Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mm-1.4.2/mm.h Examining data/mm-1.4.2/mm_alloc.c Examining data/mm-1.4.2/mm_core.c Examining data/mm-1.4.2/mm_global.c Examining data/mm-1.4.2/mm_lib.c Examining data/mm-1.4.2/mm_test.c Examining data/mm-1.4.2/mm_vers.c FINAL RESULTS: data/mm-1.4.2/mm_core.c:452:20: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (rc == 0 && chmod(mc->mc_fnmem, mode) < 0) data/mm-1.4.2/mm_core.c:454:20: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (rc == 0 && chown(mc->mc_fnmem, owner, group) < 0) data/mm-1.4.2/mm_core.c:458:20: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (rc == 0 && chmod(mc->mc_fnsem, mode) < 0) data/mm-1.4.2/mm_core.c:460:20: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (rc == 0 && chown(mc->mc_fnsem, owner, group) < 0) data/mm-1.4.2/mm_core.c:228:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(filename, MM_CORE_DEFAULT_FILE, (int)getpid()); data/mm-1.4.2/mm_core.c:236:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(shmfilename, "%s.mem", file); data/mm-1.4.2/mm_core.c:240:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(semfilename, "%s.sem", file); data/mm-1.4.2/mm.h:125:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy(to,from,len) bcopy(from,to,len) data/mm-1.4.2/mm.h:125:29: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy(to,from,len) bcopy(from,to,len) data/mm-1.4.2/mm.h:127:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy(to,from,len) \ data/mm-1.4.2/mm.h:291:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mc_fnmem[MM_MAXPATH]; data/mm-1.4.2/mm.h:308:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mc_fnsem[MM_MAXPATH]; data/mm-1.4.2/mm_alloc.c:381:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vp, ptr, mc->mc_usize); data/mm-1.4.2/mm_alloc.c:428:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vp, str, n+1); data/mm-1.4.2/mm_core.c:133:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(mc->mc_fnsem, O_WRONLY, MM_CORE_FILEMODE); data/mm-1.4.2/mm_core.c:213:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shmfilename[MM_MAXPATH]; data/mm-1.4.2/mm_core.c:216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char semfilename[MM_MAXPATH]; data/mm-1.4.2/mm_core.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MM_MAXPATH]; data/mm-1.4.2/mm_core.c:272:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fdmem = open("/dev/zero", O_RDWR, MM_CORE_FILEMODE)) == -1) data/mm-1.4.2/mm_core.c:286:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fdmem = open(fnmem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1) data/mm-1.4.2/mm_core.c:315:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fdsem = open(fnsem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1) data/mm-1.4.2/mm_core.c:325:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fdsem = open(fnsem, O_RDWR|O_CREAT|O_EXCL, MM_CORE_FILEMODE)) == -1) data/mm-1.4.2/mm_core.c:380:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mc->mc_fnmem, fnmem, MM_MAXPATH); data/mm-1.4.2/mm_core.c:383:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mc->mc_fnsem, fnsem, MM_MAXPATH); data/mm-1.4.2/mm_core.c:500:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnmem[MM_MAXPATH]; data/mm-1.4.2/mm_core.c:503:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnsem[MM_MAXPATH]; data/mm-1.4.2/mm_core.c:523:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fnmem, mc->mc_fnmem, MM_MAXPATH); data/mm-1.4.2/mm_core.c:526:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fnsem, mc->mc_fnsem, MM_MAXPATH); data/mm-1.4.2/mm_lib.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mm_lib_error[MM_LIB_ERROR_MAXLEN+1] = { NUL }; data/mm-1.4.2/mm_lib.c:68:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mm_lib_error, "mm:alloc: "); data/mm-1.4.2/mm_lib.c:70:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mm_lib_error, "mm:core: "); data/mm-1.4.2/mm_lib.c:75:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mm_lib_error+l, str, n+1); data/mm-1.4.2/mm_lib.c:79:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mm_lib_error+l, " ("); data/mm-1.4.2/mm_lib.c:86:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mm_lib_error+l, cp, n+1); data/mm-1.4.2/mm_test.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cp[1025]; data/mm-1.4.2/mm_alloc.c:425:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(str); data/mm-1.4.2/mm_lib.c:71:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(mm_lib_error); data/mm-1.4.2/mm_lib.c:72:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(str); data/mm-1.4.2/mm_lib.c:83:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(cp); data/mm-1.4.2/mm_lib.c:89:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mm_lib_error+l, ")"); ANALYSIS SUMMARY: Hits = 40 Lines analyzed = 2128 in approximately 0.07 seconds (30544 lines/second) Physical Source Lines of Code (SLOC) = 1484 Hits@level = [0] 54 [1] 5 [2] 28 [3] 0 [4] 3 [5] 4 Hits@level+ = [0+] 94 [1+] 40 [2+] 35 [3+] 7 [4+] 7 [5+] 4 Hits/KSLOC@level+ = [0+] 63.3423 [1+] 26.9542 [2+] 23.5849 [3+] 4.71698 [4+] 4.71698 [5+] 2.69542 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.