Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/idlestat-0.8/trace.c Examining data/idlestat-0.8/trace_ops.h Examining data/idlestat-0.8/topology.h Examining data/idlestat-0.8/utils.c Examining data/idlestat-0.8/energy_model.h Examining data/idlestat-0.8/default_report.c Examining data/idlestat-0.8/tracefile_ftrace.c Examining data/idlestat-0.8/utils.h Examining data/idlestat-0.8/ops_head.c Examining data/idlestat-0.8/ops_tail.c Examining data/idlestat-0.8/report_ops.h Examining data/idlestat-0.8/tracefile_tracecmd.c Examining data/idlestat-0.8/reports.c Examining data/idlestat-0.8/list.h Examining data/idlestat-0.8/tracefile_idlestat.c Examining data/idlestat-0.8/trace.h Examining data/idlestat-0.8/topology.c Examining data/idlestat-0.8/compiler.h Examining data/idlestat-0.8/comparison_report.c Examining data/idlestat-0.8/csv_report.c Examining data/idlestat-0.8/energy_model.c Examining data/idlestat-0.8/idlestat.h Examining data/idlestat-0.8/idlestat.c FINAL RESULTS: data/idlestat-0.8/comparison_report.c:67:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(value ? " %+*d |" : " %*d |", align, value); data/idlestat-0.8/energy_model.c:285:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(buffer, "%s %u %u", name, &clust_p, &core_p) != 3) { data/idlestat-0.8/idlestat.c:77:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/idlestat-0.8/idlestat.c:104:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(buffer, TRACE_TS_FORMAT, ts) == 1) data/idlestat-0.8/idlestat.c:965:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(buffer, TRACE_IRQ_FORMAT, &cpu, &irqid, data/idlestat-0.8/idlestat.c:977:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(buffer, TRACE_IPIIRQ_FORMAT, &cpu, irqname) != 2) { data/idlestat-0.8/tracefile_idlestat.c:92:4: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(buffer, "\t%s\n", name); data/idlestat-0.8/tracefile_idlestat.c:125:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(buffer, format, &time, &state, &cpu) data/idlestat-0.8/tracefile_idlestat.c:143:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(buffer, format, &time, &freq, &cpu) != 3) { data/idlestat-0.8/utils.c:78:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ret = vprintf(fmt, ap); data/idlestat-0.8/utils.c:93:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ret = vfprintf(f, fmt, ap); data/idlestat-0.8/utils.c:205:8: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. ret = fscanf(file, format, value) != 1 ? -1 : 0; data/idlestat-0.8/idlestat.c:1109:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, ":b:ce:f:ho:pr:t:vwBCI:S:V", data/idlestat-0.8/comparison_report.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/idlestat-0.8/energy_model.c:55:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(options->energy_model_filename, "w+"); data/idlestat-0.8/energy_model.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZE]; data/idlestat-0.8/energy_model.c:142:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "r"); data/idlestat-0.8/energy_model.c:282:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NAMELEN]; data/idlestat-0.8/idlestat.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[BUFSIZE]; data/idlestat-0.8/idlestat.c:94:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(TRACE_STAT_FILE, "r"); data/idlestat-0.8/idlestat.c:221:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256]; data/idlestat-0.8/idlestat.c:227:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). snf = fopen(fpath, "r"); data/idlestat-0.8/idlestat.c:290:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). snf = fopen(fpath, "r"); data/idlestat-0.8/idlestat.c:962:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char irqname[NAMELEN+1]; data/idlestat-0.8/idlestat.c:1129:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). options->duration = atoi(optarg); data/idlestat-0.8/idlestat.c:1175:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). options->tbs.poll_interval = atoi(optarg); data/idlestat-0.8/idlestat.c:1178:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). options->tbs.percpu_buffer_size = atoi(optarg); data/idlestat-0.8/idlestat.c:1240:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "r"); data/idlestat-0.8/idlestat.c:1273:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "w+"); data/idlestat-0.8/idlestat.h:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NAMELEN+1]; data/idlestat-0.8/idlestat.h:159:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cstate_name[NAMELEN]; data/idlestat-0.8/topology.c:612:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[30]; data/idlestat-0.8/topology.c:617:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "cluster%c", s_phy->physical_id + 'A'); data/idlestat-0.8/topology.c:629:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "core%d", s_core->core_id); data/idlestat-0.8/topology.c:644:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "cpu%d", s_cpu->cpu_id); data/idlestat-0.8/trace.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *paths[2]; data/idlestat-0.8/tracefile_ftrace.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZE]; data/idlestat-0.8/tracefile_ftrace.c:43:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/idlestat-0.8/tracefile_ftrace.c:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZE]; data/idlestat-0.8/tracefile_ftrace.c:65:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/idlestat-0.8/tracefile_idlestat.c:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZE]; data/idlestat-0.8/tracefile_idlestat.c:179:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/idlestat-0.8/tracefile_idlestat.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZE]; data/idlestat-0.8/tracefile_idlestat.c:200:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/idlestat-0.8/tracefile_tracecmd.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZE]; data/idlestat-0.8/tracefile_tracecmd.c:63:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/idlestat-0.8/tracefile_tracecmd.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZE]; data/idlestat-0.8/tracefile_tracecmd.c:85:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/idlestat-0.8/utils.c:103:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "w"); data/idlestat-0.8/utils.c:121:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "r"); data/idlestat-0.8/utils.c:145:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "r"); data/idlestat-0.8/utils.c:199:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(rpath, "r"); data/idlestat-0.8/utils.c:219:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDWR | O_CREAT | O_TRUNC, data/idlestat-0.8/utils.c:242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/idlestat-0.8/utils.c:245:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.0lfus", time); data/idlestat-0.8/utils.c:249:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.2lfms", time / 1000.0); data/idlestat-0.8/utils.c:253:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.2lfs", time / 1000000.0); data/idlestat-0.8/utils.c:260:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/idlestat-0.8/utils.c:263:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%dHz", freq); data/idlestat-0.8/utils.c:266:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.2fMHz", (float)freq / 1000.0); data/idlestat-0.8/utils.c:269:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.2fGHz", (float)freq / 1000000.0); data/idlestat-0.8/energy_model.c:164:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buffer) == 1) continue; data/idlestat-0.8/energy_model.c:299:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cp->cstate_name, name, NAMELEN); data/idlestat-0.8/idlestat.c:909:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(irqinfo->name, irqname, sizeof(irqinfo->name)); data/idlestat-0.8/idlestat.c:983:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). irqname[strlen(irqname) - 1] = '\0'; ANALYSIS SUMMARY: Hits = 65 Lines analyzed = 6391 in approximately 0.26 seconds (24939 lines/second) Physical Source Lines of Code (SLOC) = 4197 Hits@level = [0] 241 [1] 4 [2] 48 [3] 1 [4] 12 [5] 0 Hits@level+ = [0+] 306 [1+] 65 [2+] 61 [3+] 13 [4+] 12 [5+] 0 Hits/KSLOC@level+ = [0+] 72.9092 [1+] 15.4873 [2+] 14.5342 [3+] 3.09745 [4+] 2.85919 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.