Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libxi-1.7.10/include/X11/extensions/XInput2.h
Examining data/libxi-1.7.10/include/X11/extensions/XInput.h
Examining data/libxi-1.7.10/src/XGetKMap.c
Examining data/libxi-1.7.10/src/XGMotion.c
Examining data/libxi-1.7.10/src/XSetMMap.c
Examining data/libxi-1.7.10/src/XListDev.c
Examining data/libxi-1.7.10/src/XGetDCtl.c
Examining data/libxi-1.7.10/src/XExtToWire.c
Examining data/libxi-1.7.10/src/XAllowDv.c
Examining data/libxi-1.7.10/src/XDevBell.c
Examining data/libxi-1.7.10/src/XGrabDev.c
Examining data/libxi-1.7.10/src/XGetDProp.c
Examining data/libxi-1.7.10/src/XGetCPtr.c
Examining data/libxi-1.7.10/src/XUngrDvK.c
Examining data/libxi-1.7.10/src/XGetVers.c
Examining data/libxi-1.7.10/src/XIQueryPointer.c
Examining data/libxi-1.7.10/src/XGetFCtl.c
Examining data/libxi-1.7.10/src/XGrDvKey.c
Examining data/libxi-1.7.10/src/XSelect.c
Examining data/libxi-1.7.10/src/XSndExEv.c
Examining data/libxi-1.7.10/src/XDelDProp.c
Examining data/libxi-1.7.10/src/XChgProp.c
Examining data/libxi-1.7.10/src/XGtSelect.c
Examining data/libxi-1.7.10/src/XIProperties.c
Examining data/libxi-1.7.10/src/XIHierarchy.c
Examining data/libxi-1.7.10/src/XChgKMap.c
Examining data/libxi-1.7.10/src/XIPassiveGrab.c
Examining data/libxi-1.7.10/src/XIBarrier.c
Examining data/libxi-1.7.10/src/XSetMode.c
Examining data/libxi-1.7.10/src/XSetBMap.c
Examining data/libxi-1.7.10/src/XExtInt.c
Examining data/libxi-1.7.10/src/XIQueryDevice.c
Examining data/libxi-1.7.10/src/XIint.h
Examining data/libxi-1.7.10/src/XGtFocus.c
Examining data/libxi-1.7.10/src/XChgDCtl.c
Examining data/libxi-1.7.10/src/XChgFCtl.c
Examining data/libxi-1.7.10/src/XIWarpPointer.c
Examining data/libxi-1.7.10/src/XIQueryVersion.c
Examining data/libxi-1.7.10/src/XOpenDev.c
Examining data/libxi-1.7.10/src/XFreeLst.c
Examining data/libxi-1.7.10/src/XIAllowEvents.c
Examining data/libxi-1.7.10/src/XSetDVal.c
Examining data/libxi-1.7.10/src/XQueryDv.c
Examining data/libxi-1.7.10/src/XISetDevFocus.c
Examining data/libxi-1.7.10/src/XStFocus.c
Examining data/libxi-1.7.10/src/XUngrDev.c
Examining data/libxi-1.7.10/src/XUngrDvB.c
Examining data/libxi-1.7.10/src/XChgPnt.c
Examining data/libxi-1.7.10/src/XIDefineCursor.c
Examining data/libxi-1.7.10/src/XISetCPtr.c
Examining data/libxi-1.7.10/src/XChgKbd.c
Examining data/libxi-1.7.10/src/XGetBMap.c
Examining data/libxi-1.7.10/src/XIGetDevFocus.c
Examining data/libxi-1.7.10/src/XCloseDev.c
Examining data/libxi-1.7.10/src/XGrDvBut.c
Examining data/libxi-1.7.10/src/XGetMMap.c
Examining data/libxi-1.7.10/src/XISelEv.c
Examining data/libxi-1.7.10/src/XGetProp.c
Examining data/libxi-1.7.10/src/XIGrabDevice.c
Examining data/libxi-1.7.10/src/XListDProp.c
Examining data/libxi-1.7.10/src/XChDProp.c
FINAL RESULTS:
data/libxi-1.7.10/include/X11/extensions/XInput.h:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[64];
data/libxi-1.7.10/include/X11/extensions/XInput.h:394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keys[32];
data/libxi-1.7.10/include/X11/extensions/XInput.h:405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttons[32];
data/libxi-1.7.10/include/X11/extensions/XInput.h:521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auto_repeats[32];
data/libxi-1.7.10/include/X11/extensions/XInput.h:923:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keys[32];
data/libxi-1.7.10/include/X11/extensions/XInput.h:934:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttons[32];
data/libxi-1.7.10/src/XExtInt.c:754:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&kstev->keys[0], (char *)&sev->keys[0], 4);
data/libxi-1.7.10/src/XExtInt.c:763:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)bev->buttons, (char *)sev->buttons, 4);
data/libxi-1.7.10/src/XExtInt.c:812:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&kv->keys[4], (char *)ksev->keys, 28);
data/libxi-1.7.10/src/XExtInt.c:839:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&bv->buttons[4], (char *)bsev->buttons, 28);
data/libxi-1.7.10/src/XExtInt.c:1170:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->info, in->info, in->num_info * sizeof(XIHierarchyInfo));
data/libxi-1.7.10/src/XExtInt.c:1244:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bout->state.mask, bin->state.mask,
data/libxi-1.7.10/src/XExtInt.c:1248:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bout->labels, bin->labels, bout->num_buttons * sizeof(Atom));
data/libxi-1.7.10/src/XExtInt.c:1264:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kout->keycodes, kin->keycodes, kout->num_keycodes * sizeof(int));
data/libxi-1.7.10/src/XExtInt.c:1317:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->buttons.mask, in->buttons.mask,
data/libxi-1.7.10/src/XExtInt.c:1320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->valuators.mask, in->valuators.mask,
data/libxi-1.7.10/src/XExtInt.c:1323:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->valuators.values, in->valuators.values,
data/libxi-1.7.10/src/XExtInt.c:1349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->buttons.mask, in->buttons.mask, out->buttons.mask_len);
data/libxi-1.7.10/src/XExtInt.c:1408:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->valuators.mask, in->valuators.mask, out->valuators.mask_len);
data/libxi-1.7.10/src/XExtInt.c:1411:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->valuators.values, in->valuators.values, bits * sizeof(double));
data/libxi-1.7.10/src/XExtInt.c:1414:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->raw_values, in->raw_values, bits * sizeof(double));
data/libxi-1.7.10/src/XExtInt.c:1555:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->buttons.mask, ptr, out->buttons.mask_len);
data/libxi-1.7.10/src/XExtInt.c:1560:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->valuators.mask, ptr, out->valuators.mask_len);
data/libxi-1.7.10/src/XExtInt.c:1677:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cls_lib->state.mask, &cls_wire[1],
data/libxi-1.7.10/src/XExtInt.c:1708:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cls_lib->keycodes, &cls_wire[1],
data/libxi-1.7.10/src/XExtInt.c:1889:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->valuators.mask, &in[1], out->valuators.mask_len);
data/libxi-1.7.10/src/XExtInt.c:1952:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->buttons.mask, &in[1], out->buttons.mask_len);
data/libxi-1.7.10/src/XExtToWire.c:374:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(sev->keys), (char *)(k->keys), 4);
data/libxi-1.7.10/src/XExtToWire.c:382:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(kev->keys), (char *)(&k->keys[4]), 28);
data/libxi-1.7.10/src/XExtToWire.c:390:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(sev->buttons), (char *)(b->buttons), 4);
data/libxi-1.7.10/src/XExtToWire.c:398:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(bev->buttons), (char *)(&b->buttons[4]),
data/libxi-1.7.10/src/XGetBMap.c:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mapping[256]; /* known fixed size */
data/libxi-1.7.10/src/XGetBMap.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map, mapping, MIN((int)rep.nElts, nmap));
data/libxi-1.7.10/src/XGetFCtl.c:178:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&K->auto_repeats[0],
data/libxi-1.7.10/src/XGetFCtl.c:229:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)S->syms_supported, (char *)(s + 1),
data/libxi-1.7.10/src/XIGrabDevice.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, mask->mask, mask->mask_len);
data/libxi-1.7.10/src/XIPassiveGrab.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, mask->mask, mask->mask_len);
data/libxi-1.7.10/src/XISelEv.c:109:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, current->mask, current->mask_len);
data/libxi-1.7.10/src/XISelEv.c:201:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mask_out[i].mask, &mi[1], mask_out[i].mask_len);
data/libxi-1.7.10/src/XListDev.c:267:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Nptr, nptr + 1, *nptr);
data/libxi-1.7.10/src/XQueryDv.c:147:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&K->keys[0], (char *)&k->keys[0], 32);
data/libxi-1.7.10/src/XQueryDv.c:159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&B->buttons[0], (char *)&b->buttons[0], 32);
data/libxi-1.7.10/src/XSetMMap.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&req[1], modmap->modifiermap, mapSize);
data/libxi-1.7.10/src/XGetVers.c:93:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req->nbytes = strlen(name);
data/libxi-1.7.10/src/XIHierarchy.c:73:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = (strlen(any->add.name));
data/libxi-1.7.10/src/XIHierarchy.c:111:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->name_len = strlen(C->name);
data/libxi-1.7.10/src/XIHierarchy.c:113:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)&c[1], C->name, c->name_len);
data/libxi-1.7.10/src/XIQueryDevice.c:112:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lib->name, ptr, wire->name_len);
ANALYSIS SUMMARY:
Hits = 48
Lines analyzed = 11419 in approximately 0.36 seconds (31339 lines/second)
Physical Source Lines of Code (SLOC) = 7293
Hits@level = [0] 17 [1] 5 [2] 43 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 65 [1+] 48 [2+] 43 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.91266 [1+] 6.58165 [2+] 5.89606 [3+] 0 [4+] 0 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.