/cgminer-4.9.2/util.c:2811:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[RBUFSIZE], *sret = NULL, *nonce1, *sessionid;
data/cgminer-4.9.2/util.c:2827:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "{\"id\": %d, \"method\": \"mining.subscribe\", \"params\": []}", swork_id++);
data/cgminer-4.9.2/util.c:2832:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "{\"id\": %d, \"method\": \"mining.subscribe\", \"params\": [\""PACKAGE"/"VERSION"\"]}", swork_id++);
data/cgminer-4.9.2/util.c:3049:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(txt, "0x%02x", *uptr);
data/cgminer-4.9.2/util.c:3062:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/cgminer-4.9.2/util.c:3302:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, n);
data/cgminer-4.9.2/A1-board-selector-CCR.c:125:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!U4_tca9535->read(U4_tca9535, 0x02, &tmp) || tmp != cm->U3p0) {
data/cgminer-4.9.2/A1-board-selector-CCR.c:172:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!U7->read(U7, 0, &retval))
data/cgminer-4.9.2/A1-desk-board-selector.c:119:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000);
data/cgminer-4.9.2/A1-desk-board-selector.c:123:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000);
data/cgminer-4.9.2/api-example.c:226:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = send(sock, command, strlen(command), 0);
data/cgminer-4.9.2/api-example.c:317:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) > 0)
data/cgminer-4.9.2/api-example.c:323:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) > 0)
data/cgminer-4.9.2/api-example.c:329:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) > 0)
data/cgminer-4.9.2/api.c:732:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/cgminer-4.9.2/api.c:814:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = cgmalloc(strlen(str) + count + 1);
data/cgminer-4.9.2/api.c:908:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
api_data->data = cgmalloc(strlen((char *)data) + 1);
data/cgminer-4.9.2/api.c:1132:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siz = (size_t)strlen(str);
data/cgminer-4.9.2/api.c:2715:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = buf = cgmalloc(strlen(param)+1);
data/cgminer-4.9.2/api.c:3243:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(details, "0");
data/cgminer-4.9.2/api.c:4159:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/cgminer-4.9.2/api.c:4248:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = cgmalloc(strlen(api_groups) + 1);
data/cgminer-4.9.2/api.c:4308:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd += strlen(cmds[i].name);
data/cgminer-4.9.2/api.c:4328:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd += strlen(cmds[i].name);
data/cgminer-4.9.2/api.c:4336:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = apigroups[GROUPOFFSET(group)].commands = cgmalloc(strlen(commands) + 1);
data/cgminer-4.9.2/api.c:4348:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd += strlen(cmds[i].name);
data/cgminer-4.9.2/api.c:4354:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = apigroups[GROUPOFFSET(NOPRIVGROUP)].commands = cgmalloc(strlen(commands) + 1);
data/cgminer-4.9.2/api.c:4381:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = cgmalloc(strlen(opt_api_allow) + 1);
data/cgminer-4.9.2/api.c:4409:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(original, ptr, sizeof(original));
data/cgminer-4.9.2/api.c:4433:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = ptr + strlen(ptr);
data/cgminer-4.9.2/api.c:4699:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expect_code_len = sizeof(expect) + strlen(opt_api_mcast_code);
data/cgminer-4.9.2/api.c:4762:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rep = sendto(reply_sock, replybuf, strlen(replybuf)+1,
data/cgminer-4.9.2/api.c:5039:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdsbuf = cgmalloc(strlen(cmd) + 3);
data/cgminer-4.9.2/api.c:5040:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cmdsbuf, "|");
data/cgminer-4.9.2/api.c:5065:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmdsbuf, "|");
data/cgminer-4.9.2/bitforce-firmware-flash.c:29:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ERRRESP(buf) buf, (buf[strlen(buf)-1] == '\n' ? "" : "\n")
data/cgminer-4.9.2/bitforce-firmware-flash.c:44:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t FWnameLen = strlen(FWname);
data/cgminer-4.9.2/ccan/opt/helpers.c:14:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *str = malloc(strlen(fmt) + strlen(arg));
data/cgminer-4.9.2/ccan/opt/helpers.c:14:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *str = malloc(strlen(fmt) + strlen(arg));
data/cgminer-4.9.2/ccan/opt/helpers.c:149:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, *b ? "true" : "false", OPT_SHOW_LEN);
data/cgminer-4.9.2/ccan/opt/helpers.c:154:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, *b ? "false" : "true", OPT_SHOW_LEN);
data/cgminer-4.9.2/ccan/opt/helpers.c:159:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(*p);
data/cgminer-4.9.2/ccan/opt/helpers.c:163:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf+1, *p, len);
data/cgminer-4.9.2/ccan/opt/opt.c:252:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *str = malloc(sizeof("Invalid argument '%s'") + strlen(arg));
data/cgminer-4.9.2/ccan/opt/parse.c:71:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argv[arg], strlen(argv[arg]),
data/cgminer-4.9.2/ccan/opt/parse.c:86:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argv[arg], strlen(argv[arg]),
data/cgminer-4.9.2/ccan/opt/test/run-checkopt.c:29:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output = realloc(output, strlen(output) + strlen(p) + 1);
data/cgminer-4.9.2/ccan/opt/test/run-checkopt.c:29:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output = realloc(output, strlen(output) + strlen(p) + 1);
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:45:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output = realloc(output, strlen(output) + strlen(p) + 1);
data/cgminer-4.9.2/ccan/opt/test/run-helpers.c:45:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output = realloc(output, strlen(output) + strlen(p) + 1);
data/cgminer-4.9.2/ccan/opt/test/utils.c:27:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, arg, OPT_SHOW_LEN);
data/cgminer-4.9.2/ccan/opt/test/utils.c:45:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(err_output) + strlen(p) + 1);
data/cgminer-4.9.2/ccan/opt/test/utils.c:45:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(err_output) + strlen(p) + 1);
data/cgminer-4.9.2/ccan/opt/usage.c:43:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("Usage: %s ") + strlen(argv0)
data/cgminer-4.9.2/ccan/opt/usage.c:43:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("Usage: %s ") + strlen(argv0)
data/cgminer-4.9.2/ccan/opt/usage.c:44:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("[-%.*s]") + opt_num_short + 1
data/cgminer-4.9.2/ccan/opt/usage.c:45:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(" ") + strlen(extra)
data/cgminer-4.9.2/ccan/opt/usage.c:45:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(" ") + strlen(extra)
data/cgminer-4.9.2/ccan/opt/usage.c:46:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("\n");
data/cgminer-4.9.2/ccan/opt/usage.c:50:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen("\n") + strlen(opt_table[i].desc)
data/cgminer-4.9.2/ccan/opt/usage.c:50:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen("\n") + strlen(opt_table[i].desc)
data/cgminer-4.9.2/ccan/opt/usage.c:51:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(":\n");
data/cgminer-4.9.2/ccan/opt/usage.c:53:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(opt_table[i].names) + strlen(" <arg>");
data/cgminer-4.9.2/ccan/opt/usage.c:53:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(opt_table[i].names) + strlen(" <arg>");
data/cgminer-4.9.2/ccan/opt/usage.c:54:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(OPT_SPACE_PAD)
data/cgminer-4.9.2/ccan/opt/usage.c:55:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(opt_table[i].desc) + 1;
data/cgminer-4.9.2/ccan/opt/usage.c:57:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen("(default: %s)")
data/cgminer-4.9.2/ccan/opt/usage.c:60:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen("\n");
data/cgminer-4.9.2/ccan/opt/usage.c:73:8: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, "]");
data/cgminer-4.9.2/ccan/opt/usage.c:80:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, "\n");
data/cgminer-4.9.2/ccan/opt/usage.c:95:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len < strlen(OPT_SPACE_PAD)
data/cgminer-4.9.2/ccan/opt/usage.c:96:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? (unsigned)strlen(OPT_SPACE_PAD) - len : 1,
data/cgminer-4.9.2/ccan/opt/usage.c:107:8: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, "\n");
data/cgminer-4.9.2/cgminer.c:447:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define JSON_LOAD_ERROR_LEN strlen(JSON_LOAD_ERROR)
data/cgminer-4.9.2/cgminer.c:894:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(httpinput, arg, 242);
data/cgminer-4.9.2/cgminer.c:917:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(arg);
data/cgminer-4.9.2/cgminer.c:919:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qlen = strlen(arg);
data/cgminer-4.9.2/cgminer.c:1816:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siz = JSON_LOAD_ERROR_LEN + strlen(arg) + strlen(err.text);
data/cgminer-4.9.2/cgminer.c:1816:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siz = JSON_LOAD_ERROR_LEN + strlen(arg) + strlen(err.text);
data/cgminer-4.9.2/cgminer.c:2204:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cbt_len = strlen(pool->coinbasetxn) / 2;
data/cgminer-4.9.2/cgminer.c:2276:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(txn);
data/cgminer-4.9.2/cgminer.c:2289:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(txn);
data/cgminer-4.9.2/cgminer.c:2416:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(flags) / 2;
data/cgminer-4.9.2/cgminer.c:2441:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(opt_btc_sig);
data/cgminer-4.9.2/cgminer.c:2613:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(suffix, "E");
data/cgminer-4.9.2/cgminer.c:2617:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(suffix, "P");
data/cgminer-4.9.2/cgminer.c:2621:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(suffix, "T");
data/cgminer-4.9.2/cgminer.c:2625:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(suffix, "G");
data/cgminer-4.9.2/cgminer.c:2629:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(suffix, "M");
data/cgminer-4.9.2/cgminer.c:2632:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(suffix, "K");
data/cgminer-4.9.2/cgminer.c:2831:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(unique_id, cgpu->unique_id, 8);
data/cgminer-4.9.2/cgminer.c:2838:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
devstatlen = strlen(logline);
data/cgminer-4.9.2/cgminer.c:2840:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline, blanks, STATBEFORELEN - devstatlen);
data/cgminer-4.9.2/cgminer.c:3137:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(reason, "");
data/cgminer-4.9.2/cgminer.c:3141:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(where, "");
data/cgminer-4.9.2/cgminer.c:3148:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t reasonLen = strlen(reasontmp);
data/cgminer-4.9.2/cgminer.c:3350:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(workclone, "O");
data/cgminer-4.9.2/cgminer.c:3692:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(commas[BENCHWORK_NONCETIME]);
data/cgminer-4.9.2/cgminer.c:3703:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(item);
data/cgminer-4.9.2/cgminer.c:4611:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prev_block, ¤t_hash[ofs], 8);
data/cgminer-4.9.2/cgminer.c:4897:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = buf = cgmalloc(strlen(str) * 2 + 1);
data/cgminer-4.9.2/cgminer.c:5399:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(filename, "/");
data/cgminer-4.9.2/cgminer.c:5402:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(filename, "");
data/cgminer-4.9.2/cgminer.c:5406:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(filename, "");
data/cgminer-4.9.2/cgminer.c:6281:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (likely(stratum_send(pool, s, strlen(s)))) {
data/cgminer-4.9.2/cgminer.c:6603:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pool->rpc_url[strlen(pool->rpc_url) - 1] != '/')
data/cgminer-4.9.2/cgminer.c:6606:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siz = strlen(pool->rpc_url) + strlen(copy_start) + 2;
data/cgminer-4.9.2/cgminer.c:6606:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siz = strlen(pool->rpc_url) + strlen(copy_start) + 2;
data/cgminer-4.9.2/cgminer.c:8603:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(input))
data/cgminer-4.9.2/cgminer.c:8663:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siz = strlen(pool->rpc_user) + strlen(pool->rpc_pass) + 2;
data/cgminer-4.9.2/cgminer.c:8663:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siz = strlen(pool->rpc_user) + strlen(pool->rpc_pass) + 2;
data/cgminer-4.9.2/cgminer.c:9059:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cgpu->usbdev->serial_string) > 4)
data/cgminer-4.9.2/cgminer.c:9322:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cgminer_path, "/");
data/cgminer-4.9.2/cgminer.c:9330:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(block->hash, "0");
data/cgminer-4.9.2/cgminer.c:9362:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(pool->diff, "?", sizeof(pool->diff)-1);
data/cgminer-4.9.2/cgminer.c:9403:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(opt_kernel_path, "/");
data/cgminer-4.9.2/cgminer.c:9499:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siz = strlen(pool->rpc_user) + strlen(pool->rpc_pass) + 2;
data/cgminer-4.9.2/cgminer.c:9499:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siz = strlen(pool->rpc_user) + strlen(pool->rpc_pass) + 2;
data/cgminer-4.9.2/compat/jansson-2.6/src/error.c:26:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(source);
data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable.c:33:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define hash_str(key) ((size_t)hashlittle((key), strlen(key), hashtable_seed))
data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable.c:237:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pair = jsonp_malloc(offsetof(pair_t, key) + strlen(key) + 1);
data/cgminer-4.9.2/compat/jansson-2.6/src/hashtable_seed.c:75:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ok = read(urandom, data, sizeof(uint32_t)) == sizeof(uint32_t);
data/cgminer-4.9.2/compat/jansson-2.6/src/load.c:989:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(lex_init(&lex, (get_func)fgetc, input))
data/cgminer-4.9.2/compat/jansson-2.6/src/memory.c:42:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/cgminer-4.9.2/compat/jansson-2.6/src/pack_unpack.c:175:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(str);
data/cgminer-4.9.2/compat/jansson-2.6/src/strbuffer.c:67:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strbuffer_append_bytes(strbuff, string, strlen(string));
data/cgminer-4.9.2/compat/jansson-2.6/src/strbuffer.c:97:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(backoff * 1000);
data/cgminer-4.9.2/compat/jansson-2.6/src/utf.c:170:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/io.c:1951:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(ctx->hotplug_pipe[0], &message, sizeof (message));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/darwin_usb.c:657:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/darwin_usb.c:1710:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read (pollfd->fd, &message, sizeof (message));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_netlink.c:103:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keylen = strlen(key);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_netlink.c:106:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (offset = 0 ; offset < len && '\0' != buffer[offset] ; offset += strlen(buffer + offset) + 1) {
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_netlink.c:172:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(tmp) - 1 ; i ; --i) {
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:572:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, buffer, DEVICE_DESC_LENGTH);;
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:622:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, tmp, sizeof(tmp));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:663:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, tmp, sizeof(tmp));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:731:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, tmp, sizeof(tmp));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:758:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, buffer + sizeof(tmp), len - sizeof(tmp));
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:855:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, buffer, len);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:987:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->sysfs_dir = malloc(strlen(sysfs_dir) + 1);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/linux_usbfs.c:1075:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, dev_buf, DEVICE_DESC_LENGTH);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:526:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(hpriv->pipe[0], &itransfer, sizeof(itransfer)) < 0) {
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/openbsd_usb.c:716:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nr = read(fd, transfer->buffer, transfer->length);
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/poll_posix.h:5:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usbi_read read
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h:65:48: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define safe_strncat(dst, dst_max, src, count) strncat(dst, src, safe_min(count, dst_max - safe_strlen(dst) - 1))
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h:69:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define safe_strlen(str) ((str==NULL)?0:strlen(str))
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h:72:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define wchar_to_utf8_ms(wstr, str, strlen) WideCharToMultiByte(CP_UTF8, 0, wstr, -1, str, strlen, NULL, NULL)
data/cgminer-4.9.2/compat/libusb-1.0/libusb/os/windows_usb.h:72:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define wchar_to_utf8_ms(wstr, str, strlen) WideCharToMultiByte(CP_UTF8, 0, wstr, -1, str, strlen, NULL, NULL)
data/cgminer-4.9.2/driver-SPI-bitmine-A1.c:111:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
pos += sprintf(pos, "\t");
data/cgminer-4.9.2/driver-avalon.c:429:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(ptr);
data/cgminer-4.9.2/driver-avalon.c:435:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ptr, max);
data/cgminer-4.9.2/driver-avalon2.c:190:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
job_id_len = strlen(pool_job_id);
data/cgminer-4.9.2/driver-avalon2.c:523:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
job_id_len = strlen(pool->swork.job_id);
data/cgminer-4.9.2/driver-avalon4.c:276:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
job_id_len = strlen(pool_job_id);
data/cgminer-4.9.2/driver-avalon4.c:575:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t *rbuf, int rlen, int *read)
data/cgminer-4.9.2/driver-avalon4.c:593:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = usb_read(avalon4, (char *)rbuf, rlen, read, C_AVA4_READ);
data/cgminer-4.9.2/driver-avalon4.c:594:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (err || *read != rlen) {
data/cgminer-4.9.2/driver-avalon4.c:595:110: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
applog(LOG_DEBUG, "%s-%d: AUC xfer %d, r(%d-%d)!", avalon4->drv->name, avalon4->device_id, err, rlen - 4, *read);
data/cgminer-4.9.2/driver-avalon4.c:821:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
job_id_len = strlen(pool->swork.job_id);
data/cgminer-4.9.2/driver-avalon4.c:1613:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statbuf[i][strlen(statbuf[i]) - 1] = ']';
data/cgminer-4.9.2/driver-avalon4.c:1642:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statbuf[i][strlen(statbuf[i]) - 1] = ']';
data/cgminer-4.9.2/driver-avalon4.c:1707:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statbuf[i][strlen(statbuf[i]) - 1] = ']';
data/cgminer-4.9.2/driver-avalon4.c:1751:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statbuf[i][strlen(statbuf[i]) - 1] = ']';
data/cgminer-4.9.2/driver-bab.c:2770:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = strlen(buf);
data/cgminer-4.9.2/driver-bflsc.c:609:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sc_dev.getinfo, tmp, sizeof(sc_dev.getinfo));
data/cgminer-4.9.2/driver-bflsc.c:820:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sc_info->sc_devs[0].chips && strlen(sc_info->sc_devs[0].chips)) {
data/cgminer-4.9.2/driver-bflsc.c:999:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg, strlen(msg), C_SETVOLT,
data/cgminer-4.9.2/driver-bflsc.c:1031:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg, strlen(msg), C_SETCLOCK,
data/cgminer-4.9.2/driver-bflsc.c:1444:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fields[i]) != 8) {
data/cgminer-4.9.2/driver-bflsc.c:1878:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = alloca(strlen(buf));
data/cgminer-4.9.2/driver-bflsc.c:2127:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data, strlen(data), C_SETFAN,
data/cgminer-4.9.2/driver-bitfury.c:219:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/cgminer-4.9.2/driver-bitmain.c:214:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(ptr);
data/cgminer-4.9.2/driver-bitmain.c:217:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ptr, max);
data/cgminer-4.9.2/driver-bitmain.c:306:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(colon5) > 8 ||
data/cgminer-4.9.2/driver-bitmain.c:307:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(colon5)%2 != 0 ||
data/cgminer-4.9.2/driver-bitmain.c:308:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(colon5)/2 == 0) {
data/cgminer-4.9.2/driver-bitmain.c:314:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!hex2bin(reg_data, colon5, strlen(colon5)/2)) {
data/cgminer-4.9.2/driver-bitmain.c:343:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(ptr);
data/cgminer-4.9.2/driver-bitmain.c:346:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ptr, max);
data/cgminer-4.9.2/driver-bitmain.c:1037:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readlen = read(info->device_fd, buf, bufsize);
data/cgminer-4.9.2/driver-bitmain.c:2229:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, opt_bitmain_freq, sizeof(buf));
data/cgminer-4.9.2/driver-bitmain.c:2247:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(colon2);
data/cgminer-4.9.2/driver-bitmain.c:3021:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needptr += strlen(needptr);
data/cgminer-4.9.2/driver-bitmain.c:3046:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needptr += strlen(needptr);
data/cgminer-4.9.2/driver-bitmain.c:3056:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needptr += strlen(needptr);
data/cgminer-4.9.2/driver-bitmain.c:3069:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needptr += strlen(needptr);
data/cgminer-4.9.2/driver-drillbit.c:262:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(identity.product) == 0 || identity.serial == 0 || identity.num_chips == 0) {
data/cgminer-4.9.2/driver-drillbit.c:493:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (next_opt && strlen(next_opt)) {
data/cgminer-4.9.2/driver-drillbit.c:501:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
count = sscanf(next_opt, "%8[^:]:%3s:%d:%d:%d", key,
data/cgminer-4.9.2/driver-drillbit.c:505:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
count = sscanf(next_opt, "%3s:%d:%d:%d",
data/cgminer-4.9.2/driver-hashfast.c:368:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nameframe.name, info->op_name, 30);
data/cgminer-4.9.2/driver-hashfast.c:722:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(info->op_name);
data/cgminer-4.9.2/driver-hashfast.c:726:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cmplen = strlen(p);
data/cgminer-4.9.2/driver-hashfast.c:941:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info->op_name, opt_hfa_name, 30);
data/cgminer-4.9.2/driver-hashratio.c:129:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
job_id_len = strlen(pool_job_id);
data/cgminer-4.9.2/driver-hashratio.c:396:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
job_id_len = strlen(pool->swork.job_id);
data/cgminer-4.9.2/driver-icarus.c:691:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(ptr);
data/cgminer-4.9.2/driver-icarus.c:697:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ptr, max);
data/cgminer-4.9.2/driver-icarus.c:747:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncasecmp(buf, MODE_SHORT_STREQ, strlen(MODE_SHORT_STREQ)) == 0) {
data/cgminer-4.9.2/driver-icarus.c:754:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->read_time_limit = atoi(&buf[strlen(MODE_SHORT_STREQ)]);
data/cgminer-4.9.2/driver-icarus.c:765:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncasecmp(buf, MODE_LONG_STREQ, strlen(MODE_LONG_STREQ)) == 0) {
data/cgminer-4.9.2/driver-icarus.c:772:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->read_time_limit = atoi(&buf[strlen(MODE_LONG_STREQ)]);
data/cgminer-4.9.2/driver-icarus.c:873:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(ptr);
data/cgminer-4.9.2/driver-icarus.c:879:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ptr, max);
data/cgminer-4.9.2/driver-minion.c:1019:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(file, pin, (size_t)strlen(pin));
data/cgminer-4.9.2/driver-minion.c:1020:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret != (ssize_t)strlen(pin)) {
data/cgminer-4.9.2/driver-minion.c:1028:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gpionum, err, (int)strlen(pin));
data/cgminer-4.9.2/driver-minion.c:2269:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(file, pin, (size_t)strlen(pin));
data/cgminer-4.9.2/driver-minion.c:2270:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret != (ssize_t)strlen(pin)) {
data/cgminer-4.9.2/driver-minion.c:2279:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err, (int)strlen(pin));
data/cgminer-4.9.2/driver-minion.c:2308:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(file, MINION_GPIO_DIR_READ, (size_t)strlen(MINION_GPIO_DIR_READ));
data/cgminer-4.9.2/driver-minion.c:2309:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret != (ssize_t)strlen(MINION_GPIO_DIR_READ)) {
data/cgminer-4.9.2/driver-minion.c:2318:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err, (int)strlen(MINION_GPIO_DIR_READ));
data/cgminer-4.9.2/driver-minion.c:2334:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(file, MINION_GPIO_EDGE_RISING, (size_t)strlen(MINION_GPIO_EDGE_RISING));
data/cgminer-4.9.2/driver-minion.c:2335:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret != (ssize_t)strlen(MINION_GPIO_EDGE_RISING)) {
data/cgminer-4.9.2/driver-minion.c:2344:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err, (int)strlen(MINION_GPIO_EDGE_RISING));
data/cgminer-4.9.2/driver-minion.c:2360:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(file, MINION_GPIO_ACT_HI, (size_t)strlen(MINION_GPIO_ACT_HI));
data/cgminer-4.9.2/driver-minion.c:2361:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret != (ssize_t)strlen(MINION_GPIO_ACT_HI)) {
data/cgminer-4.9.2/driver-minion.c:2370:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err, (int)strlen(MINION_GPIO_ACT_HI));
data/cgminer-4.9.2/driver-minion.c:2629:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off = strlen(buf);
data/cgminer-4.9.2/driver-minion.c:3559:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(minioninfo->gpiointfd, &c, 1);
data/cgminer-4.9.2/driver-minion.c:4719:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/cgminer-4.9.2/driver-spondoolies-sp10.c:76:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(socket_fd, (void *)mp_rsp, nbytes);
data/cgminer-4.9.2/driver-spondoolies-sp30.c:76:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(socket_fd, (void *)mp_rsp, nbytes);
data/cgminer-4.9.2/fpgautils.c:118:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namel = strlen(drv->name);
data/cgminer-4.9.2/fpgautils.c:119:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dnamel = strlen(drv->dname);
data/cgminer-4.9.2/fpgautils.c:447:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, eol ? 1 : bufsiz);
data/cgminer-4.9.2/fpgautils.c:463:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fullpath, "/");
data/cgminer-4.9.2/fpgautils.c:466:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fullpath, "/");
data/cgminer-4.9.2/fpgautils.c:529:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((siz = read(fd, buf, 1)) < 0)
data/cgminer-4.9.2/i2c-context.h:14:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool (*read)(struct i2c_ctx *ctx, uint8_t reg, uint8_t *val);
data/cgminer-4.9.2/lib/string.in.h:349:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
# undef strncat
data/cgminer-4.9.2/lib/string.in.h:350:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
# define strncat rpl_strncat
data/cgminer-4.9.2/lib/string.in.h:352:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
_GL_FUNCDECL_RPL (strncat, char *, (char *dest, const char *src, size_t n)
data/cgminer-4.9.2/lib/string.in.h:354:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
_GL_CXXALIAS_RPL (strncat, char *, (char *dest, const char *src, size_t n));
data/cgminer-4.9.2/lib/string.in.h:356:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
_GL_CXXALIAS_SYS (strncat, char *, (char *dest, const char *src, size_t n));
data/cgminer-4.9.2/lib/string.in.h:358:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
_GL_CXXALIASWARN (strncat);
data/cgminer-4.9.2/lib/string.in.h:360:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
# undef strncat
data/cgminer-4.9.2/lib/string.in.h:362:18: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
_GL_WARN_ON_USE (strncat, "strncat is unportable - "
data/cgminer-4.9.2/miner.h:1450:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len13, buflen = strlen(buf); \
data/cgminer-4.9.2/miner.h:1452:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len13 = strlen(tmp13); \
data/cgminer-4.9.2/usbutils.c:1149:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int new = strlen(append);
data/cgminer-4.9.2/usbutils.c:1371:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off = strlen(buf);
data/cgminer-4.9.2/usbutils.c:3144:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endlen = strlen(end);
data/cgminer-4.9.2/usbutils.h:518:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read(cgpu, buf, bufsiz, read, cmd) \
data/cgminer-4.9.2/usbutils.h:519:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, DEVTIMEOUT, NULL, cmd, false, false)
data/cgminer-4.9.2/usbutils.h:521:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_cancellable(cgpu, buf, bufsiz, read, cmd) \
data/cgminer-4.9.2/usbutils.h:522:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, DEVTIMEOUT, NULL, cmd, false, true)
data/cgminer-4.9.2/usbutils.h:524:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_ii(cgpu, intinfo, buf, bufsiz, read, cmd) \
data/cgminer-4.9.2/usbutils.h:525:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, intinfo, DEFAULT_EP_IN, buf, bufsiz, read, DEVTIMEOUT, NULL, cmd, false, false)
data/cgminer-4.9.2/usbutils.h:527:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_once(cgpu, buf, bufsiz, read, cmd) \
data/cgminer-4.9.2/usbutils.h:528:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, DEVTIMEOUT, NULL, cmd, true, false)
data/cgminer-4.9.2/usbutils.h:530:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_ii_once(cgpu, intinfo, buf, bufsiz, read, cmd) \
data/cgminer-4.9.2/usbutils.h:531:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, intinfo, DEFAULT_EP_IN, buf, bufsiz, read, DEVTIMEOUT, NULL, cmd, true, false)
data/cgminer-4.9.2/usbutils.h:533:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_once_timeout(cgpu, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:534:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, timeout, NULL, cmd, true, false)
data/cgminer-4.9.2/usbutils.h:536:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_once_timeout_cancellable(cgpu, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:537:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, timeout, NULL, cmd, true, true)
data/cgminer-4.9.2/usbutils.h:539:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_ii_once_timeout(cgpu, intinfo, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:540:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, intinfo, DEFAULT_EP_IN, buf, bufsiz, read, timeout, NULL, cmd, true, false)
data/cgminer-4.9.2/usbutils.h:542:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_nl(cgpu, buf, bufsiz, read, cmd) \
data/cgminer-4.9.2/usbutils.h:543:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, DEVTIMEOUT, "\n", cmd, false, false)
data/cgminer-4.9.2/usbutils.h:545:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_nl_timeout(cgpu, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:546:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, timeout, "\n", cmd, false, false)
data/cgminer-4.9.2/usbutils.h:548:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_ok(cgpu, buf, bufsiz, read, cmd) \
data/cgminer-4.9.2/usbutils.h:549:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, DEVTIMEOUT, "OK\n", cmd, false, false)
data/cgminer-4.9.2/usbutils.h:551:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_ok_timeout(cgpu, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:552:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, timeout, "OK\n", cmd, false, false)
data/cgminer-4.9.2/usbutils.h:554:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_ep(cgpu, ep, buf, bufsiz, read, cmd) \
data/cgminer-4.9.2/usbutils.h:555:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, ep, buf, bufsiz, read, DEVTIMEOUT, NULL, cmd, false, false)
data/cgminer-4.9.2/usbutils.h:557:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_timeout(cgpu, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:558:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, timeout, NULL, cmd, false, false)
data/cgminer-4.9.2/usbutils.h:560:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_timeout_cancellable(cgpu, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:561:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, DEFAULT_EP_IN, buf, bufsiz, read, timeout, NULL, cmd, false, true)
data/cgminer-4.9.2/usbutils.h:563:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_ii_timeout(cgpu, intinfo, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:564:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, intinfo, DEFAULT_EP_IN, buf, bufsiz, read, timeout, NULL, cmd, false, false)
data/cgminer-4.9.2/usbutils.h:566:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_ii_timeout_cancellable(cgpu, intinfo, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:567:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, intinfo, DEFAULT_EP_IN, buf, bufsiz, read, timeout, NULL, cmd, false, true)
data/cgminer-4.9.2/usbutils.h:569:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_read_ep_timeout(cgpu, ep, buf, bufsiz, read, timeout, cmd) \
data/cgminer-4.9.2/usbutils.h:570:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_read(cgpu, DEFAULT_INTINFO, ep, buf, bufsiz, read, timeout, NULL, cmd, false, false)
data/cgminer-4.9.2/usbutils.h:593:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define usb_transfer_read(cgpu, typ, req, val, idx, buf, bufsiz, read, cmd) \
data/cgminer-4.9.2/usbutils.h:594:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_usb_transfer_read(cgpu, typ, req, val, idx, buf, bufsiz, read, DEVTIMEOUT, cmd)
data/cgminer-4.9.2/uthash.h:253:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh,head,findstr,strlen(findstr),out)
data/cgminer-4.9.2/uthash.h:255:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD(hh,head,strfield,strlen(add->strfield),add)
data/cgminer-4.9.2/uthash.h:257:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_REPLACE(hh,head,strfield,strlen(add->strfield),add,replaced)
data/cgminer-4.9.2/util.c:402:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((*val) && (isspace(val[strlen(val) - 1])))
data/cgminer-4.9.2/util.c:403:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val[strlen(val) - 1] = 0;
data/cgminer-4.9.2/util.c:420:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) > 7 && !strncasecmp("expire=", val, 7)) {
data/cgminer-4.9.2/util.c:630:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upload_data.len = strlen(rpc_req);
data/cgminer-4.9.2/util.c:829:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(proxynames[i].name);
data/cgminer-4.9.2/util.c:937:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/cgminer-4.9.2/util.c:961:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/cgminer-4.9.2/util.c:1000:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(b58);
data/cgminer-4.9.2/util.c:1053:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/cgminer-4.9.2/util.c:1351:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen(haystack);
data/cgminer-4.9.2/util.c:1352:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(needle);
data/cgminer-4.9.2/util.c:1668:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
port_len = strlen(url_begin) - url_len - 1;
data/cgminer-4.9.2/util.c:1673:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_len = strlen(url_begin);
data/cgminer-4.9.2/util.c:1716:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, "\n");
data/cgminer-4.9.2/util.c:1805:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pool->sockbuf))
data/cgminer-4.9.2/util.c:1814:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pool->sockbuf, "");
data/cgminer-4.9.2/util.c:1850:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old = strlen(pool->sockbuf);
data/cgminer-4.9.2/util.c:1900:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/cgminer-4.9.2/util.c:1907:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(pool->sockbuf);
data/cgminer-4.9.2/util.c:1914:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sret);
data/cgminer-4.9.2/util.c:1921:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pool->sockbuf, "");
data/cgminer-4.9.2/util.c:2005:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cb1_len = strlen(coinbase1) / 2;
data/cgminer-4.9.2/util.c:2006:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cb2_len = strlen(coinbase2) / 2;
data/cgminer-4.9.2/util.c:2039:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header_len = strlen(pool->bbversion) +
data/cgminer-4.9.2/util.c:2040:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pool->prev_hash);
data/cgminer-4.9.2/util.c:2042:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pool->ntime) +
data/cgminer-4.9.2/util.c:2043:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pool->nbit) +
data/cgminer-4.9.2/util.c:2223:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!stratum_send(pool, s, strlen(s)))
data/cgminer-4.9.2/util.c:2240:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!stratum_send(pool, s, strlen(s)))
data/cgminer-4.9.2/util.c:2347:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!stratum_send(pool, s, strlen(s)))
data/cgminer-4.9.2/util.c:2389:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stratum_send(pool, s, strlen(s));
data/cgminer-4.9.2/util.c:2421:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(sockd, buf, strlen(buf), 0);
data/cgminer-4.9.2/util.c:2485:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (strlen(pool->sockaddr_url));
data/cgminer-4.9.2/util.c:2577:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pool->sockaddr_url);
data/cgminer-4.9.2/util.c:2835:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (__stratum_send(pool, s, strlen(s)) != SEND_OK) {
data/cgminer-4.9.2/util.c:2902:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pool->n1_len = strlen(nonce1) / 2;
data/cgminer-4.9.2/util.c:3009:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t old = 0, len = strlen(s);
data/cgminer-4.9.2/util.c:3015:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old = strlen(ptr);
data/cgminer-4.9.2/util.c:3045:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = txt = cgmalloc(strlen(ptr) * 4 + 5); // Guaranteed >= needed
data/cgminer-4.9.2/util.c:3118:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(cgsem->pipefd[0], &buf, 1);
data/cgminer-4.9.2/util.c:3147:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, &buf, 1);
data/cgminer-4.9.2/util.c:3174:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, &buf, 1);
ANALYSIS SUMMARY:
Hits = 1753
Lines analyzed = 102043 in approximately 2.59 seconds (39386 lines/second)
Physical Source Lines of Code (SLOC) = 75300
Hits@level = [0] 335 [1] 323 [2] 1118 [3] 14 [4] 294 [5] 4
Hits@level+ = [0+] 2088 [1+] 1753 [2+] 1430 [3+] 312 [4+] 298 [5+] 4
Hits/KSLOC@level+ = [0+] 27.7291 [1+] 23.2802 [2+] 18.9907 [3+] 4.14343 [4+] 3.9575 [5+] 0.0531208
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.