Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rio-1.07/binary.h
Examining data/rio-1.07/iopl32.h
Examining data/rio-1.07/rio.h
Examining data/rio-1.07/rioioctl.h
Examining data/rio-1.07/std.h
Examining data/rio-1.07/app.cpp
Examining data/rio-1.07/rio.cpp
FINAL RESULTS:
data/rio-1.07/app.cpp:18:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define INFOSTR printf
data/rio-1.07/rio.cpp:323:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf( m_szError, pszFormat, ArgPtr );
data/rio-1.07/app.cpp:574:28: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
pszFilePlaylistTemp = tmpnam( NULL );
data/rio-1.07/app.cpp:102:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuf[ 64 ];
data/rio-1.07/app.cpp:107:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( szBuf, "INVALID DATE/TIME" );
data/rio-1.07/app.cpp:110:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(
data/rio-1.07/app.cpp:144:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fpFile = fopen( pszPathFile, "rb" );
data/rio-1.07/app.cpp:342:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fpFile = fopen( pszFile, "r" );
data/rio-1.07/app.cpp:444:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auiPosNew[ uiPosNew++ ] = atoi( pszEntry ) - 1;
data/rio-1.07/app.cpp:551:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iPosDumpDirectory = atoi( paszArg[iA] );
data/rio-1.07/app.cpp:553:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iSizeDumpDirectory = atoi( paszArg[iA] );
data/rio-1.07/app.cpp:578:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fpFile = fopen( pszFilePlaylistTemp, "a" );
data/rio-1.07/app.cpp:640:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lTimeIODelayInit = atol( paszArg[iA] );
data/rio-1.07/app.cpp:648:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lTimeIODelayTx = atol( paszArg[iA] );
data/rio-1.07/app.cpp:656:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lTimeIODelayRx = atol( paszArg[iA] );
data/rio-1.07/rio.cpp:259:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( open("/dev/io", O_RDONLY) == -1 )
data/rio-1.07/rio.cpp:1045:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/rio-1.07/rio.cpp:1100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( paDirEntryNew, paDirEntry, CRIO_MAX_DIRENTRY * sizeof(CDirEntry) );
data/rio-1.07/rio.cpp:1117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &paDirEntryNew[uiPosNew], &paDirEntry[uiPosOld], sizeof(CDirEntry) );
data/rio-1.07/rio.cpp:1121:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( paDirEntry, paDirEntryNew, CRIO_MAX_DIRENTRY * sizeof(CDirEntry) );
data/rio-1.07/rio.cpp:1144:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( paucBlock, &m_cDirBlock, sizeof(m_cDirBlock) );
data/rio-1.07/rio.cpp:1208:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fpFile = fopen( pszPathFile, "rb" );
data/rio-1.07/rio.cpp:1388:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fpFile = fopen( pszPathFile, "wb" );
data/rio-1.07/rio.h:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_acNotUsed2[ 2 ];
data/rio-1.07/rio.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_acNotUsed3[ 512 - 22 ];
data/rio-1.07/rio.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_acNotUsed[ 5 ];
data/rio-1.07/rio.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_acNotUsed3[ 5 ];
data/rio-1.07/rio.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_szName[ 128 - 28 ];
data/rio-1.07/rio.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_szError[ 128 ];
data/rio-1.07/app.cpp:362:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLength = strlen( pszBuf );
data/rio-1.07/app.cpp:407:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLength = strlen( pszBuf );
data/rio-1.07/rio.cpp:204:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iLength = strlen( pszPathFile );
data/rio-1.07/rio.cpp:1284:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( cDirEntry.m_szName, GetFile(pszPathFile), sizeof(cDirEntry.m_szName) );
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 2853 in approximately 0.06 seconds (45792 lines/second)
Physical Source Lines of Code (SLOC) = 2117
Hits@level = [0] 4 [1] 4 [2] 26 [3] 1 [4] 2 [5] 0
Hits@level+ = [0+] 37 [1+] 33 [2+] 29 [3+] 3 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 17.4776 [1+] 15.5881 [2+] 13.6986 [3+] 1.4171 [4+] 0.944733 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.