Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/likwid-5.0.1+dfsg1/bench/includes/allocator.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/allocator_types.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/barrier.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/barrier_types.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/isa_armv7.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/isa_armv8.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/isa_ppc64.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/isa_x86-64.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/isa_x86.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/ptt2asm.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/strUtil.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/test_types.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/threads.h
Examining data/likwid-5.0.1+dfsg1/bench/includes/threads_types.h
Examining data/likwid-5.0.1+dfsg1/bench/likwid-bench.c
Examining data/likwid-5.0.1+dfsg1/bench/src/allocator.c
Examining data/likwid-5.0.1+dfsg1/bench/src/barrier.c
Examining data/likwid-5.0.1+dfsg1/bench/src/bench.c
Examining data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c
Examining data/likwid-5.0.1+dfsg1/bench/src/strUtil.c
Examining data/likwid-5.0.1+dfsg1/bench/src/threads.c
Examining data/likwid-5.0.1+dfsg1/examples/C-internalMarkerAPI.c
Examining data/likwid-5.0.1+dfsg1/examples/C-likwidAPI.c
Examining data/likwid-5.0.1+dfsg1/examples/C-markerAPI.c
Examining data/likwid-5.0.1+dfsg1/examples/C-nvMarkerAPI.c
Examining data/likwid-5.0.1+dfsg1/examples/monitoring.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/include/gotcha/gotcha.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/include/gotcha/gotcha_types.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/elf_ops.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/elf_ops.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/autotee.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/test_autotee.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/minimal/sampleLib.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/minimal/sampleLib.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/minimal/symbolLookup.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/gotcha.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/gotcha_auxv.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/gotcha_auxv.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/gotcha_dl.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/gotcha_dl.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/gotcha_utils.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/gotcha_utils.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/hash.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/hash.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/library_filters.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/library_filters.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/tool.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/tool.h
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/translations.c
Examining data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/translations.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/base64.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/bind.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/bitmap.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/diff.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/dolib.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/misc.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/shmem.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-fake.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-hardwired.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-noos.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/traversal.c
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/autogen/config.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/bitmap.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/cuda.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/cudart.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/deprecated.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/diff.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/distances.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/export.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/gl.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/glibc-sched.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/helper.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/inlines.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/intel-mic.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/linux-libnuma.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/linux.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/nvml.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/opencl.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/openfabrics-verbs.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/plugins.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/rename.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/shmem.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/autogen/config.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/components.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/cpuid-x86.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/cpuid.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/debug.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/map.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/misc.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/private.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/solaris-chiptype.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/xml.h
Examining data/likwid-5.0.1+dfsg1/ext/hwloc/include/static-components.h
Examining data/likwid-5.0.1+dfsg1/kernel/enable_rdpmc.c
Examining data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c
Examining data/likwid-5.0.1+dfsg1/src/access-daemon/appDaemon.c
Examining data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c
Examining data/likwid-5.0.1+dfsg1/src/access.c
Examining data/likwid-5.0.1+dfsg1/src/access_client.c
Examining data/likwid-5.0.1+dfsg1/src/access_x86.c
Examining data/likwid-5.0.1+dfsg1/src/access_x86_clientmem.c
Examining data/likwid-5.0.1+dfsg1/src/access_x86_msr.c
Examining data/likwid-5.0.1+dfsg1/src/access_x86_pci.c
Examining data/likwid-5.0.1+dfsg1/src/bitUtil.c
Examining data/likwid-5.0.1+dfsg1/src/bstrlib.c
Examining data/likwid-5.0.1+dfsg1/src/bstrlib_helper.c
Examining data/likwid-5.0.1+dfsg1/src/calculator.c
Examining data/likwid-5.0.1+dfsg1/src/calculator_stack.c
Examining data/likwid-5.0.1+dfsg1/src/configuration.c
Examining data/likwid-5.0.1+dfsg1/src/cpuFeatures.c
Examining data/likwid-5.0.1+dfsg1/src/cpustring.c
Examining data/likwid-5.0.1+dfsg1/src/frequency_cpu.c
Examining data/likwid-5.0.1+dfsg1/src/frequency_uncore.c
Examining data/likwid-5.0.1+dfsg1/src/ghash.c
Examining data/likwid-5.0.1+dfsg1/src/hashTable.c
Examining data/likwid-5.0.1+dfsg1/src/includes/access.h
Examining data/likwid-5.0.1+dfsg1/src/includes/access_client.h
Examining data/likwid-5.0.1+dfsg1/src/includes/access_client_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/access_x86.h
Examining data/likwid-5.0.1+dfsg1/src/includes/access_x86_clientmem.h
Examining data/likwid-5.0.1+dfsg1/src/includes/access_x86_msr.h
Examining data/likwid-5.0.1+dfsg1/src/includes/access_x86_pci.h
Examining data/likwid-5.0.1+dfsg1/src/includes/bitUtil.h
Examining data/likwid-5.0.1+dfsg1/src/includes/bstrlib.h
Examining data/likwid-5.0.1+dfsg1/src/includes/bstrlib_helper.h
Examining data/likwid-5.0.1+dfsg1/src/includes/calculator.h
Examining data/likwid-5.0.1+dfsg1/src/includes/calculator_stack.h
Examining data/likwid-5.0.1+dfsg1/src/includes/configuration.h
Examining data/likwid-5.0.1+dfsg1/src/includes/cpuFeatures.h
Examining data/likwid-5.0.1+dfsg1/src/includes/cpuFeatures_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/cpuid.h
Examining data/likwid-5.0.1+dfsg1/src/includes/error.h
Examining data/likwid-5.0.1+dfsg1/src/includes/frequency.h
Examining data/likwid-5.0.1+dfsg1/src/includes/frequency_acpi.h
Examining data/likwid-5.0.1+dfsg1/src/includes/frequency_client.h
Examining data/likwid-5.0.1+dfsg1/src/includes/frequency_pstate.h
Examining data/likwid-5.0.1+dfsg1/src/includes/ghash.h
Examining data/likwid-5.0.1+dfsg1/src/includes/hashTable.h
Examining data/likwid-5.0.1+dfsg1/src/includes/libnvctr_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/libperfctr_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/likwid-marker.h
Examining data/likwid-5.0.1+dfsg1/src/includes/likwid.h
Examining data/likwid-5.0.1+dfsg1/src/includes/lock.h
Examining data/likwid-5.0.1+dfsg1/src/includes/map.h
Examining data/likwid-5.0.1+dfsg1/src/includes/memsweep.h
Examining data/likwid-5.0.1+dfsg1/src/includes/numa.h
Examining data/likwid-5.0.1+dfsg1/src/includes/numa_hwloc.h
Examining data/likwid-5.0.1+dfsg1/src/includes/numa_proc.h
Examining data/likwid-5.0.1+dfsg1/src/includes/nvmon_cupti.h
Examining data/likwid-5.0.1+dfsg1/src/includes/nvmon_nvml.h
Examining data/likwid-5.0.1+dfsg1/src/includes/nvmon_perfworks.h
Examining data/likwid-5.0.1+dfsg1/src/includes/nvmon_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/pci_hwloc.h
Examining data/likwid-5.0.1+dfsg1/src/includes/pci_proc.h
Examining data/likwid-5.0.1+dfsg1/src/includes/pci_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfgroup.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_a15.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_a15_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_a57.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_a57_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_atom.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwellEP_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwelld_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_cascadelake.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_cavtx2_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_core2.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_core2_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_goldmont.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_goldmont_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswellEP_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_interlagos.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_interlagos_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridgeEP_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_k10.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_k10_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_k8.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_kabini.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_kabini_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_knl.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_knl_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalem.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX_westmereEX_common.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalem_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_phi.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_phi_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_pm.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_pm_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_power8.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_power8_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_power9.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_power9_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridgeEP_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_silvermont.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_silvermont_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylakeX_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmere.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen2.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen2_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen_counters.h
Examining data/likwid-5.0.1+dfsg1/src/includes/power.h
Examining data/likwid-5.0.1+dfsg1/src/includes/power_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/registers.h
Examining data/likwid-5.0.1+dfsg1/src/includes/registers_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/textcolor.h
Examining data/likwid-5.0.1+dfsg1/src/includes/thermal.h
Examining data/likwid-5.0.1+dfsg1/src/includes/thermal_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/timer.h
Examining data/likwid-5.0.1+dfsg1/src/includes/timer_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/tlb-info.h
Examining data/likwid-5.0.1+dfsg1/src/includes/topology.h
Examining data/likwid-5.0.1+dfsg1/src/includes/topology_cavtx2.h
Examining data/likwid-5.0.1+dfsg1/src/includes/topology_cpuid.h
Examining data/likwid-5.0.1+dfsg1/src/includes/topology_hwloc.h
Examining data/likwid-5.0.1+dfsg1/src/includes/topology_misc.h
Examining data/likwid-5.0.1+dfsg1/src/includes/topology_proc.h
Examining data/likwid-5.0.1+dfsg1/src/includes/topology_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/tree.h
Examining data/likwid-5.0.1+dfsg1/src/includes/tree_types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/types.h
Examining data/likwid-5.0.1+dfsg1/src/includes/affinity.h
Examining data/likwid-5.0.1+dfsg1/src/libnvctr.c
Examining data/likwid-5.0.1+dfsg1/src/libperfctr.c
Examining data/likwid-5.0.1+dfsg1/src/likwid_f90_interface.c
Examining data/likwid-5.0.1+dfsg1/src/luawid.c
Examining data/likwid-5.0.1+dfsg1/src/map.c
Examining data/likwid-5.0.1+dfsg1/src/memsweep.c
Examining data/likwid-5.0.1+dfsg1/src/numa.c
Examining data/likwid-5.0.1+dfsg1/src/numa_hwloc.c
Examining data/likwid-5.0.1+dfsg1/src/numa_proc.c
Examining data/likwid-5.0.1+dfsg1/src/nvmon.c
Examining data/likwid-5.0.1+dfsg1/src/pci_hwloc.c
Examining data/likwid-5.0.1+dfsg1/src/pci_proc.c
Examining data/likwid-5.0.1+dfsg1/src/perfgroup.c
Examining data/likwid-5.0.1+dfsg1/src/perfmon.c
Examining data/likwid-5.0.1+dfsg1/src/power.c
Examining data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c
Examining data/likwid-5.0.1+dfsg1/src/thermal.c
Examining data/likwid-5.0.1+dfsg1/src/timer.c
Examining data/likwid-5.0.1+dfsg1/src/topology_cpuid.c
Examining data/likwid-5.0.1+dfsg1/src/topology_gpu.c
Examining data/likwid-5.0.1+dfsg1/src/topology_hwloc.c
Examining data/likwid-5.0.1+dfsg1/src/topology_proc.c
Examining data/likwid-5.0.1+dfsg1/src/tree.c
Examining data/likwid-5.0.1+dfsg1/src/affinity.c
Examining data/likwid-5.0.1+dfsg1/src/topology.c
Examining data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c
Examining data/likwid-5.0.1+dfsg1/test/jacobi-2D-5pt.c
Examining data/likwid-5.0.1+dfsg1/test/serial.c
Examining data/likwid-5.0.1+dfsg1/test/stream-API.c
Examining data/likwid-5.0.1+dfsg1/test/stream.c
Examining data/likwid-5.0.1+dfsg1/test/stream.cc
Examining data/likwid-5.0.1+dfsg1/test/stream_cilk.c
Examining data/likwid-5.0.1+dfsg1/test/test-likwidAPI.c
Examining data/likwid-5.0.1+dfsg1/test/test-msr-access.c
Examining data/likwid-5.0.1+dfsg1/test/testTBB.cc
Examining data/likwid-5.0.1+dfsg1/test/testmarker-cnt.c
Examining data/likwid-5.0.1+dfsg1/test/testmarker-nested.c
Examining data/likwid-5.0.1+dfsg1/test/testmarker-omp.c
FINAL RESULTS:
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:514:10: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
return readlink(p, l, ll);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1947:27: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
LOG_AND_EXIT_IF_ERROR(chmod(filepath, S_IRUSR|S_IWUSR), chmod failed);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1947:61: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
LOG_AND_EXIT_IF_ERROR(chmod(filepath, S_IRUSR|S_IWUSR), chmod failed);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:720:27: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
LOG_AND_EXIT_IF_ERROR(chmod(filepath, S_IRUSR|S_IWUSR), chmod failed);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:720:61: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
LOG_AND_EXIT_IF_ERROR(chmod(filepath, S_IRUSR|S_IWUSR), chmod failed);
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:172:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ownprintf = &printf;
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:95:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(bdata(pttfile), R_OK))
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:453:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int (*ownaccess)(const char*, int) = &access;
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:492:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int (*ownaccess)(const char*, int) = access;
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:525:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE * fp = popen(bdata(cmd), "r");
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:590:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(bdata(path), R_OK))
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:609:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(bdata(pttfile), R_OK))
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:751:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(bdata(asmfile), R_OK)) unlink(bdata(asmfile));
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:752:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(bdata(objfile), R_OK)) unlink(bdata(objfile));
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:753:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(bdata(buildfolder), R_OK)) rmdir(bdata(buildfolder));
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/autotee.c:102:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
typeof(&vfprintf) orig_vfprintf = gotcha_get_wrappee(orig_vfprintf_handle);
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/autotee.c:103:12: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
typeof(&vprintf) orig_vprintf = gotcha_get_wrappee(orig_vprintf_handle);
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/autotee.c:122:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
typeof(&vfprintf) orig_vfprintf = gotcha_get_wrappee(orig_vfprintf_handle);
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/autotee.c:145:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
typeof(&vfprintf) orig_vfprintf = gotcha_get_wrappee(orig_vfprintf_handle);
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/autotee.c:160:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
typeof(&vfprintf) orig_vfprintf = gotcha_get_wrappee(orig_vfprintf_handle);
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/autotee.c:161:12: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
typeof(&vprintf) orig_vprintf = gotcha_get_wrappee(orig_vprintf_handle);
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.h:55:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gotcha_dbg_printf(A, ...) fprintf(stderr, A, ##__VA_ARGS__)
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:110:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(componentsymbolname, "%s_component", basename);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/dolib.c:41:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(s)) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/misc.c:47:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(str, size, format, ap);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/misc.c:67:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(fakestr, fakesize, format, ap);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:472:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access(p, m);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2488:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/node%d/hugepages", syspath, node);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2503:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meminfopath, "%s/node%d/meminfo", syspath, node);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2538:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(distancepath, "%s/node%u/distance", path, osnode);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2576:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path+pathlen, dmi_name);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3781:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(accesspath, "%s/node%u/access0/initiators", path, node->os_index);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3820:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mscpath, "%s/node%u/memory_side_cache", path, osnode);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3837:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mscpath, "%s/node%u/memory_side_cache/index%u/size", path, osnode, depth);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3841:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mscpath, "%s/node%u/memory_side_cache/index%u/line_size", path, osnode, depth);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3845:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mscpath, "%s/node%u/memory_side_cache/index%u/indexing", path, osnode, depth);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4079:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nodepath, "%s/node%u/cpumap", path, osnode);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4362:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%lu/online", path, cpu);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4372:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%lu/topology", path, cpu);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4400:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/thread_siblings", path, i);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4402:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/core_cpus", path, i);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4413:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/core_id", path, i); /* contains %d at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4422:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%u/topology/core_id", path, siblingid); /* contains %d at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4435:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/core_id", path, i); /* contains %d at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4458:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/die_cpus", path, i);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4477:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/core_siblings", path, i);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4479:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/package_cpus", path, i);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4493:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/physical_package_id", path, i); /* contains %d at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4520:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/die_id", path, i); /* contains %d when added in 5.2 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4535:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/book_siblings", path, i);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4543:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/book_id", path, i); /* contains %d at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4560:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/drawer_siblings", path, i);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4568:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/drawer_id", path, i); /* contains %d at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4606:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/cache/index%d/shared_cpu_map", path, i, j);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4613:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/thread_siblings", path, i);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4615:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/topology/core_cpus", path, i);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4635:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/cache/index%d/level", path, i, j); /* contains %u at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4642:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/cache/index%d/type", path, i, j);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4664:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/cache/index%d/size", path, i, j); /* contains %uK at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4676:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/cache/index%d/coherency_line_size", path, i, j); /* contains %u at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4684:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/cache/index%d/number_of_sets", path, i, j); /* contains %u at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4688:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s/cpu%d/cache/index%d/physical_line_partition", path, i, j); /* contains %u at least up to 4.19 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:1595:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/hwloc-cpuid-info", src_cpuiddump_path);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:691:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fakename, encoded ? "base64%c%s" : "normal%c%s", name ? ':' : '-', name ? name : "anon");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2505:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
_len += sprintf(_tmp+_len, format " ", (type) (values)[_i+_j]); \
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2526:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_len += sprintf(_tmp+_len, "%s:%llu ", hwloc_obj_type_string((objs)[_i+_j]->type), (unsigned long long) (objs)[_i+_j]->gp_index); \
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:185:74: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#warning No known way to discover number of available processors on this system
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/openfabrics-verbs.h:76:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/sys/class/infiniband/%s/device/local_cpus",
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/rename.h:605:35: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define hwloc_snprintf HWLOC_NAME(snprintf)
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/debug.h:42:110: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static __hwloc_inline void hwloc_debug(const char *s __hwloc_attribute_unused, ...) __hwloc_attribute_format(printf, 1, 2);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/debug.h:49:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, s, ap);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/debug.h:60:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, fmt, s); \
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/debug.h:67:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, fmt, arg1, s); \
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/debug.h:74:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, fmt, arg1, arg2, s); \
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/misc.h:566:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/misc.h:566:22: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/private.h:377:24: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define hwloc_snprintf snprintf
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/private.h:379:101: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
extern int hwloc_snprintf(char *str, size_t size, const char *format, ...) __hwloc_attribute_format(printf, 3, 4);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:144:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !(fpipe = popen(cmd,"r")) )
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:161:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !(fpipe = popen(cmd,"r")) )
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1186:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpPath, "/sys/devices/%s", pDirent->d_name);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1205:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpPath, "/sys/devices/%s/%s/device", pDirent->d_name, pDirentInner->d_name);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1223:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpPath, "/sys/devices/%s/%s/numa_node", pDirent->d_name, pDirentInner->d_name);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1422:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !(fpipe = popen(cmd,"r")) )
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1929:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filepath, sizeof(addr1.sun_path), TOSTRING(LIKWIDSOCKETBASE) "-%d", pid);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:148:27: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !(fpipe = (FILE*)popen(cmd_cpu,"r")) )
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:165:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(filename, R_OK))
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:200:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(filename, R_OK))
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:702:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filepath, sizeof(addr1.sun_path), TOSTRING(LIKWIDSOCKETBASE) "-freq-%d", pid);
data/likwid-5.0.1+dfsg1/src/access.c:143:63: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
DEBUG_PRINT(DEBUGLEV_DETAIL, Adding CPU %d to access module, cpu_id);
data/likwid-5.0.1+dfsg1/src/access.c:170:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
DEBUG_PRINT(DEBUGLEV_DETAIL, Removing CPU %d from access module, i);
data/likwid-5.0.1+dfsg1/src/access_client.c:124:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exeprog, config.daemonPath);
data/likwid-5.0.1+dfsg1/src/access_client.c:128:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exeprog, safeexeprog);
data/likwid-5.0.1+dfsg1/src/access_client.c:131:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(exeprog, X_OK))
data/likwid-5.0.1+dfsg1/src/access_client.c:161:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PRINT(Failed to fork access daemon for CPU %d, cpu_id);
data/likwid-5.0.1+dfsg1/src/access_client.c:169:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(address.sun_path, sizeof(address.sun_path), TOSTRING(LIKWIDSOCKETBASE) "-%d", pid);
data/likwid-5.0.1+dfsg1/src/access_client.c:330:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
DEBUG_PRINT(DEBUGLEV_DEVELOP, Got error '%s' from access daemon reading reg 0x%X at CPU %d,
data/likwid-5.0.1+dfsg1/src/access_client.c:335:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
DEBUG_PRINT(DEBUGLEV_DEVELOP, Got error '%s' from access daemon reading reg 0x%X on socket %d,
data/likwid-5.0.1+dfsg1/src/access_client.c:420:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
DEBUG_PRINT(DEBUGLEV_DEVELOP, Got error '%s' from access daemon writing reg 0x%X at CPU %d,
data/likwid-5.0.1+dfsg1/src/access_client.c:425:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
DEBUG_PRINT(DEBUGLEV_DEVELOP, Got error '%s' from access daemon writing reg 0x%X on socket %d,
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:193:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PRINT(Cannot access MSR device file %s: %s.,msr_file_name , strerror(errno))
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:236:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PRINT(Cannot access MSR device file %s in direct mode, msr_file_name);
data/likwid-5.0.1+dfsg1/src/access_x86_pci.c:103:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ownaccess = &access;
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2735:33: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
#define exvsnprintf(r,b,n,f,a) {vsprintf (b,f,a); r = -1;}
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2742:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int vsnprintf (char *buf, size_t count, const char *format, va_list arg);
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2745:37: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define exvsnprintf(r,b,n,f,a) {r = vsnprintf (b,n,f,a);}
data/likwid-5.0.1+dfsg1/src/calculator.c:782:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newToken, tmpToken);
data/likwid-5.0.1+dfsg1/src/configuration.c:78:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* fp = popen("bash --noprofile -c \"which likwid-accessD 2>/dev/null | tr -d '\n'\"","r");
data/likwid-5.0.1+dfsg1/src/configuration.c:91:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(fptr, X_OK))
data/likwid-5.0.1+dfsg1/src/configuration.c:114:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ret = sprintf(filename,"%s", TOSTRING(ACCESSDAEMON));
data/likwid-5.0.1+dfsg1/src/configuration.c:116:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(filename, X_OK))
data/likwid-5.0.1+dfsg1/src/configuration.c:119:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(config.daemonPath, filename);
data/likwid-5.0.1+dfsg1/src/configuration.c:126:53: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Unable to get path to access daemon. Maybe your PATH environment variable does not contain the folder where you installed it or the file was moved away / not copied to that location?);
data/likwid-5.0.1+dfsg1/src/configuration.c:150:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(preconfigured, "%s%s",TOSTRING(INSTALL_PREFIX),TOSTRING(CFGFILE));
data/likwid-5.0.1+dfsg1/src/configuration.c:152:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(preconfigured, R_OK) != 0)
data/likwid-5.0.1+dfsg1/src/configuration.c:154:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(TOSTRING(CFGFILE), R_OK) != 0)
data/likwid-5.0.1+dfsg1/src/configuration.c:156:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access("/etc/likwid.cfg",R_OK))
data/likwid-5.0.1+dfsg1/src/configuration.c:158:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s", "/etc/likwid.cfg");
data/likwid-5.0.1+dfsg1/src/configuration.c:163:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s",TOSTRING(CFGFILE));
data/likwid-5.0.1+dfsg1/src/configuration.c:168:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s",preconfigured);
data/likwid-5.0.1+dfsg1/src/configuration.c:173:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(TOSTRING(TOPOFILE), R_OK))
data/likwid-5.0.1+dfsg1/src/configuration.c:176:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(preconfigured,"%s", TOSTRING(TOPOFILE));
data/likwid-5.0.1+dfsg1/src/configuration.c:180:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(preconfigured, "%s%s",TOSTRING(INSTALL_PREFIX),TOSTRING(TOPOFILE));
data/likwid-5.0.1+dfsg1/src/configuration.c:181:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(preconfigured, R_OK))
data/likwid-5.0.1+dfsg1/src/configuration.c:189:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(config.topologyCfgFileName, preconfigured);
data/likwid-5.0.1+dfsg1/src/configuration.c:194:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((strlen(filename) == 0) || (!access(filename, R_OK)))
data/likwid-5.0.1+dfsg1/src/configuration.c:201:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(config.configFileName, filename);
data/likwid-5.0.1+dfsg1/src/configuration.c:212:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line,"%s = %s", name, value) != 2)
data/likwid-5.0.1+dfsg1/src/configuration.c:223:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(config.topologyCfgFileName, value);
data/likwid-5.0.1+dfsg1/src/configuration.c:229:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(config.daemonPath, value);
data/likwid-5.0.1+dfsg1/src/configuration.c:231:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(config.daemonPath, R_OK))
data/likwid-5.0.1+dfsg1/src/configuration.c:235:61: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Unable to get path to access daemon);
data/likwid-5.0.1+dfsg1/src/configuration.c:247:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(config.groupPath, value);
data/likwid-5.0.1+dfsg1/src/configuration.c:347:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ret = sprintf(new, "%s", path);
data/likwid-5.0.1+dfsg1/src/cpuFeatures.c:58:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#string"\n"); \
data/likwid-5.0.1+dfsg1/src/cpuFeatures.c:283:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PRINT(Cannot get access to register CPU feature register on CPU %d, cpuid_topology.threadPool[i].apicId);
data/likwid-5.0.1+dfsg1/src/cpuFeatures.c:305:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(HLINE);
data/likwid-5.0.1+dfsg1/src/cpuFeatures.c:327:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(HLINE);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:319:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(exeprog, X_OK))
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:357:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(address.sun_path, sizeof(address.sun_path), TOSTRING(LIKWIDSOCKETBASE) "-freq-%d", pid);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:617:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:626:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:665:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:674:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:726:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:735:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:774:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:783:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_uncore.c:181:57: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ERROR_PRINT(Given frequency %llu MHz lower than system limit of %.0f MHz, freq, fmin);
data/likwid-5.0.1+dfsg1/src/frequency_uncore.c:186:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ERROR_PRINT(Given frequency %llu MHz higher than system limit of %.0f MHz, freq, fmax);
data/likwid-5.0.1+dfsg1/src/frequency_uncore.c:201:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_uncore.c:270:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_uncore.c:312:57: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ERROR_PRINT(Given frequency %llu MHz lower than system limit of %.0f MHz, freq, fmin);
data/likwid-5.0.1+dfsg1/src/frequency_uncore.c:317:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ERROR_PRINT(Given frequency %llu MHz higher than system limit of %.0f MHz, freq, fmax);
data/likwid-5.0.1+dfsg1/src/frequency_uncore.c:332:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_uncore.c:399:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/frequency_uncore.c:457:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to MSRs)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:379:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ret = sprintf(checkfolder, "%s", translate_types[type]);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:380:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(checkfolder, F_OK))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:384:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ret = sprintf(checkfolder, "%s", "/sys/bus/event_source/devices/uncore_arb");
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:385:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(checkfolder, F_OK))
data/likwid-5.0.1+dfsg1/src/includes/power.h:224:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(perf_power_names[domain], R_OK))
data/likwid-5.0.1+dfsg1/src/luawid.c:2025:18: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = execvp(*argv, argv);
data/likwid-5.0.1+dfsg1/src/luawid.c:2260:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
lua_pushinteger(L, access(file, flags));
data/likwid-5.0.1+dfsg1/src/numa.c:169:51: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((config.topologyCfgFileName != NULL) && (!access(config.topologyCfgFileName, R_OK)) && (numa_info.nodes != NULL))
data/likwid-5.0.1+dfsg1/src/numa_hwloc.c:82:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (!access("/proc/meminfo", R_OK))
data/likwid-5.0.1+dfsg1/src/numa_hwloc.c:150:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (!access(sptr, R_OK))
data/likwid-5.0.1+dfsg1/src/nvmon.c:935:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, R_OK))
data/likwid-5.0.1+dfsg1/src/nvmon.c:1002:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
ret = sscanf(buf, "%d:%s", ®ionid, regiontag);
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:117:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(iPath, "/sys/devices/%s", pDirent->d_name);
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:135:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(iiPath, "/sys/devices/%s/%s/device", pDirent->d_name, pDirentInner->d_name);
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:147:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(iiPath, "/sys/devices/%s/%s/numa_node", pDirent->d_name, pDirentInner->d_name);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:82:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(dirname, R_OK) != 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:173:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
fsize = sprintf(fullpath, "%s/%s", grouppath, architecture);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:210:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
hsize = sprintf(homepath, "%s/.likwid/groups/%s", Home, architecture);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:305:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&(fullpath[fsize]), "/%s", ep->d_name);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:306:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(fullpath, R_OK))
data/likwid-5.0.1+dfsg1/src/perfgroup.c:366:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
s = sprintf((*groupshort)[i], "%s", bdata(sinfo));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:396:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
j = sprintf((*grouplong)[i], "%s", bdata(long_info));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:453:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&(homepath[hsize]), "/%s", ep->d_name);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:454:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(homepath, R_OK))
data/likwid-5.0.1+dfsg1/src/perfgroup.c:512:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
s = sprintf((*groupshort)[i], "%s", bdata(sinfo));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:541:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
j = sprintf((*grouplong)[i], "%s", bdata(long_info));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:635:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->shortinfo, "%s", "Custom");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:642:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->longinfo, "%s", "Custom");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:649:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->groupname, "%s", "Custom");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:727:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->events[i], "%s", bdata(elist->entry[0]));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:746:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->events[i], "%s", "INSTR_RETIRED_ANY");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:747:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->counters[i], "%s", "FIXC0");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:754:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->events[i], "%s", "CPU_CLK_UNHALTED_CORE");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:755:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->counters[i], "%s", "FIXC1");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:762:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->events[i], "%s", "CPU_CLK_UNHALTED_REF");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:763:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->counters[i], "%s", "FIXC2");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:774:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->events[i], "%s", "PM_RUN_INST_CMPL");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:775:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->counters[i], "%s", "PMC4");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:782:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->events[i], "%s", "PM_RUN_CYC");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:783:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->counters[i], "%s", "PMC5");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:834:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(bdata(fullpath), R_OK))
data/likwid-5.0.1+dfsg1/src/perfgroup.c:837:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(bdata(homepath), R_OK))
data/likwid-5.0.1+dfsg1/src/perfgroup.c:869:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
i = sprintf(ginfo->groupname, "%s", groupname);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1025:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->counters[ginfo->nevents], "%s", bdata(linelist->entry[0]));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1026:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->events[ginfo->nevents], "%s", bdata(linelist->entry[1]));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1102:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->metricformulas[ginfo->nmetrics], "%s", bdata(linelist->entry[linelist->qty - 1]));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1113:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->metricnames[ginfo->nmetrics], "%s", bdata(bbuf));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1225:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
size += sprintf(&(string[size]), "%s:%s,", ginfo->events[i], ginfo->counters[i]);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1227:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
size += sprintf(&(string[size]), "%s:%s", ginfo->events[ginfo->nevents-1], ginfo->counters[ginfo->nevents-1]);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1259:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->events[ginfo->nevents], "%s", event);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1260:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->counters[ginfo->nevents], "%s", counter);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1300:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int ret = sprintf(ginfo->metricnames[ginfo->nmetrics], "%s", mname);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1305:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ret = sprintf(ginfo->metricformulas[ginfo->nmetrics], "%s", mcalc);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1327:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gstr, "%s", ginfo->groupname);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1356:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int ret = sprintf(ginfo->groupname, "%s", groupName);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1371:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sstr, "%s", ginfo->shortinfo);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1396:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->shortinfo, "%s", shortInfo);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1407:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lstr, "%s", ginfo->longinfo);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1432:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ginfo->longinfo, "%s", longInfo);
data/likwid-5.0.1+dfsg1/src/perfmon.c:216:85: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
DEBUG_PRINT(DEBUGLEV_INFO, WARNING: Counter %s not available on the current system. Counter results defaults to 0.,bdata(reg));
data/likwid-5.0.1+dfsg1/src/perfmon.c:738:61: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot check counters without access to performance counters)
data/likwid-5.0.1+dfsg1/src/perfmon.c:1724:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot set access functions);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1752:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to performance counters);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1943:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cstringcopy, eventCString);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1995:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(evstr, perf_pid);
data/likwid-5.0.1+dfsg1/src/perfmon.c:2047:51: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
DEBUG_PRINT(DEBUGLEV_INFO, Cannot access counter register %s, bdata(subtokens->entry[1]));
data/likwid-5.0.1+dfsg1/src/perfmon.c:2056:51: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
DEBUG_PRINT(DEBUGLEV_INFO, Cannot access counter register %s, bdata(subtokens->entry[1]));
data/likwid-5.0.1+dfsg1/src/perfmon.c:3471:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, R_OK))
data/likwid-5.0.1+dfsg1/src/perfmon.c:3540:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
ret = sscanf(buf, "%d:%s", ®ionid, regiontag);
data/likwid-5.0.1+dfsg1/src/power.c:90:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PRINT(RAPL in access mode 'perf_event' only available with perfmon);
data/likwid-5.0.1+dfsg1/src/power.c:174:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ERROR_PLAIN_PRINT(Cannot get access to RAPL counters)
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:71:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, ##__VA_ARGS__); \
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:76:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, ##__VA_ARGS__); \
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:194:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:195:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(file, R_OK))
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:213:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(cmd);
data/likwid-5.0.1+dfsg1/src/timer.c:306:27: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !(fpipe = (FILE*)popen(command,"r")) )
data/likwid-5.0.1+dfsg1/src/timer.c:315:27: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !(fpipe = (FILE*)popen(command2,"r")) )
data/likwid-5.0.1+dfsg1/src/timer.c:506:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(buff, R_OK))
data/likwid-5.0.1+dfsg1/src/timer.c:511:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "cat %s", buff);
data/likwid-5.0.1+dfsg1/src/timer.c:512:27: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !(fpipe = (FILE*)popen(cmd,"r")) )
data/likwid-5.0.1+dfsg1/src/topology.c:243:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,"%s %s", structure, field);
data/likwid-5.0.1+dfsg1/src/topology.c:246:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,"%s %s = %d", structure, field, &numHWThreads);
data/likwid-5.0.1+dfsg1/src/topology.c:250:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,"%s %s = %d", structure, field, &numCacheLevels);
data/likwid-5.0.1+dfsg1/src/topology.c:254:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,"%s %s = %d", structure, field, &numberOfNodes);
data/likwid-5.0.1+dfsg1/src/topology.c:272:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,"%s %s %d %s = %d", structure, field, &tmp, value, &tmp1);
data/likwid-5.0.1+dfsg1/src/topology.c:302:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,"%s %s", structure, field);
data/likwid-5.0.1+dfsg1/src/topology.c:307:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:312:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:317:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:324:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s = %d", structure, field, &thread, value, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:356:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s", structure, field, &level, value);
data/likwid-5.0.1+dfsg1/src/topology.c:361:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s = %s", structure, field, &level, value, type);
data/likwid-5.0.1+dfsg1/src/topology.c:389:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s = %d", structure, field, &level, value, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:422:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:428:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:433:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value,&(line[strlen(structure)+strlen(field)+4]));
data/likwid-5.0.1+dfsg1/src/topology.c:441:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:447:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:453:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:459:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:465:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:471:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:477:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:483:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:489:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s = %d", structure, field, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:495:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value,&(line[strlen(structure)+strlen(field)+4]));
data/likwid-5.0.1+dfsg1/src/topology.c:507:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s", structure, field, &id, value);
data/likwid-5.0.1+dfsg1/src/topology.c:511:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s = %d", structure, field, &id, value, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:516:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s = %d", structure, field, &id, value, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:521:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s = %d", structure, field, &id, value, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:526:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s = %d", structure, field, &id, value, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:531:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s = %d", structure, field, &id, value, &tmp);
data/likwid-5.0.1+dfsg1/src/topology.c:536:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s %d = %d", structure, field, &id, value, &tmp, &tmp1);
data/likwid-5.0.1+dfsg1/src/topology.c:541:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s %d %s %d = %d", structure, field, &id, value, &tmp, &tmp1);
data/likwid-5.0.1+dfsg1/src/topology.c:1109:49: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((config.topologyCfgFileName == NULL) || access(config.topologyCfgFileName, R_OK))
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:299:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ownstrcpy = strcpy;
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:305:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpuid_info.osname, info);
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:314:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpuid_info.osname, info);
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:323:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpuid_info.osname, info);
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:332:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpuid_info.osname, info);
data/likwid-5.0.1+dfsg1/src/topology_proc.c:193:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
ownstrcpy = &strcpy;
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:26:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (rank == 0) printf(#msg "\n")
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:76:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
cmdfp = popen(cmd, "r");
data/likwid-5.0.1+dfsg1/test/stream-API.c:153:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(estr, argc[2]);
data/likwid-5.0.1+dfsg1/test/stream-API.c:202:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(HLINE);
data/likwid-5.0.1+dfsg1/test/stream-API.c:272:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(estr, argc[2]);
data/likwid-5.0.1+dfsg1/test/stream-API.c:325:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(estr, argc[2]);
data/likwid-5.0.1+dfsg1/test/stream-API.c:377:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(estr, argc[2]);
data/likwid-5.0.1+dfsg1/test/stream.c:122:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(HLINE);
data/likwid-5.0.1+dfsg1/test/stream.c:131:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(HLINE);
data/likwid-5.0.1+dfsg1/test/test-msr-access.c:17:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(msr_name, R_OK|W_OK))
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:182:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, "W:w:t:s:l:aphvi:f:")) != -1) {
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:198:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, "W:w:t:s:l:aphvi:f:")) != -1) {
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:443:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, "W:w:t:s:l:i:aphv")) != -1)
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:582:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_FILEPATH") != NULL)
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:767:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_FILEPATH") != NULL)
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:769:69: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ownprintf("Writing Likwid Marker API results to file %s\n", getenv("LIKWID_FILEPATH"));
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:455:51: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
bstring path = bformat("%s/.likwid/bench/%s", getenv("HOME"), ARCHNAME);
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:489:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
bstring path = bfromcstr(getenv("PATH"));
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:583:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* home = getenv("HOME");
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:602:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* home = getenv("HOME");
data/likwid-5.0.1+dfsg1/bench/src/threads.c:86:39: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int likwid_pin = count_characters(getenv("LIKWID_PIN"), ',');
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.h:40:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define gotcha_getenv getenv
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:205:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
verboseenv = getenv("HWLOC_PLUGINS_VERBOSE");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:208:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
hwloc_plugins_blacklist = getenv("HWLOC_PLUGINS_BLACKLIST");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:214:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_PLUGINS_PATH");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:329:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
verboseenv = getenv("HWLOC_COMPONENTS_VERBOSE");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:585:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv("HWLOC_ANNOTATE_GLOBAL_COMPONENTS");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:636:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
_env = getenv("HWLOC_COMPONENTS");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:918:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
local_env = getenv("HWLOC_THISSYSTEM");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:40:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_GROUPING");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:56:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_GROUPING_ACCURACY");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:68:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_GROUPING_VERBOSE");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:129:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_PCI_LOCALITY");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:499:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv(envname);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/shmem.c:228:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_CHECK"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-fake.c:19:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_FAKE_COMPONENT_TWEAK")) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-fake.c:52:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_FAKE_COMPONENT"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-fake.c:78:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_FAKE_COMPONENT"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-fake.c:88:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_FAKE_COMPONENT"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2117:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fsroot_path = getenv("HWLOC_FSROOT");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3585:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char * fallback_env = getenv("HWLOC_KNL_HDH_FALLBACK");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3587:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char * mscache_as_l3_env = getenv("HWLOC_KNL_MSCACHE_L3");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4046:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int allow_overlapping_node_cpusets = (getenv("HWLOC_DEBUG_ALLOW_OVERLAPPING_NODE_CPUSETS") != NULL);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4115:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv("HWLOC_KEEP_NVIDIA_GPU_NUMA_NODES");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4213:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv("HWLOC_KNL_NUMA_QUIRK");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5141:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_DUMP_NOFILE_INFO");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5190:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_NO_HARDWIRED_TOPOLOGY"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6778:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_VIRTUAL_LINUX_OSDEV"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6860:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fsroot_path = getenv("HWLOC_FSROOT");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6901:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
data->dumped_hwdata_dirname = getenv("HWLOC_DUMPED_HWDATA_DIR");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6908:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_USE_NUMA_DISTANCES");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6916:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_USE_DT");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c:440:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *env = getenv("HWLOC_SYNTHETIC_VERBOSE");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c:1042:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *env = getenv("HWLOC_SYNTHETIC");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c:1454:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *env = getenv("HWLOC_SYNTHETIC_VERBOSE");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:1508:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_X86_TOPOEXT_NUMANODES")) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:1688:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
src_cpuiddump_path = getenv("HWLOC_CPUID_PATH");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:24:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *env = getenv("HWLOC_XML_VERBOSE");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:38:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *env = getenv("HWLOC_LIBXML");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:42:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_LIBXML_IMPORT");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:57:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *env = getenv("HWLOC_LIBXML");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:61:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_LIBXML_EXPORT");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1624:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_XML_V1DIST_SCALE");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:3025:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_XMLFILE");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:67:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *envvar = getenv("HWLOC_HIDE_ERRORS");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:964:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_CHECK"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:1889:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_CHECK"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:1927:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_CHECK"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3280:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
|| ((env = getenv("HWLOC_THISSYSTEM_ALLOWED_RESOURCES")) != NULL && atoi(env)))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3382:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_SORT_CHILDREN"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3431:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& !getenv("HWLOC_DONT_ADD_VERSION_INFO")) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3820:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_XML_USERDATA_NOT_DECODED"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3824:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("HWLOC_COMPONENTS")) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3833:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *fsroot_path_env = getenv("HWLOC_FSROOT");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3841:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *cpuid_path_env = getenv("HWLOC_CPUID_PATH");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3849:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *synthetic_env = getenv("HWLOC_SYNTHETIC");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3857:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *xmlpath_env = getenv("HWLOC_XMLFILE");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3869:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HWLOC_ALLOW");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3895:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_CHECK"))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:4195:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWLOC_DEBUG_CHECK"))
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/plugins.h:433:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *verboseenv = getenv("HWLOC_PLUGINS_VERBOSE");
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/debug.h:31:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *env = getenv("HWLOC_DEBUG_VERBOSE");
data/likwid-5.0.1+dfsg1/src/access-daemon/appDaemon.c:45:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* nvEventStr = getenv("NVMON_EVENTS");
data/likwid-5.0.1+dfsg1/src/access-daemon/appDaemon.c:46:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* nvGpuStr = getenv("NVMON_GPUS");
data/likwid-5.0.1+dfsg1/src/configuration.c:124:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_NO_ACCESS") == NULL)
data/likwid-5.0.1+dfsg1/src/cpustring.c:553:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (require > ret && getenv("LIKWID_SILENT") == NULL)
data/likwid-5.0.1+dfsg1/src/cpustring.c:901:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_SILENT") == NULL)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:466:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_PERF_PID") != NULL)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:468:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
allpid = (pid_t)atoi(getenv("LIKWID_PERF_PID"));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:476:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_PERF_FLAGS") != NULL)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:478:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
allflags = strtoul(getenv("LIKWID_PERF_FLAGS"), NULL, 16);
data/likwid-5.0.1+dfsg1/src/libnvctr.c:62:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* eventStr = getenv("LIKWID_GEVENTS");
data/likwid-5.0.1+dfsg1/src/libnvctr.c:63:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* gpuStr = getenv("LIKWID_GPUS");
data/likwid-5.0.1+dfsg1/src/libnvctr.c:64:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* gpuFileStr = getenv("LIKWID_GPUFILEPATH");
data/likwid-5.0.1+dfsg1/src/libnvctr.c:93:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_DEBUG") != NULL)
data/likwid-5.0.1+dfsg1/src/libnvctr.c:95:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
nvmon_setVerbosity(ownatoi(getenv("LIKWID_DEBUG")));
data/likwid-5.0.1+dfsg1/src/libnvctr.c:222:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
markerfile = getenv("LIKWID_GPUFILEPATH");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:151:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* modeStr = getenv("LIKWID_MODE");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:152:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* eventStr = getenv("LIKWID_EVENTS");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:153:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* cThreadStr = getenv("LIKWID_THREADS");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:154:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* filepath = getenv("LIKWID_FILEPATH");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:155:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* perfpid = getenv("LIKWID_PERF_EXECPID");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:156:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* debugStr = getenv("LIKWID_DEBUG");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:157:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* pinStr = getenv("LIKWID_PIN");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:210:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("OMP_NUM_THREADS") != NULL)
data/likwid-5.0.1+dfsg1/src/libperfctr.c:212:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (ownatoi(getenv("OMP_NUM_THREADS")) > num_cpus)
data/likwid-5.0.1+dfsg1/src/libperfctr.c:217:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CILK_NWORKERS") != NULL)
data/likwid-5.0.1+dfsg1/src/libperfctr.c:219:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (ownatoi(getenv("CILK_NWORKERS")) > num_cpus)
data/likwid-5.0.1+dfsg1/src/libperfctr.c:230:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* perfflags = getenv("LIKWID_PERF_FLAGS");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:233:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
setenv("LIKWID_PERF_FLAGS", getenv("LIKWID_PERF_FLAGS"), 1);
data/likwid-5.0.1+dfsg1/src/libperfctr.c:293:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* pinStr = getenv("LIKWID_PIN");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:371:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
markerfile = getenv("LIKWID_FILEPATH");
data/likwid-5.0.1+dfsg1/src/memsweep.c:104:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_SILENT") == NULL)
data/likwid-5.0.1+dfsg1/src/memsweep.c:134:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_SILENT") == NULL)
data/likwid-5.0.1+dfsg1/src/numa.c:181:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("HWLOC_FSROOT") == NULL)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:150:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* Home = getenv("HOME");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:827:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* Home = getenv("HOME");
data/likwid-5.0.1+dfsg1/src/perfmon.c:1887:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
eventCString = getenv("LIKWID_EVENTS");
data/likwid-5.0.1+dfsg1/src/perfmon.c:2020:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* force_str = getenv("LIKWID_FORCE");
data/likwid-5.0.1+dfsg1/src/perfmon.c:2199:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int force_setup = (getenv("LIKWID_FORCE_SETUP") != NULL);
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:94:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
str = getenv("LIKWID_PIN");
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:109:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
str = getenv("LIKWID_SKIP");
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:115:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LIKWID_SILENT") != NULL)
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:151:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
str = getenv("LIKWID_PIN");
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:374:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int from_file = (getenv("HWLOC_FSROOT") != NULL);
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:193:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PTHREAD_THREADS") != NULL)
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:195:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
nthreads = atoi(getenv("PTHREAD_THREADS"));
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compilers[512] = "gcc,icc,pgcc";
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defcompilepath[512] = "/tmp";
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compilepath[513] = "";
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compileflags[512] = "-shared -fPIC";
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:235:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_runtime = atoi(optarg);
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:341:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numberOfWorkgroups = LLU_CAST atol(optarg);
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:101:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(bdata(pttfile), "r");
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:135:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(bdata(filename), "w");
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:176:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int (*ownatoi)(const char*) = &atoi;
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:519:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/autotee.c:75:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tee_FILE = fopen(teefile, "w");
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/gotcha_auxv.c:40:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/gotcha_auxv.c:228:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4097], line[4097], *line_pos;
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:154:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) dest)[i] = ((unsigned char *) src)[i];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:154:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) dest)[i] = ((unsigned char *) src)[i];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:294:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linestr[64];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:442:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:478:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[64];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:496:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[64];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:514:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[64];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:537:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[2];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:550:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[3];
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:571:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) s)[i] = byte;
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.h:35:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define gotcha_memcpy memcpy
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.h:43:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define gotcha_open open
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.h:45:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define gotcha_atoi atoi
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/base64.c:137:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[3];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/base64.c:138:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[4];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/bitmap.c:219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->ulongs, old->ulongs, new->ulongs_count * sizeof(unsigned long));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/bitmap.c:240:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->ulongs, src->ulongs, src->ulongs_count * sizeof(unsigned long));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/bitmap.c:665:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ustr[17];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/bitmap.c:673:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ustr, current, tmpchars);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char componentsymbolname[strlen(basename)+10+1];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:206:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hwloc_plugins_verbose = verboseenv ? atoi(verboseenv) : 0;
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:330:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hwloc_components_verbose = verboseenv ? atoi(verboseenv) : 0;
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:586:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (env && atoi(env))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:920:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
topology->is_thissystem = atoi(local_env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:41:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (env && !atoi(env))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:70:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
topology->grouping_verbose = atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newdist->different_types, olddist->different_types, nbobjs * sizeof(*newdist->different_types));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newdist->indexes, olddist->indexes, nbobjs * sizeof(*newdist->indexes));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:141:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newdist->values, olddist->values, nbobjs*nbobjs * sizeof(*newdist->values));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:505:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_objs, objs, nbobjs*sizeof(hwloc_obj_t));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:506:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_values, values, nbobjs*nbobjs*sizeof(*_values));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:727:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(distances->objs, dist->objs, nbobjs * sizeof(hwloc_obj_t));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/distances.c:732:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(distances->values, dist->values, nbobjs*nbobjs*sizeof(*distances->values));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/dolib.c:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/dolib.c:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/misc.c:74:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, fakestr, size-1);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/misc.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], *local_basename;
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:21:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:135:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(env, O_RDONLY);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char busid[14];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envname[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:778:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seen[256] = { 0 };
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:814:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&linksta, &config[offset + HWLOC_PCI_EXP_LNKSTA], 4);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/shmem.c:206:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, old, sizeof(*old));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/shmem.c:219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->support.discovery, old->support.discovery, sizeof(*new->support.discovery));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/shmem.c:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->support.cpubind, old->support.cpubind, sizeof(*new->support.cpubind));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/shmem.c:221:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->support.membind, old->support.membind, sizeof(*new->support.membind));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:450:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(p, O_RDONLY);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:460:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(p, m);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:546:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[11];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:549:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*value = atoi(string);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[11];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[22];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:769:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(maskpath, O_RDONLY);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:948:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/sys/devices/system/cpu/possible", O_RDONLY); /* binding only supported in real fsroot, no need for data->root_fd */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:1088:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tids[nr_tids++] = atoi(dirent->d_name);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:1104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char taskdir_path[128];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:1508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:1509:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:1528:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, O_RDONLY); /* no fsroot for real /proc */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:1887:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/sys/devices/system/node/possible", O_RDONLY); /* binding only supported in real fsroot, no need for data->root_fd */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2123:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
root_fd = open(fsroot_path, O_RDONLY | O_DIRECTORY);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuset_name[CPUSET_NAME_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2307:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[CGROUP_LINE_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuset_filename[CPUSET_FILENAME_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SYSFS_NUMA_NODE_PATH_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2480:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[SYSFS_NUMA_NODE_PATH_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char meminfopath[SYSFS_NUMA_NODE_PATH_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2532:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char distancepath[SYSFS_NUMA_NODE_PATH_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2574:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dmi_line[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[128];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2596:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path, "/sys/devices/virtual/dmi/id");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2601:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path, "/sys/class/dmi/id");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2642:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2822:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unified_path[1024];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpu[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2980:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpu[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3000:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memory_mode[32];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3001:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cluster_mode[32];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3259:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512] = {0};
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3307:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hwdata->cluster_mode, data_beg, length);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3316:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hwdata->memory_mode, data_beg, length);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3381:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->cluster_mode, "Quadrant");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3383:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Cache");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3397:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->cluster_mode, "SNC2");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3399:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Cache");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3408:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->cluster_mode, "Quadrant");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3411:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Hybrid25");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3413:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Hybrid50");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3415:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Flat");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3437:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->cluster_mode, "SNC2");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3440:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Hybrid25");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3442:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Hybrid50");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3444:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Flat");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3459:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->cluster_mode, "SNC4");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3461:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Cache");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3470:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->cluster_mode, "SNC4");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3473:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Hybrid25");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3475:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Hybrid50");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3477:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hwdata->memory_mode, "Flat");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3586:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fallback = fallback_env ? atoi(fallback_env) : -1; /* by default, only fallback if needed */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3588:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int mscache_as_l3 = mscache_as_l3_env ? atoi(mscache_as_l3_env) : 1; /* L3 by default, for backward compat */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3777:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accesspath[SYSFS_NUMA_NODE_PATH_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3816:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mscpath[SYSFS_NUMA_NODE_PATH_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3835:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depth = atoi(dirent->d_name+5);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4075:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nodepath[SYSFS_NUMA_NODE_PATH_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4116:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int keep = env && atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nvgpunumapath[300], line[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4133:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nvgpu_node = atoi(value);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4140:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nvgpulocalcpuspath[300];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4170:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char daxpath[300];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4214:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int noquirk = (env && !atoi(env));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4319:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CPU_TOPOLOGY_STR_LEN];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4345:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char online[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4364:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!atoi(online)) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4603:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[20]; /* enough for a level number (one digit) or a type (Data/Instruction/Unified) */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4906:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[128]; /* vendor/model can be very long */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5058:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[64], *tmp, *end;
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5078:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128]; /* enough for utsname fields */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5127:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->fallback_nbprocessors = atoi(line+22);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5143:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(env, "w");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5506:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256], buf[10];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5527:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char olddevpath[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5590:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int node = atoi(buf);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[296]; /* osdevpath <= 256 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5646:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5647:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[64] = "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5648:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[64] = "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5649:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[64] = "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5650:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char revision[64] = "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blocktype[64] = "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5690:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(blocktype, "NVDIMM"); /* Save the blocktype now since udev reports "" so far */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5781:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "Western Digital");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5783:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "Seagate");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5785:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "Samsung");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5787:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "SanDisk");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5789:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "Toshiba");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5829:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5878:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[300];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5879:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5917:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5948:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[296]; /* osdevpath <= 256 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5949:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[128];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5960:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexid[16];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portstr[21];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5994:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[296]; /* osdevpath <= 256 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6023:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guidvalue[20];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6043:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statevalue[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6044:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lidvalue[11];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6045:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gidvalue[40];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6049:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statename[32];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6060:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lidname[32];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6070:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lidname[32];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6081:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gidname[32];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[296]; /* osdevpath <= 256 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char family[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sku[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[21];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6321:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char handle[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6322:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char phy_mem_handle[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6323:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem_err_handle[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6324:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tot_width[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6325:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dat_width[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6326:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char size[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6332:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char type_detail[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6333:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char speed[2];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256]; /* enough for memory device strings, or at least for each of them */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6467:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[128];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6527:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char config_space_cache[CONFIG_SPACE_CACHESIZE];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[16];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6666:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(value);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6691:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6692:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6868:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
root = open(fsroot_path, O_RDONLY | O_DIRECTORY);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6910:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned val = atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6918:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->use_dt = atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c:445:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c:1213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cachesize[64] = "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c:1214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memsize[64] = "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c:1279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aritys[12] = "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c:1308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char types[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-synthetic.c:1457:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:89:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuvendor[13];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpumodel[3*4*4+1];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:645:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(infos->cpuvendor, regs+1, 4*3);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:653:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(infos->cpumodel, regs, 4*4);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:656:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(infos->cpumodel + 4*4, regs, 4*4);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:659:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(infos->cpumodel + 4*4*2, regs, 4*4);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:815:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[12];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:1586:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line [32];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:1596:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "r");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:26:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose = atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:40:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nolibxml = !atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:44:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nolibxml = !atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:59:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nolibxml = !atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:63:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nolibxml = !atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:178:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lvalue = atoi(value);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:734:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c1, *cc1, t1[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1318:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = atoi(attrvalue);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1508:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(type_s)) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1533:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obj_attr_type = atoi(obj_attr_type_s);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1546:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
diff->obj_attr.obj_depth = atoi(obj_depth_s);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1547:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
diff->obj_attr.obj_index = atoi(obj_index_s);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1551:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(obj_attr_type_s)) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1622:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scalestring[20];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1658:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scalestring, "%f", scale);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2000:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2014:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", obj->os_index);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2086:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%llu", (unsigned long long) obj->gp_index);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2108:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%llu", (unsigned long long) obj->attr->numanode.local_memory);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2114:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%llu", (unsigned long long) obj->attr->numanode.page_types[i].size);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2116:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%llu", (unsigned long long) obj->attr->numanode.page_types[i].count);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2130:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%llu", (unsigned long long) obj->attr->cache.size);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2132:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", obj->attr->cache.depth);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2134:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", (unsigned) obj->attr->cache.linesize);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2136:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", obj->attr->cache.associativity);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2138:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", (int) obj->attr->cache.type);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2143:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", obj->attr->group.depth);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2148:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", obj->attr->group.kind);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2150:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", obj->attr->group.subkind);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2157:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d-%d", (int) obj->attr->bridge.upstream_type, (int) obj->attr->bridge.downstream_type);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2159:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", obj->attr->bridge.depth);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2162:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%04x:[%02x-%02x]",
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2172:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%04x:%02x:%02x.%01x",
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2178:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%04x [%04x:%04x] [%04x:%04x] %02x",
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2184:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%f", obj->attr->pcidev.linkspeed);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2188:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", (int) obj->attr->osdev.type);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2284:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", nbobjs);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2286:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", depth);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2288:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%f", 1.f);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2296:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%f", (float) dist->values[k]);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2496:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _tmp[255]; /* enough for (snprintf(format)+space) x maxperline */ \
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _tmp2[16]; \
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2507:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(_tmp2, "%lu", (unsigned long) _len); \
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2517:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _tmp[255]; /* enough for (snprintf(type+index)+space) x maxperline */ \
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _tmp2[16]; \
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2528:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(_tmp2, "%lu", (unsigned long) _len); \
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2538:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2549:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", nbobjs);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2551:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%lu", dist->kind);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2637:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2641:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", (int) diff->generic.type);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2646:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", diff->obj_attr.obj_depth);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2648:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", diff->obj_attr.obj_index);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2651:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", (int) diff->obj_attr.diff.generic.type);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2656:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%llu", (unsigned long long) diff->obj_attr.diff.uint64.index);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2658:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%llu", (unsigned long long) diff->obj_attr.diff.uint64.oldvalue);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2660:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%llu", (unsigned long long) diff->obj_attr.diff.uint64.newvalue);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2889:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2893:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%lu", (unsigned long) length);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:69:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hide = atoi(envvar);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[64], idx[12], attr[1024], *cpuset = NULL;
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:492:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old, new, sizeof(*old));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:747:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newobj->attr, src->attr, sizeof(*newobj->attr));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:752:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newobj->attr->numanode.page_types, src->attr->numanode.page_types, len);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:907:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->type_filter, old->type_filter, sizeof(old->type_filter));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:913:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new->binding_hooks, &old->binding_hooks, sizeof(old->binding_hooks));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:915:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->support.discovery, old->support.discovery, sizeof(*old->support.discovery));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:916:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->support.cpubind, old->support.cpubind, sizeof(*old->support.cpubind));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:917:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->support.membind, old->support.membind, sizeof(*old->support.membind));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:1181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typestr[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:1382:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char childstr[512];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:1383:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char objstr[512];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:1384:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1100];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:1560:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curstr[512];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:1561:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char objstr[512];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:1562:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1100];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:2571:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array, root->children, arity * sizeof(*array));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:2908:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(objs, topology->levels[0][0]->children, n_objs*sizeof(objs[0]));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:2969:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_objs[n_new_objs], objs[i]->children, objs[i]->arity * sizeof(new_objs[0]));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3280:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
|| ((env = getenv("HWLOC_THISSYSTEM_ALLOWED_RESOURCES")) != NULL && atoi(env)))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology.c:3299:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&node->attr->numanode, &topology->machine_memory, sizeof(topology->machine_memory));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/traversal.c:586:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char assoc[32];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/traversal.c:607:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char up[128], down[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/traversal.c:610:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkspeed[64]= "";
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/traversal.c:630:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkspeed[64]= "";
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/cuda.h:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HWLOC_CUDA_DEVICE_SYSFS_PATH_MAX];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/cuda.h:109:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "/sys/bus/pci/devices/%04x:%02x:%02x.0/local_cpus", domainid, busid, deviceid);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/cuda.h:206:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
&& atoi(osdev->name + 4) == (int) idx)
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/cudart.h:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HWLOC_CUDART_DEVICE_SYSFS_PATH_MAX];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/cudart.h:106:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "/sys/bus/pci/devices/%04x:%02x:%02x.0/local_cpus", (unsigned) domain, (unsigned) bus, (unsigned) dev);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/cudart.h:163:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
&& atoi(osdev->name + 4) == (int) idx)
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/deprecated.h:88:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(typeattrp, &attr.cache.type, sizeof(hwloc_obj_cache_type_t));
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/intel-mic.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HWLOC_INTEL_MIC_DEVICE_SYSFS_PATH_MAX];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/intel-mic.h:77:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "/sys/class/mic/mic%d", idx);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/intel-mic.h:84:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "/sys/class/mic/mic%d/pci_%02x:%02x.%02x/local_cpus", idx, pcibus, pcidev, pcifunc);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/intel-mic.h:122:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
&& atoi(osdev->name + 3) == (int) idx)
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/nvml.h:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HWLOC_NVML_DEVICE_SYSFS_PATH_MAX];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/nvml.h:77:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "/sys/bus/pci/devices/%04x:%02x:%02x.0/local_cpus", pci.domain, pci.bus, pci.device);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/nvml.h:109:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
&& atoi(osdev->name + 4) == (int) idx)
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/nvml.h:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[64];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/opencl.h:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HWLOC_OPENCL_DEVICE_SYSFS_PATH_MAX];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/opencl.h:145:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "/sys/bus/pci/devices/%04x:%02x:%02x.%01x/local_cpus", pcidomain, pcibus, pcidev, pcifunc);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/openfabrics-verbs.h:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HWLOC_OPENFABRICS_VERBS_SYSFS_PATH_MAX];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/hwloc/plugins.h:434:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verboseenv_value = verboseenv ? atoi(verboseenv) : 0;
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/debug.h:33:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enabled = atoi(env);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/map.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[0];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/map.h:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[0];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/map.h:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/private.h:448:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, src, len+1);
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/xml.h:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[32];
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/xml.h:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[40];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:116:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pci_filepath[MAX_PATH_LENGTH];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024] = "cat /proc/cpuinfo | grep \"processor\" | sort -u | wc -l";
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:151:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(buff);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024] = "cat /proc/cpuinfo | grep \"physical id\" | sort -u | wc -l";
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:168:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(buff);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:239:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rdpmc_file = fopen("/sys/bus/event_source/devices/cpu/rdpmc", "wb");
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:246:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nmi_watchdog_file = fopen("/proc/sys/kernel/nmi_watchdog", "wb");
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:915:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int pcihandle = open("/proc/bus/pci/00/00.0", O_RDONLY);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:954:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientmem_handle = open("/dev/mem", O_RDONLY);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpPath[200], buff[200];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1188:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bus[4];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1210:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(tmpPath,"r");
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1224:38: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(tmpPath,"r");
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1229:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numa_node = atoi(buff);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1286:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/proc/bus/pci/devices", "r");
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devidpath[1024];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1356:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(devidpath, "r");
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devidpath[1024];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1386:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(devidpath, "r");
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1538:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FD_PCI[socketId][device] = open( pcipath, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1628:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FD_PCI[socketId][device] = open( pcipath, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1992:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msr_file_name,"/dev/cpu/%d/msr",i);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1993:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FD_MSR[i] = open(msr_file_name, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1998:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msr_file_name,"/dev/msr%d",i);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1999:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FD_MSR[i] = open(msr_file_name, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:155:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(buff);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:163:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:167:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:198:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:202:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:319:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = open(filename, open_flag);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[1025];
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1025];
data/likwid-5.0.1+dfsg1/src/access_client.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exeprog[1024];
data/likwid-5.0.1+dfsg1/src/access_x86_clientmem.c:82:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int pcihandle = open("/proc/bus/pci/00/00.0", O_RDONLY);
data/likwid-5.0.1+dfsg1/src/access_x86_clientmem.c:85:63: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ERROR_PLAIN_PRINT(Cannot get start address: failed to open /proc/bus/pci/00/00.0);
data/likwid-5.0.1+dfsg1/src/access_x86_clientmem.c:126:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientmem_handle = open("/dev/mem", O_RDONLY);
data/likwid-5.0.1+dfsg1/src/access_x86_clientmem.c:129:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ERROR_PLAIN_PRINT(Unable to open /dev/mem for clientmem);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:165:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msr_file_name,"/dev/msr%d", cpu_id);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:166:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(msr_file_name, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:169:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msr_file_name,"/dev/cpu/%d/msr_safe", cpu_id);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:170:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(msr_file_name, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:173:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msr_file_name,"/dev/cpu/%d/msr", cpu_id);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:190:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(msr_file_name, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:214:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msr_file_name,"/dev/msr%d",cpu_id);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:215:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(msr_file_name, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:218:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msr_file_name,"/dev/cpu/%d/msr_safe", cpu_id);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:219:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(msr_file_name, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:222:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msr_file_name,"/dev/cpu/%d/msr", cpu_id);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:233:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FD[cpu_id] = open(msr_file_name, O_RDWR);
data/likwid-5.0.1+dfsg1/src/access_x86_pci.c:104:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ownopen = &open;
data/likwid-5.0.1+dfsg1/src/access_x86_pci.c:252:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ERROR_PRINT(Failed to open PCI device %s at path %s\n,
data/likwid-5.0.1+dfsg1/src/access_x86_pci.c:295:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ERROR_PRINT(Failed to open PCI device %s at path %s\n,
data/likwid-5.0.1+dfsg1/src/bstrlib.c:41:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bstr__memcpy(d,s,l) memcpy ((d), (s), (l))
data/likwid-5.0.1+dfsg1/src/bstrlib.c:704:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (b0->data[i] != ((const unsigned char *) blk)[i]) {
data/likwid-5.0.1+dfsg1/src/bstrlib.c:706:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
downcase (((const unsigned char *) blk)[i])) return 0;
data/likwid-5.0.1+dfsg1/src/bstrlib.c:815:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (b0->data[i] != ((const unsigned char *) blk)[i]) return BSTR_OK;
data/likwid-5.0.1+dfsg1/src/bstrlib.c:1284:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct charField { unsigned char content[CFCLEN]; };
data/likwid-5.0.1+dfsg1/src/bstrlib_helper.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/likwid-5.0.1+dfsg1/src/bstrlib_helper.c:154:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/likwid-5.0.1+dfsg1/src/configuration.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024] = { [0 ... 1023] = '\0' };
data/likwid-5.0.1+dfsg1/src/configuration.c:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/likwid-5.0.1+dfsg1/src/configuration.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/likwid-5.0.1+dfsg1/src/configuration.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[256];
data/likwid-5.0.1+dfsg1/src/configuration.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/likwid-5.0.1+dfsg1/src/configuration.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preconfigured[1024];
data/likwid-5.0.1+dfsg1/src/configuration.c:204:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(config.configFileName, "r");
data/likwid-5.0.1+dfsg1/src/configuration.c:269:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config.maxNumThreads = atoi(value);
data/likwid-5.0.1+dfsg1/src/configuration.c:273:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config.maxNumNodes = atoi(value);
data/likwid-5.0.1+dfsg1/src/cpustring.c:55:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(s);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:174:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = open(filename, open_flag);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:178:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = open(filename, open_flag);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1025];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1024];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:891:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:912:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:933:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:955:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:973:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:993:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:1013:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:1033:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:1053:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/ghash.c:203:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_mem, mem, byte_size);
data/likwid-5.0.1+dfsg1/src/ghash.c:729:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_str, str, length);
data/likwid-5.0.1+dfsg1/src/includes/bitUtil.h:66:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(_string,"%llX %llX", LLU_CAST (_mask).mask[0], LLU_CAST (_mask).mask[1]);
data/likwid-5.0.1+dfsg1/src/includes/frequency_client.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[LIKWID_FREQUENCY_MAX_DATA_LENGTH];
data/likwid-5.0.1+dfsg1/src/includes/likwid.h:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char architecture[20]; /*!< \brief name of the architecture like x86_64 or ppc64 (comparable with uname -m)*/
data/likwid-5.0.1+dfsg1/src/includes/lock.h:60:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((lock_handle = open(filepath, O_RDONLY )) == -1 )
data/likwid-5.0.1+dfsg1/src/includes/nvmon_types.h:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NVMON_DEFAULT_STR_LEN];
data/likwid-5.0.1+dfsg1/src/includes/nvmon_types.h:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[NVMON_DEFAULT_STR_LEN];
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:66:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen("/proc/sys/kernel/perf_event_paranoid", "r");
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:76:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
paranoid = atoi(buff);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:197:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:198:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:200:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "r");
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checkfolder[1024];
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:395:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(&(checkfolder[ret]), "/type");
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:396:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(checkfolder, "r");
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:402:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perf_type = atoi(checkfolder);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:468:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
allpid = (pid_t)atoi(getenv("LIKWID_PERF_PID"));
data/likwid-5.0.1+dfsg1/src/includes/power.h:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[512];
data/likwid-5.0.1+dfsg1/src/includes/power.h:226:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(perf_power_names[domain], "r");
data/likwid-5.0.1+dfsg1/src/includes/textcolor.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[13];
data/likwid-5.0.1+dfsg1/src/includes/textcolor.h:60:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "%c[%d;%dm", 0x1B, attr, fg + 30);
data/likwid-5.0.1+dfsg1/src/includes/textcolor.h:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[13];
data/likwid-5.0.1+dfsg1/src/includes/textcolor.h:69:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "%c[%dm", 0x1B, 0);
data/likwid-5.0.1+dfsg1/src/libnvctr.c:69:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ownatoi = &atoi;
data/likwid-5.0.1+dfsg1/src/libnvctr.c:237:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(markerfile,"w");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char execpid[20];
data/likwid-5.0.1+dfsg1/src/libperfctr.c:161:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ownatoi = &atoi;
data/likwid-5.0.1+dfsg1/src/libperfctr.c:189:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
HPMmode(atoi(modeStr));
data/likwid-5.0.1+dfsg1/src/libperfctr.c:193:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perfmon_verbosity = atoi(debugStr);
data/likwid-5.0.1+dfsg1/src/libperfctr.c:387:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(markerfile,"w");
data/likwid-5.0.1+dfsg1/src/libperfctr.c:503:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupSuffix[10];
data/likwid-5.0.1+dfsg1/src/libperfctr.c:504:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(groupSuffix, "-%d", groupSet->activeGroup);
data/likwid-5.0.1+dfsg1/src/libperfctr.c:534:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupSuffix[10];
data/likwid-5.0.1+dfsg1/src/libperfctr.c:535:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(groupSuffix, "-%d", groupSet->activeGroup);
data/likwid-5.0.1+dfsg1/src/libperfctr.c:591:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupSuffix[100];
data/likwid-5.0.1+dfsg1/src/libperfctr.c:593:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(groupSuffix, "-%d", groupSet->activeGroup);
data/likwid-5.0.1+dfsg1/src/libperfctr.c:667:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupSuffix[100];
data/likwid-5.0.1+dfsg1/src/libperfctr.c:669:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(groupSuffix, "-%d", groupSet->activeGroup);
data/likwid-5.0.1+dfsg1/src/libperfctr.c:710:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupSuffix[100];
data/likwid-5.0.1+dfsg1/src/libperfctr.c:712:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(groupSuffix, "-%d", groupSet->activeGroup);
data/likwid-5.0.1+dfsg1/src/luawid.c:1972:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4096];
data/likwid-5.0.1+dfsg1/src/numa_hwloc.c:61:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(filename), "r")))
data/likwid-5.0.1+dfsg1/src/numa_hwloc.c:86:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(filename), "r")))
data/likwid-5.0.1+dfsg1/src/numa_hwloc.c:129:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(sysfilename), "r")))
data/likwid-5.0.1+dfsg1/src/numa_hwloc.c:152:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(procfilename), "r")))
data/likwid-5.0.1+dfsg1/src/numa_proc.c:168:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(filename), "r")))
data/likwid-5.0.1+dfsg1/src/numa_proc.c:234:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(filename), "r")))
data/likwid-5.0.1+dfsg1/src/numa_proc.c:308:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(filename), "r")))
data/likwid-5.0.1+dfsg1/src/nvmon.c:925:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/likwid-5.0.1+dfsg1/src/nvmon.c:939:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/likwid-5.0.1+dfsg1/src/nvmon.c:998:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regiontag[100];
data/likwid-5.0.1+dfsg1/src/nvmon.c:1011:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
groupid = atoi(ptr+1);
data/likwid-5.0.1+dfsg1/src/nvmon.c:1022:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remain[1024];
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:81:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(socket_bus[cntr++], "%02x/", obj->attr->pcidev.bus);
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iPath[200], iiPath[200], buff[100];
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testDev[50];
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:118:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bus[4];
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:136:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(iiPath,"r");
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:148:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(iiPath,"r");
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:154:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numa_node = atoi(buff);
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:156:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(socket_bus[numa_node], "%02x/", bus);
data/likwid-5.0.1+dfsg1/src/pci_proc.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pci_filepath[1024];
data/likwid-5.0.1+dfsg1/src/pci_proc.c:56:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pci_filepath, "/proc/bus/pci/%02x/05.0", cur_bus);
data/likwid-5.0.1+dfsg1/src/pci_proc.c:57:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = open(pci_filepath, O_RDONLY);
data/likwid-5.0.1+dfsg1/src/pci_proc.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/likwid-5.0.1+dfsg1/src/pci_proc.c:110:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/proc/bus/pci/devices", "r");
data/likwid-5.0.1+dfsg1/src/pci_proc.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/likwid-5.0.1+dfsg1/src/pci_proc.c:174:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fptr = fopen( "/proc/bus/pci/devices", "r")) == NULL )
data/likwid-5.0.1+dfsg1/src/pci_proc.c:190:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(socket_bus[cntr], "%02x/", sbus);
data/likwid-5.0.1+dfsg1/src/pci_proc.c:194:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(socket_bus[cntr], "%02x/", busID);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = { [0 ... 255] = '\0' };
data/likwid-5.0.1+dfsg1/src/perfgroup.c:309:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s = sprintf((*groupnames)[i], "%.*s", (int)(strlen(ep->d_name)-4), ep->d_name);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:311:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fullpath,"r");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:457:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s = sprintf((*groupnames)[i], "%.*s", (int)(strlen(ep->d_name)-4), ep->d_name);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:459:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(homepath,"r");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:824:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/likwid-5.0.1+dfsg1/src/perfgroup.c:872:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(bdata(fullpath), "r");
data/likwid-5.0.1+dfsg1/src/perfgroup.c:895:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ginfo->shortinfo, "%.*s", (int)strlen(&(buf[i]))-1, &(buf[i]));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1134:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&(ginfo->longinfo[s]), "%.*s", (int)strlen(buf), buf);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1290:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, eventHash, perfmon_numArchEvents*sizeof(PerfmonEvent));
data/likwid-5.0.1+dfsg1/src/perfmon.c:2023:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
forceOverwrite = atoi(force_str);
data/likwid-5.0.1+dfsg1/src/perfmon.c:3461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/likwid-5.0.1+dfsg1/src/perfmon.c:3475:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/likwid-5.0.1+dfsg1/src/perfmon.c:3536:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regiontag[100];
data/likwid-5.0.1+dfsg1/src/perfmon.c:3549:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
groupid = atoi(ptr+1);
data/likwid-5.0.1+dfsg1/src/perfmon.c:3560:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remain[1024];
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:185:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[512];
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:186:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:187:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/likwid-5.0.1+dfsg1/src/pthread-overload/pthread-overload.c:197:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpipe = fopen(file, "r");
data/likwid-5.0.1+dfsg1/src/timer.c:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/likwid-5.0.1+dfsg1/src/timer.c:314:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cyclesClock = (uint64_t) atoi(buff);
data/likwid-5.0.1+dfsg1/src/timer.c:323:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpuClock = (uint64_t) atoi(buff);
data/likwid-5.0.1+dfsg1/src/timer.c:501:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[256];
data/likwid-5.0.1+dfsg1/src/timer.c:502:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/likwid-5.0.1+dfsg1/src/timer.c:505:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "/sys/devices/system/cpu/cpu%d/cpufreq/scaling_cur_freq", cpu_id);
data/likwid-5.0.1+dfsg1/src/topology.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char structure[256];
data/likwid-5.0.1+dfsg1/src/topology.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[256];
data/likwid-5.0.1+dfsg1/src/topology.c:230:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[256];
data/likwid-5.0.1+dfsg1/src/topology.c:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/likwid-5.0.1+dfsg1/src/topology.c:240:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/likwid-5.0.1+dfsg1/src/topology.c:355:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[128];
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:302:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen ("/proc/cpuinfo", "r")))
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:377:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "SSE3 ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:382:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "MONITOR ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:387:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "VMX ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:392:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "EIST ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:397:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "TM2 ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:402:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "SSSE3 ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:407:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "FMA ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:412:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "SSE4.1 ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:417:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "SSE4.2 ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:422:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "AES ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:427:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "AVX ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:432:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "RDRAND ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:438:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "ACPI ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:443:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "MMX ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:448:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "SSE ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:453:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "SSE2 ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:458:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "HTT ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:463:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "TM ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:472:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "AVX2 ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:477:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "RTM ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:482:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "HLE ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:487:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "RDSEED ");
data/likwid-5.0.1+dfsg1/src/topology_cpuid.c:495:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cpuid_info.features, "RDTSCP ");
data/likwid-5.0.1+dfsg1/src/topology_gpu.c:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1024];
data/likwid-5.0.1+dfsg1/src/topology_gpu.c:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/likwid-5.0.1+dfsg1/src/topology_gpu.c:184:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(fname, "r");
data/likwid-5.0.1+dfsg1/src/topology_gpu.c:188:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int numa_node = atoi(buff);
data/likwid-5.0.1+dfsg1/src/topology_gpu.c:219:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ERROR_PLAIN_PRINT(Cannot open CUDA library to fill GPU topology);
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:65:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ownatoi = &atoi;
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:67:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen ("/proc/cpuinfo", "r")))
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:142:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen ("/proc/cpuinfo", "r")))
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:272:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpuid_info.model = atoi(info);
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:274:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpuid_info.family = atoi(info);
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:278:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpuid_info.stepping = atoi(info);
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:283:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpuid_info.family = atoi(info);
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:285:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpuid_info.model = atoi(info);
data/likwid-5.0.1+dfsg1/src/topology_proc.c:119:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ownatoi = &atoi;
data/likwid-5.0.1+dfsg1/src/topology_proc.c:192:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ownatoi = &atoi;
data/likwid-5.0.1+dfsg1/src/topology_proc.c:232:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen ("/proc/cpuinfo", "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/likwid-5.0.1+dfsg1/src/topology_proc.c:345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ident[30];
data/likwid-5.0.1+dfsg1/src/topology_proc.c:594:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ownatoi = &atoi;
data/likwid-5.0.1+dfsg1/src/topology_proc.c:614:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(file), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:628:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(file), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:640:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(file), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:734:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ownatoi = &atoi;
data/likwid-5.0.1+dfsg1/src/topology_proc.c:738:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(levelStr), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:762:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(levelStr), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:771:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(levelStr), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:802:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(levelStr), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:817:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(levelStr), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:831:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(levelStr), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:845:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(levelStr), "r")))
data/likwid-5.0.1+dfsg1/src/topology_proc.c:863:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL != (fp = fopen (bdata(levelStr), "r")))
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:34:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* procfile = fopen("/proc/self/stat", "r");
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[to_read];
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:49:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpu_id = atoi(line);
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[HOST_NAME_MAX+1];
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:130:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[HOST_NAME_MAX];
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:182:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:183:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "pstree -p -H %d %d",pid, pid);
data/likwid-5.0.1+dfsg1/test/MPI_pin_test.c:195:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nthreads = atoi(getenv("PTHREAD_THREADS"));
data/likwid-5.0.1+dfsg1/test/jacobi-2D-5pt.c:40:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regname[100];
data/likwid-5.0.1+dfsg1/test/jacobi-2D-5pt.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thread_num_str[5];
data/likwid-5.0.1+dfsg1/test/jacobi-2D-5pt.c:101:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(thread_num_str, "%d", thread_num);
data/likwid-5.0.1+dfsg1/test/jacobi-2D-5pt.c:102:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Size_str[7];
data/likwid-5.0.1+dfsg1/test/jacobi-2D-5pt.c:103:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Size_str, "%d", Size);
data/likwid-5.0.1+dfsg1/test/jacobi-2D-5pt.c:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mlup_str[10];
data/likwid-5.0.1+dfsg1/test/jacobi-2D-5pt.c:105:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mlup_str, "%6.4f", mlups);
data/likwid-5.0.1+dfsg1/test/serial.c:19:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(argv[1]);
data/likwid-5.0.1+dfsg1/test/stream-API.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char estr[1024];
data/likwid-5.0.1+dfsg1/test/stream_cilk.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuCount[20];
data/likwid-5.0.1+dfsg1/test/test-msr-access.c:27:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msr_fd = open(msr_name, O_RDWR);
data/likwid-5.0.1+dfsg1/test/testmarker-cnt.c:41:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label,"plain-%d",counter);
data/likwid-5.0.1+dfsg1/bench/likwid-bench.c:361:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(compilepath) == 0)
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:68:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(map[i].pattern) > 0)
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:79:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(map[i].pattern) > 0)
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:81:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(map[i].pattern) > max)
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:82:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = strlen(map[i].pattern);
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:391:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(map[j].pattern) == s)
data/likwid-5.0.1+dfsg1/bench/src/ptt2asm.c:464:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(&(ep->d_name[strlen(ep->d_name)-4]), ".ptt", 4) == 0)
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/example/autotee/test_autotee.c:41:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite("Seventh line\n", 1, strlen("Seventh line\n"), stdout);
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:225:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static int ulong_to_hexstr(unsigned long num, char *str, int strlen, int uppercase)
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:232:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen < 2)
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:240:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len + 1 >= strlen)
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:253:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static int ulong_to_str(unsigned long num, char *str, int strlen)
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:259:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen < 2)
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:267:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len + 1 >= strlen)
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:279:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static int slong_to_str(signed long num, char *str, int strlen)
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.c:283:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ulong_to_str((unsigned long) num, str, strlen);
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.h:48:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define gotcha_read read
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.h:51:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define gotcha_strlen strlen
data/likwid-5.0.1+dfsg1/ext/GOTCHA/src/libc_wrappers.h:54:35: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define gotcha_strncat strncat
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/bind.c:592:7: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
p = memalign(hwloc_getpagesize(), len);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/bitmap.c:656:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chars = (int)strlen(current);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:109:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char componentsymbolname[strlen(basename)+10+1];
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:250:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strcspn(component->name, HWLOC_COMPONENT_SEPS) != strlen(component->name)) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/components.c:435:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(name);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:22:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/pci-common.c:143:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (buffer && read(fd, buffer, st.st_size) == st.st_size) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/shmem.c:167:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(fd, &header, sizeof(header));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:532:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, string, length-1); /* read -1 to put the ending \0 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:591:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buffer, toread+1);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:619:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buffer+toread+1, toread);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:1533:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(fd, buf, sizeof(buf)-1); /* read -1 to put the ending \0 */
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:2659:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t cb = read(file, ret, fs.st_size);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3286:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp("cache_size:", data_beg, strlen("cache_size"))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3289:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp("line_size:", data_beg, strlen("line_size:"))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3292:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp("inclusiveness:", data_beg, strlen("inclusiveness:"))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3295:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp("associativity:", data_beg, strlen("associativity:"))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3301:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp("cluster_mode: ", data_beg, strlen("cluster_mode: "))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3303:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_beg += strlen("cluster_mode: ");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3310:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp("memory_mode: ", data_beg, strlen("memory_mode: "))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:3312:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_beg += strlen("memory_mode: ");
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:4124:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, line, sizeof(line)-1);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5020:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fd);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5102:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->utsname.sysname, line+8, sizeof(data->utsname.sysname));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5107:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->utsname.release, line+11, sizeof(data->utsname.release));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5112:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->utsname.version, line+11, sizeof(data->utsname.version));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5117:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->utsname.nodename, line+10, sizeof(data->utsname.nodename));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5122:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->utsname.machine, line+14, sizeof(data->utsname.machine));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5587:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(fd, buf, sizeof(buf));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5716:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vendor, prop, sizeof(vendor));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5721:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, prop, sizeof(model));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5726:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(revision, prop, sizeof(revision));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5731:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(serial, prop, sizeof(serial));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5736:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blocktype, prop, sizeof(blocktype));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5754:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(line, "E:ID_VENDOR=", strlen("E:ID_VENDOR="))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5755:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vendor, line+strlen("E:ID_VENDOR="), sizeof(vendor));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5755:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(vendor, line+strlen("E:ID_VENDOR="), sizeof(vendor));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5757:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp(line, "E:ID_MODEL=", strlen("E:ID_MODEL="))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5758:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, line+strlen("E:ID_MODEL="), sizeof(model));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5758:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(model, line+strlen("E:ID_MODEL="), sizeof(model));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5760:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp(line, "E:ID_REVISION=", strlen("E:ID_REVISION="))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5761:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(revision, line+strlen("E:ID_REVISION="), sizeof(revision));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5761:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(revision, line+strlen("E:ID_REVISION="), sizeof(revision));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5763:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp(line, "E:ID_SERIAL_SHORT=", strlen("E:ID_SERIAL_SHORT="))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5764:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(serial, line+strlen("E:ID_SERIAL_SHORT="), sizeof(serial));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5764:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(serial, line+strlen("E:ID_SERIAL_SHORT="), sizeof(serial));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5766:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp(line, "E:ID_TYPE=", strlen("E:ID_TYPE="))) {
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5767:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blocktype, line+strlen("E:ID_TYPE="), sizeof(blocktype));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:5767:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blocktype, line+strlen("E:ID_TYPE="), sizeof(blocktype));
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6349:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(buffer, " ") == strlen(buffer))
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6385:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(buffer+boff);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-linux.c:6558:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, config_space_cache, CONFIG_SPACE_CACHESIZE);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:84:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filenamelen = strlen(dirpath) + 15;
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:1592:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(src_cpuiddump_path) + strlen("/hwloc-cpuid-info") + 1);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-x86.c:1592:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(src_cpuiddump_path) + strlen("/hwloc-cpuid-info") + 1);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:688:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fakename = malloc(6 + 1 + (name ? strlen(name) : 4) + 1);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:1981:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new = malloc(strlen(old)+1);
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2914:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name && hwloc__xml_export_check_buffer(name, strlen(name)) < 0)
data/likwid-5.0.1+dfsg1/ext/hwloc/hwloc/topology-xml.c:2963:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name && hwloc__xml_export_check_buffer(name, strlen(name)) < 0) {
data/likwid-5.0.1+dfsg1/ext/hwloc/include/private/private.h:445:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(src);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1189:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bus, &(pDirent->d_name[strlen(pDirent->d_name)-2]), 2);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1189:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(bus, &(pDirent->d_name[strlen(pDirent->d_name)-2]), 2);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1206:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pcidev->path && strcmp(&(pDirentInner->d_name[strlen(pDirentInner->d_name)-4]), pcidev->path) != 0)
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1429:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
devid = get_devid((int)(strlen(buff)-1), buff);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1431:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nodeid = get_nodeid((int)(strlen(buff)-1), buff);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1438:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i= strlen(buff)-1; i>= 0; i--)
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1452:123: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = snprintf(*filepath, pathlen-1, "/proc/bus/pci/%.*s/%.*s", (int)(mid-start-1), &(buff[start]), (int)(strlen(buff)-mid-1), &(buff[mid]));
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1937:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr1.sun_path, filepath, (sizeof(addr1.sun_path) - 1)); /* null terminated by the bzero() above! */
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1941:16: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oldumask = umask(077);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:1982:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(oldumask);
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:2072:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pci_devices_daemon[i].path && strlen(pci_devices_daemon[i].path) > 0)
data/likwid-5.0.1+dfsg1/src/access-daemon/accessDaemon.c:2096:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(connfd, (void*) &dRecord, sizeof(AccessDataRecord));
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:170:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(fd, buff, LIKWID_FREQUENCY_MAX_DATA_LENGTH-1);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:174:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
avail_govs = malloc((strlen(buff)+2)*sizeof(char));
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:177:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = snprintf(avail_govs, strlen(buff)+1, "%s", buff);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:205:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(fd, buff, LIKWID_FREQUENCY_MAX_DATA_LENGTH-1);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:210:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(buff); i++)
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:221:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
avail_freqs[count] = malloc((strlen(token)+2) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:224:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = snprintf(avail_freqs[count], strlen(token)+1, "%s", token);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:248:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(avail_freqs[i], data, strlen(avail_freqs[i])) == 0)
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:582:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(read_fd, rec->data, LIKWID_FREQUENCY_MAX_DATA_LENGTH);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:710:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr1.sun_path, filepath, (sizeof(addr1.sun_path) - 1)); /* null terminated by the bzero() above! */
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:714:16: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oldumask = umask(077);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:755:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(oldumask);
data/likwid-5.0.1+dfsg1/src/access-daemon/setFreqDaemon.c:781:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(connfd, (void*) &dRecord, sizeof(FreqDataRecord));
data/likwid-5.0.1+dfsg1/src/access_client.c:175:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2500);
data/likwid-5.0.1+dfsg1/src/access_client.c:322:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_ERROR(read(socket, &record, sizeof(AccessDataRecord)), socket read failed);
data/likwid-5.0.1+dfsg1/src/access_client.c:322:77: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_ERROR(read(socket, &record, sizeof(AccessDataRecord)), socket read failed);
data/likwid-5.0.1+dfsg1/src/access_client.c:413:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_ERROR(read(socket, &record, sizeof(AccessDataRecord)), socket read failed);
data/likwid-5.0.1+dfsg1/src/access_client.c:413:77: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_ERROR(read(socket, &record, sizeof(AccessDataRecord)), socket read failed);
data/likwid-5.0.1+dfsg1/src/access_client.c:485:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_ERROR(read(socket, &record, sizeof(AccessDataRecord)), socket read failed);
data/likwid-5.0.1+dfsg1/src/access_client.c:485:77: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_ERROR(read(socket, &record, sizeof(AccessDataRecord)), socket read failed);
data/likwid-5.0.1+dfsg1/src/access_x86_msr.c:122:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100);
data/likwid-5.0.1+dfsg1/src/bstrlib.c:188:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (strlen) (str);
data/likwid-5.0.1+dfsg1/src/bstrlib.c:216:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (strlen) (str);
data/likwid-5.0.1+dfsg1/src/bstrlib.c:380:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return bcatblk (b, (const void *) s, (int) strlen (s));
data/likwid-5.0.1+dfsg1/src/bstrlib.c:515:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str + i);
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2782:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = (int) (2*strlen (fmt))) < START_VSNBUFF) n = START_VSNBUFF;
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2794:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff->slen = (int) (strlen) ((char *) buff->data);
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2830:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = (int) (2*strlen (fmt))) < START_VSNBUFF) n = START_VSNBUFF;
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2842:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff->slen = (int) (strlen) ((char *) buff->data);
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2877:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = (int) (2*strlen (fmt))) < START_VSNBUFF) n = START_VSNBUFF;
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2889:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff->slen = (int) (strlen) ((char *) buff->data);
data/likwid-5.0.1+dfsg1/src/bstrlib.c:2937:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n >= (l = b->slen + (int) (strlen) ((const char *) b->data + b->slen))) {
data/likwid-5.0.1+dfsg1/src/calculator.c:606:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*tk == '-' && strlen(tk) > 1)
data/likwid-5.0.1+dfsg1/src/calculator.c:769:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tmpToken[0] != '\0' && strlen(tmpToken) > 0)
data/likwid-5.0.1+dfsg1/src/calculator.c:776:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newToken = malloc((strlen(tmpToken)+1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/calculator.c:783:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newToken[strlen(tmpToken)] = '\0';
data/likwid-5.0.1+dfsg1/src/configuration.c:65:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
groupPath_len = strlen(TOSTRING(GROUPPATH))+10;
data/likwid-5.0.1+dfsg1/src/configuration.c:94:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config.daemonPath, fptr, len);
data/likwid-5.0.1+dfsg1/src/configuration.c:118:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.daemonPath = (char*)malloc((strlen(filename)+1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/configuration.c:171:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((config.topologyCfgFileName == NULL) && (strlen(filename) == 0))
data/likwid-5.0.1+dfsg1/src/configuration.c:188:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.topologyCfgFileName = (char*)malloc((strlen(preconfigured)+1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/configuration.c:190:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.topologyCfgFileName[strlen(preconfigured)] = '\0';
data/likwid-5.0.1+dfsg1/src/configuration.c:194:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(filename) == 0) || (!access(filename, R_OK)))
data/likwid-5.0.1+dfsg1/src/configuration.c:200:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.configFileName = malloc((strlen(filename)+1)*sizeof(char));
data/likwid-5.0.1+dfsg1/src/configuration.c:202:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.configFileName[strlen(filename)] = '\0';
data/likwid-5.0.1+dfsg1/src/configuration.c:222:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.topologyCfgFileName = (char*)malloc((strlen(value)+1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/configuration.c:224:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.topologyCfgFileName[strlen(value)] = '\0';
data/likwid-5.0.1+dfsg1/src/configuration.c:228:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.daemonPath = (char*)malloc((strlen(value)+1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/configuration.c:230:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.daemonPath[strlen(value)] = '\0';
data/likwid-5.0.1+dfsg1/src/configuration.c:246:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.groupPath = (char*)malloc((strlen(value)+1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/configuration.c:248:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config.groupPath[strlen(value)] = '\0';
data/likwid-5.0.1+dfsg1/src/configuration.c:339:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)(strlen(path)+1) > groupPath_len)
data/likwid-5.0.1+dfsg1/src/configuration.c:341:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new = malloc(strlen(path)+1);
data/likwid-5.0.1+dfsg1/src/configuration.c:352:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
groupPath_len = strlen(path);
data/likwid-5.0.1+dfsg1/src/cpustring.c:49:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:363:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2500);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:426:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, data, len);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:501:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, data, len);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:556:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_ERROR(read(fsocket, &record, sizeof(FreqDataRecord)), socket read failed);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:556:76: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_ERROR(read(fsocket, &record, sizeof(FreqDataRecord)), socket read failed);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:635:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PLAIN_PRINT(Cannot read register 0xC0010015);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:683:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PLAIN_PRINT(Cannot read register 0xC0010015);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:744:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PRINT(Cannot read register 0x%x, MSR_IA32_MISC_ENABLE);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:792:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PRINT(Cannot read register 0x%x, MSR_IA32_MISC_ENABLE);
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:1084:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-1] = '\0';
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:1105:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-1] = '\0';
data/likwid-5.0.1+dfsg1/src/frequency_cpu.c:1126:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-1] = '\0';
data/likwid-5.0.1+dfsg1/src/ghash.c:727:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (str) + 1;
data/likwid-5.0.1+dfsg1/src/includes/bstrlib.h:219:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(t).slen = ((t).data) ? ((int) (strlen) ((char *)(t).data)) : 0; \
data/likwid-5.0.1+dfsg1/src/includes/error.h:118:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define CHECK_MSR_READ_ERROR(func) CHECK_AND_RETURN_ERROR(func, MSR read operation failed);
data/likwid-5.0.1+dfsg1/src/includes/error.h:120:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define CHECK_PCI_READ_ERROR(func) CHECK_AND_RETURN_ERROR(func, PCI read operation failed);
data/likwid-5.0.1+dfsg1/src/includes/error.h:121:82: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define CHECK_POWER_READ_ERROR(func) CHECK_AND_RETURN_ERROR(func, Power register read operation failed);
data/likwid-5.0.1+dfsg1/src/includes/error.h:122:87: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define CHECK_TEMP_READ_ERROR(func) CHECK_AND_RETURN_ERROR(func, Temperature register read operation failed);
data/likwid-5.0.1+dfsg1/src/includes/nvmon_cupti.h:464:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out->name = malloc(strlen(event->name)+2);
data/likwid-5.0.1+dfsg1/src/includes/nvmon_cupti.h:467:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = snprintf(out->name, strlen(event->name)+1, "%s", event->name);
data/likwid-5.0.1+dfsg1/src/includes/nvmon_cupti.h:473:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out->desc = malloc(strlen(event->description)+2);
data/likwid-5.0.1+dfsg1/src/includes/nvmon_cupti.h:476:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = snprintf(out->desc, strlen(event->description)+1, "%s", event->description);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:129:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:229:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:268:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:314:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:319:71: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if ((event->eventId == 0x13 || event->eventId == 0x11) && (event->umask & 0x2ULL))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:412:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if ((event->umask > 0x00) && (event->umask <= 0x3))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:412:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if ((event->umask > 0x00) && (event->umask <= 0x3))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:414:26: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask << 14);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:488:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:562:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:647:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:693:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:743:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:791:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_broadwell.h:851:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_core2.h:72:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_goldmont.h:82:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:126:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:211:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:256:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:338:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:382:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if ((event->umask > 0x00) && (event->umask <= 0x3))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:382:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if ((event->umask > 0x00) && (event->umask <= 0x3))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:384:26: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask << 14);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:458:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:537:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:591:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:641:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:692:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:742:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_haswell.h:794:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_interlagos.h:51:60: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((uint64_t)(event->eventId>>8)<<32) + (event->umask<<8) + (event->eventId & ~(0xF00U));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_interlagos.h:97:60: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((uint64_t)(event->eventId>>8)<<32) + (event->umask<<8) + (event->eventId & ~(0xF00U));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge.h:122:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge.h:206:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge.h:258:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge.h:326:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge.h:418:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge.h:457:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge.h:539:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_ivybridge.h:659:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_k10.h:50:60: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((uint64_t)(event->eventId>>8)<<32) + (event->umask<<8) + (event->eventId & ~(0xF00U));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_kabini.h:53:60: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((uint64_t)(event->eventId>>8)<<32) + (event->umask<<8) + (event->eventId & ~(0xF00U));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_kabini.h:99:60: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((uint64_t)(event->eventId>>8)<<32) + (event->umask<<8) + (event->eventId & ~(0xF00U));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_kabini.h:118:60: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((uint64_t)(event->eventId>>8)<<32) + (event->umask<<8) + (event->eventId & ~(0xF00U));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_knl.h:82:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_knl.h:173:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_knl.h:278:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_knl.h:399:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalem.h:78:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalem.h:161:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:85:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:197:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0xFULL)<<7;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:203:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<4;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:209:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<6;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:215:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<6;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:225:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1FULL)<<8;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:242:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0xFULL)<<7;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:253:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1FULL)<<19;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:256:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<18;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:259:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<17;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:262:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<7;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:271:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0xFULL);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:278:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<12;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:293:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<15;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:308:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<18;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:323:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<21;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:338:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<10;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:345:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:352:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<11;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:359:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x3ULL)<<9;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:375:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x3ULL)<<7;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:417:30: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask & 0x1FULL)<<1;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:419:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
switch (event->umask)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:448:30: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask & 0x1FULL)<<1;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:454:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
switch (event->umask)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:545:21: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |=(event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:586:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_nehalemEX.h:630:21: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |=(event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:74:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > 0)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:195:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(base) > 0 && strlen(perfEventOptionNames[type]) > 0)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:195:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(base) > 0 && strlen(perfEventOptionNames[type]) > 0)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:217:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(buff[s] != ':' && e < strlen(buff)) {
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:222:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(buff[e] != '-' && e < strlen(buff)) {
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:227:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (e < strlen(buff))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:272:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
attr->config = (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:405:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
attr->config = (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:666:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(cpu_event_fds[cpu_id][index],
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:694:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(cpu_event_fds[cpu_id][index], &tmp, sizeof(long long));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_perfevent.h:722:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(cpu_event_fds[cpu_id][index], &tmp, sizeof(long long));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_phi.h:51:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_pm.h:53:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h:122:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h:205:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h:330:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h:368:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h:422:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h:465:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h:573:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h:669:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_sandybridge.h:711:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_silvermont.h:78:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:131:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:232:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:289:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:337:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:342:71: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if ((event->eventId == 0x13 || event->eventId == 0x11) && (event->umask & 0x2ULL))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:446:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:515:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if ((event->umask > 0x00) && (event->umask <= 0x3))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:515:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if ((event->umask > 0x00) && (event->umask <= 0x3))
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:517:26: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask << 14);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:587:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:643:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_skylake.h:689:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_types.h:181:21: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
uint64_t umask; /*!< \brief Most events need to specify a mask to limit counting */
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:82:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:201:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:242:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:286:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask<<8) + event->eventId;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:434:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0xFULL)<<7;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:440:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<4;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:446:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<6;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:452:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<6;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:462:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1FULL)<<8;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:479:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0xFULL)<<7;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:490:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1FULL)<<19;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:493:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<18;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:496:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<17;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:499:42: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<7;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:508:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0xFULL);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:515:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<12;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:530:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<15;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:545:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<18;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:560:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x7ULL)<<21;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:575:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<10;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:582:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:589:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x1ULL)<<11;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:596:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x3ULL)<<9;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:612:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
subflags1 |= (event->umask & 0x3ULL)<<7;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:653:30: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask & 0x1FULL)<<1;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:655:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
switch (event->umask)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:684:30: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= (event->umask & 0x1FULL)<<1;
data/likwid-5.0.1+dfsg1/src/includes/perfmon_westmereEX.h:690:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
switch (event->umask)
data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen.h:75:23: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((event->umask & AMD_K17_PMC_UNIT_MASK) << AMD_K17_PMC_UNIT_SHIFT);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen.h:122:23: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((event->umask & AMD_K17_L3_UNIT_MASK) << AMD_K17_L3_UNIT_SHIFT);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen.h:165:60: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((uint64_t)(event->eventId>>8)<<32) + (event->umask<<8) + (event->eventId & ~(0xF00U));
data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen2.h:75:23: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((event->umask & AMD_K17_PMC_UNIT_MASK) << AMD_K17_PMC_UNIT_SHIFT);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen2.h:122:23: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((event->umask & AMD_K17_L3_UNIT_MASK) << AMD_K17_L3_UNIT_SHIFT);
data/likwid-5.0.1+dfsg1/src/includes/perfmon_zen2.h:169:23: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
flags |= ((event->umask & AMD_K17_DF_UNIT_MASK) << AMD_K17_DF_UNIT_SHIFT);
data/likwid-5.0.1+dfsg1/src/likwid_f90_interface.c:69:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, regionTag, len * sizeof(char) );
data/likwid-5.0.1+dfsg1/src/likwid_f90_interface.c:87:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, regionTag, len * sizeof(char) );
data/likwid-5.0.1+dfsg1/src/likwid_f90_interface.c:105:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, regionTag, len * sizeof(char) );
data/likwid-5.0.1+dfsg1/src/likwid_f90_interface.c:129:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, regionTag, len * sizeof(char) );
data/likwid-5.0.1+dfsg1/src/likwid_f90_interface.c:146:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, regionTag, len * sizeof(char) );
data/likwid-5.0.1+dfsg1/src/luawid.c:301:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
luaL_argcheck(L, strlen(tmpString) > 0, n, "Event string must be larger than 0");
data/likwid-5.0.1+dfsg1/src/luawid.c:1033:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(eventHash[i-1].limit) == 0)
data/likwid-5.0.1+dfsg1/src/luawid.c:1045:57: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
lua_pushinteger(L, (lua_Integer)(eventHash[i-1].umask));
data/likwid-5.0.1+dfsg1/src/luawid.c:2245:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i=0;i<strlen(perm);i++)
data/likwid-5.0.1+dfsg1/src/luawid.c:3416:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
luaL_argcheck(L, strlen(tmpString) > 0, n, "Event string must be larger than 0");
data/likwid-5.0.1+dfsg1/src/nvmon.c:244:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base->events[bidx].name = malloc((strlen(new->events[i].name)+1)*sizeof(char));
data/likwid-5.0.1+dfsg1/src/nvmon.c:247:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base->events[bidx].name, new->events[i].name, strlen(new->events[i].name));
data/likwid-5.0.1+dfsg1/src/nvmon.c:247:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(base->events[bidx].name, new->events[i].name, strlen(new->events[i].name));
data/likwid-5.0.1+dfsg1/src/nvmon.c:249:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base->events[bidx].desc = malloc((strlen(new->events[i].desc)+1)*sizeof(char));
data/likwid-5.0.1+dfsg1/src/nvmon.c:252:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base->events[bidx].desc, new->events[i].desc, strlen(new->events[i].desc));
data/likwid-5.0.1+dfsg1/src/nvmon.c:252:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(base->events[bidx].desc, new->events[i].desc, strlen(new->events[i].desc));
data/likwid-5.0.1+dfsg1/src/nvmon.c:254:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base->events[bidx].limit = malloc((strlen(new->events[i].limit)+1)*sizeof(char));
data/likwid-5.0.1+dfsg1/src/nvmon.c:257:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base->events[bidx].limit, new->events[i].limit, strlen(new->events[i].limit));
data/likwid-5.0.1+dfsg1/src/nvmon.c:257:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(base->events[bidx].limit, new->events[i].limit, strlen(new->events[i].limit));
data/likwid-5.0.1+dfsg1/src/nvmon.c:394:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PRINT(Cannot read performance group %s, eventCString);
data/likwid-5.0.1+dfsg1/src/nvmon.c:1012:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(regiontag, strlen(regiontag)-strlen(ptr)+1, "%s", &(buf[colonptr-buf+1]));
data/likwid-5.0.1+dfsg1/src/nvmon.c:1012:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(regiontag, strlen(regiontag)-strlen(ptr)+1, "%s", &(buf[colonptr-buf+1]));
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:119:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bus, &(pDirent->d_name[strlen(pDirent->d_name)-2]), 2);
data/likwid-5.0.1+dfsg1/src/pci_hwloc.c:119:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(bus, &(pDirent->d_name[strlen(pDirent->d_name)-2]), 2);
data/likwid-5.0.1+dfsg1/src/pci_proc.c:127:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PLAIN_PRINT(Failed read file /proc/bus/pci/devices);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:156:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* fullpath = malloc((strlen(grouppath)+strlen(architecture)+50) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:156:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* fullpath = malloc((strlen(grouppath)+strlen(architecture)+50) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:164:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* homepath = malloc((strlen(Home)+strlen(architecture)+50) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:164:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* homepath = malloc((strlen(Home)+strlen(architecture)+50) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:202:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(&(ep->d_name[strlen(ep->d_name)-4]), ".txt", 4) == 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:205:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ep->d_name)-4 > s)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:206:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strlen(ep->d_name)-4;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:223:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(&(ep->d_name[strlen(ep->d_name)-4]), ".txt", 4) == 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:226:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ep->d_name)-4 > s)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:227:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strlen(ep->d_name)-4;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:301:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(&(ep->d_name[strlen(ep->d_name)-4]), ".txt", 4) == 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:309:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = sprintf((*groupnames)[i], "%.*s", (int)(strlen(ep->d_name)-4), ep->d_name);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:449:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(&(ep->d_name[strlen(ep->d_name)-4]), ".txt", 4) == 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:457:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = sprintf((*groupnames)[i], "%.*s", (int)(strlen(ep->d_name)-4), ep->d_name);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:836:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DEBUG_PRINT(DEBUGLEV_INFO, Cannot read group file %s. Trying %s, bdata(fullpath), bdata(homepath));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:839:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PRINT(Cannot read group file %s.txt. Searched in %s and %s, groupname, bdata(fullpath), bdata(homepath));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:862:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ginfo->groupname = (char*)malloc((strlen(groupname)+10)*sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:882:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(buf) == 0) || (buf[0] == '#'))
data/likwid-5.0.1+dfsg1/src/perfgroup.c:885:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(groupFileSectionNames[GROUP_SHORT], buf, strlen(groupFileSectionNames[GROUP_SHORT])) == 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:888:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(groupFileSectionNames[GROUP_SHORT]); i < strlen(buf); i++)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:888:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(groupFileSectionNames[GROUP_SHORT]); i < strlen(buf); i++)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:894:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ginfo->shortinfo = malloc(strlen(&(buf[i])) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:895:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(ginfo->shortinfo, "%.*s", (int)strlen(&(buf[i]))-1, &(buf[i]));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:907:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(groupFileSectionNames[GROUP_EVENTSET], buf, strlen(groupFileSectionNames[GROUP_EVENTSET])) == 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:912:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(groupFileSectionNames[GROUP_METRICS], buf, strlen(groupFileSectionNames[GROUP_METRICS])) == 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:917:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(groupFileSectionNames[GROUP_LONG], buf, strlen(groupFileSectionNames[GROUP_LONG])) == 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:922:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(groupFileSectionNames[GROUP_LUA], buf, strlen(groupFileSectionNames[GROUP_LUA])) == 0)
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1121:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = (ginfo->longinfo == NULL ? 0 : strlen(ginfo->longinfo));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1123:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = realloc(ginfo->longinfo, (s + strlen(buf) + 3) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1134:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&(ginfo->longinfo[s]), "%.*s", (int)strlen(buf), buf);
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1215:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(ginfo->events[i]) + strlen(ginfo->counters[i]) + 2;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1215:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(ginfo->events[i]) + strlen(ginfo->counters[i]) + 2;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1217:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(ginfo->events[ginfo->nevents-1]) + strlen(ginfo->counters[ginfo->nevents-1]) + 1 + 1;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1217:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(ginfo->events[ginfo->nevents-1]) + strlen(ginfo->counters[ginfo->nevents-1]) + 1 + 1;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1253:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ginfo->events[ginfo->nevents] = malloc((strlen(event) + 1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1256:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ginfo->counters[ginfo->nevents] = malloc((strlen(counter) + 1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1287:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ginfo->metricnames[ginfo->nmetrics] = malloc((strlen(mname) + 1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1290:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ERROR_PRINT(Cannot increase space for metricname to %d bytes, (strlen(mname) + 1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1293:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ginfo->metricformulas[ginfo->nmetrics] = malloc((strlen(mcalc) + 1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1296:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ERROR_PRINT(Cannot increase space for metricformula to %d bytes, (strlen(mcalc) + 1) * sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1325:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen(ginfo->groupname)+1;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1348:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen(groupName)+1;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1369:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen(ginfo->shortinfo)+1;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1392:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen(shortInfo)+1;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1405:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen(ginfo->longinfo)+1;
data/likwid-5.0.1+dfsg1/src/perfgroup.c:1428:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen(longInfo)+1;
data/likwid-5.0.1+dfsg1/src/perfmon.c:805:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i > 0 && strlen(eventHash[i-1].limit) != 0 && strcmp(eventHash[i-1].limit, eventHash[i].limit) == 0)
data/likwid-5.0.1+dfsg1/src/perfmon.c:1890:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PLAIN_PRINT(Cannot read event string. Also event string from environment variable is empty);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1940:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cstringcopy = malloc((strlen(eventCString)+1)*sizeof(char));
data/likwid-5.0.1+dfsg1/src/perfmon.c:1948:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cstringcopy, strlen(eventCString)-strlen(perf_pid), "%s", eventCString);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1948:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cstringcopy, strlen(eventCString)-strlen(perf_pid), "%s", eventCString);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1969:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PRINT(Cannot read performance group %s, cstringcopy);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1986:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* tmp = realloc(evstr, strlen(evstr)+strlen(perf_pid)+1);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1986:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* tmp = realloc(evstr, strlen(evstr)+strlen(perf_pid)+1);
data/likwid-5.0.1+dfsg1/src/perfmon.c:1994:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(evstr, ":");
data/likwid-5.0.1+dfsg1/src/perfmon.c:2492:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PRINT(Failed to read counters for CPU %d, cpu_id);
data/likwid-5.0.1+dfsg1/src/perfmon.c:3550:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(regiontag, strlen(regiontag)-strlen(ptr)+1, "%s", &(buf[colonptr-buf+1]));
data/likwid-5.0.1+dfsg1/src/perfmon.c:3550:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(regiontag, strlen(regiontag)-strlen(ptr)+1, "%s", &(buf[colonptr-buf+1]));
data/likwid-5.0.1+dfsg1/src/power.c:268:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PLAIN_PRINT(Cannot read MSR TURBO_RATIO_LIMIT_CORES);
data/likwid-5.0.1+dfsg1/src/topology.c:263:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ERROR_PRINT(Cannot read topology information from file %s, filename);
data/likwid-5.0.1+dfsg1/src/topology.c:433:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(value,&(line[strlen(structure)+strlen(field)+4]));
data/likwid-5.0.1+dfsg1/src/topology.c:433:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(value,&(line[strlen(structure)+strlen(field)+4]));
data/likwid-5.0.1+dfsg1/src/topology.c:436:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cpuid_info.osname, value, len);
data/likwid-5.0.1+dfsg1/src/topology.c:437:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cpuid_info.osname[strlen(value)-1] = '\0';
data/likwid-5.0.1+dfsg1/src/topology.c:495:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(value,&(line[strlen(structure)+strlen(field)+4]));
data/likwid-5.0.1+dfsg1/src/topology.c:495:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(value,&(line[strlen(structure)+strlen(field)+4]));
data/likwid-5.0.1+dfsg1/src/topology.c:498:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cpuid_info.features, value, len);
data/likwid-5.0.1+dfsg1/src/topology.c:499:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cpuid_info.features[strlen(value)-1] = '\0';
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:157:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, bdata(subtokens->entry[1]), MAX_MODEL_STRING_LENGTH-1);
data/likwid-5.0.1+dfsg1/src/topology_hwloc.c:171:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, bdata(subtokens->entry[1]), MAX_MODEL_STRING_LENGTH-1);
data/likwid-5.0.1+dfsg1/src/topology_proc.c:702:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep->d_name[strlen(ep->d_name)-1] >= '0' &&
data/likwid-5.0.1+dfsg1/src/topology_proc.c:703:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep->d_name[strlen(ep->d_name)-1] <= '9')
ANALYSIS SUMMARY:
Hits = 1420
Lines analyzed = 120605 in approximately 3.37 seconds (35756 lines/second)
Physical Source Lines of Code (SLOC) = 90467
Hits@level = [0] 1277 [1] 414 [2] 600 [3] 117 [4] 284 [5] 5
Hits@level+ = [0+] 2697 [1+] 1420 [2+] 1006 [3+] 406 [4+] 289 [5+] 5
Hits/KSLOC@level+ = [0+] 29.812 [1+] 15.6963 [2+] 11.1201 [3+] 4.48782 [4+] 3.19454 [5+] 0.0552688
Symlinks skipped = 5 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.