Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bonnie++-2.00a/bon_add.cpp
Examining data/bonnie++-2.00a/bon_csv2html.cpp
Examining data/bonnie++-2.00a/bon_file.cpp
Examining data/bonnie++-2.00a/bon_file.h
Examining data/bonnie++-2.00a/bon_io.cpp
Examining data/bonnie++-2.00a/bon_io.h
Examining data/bonnie++-2.00a/bon_suid.cpp
Examining data/bonnie++-2.00a/bon_time.cpp
Examining data/bonnie++-2.00a/bon_time.h
Examining data/bonnie++-2.00a/bonnie++.cpp
Examining data/bonnie++-2.00a/bonnie.h
Examining data/bonnie++-2.00a/conf.h
Examining data/bonnie++-2.00a/duration.cpp
Examining data/bonnie++-2.00a/duration.h
Examining data/bonnie++-2.00a/generate_randfile.cpp
Examining data/bonnie++-2.00a/getc_putc.cpp
Examining data/bonnie++-2.00a/getc_putc.h
Examining data/bonnie++-2.00a/getc_putc_helper.cpp
Examining data/bonnie++-2.00a/port.h
Examining data/bonnie++-2.00a/rand.cpp
Examining data/bonnie++-2.00a/rand.h
Examining data/bonnie++-2.00a/semaphore.cpp
Examining data/bonnie++-2.00a/semaphore.h
Examining data/bonnie++-2.00a/sync.cpp
Examining data/bonnie++-2.00a/sync.h
Examining data/bonnie++-2.00a/thread.cpp
Examining data/bonnie++-2.00a/thread.h
Examining data/bonnie++-2.00a/util.cpp
Examining data/bonnie++-2.00a/zcav.cpp
Examining data/bonnie++-2.00a/zcav_io.cpp
Examining data/bonnie++-2.00a/zcav_io.h
FINAL RESULTS:
data/bonnie++-2.00a/bon_csv2html.cpp:436:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ksec_form, "M");
data/bonnie++-2.00a/bon_csv2html.cpp:438:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ksec_form, "");
data/bonnie++-2.00a/bon_csv2html.cpp:442:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ksec_form, "");
data/bonnie++-2.00a/bon_file.cpp:140:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%010x", rand_buf, i);
data/bonnie++-2.00a/bon_file.cpp:144:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%010x%s", i, rand_buf);
data/bonnie++-2.00a/bon_file.cpp:249:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_dirname, dirname);
data/bonnie++-2.00a/bon_io.cpp:51:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_name, parent->m_name);
data/bonnie++-2.00a/bon_io.cpp:240:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_name, base_name);
data/bonnie++-2.00a/bon_time.cpp:265:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, separator);
data/bonnie++-2.00a/bon_time.cpp:272:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, separator);
data/bonnie++-2.00a/bon_time.cpp:279:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, separator);
data/bonnie++-2.00a/bon_time.cpp:286:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, separator);
data/bonnie++-2.00a/bon_time.cpp:302:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, separator);
data/bonnie++-2.00a/bon_time.cpp:331:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur, size_buf); // copy the size in
data/bonnie++-2.00a/bon_time.cpp:336:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(CSV_VERSION "," BON_VERSION ",%s,%d,%s,%s,%d,%d", m_name
data/bonnie++-2.00a/bon_time.cpp:357:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(m_fp, CSV_VERSION "," BON_VERSION ",%s,%d,%s,,,,,,,,,,,,,,,,", m_name
data/bonnie++-2.00a/bon_time.cpp:400:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, separator);
data/bonnie++-2.00a/bonnie++.cpp:93:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/Bonnie.%d", path, int(myPid));
data/bonnie++-2.00a/bonnie++.cpp:815:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Bonnie: drastic I/O error (%s)", message);
data/bonnie++-2.00a/getc_putc.cpp:120:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/getc_putc.%d", dir, getpid());
data/bonnie++-2.00a/getc_putc.cpp:173:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prog, "%s_helper %d", argv[0], file_size);
data/bonnie++-2.00a/getc_putc.cpp:176:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *child = popen(prog, "r");
data/bonnie++-2.00a/port.h:54:9: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _snprintf sprintf
data/bonnie++-2.00a/port.h:54:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _snprintf sprintf
data/bonnie++-2.00a/port.h:56:9: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _snprintf snprintf
data/bonnie++-2.00a/port.h:56:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _snprintf snprintf
data/bonnie++-2.00a/bonnie++.cpp:223:24: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while(-1 != (int_c = getopt(argc, argv, "bc:d:f::g:l:m:n:p:qr:s:u:x:y:z:Z:"
data/bonnie++-2.00a/generate_randfile.cpp:22:24: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while(-1 != (int_c = getopt(argc, argv, "s:f:")) )
data/bonnie++-2.00a/generate_randfile.cpp:44:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/bonnie++-2.00a/getc_putc.cpp:48:24: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while(-1 != (int_c = getopt(argc, argv, "d:s:u:g:m:q")) )
data/bonnie++-2.00a/rand.cpp:43:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(num);
data/bonnie++-2.00a/rand.cpp:55:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(m_init);
data/bonnie++-2.00a/zcav.cpp:188:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while(-1 != (c = getopt(argc, argv, "-c:b:f:l:r:w"
data/bonnie++-2.00a/bon_add.cpp:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bonnie++-2.00a/bon_add.cpp:39:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/bonnie++-2.00a/bon_csv2html.cpp:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bonnie++-2.00a/bon_csv2html.cpp:79:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/bonnie++-2.00a/bon_csv2html.cpp:490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bonnie++-2.00a/bon_csv2html.cpp:499:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tmp = (atoi(line_data) + 512) / 1024;
data/bonnie++-2.00a/bon_file.cpp:64:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6];
data/bonnie++-2.00a/bon_file.cpp:67:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%05d", i);
data/bonnie++-2.00a/bon_file.cpp:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rand_buf[RandExtraLen + 1];
data/bonnie++-2.00a/bon_file.cpp:127:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%05d/", directory_num);
data/bonnie++-2.00a/bon_file.cpp:273:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m_buf, "%05d", i);
data/bonnie++-2.00a/bon_file.cpp:281:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_directoryHandles[i] = open(m_buf, O_RDONLY);
data/bonnie++-2.00a/bon_file.cpp:292:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_directoryHandles[0] = open(".", O_RDONLY);
data/bonnie++-2.00a/bon_file.cpp:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6];
data/bonnie++-2.00a/bon_file.cpp:376:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%05d", i);
data/bonnie++-2.00a/bon_file.cpp:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6];
data/bonnie++-2.00a/bon_file.cpp:418:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%05d", i);
data/bonnie++-2.00a/bon_file.cpp:509:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, flags);
data/bonnie++-2.00a/bon_file.cpp:558:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6];
data/bonnie++-2.00a/bon_file.cpp:561:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%05d", i);
data/bonnie++-2.00a/bon_io.cpp:162:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m_buf, "Error in lseek to chunk %d(" OFF_T_PRINTF ")", offset, real_offset);
data/bonnie++-2.00a/bon_time.cpp:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/bonnie++-2.00a/bon_time.cpp:211:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", size);
data/bonnie++-2.00a/bon_time.cpp:228:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d%c", size, units[ind]);
data/bonnie++-2.00a/bon_time.cpp:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size_buf[1024];
data/bonnie++-2.00a/bon_time.cpp:276:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", m_concurrency);
data/bonnie++-2.00a/bon_time.cpp:283:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", Seeks);
data/bonnie++-2.00a/bon_time.cpp:290:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", SeekProcCount);
data/bonnie++-2.00a/bon_time.cpp:305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/bonnie++-2.00a/bon_time.cpp:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/bonnie++-2.00a/bon_time.cpp:377:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", directory_size);
data/bonnie++-2.00a/bon_time.cpp:383:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ",link,");
data/bonnie++-2.00a/bon_time.cpp:387:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ",symlink,");
data/bonnie++-2.00a/bon_time.cpp:392:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ",%d,%d", max_size, min_size);
data/bonnie++-2.00a/bon_time.cpp:394:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ",%d,", max_size);
data/bonnie++-2.00a/bon_time.cpp:398:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ",,");
data/bonnie++-2.00a/bon_time.cpp:412:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ":link");
data/bonnie++-2.00a/bon_time.cpp:416:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ":symlink");
data/bonnie++-2.00a/bon_time.cpp:420:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ":%d:%d", max_size, min_size);
data/bonnie++-2.00a/bon_time.cpp:427:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "/%d", num_directories);
data/bonnie++-2.00a/bon_time.cpp:429:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, ",%d", num_directories);
data/bonnie++-2.00a/bonnie++.cpp:239:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
concurrency = atoi(optarg);
data/bonnie++-2.00a/bonnie++.cpp:250:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globals.byte_io_size = atoi(optarg);
data/bonnie++-2.00a/bonnie++.cpp:287:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_bonnie_procs = atoi(optarg);
data/bonnie++-2.00a/bonnie++.cpp:295:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globals.ram = atoi(optarg);
data/bonnie++-2.00a/bonnie++.cpp:349:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_count = atoi(optarg);
data/bonnie++-2.00a/bonnie++.cpp:811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bonnie++-2.00a/generate_randfile.cpp:35:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(optarg, "w");
data/bonnie++-2.00a/generate_randfile.cpp:43:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(argv[optind]);
data/bonnie++-2.00a/getc_putc.cpp:122:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fname, O_CREAT | O_TRUNC | O_RDWR, S_IRUSR | S_IWUSR);
data/bonnie++-2.00a/getc_putc.cpp:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 << 20];
data/bonnie++-2.00a/getc_putc_helper.cpp:18:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(argv[1]);
data/bonnie++-2.00a/port.h:35:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define file_open open
data/bonnie++-2.00a/rand.cpp:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/bonnie++-2.00a/rand.cpp:46:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%u", num);
data/bonnie++-2.00a/sync.cpp:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/bonnie++-2.00a/util.cpp:10:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int size = atoi(str);
data/bonnie++-2.00a/zcav.cpp:208:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mz.setLoops(atoi(optarg));
data/bonnie++-2.00a/zcav.cpp:230:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mz.setSkipRate(atoi(optarg));
data/bonnie++-2.00a/zcav_io.cpp:44:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_log = fopen(log, "w");
data/bonnie++-2.00a/bon_add.cpp:122:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp += strlen(delim);
data/bonnie++-2.00a/bon_csv2html.cpp:190:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(data[row_ind][column_ind] && strlen(data[row_ind][column_ind]))
data/bonnie++-2.00a/bon_csv2html.cpp:469:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp += strlen(delim);
data/bonnie++-2.00a/bon_file.cpp:107:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int num_rand_chars = strlen(rand_chars);
data/bonnie++-2.00a/bon_file.cpp:128:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/bonnie++-2.00a/bon_file.cpp:146:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf) + 1;
data/bonnie++-2.00a/bon_file.cpp:248:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_dirname = new char[strlen(dirname) + 1];
data/bonnie++-2.00a/bon_file.cpp:521:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(to_read != read(fd, static_cast<void *>(m_buf), to_read))
data/bonnie++-2.00a/bon_io.cpp:41:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, m_name(PCHAR(malloc(strlen(parent->m_name) + 5)))
data/bonnie++-2.00a/bon_io.cpp:175:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rc = read(m_fd, buf, m_chunk_size - total);
data/bonnie++-2.00a/bon_io.cpp:200:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(m_fd, &next, 1) != 1)
data/bonnie++-2.00a/bon_io.cpp:239:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_name = PCHAR(malloc(strlen(base_name) + 5));
data/bonnie++-2.00a/bon_time.cpp:217:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ind = strlen(buf);
data/bonnie++-2.00a/bon_time.cpp:231:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ind = strlen(buf) - 1;
data/bonnie++-2.00a/bon_time.cpp:262:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = size_buf + strlen(size_buf);
data/bonnie++-2.00a/bon_time.cpp:270:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp += strlen(tmp);
data/bonnie++-2.00a/bon_time.cpp:277:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp += strlen(tmp);
data/bonnie++-2.00a/bon_time.cpp:284:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp += strlen(tmp);
data/bonnie++-2.00a/bon_time.cpp:291:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp += strlen(tmp) - 1;
data/bonnie++-2.00a/bon_time.cpp:303:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp += strlen(tmp);
data/bonnie++-2.00a/bon_time.cpp:320:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int offset = txt_machine_size - strlen(size_buf) - 2;
data/bonnie++-2.00a/bon_time.cpp:378:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = &buf[strlen(buf)];
data/bonnie++-2.00a/bon_time.cpp:401:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp += strlen(tmp);
data/bonnie++-2.00a/bon_time.cpp:423:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = &buf[strlen(buf)];
data/bonnie++-2.00a/bon_time.cpp:433:8: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(tmp, ",");
data/bonnie++-2.00a/bonnie++.cpp:91:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(path) + 15];
data/bonnie++-2.00a/getc_putc.cpp:118:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fname = new char[22 + strlen(dir)];
data/bonnie++-2.00a/getc_putc.cpp:170:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_FUNC_READ("read(fd, &c, 1)", if(read(FILE_FD, (void *)&c, 1) != 1), res[Read]);
data/bonnie++-2.00a/getc_putc.cpp:172:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *prog = new char[strlen(argv[0]) + 30];
data/bonnie++-2.00a/getc_putc.cpp:175:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(prog, "q");
data/bonnie++-2.00a/getc_putc.cpp:209:37: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_FUNC_READ("getc()", if( (c = getc(fp)) == EOF), res[Getc]);
data/bonnie++-2.00a/getc_putc_helper.cpp:21:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(argv[1][strlen(argv[1]) - 1] == 'q')
data/bonnie++-2.00a/getc_putc_helper.cpp:48:47: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST_FUNC_READ("getc() no thread", if( (c = getc(fp)) == EOF), res[1]);
data/bonnie++-2.00a/rand.cpp:23:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(size_t(read(fd, m_arr, size * sizeof(int))) != size * sizeof(int))
data/bonnie++-2.00a/thread.cpp:134:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(size != read(m_read, buf, size) )
data/bonnie++-2.00a/util.cpp:11:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char c = tolower(str[strlen(str) - 1]);
data/bonnie++-2.00a/zcav_io.cpp:214:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(m_fd, m_buf, count - total);
ANALYSIS SUMMARY:
Hits = 130
Lines analyzed = 5107 in approximately 0.14 seconds (37371 lines/second)
Physical Source Lines of Code (SLOC) = 4519
Hits@level = [0] 257 [1] 37 [2] 60 [3] 7 [4] 26 [5] 0
Hits@level+ = [0+] 387 [1+] 130 [2+] 93 [3+] 33 [4+] 26 [5+] 0
Hits/KSLOC@level+ = [0+] 85.6384 [1+] 28.7674 [2+] 20.5798 [3+] 7.3025 [4+] 5.75349 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.