Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/opensbi-0.8/firmware/payloads/test_main.c Examining data/opensbi-0.8/include/sbi/fw_dynamic.h Examining data/opensbi-0.8/include/sbi/riscv_asm.h Examining data/opensbi-0.8/include/sbi/riscv_atomic.h Examining data/opensbi-0.8/include/sbi/riscv_barrier.h Examining data/opensbi-0.8/include/sbi/riscv_encoding.h Examining data/opensbi-0.8/include/sbi/riscv_fp.h Examining data/opensbi-0.8/include/sbi/riscv_io.h Examining data/opensbi-0.8/include/sbi/riscv_locks.h Examining data/opensbi-0.8/include/sbi/sbi_bitmap.h Examining data/opensbi-0.8/include/sbi/sbi_bitops.h Examining data/opensbi-0.8/include/sbi/sbi_console.h Examining data/opensbi-0.8/include/sbi/sbi_const.h Examining data/opensbi-0.8/include/sbi/sbi_csr_detect.h Examining data/opensbi-0.8/include/sbi/sbi_ecall.h Examining data/opensbi-0.8/include/sbi/sbi_ecall_interface.h Examining data/opensbi-0.8/include/sbi/sbi_emulate_csr.h Examining data/opensbi-0.8/include/sbi/sbi_error.h Examining data/opensbi-0.8/include/sbi/sbi_fifo.h Examining data/opensbi-0.8/include/sbi/sbi_hart.h Examining data/opensbi-0.8/include/sbi/sbi_hartmask.h Examining data/opensbi-0.8/include/sbi/sbi_hfence.h Examining data/opensbi-0.8/include/sbi/sbi_hsm.h Examining data/opensbi-0.8/include/sbi/sbi_illegal_insn.h Examining data/opensbi-0.8/include/sbi/sbi_init.h Examining data/opensbi-0.8/include/sbi/sbi_ipi.h Examining data/opensbi-0.8/include/sbi/sbi_list.h Examining data/opensbi-0.8/include/sbi/sbi_math.h Examining data/opensbi-0.8/include/sbi/sbi_misaligned_ldst.h Examining data/opensbi-0.8/include/sbi/sbi_platform.h Examining data/opensbi-0.8/include/sbi/sbi_scratch.h Examining data/opensbi-0.8/include/sbi/sbi_string.h Examining data/opensbi-0.8/include/sbi/sbi_system.h Examining data/opensbi-0.8/include/sbi/sbi_timer.h Examining data/opensbi-0.8/include/sbi/sbi_tlb.h Examining data/opensbi-0.8/include/sbi/sbi_trap.h Examining data/opensbi-0.8/include/sbi/sbi_types.h Examining data/opensbi-0.8/include/sbi/sbi_unpriv.h Examining data/opensbi-0.8/include/sbi/sbi_version.h Examining data/opensbi-0.8/include/sbi_utils/fdt/fdt_fixup.h Examining data/opensbi-0.8/include/sbi_utils/fdt/fdt_helper.h Examining data/opensbi-0.8/include/sbi_utils/ipi/fdt_ipi.h Examining data/opensbi-0.8/include/sbi_utils/irqchip/fdt_irqchip.h Examining data/opensbi-0.8/include/sbi_utils/irqchip/plic.h Examining data/opensbi-0.8/include/sbi_utils/reset/fdt_reset.h Examining data/opensbi-0.8/include/sbi_utils/serial/fdt_serial.h Examining data/opensbi-0.8/include/sbi_utils/serial/shakti-uart.h Examining data/opensbi-0.8/include/sbi_utils/serial/sifive-uart.h Examining data/opensbi-0.8/include/sbi_utils/serial/uart8250.h Examining data/opensbi-0.8/include/sbi_utils/sys/clint.h Examining data/opensbi-0.8/include/sbi_utils/sys/htif.h Examining data/opensbi-0.8/include/sbi_utils/sys/sifive_test.h Examining data/opensbi-0.8/include/sbi_utils/timer/fdt_timer.h Examining data/opensbi-0.8/lib/sbi/riscv_asm.c Examining data/opensbi-0.8/lib/sbi/riscv_atomic.c Examining data/opensbi-0.8/lib/sbi/riscv_locks.c Examining data/opensbi-0.8/lib/sbi/sbi_bitmap.c Examining data/opensbi-0.8/lib/sbi/sbi_bitops.c Examining data/opensbi-0.8/lib/sbi/sbi_console.c Examining data/opensbi-0.8/lib/sbi/sbi_ecall.c Examining data/opensbi-0.8/lib/sbi/sbi_ecall_base.c Examining data/opensbi-0.8/lib/sbi/sbi_ecall_hsm.c Examining data/opensbi-0.8/lib/sbi/sbi_ecall_legacy.c Examining data/opensbi-0.8/lib/sbi/sbi_ecall_replace.c Examining data/opensbi-0.8/lib/sbi/sbi_ecall_vendor.c Examining data/opensbi-0.8/lib/sbi/sbi_emulate_csr.c Examining data/opensbi-0.8/lib/sbi/sbi_fifo.c Examining data/opensbi-0.8/lib/sbi/sbi_hart.c Examining data/opensbi-0.8/lib/sbi/sbi_hsm.c Examining data/opensbi-0.8/lib/sbi/sbi_illegal_insn.c Examining data/opensbi-0.8/lib/sbi/sbi_init.c Examining data/opensbi-0.8/lib/sbi/sbi_ipi.c Examining data/opensbi-0.8/lib/sbi/sbi_math.c Examining data/opensbi-0.8/lib/sbi/sbi_misaligned_ldst.c Examining data/opensbi-0.8/lib/sbi/sbi_platform.c Examining data/opensbi-0.8/lib/sbi/sbi_scratch.c Examining data/opensbi-0.8/lib/sbi/sbi_string.c Examining data/opensbi-0.8/lib/sbi/sbi_system.c Examining data/opensbi-0.8/lib/sbi/sbi_timer.c Examining data/opensbi-0.8/lib/sbi/sbi_tlb.c Examining data/opensbi-0.8/lib/sbi/sbi_trap.c Examining data/opensbi-0.8/lib/sbi/sbi_unpriv.c Examining data/opensbi-0.8/lib/utils/fdt/fdt_fixup.c Examining data/opensbi-0.8/lib/utils/fdt/fdt_helper.c Examining data/opensbi-0.8/lib/utils/ipi/fdt_ipi.c Examining data/opensbi-0.8/lib/utils/ipi/fdt_ipi_clint.c Examining data/opensbi-0.8/lib/utils/irqchip/fdt_irqchip.c Examining data/opensbi-0.8/lib/utils/irqchip/fdt_irqchip_plic.c Examining data/opensbi-0.8/lib/utils/irqchip/plic.c Examining data/opensbi-0.8/lib/utils/libfdt/fdt.c Examining data/opensbi-0.8/lib/utils/libfdt/fdt.h Examining data/opensbi-0.8/lib/utils/libfdt/fdt_addresses.c Examining data/opensbi-0.8/lib/utils/libfdt/fdt_empty_tree.c Examining data/opensbi-0.8/lib/utils/libfdt/fdt_overlay.c Examining data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c Examining data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c Examining data/opensbi-0.8/lib/utils/libfdt/fdt_strerror.c Examining data/opensbi-0.8/lib/utils/libfdt/fdt_sw.c Examining data/opensbi-0.8/lib/utils/libfdt/fdt_wip.c Examining data/opensbi-0.8/lib/utils/libfdt/libfdt.h Examining data/opensbi-0.8/lib/utils/libfdt/libfdt_env.h Examining data/opensbi-0.8/lib/utils/libfdt/libfdt_internal.h Examining data/opensbi-0.8/lib/utils/reset/fdt_reset.c Examining data/opensbi-0.8/lib/utils/reset/fdt_reset_htif.c Examining data/opensbi-0.8/lib/utils/reset/fdt_reset_sifive.c Examining data/opensbi-0.8/lib/utils/serial/fdt_serial.c Examining data/opensbi-0.8/lib/utils/serial/fdt_serial_htif.c Examining data/opensbi-0.8/lib/utils/serial/fdt_serial_shakti.c Examining data/opensbi-0.8/lib/utils/serial/fdt_serial_sifive.c Examining data/opensbi-0.8/lib/utils/serial/fdt_serial_uart8250.c Examining data/opensbi-0.8/lib/utils/serial/shakti-uart.c Examining data/opensbi-0.8/lib/utils/serial/sifive-uart.c Examining data/opensbi-0.8/lib/utils/serial/uart8250.c Examining data/opensbi-0.8/lib/utils/sys/clint.c Examining data/opensbi-0.8/lib/utils/sys/htif.c Examining data/opensbi-0.8/lib/utils/sys/sifive_test.c Examining data/opensbi-0.8/lib/utils/timer/fdt_timer.c Examining data/opensbi-0.8/lib/utils/timer/fdt_timer_clint.c Examining data/opensbi-0.8/platform/andes/ae350/cache.c Examining data/opensbi-0.8/platform/andes/ae350/cache.h Examining data/opensbi-0.8/platform/andes/ae350/platform.c Examining data/opensbi-0.8/platform/andes/ae350/platform.h Examining data/opensbi-0.8/platform/andes/ae350/plicsw.c Examining data/opensbi-0.8/platform/andes/ae350/plicsw.h Examining data/opensbi-0.8/platform/andes/ae350/plmt.c Examining data/opensbi-0.8/platform/andes/ae350/plmt.h Examining data/opensbi-0.8/platform/fpga/ariane/platform.c Examining data/opensbi-0.8/platform/fpga/openpiton/platform.c Examining data/opensbi-0.8/platform/generic/include/platform_override.h Examining data/opensbi-0.8/platform/generic/platform.c Examining data/opensbi-0.8/platform/generic/sifive_fu540.c Examining data/opensbi-0.8/platform/kendryte/k210/platform.c Examining data/opensbi-0.8/platform/kendryte/k210/platform.h Examining data/opensbi-0.8/platform/nuclei/ux600/platform.c Examining data/opensbi-0.8/platform/sifive/fu540/platform.c Examining data/opensbi-0.8/platform/template/platform.c Examining data/opensbi-0.8/platform/thead/c910/platform.c Examining data/opensbi-0.8/platform/thead/c910/platform.h FINAL RESULTS: data/opensbi-0.8/include/sbi/sbi_console.h:15:46: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define __printf(a, b) __attribute__((format(printf, a, b))) data/opensbi-0.8/lib/utils/libfdt/libfdt_env.h:33:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define strcpy sbi_strcpy data/opensbi-0.8/include/sbi/sbi_ipi.h:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/opensbi-0.8/include/sbi/sbi_platform.h:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/opensbi-0.8/lib/sbi/sbi_console.c:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char print_buf[PRINT_BUF_LEN]; data/opensbi-0.8/lib/sbi/sbi_console.c:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scr[2]; data/opensbi-0.8/lib/sbi/sbi_init.c:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[128]; data/opensbi-0.8/lib/utils/fdt/fdt_fixup.c:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/opensbi-0.8/lib/utils/libfdt/fdt.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[0]; data/opensbi-0.8/lib/utils/libfdt/fdt.h:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[0]; data/opensbi-0.8/lib/utils/libfdt/fdt_overlay.c:816:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, target_path, len + 1); data/opensbi-0.8/lib/utils/libfdt/fdt_overlay.c:822:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + len + 1, rel_path, rel_path_len); data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c:547:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + p, name, namelen); data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:137:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, s, len); data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:239:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(namep, name, newlen+1); data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:272:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prop_data, val, len); data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:293:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prop->data + oldlen, val, len); data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:298:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prop->data, val, len); data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:352:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nh->name, name, namelen); data/opensbi-0.8/lib/utils/libfdt/fdt_sw.c:224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nh->name, name, namelen); data/opensbi-0.8/lib/utils/libfdt/fdt_sw.c:254:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strtab + offset, s, len); data/opensbi-0.8/lib/utils/libfdt/fdt_sw.c:325:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, val, len); data/opensbi-0.8/lib/utils/libfdt/fdt_wip.c:29:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)propval + idx, val, len); data/opensbi-0.8/lib/utils/libfdt/libfdt_env.h:27:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy sbi_memcpy data/opensbi-0.8/include/sbi_utils/serial/fdt_serial.h:19:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*getc)(void); data/opensbi-0.8/lib/utils/libfdt/fdt.c:272:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s) + 1; data/opensbi-0.8/lib/utils/libfdt/fdt_overlay.c:272:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name), data/opensbi-0.8/lib/utils/libfdt/fdt_overlay.c:793:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(target_path); data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c:233:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fdt_subnode_offset_namelen(fdt, parentoffset, name, strlen(name)); data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c:283:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fdt_path_offset_namelen(fdt, path, strlen(path)); data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c:314:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(nameptr); data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c:432:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name), lenp); data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c:484:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fdt_getprop_namelen(fdt, nodeoffset, name, strlen(name), lenp); data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c:518:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fdt_get_alias_namelen(fdt, name, strlen(name)); data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c:684:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/opensbi-0.8/lib/utils/libfdt/fdt_ro.c:734:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(string) + 1; data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:97:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newlen = strlen(s) + 1; data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:120:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s) + 1; data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:232:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newlen = strlen(name); data/opensbi-0.8/lib/utils/libfdt/fdt_rw.c:361:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fdt_add_subnode_namelen(fdt, parentoffset, name, strlen(name)); data/opensbi-0.8/lib/utils/libfdt/fdt_sw.c:218:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(name) + 1; data/opensbi-0.8/lib/utils/libfdt/fdt_sw.c:246:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s) + 1; data/opensbi-0.8/lib/utils/libfdt/fdt_sw.c:263:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s) + 1; data/opensbi-0.8/lib/utils/libfdt/fdt_wip.c:47:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name), 0, data/opensbi-0.8/lib/utils/libfdt/libfdt.h:1469:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fdt_property(fdt, name, str, strlen(str)+1) data/opensbi-0.8/lib/utils/libfdt/libfdt.h:1727:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fdt_setprop((fdt), (nodeoffset), (name), (str), strlen(str)+1) data/opensbi-0.8/lib/utils/libfdt/libfdt.h:1898:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fdt_appendprop((fdt), (nodeoffset), (name), (str), strlen(str)+1) data/opensbi-0.8/lib/utils/libfdt/libfdt_env.h:35:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define strlen sbi_strlen data/opensbi-0.8/lib/utils/serial/fdt_serial.c:52:25: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return current_driver->getc(); ANALYSIS SUMMARY: Hits = 49 Lines analyzed = 20321 in approximately 0.48 seconds (42415 lines/second) Physical Source Lines of Code (SLOC) = 12689 Hits@level = [0] 0 [1] 25 [2] 22 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 49 [1+] 49 [2+] 24 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 3.86161 [1+] 3.86161 [2+] 1.8914 [3+] 0.157617 [4+] 0.157617 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.