stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libuvc-0.0.6/include/libuvc/libuvc.h
Examining data/libuvc-0.0.6/include/libuvc/libuvc_internal.h
Examining data/libuvc-0.0.6/include/utlist.h
Examining data/libuvc-0.0.6/src/ctrl-gen.c
Examining data/libuvc-0.0.6/src/ctrl.c
Examining data/libuvc-0.0.6/src/device.c
Examining data/libuvc-0.0.6/src/diag.c
Examining data/libuvc-0.0.6/src/example.c
Examining data/libuvc-0.0.6/src/frame-mjpeg.c
Examining data/libuvc-0.0.6/src/frame.c
Examining data/libuvc-0.0.6/src/init.c
Examining data/libuvc-0.0.6/src/misc.c
Examining data/libuvc-0.0.6/src/stream.c
Examining data/libuvc-0.0.6/src/test.c

FINAL RESULTS:

data/libuvc-0.0.6/src/ctrl.c:60:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[2];
data/libuvc-0.0.6/src/device.c:495:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[64];
data/libuvc-0.0.6/src/device.c:1133:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(unit->guidExtensionCode, &block[4], 16);
data/libuvc-0.0.6/src/device.c:1269:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(format->guidFormat, &block[5], 16);
data/libuvc-0.0.6/src/device.c:1298:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(format->guidFormat, &block[5], 16);
data/libuvc-0.0.6/src/device.c:1327:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(format->fourccFormat, "MJPG", 4);
data/libuvc-0.0.6/src/frame-mjpeg.c:113:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dinfo->tbl->bits, name##_len, sizeof(name##_len)); \
data/libuvc-0.0.6/src/frame-mjpeg.c:115:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dinfo->tbl->huffval, name##_val, sizeof(name##_val)); \
data/libuvc-0.0.6/src/frame-mjpeg.c:173:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char *buffer[1] = {( unsigned char*) out->data + lines_read * out->step };
data/libuvc-0.0.6/src/frame.c:121:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(out->data, in->data, in->data_bytes);
data/libuvc-0.0.6/src/misc.c:51:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(d, s, n);
data/libuvc-0.0.6/src/stream.c:565:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(strmh->outbuf + strmh->got_bytes, payload + header_len, data_len);
data/libuvc-0.0.6/src/stream.c:1107:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(frame->data, strmh->holdbuf, frame->data_bytes);

ANALYSIS SUMMARY:

Hits = 13
Lines analyzed = 8547 in approximately 0.21 seconds (40933 lines/second)
Physical Source Lines of Code (SLOC) = 5382
Hits@level = [0]  54 [1]   0 [2]  13 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  67 [1+]  13 [2+]  13 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 12.4489 [1+] 2.41546 [2+] 2.41546 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.