Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libpciaccess-0.16/include/pciaccess.h
Examining data/libpciaccess-0.16/src/common_bridge.c
Examining data/libpciaccess-0.16/src/common_iterator.c
Examining data/libpciaccess-0.16/src/common_init.c
Examining data/libpciaccess-0.16/src/common_interface.c
Examining data/libpciaccess-0.16/src/common_io.c
Examining data/libpciaccess-0.16/src/common_capability.c
Examining data/libpciaccess-0.16/src/common_device_name.c
Examining data/libpciaccess-0.16/src/common_map.c
Examining data/libpciaccess-0.16/src/pciaccess_private.h
Examining data/libpciaccess-0.16/src/common_vgaarb_stub.c
Examining data/libpciaccess-0.16/src/common_vgaarb.c
Examining data/libpciaccess-0.16/src/x86_pci.c
Examining data/libpciaccess-0.16/src/x86_pci.h
Examining data/libpciaccess-0.16/src/freebsd_pci.c
Examining data/libpciaccess-0.16/src/hurd_pci.c
Examining data/libpciaccess-0.16/src/linux_sysfs.c
Examining data/libpciaccess-0.16/src/linux_devmem.c
Examining data/libpciaccess-0.16/src/linux_devmem.h
Examining data/libpciaccess-0.16/src/netbsd_pci.c
Examining data/libpciaccess-0.16/src/openbsd_pci.c
Examining data/libpciaccess-0.16/src/solx_devfs.c
Examining data/libpciaccess-0.16/src/pci_tools.h
Examining data/libpciaccess-0.16/scanpci/scanpci.c
FINAL RESULTS:
data/libpciaccess-0.16/scanpci/scanpci.c:46:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, format "\n", ## args)
data/libpciaccess-0.16/src/hurd_pci.c:67:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct pci_system system;
data/libpciaccess-0.16/src/hurd_pci.c:461:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pci_sys = &pci_sys_hurd->system;
data/libpciaccess-0.16/src/x86_pci.c:210:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error How to enable IO ports on this system?
data/libpciaccess-0.16/scanpci/scanpci.c:214:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "v")) != -1) {
data/libpciaccess-0.16/src/x86_pci.c:117:13: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
lib = LoadLibrary("WinIo64.dll");
data/libpciaccess-0.16/src/x86_pci.c:119:13: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
lib = LoadLibrary("WinIo32.dll");
data/libpciaccess-0.16/src/common_device_name.c:86:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = fopen(PCIIDS_PATH "/pci.ids", "re");
data/libpciaccess-0.16/src/common_device_name.c:91:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(PCIIDS_PATH "/pci.ids", "r");
data/libpciaccess-0.16/src/common_device_name.c:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/libpciaccess-0.16/src/common_iterator.c:87:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy( & iter->match.slot, match, sizeof( *match ) );
data/libpciaccess-0.16/src/common_iterator.c:123:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy( & iter->match.id, match, sizeof( *match ) );
data/libpciaccess-0.16/src/common_vgaarb.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/libpciaccess-0.16/src/common_vgaarb.c:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE + 1]; /* reading BUFSIZE characters, + 1 for NULL */
data/libpciaccess-0.16/src/common_vgaarb.c:135:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pci_sys->vgaarb_fd = open ("/dev/vga_arbiter", O_RDWR | O_CLOEXEC)) < 0) {
data/libpciaccess-0.16/src/common_vgaarb.c:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE + 1]; /* reading BUFSIZE characters, + 1 for NULL */
data/libpciaccess-0.16/src/common_vgaarb.c:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE + 1]; /* reading BUFSIZE characters, + 1 for NULL */
data/libpciaccess-0.16/src/common_vgaarb.c:290:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/libpciaccess-0.16/src/common_vgaarb.c:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/libpciaccess-0.16/src/common_vgaarb.c:326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/libpciaccess-0.16/src/freebsd_pci.c:130:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/mem", O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/freebsd_pci.c:179:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/mem", O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/freebsd_pci.c:228:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &io.pi_data, toread );
data/libpciaccess-0.16/src/freebsd_pci.c:262:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &io.pi_data, data, towrite );
data/libpciaccess-0.16/src/freebsd_pci.c:319:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
memfd = open( "/dev/mem", O_RDONLY | O_CLOEXEC );
data/libpciaccess-0.16/src/freebsd_pci.c:330:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buffer, bios, dev->rom_size );
data/libpciaccess-0.16/src/freebsd_pci.c:453:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret->fd = open( "/dev/io", O_RDWR | O_CLOEXEC );
data/libpciaccess-0.16/src/freebsd_pci.c:645:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pcidev = open( "/dev/pci", O_RDWR | O_CLOEXEC );
data/libpciaccess-0.16/src/hurd_pci.c:107:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(®ions, buf, size);
data/libpciaccess-0.16/src/hurd_pci.c:139:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rom, buf, size);
data/libpciaccess-0.16/src/hurd_pci.c:175:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data, nread);
data/libpciaccess-0.16/src/hurd_pci.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[NAME_MAX];
data/libpciaccess-0.16/src/hurd_pci.c:277:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
romfd = open(server, O_RDONLY | O_CLOEXEC);
data/libpciaccess-0.16/src/hurd_pci.c:313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[NAME_MAX];
data/libpciaccess-0.16/src/hurd_pci.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[NAME_MAX];
data/libpciaccess-0.16/src/linux_devmem.c:121:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/mem", O_RDONLY, 0);
data/libpciaccess-0.16/src/linux_sysfs.c:104:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pci_sys->mtrr_fd = open("/proc/mtrr", O_WRONLY | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[512];
data/libpciaccess-0.16/src/linux_sysfs.c:164:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDONLY | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[512];
data/libpciaccess-0.16/src/linux_sysfs.c:315:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( name, O_RDONLY | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:377:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( name, O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:458:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( name, O_RDONLY | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:496:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:518:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( name, O_WRONLY | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:554:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:569:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, open_flags | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:605:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:634:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, open_flags | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:757:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( name, O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:767:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:768:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reply[3];
data/libpciaccess-0.16/src/linux_sysfs.c:779:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( name, O_RDONLY | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:795:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libpciaccess-0.16/src/linux_sysfs.c:817:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/libpciaccess-0.16/src/linux_sysfs.c:822:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret->fd = open(name, O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:839:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/libpciaccess-0.16/src/linux_sysfs.c:846:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret->fd = open(name, O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:977:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/libpciaccess-0.16/src/linux_sysfs.c:993:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, flags | O_CLOEXEC);
data/libpciaccess-0.16/src/linux_sysfs.c:1002:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/mem", flags | O_CLOEXEC);
data/libpciaccess-0.16/src/netbsd_pci.c:227:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &rval, toread);
data/libpciaccess-0.16/src/netbsd_pci.c:250:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, data, 4);
data/libpciaccess-0.16/src/netbsd_pci.c:274:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/ttyE0", O_RDONLY);
data/libpciaccess-0.16/src/netbsd_pci.c:504:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, bios, rom_size);
data/libpciaccess-0.16/src/netbsd_pci.c:853:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drvname[16];
data/libpciaccess-0.16/src/netbsd_pci.c:902:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netbsd_devname[32];
data/libpciaccess-0.16/src/netbsd_pci.c:912:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pcifd = open(netbsd_devname, O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/netbsd_pci.c:934:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pcifd = open(netbsd_devname, O_RDWR);
data/libpciaccess-0.16/src/openbsd_pci.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, bios, rom_size);
data/libpciaccess-0.16/src/openbsd_pci.c:275:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &io.pi_data, toread);
data/libpciaccess-0.16/src/openbsd_pci.c:303:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&io.pi_data, data, 4);
data/libpciaccess-0.16/src/openbsd_pci.c:588:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/libpciaccess-0.16/src/openbsd_pci.c:596:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pcifd[domain] = open(path, O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/pci_tools.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver_name[MAXMODCONFNAME]; /* from kernel */
data/libpciaccess-0.16/src/pci_tools.h:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN]; /* device path - from kernel */
data/libpciaccess-0.16/src/solx_devfs.c:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nexus_path[MAXPATHLEN];
data/libpciaccess-0.16/src/solx_devfs.c:422:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(nexus_path, O_RDWR | O_CLOEXEC)) >= 0) {
data/libpciaccess-0.16/src/solx_devfs.c:691:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_dev_buf[128];
data/libpciaccess-0.16/src/solx_devfs.c:712:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((map_fd = open(map_dev, O_RDWR | O_CLOEXEC)) < 0) {
data/libpciaccess-0.16/src/solx_devfs.c:760:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) bcopy(prom.memory, buffer, dev->rom_size);
data/libpciaccess-0.16/src/solx_devfs.c:799:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(nexus->path, O_RDWR | O_CLOEXEC)) < 0)
data/libpciaccess-0.16/src/solx_devfs.c:889:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(nexus->path, O_RDWR | O_CLOEXEC)) < 0)
data/libpciaccess-0.16/src/x86_pci.c:444:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
memfd = open("/dev/mem", O_RDONLY | O_CLOEXEC);
data/libpciaccess-0.16/src/x86_pci.c:454:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, bios, dev->rom_size);
data/libpciaccess-0.16/src/x86_pci.c:597:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
memfd = open ("/dev/mem", O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/x86_pci.c:848:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int memfd = open("/dev/mem", O_RDWR | O_CLOEXEC);
data/libpciaccess-0.16/src/common_device_name.c:270:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen( buf );
data/libpciaccess-0.16/src/common_interface.c:489:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return pci_sys->methods->read( dev, data, offset, size,
data/libpciaccess-0.16/src/common_vgaarb.c:56:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, input, 15);
data/libpciaccess-0.16/src/common_vgaarb.c:79:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, tok, 32);
data/libpciaccess-0.16/src/common_vgaarb.c:139:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(pci_sys->vgaarb_fd, buf, BUFSIZE);
data/libpciaccess-0.16/src/common_vgaarb.c:246:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(pci_sys->vgaarb_fd, buf, BUFSIZE);
data/libpciaccess-0.16/src/common_vgaarb.c:275:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(pci_sys->vgaarb_fd, buf, BUFSIZE);
data/libpciaccess-0.16/src/freebsd_pci.c:144:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(mrd.mr_owner, "pciaccess", sizeof(mrd.mr_owner));
data/libpciaccess-0.16/src/freebsd_pci.c:183:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(mrd.mr_owner, "pciaccess", sizeof(mrd.mr_owner));
data/libpciaccess-0.16/src/hurd_pci.c:281:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rd = read(romfd, buffer, dev->rom_size);
data/libpciaccess-0.16/src/linux_sysfs.c:169:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, resource, 512);
data/libpciaccess-0.16/src/linux_sysfs.c:323:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read( fd, resource, 512 );
data/libpciaccess-0.16/src/linux_sysfs.c:409:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int bytes = read( fd, (char *) buffer + total_bytes,
data/libpciaccess-0.16/src/linux_sysfs.c:783:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(fd, reply, 1);
data/libpciaccess-0.16/src/pciaccess_private.h:71:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct pci_device * dev, void * data, pciaddr_t offset,
ANALYSIS SUMMARY:
Hits = 107
Lines analyzed = 10766 in approximately 0.26 seconds (41885 lines/second)
Physical Source Lines of Code (SLOC) = 7162
Hits@level = [0] 92 [1] 15 [2] 85 [3] 3 [4] 4 [5] 0
Hits@level+ = [0+] 199 [1+] 107 [2+] 92 [3+] 7 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 27.7855 [1+] 14.94 [2+] 12.8456 [3+] 0.977381 [4+] 0.558503 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.