Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libpciaccess-0.16/include/pciaccess.h Examining data/libpciaccess-0.16/src/common_bridge.c Examining data/libpciaccess-0.16/src/common_iterator.c Examining data/libpciaccess-0.16/src/common_init.c Examining data/libpciaccess-0.16/src/common_interface.c Examining data/libpciaccess-0.16/src/common_io.c Examining data/libpciaccess-0.16/src/common_capability.c Examining data/libpciaccess-0.16/src/common_device_name.c Examining data/libpciaccess-0.16/src/common_map.c Examining data/libpciaccess-0.16/src/pciaccess_private.h Examining data/libpciaccess-0.16/src/common_vgaarb_stub.c Examining data/libpciaccess-0.16/src/common_vgaarb.c Examining data/libpciaccess-0.16/src/x86_pci.c Examining data/libpciaccess-0.16/src/x86_pci.h Examining data/libpciaccess-0.16/src/freebsd_pci.c Examining data/libpciaccess-0.16/src/hurd_pci.c Examining data/libpciaccess-0.16/src/linux_sysfs.c Examining data/libpciaccess-0.16/src/linux_devmem.c Examining data/libpciaccess-0.16/src/linux_devmem.h Examining data/libpciaccess-0.16/src/netbsd_pci.c Examining data/libpciaccess-0.16/src/openbsd_pci.c Examining data/libpciaccess-0.16/src/solx_devfs.c Examining data/libpciaccess-0.16/src/pci_tools.h Examining data/libpciaccess-0.16/scanpci/scanpci.c FINAL RESULTS: data/libpciaccess-0.16/scanpci/scanpci.c:46:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, format "\n", ## args) data/libpciaccess-0.16/src/hurd_pci.c:67:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. struct pci_system system; data/libpciaccess-0.16/src/hurd_pci.c:461:30: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pci_sys = &pci_sys_hurd->system; data/libpciaccess-0.16/src/x86_pci.c:210:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #error How to enable IO ports on this system? data/libpciaccess-0.16/scanpci/scanpci.c:214:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "v")) != -1) { data/libpciaccess-0.16/src/x86_pci.c:117:13: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. lib = LoadLibrary("WinIo64.dll"); data/libpciaccess-0.16/src/x86_pci.c:119:13: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. lib = LoadLibrary("WinIo32.dll"); data/libpciaccess-0.16/src/common_device_name.c:86:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). result = fopen(PCIIDS_PATH "/pci.ids", "re"); data/libpciaccess-0.16/src/common_device_name.c:91:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(PCIIDS_PATH "/pci.ids", "r"); data/libpciaccess-0.16/src/common_device_name.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/libpciaccess-0.16/src/common_iterator.c:87:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy( & iter->match.slot, match, sizeof( *match ) ); data/libpciaccess-0.16/src/common_iterator.c:123:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy( & iter->match.id, match, sizeof( *match ) ); data/libpciaccess-0.16/src/common_vgaarb.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32]; data/libpciaccess-0.16/src/common_vgaarb.c:129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE + 1]; /* reading BUFSIZE characters, + 1 for NULL */ data/libpciaccess-0.16/src/common_vgaarb.c:135:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((pci_sys->vgaarb_fd = open ("/dev/vga_arbiter", O_RDWR | O_CLOEXEC)) < 0) { data/libpciaccess-0.16/src/common_vgaarb.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE + 1]; /* reading BUFSIZE characters, + 1 for NULL */ data/libpciaccess-0.16/src/common_vgaarb.c:261:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE + 1]; /* reading BUFSIZE characters, + 1 for NULL */ data/libpciaccess-0.16/src/common_vgaarb.c:290:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/libpciaccess-0.16/src/common_vgaarb.c:308:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/libpciaccess-0.16/src/common_vgaarb.c:326:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/libpciaccess-0.16/src/freebsd_pci.c:130:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/mem", O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/freebsd_pci.c:179:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/mem", O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/freebsd_pci.c:228:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &io.pi_data, toread ); data/libpciaccess-0.16/src/freebsd_pci.c:262:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &io.pi_data, data, towrite ); data/libpciaccess-0.16/src/freebsd_pci.c:319:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). memfd = open( "/dev/mem", O_RDONLY | O_CLOEXEC ); data/libpciaccess-0.16/src/freebsd_pci.c:330:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buffer, bios, dev->rom_size ); data/libpciaccess-0.16/src/freebsd_pci.c:453:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret->fd = open( "/dev/io", O_RDWR | O_CLOEXEC ); data/libpciaccess-0.16/src/freebsd_pci.c:645:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pcidev = open( "/dev/pci", O_RDWR | O_CLOEXEC ); data/libpciaccess-0.16/src/hurd_pci.c:107:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(®ions, buf, size); data/libpciaccess-0.16/src/hurd_pci.c:139:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rom, buf, size); data/libpciaccess-0.16/src/hurd_pci.c:175:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data, nread); data/libpciaccess-0.16/src/hurd_pci.c:272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char server[NAME_MAX]; data/libpciaccess-0.16/src/hurd_pci.c:277:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). romfd = open(server, O_RDONLY | O_CLOEXEC); data/libpciaccess-0.16/src/hurd_pci.c:313:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[NAME_MAX]; data/libpciaccess-0.16/src/hurd_pci.c:314:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char server[NAME_MAX]; data/libpciaccess-0.16/src/linux_devmem.c:121:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/mem", O_RDONLY, 0); data/libpciaccess-0.16/src/linux_sysfs.c:104:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pci_sys->mtrr_fd = open("/proc/mtrr", O_WRONLY | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resource[512]; data/libpciaccess-0.16/src/linux_sysfs.c:164:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDONLY | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:277:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:279:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resource[512]; data/libpciaccess-0.16/src/linux_sysfs.c:315:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open( name, O_RDONLY | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:362:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:377:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open( name, O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:436:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:458:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open( name, O_RDONLY | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:496:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:518:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open( name, O_WRONLY | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:554:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:569:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, open_flags | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:605:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:634:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, open_flags | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:747:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:757:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open( name, O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:767:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:768:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply[3]; data/libpciaccess-0.16/src/linux_sysfs.c:779:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open( name, O_RDONLY | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:795:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libpciaccess-0.16/src/linux_sysfs.c:817:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/libpciaccess-0.16/src/linux_sysfs.c:822:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret->fd = open(name, O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:839:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/libpciaccess-0.16/src/linux_sysfs.c:846:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret->fd = open(name, O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:977:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/libpciaccess-0.16/src/linux_sysfs.c:993:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, flags | O_CLOEXEC); data/libpciaccess-0.16/src/linux_sysfs.c:1002:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/mem", flags | O_CLOEXEC); data/libpciaccess-0.16/src/netbsd_pci.c:227:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &rval, toread); data/libpciaccess-0.16/src/netbsd_pci.c:250:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, data, 4); data/libpciaccess-0.16/src/netbsd_pci.c:274:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/ttyE0", O_RDONLY); data/libpciaccess-0.16/src/netbsd_pci.c:504:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, bios, rom_size); data/libpciaccess-0.16/src/netbsd_pci.c:853:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char drvname[16]; data/libpciaccess-0.16/src/netbsd_pci.c:902:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netbsd_devname[32]; data/libpciaccess-0.16/src/netbsd_pci.c:912:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pcifd = open(netbsd_devname, O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/netbsd_pci.c:934:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pcifd = open(netbsd_devname, O_RDWR); data/libpciaccess-0.16/src/openbsd_pci.c:164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, bios, rom_size); data/libpciaccess-0.16/src/openbsd_pci.c:275:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &io.pi_data, toread); data/libpciaccess-0.16/src/openbsd_pci.c:303:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&io.pi_data, data, 4); data/libpciaccess-0.16/src/openbsd_pci.c:588:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATHLEN]; data/libpciaccess-0.16/src/openbsd_pci.c:596:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pcifd[domain] = open(path, O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/pci_tools.h:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_name[MAXMODCONFNAME]; /* from kernel */ data/libpciaccess-0.16/src/pci_tools.h:141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATHLEN]; /* device path - from kernel */ data/libpciaccess-0.16/src/solx_devfs.c:296:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nexus_path[MAXPATHLEN]; data/libpciaccess-0.16/src/solx_devfs.c:422:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(nexus_path, O_RDWR | O_CLOEXEC)) >= 0) { data/libpciaccess-0.16/src/solx_devfs.c:691:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char map_dev_buf[128]; data/libpciaccess-0.16/src/solx_devfs.c:712:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((map_fd = open(map_dev, O_RDWR | O_CLOEXEC)) < 0) { data/libpciaccess-0.16/src/solx_devfs.c:760:9: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) bcopy(prom.memory, buffer, dev->rom_size); data/libpciaccess-0.16/src/solx_devfs.c:799:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(nexus->path, O_RDWR | O_CLOEXEC)) < 0) data/libpciaccess-0.16/src/solx_devfs.c:889:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(nexus->path, O_RDWR | O_CLOEXEC)) < 0) data/libpciaccess-0.16/src/x86_pci.c:444:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). memfd = open("/dev/mem", O_RDONLY | O_CLOEXEC); data/libpciaccess-0.16/src/x86_pci.c:454:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, bios, dev->rom_size); data/libpciaccess-0.16/src/x86_pci.c:597:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). memfd = open ("/dev/mem", O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/x86_pci.c:848:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int memfd = open("/dev/mem", O_RDWR | O_CLOEXEC); data/libpciaccess-0.16/src/common_device_name.c:270:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen( buf ); data/libpciaccess-0.16/src/common_interface.c:489:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return pci_sys->methods->read( dev, data, offset, size, data/libpciaccess-0.16/src/common_vgaarb.c:56:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, input, 15); data/libpciaccess-0.16/src/common_vgaarb.c:79:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, tok, 32); data/libpciaccess-0.16/src/common_vgaarb.c:139:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(pci_sys->vgaarb_fd, buf, BUFSIZE); data/libpciaccess-0.16/src/common_vgaarb.c:246:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(pci_sys->vgaarb_fd, buf, BUFSIZE); data/libpciaccess-0.16/src/common_vgaarb.c:275:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(pci_sys->vgaarb_fd, buf, BUFSIZE); data/libpciaccess-0.16/src/freebsd_pci.c:144:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(mrd.mr_owner, "pciaccess", sizeof(mrd.mr_owner)); data/libpciaccess-0.16/src/freebsd_pci.c:183:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(mrd.mr_owner, "pciaccess", sizeof(mrd.mr_owner)); data/libpciaccess-0.16/src/hurd_pci.c:281:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rd = read(romfd, buffer, dev->rom_size); data/libpciaccess-0.16/src/linux_sysfs.c:169:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, resource, 512); data/libpciaccess-0.16/src/linux_sysfs.c:323:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = read( fd, resource, 512 ); data/libpciaccess-0.16/src/linux_sysfs.c:409:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const int bytes = read( fd, (char *) buffer + total_bytes, data/libpciaccess-0.16/src/linux_sysfs.c:783:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read(fd, reply, 1); data/libpciaccess-0.16/src/pciaccess_private.h:71:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(struct pci_device * dev, void * data, pciaddr_t offset, ANALYSIS SUMMARY: Hits = 107 Lines analyzed = 10766 in approximately 0.26 seconds (41885 lines/second) Physical Source Lines of Code (SLOC) = 7162 Hits@level = [0] 92 [1] 15 [2] 85 [3] 3 [4] 4 [5] 0 Hits@level+ = [0+] 199 [1+] 107 [2+] 92 [3+] 7 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 27.7855 [1+] 14.94 [2+] 12.8456 [3+] 0.977381 [4+] 0.558503 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.