Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mac-fdisk-0.1/DoReadWrite.c
Examining data/mac-fdisk-0.1/DoSCSICommandWithSense.c
Examining data/mac-fdisk-0.1/DoTestUnitReady.c
Examining data/mac-fdisk-0.1/MacSCSICommand.h
Examining data/mac-fdisk-0.1/SCSIStuff.h
Examining data/mac-fdisk-0.1/SCSI_misc.c
Examining data/mac-fdisk-0.1/bitfield.c
Examining data/mac-fdisk-0.1/bitfield.h
Examining data/mac-fdisk-0.1/convert.c
Examining data/mac-fdisk-0.1/convert.h
Examining data/mac-fdisk-0.1/dump.h
Examining data/mac-fdisk-0.1/errors.c
Examining data/mac-fdisk-0.1/errors.h
Examining data/mac-fdisk-0.1/io.h
Examining data/mac-fdisk-0.1/pdisk.h
Examining data/mac-fdisk-0.1/version.h
Examining data/mac-fdisk-0.1/fdisk.h
Examining data/mac-fdisk-0.1/dpme.h
Examining data/mac-fdisk-0.1/dump.c
Examining data/mac-fdisk-0.1/fdisk.c
Examining data/mac-fdisk-0.1/fdisklabel.c
Examining data/mac-fdisk-0.1/fdisklabel.h
Examining data/mac-fdisk-0.1/io.c
Examining data/mac-fdisk-0.1/kernel-defs.h
Examining data/mac-fdisk-0.1/partition_map.c
Examining data/mac-fdisk-0.1/partition_map.h
Examining data/mac-fdisk-0.1/pdisk.c
FINAL RESULTS:
data/mac-fdisk-0.1/errors.c:114:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/mac-fdisk-0.1/errors.c:143:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/mac-fdisk-0.1/fdisk.c:217:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error, "Unable to open %s\n", disk_device);
data/mac-fdisk-0.1/fdisk.c:220:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error, "Unable to read %s\n", disk_device);
data/mac-fdisk-0.1/fdisk.c:223:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error, "Unable to seek on %s\n", disk_device);
data/mac-fdisk-0.1/fdisk.c:226:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error, "Unable to write %s\n", disk_device);
data/mac-fdisk-0.1/fdisk.c:574:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ms, "%s ([%d]-%d): ", mesg, low, high);
data/mac-fdisk-0.1/fdisk.c:577:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ms, "%s (%d-[%d]): ", mesg, low, high);
data/mac-fdisk-0.1/fdisk.c:580:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ms, "%s (%d-[%d]-%d): ", mesg, low, dflt, high);
data/mac-fdisk-0.1/fdisk.c:583:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ms, "%s (%d-%d): ", mesg, low, high);
data/mac-fdisk-0.1/fdisk.c:1101:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesg, "First %s", str_units());
data/mac-fdisk-0.1/fdisk.c:1153:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesg, "Last %s or +size or +sizeM or +sizeK",
data/mac-fdisk-0.1/fdisk.c:1224:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "Command action\n %s\n p primary "
data/mac-fdisk-0.1/fdisklabel.c:230:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mesg, "First %s", str_units());
data/mac-fdisk-0.1/fdisklabel.c:233:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mesg, "Last %s or +size or +sizeM or +sizeK", str_units());
data/mac-fdisk-0.1/fdisklabel.c:480:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/%sboot", bootdir, dkbasename);
data/mac-fdisk-0.1/fdisklabel.c:491:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (path, "%s/boot%s", bootdir, dkbasename);
data/mac-fdisk-0.1/io.c:150:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prompt);
data/mac-fdisk-0.1/io.c:168:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prompt);
data/mac-fdisk-0.1/io.c:181:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prompt);
data/mac-fdisk-0.1/io.c:191:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prompt);
data/mac-fdisk-0.1/io.c:216:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prompt);
data/mac-fdisk-0.1/io.c:294:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prompt);
data/mac-fdisk-0.1/io.c:423:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/mac-fdisk-0.1/pdisk.c:278:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "hlvdr", long_options,
data/mac-fdisk-0.1/MacSCSICommand.h:88:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scsi[12];
data/mac-fdisk-0.1/MacSCSICommand.h:116:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vendor[8]; /* 8-15 Vendor-specific */
data/mac-fdisk-0.1/MacSCSICommand.h:117:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char product[16]; /* 16-31 Product id */
data/mac-fdisk-0.1/MacSCSICommand.h:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char revision[4]; /* 32-35 Product revision */
data/mac-fdisk-0.1/MacSCSICommand.h:119:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vendorSpecific[20]; /* 36-55 Vendor stuff */
data/mac-fdisk-0.1/MacSCSICommand.h:120:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char moreReserved[40]; /* 56-95 Reserved */
data/mac-fdisk-0.1/MacSCSICommand.h:192:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info[4];
data/mac-fdisk-0.1/MacSCSICommand.h:194:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reservedForCopy[4];
data/mac-fdisk-0.1/MacSCSICommand.h:198:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char senseKeySpecific[2];
data/mac-fdisk-0.1/MacSCSICommand.h:199:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char additional[101];
data/mac-fdisk-0.1/MacSCSICommand.h:251:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char numberOfBlocks[3];
data/mac-fdisk-0.1/MacSCSICommand.h:253:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char blockLength[3];
data/mac-fdisk-0.1/MacSCSICommand.h:258:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1];
data/mac-fdisk-0.1/MacSCSICommand.h:272:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pageLength[2];
data/mac-fdisk-0.1/MacSCSICommand.h:280:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1];
data/mac-fdisk-0.1/MacSCSICommand.h:282:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char parameterCode[2];
data/mac-fdisk-0.1/dpme.h:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpme_name[DPISTRLEN] ; /* name of partition */
data/mac-fdisk-0.1/dpme.h:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpme_type[DPISTRLEN] ; /* type of partition */
data/mac-fdisk-0.1/dpme.h:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpme_process_id[16] ;
data/mac-fdisk-0.1/dump.c:178:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf+len-4, "part");
data/mac-fdisk-0.1/dump.c:313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/mac-fdisk-0.1/dump.c:325:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "/dev/sd%c", 'a'+i);
data/mac-fdisk-0.1/dump.c:346:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "/dev/hd%c", 'a'+i);
data/mac-fdisk-0.1/fdisk.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[LINE_LENGTH],
data/mac-fdisk-0.1/fdisk.c:477:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(disk_device, type_open)) < 0)
data/mac-fdisk-0.1/fdisk.c:479:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(disk_device, O_RDONLY)) < 0)
data/mac-fdisk-0.1/fdisk.c:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ms[70];
data/mac-fdisk-0.1/fdisk.c:602:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(line_ptr);
data/mac-fdisk-0.1/fdisk.c:632:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(line_ptr);
data/mac-fdisk-0.1/fdisk.c:1073:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[48];
data/mac-fdisk-0.1/fdisk.c:1223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, line[LINE_LENGTH];
data/mac-fdisk-0.1/fdisk.c:1400:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(disk_device, type_open)) >= 0) {
data/mac-fdisk-0.1/fdisk.c:1447:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(i = atoi(argv[2] + 8)))
data/mac-fdisk-0.1/fdisk.c:1451:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(disk_device, O_RDWR)) >= 0) {
data/mac-fdisk-0.1/fdisk.c:1468:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fd = open(DEFAULT_DEVICE, O_RDWR)) < 0)
data/mac-fdisk-0.1/fdisklabel.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[BSD_BBSIZE];
data/mac-fdisk-0.1/fdisklabel.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[48];
data/mac-fdisk-0.1/fdisklabel.c:401:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (line_ptr);
data/mac-fdisk-0.1/fdisklabel.c:443:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (path, O_RDONLY)) < 0)
data/mac-fdisk-0.1/fdisklabel.c:463:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/mac-fdisk-0.1/fdisklabel.c:486:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (d, &dl, sizeof (struct disklabel));
data/mac-fdisk-0.1/fdisklabel.c:504:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (&dl, d, sizeof (struct disklabel));
data/mac-fdisk-0.1/fdisklabel.c:541:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[40];
data/mac-fdisk-0.1/fdisklabel.c:544:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (prompt, "Partition (a-%c): ", 'a' + max - 1);
data/mac-fdisk-0.1/fdisklabel.c:684:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (&buffer[BSD_LABELSECTOR * SECTOR_SIZE + BSD_LABELOFFSET],
data/mac-fdisk-0.1/fdisklabel.c:719:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (d, &buffer[BSD_LABELSECTOR * SECTOR_SIZE + BSD_LABELOFFSET],
data/mac-fdisk-0.1/fdisklabel.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_typename[16]; /* type name, e.g. "eagle" */
data/mac-fdisk-0.1/fdisklabel.h:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_packname[16]; /* pack identifier */
data/mac-fdisk-0.1/fdisklabel.h:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char un_d_packname[16]; /* pack identifier */
data/mac-fdisk-0.1/io.c:533:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(path, oflag);
data/mac-fdisk-0.1/dump.c:167:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"%*s %-*s ( size ) system\n", strlen(map->name)+1, "#", j, "length", j, "base");
data/mac-fdisk-0.1/dump.c:170:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"%*s %-*s ( size ) system\n", strlen(map->name)+1, "#", j, "length", j, "base");
data/mac-fdisk-0.1/dump.c:175:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(map->name);
data/mac-fdisk-0.1/fdisk.c:435:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (SECTOR_SIZE != read(fd, buffers[partitions], SECTOR_SIZE))
data/mac-fdisk-0.1/fdisk.c:484:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (SECTOR_SIZE != read(fd, buffer, SECTOR_SIZE))
data/mac-fdisk-0.1/fdisk.c:906:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, w = strlen(disk_device);
data/mac-fdisk-0.1/fdisk.c:1116:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (start != temp && read) {
data/mac-fdisk-0.1/fdisk.c:1121:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read && start == temp) {
data/mac-fdisk-0.1/fdisk.c:1132:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while (start != temp || !read);
data/mac-fdisk-0.1/fdisk.c:1450:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(disk_device, argv[2], 8);
data/mac-fdisk-0.1/fdisklabel.c:448:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, ptr, size) < 0)
data/mac-fdisk-0.1/fdisklabel.c:477:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_ptr[strlen (line_ptr)-1] = '\0';
data/mac-fdisk-0.1/fdisklabel.c:681:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (BSD_BBSIZE != read (fd, buffer, BSD_BBSIZE))
data/mac-fdisk-0.1/io.c:102:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (getc(stdin));
data/mac-fdisk-0.1/io.c:347:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(limit, ret_value, length);
data/mac-fdisk-0.1/io.c:451:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((t = read(fd, buf, PBLOCK_SIZE)) != PBLOCK_SIZE) {
data/mac-fdisk-0.1/partition_map.c:471:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->dpme_name, kFreeName, DPISTRLEN);
data/mac-fdisk-0.1/partition_map.c:472:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->dpme_type, kFreeType, DPISTRLEN);
data/mac-fdisk-0.1/partition_map.c:631:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->dpme_name, name, DPISTRLEN);
data/mac-fdisk-0.1/partition_map.c:632:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->dpme_type, dptype, DPISTRLEN);
ANALYSIS SUMMARY:
Hits = 95
Lines analyzed = 8160 in approximately 0.23 seconds (35975 lines/second)
Physical Source Lines of Code (SLOC) = 5880
Hits@level = [0] 305 [1] 20 [2] 50 [3] 1 [4] 24 [5] 0
Hits@level+ = [0+] 400 [1+] 95 [2+] 75 [3+] 25 [4+] 24 [5+] 0
Hits/KSLOC@level+ = [0+] 68.0272 [1+] 16.1565 [2+] 12.7551 [3+] 4.2517 [4+] 4.08163 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.