Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/bonnie++-2.00a/bon_add.cpp Examining data/bonnie++-2.00a/bon_csv2html.cpp Examining data/bonnie++-2.00a/bon_file.cpp Examining data/bonnie++-2.00a/bon_file.h Examining data/bonnie++-2.00a/bon_io.cpp Examining data/bonnie++-2.00a/bon_io.h Examining data/bonnie++-2.00a/bon_suid.cpp Examining data/bonnie++-2.00a/bon_time.cpp Examining data/bonnie++-2.00a/bon_time.h Examining data/bonnie++-2.00a/bonnie++.cpp Examining data/bonnie++-2.00a/bonnie.h Examining data/bonnie++-2.00a/conf.h Examining data/bonnie++-2.00a/duration.cpp Examining data/bonnie++-2.00a/duration.h Examining data/bonnie++-2.00a/generate_randfile.cpp Examining data/bonnie++-2.00a/getc_putc.cpp Examining data/bonnie++-2.00a/getc_putc.h Examining data/bonnie++-2.00a/getc_putc_helper.cpp Examining data/bonnie++-2.00a/port.h Examining data/bonnie++-2.00a/rand.cpp Examining data/bonnie++-2.00a/rand.h Examining data/bonnie++-2.00a/semaphore.cpp Examining data/bonnie++-2.00a/semaphore.h Examining data/bonnie++-2.00a/sync.cpp Examining data/bonnie++-2.00a/sync.h Examining data/bonnie++-2.00a/thread.cpp Examining data/bonnie++-2.00a/thread.h Examining data/bonnie++-2.00a/util.cpp Examining data/bonnie++-2.00a/zcav.cpp Examining data/bonnie++-2.00a/zcav_io.cpp Examining data/bonnie++-2.00a/zcav_io.h FINAL RESULTS: data/bonnie++-2.00a/bon_csv2html.cpp:436:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ksec_form, "M"); data/bonnie++-2.00a/bon_csv2html.cpp:438:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ksec_form, ""); data/bonnie++-2.00a/bon_csv2html.cpp:442:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ksec_form, ""); data/bonnie++-2.00a/bon_file.cpp:140:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%010x", rand_buf, i); data/bonnie++-2.00a/bon_file.cpp:144:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%010x%s", i, rand_buf); data/bonnie++-2.00a/bon_file.cpp:249:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_dirname, dirname); data/bonnie++-2.00a/bon_io.cpp:51:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_name, parent->m_name); data/bonnie++-2.00a/bon_io.cpp:240:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_name, base_name); data/bonnie++-2.00a/bon_time.cpp:265:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, separator); data/bonnie++-2.00a/bon_time.cpp:272:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, separator); data/bonnie++-2.00a/bon_time.cpp:279:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, separator); data/bonnie++-2.00a/bon_time.cpp:286:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, separator); data/bonnie++-2.00a/bon_time.cpp:302:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, separator); data/bonnie++-2.00a/bon_time.cpp:331:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cur, size_buf); // copy the size in data/bonnie++-2.00a/bon_time.cpp:336:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(CSV_VERSION "," BON_VERSION ",%s,%d,%s,%s,%d,%d", m_name data/bonnie++-2.00a/bon_time.cpp:357:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(m_fp, CSV_VERSION "," BON_VERSION ",%s,%d,%s,,,,,,,,,,,,,,,,", m_name data/bonnie++-2.00a/bon_time.cpp:400:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, separator); data/bonnie++-2.00a/bonnie++.cpp:93:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s/Bonnie.%d", path, int(myPid)); data/bonnie++-2.00a/bonnie++.cpp:815:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Bonnie: drastic I/O error (%s)", message); data/bonnie++-2.00a/getc_putc.cpp:120:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s/getc_putc.%d", dir, getpid()); data/bonnie++-2.00a/getc_putc.cpp:173:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prog, "%s_helper %d", argv[0], file_size); data/bonnie++-2.00a/getc_putc.cpp:176:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *child = popen(prog, "r"); data/bonnie++-2.00a/port.h:54:9: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _snprintf sprintf data/bonnie++-2.00a/port.h:54:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define _snprintf sprintf data/bonnie++-2.00a/port.h:56:9: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _snprintf snprintf data/bonnie++-2.00a/port.h:56:19: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define _snprintf snprintf data/bonnie++-2.00a/bonnie++.cpp:223:24: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while(-1 != (int_c = getopt(argc, argv, "bc:d:f::g:l:m:n:p:qr:s:u:x:y:z:Z:" data/bonnie++-2.00a/generate_randfile.cpp:22:24: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while(-1 != (int_c = getopt(argc, argv, "s:f:")) ) data/bonnie++-2.00a/generate_randfile.cpp:44:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/bonnie++-2.00a/getc_putc.cpp:48:24: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while(-1 != (int_c = getopt(argc, argv, "d:s:u:g:m:q")) ) data/bonnie++-2.00a/rand.cpp:43:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(num); data/bonnie++-2.00a/rand.cpp:55:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(m_init); data/bonnie++-2.00a/zcav.cpp:188:20: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while(-1 != (c = getopt(argc, argv, "-c:b:f:l:r:w" data/bonnie++-2.00a/bon_add.cpp:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/bonnie++-2.00a/bon_add.cpp:39:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[1], "r"); data/bonnie++-2.00a/bon_csv2html.cpp:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/bonnie++-2.00a/bon_csv2html.cpp:79:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[1], "r"); data/bonnie++-2.00a/bon_csv2html.cpp:490:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/bonnie++-2.00a/bon_csv2html.cpp:499:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tmp = (atoi(line_data) + 512) / 1024; data/bonnie++-2.00a/bon_file.cpp:64:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6]; data/bonnie++-2.00a/bon_file.cpp:67:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%05d", i); data/bonnie++-2.00a/bon_file.cpp:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rand_buf[RandExtraLen + 1]; data/bonnie++-2.00a/bon_file.cpp:127:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%05d/", directory_num); data/bonnie++-2.00a/bon_file.cpp:273:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(m_buf, "%05d", i); data/bonnie++-2.00a/bon_file.cpp:281:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_directoryHandles[i] = open(m_buf, O_RDONLY); data/bonnie++-2.00a/bon_file.cpp:292:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_directoryHandles[0] = open(".", O_RDONLY); data/bonnie++-2.00a/bon_file.cpp:373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6]; data/bonnie++-2.00a/bon_file.cpp:376:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%05d", i); data/bonnie++-2.00a/bon_file.cpp:415:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6]; data/bonnie++-2.00a/bon_file.cpp:418:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%05d", i); data/bonnie++-2.00a/bon_file.cpp:509:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, flags); data/bonnie++-2.00a/bon_file.cpp:558:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6]; data/bonnie++-2.00a/bon_file.cpp:561:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%05d", i); data/bonnie++-2.00a/bon_io.cpp:162:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(m_buf, "Error in lseek to chunk %d(" OFF_T_PRINTF ")", offset, real_offset); data/bonnie++-2.00a/bon_time.cpp:162:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/bonnie++-2.00a/bon_time.cpp:211:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", size); data/bonnie++-2.00a/bon_time.cpp:228:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d%c", size, units[ind]); data/bonnie++-2.00a/bon_time.cpp:260:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size_buf[1024]; data/bonnie++-2.00a/bon_time.cpp:276:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", m_concurrency); data/bonnie++-2.00a/bon_time.cpp:283:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", Seeks); data/bonnie++-2.00a/bon_time.cpp:290:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", SeekProcCount); data/bonnie++-2.00a/bon_time.cpp:305:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/bonnie++-2.00a/bon_time.cpp:375:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/bonnie++-2.00a/bon_time.cpp:377:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", directory_size); data/bonnie++-2.00a/bon_time.cpp:383:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, ",link,"); data/bonnie++-2.00a/bon_time.cpp:387:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, ",symlink,"); data/bonnie++-2.00a/bon_time.cpp:392:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, ",%d,%d", max_size, min_size); data/bonnie++-2.00a/bon_time.cpp:394:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, ",%d,", max_size); data/bonnie++-2.00a/bon_time.cpp:398:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, ",,"); data/bonnie++-2.00a/bon_time.cpp:412:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, ":link"); data/bonnie++-2.00a/bon_time.cpp:416:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, ":symlink"); data/bonnie++-2.00a/bon_time.cpp:420:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, ":%d:%d", max_size, min_size); data/bonnie++-2.00a/bon_time.cpp:427:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "/%d", num_directories); data/bonnie++-2.00a/bon_time.cpp:429:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, ",%d", num_directories); data/bonnie++-2.00a/bonnie++.cpp:239:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). concurrency = atoi(optarg); data/bonnie++-2.00a/bonnie++.cpp:250:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.byte_io_size = atoi(optarg); data/bonnie++-2.00a/bonnie++.cpp:287:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_bonnie_procs = atoi(optarg); data/bonnie++-2.00a/bonnie++.cpp:295:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.ram = atoi(optarg); data/bonnie++-2.00a/bonnie++.cpp:349:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). test_count = atoi(optarg); data/bonnie++-2.00a/bonnie++.cpp:811:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/bonnie++-2.00a/generate_randfile.cpp:35:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(optarg, "w"); data/bonnie++-2.00a/generate_randfile.cpp:43:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int count = atoi(argv[optind]); data/bonnie++-2.00a/getc_putc.cpp:122:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fname, O_CREAT | O_TRUNC | O_RDWR, S_IRUSR | S_IWUSR); data/bonnie++-2.00a/getc_putc.cpp:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1 << 20]; data/bonnie++-2.00a/getc_putc_helper.cpp:18:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int size = atoi(argv[1]); data/bonnie++-2.00a/port.h:35:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define file_open open data/bonnie++-2.00a/rand.cpp:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[12]; data/bonnie++-2.00a/rand.cpp:46:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%u", num); data/bonnie++-2.00a/sync.cpp:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/bonnie++-2.00a/util.cpp:10:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int size = atoi(str); data/bonnie++-2.00a/zcav.cpp:208:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mz.setLoops(atoi(optarg)); data/bonnie++-2.00a/zcav.cpp:230:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mz.setSkipRate(atoi(optarg)); data/bonnie++-2.00a/zcav_io.cpp:44:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_log = fopen(log, "w"); data/bonnie++-2.00a/bon_add.cpp:122:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(delim); data/bonnie++-2.00a/bon_csv2html.cpp:190:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(data[row_ind][column_ind] && strlen(data[row_ind][column_ind])) data/bonnie++-2.00a/bon_csv2html.cpp:469:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(delim); data/bonnie++-2.00a/bon_file.cpp:107:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int num_rand_chars = strlen(rand_chars); data/bonnie++-2.00a/bon_file.cpp:128:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf += strlen(buf); data/bonnie++-2.00a/bon_file.cpp:146:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf += strlen(buf) + 1; data/bonnie++-2.00a/bon_file.cpp:248:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_dirname = new char[strlen(dirname) + 1]; data/bonnie++-2.00a/bon_file.cpp:521:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(to_read != read(fd, static_cast<void *>(m_buf), to_read)) data/bonnie++-2.00a/bon_io.cpp:41:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , m_name(PCHAR(malloc(strlen(parent->m_name) + 5))) data/bonnie++-2.00a/bon_io.cpp:175:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int rc = read(m_fd, buf, m_chunk_size - total); data/bonnie++-2.00a/bon_io.cpp:200:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read(m_fd, &next, 1) != 1) data/bonnie++-2.00a/bon_io.cpp:239:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_name = PCHAR(malloc(strlen(base_name) + 5)); data/bonnie++-2.00a/bon_time.cpp:217:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ind = strlen(buf); data/bonnie++-2.00a/bon_time.cpp:231:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ind = strlen(buf) - 1; data/bonnie++-2.00a/bon_time.cpp:262:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tmp = size_buf + strlen(size_buf); data/bonnie++-2.00a/bon_time.cpp:270:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(tmp); data/bonnie++-2.00a/bon_time.cpp:277:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(tmp); data/bonnie++-2.00a/bon_time.cpp:284:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(tmp); data/bonnie++-2.00a/bon_time.cpp:291:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(tmp) - 1; data/bonnie++-2.00a/bon_time.cpp:303:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(tmp); data/bonnie++-2.00a/bon_time.cpp:320:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int offset = txt_machine_size - strlen(size_buf) - 2; data/bonnie++-2.00a/bon_time.cpp:378:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = &buf[strlen(buf)]; data/bonnie++-2.00a/bon_time.cpp:401:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(tmp); data/bonnie++-2.00a/bon_time.cpp:423:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = &buf[strlen(buf)]; data/bonnie++-2.00a/bon_time.cpp:433:8: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(tmp, ","); data/bonnie++-2.00a/bonnie++.cpp:91:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = new char[strlen(path) + 15]; data/bonnie++-2.00a/getc_putc.cpp:118:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fname = new char[22 + strlen(dir)]; data/bonnie++-2.00a/getc_putc.cpp:170:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). TEST_FUNC_READ("read(fd, &c, 1)", if(read(FILE_FD, (void *)&c, 1) != 1), res[Read]); data/bonnie++-2.00a/getc_putc.cpp:172:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *prog = new char[strlen(argv[0]) + 30]; data/bonnie++-2.00a/getc_putc.cpp:175:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(prog, "q"); data/bonnie++-2.00a/getc_putc.cpp:209:37: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). TEST_FUNC_READ("getc()", if( (c = getc(fp)) == EOF), res[Getc]); data/bonnie++-2.00a/getc_putc_helper.cpp:21:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(argv[1][strlen(argv[1]) - 1] == 'q') data/bonnie++-2.00a/getc_putc_helper.cpp:48:47: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). TEST_FUNC_READ("getc() no thread", if( (c = getc(fp)) == EOF), res[1]); data/bonnie++-2.00a/rand.cpp:23:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(size_t(read(fd, m_arr, size * sizeof(int))) != size * sizeof(int)) data/bonnie++-2.00a/thread.cpp:134:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(size != read(m_read, buf, size) ) data/bonnie++-2.00a/util.cpp:11:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char c = tolower(str[strlen(str) - 1]); data/bonnie++-2.00a/zcav_io.cpp:214:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(m_fd, m_buf, count - total); ANALYSIS SUMMARY: Hits = 130 Lines analyzed = 5107 in approximately 0.14 seconds (37371 lines/second) Physical Source Lines of Code (SLOC) = 4519 Hits@level = [0] 257 [1] 37 [2] 60 [3] 7 [4] 26 [5] 0 Hits@level+ = [0+] 387 [1+] 130 [2+] 93 [3+] 33 [4+] 26 [5+] 0 Hits/KSLOC@level+ = [0+] 85.6384 [1+] 28.7674 [2+] 20.5798 [3+] 7.3025 [4+] 5.75349 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.