Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gr-iio-0.3/include/iio/api.h
Examining data/gr-iio-0.3/include/iio/attr_sink.h
Examining data/gr-iio-0.3/include/iio/attr_source.h
Examining data/gr-iio-0.3/include/iio/converter_ss.h
Examining data/gr-iio-0.3/include/iio/device_sink.h
Examining data/gr-iio-0.3/include/iio/device_source.h
Examining data/gr-iio-0.3/include/iio/fmcomms2_sink.h
Examining data/gr-iio-0.3/include/iio/fmcomms2_source.h
Examining data/gr-iio-0.3/include/iio/fmcomms5_sink.h
Examining data/gr-iio-0.3/include/iio/fmcomms5_source.h
Examining data/gr-iio-0.3/include/iio/math.h
Examining data/gr-iio-0.3/include/iio/modulo_const_ff.h
Examining data/gr-iio-0.3/include/iio/modulo_ff.h
Examining data/gr-iio-0.3/include/iio/pluto_sink.h
Examining data/gr-iio-0.3/include/iio/pluto_source.h
Examining data/gr-iio-0.3/include/iio/power_ff.h
Examining data/gr-iio-0.3/lib/converter_ss_impl.cc
Examining data/gr-iio-0.3/lib/fmcomms2_sink_impl.cc
Examining data/gr-iio-0.3/lib/fmcomms5_sink_impl.cc
Examining data/gr-iio-0.3/lib/fmcomms5_source_impl.cc
Examining data/gr-iio-0.3/lib/iio_modulo_const_ff_impl.cc
Examining data/gr-iio-0.3/lib/iio_modulo_ff_impl.cc
Examining data/gr-iio-0.3/lib/iio_power_ff_impl.cc
Examining data/gr-iio-0.3/lib/pluto_sink_impl.cc
Examining data/gr-iio-0.3/lib/pluto_source_impl.cc
Examining data/gr-iio-0.3/lib/device_sink_impl.cc
Examining data/gr-iio-0.3/lib/fmcomms2_source_impl.cc
Examining data/gr-iio-0.3/lib/attr_sink_impl.cc
Examining data/gr-iio-0.3/lib/iio_math_gen_impl.cc
Examining data/gr-iio-0.3/lib/attr_sink_impl.h
Examining data/gr-iio-0.3/lib/attr_source_impl.h
Examining data/gr-iio-0.3/lib/converter_ss_impl.h
Examining data/gr-iio-0.3/lib/device_sink_impl.h
Examining data/gr-iio-0.3/lib/device_source_impl.h
Examining data/gr-iio-0.3/lib/fmcomms2_sink_impl.h
Examining data/gr-iio-0.3/lib/fmcomms2_source_impl.h
Examining data/gr-iio-0.3/lib/fmcomms5_sink_impl.h
Examining data/gr-iio-0.3/lib/fmcomms5_source_impl.h
Examining data/gr-iio-0.3/lib/iio_math_impl.cc
Examining data/gr-iio-0.3/lib/iio_math_impl.h
Examining data/gr-iio-0.3/lib/iio_modulo_const_ff_impl.h
Examining data/gr-iio-0.3/lib/iio_modulo_ff_impl.h
Examining data/gr-iio-0.3/lib/iio_power_ff_impl.h
Examining data/gr-iio-0.3/lib/pluto_sink_impl.h
Examining data/gr-iio-0.3/lib/pluto_source_impl.h
Examining data/gr-iio-0.3/lib/attr_source_impl.cc
Examining data/gr-iio-0.3/lib/device_source_impl.cc
FINAL RESULTS:
data/gr-iio-0.3/lib/attr_sink_impl.cc:86:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error, "Failed to enabled register for device: %s [%d]", device.c_str(), ret);
data/gr-iio-0.3/lib/attr_sink_impl.cc:149:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error, "Attribute write '%s' failed to %s:%s:%s\n", value.c_str(),
data/gr-iio-0.3/lib/attr_source_impl.cc:123:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error, "Failed to enabled register for device: %s [%d]", device.c_str(), ret);
data/gr-iio-0.3/lib/attr_sink_impl.cc:85:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[1024];
data/gr-iio-0.3/lib/attr_sink_impl.cc:148:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[1024];
data/gr-iio-0.3/lib/attr_source_impl.cc:122:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[1024];
data/gr-iio-0.3/lib/device_sink_impl.cc:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/gr-iio-0.3/lib/device_source_impl.cc:309:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/gr-iio-0.3/lib/device_source_impl.cc:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/gr-iio-0.3/lib/iio_power_ff_impl.cc:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, input_items[0], noi*sizeof(float));
data/gr-iio-0.3/lib/device_source_impl.cc:451:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifs.read(buffer, length);
ANALYSIS SUMMARY:
Hits = 11
Lines analyzed = 4958 in approximately 0.26 seconds (18986 lines/second)
Physical Source Lines of Code (SLOC) = 3160
Hits@level = [0] 3 [1] 1 [2] 7 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 14 [1+] 11 [2+] 10 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 4.43038 [1+] 3.48101 [2+] 3.16456 [3+] 0.949367 [4+] 0.949367 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.