stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_glamor.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_version.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/compat-api.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_video.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_kms.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_bo_helper.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_probe.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_glamor_wrappers.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_dri2.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_misc.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_video.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_probe.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_present.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_bo_helper.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_dri3.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_drm_queue.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/simple_list.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_drv.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_pixmap.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_dri2.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_glamor.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_pixmap.h
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_sync.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_drm_queue.c
Examining data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.h

FINAL RESULTS:

data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_dri2.c:1301:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *driverNames[2];
data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_dri3.c:52:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(info->dri2.device_name, O_RDWR | O_CLOEXEC);
data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_dri3.c:96:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(pAMDGPUEnt->render_node, O_RDWR | O_CLOEXEC);
data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_glamor_wrappers.c:77:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char pixel[4];
data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_kms.c:1583:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(info->Options, AMDGPUOptions_KMS, sizeof(AMDGPUOptions_KMS));
data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_video.c:141:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newAdaptors, adaptors,
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:70:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s1[20];
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:1169:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(*blob_data, value->data, expected_bytes);
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2394:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tearfree_prop->name, "TearFree");
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2398:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tearfree_prop->enums[0].name, "off");
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2399:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tearfree_prop->enums[1].name, "on");
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2401:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tearfree_prop->enums[2].name, "auto");
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2565:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&atom, value->data, 4);
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2676:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char conn_id[5];
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2694:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(conn_id, blob_data + 4, len);
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2768:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[32];
data/xserver-xorg-video-amdgpu-19.1.0/src/amdgpu_kms.c:2187:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen("_VARIABLE_REFRESH"), TRUE);
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:188:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(kmode->name, mode->name, DRM_DISPLAY_MODE_LEN);
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:1064:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(cm_prop_names[cm_prop_index]),
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2422:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(drmmode_prop->name), TRUE);
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2453:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(drmmode_prop->name), TRUE);
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2458:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    MakeAtom(e->name, strlen(e->name), TRUE);
data/xserver-xorg-video-amdgpu-19.1.0/src/drmmode_display.c:2878:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		output->randr_output = RROutputCreate(xf86ScrnToScreen(pScrn), output->name, strlen(output->name), output);

ANALYSIS SUMMARY:

Hits = 23
Lines analyzed = 13724 in approximately 0.28 seconds (48880 lines/second)
Physical Source Lines of Code (SLOC) = 9919
Hits@level = [0]   8 [1]   7 [2]  16 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  31 [1+]  23 [2+]  16 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 3.12532 [1+] 2.31878 [2+] 1.61307 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.