Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/esptool-2.8+dfsg/flasher_stub/include/stub_flasher.h
Examining data/esptool-2.8+dfsg/flasher_stub/include/slip.h
Examining data/esptool-2.8+dfsg/flasher_stub/include/stub_commands.h
Examining data/esptool-2.8+dfsg/flasher_stub/include/rom_functions.h
Examining data/esptool-2.8+dfsg/flasher_stub/include/miniz.h
Examining data/esptool-2.8+dfsg/flasher_stub/include/stub_write_flash.h
Examining data/esptool-2.8+dfsg/flasher_stub/include/soc_support.h
Examining data/esptool-2.8+dfsg/flasher_stub/stub_write_flash.c
Examining data/esptool-2.8+dfsg/flasher_stub/stub_flasher.c
Examining data/esptool-2.8+dfsg/flasher_stub/stub_commands.c
Examining data/esptool-2.8+dfsg/flasher_stub/miniz.c
Examining data/esptool-2.8+dfsg/flasher_stub/slip.c
FINAL RESULTS:
data/esptool-2.8+dfsg/flasher_stub/include/miniz.h:393:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE];
data/esptool-2.8+dfsg/flasher_stub/include/miniz.h:394:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];
data/esptool-2.8+dfsg/flasher_stub/miniz.c:531:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE];
data/esptool-2.8+dfsg/flasher_stub/miniz.c:532:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];
data/esptool-2.8+dfsg/flasher_stub/miniz.c:946:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint16[sizeof(mz_uint16)==2 ? 1 : -1];
data/esptool-2.8+dfsg/flasher_stub/miniz.c:947:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint32[sizeof(mz_uint32)==4 ? 1 : -1];
data/esptool-2.8+dfsg/flasher_stub/miniz.c:948:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint64[sizeof(mz_uint64)==8 ? 1 : -1];
data/esptool-2.8+dfsg/flasher_stub/miniz.c:1276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:1296:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:1376:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define TINFL_MEMCPY(d, s, l) memcpy(d, s, l)
data/esptool-2.8+dfsg/flasher_stub/miniz.c:1965:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:1966:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:2262:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:2363:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->m_dict + dst_pos, d->m_pSrc, n);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:2365:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos));
data/esptool-2.8+dfsg/flasher_stub/miniz.c:2641:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:2769:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8*)p->m_pBuf + p->m_size, pBuf, len); p->m_size = new_size;
data/esptool-2.8+dfsg/flasher_stub/miniz.c:2839:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_buf.m_pBuf, pnghdr, 41);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:2901:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/esptool-2.8+dfsg/flasher_stub/miniz.c:2917:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/esptool-2.8+dfsg/flasher_stub/miniz.c:2949:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/esptool-2.8+dfsg/flasher_stub/miniz.c:3042:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8*)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:3303:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:3441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n); pStat->m_filename[n] = '\0';
data/esptool-2.8+dfsg/flasher_stub/miniz.c:3445:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStat->m_comment, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS), n); pStat->m_comment[n] = '\0';
data/esptool-2.8+dfsg/flasher_stub/miniz.c:3459:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:4037:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:4085:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mz_uint64 cur_ofs = 0; char buf[4096]; MZ_CLEAR_OBJ(buf);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:4265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/esptool-2.8+dfsg/flasher_stub/miniz.c:4702:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:3499:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const mz_uint filename_len = (mz_uint)strlen(pFilename);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:3521:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(pName); if (name_len > 0xFFFF) return -1;
data/esptool-2.8+dfsg/flasher_stub/miniz.c:3522:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comment_len = pComment ? strlen(pComment) : 0; if (comment_len > 0xFFFF) return -1;
data/esptool-2.8+dfsg/flasher_stub/miniz.c:4313:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_name_size = strlen(pArchive_name);
data/esptool-2.8+dfsg/flasher_stub/miniz.c:4448:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_name_size = strlen(pArchive_name);
data/esptool-2.8+dfsg/flasher_stub/stub_flasher.c:66:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint16_t read; /* how many bytes have we read in the frame */
ANALYSIS SUMMARY:
Hits = 36
Lines analyzed = 7250 in approximately 0.26 seconds (27954 lines/second)
Physical Source Lines of Code (SLOC) = 5096
Hits@level = [0] 5 [1] 6 [2] 30 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 41 [1+] 36 [2+] 30 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.04553 [1+] 7.06436 [2+] 5.88697 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.