Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/acpitool-0.5.1/src/toshiba.cpp
Examining data/acpitool-0.5.1/src/asus.h
Examining data/acpitool-0.5.1/src/cpu.h
Examining data/acpitool-0.5.1/src/battery.h
Examining data/acpitool-0.5.1/src/freq.h
Examining data/acpitool-0.5.1/src/thinkpad.cpp
Examining data/acpitool-0.5.1/src/ac_adapter.h
Examining data/acpitool-0.5.1/src/asus.cpp
Examining data/acpitool-0.5.1/src/freq.cpp
Examining data/acpitool-0.5.1/src/thinkpad.h
Examining data/acpitool-0.5.1/src/cpu.cpp
Examining data/acpitool-0.5.1/src/main.cpp
Examining data/acpitool-0.5.1/src/toshiba.h
Examining data/acpitool-0.5.1/src/acpitool.h
Examining data/acpitool-0.5.1/src/battery.cpp
Examining data/acpitool-0.5.1/src/ac_adapter.cpp
Examining data/acpitool-0.5.1/src/acpitool.cpp
FINAL RESULTS:
data/acpitool-0.5.1/src/ac_adapter.cpp:71:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[ac_count], "/proc/acpi/ac_adapter/%s/state", name);
data/acpitool-0.5.1/src/ac_adapter.cpp:108:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[ac_count], "/proc/acpi/ac_adapter/%s/state", name);
data/acpitool-0.5.1/src/ac_adapter.cpp:176:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "/sys/class/power_supply/%s/type", name);
data/acpitool-0.5.1/src/ac_adapter.cpp:183:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(temp_fp, "%s", str);
data/acpitool-0.5.1/src/ac_adapter.cpp:189:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[findex], "/sys/class/power_supply/%s/uevent", name);
data/acpitool-0.5.1/src/ac_adapter.cpp:226:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(str, "%*[^=] %*c %s %[^\n]",temp);
data/acpitool-0.5.1/src/acpitool.cpp:162:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c, str);
data/acpitool-0.5.1/src/acpitool.cpp:374:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[fan_count], "/proc/acpi/fan/%s/state", name);
data/acpitool-0.5.1/src/battery.cpp:385:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[findex], "/proc/acpi/battery/%s/info", name);
data/acpitool-0.5.1/src/battery.cpp:389:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[findex], "/proc/acpi/battery/%s/state", name);
data/acpitool-0.5.1/src/battery.cpp:567:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "/sys/class/power_supply/%s/type", name);
data/acpitool-0.5.1/src/battery.cpp:575:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(temp_fp, "%s", str);
data/acpitool-0.5.1/src/battery.cpp:582:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[findex], "/sys/class/power_supply/%s/uevent", name);
data/acpitool-0.5.1/src/battery.cpp:658:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(str, "%*[^=] %*c %s %*[^\n]",temp);
data/acpitool-0.5.1/src/battery.cpp:817:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[findex], "/sys/class/power_supply/%s/type", name);
data/acpitool-0.5.1/src/battery.cpp:844:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(powertype_fp, "%s", str);
data/acpitool-0.5.1/src/cpu.cpp:77:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(str, "%*[^:] %*s %s",temp); // ignore all up till :, then ignore the :, then use what's left //
data/acpitool-0.5.1/src/cpu.cpp:83:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(str, "%*[^:] %*s %s",temp);
data/acpitool-0.5.1/src/cpu.cpp:94:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(str, "%*[^:] %*s %s",temp);
data/acpitool-0.5.1/src/cpu.cpp:130:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[findex], "/proc/acpi/processor/%s/info", name);
data/acpitool-0.5.1/src/cpu.cpp:134:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[findex], "/proc/acpi/processor/%s/power", name);
data/acpitool-0.5.1/src/cpu.cpp:138:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename[findex], "/proc/acpi/processor/%s/throttling", name);
data/acpitool-0.5.1/src/freq.cpp:97:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(freqinfo_fp, "%s", str);
data/acpitool-0.5.1/src/freq.cpp:121:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(freqinfo_fp, "%s", str);
data/acpitool-0.5.1/src/freq.cpp:144:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(freqinfo_fp, "%s", str);
data/acpitool-0.5.1/src/freq.cpp:166:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(freqinfo_fp, "%s", str);
data/acpitool-0.5.1/src/freq.cpp:168:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c, str);
data/acpitool-0.5.1/src/freq.cpp:189:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(freqinfo_fp, "%s", str);
data/acpitool-0.5.1/src/freq.cpp:191:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c, str);
data/acpitool-0.5.1/src/main.cpp:96:18: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "aAbcBefF:hjl:m:n:o:sStTvVwW:z:", longopts, NULL)) != -1)
data/acpitool-0.5.1/src/ac_adapter.cpp:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dirname, filename[4][50], str[40];
data/acpitool-0.5.1/src/ac_adapter.cpp:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AC_Status[9];
data/acpitool-0.5.1/src/ac_adapter.cpp:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dirname, filename[4][50], str[40];
data/acpitool-0.5.1/src/ac_adapter.cpp:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AC_Status[9];
data/acpitool-0.5.1/src/ac_adapter.cpp:132:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename[i]);
data/acpitool-0.5.1/src/ac_adapter.cpp:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[2][65], str[100], temp[100], attr[100];
data/acpitool-0.5.1/src/ac_adapter.cpp:178:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *temp_fp = fopen(temp, "r");
data/acpitool-0.5.1/src/ac_adapter.cpp:211:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *power_fp = fopen(filename[i], "r");
data/acpitool-0.5.1/src/acpitool.cpp:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, *filename2, str[50];
data/acpitool-0.5.1/src/acpitool.cpp:72:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/acpitool.cpp:73:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file2_in.open(filename2);
data/acpitool-0.5.1/src/acpitool.cpp:79:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(c, "n.a");
data/acpitool-0.5.1/src/acpitool.cpp:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, str[20];
data/acpitool-0.5.1/src/acpitool.cpp:144:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/acpitool.cpp:149:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(c, "<n.a>");
data/acpitool-0.5.1/src/acpitool.cpp:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Acpi_Version[10], Kernel_Version[15];
data/acpitool-0.5.1/src/acpitool.cpp:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, str[10];
data/acpitool-0.5.1/src/acpitool.cpp:192:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/acpitool.cpp:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dirname, str[120];
data/acpitool-0.5.1/src/acpitool.cpp:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Temperature[5], State[5];
data/acpitool-0.5.1/src/acpitool.cpp:243:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[256];
data/acpitool-0.5.1/src/acpitool.cpp:293:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename[i-2].c_str());
data/acpitool-0.5.1/src/acpitool.cpp:301:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in2.open(filename[i-1].c_str());
data/acpitool-0.5.1/src/acpitool.cpp:311:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename[i].c_str(), "r");
data/acpitool-0.5.1/src/acpitool.cpp:344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dirname, filename[4][50], str[40];
data/acpitool-0.5.1/src/acpitool.cpp:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FAN_Status[9];
data/acpitool-0.5.1/src/acpitool.cpp:398:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename[i]);
data/acpitool-0.5.1/src/acpitool.cpp:424:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/acpitool.cpp:503:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open(filename);
data/acpitool-0.5.1/src/acpitool.cpp:556:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open(filename);
data/acpitool-0.5.1/src/acpitool.h:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Charging_State[12];
data/acpitool-0.5.1/src/acpitool.h:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Remaining_Cap[10];
data/acpitool-0.5.1/src/acpitool.h:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Design_Cap[10];
data/acpitool-0.5.1/src/acpitool.h:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LastFull_Cap[10];
data/acpitool-0.5.1/src/acpitool.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Present_Rate[10];
data/acpitool-0.5.1/src/acpitool.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Technology[13];
data/acpitool-0.5.1/src/acpitool.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Model[13];
data/acpitool-0.5.1/src/acpitool.h:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Serial[13];
data/acpitool-0.5.1/src/acpitool.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Bat_Type[13];
data/acpitool-0.5.1/src/acpitool.h:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Voltage_Now[13];
data/acpitool-0.5.1/src/acpitool.h:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Charge_Now[13];
data/acpitool-0.5.1/src/acpitool.h:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Charge_Full[13];
data/acpitool-0.5.1/src/acpitool.h:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Charge_Full_Design[13];
data/acpitool-0.5.1/src/asus.cpp:52:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/asus.cpp:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, lcdb[40];
data/acpitool-0.5.1/src/asus.cpp:89:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/asus.cpp:123:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open(filename);
data/acpitool-0.5.1/src/asus.cpp:151:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/asus.cpp:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, info[255];
data/acpitool-0.5.1/src/asus.cpp:206:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/asus.cpp:270:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open(filename);
data/acpitool-0.5.1/src/asus.cpp:295:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open(filename);
data/acpitool-0.5.1/src/asus.cpp:320:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open(filename);
data/acpitool-0.5.1/src/battery.cpp:135:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Show_Time = atoi(Batt_Info[i]->Present_Rate);
data/acpitool-0.5.1/src/battery.cpp:148:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Percentage = float(atoi(Batt_Info[i]->Charge_Now)) / float(atoi(Batt_Info[i]->Charge_Full)) * 100.0;
data/acpitool-0.5.1/src/battery.cpp:148:77: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Percentage = float(atoi(Batt_Info[i]->Charge_Now)) / float(atoi(Batt_Info[i]->Charge_Full)) * 100.0;
data/acpitool-0.5.1/src/battery.cpp:150:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Percentage = float(atoi(Batt_Info[i]->Remaining_Cap)) / float(atoi(Batt_Info[i]->LastFull_Cap)) * 100.0;
data/acpitool-0.5.1/src/battery.cpp:150:76: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Percentage = float(atoi(Batt_Info[i]->Remaining_Cap)) / float(atoi(Batt_Info[i]->LastFull_Cap)) * 100.0;
data/acpitool-0.5.1/src/battery.cpp:178:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Time = (float(atoi(Batt_Info[i]->Charge_Full)) - float(atoi(Batt_Info[i]->Charge_Now))) / float(atoi(Batt_Info[i]->Present_Rate));
data/acpitool-0.5.1/src/battery.cpp:178:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Time = (float(atoi(Batt_Info[i]->Charge_Full)) - float(atoi(Batt_Info[i]->Charge_Now))) / float(atoi(Batt_Info[i]->Present_Rate));
data/acpitool-0.5.1/src/battery.cpp:178:113: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Time = (float(atoi(Batt_Info[i]->Charge_Full)) - float(atoi(Batt_Info[i]->Charge_Now))) / float(atoi(Batt_Info[i]->Present_Rate));
data/acpitool-0.5.1/src/battery.cpp:180:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Time = (float(atoi(Batt_Info[i]->LastFull_Cap)) - float(atoi(Batt_Info[i]->Remaining_Cap))) / float(atoi(Batt_Info[i]->Present_Rate));
data/acpitool-0.5.1/src/battery.cpp:180:73: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Time = (float(atoi(Batt_Info[i]->LastFull_Cap)) - float(atoi(Batt_Info[i]->Remaining_Cap))) / float(atoi(Batt_Info[i]->Present_Rate));
data/acpitool-0.5.1/src/battery.cpp:180:117: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Time = (float(atoi(Batt_Info[i]->LastFull_Cap)) - float(atoi(Batt_Info[i]->Remaining_Cap))) / float(atoi(Batt_Info[i]->Present_Rate));
data/acpitool-0.5.1/src/battery.cpp:183:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Time = float(atoi(Batt_Info[i]->Remaining_Cap)) / float(atoi(Batt_Info[i]->Present_Rate));
data/acpitool-0.5.1/src/battery.cpp:183:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Remaining_Time = float(atoi(Batt_Info[i]->Remaining_Cap)) / float(atoi(Batt_Info[i]->Present_Rate));
data/acpitool-0.5.1/src/battery.cpp:197:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(Batt_Info[i]->Design_Cap) > 0)
data/acpitool-0.5.1/src/battery.cpp:198:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Battery_Left_Percent = float(atoi(Batt_Info[i]->LastFull_Cap)) / float(atoi(Batt_Info[i]->Design_Cap)) * 100.0;
data/acpitool-0.5.1/src/battery.cpp:198:80: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Battery_Left_Percent = float(atoi(Batt_Info[i]->LastFull_Cap)) / float(atoi(Batt_Info[i]->Design_Cap)) * 100.0;
data/acpitool-0.5.1/src/battery.cpp:199:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(atoi(Batt_Info[i]->Charge_Full_Design) > 0)
data/acpitool-0.5.1/src/battery.cpp:200:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Battery_Left_Percent = float(atoi(Batt_Info[i]->Charge_Full)) / float(atoi(Batt_Info[i]->Charge_Full_Design)) * 100.0;
data/acpitool-0.5.1/src/battery.cpp:200:79: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Battery_Left_Percent = float(atoi(Batt_Info[i]->Charge_Full)) / float(atoi(Batt_Info[i]->Charge_Full_Design)) * 100.0;
data/acpitool-0.5.1/src/battery.cpp:225:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(Batt_Info[i]->Design_Cap) > 0)
data/acpitool-0.5.1/src/battery.cpp:227:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(atoi(Batt_Info[i]->Charge_Full_Design) > 0)
data/acpitool-0.5.1/src/battery.cpp:230:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(Batt_Info[i]->LastFull_Cap) > 0)
data/acpitool-0.5.1/src/battery.cpp:232:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(atoi(Batt_Info[i]->Charge_Full) > 0)
data/acpitool-0.5.1/src/battery.cpp:293:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Total_Remaining_Cap = Total_Remaining_Cap + (atoi(Batt_Info[t]->Remaining_Cap));
data/acpitool-0.5.1/src/battery.cpp:294:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Total_LastFull_Cap = Total_LastFull_Cap + (atoi(Batt_Info[t]->LastFull_Cap));
data/acpitool-0.5.1/src/battery.cpp:295:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Total_Rate = Total_Rate + (atoi(Batt_Info[t]->Present_Rate));
data/acpitool-0.5.1/src/battery.cpp:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[4][65], str[100], temp[100];
data/acpitool-0.5.1/src/battery.cpp:435:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename[start]);
data/acpitool-0.5.1/src/battery.cpp:494:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename[start+1]);
data/acpitool-0.5.1/src/battery.cpp:538:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[6][65], str[100], temp[100], attr[100];
data/acpitool-0.5.1/src/battery.cpp:570:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *temp_fp = fopen(temp, "r");
data/acpitool-0.5.1/src/battery.cpp:630:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *power_fp = fopen(filename[start], "r");
data/acpitool-0.5.1/src/battery.cpp:669:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(temp) / 1000;
data/acpitool-0.5.1/src/battery.cpp:675:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(temp) / 1000;
data/acpitool-0.5.1/src/battery.cpp:680:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(temp) / 1000;
data/acpitool-0.5.1/src/battery.cpp:685:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(temp) / 1000;
data/acpitool-0.5.1/src/battery.cpp:690:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(temp) / 1000;
data/acpitool-0.5.1/src/battery.cpp:695:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(temp) / 1000;
data/acpitool-0.5.1/src/battery.cpp:700:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(temp) / 1000;
data/acpitool-0.5.1/src/battery.cpp:705:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(temp) / 1000;
data/acpitool-0.5.1/src/battery.cpp:791:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[4][65], str[100];
data/acpitool-0.5.1/src/battery.cpp:839:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *powertype_fp = fopen(filename[t], "r");
data/acpitool-0.5.1/src/cpu.cpp:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dirname, filename[25][70], str[300], temp[130];
data/acpitool-0.5.1/src/cpu.cpp:60:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *cpuinfo_fp = fopen("/proc/cpuinfo", "r");
data/acpitool-0.5.1/src/cpu.cpp:164:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename[i-2]); // acpi/processor/%s/info
data/acpitool-0.5.1/src/cpu.cpp:206:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *power_fp = fopen(filename[i-1], "r"); // acpi/processor/%s/power
data/acpitool-0.5.1/src/cpu.cpp:281:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *throt_fp = fopen(filename[i], "r"); // acpi/processor/%s/throttling
data/acpitool-0.5.1/src/freq.cpp:48:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *freqinfo_fp = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq", "r");
data/acpitool-0.5.1/src/freq.cpp:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[300];
data/acpitool-0.5.1/src/freq.cpp:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[300];
data/acpitool-0.5.1/src/freq.cpp:92:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *freqinfo_fp = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq", "r");
data/acpitool-0.5.1/src/freq.cpp:98:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_freq = atoi(str);
data/acpitool-0.5.1/src/freq.cpp:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[300];
data/acpitool-0.5.1/src/freq.cpp:116:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *freqinfo_fp = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq", "r");
data/acpitool-0.5.1/src/freq.cpp:122:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_freq = atoi(str);
data/acpitool-0.5.1/src/freq.cpp:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[300];
data/acpitool-0.5.1/src/freq.cpp:139:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *freqinfo_fp = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq", "r");
data/acpitool-0.5.1/src/freq.cpp:145:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_freq = atoi(str);
data/acpitool-0.5.1/src/freq.cpp:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[300];
data/acpitool-0.5.1/src/freq.cpp:161:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *freqinfo_fp = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor", "r");
data/acpitool-0.5.1/src/freq.cpp:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[300];
data/acpitool-0.5.1/src/freq.cpp:184:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *freqinfo_fp = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_driver", "r");
data/acpitool-0.5.1/src/main.cpp:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Acpi_Version[10];
data/acpitool-0.5.1/src/main.cpp:143:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Force_Fan(atoi(optarg));
data/acpitool-0.5.1/src/main.cpp:156:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Set_LCD_Level(atoi(optarg));
data/acpitool-0.5.1/src/main.cpp:159:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Set_Thinkpad_LCD_Level(atoi(optarg));
data/acpitool-0.5.1/src/main.cpp:165:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Set_Asus_LCD_State(atoi(optarg));
data/acpitool-0.5.1/src/main.cpp:171:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Set_MLed(atoi(optarg));
data/acpitool-0.5.1/src/main.cpp:178:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Set_WLed(atoi(optarg));
data/acpitool-0.5.1/src/main.cpp:214:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rc = Toggle_WakeUp_Device(atoi(optarg), verbose);
data/acpitool-0.5.1/src/main.cpp:219:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Set_Asus_LCD_Level(atoi(optarg)); // convert option to int //
data/acpitool-0.5.1/src/thinkpad.cpp:19:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/thinkpad.cpp:40:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bay.open(filename);
data/acpitool-0.5.1/src/thinkpad.cpp:61:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bright.open(filename);
data/acpitool-0.5.1/src/thinkpad.cpp:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[32];
data/acpitool-0.5.1/src/thinkpad.cpp:89:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fan.open(filename);
data/acpitool-0.5.1/src/toshiba.cpp:52:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/toshiba.cpp:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, str[40];
data/acpitool-0.5.1/src/toshiba.cpp:89:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/toshiba.cpp:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, str[40];
data/acpitool-0.5.1/src/toshiba.cpp:139:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/toshiba.cpp:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, str[15];
data/acpitool-0.5.1/src/toshiba.cpp:173:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open(filename);
data/acpitool-0.5.1/src/toshiba.cpp:185:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "force_on:%d", s);
data/acpitool-0.5.1/src/toshiba.cpp:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, str[15];
data/acpitool-0.5.1/src/toshiba.cpp:207:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out.open(filename);
data/acpitool-0.5.1/src/toshiba.cpp:219:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "brightness:%d", l);
data/acpitool-0.5.1/src/toshiba.cpp:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename, str[40];
data/acpitool-0.5.1/src/toshiba.cpp:238:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_in.open(filename);
data/acpitool-0.5.1/src/ac_adapter.cpp:136:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(AC_Status, str+25, 8);
data/acpitool-0.5.1/src/ac_adapter.cpp:221:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)!=0)
data/acpitool-0.5.1/src/acpitool.cpp:88:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c, str+25,8);
data/acpitool-0.5.1/src/acpitool.cpp:99:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c, str,8);
data/acpitool-0.5.1/src/acpitool.cpp:297:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(State, str+25, 5); State[4] = '\0';
data/acpitool-0.5.1/src/acpitool.cpp:305:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Temperature, str+25, 5); Temperature[4] = '\0';
data/acpitool-0.5.1/src/acpitool.cpp:324:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)!=0)
data/acpitool-0.5.1/src/acpitool.cpp:402:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(FAN_Status, str+25, 8);
data/acpitool-0.5.1/src/battery.cpp:249:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Batt_Info[i]->Model)!=0)
data/acpitool-0.5.1/src/battery.cpp:251:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Batt_Info[i]->Serial)!=0)
data/acpitool-0.5.1/src/battery.cpp:445:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 4);
data/acpitool-0.5.1/src/battery.cpp:456:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Design_Cap, str+25, 9);
data/acpitool-0.5.1/src/battery.cpp:460:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->LastFull_Cap, str+25, 9);
data/acpitool-0.5.1/src/battery.cpp:474:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Technology, str+25, 12);
data/acpitool-0.5.1/src/battery.cpp:480:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Model, str+25, 12);
data/acpitool-0.5.1/src/battery.cpp:484:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Serial, str+25, 12);
data/acpitool-0.5.1/src/battery.cpp:488:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Bat_Type, str+25, 12);
data/acpitool-0.5.1/src/battery.cpp:505:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Charging_State, str+25, 12);
data/acpitool-0.5.1/src/battery.cpp:506:57: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (strncmp(batt_info->Charging_State,"unknown",7)==0) strncpy(batt_info->Charging_State, "charged",7);
data/acpitool-0.5.1/src/battery.cpp:512:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Present_Rate, str+25, 9);
data/acpitool-0.5.1/src/battery.cpp:515:60: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (strncmp(batt_info->Present_Rate, "unknown",7)==0) strncpy(batt_info->Present_Rate, "0 ",7);
data/acpitool-0.5.1/src/battery.cpp:523:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Remaining_Cap, str+25, 9);
data/acpitool-0.5.1/src/battery.cpp:638:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Technology, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:639:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Voltage_Now, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:640:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Charge_Now, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:641:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Charge_Full, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:642:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Charge_Full_Design, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:643:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Present_Rate, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:644:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Design_Cap, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:645:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->LastFull_Cap, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:646:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Remaining_Cap, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:647:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Model, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:648:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(batt_info->Serial, "unknown", 7);
data/acpitool-0.5.1/src/battery.cpp:660:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Charging_State, temp, 12);
data/acpitool-0.5.1/src/battery.cpp:663:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Bat_Type, temp, 12);
data/acpitool-0.5.1/src/battery.cpp:666:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Technology, temp, 12);
data/acpitool-0.5.1/src/battery.cpp:671:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Voltage_Now, temp, 12);
data/acpitool-0.5.1/src/battery.cpp:677:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Present_Rate, temp, 9);
data/acpitool-0.5.1/src/battery.cpp:682:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Charge_Now, temp, 12);
data/acpitool-0.5.1/src/battery.cpp:687:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Charge_Full_Design, temp, 12);
data/acpitool-0.5.1/src/battery.cpp:692:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Charge_Full, temp, 12);
data/acpitool-0.5.1/src/battery.cpp:697:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Design_Cap, temp, 9);
data/acpitool-0.5.1/src/battery.cpp:702:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->LastFull_Cap, temp, 9);
data/acpitool-0.5.1/src/battery.cpp:707:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Remaining_Cap, temp, 9);
data/acpitool-0.5.1/src/battery.cpp:710:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Model, temp, 12);
data/acpitool-0.5.1/src/battery.cpp:713:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Serial, temp, 12);
data/acpitool-0.5.1/src/battery.cpp:732:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(batt_info->Present_Rate, temp, 9);
data/acpitool-0.5.1/src/cpu.cpp:172:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 5);
data/acpitool-0.5.1/src/cpu.cpp:178:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 5);
data/acpitool-0.5.1/src/cpu.cpp:183:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 5);
data/acpitool-0.5.1/src/cpu.cpp:188:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 5);
data/acpitool-0.5.1/src/cpu.cpp:196:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 5);
data/acpitool-0.5.1/src/cpu.cpp:215:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 5);
data/acpitool-0.5.1/src/cpu.cpp:222:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+26, 2);
data/acpitool-0.5.1/src/cpu.cpp:231:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 8);
data/acpitool-0.5.1/src/cpu.cpp:241:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)!=0)
data/acpitool-0.5.1/src/cpu.cpp:245:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+80, 8);
data/acpitool-0.5.1/src/cpu.cpp:287:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 5);
data/acpitool-0.5.1/src/cpu.cpp:291:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, str+25, 5);
data/acpitool-0.5.1/src/freq.cpp:167:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)>0)
data/acpitool-0.5.1/src/freq.cpp:190:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)>0)
ANALYSIS SUMMARY:
Hits = 233
Lines analyzed = 3558 in approximately 0.14 seconds (24952 lines/second)
Physical Source Lines of Code (SLOC) = 2506
Hits@level = [0] 49 [1] 61 [2] 142 [3] 1 [4] 29 [5] 0
Hits@level+ = [0+] 282 [1+] 233 [2+] 172 [3+] 30 [4+] 29 [5+] 0
Hits/KSLOC@level+ = [0+] 112.53 [1+] 92.9769 [2+] 68.6353 [3+] 11.9713 [4+] 11.5722 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.