stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnunet-fuse-0.13.0/src/fuse/mutex.c
Examining data/gnunet-fuse-0.13.0/src/fuse/gfs_download.h
Examining data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.h
Examining data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c
Examining data/gnunet-fuse-0.13.0/src/fuse/mutex.h
Examining data/gnunet-fuse-0.13.0/src/fuse/getattr.c
Examining data/gnunet-fuse-0.13.0/src/fuse/open.c
Examining data/gnunet-fuse-0.13.0/src/fuse/readdir.c
Examining data/gnunet-fuse-0.13.0/src/fuse/read.c
Examining data/gnunet-fuse-0.13.0/src/fuse/gfs_download.c

FINAL RESULTS:

data/gnunet-fuse-0.13.0/src/fuse/gfs_download.c:177:27:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
				      ctx->path_info->tmpfile, NULL,
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:135:17:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    unlink (pi->tmpfile);
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:136:22:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    GNUNET_free (pi->tmpfile);
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:143:35:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  fh = GNUNET_DISK_file_open (pi->tmpfile,
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:187:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[slen];
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:192:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (buf, path, slen);
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:203:21:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    if (NULL == pi->tmpfile)
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:353:21:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    if (NULL != pi->tmpfile)
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:355:38:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
      GNUNET_break (0 == unlink (pi->tmpfile));
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:356:24:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
      GNUNET_free (pi->tmpfile);
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:472:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *a[argc + 1];
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.h:101:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  char *tmpfile;
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.h:230:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int gn_utimens (const char *path, const struct timespec ts[2]);
data/gnunet-fuse-0.13.0/src/fuse/read.c:71:26:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  if (NULL == path_info->tmpfile)
data/gnunet-fuse-0.13.0/src/fuse/read.c:79:26:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
      unlink (path_info->tmpfile);
data/gnunet-fuse-0.13.0/src/fuse/read.c:80:31:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
      GNUNET_free (path_info->tmpfile);
data/gnunet-fuse-0.13.0/src/fuse/read.c:96:21:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	unlink (path_info->tmpfile);
data/gnunet-fuse-0.13.0/src/fuse/read.c:97:26:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	GNUNET_free (path_info->tmpfile);
data/gnunet-fuse-0.13.0/src/fuse/read.c:126:42:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  fh = GNUNET_DISK_file_open (path_info->tmpfile,
data/gnunet-fuse-0.13.0/src/fuse/readdir.c:68:28:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  if ( (NULL == path_info->tmpfile) &&
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:186:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t slen = strlen (path) + 1;
data/gnunet-fuse-0.13.0/src/fuse/gnunet-fuse.c:268:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (pi->filename);

ANALYSIS SUMMARY:

Hits = 22
Lines analyzed = 1632 in approximately 0.06 seconds (26566 lines/second)
Physical Source Lines of Code (SLOC) = 843
Hits@level = [0]   5 [1]   2 [2]  20 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  27 [1+]  22 [2+]  20 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 32.0285 [1+] 26.0973 [2+] 23.7248 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.