Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsigsegv-2.12/tests/sigsegv3.c
Examining data/libsigsegv-2.12/tests/sigsegv2.c
Examining data/libsigsegv-2.12/tests/mmaputil.h
Examining data/libsigsegv-2.12/tests/stackoverflow2.c
Examining data/libsigsegv-2.12/tests/altstack.h
Examining data/libsigsegv-2.12/tests/efault3.c
Examining data/libsigsegv-2.12/tests/efault1.c
Examining data/libsigsegv-2.12/tests/cygwin1.c
Examining data/libsigsegv-2.12/tests/efault2.c
Examining data/libsigsegv-2.12/tests/sigsegv1.c
Examining data/libsigsegv-2.12/tests/stackoverflow1.c
Examining data/libsigsegv-2.12/src/version.c
Examining data/libsigsegv-2.12/src/fault-openbsd-m68k.h
Examining data/libsigsegv-2.12/src/leave.c
Examining data/libsigsegv-2.12/src/fault-openbsd-i386.h
Examining data/libsigsegv-2.12/src/fault-solaris-sparc.h
Examining data/libsigsegv-2.12/src/fault-linux-arm-old.h
Examining data/libsigsegv-2.12/src/stackvma-procfs.c
Examining data/libsigsegv-2.12/src/fault-macosdarwin5-powerpc.h
Examining data/libsigsegv-2.12/src/signals-macos.h
Examining data/libsigsegv-2.12/src/fault-none.h
Examining data/libsigsegv-2.12/src/signals-bsd.h
Examining data/libsigsegv-2.12/src/fault-linux-alpha.h
Examining data/libsigsegv-2.12/src/fault-osf.h
Examining data/libsigsegv-2.12/src/signals-hurd.h
Examining data/libsigsegv-2.12/src/stackvma-netbsd.c
Examining data/libsigsegv-2.12/src/fault-linux-cris-old.h
Examining data/libsigsegv-2.12/src/stackvma-simple.c
Examining data/libsigsegv-2.12/src/fault-linux-powerpc-old.h
Examining data/libsigsegv-2.12/src/fault-linux-powerpc.h
Examining data/libsigsegv-2.12/src/fault-openbsd-m88k.h
Examining data/libsigsegv-2.12/src/fault-solaris-i386.h
Examining data/libsigsegv-2.12/src/fault-hpux.h
Examining data/libsigsegv-2.12/src/stackvma.h
Examining data/libsigsegv-2.12/src/fault-beos-i386.h
Examining data/libsigsegv-2.12/src/fault-linux-ia64-old.h
Examining data/libsigsegv-2.12/src/fault-linux-sh.h
Examining data/libsigsegv-2.12/src/fault-openbsd-alpha.h
Examining data/libsigsegv-2.12/src/fault-linux-cris.h
Examining data/libsigsegv-2.12/src/fault-linux-sh-old.h
Examining data/libsigsegv-2.12/src/fault-aix5.h
Examining data/libsigsegv-2.12/src/fault-linux-alpha-old.h
Examining data/libsigsegv-2.12/src/signals-hpux.h
Examining data/libsigsegv-2.12/src/fault-posix-ucontext.h
Examining data/libsigsegv-2.12/src/handler-macos.c
Examining data/libsigsegv-2.12/src/stackvma-vma-iter.c
Examining data/libsigsegv-2.12/src/fault-openbsd-arm.h
Examining data/libsigsegv-2.12/src/fault-haiku.h
Examining data/libsigsegv-2.12/src/stackvma-mach.c
Examining data/libsigsegv-2.12/src/fault-linux-hppa-old.h
Examining data/libsigsegv-2.12/src/fault-irix-mips.h
Examining data/libsigsegv-2.12/src/fault-netbsd-alpha.c
Examining data/libsigsegv-2.12/src/fault-linux-sparc-old.h
Examining data/libsigsegv-2.12/src/fault-linux-i386.h
Examining data/libsigsegv-2.12/src/fault-linux-ia64.h
Examining data/libsigsegv-2.12/src/stackvma-freebsd.c
Examining data/libsigsegv-2.12/src/handler.c
Examining data/libsigsegv-2.12/src/dispatcher.c
Examining data/libsigsegv-2.12/src/handler-none.c
Examining data/libsigsegv-2.12/src/fault-linux-sparc.h
Examining data/libsigsegv-2.12/src/fault-haiku-i386.h
Examining data/libsigsegv-2.12/src/fault-hurd-i386.h
Examining data/libsigsegv-2.12/src/fault-linux-hppa.h
Examining data/libsigsegv-2.12/src/fault-openbsd.h
Examining data/libsigsegv-2.12/src/fault-openbsd-hppa.h
Examining data/libsigsegv-2.12/src/fault-macos-i386.h
Examining data/libsigsegv-2.12/src/fault-openbsd-mips.h
Examining data/libsigsegv-2.12/src/fault-freebsd-i386.h
Examining data/libsigsegv-2.12/src/leave-sigaltstack.c
Examining data/libsigsegv-2.12/src/fault-beos.h
Examining data/libsigsegv-2.12/src/fault-linux-x86_64-old.h
Examining data/libsigsegv-2.12/src/machfault-macos.h
Examining data/libsigsegv-2.12/src/machfault.h
Examining data/libsigsegv-2.12/src/fault-openbsd-vax.h
Examining data/libsigsegv-2.12/src/fault-linux-arm.h
Examining data/libsigsegv-2.12/src/fault-cygwin-old.h
Examining data/libsigsegv-2.12/src/stackvma-mquery.c
Examining data/libsigsegv-2.12/src/fault-posix.h
Examining data/libsigsegv-2.12/src/fault-openbsd-powerpc.h
Examining data/libsigsegv-2.12/src/fault-hpux-hppa.h
Examining data/libsigsegv-2.12/src/leave.h
Examining data/libsigsegv-2.12/src/fault-openbsd-sh.h
Examining data/libsigsegv-2.12/src/fault-linux-m68k.h
Examining data/libsigsegv-2.12/src/fault-linux-m68k-old.c
Examining data/libsigsegv-2.12/src/fault-osf-alpha.h
Examining data/libsigsegv-2.12/src/fault-macosdarwin5-powerpc.c
Examining data/libsigsegv-2.12/src/fault-aix3.h
Examining data/libsigsegv-2.12/src/leave-nop.c
Examining data/libsigsegv-2.12/src/fault-linux-m68k-old.h
Examining data/libsigsegv-2.12/src/stackvma-none.c
Examining data/libsigsegv-2.12/src/fault-openbsd-sparc.h
Examining data/libsigsegv-2.12/src/fault-netbsd-alpha.h
Examining data/libsigsegv-2.12/src/stackvma-beos.c
Examining data/libsigsegv-2.12/src/fault-linux-i386-oldold.h
Examining data/libsigsegv-2.12/src/fault-bsd.h
Examining data/libsigsegv-2.12/src/fault-linux-i386-old.h
Examining data/libsigsegv-2.12/src/fault-aix5-powerpc.h
Examining data/libsigsegv-2.12/src/fault-solaris.h
Examining data/libsigsegv-2.12/src/fault-linux-s390.h
Examining data/libsigsegv-2.12/src/stackvma-rofile.c
Examining data/libsigsegv-2.12/src/leave-setcontext.c
Examining data/libsigsegv-2.12/src/fault-irix.h
Examining data/libsigsegv-2.12/src/handler-win32.c
Examining data/libsigsegv-2.12/src/fault.h
Examining data/libsigsegv-2.12/src/fault-netbsd.h
Examining data/libsigsegv-2.12/src/fault-aix3-powerpc.h
Examining data/libsigsegv-2.12/src/stackvma.c
Examining data/libsigsegv-2.12/src/fault-macosdarwin7-powerpc.c
Examining data/libsigsegv-2.12/src/stackvma-mincore.c
Examining data/libsigsegv-2.12/src/fault-linux.h
Examining data/libsigsegv-2.12/src/leave-none.c
Examining data/libsigsegv-2.12/src/stackvma-linux.c
Examining data/libsigsegv-2.12/src/fault-linux-mips.h
Examining data/libsigsegv-2.12/src/fault-linux-s390-old.h
Examining data/libsigsegv-2.12/src/handler-unix.c
Examining data/libsigsegv-2.12/src/fault-linux-mips-old.h
Examining data/libsigsegv-2.12/src/fault-hurd.h
Examining data/libsigsegv-2.12/src/signals.h
Examining data/libsigsegv-2.12/src/fault-macosdarwin7-powerpc.h
FINAL RESULTS:
data/libsigsegv-2.12/src/handler-macos.c:327:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/libsigsegv-2.12/src/handler-macos.c:334:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/libsigsegv-2.12/src/handler-win32.c:214:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (safe_context, orig_context, sizeof (CONTEXT));
data/libsigsegv-2.12/src/stackvma-procfs.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnamebuf[6+10+1];
data/libsigsegv-2.12/src/stackvma-procfs.c:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fname, "/proc/", 6);
data/libsigsegv-2.12/src/stackvma-procfs.c:158:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (fname, O_RDONLY);
data/libsigsegv-2.12/src/stackvma-procfs.c:173:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zero_fd = open ("/dev/zero", O_RDONLY, 0644);
data/libsigsegv-2.12/src/stackvma-procfs.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnamebuf[6+10+4+1];
data/libsigsegv-2.12/src/stackvma-procfs.c:262:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fname, "/map", 4 + 1);
data/libsigsegv-2.12/src/stackvma-procfs.c:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fname, "/proc/", 6);
data/libsigsegv-2.12/src/stackvma-procfs.c:272:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (fname, O_RDONLY);
data/libsigsegv-2.12/src/stackvma-procfs.c:291:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zero_fd = open ("/dev/zero", O_RDONLY, 0644);
data/libsigsegv-2.12/src/stackvma-rofile.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_allocated_buffer[STACK_ALLOCATED_BUFFER_SIZE];
data/libsigsegv-2.12/src/stackvma-rofile.c:92:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (filename, O_RDONLY);
data/libsigsegv-2.12/src/stackvma-rofile.c:185:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (filename, O_RDONLY);
data/libsigsegv-2.12/tests/altstack.h:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mystack_storage[SIGSTKSZ + 2 * MYSTACK_CRUMPLE_ZONE + 31];
data/libsigsegv-2.12/tests/efault1.c:50:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open (null_pointer, O_RDONLY) != -1 || errno != EFAULT)
data/libsigsegv-2.12/tests/efault1.c:61:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open (null_pointer, O_RDONLY) != -1 || errno != EFAULT)
data/libsigsegv-2.12/tests/efault2.c:52:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open (null_pointer, O_RDONLY) != -1 || errno != EFAULT)
data/libsigsegv-2.12/tests/efault2.c:66:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open (null_pointer, O_RDONLY) != -1 || errno != EFAULT)
data/libsigsegv-2.12/tests/efault3.c:60:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open (null_pointer, O_RDONLY) != -1 || errno != EFAULT)
data/libsigsegv-2.12/tests/efault3.c:80:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open (null_pointer, O_RDONLY) != -1 || errno != EFAULT)
data/libsigsegv-2.12/tests/sigsegv1.c:70:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zero_fd = open ("/dev/zero", O_RDONLY, 0644);
data/libsigsegv-2.12/tests/sigsegv2.c:77:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zero_fd = open ("/dev/zero", O_RDONLY, 0644);
data/libsigsegv-2.12/tests/sigsegv3.c:91:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zero_fd = open ("/dev/zero", O_RDONLY, 0644);
data/libsigsegv-2.12/tests/stackoverflow2.c:139:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zero_fd = open ("/dev/zero", O_RDONLY, 0644);
data/libsigsegv-2.12/src/stackvma-procfs.c:314:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t nread = read (fd, ptr, remaining);
data/libsigsegv-2.12/src/stackvma-rofile.c:109:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read (fd, rof->buffer, size);
data/libsigsegv-2.12/src/stackvma-rofile.c:128:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (fd, rof->buffer + rof->filled, size - rof->filled);
ANALYSIS SUMMARY:
Hits = 29
Lines analyzed = 8125 in approximately 0.26 seconds (30804 lines/second)
Physical Source Lines of Code (SLOC) = 4264
Hits@level = [0] 82 [1] 3 [2] 26 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 111 [1+] 29 [2+] 26 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 26.0319 [1+] 6.80113 [2+] 6.09756 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.