Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ddcci-driver-linux-0.3.3/ddcci-backlight/ddcci-backlight.c
Examining data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c
Examining data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h
FINAL RESULTS:
data/ddcci-driver-linux-0.3.3/ddcci-backlight/ddcci-backlight.c:41:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/ddcci-driver-linux-0.3.3/ddcci-backlight/ddcci-backlight.c:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[10];
data/ddcci-driver-linux-0.3.3/ddcci-backlight/ddcci-backlight.c:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcp_hex[3];
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:52:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char recv_buffer[DDCCI_RECV_BUFFER_SIZE];
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:277:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &recvbuf[2], (ret < len) ? ret : len);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:304:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[3] = { DDCCI_COMMAND_CAPS, 0x00, 0x00};
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:332:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, chunkbuf+3, result-3);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:367:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2] = { DDCCI_COMMAND_ID, 0x00 };
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:504:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &buffer[2], payload_len);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:507:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &buffer[2], len);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:518:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[129];
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:720:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, device->capabilities, len);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:1311:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, ptr, (len < maxlen) ? len : maxlen);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:1424:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(device->vendor, &buffer[7], 8);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:1425:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(device->module, &buffer[17], 8);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:1438:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(device->capabilities, buffer, ret);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:1485:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:1486:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2] = { DDCCI_COMMAND_ID, 0x00 };
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prot[9];
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[9];
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[9];
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9];
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module[9];
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prot[9];
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[9];
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[9];
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9];
data/ddcci-driver-linux-0.3.3/include/linux/ddcci.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module[9];
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:739:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(device->prot);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:740:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, device->prot, PAGE_SIZE);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:761:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(device->type);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:762:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, device->type, PAGE_SIZE);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:783:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(device->model);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:784:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, device->model, PAGE_SIZE);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:805:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(device->vendor);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:806:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, device->vendor, PAGE_SIZE);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:827:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(device->module);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:828:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, device->module, PAGE_SIZE);
data/ddcci-driver-linux-0.3.3/ddcci/ddcci.c:1267:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int taglen = strlen(tag);
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 2265 in approximately 0.08 seconds (28299 lines/second)
Physical Source Lines of Code (SLOC) = 1600
Hits@level = [0] 1 [1] 11 [2] 28 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 40 [1+] 39 [2+] 28 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 25 [1+] 24.375 [2+] 17.5 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.