Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/liberasurecode-1.6.1/get_flags_from_cpuid.c
Examining data/liberasurecode-1.6.1/include/erasurecode/alg_sig.h
Examining data/liberasurecode-1.6.1/include/erasurecode/erasurecode.h
Examining data/liberasurecode-1.6.1/include/erasurecode/erasurecode_backend.h
Examining data/liberasurecode-1.6.1/include/erasurecode/erasurecode_helpers.h
Examining data/liberasurecode-1.6.1/include/erasurecode/erasurecode_helpers_ext.h
Examining data/liberasurecode-1.6.1/include/erasurecode/erasurecode_log.h
Examining data/liberasurecode-1.6.1/include/erasurecode/erasurecode_postprocessing.h
Examining data/liberasurecode-1.6.1/include/erasurecode/erasurecode_preprocessing.h
Examining data/liberasurecode-1.6.1/include/erasurecode/erasurecode_stdinc.h
Examining data/liberasurecode-1.6.1/include/erasurecode/erasurecode_version.h
Examining data/liberasurecode-1.6.1/include/erasurecode/list.h
Examining data/liberasurecode-1.6.1/include/erasurecode/md5.h
Examining data/liberasurecode-1.6.1/include/isa_l/isa_l_common.h
Examining data/liberasurecode-1.6.1/include/rs_vand/liberasurecode_rs_vand.h
Examining data/liberasurecode-1.6.1/include/rs_vand/rs_galois.h
Examining data/liberasurecode-1.6.1/include/xor_codes/xor_code.h
Examining data/liberasurecode-1.6.1/include/xor_codes/xor_hd_code_defs.h
Examining data/liberasurecode-1.6.1/src/backends/isa-l/isa_l_common.c
Examining data/liberasurecode-1.6.1/src/backends/isa-l/isa_l_rs_cauchy.c
Examining data/liberasurecode-1.6.1/src/backends/isa-l/isa_l_rs_vand.c
Examining data/liberasurecode-1.6.1/src/backends/jerasure/jerasure_rs_cauchy.c
Examining data/liberasurecode-1.6.1/src/backends/jerasure/jerasure_rs_vand.c
Examining data/liberasurecode-1.6.1/src/backends/null/null.c
Examining data/liberasurecode-1.6.1/src/backends/phazrio/libphazr.c
Examining data/liberasurecode-1.6.1/src/backends/rs_vand/liberasurecode_rs_vand.c
Examining data/liberasurecode-1.6.1/src/backends/shss/shss.c
Examining data/liberasurecode-1.6.1/src/backends/xor/flat_xor_hd.c
Examining data/liberasurecode-1.6.1/src/builtin/null_code/null_code.c
Examining data/liberasurecode-1.6.1/src/builtin/rs_vand/liberasurecode_rs_vand.c
Examining data/liberasurecode-1.6.1/src/builtin/rs_vand/rs_galois.c
Examining data/liberasurecode-1.6.1/src/builtin/xor_codes/xor_code.c
Examining data/liberasurecode-1.6.1/src/builtin/xor_codes/xor_hd_code.c
Examining data/liberasurecode-1.6.1/src/erasurecode.c
Examining data/liberasurecode-1.6.1/src/erasurecode_helpers.c
Examining data/liberasurecode-1.6.1/src/erasurecode_postprocessing.c
Examining data/liberasurecode-1.6.1/src/erasurecode_preprocessing.c
Examining data/liberasurecode-1.6.1/src/utils/chksum/alg_sig.c
Examining data/liberasurecode-1.6.1/src/utils/chksum/crc32.c
Examining data/liberasurecode-1.6.1/src/utils/chksum/md5.c
Examining data/liberasurecode-1.6.1/test/builtin/rs_vand/liberasurecode_rs_vand_test.c
Examining data/liberasurecode-1.6.1/test/builtin/rs_vand/rs_galois_test.c
Examining data/liberasurecode-1.6.1/test/builtin/xor_codes/test_xor_hd_code.c
Examining data/liberasurecode-1.6.1/test/builtin/xor_codes/test_xor_hd_code.h
Examining data/liberasurecode-1.6.1/test/libec_slap.c
Examining data/liberasurecode-1.6.1/test/libec_slap.h
Examining data/liberasurecode-1.6.1/test/utils/chksum/test_alg_sig.c
Examining data/liberasurecode-1.6.1/test/liberasurecode_test.c
FINAL RESULTS:
data/liberasurecode-1.6.1/include/erasurecode/erasurecode_log.h:43:5: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog (level, __VA_ARGS__)
data/liberasurecode-1.6.1/test/builtin/rs_vand/liberasurecode_rs_vand_test.c:72:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(0));
data/liberasurecode-1.6.1/test/builtin/rs_vand/liberasurecode_rs_vand_test.c:140:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(0));
data/liberasurecode-1.6.1/test/builtin/rs_vand/liberasurecode_rs_vand_test.c:223:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(0));
data/liberasurecode-1.6.1/test/builtin/xor_codes/test_xor_hd_code.c:76:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/liberasurecode-1.6.1/test/libec_slap.c:175:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/liberasurecode-1.6.1/test/utils/chksum/test_alg_sig.c:241:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/liberasurecode-1.6.1/get_flags_from_cpuid.c:66:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("compiler_flags", "w");
data/liberasurecode-1.6.1/include/erasurecode/erasurecode_backend.h:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_LEN]; /* EC backend common name */
data/liberasurecode-1.6.1/include/erasurecode/erasurecode_backend.h:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char soversion[MAX_LEN]; /* EC backend shared library version */
data/liberasurecode-1.6.1/include/erasurecode/md5.h:37:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/liberasurecode-1.6.1/src/builtin/rs_vand/liberasurecode_rs_vand.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_row, from_row, sizeof(int)*num_cols);
data/liberasurecode-1.6.1/src/builtin/xor_codes/xor_code.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, size);
data/liberasurecode-1.6.1/src/erasurecode.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ec_backends_supported_str[EC_BACKENDS_MAX];
data/liberasurecode-1.6.1/src/erasurecode.c:292:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(bargs.uargs), args, sizeof (struct ec_args));
data/liberasurecode-1.6.1/src/erasurecode.c:934:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_fragment, fragment_ptr, fragment_len);
data/liberasurecode-1.6.1/src/erasurecode.c:1054:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fragment_metadata, fragment, sizeof(struct fragment_metadata));
data/liberasurecode-1.6.1/src/erasurecode_preprocessing.c:72:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoded_data[i] + data_offset, orig_data, copy_size);
data/liberasurecode-1.6.1/src/erasurecode_preprocessing.c:160:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buf, data[i], fragment_size);
data/liberasurecode-1.6.1/src/erasurecode_preprocessing.c:199:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buf, parity[i], fragment_size);
data/liberasurecode-1.6.1/src/erasurecode_preprocessing.c:367:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(internal_payload + string_off, fragment_data, payload_size);
data/liberasurecode-1.6.1/src/utils/chksum/md5.c:226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/liberasurecode-1.6.1/src/utils/chksum/md5.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, free);
data/liberasurecode-1.6.1/src/utils/chksum/md5.c:241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/liberasurecode-1.6.1/test/builtin/rs_vand/liberasurecode_rs_vand_test.c:53:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
data/liberasurecode-1.6.1/test/builtin/rs_vand/liberasurecode_rs_vand_test.c:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(missing_bufs[i], idx < k ? data[idx] : parity[idx - k], blocksize);
data/liberasurecode-1.6.1/test/builtin/rs_vand/liberasurecode_rs_vand_test.c:247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(missing_bufs[i], idx < k ? data[idx] : parity[idx - k], blocksize);
data/liberasurecode-1.6.1/test/builtin/xor_codes/test_xor_hd_code.c:181:90: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (missing_idxs[0] > -1 && missing_idxs[0] < code_desc->k && check_buffer((unsigned char *)data[missing_idx_0], blocksize, missing_idx_0) < 0) {
data/liberasurecode-1.6.1/test/builtin/xor_codes/test_xor_hd_code.c:185:90: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (missing_idxs[1] > -1 && missing_idxs[1] < code_desc->k && check_buffer((unsigned char *)data[missing_idx_1], blocksize, missing_idx_1) < 0) {
data/liberasurecode-1.6.1/test/builtin/xor_codes/test_xor_hd_code.c:189:90: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (missing_idxs[2] > -1 && missing_idxs[2] < code_desc->k && check_buffer((unsigned char *)data[missing_idx_2], blocksize, missing_idx_2) < 0) {
data/liberasurecode-1.6.1/test/liberasurecode_test.c:361:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args, template, ec_args_size);
data/liberasurecode-1.6.1/test/liberasurecode_test.c:1774:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[sizeof(orig_header)];
data/liberasurecode-1.6.1/test/liberasurecode_test.c:1775:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header, orig_header, sizeof(orig_header));
data/liberasurecode-1.6.1/test/liberasurecode_test.c:1790:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header, orig_header, sizeof(orig_header));
data/liberasurecode-1.6.1/test/liberasurecode_test.c:1813:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[sizeof(orig_header)];
data/liberasurecode-1.6.1/test/liberasurecode_test.c:1814:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header, orig_header, sizeof(orig_header));
data/liberasurecode-1.6.1/test/liberasurecode_test.c:1829:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header, orig_header, sizeof(orig_header));
data/liberasurecode-1.6.1/test/liberasurecode_test.c:408:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*ptr++, data, data_len);
ANALYSIS SUMMARY:
Hits = 38
Lines analyzed = 13554 in approximately 1.76 seconds (7696 lines/second)
Physical Source Lines of Code (SLOC) = 9142
Hits@level = [0] 90 [1] 1 [2] 30 [3] 6 [4] 1 [5] 0
Hits@level+ = [0+] 128 [1+] 38 [2+] 37 [3+] 7 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 14.0013 [1+] 4.15664 [2+] 4.04725 [3+] 0.765697 [4+] 0.109385 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.