Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/powercap-0.3.1/inc/powercap-rapl-sysfs.h
Examining data/powercap-0.3.1/inc/powercap-rapl.h
Examining data/powercap-0.3.1/inc/powercap-sysfs.h
Examining data/powercap-0.3.1/inc/powercap.h
Examining data/powercap-0.3.1/src/powercap-common.c
Examining data/powercap-0.3.1/src/powercap-common.h
Examining data/powercap-0.3.1/src/powercap-rapl-sysfs.c
Examining data/powercap-0.3.1/src/powercap-rapl.c
Examining data/powercap-0.3.1/src/powercap-sysfs.c
Examining data/powercap-0.3.1/src/powercap.c
Examining data/powercap-0.3.1/test/powercap-common-test.c
Examining data/powercap-0.3.1/test/powercap-rapl-test.c
Examining data/powercap-0.3.1/test/powercap-sysfs-test.c
Examining data/powercap-0.3.1/test/powercap-test.c
Examining data/powercap-0.3.1/utils/powercap-info.c
Examining data/powercap-0.3.1/utils/powercap-set.c
Examining data/powercap-0.3.1/utils/rapl-info.c
Examining data/powercap-0.3.1/utils/rapl-set.c
Examining data/powercap-0.3.1/utils/util-common.c
Examining data/powercap-0.3.1/utils/util-common.h
FINAL RESULTS:
data/powercap-0.3.1/src/powercap-common.c:104:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%"PRIu64, val);
data/powercap-0.3.1/src/powercap-common.c:121:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ((tot = snprintf(buf, size, POWERCAP_PATH"/%s/", control_type)) < 0) {
data/powercap-0.3.1/src/powercap-common.h:46:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(TO_FILE((severity)), __VA_ARGS__); \
data/powercap-0.3.1/utils/powercap-info.c:22:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("Zone %"PRIu32, zones[0]);
data/powercap-0.3.1/utils/powercap-info.c:24:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(":%"PRIu32, zones[j]);
data/powercap-0.3.1/utils/util-common.c:96:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(INDENT);
data/powercap-0.3.1/utils/powercap-info.c:236:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, short_options, long_options, NULL);
data/powercap-0.3.1/utils/powercap-set.c:80:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, short_options, long_options, NULL);
data/powercap-0.3.1/utils/rapl-info.c:210:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, short_options, long_options, NULL);
data/powercap-0.3.1/utils/rapl-set.c:71:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, short_options, long_options, NULL);
data/powercap-0.3.1/src/powercap-common.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_U64_SIZE];
data/powercap-0.3.1/src/powercap-common.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_U64_SIZE];
data/powercap-0.3.1/src/powercap-common.c:223:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(path, flags);
data/powercap-0.3.1/src/powercap-common.c:239:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(path, flags);
data/powercap-0.3.1/src/powercap-common.c:255:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(path, flags);
data/powercap-0.3.1/src/powercap-rapl.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_SIZE];
data/powercap-0.3.1/src/powercap-rapl.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX] = { 0 };
data/powercap-0.3.1/src/powercap-rapl.c:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_SIZE];
data/powercap-0.3.1/src/powercap-sysfs.c:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/src/powercap-sysfs.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/powercap-0.3.1/test/powercap-common-test.c:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = { 0 };
data/powercap-0.3.1/test/powercap-common-test.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = { 0 };
data/powercap-0.3.1/test/powercap-common-test.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = { 0 };
data/powercap-0.3.1/test/powercap-common-test.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = { 0 };
data/powercap-0.3.1/test/powercap-common-test.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = { 0 };
data/powercap-0.3.1/test/powercap-common-test.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = { 0 };
data/powercap-0.3.1/test/powercap-common-test.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX] = { 0 };
data/powercap-0.3.1/test/powercap-rapl-test.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/powercap-0.3.1/test/powercap-rapl-test.c:296:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ro = !atoi(argv[1]);
data/powercap-0.3.1/test/powercap-sysfs-test.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_too_big[PATH_MAX + 1];
data/powercap-0.3.1/test/powercap-sysfs-test.c:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/powercap-0.3.1/test/powercap-sysfs-test.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/powercap-0.3.1/test/powercap-test.c:15:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/powercap-0.3.1/test/powercap-test.c:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/powercap-0.3.1/test/powercap-test.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/powercap-0.3.1/utils/powercap-info.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_SIZE];
data/powercap-0.3.1/utils/powercap-info.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_SIZE];
data/powercap-0.3.1/utils/powercap-info.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_SIZE];
data/powercap-0.3.1/utils/rapl-info.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_SIZE];
data/powercap-0.3.1/utils/rapl-info.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_SIZE];
data/powercap-0.3.1/utils/rapl-info.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_SIZE];
data/powercap-0.3.1/src/powercap-sysfs.c:26:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return control_type && strlen(control_type) && strcspn(control_type, "./") == strlen(control_type);
data/powercap-0.3.1/src/powercap-sysfs.c:26:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return control_type && strlen(control_type) && strcspn(control_type, "./") == strlen(control_type);
data/powercap-0.3.1/utils/util-common.c:27:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (optarg == end || errno == ERANGE || end != optarg + strlen(optarg)) {
data/powercap-0.3.1/utils/util-common.c:126:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return control_type && strlen(control_type) && strcspn(control_type, "./") == strlen(control_type);
data/powercap-0.3.1/utils/util-common.c:126:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return control_type && strlen(control_type) && strcspn(control_type, "./") == strlen(control_type);
data/powercap-0.3.1/utils/util-common.c:133:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (optarg && (len = strlen(optarg)) && optarg[len - 1] == ':') {
ANALYSIS SUMMARY:
Hits = 56
Lines analyzed = 4985 in approximately 0.17 seconds (28908 lines/second)
Physical Source Lines of Code (SLOC) = 3470
Hits@level = [0] 241 [1] 6 [2] 40 [3] 4 [4] 6 [5] 0
Hits@level+ = [0+] 297 [1+] 56 [2+] 50 [3+] 10 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 85.5908 [1+] 16.1383 [2+] 14.4092 [3+] 2.88184 [4+] 1.72911 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.