Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ext3grep-0.10.2/src/dump_hex_to.cc
Examining data/ext3grep-0.10.2/src/endian_conversion.h
Examining data/ext3grep-0.10.2/src/init_journal_consts.h
Examining data/ext3grep-0.10.2/src/superblock.h
Examining data/ext3grep-0.10.2/src/load_meta_data.cc
Examining data/ext3grep-0.10.2/src/jfs_compat.h
Examining data/ext3grep-0.10.2/src/backtrace.h
Examining data/ext3grep-0.10.2/src/indirect_blocks.h
Examining data/ext3grep-0.10.2/src/accept.h
Examining data/ext3grep-0.10.2/src/is_filename_char.h
Examining data/ext3grep-0.10.2/src/inode.h
Examining data/ext3grep-0.10.2/src/Parent.cc
Examining data/ext3grep-0.10.2/src/pch-source.h
Examining data/ext3grep-0.10.2/src/get_block.h
Examining data/ext3grep-0.10.2/src/directories.h
Examining data/ext3grep-0.10.2/src/commandline.h
Examining data/ext3grep-0.10.2/src/print_symlink.h
Examining data/ext3grep-0.10.2/src/forward_declarations.h
Examining data/ext3grep-0.10.2/src/accept.cc
Examining data/ext3grep-0.10.2/src/init_files.h
Examining data/ext3grep-0.10.2/src/ostream_operators.h
Examining data/ext3grep-0.10.2/src/locate.cc
Examining data/ext3grep-0.10.2/src/print_dir_entry_long_action.cc
Examining data/ext3grep-0.10.2/src/utils.h
Examining data/ext3grep-0.10.2/src/restore.h
Examining data/ext3grep-0.10.2/src/utils.cc
Examining data/ext3grep-0.10.2/src/init_consts.h
Examining data/ext3grep-0.10.2/src/backtrace.cc
Examining data/ext3grep-0.10.2/src/dir_inode_to_block.h
Examining data/ext3grep-0.10.2/src/print_directory_inode.cc
Examining data/ext3grep-0.10.2/src/journal.h
Examining data/ext3grep-0.10.2/src/print_dir_entry_long_action.h
Examining data/ext3grep-0.10.2/src/init_directories.h
Examining data/ext3grep-0.10.2/src/revision.cc
Examining data/ext3grep-0.10.2/src/inode_refers_to.h
Examining data/ext3grep-0.10.2/src/kernel-jbd.h
Examining data/ext3grep-0.10.2/src/is_blockdetection.cc
Examining data/ext3grep-0.10.2/src/print_symlink.cc
Examining data/ext3grep-0.10.2/src/load_meta_data.h
Examining data/ext3grep-0.10.2/src/show_hardlinks.cc
Examining data/ext3grep-0.10.2/src/print_directory.cc
Examining data/ext3grep-0.10.2/src/print_inode_to.h
Examining data/ext3grep-0.10.2/src/globals.cc
Examining data/ext3grep-0.10.2/src/blocknr_vector_type.h
Examining data/ext3grep-0.10.2/src/Parent.h
Examining data/ext3grep-0.10.2/src/printing.cc
Examining data/ext3grep-0.10.2/src/blocknr_vector_type.cc
Examining data/ext3grep-0.10.2/src/get_block.cc
Examining data/ext3grep-0.10.2/src/globals.h
Examining data/ext3grep-0.10.2/src/dump_names.cc
Examining data/ext3grep-0.10.2/src/histogram.h
Examining data/ext3grep-0.10.2/src/locate.h
Examining data/ext3grep-0.10.2/src/FileMode.h
Examining data/ext3grep-0.10.2/src/inode_refers_to.cc
Examining data/ext3grep-0.10.2/src/conversion.h
Examining data/ext3grep-0.10.2/src/debug.cc
Examining data/ext3grep-0.10.2/src/init_journal_consts.cc
Examining data/ext3grep-0.10.2/src/bitmap.h
Examining data/ext3grep-0.10.2/src/ext3.h
Examining data/ext3grep-0.10.2/src/commandline.cc
Examining data/ext3grep-0.10.2/src/custom.cc
Examining data/ext3grep-0.10.2/src/debug.h
Examining data/ext3grep-0.10.2/src/dir_inode_to_block.cc
Examining data/ext3grep-0.10.2/src/directories.cc
Examining data/ext3grep-0.10.2/src/ext3grep.cc
Examining data/ext3grep-0.10.2/src/histogram.cc
Examining data/ext3grep-0.10.2/src/indirect_blocks.cc
Examining data/ext3grep-0.10.2/src/init_consts.cc
Examining data/ext3grep-0.10.2/src/init_directories.cc
Examining data/ext3grep-0.10.2/src/init_files.cc
Examining data/ext3grep-0.10.2/src/inode.cc
Examining data/ext3grep-0.10.2/src/is_blockdetection.h
Examining data/ext3grep-0.10.2/src/journal.cc
Examining data/ext3grep-0.10.2/src/last_undeleted_directory_inode_refering_to_block.cc
Examining data/ext3grep-0.10.2/src/ostream_operators.cc
Examining data/ext3grep-0.10.2/src/print_inode_to.cc
Examining data/ext3grep-0.10.2/src/restore.cc
Examining data/ext3grep-0.10.2/src/show_journal_inodes.cc
FINAL RESULTS:
data/ext3grep-0.10.2/src/restore.cc:189:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(outputdir_outfile.c_str(), mode) == -1)
data/ext3grep-0.10.2/src/restore.cc:246:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(outputdir_outfile.c_str(), inode_mode_to_mkdir_mode(inode.mode())) == -1)
data/ext3grep-0.10.2/src/backtrace.cc:96:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command.str().c_str());
data/ext3grep-0.10.2/src/commandline.cc:279:26: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((short_option = getopt_long(argc, argv, "vV", longopts, NULL)) != -1)
data/ext3grep-0.10.2/src/FileMode.h:65:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const* s[4] = {
data/ext3grep-0.10.2/src/bitmap.h:35:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char byte[sizeof(bitmap_t)]; // For byte-level access.
data/ext3grep-0.10.2/src/commandline.cc:322:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_depth = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:349:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_after = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:352:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_before = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:382:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_search_inode = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:392:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_group = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:402:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_inode_to_block = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:411:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_inode = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:422:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_block = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:433:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_show_journal_inodes = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:444:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_journal_block = atoi(optarg);
data/ext3grep-0.10.2/src/commandline.cc:455:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commandline_journal_transaction = atoi(optarg);
data/ext3grep-0.10.2/src/custom.cc:59:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/custom.cc:78:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/custom.cc:397:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open("block_info_map");
data/ext3grep-0.10.2/src/custom.cc:411:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open("block_info_map_out");
data/ext3grep-0.10.2/src/custom.cc:479:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block_buf1[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/custom.cc:490:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block_buf2[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/custom.cc:619:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(M_tripple_indirect_block_buf, M_indirect_block_buf, block_size_);
data/ext3grep-0.10.2/src/custom.cc:631:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(M_double_indirect_block_buf, M_indirect_block_buf, block_size_);
data/ext3grep-0.10.2/src/custom.cc:679:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/custom.cc:841:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filename.c_str());
data/ext3grep-0.10.2/src/custom.cc:864:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/custom.cc:867:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char mail_size[4096];
data/ext3grep-0.10.2/src/custom.cc:989:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ino146[max146 - min146];
data/ext3grep-0.10.2/src/custom.cc:1003:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ino4[max4 - min4];
data/ext3grep-0.10.2/src/custom.cc:1022:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ino[max - min];
data/ext3grep-0.10.2/src/custom.cc:1108:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char day[4];
data/ext3grep-0.10.2/src/custom.cc:1137:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/custom.cc:1164:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/custom.cc:1177:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/custom.cc:1245:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw[4096];
data/ext3grep-0.10.2/src/custom.cc:1376:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[4096];
data/ext3grep-0.10.2/src/custom.cc:1597:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, dib_169716665, sizeof(dib_169716665));
data/ext3grep-0.10.2/src/custom.cc:1599:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, dib_39617067, sizeof(dib_39617067));
data/ext3grep-0.10.2/src/custom.cc:1601:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, dib_49215304, sizeof(dib_49215304));
data/ext3grep-0.10.2/src/custom.cc:1603:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, dib_56681059, sizeof(dib_56681059));
data/ext3grep-0.10.2/src/custom.cc:1605:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, dib_66279816, sizeof(dib_66279816));
data/ext3grep-0.10.2/src/custom.cc:1674:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const zeroes[4096] = { 0, };
data/ext3grep-0.10.2/src/custom.cc:1695:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[4096];
data/ext3grep-0.10.2/src/custom.cc:1733:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = ::open("/home/carlo/RECOVERED.MOSES-DRIVE-322GB.VDMK-flat.vmdk", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0644);
data/ext3grep-0.10.2/src/custom.cc:1890:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/ext3grep-0.10.2/src/debug.cc:167:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char margin[12];
data/ext3grep-0.10.2/src/debug.cc:168:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(margin, "%-10lu ", pthread_self());
data/ext3grep-0.10.2/src/debug.cc:271:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char someones_block[SOMEONES_BLOCK_SIZE] = {
data/ext3grep-0.10.2/src/debug.cc:280:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char someones_block[SOMEONES_BLOCK_SIZE] = {
data/ext3grep-0.10.2/src/debug.cc:372:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char someones_block[SOMEONES_BLOCK_SIZE];
data/ext3grep-0.10.2/src/debug.h:191:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char someones_block[SOMEONES_BLOCK_SIZE];
data/ext3grep-0.10.2/src/dir_inode_to_block.cc:70:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cache.open(cachename.c_str());
data/ext3grep-0.10.2/src/dir_inode_to_block.cc:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_line[6];
data/ext3grep-0.10.2/src/dir_inode_to_block.cc:113:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/dir_inode_to_block.cc:148:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cache.open(cache_stage1.c_str());
data/ext3grep-0.10.2/src/dir_inode_to_block.cc:173:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cache.open(cache_stage1.c_str());
data/ext3grep-0.10.2/src/dir_inode_to_block.cc:260:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/directories.cc:212:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/directories.cc:310:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/ext3grep.cc:271:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, someones_block, block_size_);
data/ext3grep-0.10.2/src/ext3grep.cc:604:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/ext3grep.cc:711:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zeroes[128] = {0, };
data/ext3grep-0.10.2/src/ext3grep.cc:818:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device.open(*argv);
data/ext3grep-0.10.2/src/ext3grep.cc:827:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device_fd = open(*argv, O_RDONLY);
data/ext3grep-0.10.2/src/indirect_blocks.cc:80:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/indirect_blocks.cc:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/indirect_blocks.cc:126:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/indirect_blocks.cc:163:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/indirect_blocks.cc:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[max_array_size];
data/ext3grep-0.10.2/src/init_directories.cc:220:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/init_directories.cc:573:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cache.open(cache_stage2.c_str());
data/ext3grep-0.10.2/src/init_directories.cc:600:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cache.open(cache_stage2.c_str());
data/ext3grep-0.10.2/src/is_blockdetection.cc:95:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const c2s_tab[7] = { 'a', 'b', 't', 'n', 'v', 'f', 'r' };
data/ext3grep-0.10.2/src/is_filename_char.h:49:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char hit[128 - 32] = { // Mark 22 ("), 2a (*), 3b (;), 3c (<), 3e (>), 3f (?), 5c (\), 60 (`), 7c (|)
data/ext3grep-0.10.2/src/journal.cc:444:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/journal.cc:568:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/journal.cc:607:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/journal.cc:758:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/load_meta_data.cc:56:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(all_inodes[group][i], inode_table + i * inode_size_, sizeof(Inode));
data/ext3grep-0.10.2/src/locate.cc:70:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open("locate_output");
data/ext3grep-0.10.2/src/print_symlink.cc:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[4];
data/ext3grep-0.10.2/src/print_symlink.cc:66:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/printing.cc:40:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/ext3grep-0.10.2/src/printing.cc:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, 16);
data/ext3grep-0.10.2/src/restore.cc:79:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern "C" int lutimes (char const*, struct timeval const [2]);
data/ext3grep-0.10.2/src/restore.cc:92:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char block_buf[EXT3_MAX_BLOCK_SIZE];
data/ext3grep-0.10.2/src/restore.cc:225:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = open(outputdir_outfile.c_str(), O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0777);
data/ext3grep-0.10.2/src/custom.cc:1109:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(day, p, 3);
data/ext3grep-0.10.2/src/ext3grep.cc:109:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device.read(reinterpret_cast<char*>(&journal_super_block), sizeof(journal_superblock_s));
data/ext3grep-0.10.2/src/ext3grep.cc:284:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device.read(reinterpret_cast<char*>(block), block_size_);
data/ext3grep-0.10.2/src/ext3grep.cc:603:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pattern, start ? commandline_search_start.data() : commandline_search.data(), len);
data/ext3grep-0.10.2/src/ext3grep.cc:850:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device.read(reinterpret_cast<char*>(&super_block), sizeof(ext3_super_block));
data/ext3grep-0.10.2/src/get_block.cc:36:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device.read((char*)block_buf, block_size_);
data/ext3grep-0.10.2/src/init_consts.cc:136:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device.read(reinterpret_cast<char*>(group_descriptor_table), sizeof(ext3_group_desc) * groups_);
data/ext3grep-0.10.2/src/init_directories.cc:502:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fake_dir_entry.name, dir_iter->first.c_str(), fake_dir_entry.name_len);
data/ext3grep-0.10.2/src/load_meta_data.cc:51:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device.read(inode_table, inodes_per_group_ * inode_size_);
data/ext3grep-0.10.2/src/load_meta_data.cc:79:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device.read(reinterpret_cast<char*>(block_bitmap[group]), block_size_);
data/ext3grep-0.10.2/src/load_meta_data.cc:85:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
device.read(reinterpret_cast<char*>(inode_bitmap[group]), block_size_);
data/ext3grep-0.10.2/src/print_symlink.cc:69:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char*)block);
ANALYSIS SUMMARY:
Hits = 101
Lines analyzed = 13102 in approximately 0.51 seconds (25522 lines/second)
Physical Source Lines of Code (SLOC) = 9384
Hits@level = [0] 0 [1] 12 [2] 85 [3] 1 [4] 1 [5] 2
Hits@level+ = [0+] 101 [1+] 101 [2+] 89 [3+] 4 [4+] 3 [5+] 2
Hits/KSLOC@level+ = [0+] 10.763 [1+] 10.763 [2+] 9.48423 [3+] 0.426257 [4+] 0.319693 [5+] 0.213129
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.