Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libaal-1.0.7/src/device.c
Examining data/libaal-1.0.7/src/block.c
Examining data/libaal-1.0.7/src/string.c
Examining data/libaal-1.0.7/src/malloc.c
Examining data/libaal-1.0.7/src/exception.c
Examining data/libaal-1.0.7/src/debug.c
Examining data/libaal-1.0.7/src/math.c
Examining data/libaal-1.0.7/src/stream.c
Examining data/libaal-1.0.7/src/libaal.c
Examining data/libaal-1.0.7/src/file.c
Examining data/libaal-1.0.7/src/hash.c
Examining data/libaal-1.0.7/src/list.c
Examining data/libaal-1.0.7/src/print.c
Examining data/libaal-1.0.7/src/gauge.c
Examining data/libaal-1.0.7/src/ui.c
Examining data/libaal-1.0.7/src/bitops.c
Examining data/libaal-1.0.7/include/aal/stream.h
Examining data/libaal-1.0.7/include/aal/file.h
Examining data/libaal-1.0.7/include/aal/unaligned.h
Examining data/libaal-1.0.7/include/aal/string.h
Examining data/libaal-1.0.7/include/aal/gauge.h
Examining data/libaal-1.0.7/include/aal/list.h
Examining data/libaal-1.0.7/include/aal/math.h
Examining data/libaal-1.0.7/include/aal/block.h
Examining data/libaal-1.0.7/include/aal/hash.h
Examining data/libaal-1.0.7/include/aal/print.h
Examining data/libaal-1.0.7/include/aal/device.h
Examining data/libaal-1.0.7/include/aal/exception.h
Examining data/libaal-1.0.7/include/aal/debug.h
Examining data/libaal-1.0.7/include/aal/endian.h
Examining data/libaal-1.0.7/include/aal/malloc.h
Examining data/libaal-1.0.7/include/aal/bitops.h
Examining data/libaal-1.0.7/include/aal/libaal.h
Examining data/libaal-1.0.7/include/aal/ui.h
Examining data/libaal-1.0.7/include/aal/types.h
FINAL RESULTS:
data/libaal-1.0.7/include/aal/exception.h:28:70: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__aal_check_format(printf, 3, 4);
data/libaal-1.0.7/src/print.c:16:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return vsnprintf(buff, n, format, arg_list);
data/libaal-1.0.7/include/aal/types.h:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libaal-1.0.7/include/aal/types.h:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[256];
data/libaal-1.0.7/include/aal/types.h:154:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
errno_t (*open) (aal_device_t *, void *,
data/libaal-1.0.7/include/aal/types.h:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[80];
data/libaal-1.0.7/src/debug.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[512];
data/libaal-1.0.7/src/device.c:71:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ops->open) {
data/libaal-1.0.7/src/device.c:72:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ops->open(device, person, blksize, flags))
data/libaal-1.0.7/src/device.c:92:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return device->ops->open(device, device->person,
data/libaal-1.0.7/src/file.c:85:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, flags)) == -1)
data/libaal-1.0.7/src/stream.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/libaal-1.0.7/src/string.c:194:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dest, src, n);
data/libaal-1.0.7/src/ui.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/libaal-1.0.7/src/ui.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/libaal-1.0.7/include/aal/types.h:157:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
errno_t (*read) (aal_device_t *,
data/libaal-1.0.7/include/aal/types.h:288:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int32_t (*read) (aal_stream_t *, void *, uint32_t);
data/libaal-1.0.7/src/device.c:213:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
aal_device_check_routine(device, read, return -EINVAL);
data/libaal-1.0.7/src/device.c:214:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return device->ops->read(device, buff, block, count);
data/libaal-1.0.7/src/file.c:140:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(*((int *)device->entity), buff, len) <= 0) {
data/libaal-1.0.7/src/stream.c:72:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!stream->proto->read)
data/libaal-1.0.7/src/stream.c:75:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return stream->proto->read(stream, buff, n);
data/libaal-1.0.7/src/stream.c:156:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read;
data/libaal-1.0.7/src/stream.c:160:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (read = 0; read < n; read += res) {
data/libaal-1.0.7/src/stream.c:161:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = fread(buff + read, 1,
data/libaal-1.0.7/src/stream.c:162:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n - read, file);
data/libaal-1.0.7/src/stream.c:164:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (res < n - read) {
data/libaal-1.0.7/src/stream.c:171:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->offset += read;
data/libaal-1.0.7/src/stream.c:172:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/libaal-1.0.7/src/string.c:206:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(s);
data/libaal-1.0.7/src/string.c:218:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
return strncpy(dest, src, n);
data/libaal-1.0.7/src/string.c:222:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
return strncat(dest, src, n);
ANALYSIS SUMMARY:
Hits = 32
Lines analyzed = 3741 in approximately 0.31 seconds (12154 lines/second)
Physical Source Lines of Code (SLOC) = 2461
Hits@level = [0] 1 [1] 17 [2] 13 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 33 [1+] 32 [2+] 15 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 13.4092 [1+] 13.0028 [2+] 6.09508 [3+] 0.812678 [4+] 0.812678 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.