stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/firmware-tomu-2.0~rc7/booster/booster.h
Examining data/firmware-tomu-2.0~rc7/booster/main.c
Examining data/firmware-tomu-2.0~rc7/booster/make-booster.c
Examining data/firmware-tomu-2.0~rc7/booster/xxhash.c
Examining data/firmware-tomu-2.0~rc7/booster/xxhash.h
Examining data/firmware-tomu-2.0~rc7/tests/secure-erase/pass-1/main.c
Examining data/firmware-tomu-2.0~rc7/tests/secure-erase/pass-2/main.c
Examining data/firmware-tomu-2.0~rc7/toboot/dfu.c
Examining data/firmware-tomu-2.0~rc7/toboot/dfu.h
Examining data/firmware-tomu-2.0~rc7/toboot/main.c
Examining data/firmware-tomu-2.0~rc7/toboot/mcu.h
Examining data/firmware-tomu-2.0~rc7/toboot/reset_handler.c
Examining data/firmware-tomu-2.0~rc7/toboot/toboot-api.h
Examining data/firmware-tomu-2.0~rc7/toboot/toboot-internal.h
Examining data/firmware-tomu-2.0~rc7/toboot/toboot.c
Examining data/firmware-tomu-2.0~rc7/toboot/updater.c
Examining data/firmware-tomu-2.0~rc7/toboot/usb_desc.c
Examining data/firmware-tomu-2.0~rc7/toboot/usb_desc.h
Examining data/firmware-tomu-2.0~rc7/toboot/usb_dev.c
Examining data/firmware-tomu-2.0~rc7/toboot/usb_dev.h
Examining data/firmware-tomu-2.0~rc7/toboot/vectors.c
Examining data/firmware-tomu-2.0~rc7/toboot/webusb_defs.h
Examining data/firmware-tomu-2.0~rc7/toboot/xxhash.c
Examining data/firmware-tomu-2.0~rc7/toboot/xxhash.h

FINAL RESULTS:

data/firmware-tomu-2.0~rc7/booster/make-booster.c:30:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int booster_fd = open(BOOSTER_BIN, O_RDONLY);
data/firmware-tomu-2.0~rc7/booster/make-booster.c:36:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int infile_fd = open(infile_name, O_RDONLY);
data/firmware-tomu-2.0~rc7/booster/make-booster.c:42:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int outfile_fd = open(outfile_name, O_WRONLY | O_CREAT | O_TRUNC, 0777);
data/firmware-tomu-2.0~rc7/booster/xxhash.c:112:76:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); }
data/firmware-tomu-2.0~rc7/booster/xxhash.c:370:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstState, srcState, sizeof(*dstState));
data/firmware-tomu-2.0~rc7/booster/xxhash.c:382:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/firmware-tomu-2.0~rc7/booster/xxhash.c:523:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &hash, sizeof(*dst));
data/firmware-tomu-2.0~rc7/booster/xxhash.c:751:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstState, srcState, sizeof(*dstState));
data/firmware-tomu-2.0~rc7/booster/xxhash.c:763:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/firmware-tomu-2.0~rc7/booster/xxhash.c:904:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &hash, sizeof(*dst));
data/firmware-tomu-2.0~rc7/booster/xxhash.h:204:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
data/firmware-tomu-2.0~rc7/booster/xxhash.h:239:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
data/firmware-tomu-2.0~rc7/tests/secure-erase/pass-1/main.c:14:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((uint32_t *)0x20000008, secure_data1, 16);
data/firmware-tomu-2.0~rc7/tests/secure-erase/pass-1/main.c:15:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((uint32_t *)0x2000000c, secure_data2, 16);
data/firmware-tomu-2.0~rc7/toboot/dfu.c:88:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
void *memcpy(void *dst, const void *src, size_t cnt) {
data/firmware-tomu-2.0~rc7/toboot/dfu.c:232:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(((uint8_t *)dfu_buffer) + packetOffset, data, packetLength);
data/firmware-tomu-2.0~rc7/toboot/usb_dev.c:44:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
void *memcpy(void *dst, const void *src, size_t cnt);
data/firmware-tomu-2.0~rc7/toboot/usb_dev.c:48:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ctrl_send_buf[USB_MAX_PACKET_SIZE] __attribute__((aligned(4)));
data/firmware-tomu-2.0~rc7/toboot/usb_dev.c:239:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(data_p->addr, buf, buflen);
data/firmware-tomu-2.0~rc7/toboot/xxhash.c:112:76:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); }
data/firmware-tomu-2.0~rc7/toboot/xxhash.c:370:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstState, srcState, sizeof(*dstState));
data/firmware-tomu-2.0~rc7/toboot/xxhash.c:382:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/firmware-tomu-2.0~rc7/toboot/xxhash.c:523:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &hash, sizeof(*dst));
data/firmware-tomu-2.0~rc7/toboot/xxhash.c:751:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstState, srcState, sizeof(*dstState));
data/firmware-tomu-2.0~rc7/toboot/xxhash.c:763:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/firmware-tomu-2.0~rc7/toboot/xxhash.c:904:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &hash, sizeof(*dst));
data/firmware-tomu-2.0~rc7/toboot/xxhash.h:204:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
data/firmware-tomu-2.0~rc7/toboot/xxhash.h:239:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
data/firmware-tomu-2.0~rc7/booster/make-booster.c:57:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (sizeof(b) != read(booster_fd, &b, sizeof(b))) {
data/firmware-tomu-2.0~rc7/booster/make-booster.c:68:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(infile_fd, toboot_buffer, sizeof(toboot_buffer)) != sizeof(toboot_buffer)) {

ANALYSIS SUMMARY:

Hits = 30
Lines analyzed = 10082 in approximately 0.46 seconds (22017 lines/second)
Physical Source Lines of Code (SLOC) = 7742
Hits@level = [0]   1 [1]   2 [2]  28 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  31 [1+]  30 [2+]  28 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 4.00413 [1+] 3.87497 [2+] 3.61664 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.