Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/vmfs-tools-0.2.5/imager/imager.c Examining data/vmfs-tools-0.2.5/libreadcmd/readcmd.c Examining data/vmfs-tools-0.2.5/libreadcmd/readcmd.h Examining data/vmfs-tools-0.2.5/debugvmfs/variables.c Examining data/vmfs-tools-0.2.5/debugvmfs/debugvmfs.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_block.c Examining data/vmfs-tools-0.2.5/libvmfs/utils.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_bitmap.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_fs.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_metadata.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_host.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_volume.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_file.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_host.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_metadata.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_bitmap.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_heartbeat.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_heartbeat.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_inode.h Examining data/vmfs-tools-0.2.5/libvmfs/scsi.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_lvm.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_inode.c Examining data/vmfs-tools-0.2.5/libvmfs/scsi.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_dirent.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_file.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_device.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_block.h Examining data/vmfs-tools-0.2.5/libvmfs/utils.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_fs.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_volume.h Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_dirent.c Examining data/vmfs-tools-0.2.5/libvmfs/vmfs_lvm.h Examining data/vmfs-tools-0.2.5/vmfs-fuse/vmfs-fuse.c Examining data/vmfs-tools-0.2.5/vmfs-lvm/vmfs-lvm.c Examining data/vmfs-tools-0.2.5/fsck.vmfs/vmfs_fsck.c FINAL RESULTS: data/vmfs-tools-0.2.5/debugvmfs/debugvmfs.c:556:7: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl("/bin/sh", "/bin/sh", "-c", cmd, NULL); data/vmfs-tools-0.2.5/debugvmfs/variables.c:428:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%.2f%s", (float) size / (1L << scale), units[scale / 10]); data/vmfs-tools-0.2.5/debugvmfs/variables.c:430:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%"PRIu64"%s", size >> scale, units[scale / 10]); data/vmfs-tools-0.2.5/debugvmfs/variables.c:440:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "%" PRIu32, *((uint32_t *)value)); data/vmfs-tools-0.2.5/debugvmfs/variables.c:443:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "%" PRIu64, *((uint64_t *)value)); data/vmfs-tools-0.2.5/debugvmfs/variables.c:454:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "0x%" PRIx32, *((uint32_t *)value)); data/vmfs-tools-0.2.5/debugvmfs/variables.c:457:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "0x%" PRIx64, *((uint64_t *)value)); data/vmfs-tools-0.2.5/debugvmfs/variables.c:621:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, (i == 7) ? "%02x " : "%02x ", data[i]); data/vmfs-tools-0.2.5/debugvmfs/variables.c:627:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, (i == 7) ? " " : " "); data/vmfs-tools-0.2.5/debugvmfs/variables.c:630:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, " |%s|\n", b); data/vmfs-tools-0.2.5/debugvmfs/variables.c:731:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s.entry[%d].item[%d]", bitmaps[info->type - 1], data/vmfs-tools-0.2.5/debugvmfs/variables.c:892:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(format, "%%%ds: %%s\n", longest_member_desc(m->subvar)); data/vmfs-tools-0.2.5/debugvmfs/variables.c:897:16: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(format, v->description, str); data/vmfs-tools-0.2.5/imager/imager.c:57:4: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/vmfs-tools-0.2.5/debugvmfs/debugvmfs.c:84:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024], *arg; data/vmfs-tools-0.2.5/debugvmfs/debugvmfs.c:192:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(input = fopen(argv[0],"r"))) { data/vmfs-tools-0.2.5/debugvmfs/debugvmfs.c:617:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). } else if ((fd = open(cmdline->redir,O_CREAT|O_WRONLY| data/vmfs-tools-0.2.5/debugvmfs/variables.c:238:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void *result = &((char *) value)[member->offset]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:423:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:437:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:451:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:489:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:510:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:511:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "0x%x", lock); data/vmfs-tools-0.2.5/debugvmfs/variables.c:523:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:524:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", vmfs_bitmap_allocated_items((vmfs_bitmap_t *)value)); data/vmfs-tools-0.2.5/debugvmfs/variables.c:530:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:531:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", ((vmfs_bitmap_t *)value)->bmh.total_items - data/vmfs-tools-0.2.5/debugvmfs/variables.c:618:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%08x ", offset); data/vmfs-tools-0.2.5/debugvmfs/variables.c:689:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b, "0x%08x%c", read_le32(data, i * sizeof(uint32_t)), data/vmfs-tools-0.2.5/debugvmfs/variables.c:711:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ref, value, sizeof(struct vmfs_bitmap_item_ref)); data/vmfs-tools-0.2.5/debugvmfs/variables.c:729:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:738:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:742:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (sprintf(buf, "0x%x (", info->flags) <= 0) data/vmfs-tools-0.2.5/debugvmfs/variables.c:747:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "tbz"); data/vmfs-tools-0.2.5/debugvmfs/variables.c:753:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, ", "); data/vmfs-tools-0.2.5/debugvmfs/variables.c:754:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "unknown"); data/vmfs-tools-0.2.5/debugvmfs/variables.c:759:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "none"); data/vmfs-tools-0.2.5/debugvmfs/variables.c:816:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%04o (", mode); data/vmfs-tools-0.2.5/debugvmfs/variables.c:834:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b, "0x%08x%c", inode->blocks[i], (i + 1) % 4 ? ' ' : '\n'); data/vmfs-tools-0.2.5/debugvmfs/variables.c:890:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[16]; data/vmfs-tools-0.2.5/fsck.vmfs/vmfs_fsck.c:265:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&map->inode,inode,sizeof(*inode)); data/vmfs-tools-0.2.5/fsck.vmfs/vmfs_fsck.c:469:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/vmfs-tools-0.2.5/imager/imager.c:412:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(arg, O_RDONLY); data/vmfs-tools-0.2.5/libvmfs/utils.c:47:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, data/vmfs-tools-0.2.5/libvmfs/utils.h:119:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid,buf+offset,sizeof(uuid_t)); data/vmfs-tools-0.2.5/libvmfs/utils.h:125:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+offset,uuid,sizeof(uuid_t)); data/vmfs-tools-0.2.5/libvmfs/utils.h:190:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, s, n); data/vmfs-tools-0.2.5/libvmfs/vmfs_bitmap.c:67:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bme->bitmap,&buf[VMFS_BME_OFS_BITMAP],(bme->total+7)/8); data/vmfs-tools-0.2.5/libvmfs/vmfs_bitmap.c:81:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[VMFS_BME_OFS_BITMAP],bme->bitmap,(bme->total+7)/8); data/vmfs-tools-0.2.5/libvmfs/vmfs_block.c:266:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,tmpbuf+offset,clen); data/vmfs-tools-0.2.5/libvmfs/vmfs_block.c:296:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpbuf+offset,buf,clen); data/vmfs-tools-0.2.5/libvmfs/vmfs_block.c:343:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,tmpbuf+(offset-n_offset),clen); data/vmfs-tools-0.2.5/libvmfs/vmfs_block.c:390:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpbuf+(offset-n_offset),buf,clen); data/vmfs-tools-0.2.5/libvmfs/vmfs_dirent.c:34:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->name,buf+VMFS_DIRENT_OFS_NAME,VMFS_DIRENT_OFS_NAME_SIZE); data/vmfs-tools-0.2.5/libvmfs/vmfs_dirent.c:45:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+VMFS_DIRENT_OFS_NAME,entry->name,VMFS_DIRENT_OFS_NAME_SIZE); data/vmfs-tools-0.2.5/libvmfs/vmfs_dirent.h:30:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/vmfs-tools-0.2.5/libvmfs/vmfs_dirent.h:44:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[129]; data/vmfs-tools-0.2.5/libvmfs/vmfs_file.c:187:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, f->inode->content + pos, exp_len); data/vmfs-tools-0.2.5/libvmfs/vmfs_fs.h:33:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[128]; data/vmfs-tools-0.2.5/libvmfs/vmfs_heartbeat.c:58:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_str[M_UUID_BUFLEN]; data/vmfs-tools-0.2.5/libvmfs/vmfs_host.c:45:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_str[M_UUID_BUFLEN]; data/vmfs-tools-0.2.5/libvmfs/vmfs_inode.c:74:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inode->content, buf + VMFS_INODE_OFS_CONTENT, inode->size); data/vmfs-tools-0.2.5/libvmfs/vmfs_inode.h:52:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char content[VMFS_INODE_BLK_COUNT * sizeof(uint32_t)]; data/vmfs-tools-0.2.5/libvmfs/vmfs_inode.h:102:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char content[VMFS_INODE_BLK_COUNT * sizeof(uint32_t)]; data/vmfs-tools-0.2.5/libvmfs/vmfs_volume.c:131:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr1[M_UUID_BUFLEN], uuidstr2[M_UUID_BUFLEN]; data/vmfs-tools-0.2.5/libvmfs/vmfs_volume.c:133:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuidstr1,buf+VMFS_LVMINFO_OFS_UUID_STR,M_UUID_BUFLEN-1); data/vmfs-tools-0.2.5/libvmfs/vmfs_volume.c:175:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((vol->fd = open(vol->device,file_flags)) < 0) { data/vmfs-tools-0.2.5/libvmfs/vmfs_volume.h:33:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[28]; data/vmfs-tools-0.2.5/libvmfs/vmfs_volume.h:62:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_str[35]; data/vmfs-tools-0.2.5/vmfs-fuse/vmfs-fuse.c:235:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[size]; data/vmfs-tools-0.2.5/vmfs-fuse/vmfs-fuse.c:366:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[size]; data/vmfs-tools-0.2.5/vmfs-fuse/vmfs-fuse.c:440:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *paths[VMFS_LVM_MAX_EXTENTS + 1]; data/vmfs-tools-0.2.5/debugvmfs/variables.c:304:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(index, name + 1, len); data/vmfs-tools-0.2.5/debugvmfs/variables.c:354:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(index, name + len + 1, len2 - len); data/vmfs-tools-0.2.5/debugvmfs/variables.c:548:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curlen = strlen(members->description); data/vmfs-tools-0.2.5/debugvmfs/variables.c:761:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ")"); data/vmfs-tools-0.2.5/imager/imager.c:74:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(0, buf, count * sz - hlen); data/vmfs-tools-0.2.5/libreadcmd/readcmd.c:52:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf2); data/vmfs-tools-0.2.5/libreadcmd/readcmd.c:89:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=strlen(buf)-1;(i>=0)&&(buf[i]==' ');buf[i--]=0); data/vmfs-tools-0.2.5/libvmfs/utils.c:144:16: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. if (!(buf = memalign(M_DIO_BLK_SIZE,buf_len))) data/vmfs-tools-0.2.5/libvmfs/vmfs_device.h:23:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t (*read)(const vmfs_device_t *dev, off_t pos, data/vmfs-tools-0.2.5/libvmfs/vmfs_device.h:36:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return dev->read(dev, pos, buf, len); data/vmfs-tools-0.2.5/libvmfs/vmfs_dirent.c:297:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry.name,name,VMFS_DIRENT_OFS_NAME_SIZE); ANALYSIS SUMMARY: Hits = 84 Lines analyzed = 9353 in approximately 0.23 seconds (39887 lines/second) Physical Source Lines of Code (SLOC) = 6487 Hits@level = [0] 175 [1] 11 [2] 59 [3] 0 [4] 14 [5] 0 Hits@level+ = [0+] 259 [1+] 84 [2+] 73 [3+] 14 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 39.926 [1+] 12.949 [2+] 11.2533 [3+] 2.15816 [4+] 2.15816 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.