Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fuse-umfuse-fat-0.1a/v2fuseutils.h
Examining data/fuse-umfuse-fat-0.1a/v2fuseutils.c
Examining data/fuse-umfuse-fat-0.1a/libfat.c
Examining data/fuse-umfuse-fat-0.1a/bits/libfat.h
Examining data/fuse-umfuse-fat-0.1a/utf16le.c
Examining data/fuse-umfuse-fat-0.1a/simple_fold.c
Examining data/fuse-umfuse-fat-0.1a/libfat.h
Examining data/fuse-umfuse-fat-0.1a/fusefat.c
Examining data/fuse-umfuse-fat-0.1a/utf16be.c
Examining data/fuse-umfuse-fat-0.1a/utf8.c
Examining data/fuse-umfuse-fat-0.1a/unicode.h
FINAL RESULTS:
data/fuse-umfuse-fat-0.1a/libfat.c:3225:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, path);
data/fuse-umfuse-fat-0.1a/libfat.c:3236:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, slash);
data/fuse-umfuse-fat-0.1a/bits/libfat.h:344:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zerobuf[ZERO_BFSZ];
data/fuse-umfuse-fat-0.1a/bits/libfat.h:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileName[511]; /* Utf8 filename */
data/fuse-umfuse-fat-0.1a/fusefat.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[4096];
data/fuse-umfuse-fat-0.1a/fusefat.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/fuse-umfuse-fat-0.1a/fusefat.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[4096];
data/fuse-umfuse-fat-0.1a/fusefat.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/fuse-umfuse-fat-0.1a/libfat.c:127:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
res = read(fd, (void *) &(((char *) buf)[done]), count);
data/fuse-umfuse-fat-0.1a/libfat.c:673:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[9];
data/fuse-umfuse-fat-0.1a/libfat.c:675:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(type,"FAT12 ");
data/fuse-umfuse-fat-0.1a/libfat.c:677:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(type,"FAT16 ");
data/fuse-umfuse-fat-0.1a/libfat.c:679:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(type,"FAT32 ");
data/fuse-umfuse-fat-0.1a/libfat.c:833:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fd = open(pathname, O_RDWR)) == -1 )
data/fuse-umfuse-fat-0.1a/libfat.c:836:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fd = open(pathname, O_RDONLY)) == -1 )
data/fuse-umfuse-fat-0.1a/libfat.c:840:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fd = open(pathname, O_RDONLY)) == -1 )
data/fuse-umfuse-fat-0.1a/libfat.c:1529:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8buf[521];
data/fuse-umfuse-fat-0.1a/libfat.c:1542:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dirp->d_name, utf8buf, namelen);
data/fuse-umfuse-fat-0.1a/libfat.c:1547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dirp->d_name, utf8buf, 255); // copying at most 255 utf8 bytes. the last is already 0
data/fuse-umfuse-fat-0.1a/libfat.c:1638:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( (res = find_direntry(V, (char *) parts[i] , &Clus, &Offset)) != 0 ) { //looking for the directory
data/fuse-umfuse-fat-0.1a/libfat.c:1671:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
filename=(char *) parts[parts_len - 1];
data/fuse-umfuse-fat-0.1a/libfat.c:2273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lfnname[12];
data/fuse-umfuse-fat-0.1a/libfat.c:2320:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *) sfnname,"~%-10d",i);
data/fuse-umfuse-fat-0.1a/libfat.c:2322:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sfnname, sfn->DIR_Name, 11); // we use sfname from sfn
data/fuse-umfuse-fat-0.1a/libfat.c:2333:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *) sfnname,"~%-10d",++i);
data/fuse-umfuse-fat-0.1a/libfat.c:2341:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *) sfnname,"~%-10d",++i);
data/fuse-umfuse-fat-0.1a/libfat.c:2342:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lfnname,"~%d",i);
data/fuse-umfuse-fat-0.1a/libfat.c:2372:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) dirent ,(char *) sfn, sizeof(DirEntry_t));
data/fuse-umfuse-fat-0.1a/libfat.c:2374:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(dirent->DIR_Name), sfnname, 11);
data/fuse-umfuse-fat-0.1a/libfat.c:2475:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) fst2entry, ". ", 11);
data/fuse-umfuse-fat-0.1a/libfat.c:2476:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &(fst2entry[1]), ".. ", 11);
data/fuse-umfuse-fat-0.1a/libfat.c:2506:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &(F.D), (char *) &D, sizeof(DirEnt_t));
data/fuse-umfuse-fat-0.1a/libfat.c:2541:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &D,(char *) &(F->D), sizeof(DirEnt_t));
data/fuse-umfuse-fat-0.1a/libfat.c:2790:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirnameto[4096];
data/fuse-umfuse-fat-0.1a/libfat.c:2791:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filenameto[1024];
data/fuse-umfuse-fat-0.1a/libfat.c:2803:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &F,(char *) &From, sizeof(File_t));
data/fuse-umfuse-fat-0.1a/libfat.c:3120:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ext=(char *) parts[parts_len - 1];
data/fuse-umfuse-fat-0.1a/libfat.c:127:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(fd, (void *) &(((char *) buf)[done]), count);
ANALYSIS SUMMARY:
Hits = 38
Lines analyzed = 5311 in approximately 0.18 seconds (29323 lines/second)
Physical Source Lines of Code (SLOC) = 3747
Hits@level = [0] 168 [1] 1 [2] 35 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 206 [1+] 38 [2+] 37 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 54.9773 [1+] 10.1414 [2+] 9.87457 [3+] 0.53376 [4+] 0.53376 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.