Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libsml-0.1.1+git20180125/examples/sml_server.c Examining data/libsml-0.1.1+git20180125/examples/unit.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_attention_response.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_boolean.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_close_request.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_close_response.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_crc16.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_file.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_list_request.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_list_response.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_proc_parameter_request.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_proc_parameter_response.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_profile_list_request.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_profile_list_response.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_profile_pack_request.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_profile_pack_response.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_list.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_message.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_number.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_octet_string.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_open_request.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_open_response.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_set_proc_parameter_request.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_shared.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_status.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_time.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_transport.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_tree.h Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_value.h Examining data/libsml-0.1.1+git20180125/sml/src/sml_attention_response.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_boolean.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_close_request.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_close_response.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_crc16.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_file.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_list_request.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_list_response.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_proc_parameter_request.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_proc_parameter_response.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_profile_list_request.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_profile_list_response.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_profile_pack_request.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_profile_pack_response.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_list.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_message.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_number.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_open_request.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_open_response.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_set_proc_parameter_request.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_shared.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_status.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_time.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_transport.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_tree.c Examining data/libsml-0.1.1+git20180125/sml/src/sml_value.c Examining data/libsml-0.1.1+git20180125/test/src/sml_boolean_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_buffer_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_file_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_get_profile_pack_request_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_list_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_message_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_number_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_octet_string_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_open_request_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_status_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_time_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_tree_test.c Examining data/libsml-0.1.1+git20180125/test/src/sml_value_test.c Examining data/libsml-0.1.1+git20180125/test/src/test_helper.c Examining data/libsml-0.1.1+git20180125/test/src/test_helper.h Examining data/libsml-0.1.1+git20180125/test/test_main.c Examining data/libsml-0.1.1+git20180125/test/unity/unity.c Examining data/libsml-0.1.1+git20180125/test/unity/unity.h Examining data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c Examining data/libsml-0.1.1+git20180125/test/unity/unity_fixture.h Examining data/libsml-0.1.1+git20180125/test/unity/unity_fixture_internals.h Examining data/libsml-0.1.1+git20180125/test/unity/unity_fixture_malloc_overrides.h Examining data/libsml-0.1.1+git20180125/test/unity/unity_internals.h FINAL RESULTS: data/libsml-0.1.1+git20180125/examples/sml_server.c:48:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(device, O_RDWR | O_NOCTTY | O_NONBLOCK); data/libsml-0.1.1+git20180125/examples/sml_server.c:50:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(device, O_RDWR | O_NOCTTY | O_NDELAY); data/libsml-0.1.1+git20180125/sml/src/sml_file.c:40:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->buffer, buffer, buffer_len); data/libsml-0.1.1+git20180125/sml/src/sml_number.c:44:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(np, bytes, size); data/libsml-0.1.1+git20180125/sml/src/sml_number.c:81:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(np[missing_bytes]), sml_buf_get_current_buf(buf), l); data/libsml-0.1.1+git20180125/sml/src/sml_number.c:104:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sml_buf_get_current_buf(buf), np, size); data/libsml-0.1.1+git20180125/sml/src/sml_number.c:115:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ob[bytes_len]; data/libsml-0.1.1+git20180125/sml/src/sml_number.c:116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ob, bytes, bytes_len); data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:44:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->str, str, length); data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:56:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[len / 2]; data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:101:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sml_buf_get_current_buf(buf), str->str, str->len); data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[16]; data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:114:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open("/dev/urandom", O_RDONLY); data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:60:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[max_len]; data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:91:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, &(buf[0]), len); data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:108:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[MC_SML_BUFFER_LEN]; data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:125:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sml_buf_get_current_buf(buf), start_seq, 8); data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:140:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sml_buf_get_current_buf(buf), end_seq, 5); data/libsml-0.1.1+git20180125/test/src/test_helper.c:56:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expected_buf[len]; data/libsml-0.1.1+git20180125/test/unity/unity.c:237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TempBuffer[32]; data/libsml-0.1.1+git20180125/test/unity/unity.c:238:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(TempBuffer, "%.6f", number); data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guard[sizeof(size_t)]; data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:191:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mem[size], end, strlen(end) + 1); data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:257:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newMem, oldMem, guard->size); data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:350:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). UnityFixture.RepeatCount = atoi(argv[i]); data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:52:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i, len = strlen(str); data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:115:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, uuid, 16); data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:45:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, &(buffer[tr]), len - tr); data/libsml-0.1.1+git20180125/test/src/test_helper.c:48:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(hex); data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:191:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(&mem[size], end, strlen(end) + 1); ANALYSIS SUMMARY: Hits = 30 Lines analyzed = 9847 in approximately 0.22 seconds (45109 lines/second) Physical Source Lines of Code (SLOC) = 6588 Hits@level = [0] 23 [1] 5 [2] 25 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 53 [1+] 30 [2+] 25 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 8.04493 [1+] 4.55373 [2+] 3.79478 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.