Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsml-0.1.1+git20180125/examples/sml_server.c
Examining data/libsml-0.1.1+git20180125/examples/unit.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_attention_response.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_boolean.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_close_request.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_close_response.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_crc16.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_file.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_list_request.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_list_response.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_proc_parameter_request.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_proc_parameter_response.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_profile_list_request.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_profile_list_response.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_profile_pack_request.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_get_profile_pack_response.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_list.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_message.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_number.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_octet_string.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_open_request.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_open_response.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_set_proc_parameter_request.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_shared.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_status.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_time.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_transport.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_tree.h
Examining data/libsml-0.1.1+git20180125/sml/include/sml/sml_value.h
Examining data/libsml-0.1.1+git20180125/sml/src/sml_attention_response.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_boolean.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_close_request.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_close_response.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_crc16.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_file.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_list_request.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_list_response.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_proc_parameter_request.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_proc_parameter_response.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_profile_list_request.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_profile_list_response.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_profile_pack_request.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_get_profile_pack_response.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_list.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_message.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_number.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_open_request.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_open_response.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_set_proc_parameter_request.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_shared.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_status.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_time.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_transport.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_tree.c
Examining data/libsml-0.1.1+git20180125/sml/src/sml_value.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_boolean_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_buffer_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_file_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_get_profile_pack_request_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_list_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_message_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_number_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_octet_string_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_open_request_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_status_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_time_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_tree_test.c
Examining data/libsml-0.1.1+git20180125/test/src/sml_value_test.c
Examining data/libsml-0.1.1+git20180125/test/src/test_helper.c
Examining data/libsml-0.1.1+git20180125/test/src/test_helper.h
Examining data/libsml-0.1.1+git20180125/test/test_main.c
Examining data/libsml-0.1.1+git20180125/test/unity/unity.c
Examining data/libsml-0.1.1+git20180125/test/unity/unity.h
Examining data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c
Examining data/libsml-0.1.1+git20180125/test/unity/unity_fixture.h
Examining data/libsml-0.1.1+git20180125/test/unity/unity_fixture_internals.h
Examining data/libsml-0.1.1+git20180125/test/unity/unity_fixture_malloc_overrides.h
Examining data/libsml-0.1.1+git20180125/test/unity/unity_internals.h
FINAL RESULTS:
data/libsml-0.1.1+git20180125/examples/sml_server.c:48:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(device, O_RDWR | O_NOCTTY | O_NONBLOCK);
data/libsml-0.1.1+git20180125/examples/sml_server.c:50:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(device, O_RDWR | O_NOCTTY | O_NDELAY);
data/libsml-0.1.1+git20180125/sml/src/sml_file.c:40:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->buffer, buffer, buffer_len);
data/libsml-0.1.1+git20180125/sml/src/sml_number.c:44:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, bytes, size);
data/libsml-0.1.1+git20180125/sml/src/sml_number.c:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(np[missing_bytes]), sml_buf_get_current_buf(buf), l);
data/libsml-0.1.1+git20180125/sml/src/sml_number.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sml_buf_get_current_buf(buf), np, size);
data/libsml-0.1.1+git20180125/sml/src/sml_number.c:115:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ob[bytes_len];
data/libsml-0.1.1+git20180125/sml/src/sml_number.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ob, bytes, bytes_len);
data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:44:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->str, str, length);
data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:56:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[len / 2];
data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sml_buf_get_current_buf(buf), str->str, str->len);
data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[16];
data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:114:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/urandom", O_RDONLY);
data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:60:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[max_len];
data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &(buf[0]), len);
data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[MC_SML_BUFFER_LEN];
data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sml_buf_get_current_buf(buf), start_seq, 8);
data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sml_buf_get_current_buf(buf), end_seq, 5);
data/libsml-0.1.1+git20180125/test/src/test_helper.c:56:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char expected_buf[len];
data/libsml-0.1.1+git20180125/test/unity/unity.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TempBuffer[32];
data/libsml-0.1.1+git20180125/test/unity/unity.c:238:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(TempBuffer, "%.6f", number);
data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guard[sizeof(size_t)];
data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mem[size], end, strlen(end) + 1);
data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:257:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newMem, oldMem, guard->size);
data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:350:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
UnityFixture.RepeatCount = atoi(argv[i]);
data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:52:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(str);
data/libsml-0.1.1+git20180125/sml/src/sml_octet_string.c:115:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, uuid, 16);
data/libsml-0.1.1+git20180125/sml/src/sml_transport.c:45:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, &(buffer[tr]), len - tr);
data/libsml-0.1.1+git20180125/test/src/test_helper.c:48:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(hex);
data/libsml-0.1.1+git20180125/test/unity/unity_fixture.c:191:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&mem[size], end, strlen(end) + 1);
ANALYSIS SUMMARY:
Hits = 30
Lines analyzed = 9847 in approximately 0.22 seconds (45109 lines/second)
Physical Source Lines of Code (SLOC) = 6588
Hits@level = [0] 23 [1] 5 [2] 25 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 53 [1+] 30 [2+] 25 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.04493 [1+] 4.55373 [2+] 3.79478 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.