Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/iio-sensor-proxy-3.0/src/test-orientation-gtk.c
Examining data/iio-sensor-proxy-3.0/src/drv-iio-buffer-accel.c
Examining data/iio-sensor-proxy-3.0/src/test-orientation.c
Examining data/iio-sensor-proxy-3.0/src/accel-attributes.h
Examining data/iio-sensor-proxy-3.0/src/drv-fake-compass.c
Examining data/iio-sensor-proxy-3.0/src/drv-hwmon-light.c
Examining data/iio-sensor-proxy-3.0/src/accel-attributes.c
Examining data/iio-sensor-proxy-3.0/src/drivers.h
Examining data/iio-sensor-proxy-3.0/src/test-accel-location.c
Examining data/iio-sensor-proxy-3.0/src/uinput.h
Examining data/iio-sensor-proxy-3.0/src/fake-input-accelerometer.c
Examining data/iio-sensor-proxy-3.0/src/drv-iio-buffer-compass.c
Examining data/iio-sensor-proxy-3.0/src/monitor-sensor.c
Examining data/iio-sensor-proxy-3.0/src/drv-input-accel.c
Examining data/iio-sensor-proxy-3.0/src/drv-iio-poll-accel.c
Examining data/iio-sensor-proxy-3.0/src/iio-buffer-utils.h
Examining data/iio-sensor-proxy-3.0/src/orientation.c
Examining data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c
Examining data/iio-sensor-proxy-3.0/src/drv-fake-light.c
Examining data/iio-sensor-proxy-3.0/src/test-mount-matrix.c
Examining data/iio-sensor-proxy-3.0/src/iio-sensor-proxy.c
Examining data/iio-sensor-proxy-3.0/src/drv-iio-poll-light.c
Examining data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.h
Examining data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c
Examining data/iio-sensor-proxy-3.0/src/drivers.c
Examining data/iio-sensor-proxy-3.0/src/drv-iio-buffer-light.c
Examining data/iio-sensor-proxy-3.0/src/drv-iio-poll-proximity.c
Examining data/iio-sensor-proxy-3.0/src/orientation.h
Examining data/iio-sensor-proxy-3.0/src/accel-mount-matrix.c
Examining data/iio-sensor-proxy-3.0/src/accel-mount-matrix.h
FINAL RESULTS:
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:435:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (fscanf(sysfsfp, "%s", temp) != 1 ||
data/iio-sensor-proxy-3.0/src/accel-mount-matrix.c:91:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
parse_mount_matrix (const char *mtx,
data/iio-sensor-proxy-3.0/src/accel-mount-matrix.h:21:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gboolean parse_mount_matrix (const char *mtx,
data/iio-sensor-proxy-3.0/src/drivers.h:82:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gboolean (*open) (GUdevDevice *device,
data/iio-sensor-proxy-3.0/src/drivers.h:113:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_return_val_if_fail (driver->open, FALSE);
data/iio-sensor-proxy-3.0/src/drivers.h:117:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return driver->open (device, callback_func, user_data);
data/iio-sensor-proxy-3.0/src/drv-iio-buffer-accel.c:94:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = open (or_data->dev_path, O_RDONLY | O_NONBLOCK);
data/iio-sensor-proxy-3.0/src/drv-iio-buffer-compass.c:80:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = open (or_data->dev_path, O_RDONLY | O_NONBLOCK);
data/iio-sensor-proxy-3.0/src/drv-iio-buffer-light.c:85:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = open (or_data->dev_path, O_RDONLY | O_NONBLOCK);
data/iio-sensor-proxy-3.0/src/drv-iio-poll-accel.c:44:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = atoi (contents);
data/iio-sensor-proxy-3.0/src/drv-iio-poll-proximity.c:47:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = atoi (contents);
data/iio-sensor-proxy-3.0/src/drv-input-accel.c:130:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (drv_data->dev_path, O_RDONLY|O_CLOEXEC);
data/iio-sensor-proxy-3.0/src/fake-input-accelerometer.c:66:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen (temp, "w");
data/iio-sensor-proxy-3.0/src/fake-input-accelerometer.c:125:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/uinput", O_RDWR);
data/iio-sensor-proxy-3.0/src/fake-input-accelerometer.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:107:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen (filename, "r");
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:113:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen (filename, "r");
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:169:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen (filename, "r");
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:188:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen (filename, "r");
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:258:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen (filename, "r");
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:287:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen (filename, "r");
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:368:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen(temp, "w");
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:381:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen(temp, "r");
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:419:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen (temp, "w");
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:430:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysfsfp = fopen(temp, "r");
data/iio-sensor-proxy-3.0/src/test-orientation.c:162:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi (x_str);
data/iio-sensor-proxy-3.0/src/test-orientation.c:163:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi (y_str);
data/iio-sensor-proxy-3.0/src/test-orientation.c:164:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
z = atoi (z_str);
data/iio-sensor-proxy-3.0/src/uinput.h:704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[UINPUT_MAX_NAME_SIZE];
data/iio-sensor-proxy-3.0/src/drv-iio-buffer-accel.c:101:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data.read_size = read (fp, data.data, buf_len * or_data->buffer_data->scan_size);
data/iio-sensor-proxy-3.0/src/drv-iio-buffer-compass.c:87:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data.read_size = read (fp, data.data, buf_len * or_data->buffer_data->scan_size);
data/iio-sensor-proxy-3.0/src/drv-iio-buffer-light.c:92:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data.read_size = read (fp, data.data, buf_len * or_data->buffer_data->scan_size);
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:277:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current->name = g_strndup (name, strlen(name) - strlen("_en"));
data/iio-sensor-proxy-3.0/src/iio-buffer-utils.c:277:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current->name = g_strndup (name, strlen(name) - strlen("_en"));
data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c:1033:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c:1041:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c:1053:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/iio-sensor-proxy-3.0/src/iio-sensor-proxy-resources.c:1060:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
ANALYSIS SUMMARY:
Hits = 38
Lines analyzed = 6974 in approximately 0.29 seconds (24114 lines/second)
Physical Source Lines of Code (SLOC) = 5494
Hits@level = [0] 13 [1] 9 [2] 28 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 51 [1+] 38 [2+] 29 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 9.28285 [1+] 6.91664 [2+] 5.27849 [3+] 0.182017 [4+] 0.182017 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.