Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/sigrok-firmware-fx2lafw-0.1.7/gpif-acquisition.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lafw.c Examining data/sigrok-firmware-fx2lafw-0.1.7/include/gpif-acquisition.h Examining data/sigrok-firmware-fx2lafw-0.1.7/include/command.h Examining data/sigrok-firmware-fx2lafw-0.1.7/include/fx2lafw.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/eputils.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/serial.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/delay.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/i2c.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/gpif.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/setupdat.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep6pf_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/usbreset_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep6_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep8isoerr_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep2pf_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep8ef_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep2_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep1ping_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/sof_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep0ack_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep2ping_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/sudav_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep1in_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep4isoerr_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep6ping_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep4ff_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep6isoerr_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/gpifwf_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep8ping_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep2isoerr_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep6ef_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/errlimit_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ibn_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep2ff_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep6ff_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep1out_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep0in_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep8pf_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep0out_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/hispeed_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep4ping_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/spare_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep8_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep4_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep4ef_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/gpifdone_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/suspend_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep2ef_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/sutok_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep4pf_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep0ping_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/interrupts/ep8ff_isr.c Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/fx2ints.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/gpif.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/eputils.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/delay.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/fx2regs.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/serial.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/fx2macros.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/fx2types.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/autovector.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/lights.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/setupdat.h Examining data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/i2c.h Examining data/sigrok-firmware-fx2lafw-0.1.7/hw/yixingdianzi-mdso/fw.c Examining data/sigrok-firmware-fx2lafw-0.1.7/hw/hantek-6022be/fw.c Examining data/sigrok-firmware-fx2lafw-0.1.7/hw/sainsmart-dds120/fw.c Examining data/sigrok-firmware-fx2lafw-0.1.7/hw/hantek-6022bl/fw.c FINAL RESULTS: data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/eputils.c:28:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/i2c.c:29:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define i2c_printf(...) printf(__VA_ARGS__) data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/setupdat.c:23:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/include/serial.h:54:6: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char getchar(); data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/eputils.c:34:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read < len) { data/sigrok-firmware-fx2lafw-0.1.7/fx2lib/lib/serial.c:71:6: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char getchar() { ANALYSIS SUMMARY: Hits = 6 Lines analyzed = 5071 in approximately 0.17 seconds (29923 lines/second) Physical Source Lines of Code (SLOC) = 2135 Hits@level = [0] 14 [1] 3 [2] 0 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 20 [1+] 6 [2+] 3 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 9.36768 [1+] 2.8103 [2+] 1.40515 [3+] 1.40515 [4+] 1.40515 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.