Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libopencsd-0.14.4/decoder/include/common/comp_attach_notifier_i.h
Examining data/libopencsd-0.14.4/decoder/include/common/comp_attach_pt_t.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_code_follower.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_dcd_mngr.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_dcd_mngr_i.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_dcd_tree.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_dcd_tree_elem.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_error.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_error_logger.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_gen_elem_list.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_gen_elem_stack.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_lib_dcd_register.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_msg_logger.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_pe_context.h
Examining data/libopencsd-0.14.4/decoder/include/common/ocsd_version.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_component.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_core_arch_map.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_cs_config.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_frame_deformatter.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_gen_elem.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_pkt_decode_base.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_pkt_elem_base.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_pkt_proc_base.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_printable_elem.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_raw_buffer.h
Examining data/libopencsd-0.14.4/decoder/include/common/trc_ret_stack.h
Examining data/libopencsd-0.14.4/decoder/include/i_dec/trc_i_decode.h
Examining data/libopencsd-0.14.4/decoder/include/i_dec/trc_idec_arminst.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_abs_typed_base_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_data_raw_in_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_data_rawframe_in_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_error_log_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_gen_elem_in_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_indexer_pkt_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_indexer_src_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_instr_decode_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_pkt_in_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_pkt_raw_in_i.h
Examining data/libopencsd-0.14.4/decoder/include/interfaces/trc_tgt_mem_access_i.h
Examining data/libopencsd-0.14.4/decoder/include/mem_acc/trc_mem_acc.h
Examining data/libopencsd-0.14.4/decoder/include/mem_acc/trc_mem_acc_base.h
Examining data/libopencsd-0.14.4/decoder/include/mem_acc/trc_mem_acc_bufptr.h
Examining data/libopencsd-0.14.4/decoder/include/mem_acc/trc_mem_acc_cache.h
Examining data/libopencsd-0.14.4/decoder/include/mem_acc/trc_mem_acc_cb.h
Examining data/libopencsd-0.14.4/decoder/include/mem_acc/trc_mem_acc_cb_if.h
Examining data/libopencsd-0.14.4/decoder/include/mem_acc/trc_mem_acc_file.h
Examining data/libopencsd-0.14.4/decoder/include/mem_acc/trc_mem_acc_mapper.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/c_api/ocsd_c_api_cust_fact.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/c_api/ocsd_c_api_cust_impl.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/c_api/ocsd_c_api_custom.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/c_api/ocsd_c_api_types.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/c_api/opencsd_c_api.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv3/etmv3_decoder.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv3/trc_cmp_cfg_etmv3.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv3/trc_dcd_mngr_etmv3.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv3/trc_pkt_decode_etmv3.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv3/trc_pkt_elem_etmv3.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv3/trc_pkt_proc_etmv3.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv3/trc_pkt_types_etmv3.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv4/etmv4_decoder.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv4/trc_cmp_cfg_etmv4.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv4/trc_dcd_mngr_etmv4i.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv4/trc_etmv4_stack_elem.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv4/trc_pkt_decode_etmv4i.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv4/trc_pkt_elem_etmv4i.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv4/trc_pkt_proc_etmv4.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv4/trc_pkt_proc_etmv4i.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/etmv4/trc_pkt_types_etmv4.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/ocsd_if_types.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/ocsd_if_version.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/ptm/ptm_decoder.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/ptm/trc_cmp_cfg_ptm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/ptm/trc_dcd_mngr_ptm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/ptm/trc_pkt_decode_ptm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/ptm/trc_pkt_elem_ptm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/ptm/trc_pkt_proc_ptm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/ptm/trc_pkt_types_ptm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/stm/stm_decoder.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/stm/trc_cmp_cfg_stm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/stm/trc_dcd_mngr_stm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/stm/trc_pkt_decode_stm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/stm/trc_pkt_elem_stm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/stm/trc_pkt_proc_stm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/stm/trc_pkt_types_stm.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/trc_gen_elem_types.h
Examining data/libopencsd-0.14.4/decoder/include/opencsd/trc_pkt_types.h
Examining data/libopencsd-0.14.4/decoder/include/pkt_printers/gen_elem_printer.h
Examining data/libopencsd-0.14.4/decoder/include/pkt_printers/item_printer.h
Examining data/libopencsd-0.14.4/decoder/include/pkt_printers/pkt_printer_t.h
Examining data/libopencsd-0.14.4/decoder/include/pkt_printers/raw_frame_printer.h
Examining data/libopencsd-0.14.4/decoder/include/pkt_printers/trc_pkt_printers.h
Examining data/libopencsd-0.14.4/decoder/include/pkt_printers/trc_print_fact.h
Examining data/libopencsd-0.14.4/decoder/source/c_api/ocsd_c_api.cpp
Examining data/libopencsd-0.14.4/decoder/source/c_api/ocsd_c_api_custom_obj.cpp
Examining data/libopencsd-0.14.4/decoder/source/c_api/ocsd_c_api_custom_obj.h
Examining data/libopencsd-0.14.4/decoder/source/c_api/ocsd_c_api_obj.h
Examining data/libopencsd-0.14.4/decoder/source/etmv3/trc_cmp_cfg_etmv3.cpp
Examining data/libopencsd-0.14.4/decoder/source/etmv3/trc_pkt_decode_etmv3.cpp
Examining data/libopencsd-0.14.4/decoder/source/etmv3/trc_pkt_elem_etmv3.cpp
Examining data/libopencsd-0.14.4/decoder/source/etmv3/trc_pkt_proc_etmv3.cpp
Examining data/libopencsd-0.14.4/decoder/source/etmv3/trc_pkt_proc_etmv3_impl.cpp
Examining data/libopencsd-0.14.4/decoder/source/etmv3/trc_pkt_proc_etmv3_impl.h
Examining data/libopencsd-0.14.4/decoder/source/etmv4/trc_cmp_cfg_etmv4.cpp
Examining data/libopencsd-0.14.4/decoder/source/etmv4/trc_etmv4_stack_elem.cpp
Examining data/libopencsd-0.14.4/decoder/source/etmv4/trc_pkt_elem_etmv4i.cpp
Examining data/libopencsd-0.14.4/decoder/source/etmv4/trc_pkt_proc_etmv4i.cpp
Examining data/libopencsd-0.14.4/decoder/source/etmv4/trc_pkt_decode_etmv4i.cpp
Examining data/libopencsd-0.14.4/decoder/source/i_dec/trc_i_decode.cpp
Examining data/libopencsd-0.14.4/decoder/source/i_dec/trc_idec_arminst.cpp
Examining data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_base.cpp
Examining data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_bufptr.cpp
Examining data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_cache.cpp
Examining data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_cb.cpp
Examining data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_file.cpp
Examining data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_mapper.cpp
Examining data/libopencsd-0.14.4/decoder/source/ocsd_code_follower.cpp
Examining data/libopencsd-0.14.4/decoder/source/ocsd_dcd_tree.cpp
Examining data/libopencsd-0.14.4/decoder/source/ocsd_error.cpp
Examining data/libopencsd-0.14.4/decoder/source/ocsd_error_logger.cpp
Examining data/libopencsd-0.14.4/decoder/source/ocsd_gen_elem_list.cpp
Examining data/libopencsd-0.14.4/decoder/source/ocsd_gen_elem_stack.cpp
Examining data/libopencsd-0.14.4/decoder/source/ocsd_lib_dcd_register.cpp
Examining data/libopencsd-0.14.4/decoder/source/ocsd_msg_logger.cpp
Examining data/libopencsd-0.14.4/decoder/source/ocsd_version.cpp
Examining data/libopencsd-0.14.4/decoder/source/pkt_printers/raw_frame_printer.cpp
Examining data/libopencsd-0.14.4/decoder/source/pkt_printers/trc_print_fact.cpp
Examining data/libopencsd-0.14.4/decoder/source/ptm/trc_cmp_cfg_ptm.cpp
Examining data/libopencsd-0.14.4/decoder/source/ptm/trc_pkt_decode_ptm.cpp
Examining data/libopencsd-0.14.4/decoder/source/ptm/trc_pkt_elem_ptm.cpp
Examining data/libopencsd-0.14.4/decoder/source/ptm/trc_pkt_proc_ptm.cpp
Examining data/libopencsd-0.14.4/decoder/source/stm/trc_pkt_decode_stm.cpp
Examining data/libopencsd-0.14.4/decoder/source/stm/trc_pkt_elem_stm.cpp
Examining data/libopencsd-0.14.4/decoder/source/stm/trc_pkt_proc_stm.cpp
Examining data/libopencsd-0.14.4/decoder/source/trc_component.cpp
Examining data/libopencsd-0.14.4/decoder/source/trc_core_arch_map.cpp
Examining data/libopencsd-0.14.4/decoder/source/trc_frame_deformatter.cpp
Examining data/libopencsd-0.14.4/decoder/source/trc_frame_deformatter_impl.h
Examining data/libopencsd-0.14.4/decoder/source/trc_gen_elem.cpp
Examining data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp
Examining data/libopencsd-0.14.4/decoder/source/trc_ret_stack.cpp
Examining data/libopencsd-0.14.4/decoder/tests/ext_dcd_test_eg/c_api_echo_test/ext_dcd_echo_test.c
Examining data/libopencsd-0.14.4/decoder/tests/ext_dcd_test_eg/c_api_echo_test/ext_dcd_echo_test.h
Examining data/libopencsd-0.14.4/decoder/tests/ext_dcd_test_eg/c_api_echo_test/ext_dcd_echo_test_fact.c
Examining data/libopencsd-0.14.4/decoder/tests/ext_dcd_test_eg/c_api_echo_test/ext_dcd_echo_test_fact.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/device_info.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/device_parser.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/ini_section_names.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/snapshot_info.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/snapshot_parser.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/snapshot_parser_util.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/snapshot_reader.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/ss_key_value_names.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/ss_to_dcdtree.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/include/trace_snapshots.h
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/source/device_info.cpp
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/source/device_parser.cpp
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/source/snapshot_parser.cpp
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/source/snapshot_parser_util.cpp
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/source/snapshot_reader.cpp
Examining data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/source/ss_to_dcdtree.cpp
Examining data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c
Examining data/libopencsd-0.14.4/decoder/tests/source/mem_buff_demo.cpp
Examining data/libopencsd-0.14.4/decoder/tests/source/trc_pkt_lister.cpp
FINAL RESULTS:
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:78:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szStrBuffer,szFormatBuffer,value); // fill the buffer
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:83:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szStrBuffer,szFormatBuffer,(uint32_t)value); // fill the buffer
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:107:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szStrBuffer,"%" PRIu64 ,value);
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:111:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szStrBuffer,"%" PRIu32 ,(uint32_t)value);
data/libopencsd-0.14.4/decoder/tests/ext_dcd_test_eg/c_api_echo_test/ext_dcd_echo_test.c:329:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(coverage_message, "Element %s : %s\n",cov_elem_names[i],results[coverage[i]]);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:357:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mem_file_path,usr_snapshot_path);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:359:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mem_file_path,default_base_snapshot_path);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:360:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mem_file_path,selected_snapshot);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:361:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mem_file_path,memory_dump_filename);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:977:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(trace_file_path,usr_snapshot_path);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:979:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(trace_file_path,default_base_snapshot_path);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:980:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(trace_file_path,selected_snapshot);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:981:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(trace_file_path,trace_data_filename);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:995:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "C-API packet print test\nLibrary Version %s\n\n",ocsd_get_version_str());
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:1006:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, argv[i]);
data/libopencsd-0.14.4/decoder/source/c_api/ocsd_c_api_custom_obj.cpp:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_buffer[32];
data/libopencsd-0.14.4/decoder/source/c_api/ocsd_c_api_custom_obj.cpp:415:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num_buffer, "_%04d", m_decoder_inst.cs_id);
data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_bufptr.cpp:49:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(byteBuffer,m_p_buffer+address-m_startAddress,bytesRead);
data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_cache.cpp:78:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(byteBuffer, &m_mru[m_mru_idx].data[address - m_mru[m_mru_idx].st_addr], reqBytes);
data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_cache.cpp:126:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(byteBuffer, &m_mru[m_mru_idx].data[address - m_mru[m_mru_idx].st_addr], reqBytes);
data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_file.cpp:73:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_mem_file.open(pathToFile.c_str(), std::ifstream::binary | std::ifstream::ate);
data/libopencsd-0.14.4/decoder/source/ocsd_msg_logger.cpp:102:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_out_file.open(m_logFileName.c_str(),std::fstream::out | std::fstream::app);
data/libopencsd-0.14.4/decoder/source/trc_component.cpp:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_buffer[32];
data/libopencsd-0.14.4/decoder/source/trc_component.cpp:75:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num_buffer,"_%04d",instIDNum);
data/libopencsd-0.14.4/decoder/source/trc_frame_deformatter.cpp:251:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_buffer[64];
data/libopencsd-0.14.4/decoder/source/trc_frame_deformatter.cpp:252:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_buffer,"Input block incorrect size, must be %d byte multiple", m_alignment);
data/libopencsd-0.14.4/decoder/source/trc_frame_deformatter.cpp:500:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_ex_frm_data, m_in_block_base + m_in_block_processed + f_sync_bytes, m_ex_frm_n_bytes);
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:50:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szStrBuffer[128];
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:51:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szFormatBuffer[32];
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:77:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szFormatBuffer,"%%0%dllX",validChars); // create the format
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:82:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szFormatBuffer,"%%0%dlX",validChars); // create the format
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:88:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szStrBuffer," (%d:0)", valValidBits-1);
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:96:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szStrBuffer," ~[0x%" PRIX64 "]",value & updateMask);
data/libopencsd-0.14.4/decoder/source/trc_printable_elem.cpp:116:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szStrBuffer," (%d:0)", valValidBits-1);
data/libopencsd-0.14.4/decoder/tests/ext_dcd_test_eg/c_api_echo_test/ext_dcd_echo_test.c:123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(decoder->reg_config), p_config, sizeof(echo_dcd_cfg_t)); // copy in the config structure.
data/libopencsd-0.14.4/decoder/tests/ext_dcd_test_eg/c_api_echo_test/ext_dcd_echo_test.c:124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(decoder->lib_fns), p_lib_callbacks, sizeof(ocsd_extern_dcd_cb_fns)); // copy in the the library callbacks.
data/libopencsd-0.14.4/decoder/tests/ext_dcd_test_eg/c_api_echo_test/ext_dcd_echo_test.c:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coverage_message[256];
data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/source/snapshot_reader.cpp:118:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(iniFile.c_str());
data/libopencsd-0.14.4/decoder/tests/snapshot_parser_lib/source/snapshot_reader.cpp:144:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(iniFile.c_str());
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char packet_str[PACKET_STR_LEN];
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:288:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(packet_str, "mem_acc_cb(addr 0x%08llX, size %d, trcID 0x%02X)\n", address, reqBytes, trc_id);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:309:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dump_file = fopen(mem_file_path,"rb");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:348:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem_file_path[MAX_TRACE_FILE_PATH_LEN];
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:380:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dump_file = fopen(mem_file_path,"rb");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:427:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(packet_str,"Idx:%" OCSD_TRC_IDX_STR "; ", index_sop);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:450:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(packet_str,"**** END OF TRACE ****\n");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:470:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p_buffer,"[ ");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:475:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p_buffer+chars_printed,"0x%02X ", p_array[bytes_processed]);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:481:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p_buffer,"];");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:486:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p_buffer,"[];");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:509:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(packet_str,"Idx:%" OCSD_TRC_IDX_STR ";", index_sop);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:528:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(packet_str,"**** END OF TRACE ****\n");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:543:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(packet_str,"Idx:%" OCSD_TRC_IDX_STR "; TrcID:0x%02X; ", index_sop, trc_chan_id);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:556:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(packet_str,"Unable to create element string\n");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:961:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trace_file_path[MAX_TRACE_FILE_PATH_LEN];
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:963:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[512];
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:983:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trace_data = fopen(trace_file_path,"rb");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:1011:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message, "\n\n");
data/libopencsd-0.14.4/decoder/tests/source/mem_buff_demo.cpp:149:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename.c_str(), "rb");
data/libopencsd-0.14.4/decoder/tests/source/mem_buff_demo.cpp:169:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename.c_str(), "rb");
data/libopencsd-0.14.4/decoder/tests/source/mem_buff_demo.cpp:341:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(byteBuffer, program_image_buffer + (address - program_image_address), read_bytes);
data/libopencsd-0.14.4/decoder/tests/source/mem_buff_demo.cpp:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/libopencsd-0.14.4/decoder/tests/source/mem_buff_demo.cpp:410:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Processed %u bytes out of %u\n", bytes_done, input_trace_data_size);
data/libopencsd-0.14.4/decoder/tests/source/trc_pkt_lister.cpp:576:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(tree_creator.getBufferFileName(),std::ifstream::in | std::ifstream::binary);
data/libopencsd-0.14.4/decoder/source/c_api/ocsd_c_api.cpp:344:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer,pktStr.c_str(),buffer_size-1);
data/libopencsd-0.14.4/decoder/source/c_api/ocsd_c_api.cpp:359:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer,str.c_str(),buffer_size -1);
data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_file.cpp:216:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_mem_file.read((char *)byteBuffer,bytesRead);
data/libopencsd-0.14.4/decoder/source/mem_acc/trc_mem_acc_file.cpp:229:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_mem_file.read((char *)byteBuffer,bytesRead);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:200:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((idx >= argc) || (strlen(argv[idx]) == 0))
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:207:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[idx]);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:428:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(packet_str);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:437:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(packet_str) == PACKET_STR_LEN - 1) /* maximum length */
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:440:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(packet_str,"\n");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:510:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(packet_str);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:517:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(packet_str) == PACKET_STR_LEN - 1) /* maximum length */
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:520:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(packet_str,"\n");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:544:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(packet_str);
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:549:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(packet_str) == PACKET_STR_LEN - 1) /* maximum length */
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:552:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(packet_str,"\n");
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:1003:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i]) + 1;
data/libopencsd-0.14.4/decoder/tests/source/c_api_pkt_print_test.c:1007:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(message, " ");
data/libopencsd-0.14.4/decoder/tests/source/trc_pkt_lister.cpp:589:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char *)&trace_buffer[0], 512 - 8);
data/libopencsd-0.14.4/decoder/tests/source/trc_pkt_lister.cpp:592:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char *)&trace_buffer[0],bufferSize); // load a block of data into the buffer
data/libopencsd-0.14.4/decoder/tests/source/trc_pkt_lister.cpp:638:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char *)&trace_buffer[0], 8);
ANALYSIS SUMMARY:
Hits = 84
Lines analyzed = 39050 in approximately 1.09 seconds (35663 lines/second)
Physical Source Lines of Code (SLOC) = 24109
Hits@level = [0] 26 [1] 20 [2] 49 [3] 0 [4] 15 [5] 0
Hits@level+ = [0+] 110 [1+] 84 [2+] 64 [3+] 15 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 4.56261 [1+] 3.48418 [2+] 2.65461 [3+] 0.622174 [4+] 0.622174 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.