Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/iio-sensor-proxy-3.0/src/test-orientation-gtk.c Examining data/iio-sensor-proxy-3.0/src/drv-iio-buffer-accel.c Examining data/iio-sensor-proxy-3.0/src/test-orientation.c Examining data/iio-sensor-proxy-3.0/src/accel-attributes.h Examining data/iio-sensor-proxy-3.0/src/drv-fake-compass.c Examining data/iio-sensor-proxy-3.0/src/drv-hwmon-light.c Examining data/iio-sensor-proxy-3.0/src/accel-attributes.c Examining data/iio-sensor-proxy-3.0/src/drivers.h Examining data/iio-sensor-proxy-3.0/src/test-accel-location.c Examining data/iio-sensor-proxy-3.0/src/uinput.h Examining data/iio-sensor-proxy-3.0/src/fake-input-accelerometer.c Examining data/iio-sensor-proxy-3.0/src/drv-iio-buffer-compass.c Examining data/iio-sensor-proxy-3.0/src/monitor-sensor.c Examining data/iio-sensor-proxy-3.0/src/drv-input-accel.c Examining data/iio-sensor-proxy-3.0/src/drv-iio-poll-accel.c Examining data/iio-sensor-proxy-3.0/src/iio-buffer-utils.h Examining data/iio-sensor-proxy-3.0/src/orientation.c Examining data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c Examining data/iio-sensor-proxy-3.0/src/drv-fake-light.c Examining data/iio-sensor-proxy-3.0/src/test-mount-matrix.c Examining data/iio-sensor-proxy-3.0/src/iio-sensor-proxy.c Examining data/iio-sensor-proxy-3.0/src/drv-iio-poll-light.c Examining data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.h Examining data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c Examining data/iio-sensor-proxy-3.0/src/drivers.c Examining data/iio-sensor-proxy-3.0/src/drv-iio-buffer-light.c Examining data/iio-sensor-proxy-3.0/src/drv-iio-poll-proximity.c Examining data/iio-sensor-proxy-3.0/src/orientation.h Examining data/iio-sensor-proxy-3.0/src/accel-mount-matrix.c Examining data/iio-sensor-proxy-3.0/src/accel-mount-matrix.h FINAL RESULTS: data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:435:6: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (fscanf(sysfsfp, "%s", temp) != 1 || data/iio-sensor-proxy-3.0/src/accel-mount-matrix.c:91:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. parse_mount_matrix (const char *mtx, data/iio-sensor-proxy-3.0/src/accel-mount-matrix.h:21:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. gboolean parse_mount_matrix (const char *mtx, data/iio-sensor-proxy-3.0/src/drivers.h:82:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gboolean (*open) (GUdevDevice *device, data/iio-sensor-proxy-3.0/src/drivers.h:113:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_return_val_if_fail (driver->open, FALSE); data/iio-sensor-proxy-3.0/src/drivers.h:117:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return driver->open (device, callback_func, user_data); data/iio-sensor-proxy-3.0/src/drv-iio-buffer-accel.c:94:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = open (or_data->dev_path, O_RDONLY | O_NONBLOCK); data/iio-sensor-proxy-3.0/src/drv-iio-buffer-compass.c:80:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = open (or_data->dev_path, O_RDONLY | O_NONBLOCK); data/iio-sensor-proxy-3.0/src/drv-iio-buffer-light.c:85:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = open (or_data->dev_path, O_RDONLY | O_NONBLOCK); data/iio-sensor-proxy-3.0/src/drv-iio-poll-accel.c:44:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result = atoi (contents); data/iio-sensor-proxy-3.0/src/drv-iio-poll-proximity.c:47:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result = atoi (contents); data/iio-sensor-proxy-3.0/src/drv-input-accel.c:130:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (drv_data->dev_path, O_RDONLY|O_CLOEXEC); data/iio-sensor-proxy-3.0/src/fake-input-accelerometer.c:66:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen (temp, "w"); data/iio-sensor-proxy-3.0/src/fake-input-accelerometer.c:125:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/uinput", O_RDWR); data/iio-sensor-proxy-3.0/src/fake-input-accelerometer.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:107:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen (filename, "r"); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:113:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen (filename, "r"); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:169:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen (filename, "r"); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:188:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen (filename, "r"); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:258:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen (filename, "r"); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:287:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen (filename, "r"); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:368:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen(temp, "w"); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:381:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen(temp, "r"); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:419:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen (temp, "w"); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:430:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sysfsfp = fopen(temp, "r"); data/iio-sensor-proxy-3.0/src/test-orientation.c:162:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x = atoi (x_str); data/iio-sensor-proxy-3.0/src/test-orientation.c:163:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). y = atoi (y_str); data/iio-sensor-proxy-3.0/src/test-orientation.c:164:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). z = atoi (z_str); data/iio-sensor-proxy-3.0/src/uinput.h:704:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[UINPUT_MAX_NAME_SIZE]; data/iio-sensor-proxy-3.0/src/drv-iio-buffer-accel.c:101:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data.read_size = read (fp, data.data, buf_len * or_data->buffer_data->scan_size); data/iio-sensor-proxy-3.0/src/drv-iio-buffer-compass.c:87:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data.read_size = read (fp, data.data, buf_len * or_data->buffer_data->scan_size); data/iio-sensor-proxy-3.0/src/drv-iio-buffer-light.c:92:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data.read_size = read (fp, data.data, buf_len * or_data->buffer_data->scan_size); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:277:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). current->name = g_strndup (name, strlen(name) - strlen("_en")); data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:277:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). current->name = g_strndup (name, strlen(name) - strlen("_en")); data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c:1033:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pragma(section(".CRT$XCU",read)) \ data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c:1041:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pragma(section(".CRT$XCU",read)) \ data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c:1053:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). section(".CRT$XCU",read) data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c:1060:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). section(".CRT$XCU",read) ANALYSIS SUMMARY: Hits = 38 Lines analyzed = 6974 in approximately 0.29 seconds (24114 lines/second) Physical Source Lines of Code (SLOC) = 5494 Hits@level = [0] 13 [1] 9 [2] 28 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 51 [1+] 38 [2+] 29 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 9.28285 [1+] 6.91664 [2+] 5.27849 [3+] 0.182017 [4+] 0.182017 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.