Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/linuxinfo-3.3.1/linuxinfo_sparc.c
Examining data/linuxinfo-3.3.1/linuxinfo_unknown.c
Examining data/linuxinfo-3.3.1/linuxinfo_avr.c
Examining data/linuxinfo-3.3.1/linuxinfo_common.c
Examining data/linuxinfo-3.3.1/linuxinfo_m68k.c
Examining data/linuxinfo-3.3.1/linuxinfo_alpha.c
Examining data/linuxinfo-3.3.1/linuxinfo_ia64.c
Examining data/linuxinfo-3.3.1/linuxinfo_hppa.c
Examining data/linuxinfo-3.3.1/linuxinfo_sh.c
Examining data/linuxinfo-3.3.1/linuxinfo_arm.c
Examining data/linuxinfo-3.3.1/linuxinfo_intel.c
Examining data/linuxinfo-3.3.1/linuxinfo.h
Examining data/linuxinfo-3.3.1/linuxinfo_ppc.c
Examining data/linuxinfo-3.3.1/linuxinfo.c
Examining data/linuxinfo-3.3.1/linuxinfo_s390.c
Examining data/linuxinfo-3.3.1/linuxinfo_mips.c
FINAL RESULTS:
data/linuxinfo-3.3.1/linuxinfo.c:124:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ngettext("processor", "processors", hw.hw_processors));
data/linuxinfo-3.3.1/linuxinfo_alpha.c:47:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_alpha.c:75:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_alpha.c:78:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "Alpha %s", model);
data/linuxinfo-3.3.1/linuxinfo_arm.c:77:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vendor, implementer[++i]);
data/linuxinfo-3.3.1/linuxinfo_arm.c:88:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model,temp_string2); // v .. instruction set
data/linuxinfo-3.3.1/linuxinfo_arm.c:104:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_arm.c:108:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s", vendor);
data/linuxinfo-3.3.1/linuxinfo_arm.c:112:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s", vendor);
data/linuxinfo-3.3.1/linuxinfo_arm.c:116:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s v%s instruction set", vendor, model);
data/linuxinfo-3.3.1/linuxinfo_avr.c:43:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chip, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_avr.c:47:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(family, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_avr.c:51:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(clock, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_avr.c:57:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_avr.c:59:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s %s", family, chip);
data/linuxinfo-3.3.1/linuxinfo_avr.c:65:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_megahertz, "%s", clock);
data/linuxinfo-3.3.1/linuxinfo_common.c:48:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(os->os_hostname, buf.nodename);
data/linuxinfo-3.3.1/linuxinfo_common.c:49:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(os->os_name, buf.sysname);
data/linuxinfo-3.3.1/linuxinfo_common.c:50:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(os->os_version, buf.release);
data/linuxinfo-3.3.1/linuxinfo_common.c:51:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(os->os_revision, buf.version);
data/linuxinfo-3.3.1/linuxinfo_common.c:132:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(second_string, p);
data/linuxinfo-3.3.1/linuxinfo_hppa.c:97:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(family, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_hppa.c:101:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chip, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_hppa.c:102:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_hppa.c:119:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_hppa.c:122:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s", model);
data/linuxinfo-3.3.1/linuxinfo_ia64.c:84:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vendor, vendors[++i]);
data/linuxinfo-3.3.1/linuxinfo_ia64.c:97:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, family);
data/linuxinfo-3.3.1/linuxinfo_ia64.c:105:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, models[++i]);
data/linuxinfo-3.3.1/linuxinfo_ia64.c:114:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(family, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_ia64.c:129:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_ia64.c:132:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s %s", vendor, model);
data/linuxinfo-3.3.1/linuxinfo_intel.c:257:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vendor, vendors[++i]);
data/linuxinfo-3.3.1/linuxinfo_intel.c:279:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, models[++i]);
data/linuxinfo-3.3.1/linuxinfo_intel.c:287:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(family, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_intel.c:302:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_intel.c:304:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s %s", vendor, model);
data/linuxinfo-3.3.1/linuxinfo_m68k.c:50:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chip, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_m68k.c:53:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(megahertz, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_m68k.c:63:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_m68k.c:66:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s", chip);
data/linuxinfo-3.3.1/linuxinfo_m68k.c:74:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hw->hw_megahertz, megahertz);
data/linuxinfo-3.3.1/linuxinfo_mips.c:52:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fpu, pos);
data/linuxinfo-3.3.1/linuxinfo_mips.c:56:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chip, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_mips.c:70:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_mips.c:75:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fullchip, "%s (%s)",chip,fpu);
data/linuxinfo-3.3.1/linuxinfo_mips.c:79:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullchip,chip);
data/linuxinfo-3.3.1/linuxinfo_mips.c:83:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s %s", endian,fullchip);
data/linuxinfo-3.3.1/linuxinfo_mips.c:87:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s", fullchip);
data/linuxinfo-3.3.1/linuxinfo_ppc.c:48:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (processors == 0) strcpy(chip, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_ppc.c:53:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vendor, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_ppc.c:56:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vendor, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_ppc.c:72:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_ppc.c:80:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s %s", chip, vendor);
data/linuxinfo-3.3.1/linuxinfo_s390.c:59:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vendor, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_s390.c:74:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s", vendor);
data/linuxinfo-3.3.1/linuxinfo_sh.c:48:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chip, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_sh.c:52:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(family, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_sh.c:56:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(clock, temp_string2);
data/linuxinfo-3.3.1/linuxinfo_sh.c:62:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_sh.c:64:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s %s", family, chip);
data/linuxinfo-3.3.1/linuxinfo_sh.c:70:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_megahertz, "%s", clock);
data/linuxinfo-3.3.1/linuxinfo_sparc.c:85:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vendor, vendors[++i]);
data/linuxinfo-3.3.1/linuxinfo_sparc.c:94:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, models[++i]);
data/linuxinfo-3.3.1/linuxinfo_sparc.c:110:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, getphysicalmemory());
data/linuxinfo-3.3.1/linuxinfo_sparc.c:114:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s %s", vendor, model);
data/linuxinfo-3.3.1/linuxinfo_unknown.c:26:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hw->hw_memory, LONGSPEC, 0);
data/linuxinfo-3.3.1/linuxinfo_unknown.c:30:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hw->hw_cpuinfo, "%s", "Unknown");
data/linuxinfo-3.3.1/linuxinfo.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ordinals[13][10] = { __("Unknown"), __("One"), __("Two"), __("Three"), __("Four"), __("Five"), __("Six"), __("Seven"), __("Eight"), __("Nine"), __("Ten"), __("Eleven"), __("Twelve") };
data/linuxinfo-3.3.1/linuxinfo.c:86:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cpuinfo_fd = open(argv[1], O_RDONLY);
data/linuxinfo-3.3.1/linuxinfo.c:95:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cpuinfo_fd = open(CPUINFO_FILE, O_RDONLY);
data/linuxinfo-3.3.1/linuxinfo.h:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char os_hostname[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char os_name[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo.h:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char os_version[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char os_revision[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo.h:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hw_cpuinfo[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo.h:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hw_bogomips[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hw_memory[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo.h:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hw_megahertz[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo.h:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lib_version[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_alpha.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_alpha.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ], vendor[BUFSIZ], model[BUFSIZ] = "Unknown";
data/linuxinfo-3.3.1/linuxinfo_alpha.c:63:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_megahertz, "%.2f", megahertz);
data/linuxinfo-3.3.1/linuxinfo_alpha.c:71:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
processors = atoi(temp_string2);
data/linuxinfo-3.3.1/linuxinfo_alpha.c:82:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", bogomips);
data/linuxinfo-3.3.1/linuxinfo_arm.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_arm.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ], vendor[BUFSIZ], model[BUFSIZ], Mhz[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_arm.c:47:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chip, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_arm.c:48:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_arm.c:49:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_arm.c:62:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "Intel");
data/linuxinfo-3.3.1/linuxinfo_arm.c:63:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "SA110");
data/linuxinfo-3.3.1/linuxinfo_arm.c:95:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempMHz = atol(temp_string2);
data/linuxinfo-3.3.1/linuxinfo_arm.c:123:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", bogomips);
data/linuxinfo-3.3.1/linuxinfo_arm.c:128:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_megahertz, "%d", (int)tempMHz);
data/linuxinfo-3.3.1/linuxinfo_avr.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_avr.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ] = "Unknown";
data/linuxinfo-3.3.1/linuxinfo_avr.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char family[BUFSIZ]="Unknown";
data/linuxinfo-3.3.1/linuxinfo_avr.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clock[BUFSIZ]="Unknown";
data/linuxinfo-3.3.1/linuxinfo_avr.c:63:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", bogomips);
data/linuxinfo-3.3.1/linuxinfo_common.c:53:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(os->os_hostname, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_common.c:54:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(os->os_name, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_common.c:55:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(os->os_version, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_common.c:56:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(os->os_revision, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_common.c:77:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lib->lib_version, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_common.c:95:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lib->lib_version, "%d.%d.%d", libc_major, libc_minor, libc_teeny);
data/linuxinfo-3.3.1/linuxinfo_common.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_common.c:144:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
meminfo_fd = open(MEMINFO_FILE, O_RDONLY);
data/linuxinfo-3.3.1/linuxinfo_common.c:159:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memory = (LONGLONG)atol(temp_string2);
data/linuxinfo-3.3.1/linuxinfo_hppa.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ], model[BUFSIZ], Mhz[BUFSIZ], family[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_hppa.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_hppa.c:64:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chip, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_hppa.c:65:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_hppa.c:66:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(family, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_hppa.c:107:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atol(temp_string2) > tempMHz)
data/linuxinfo-3.3.1/linuxinfo_hppa.c:108:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempMHz = atol(temp_string2);
data/linuxinfo-3.3.1/linuxinfo_hppa.c:127:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", bogomips);
data/linuxinfo-3.3.1/linuxinfo_hppa.c:132:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_megahertz, "%d", (int)tempMHz);
data/linuxinfo-3.3.1/linuxinfo_ia64.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ], vendor[BUFSIZ], model[BUFSIZ], Mhz[BUFSIZ], family[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_ia64.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_ia64.c:65:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chip, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_ia64.c:66:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_ia64.c:67:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_ia64.c:68:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(family, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_ia64.c:118:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atol(temp_string2) > tempMHz)
data/linuxinfo-3.3.1/linuxinfo_ia64.c:119:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempMHz = atol(temp_string2);
data/linuxinfo-3.3.1/linuxinfo_ia64.c:137:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", bogomips);
data/linuxinfo-3.3.1/linuxinfo_ia64.c:142:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_megahertz, "%d", (int)tempMHz);
data/linuxinfo-3.3.1/linuxinfo_intel.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ], vendor[BUFSIZ], model[BUFSIZ], Mhz[BUFSIZ], family[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_intel.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_intel.c:238:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chip, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_intel.c:239:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_intel.c:240:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_intel.c:241:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(family, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_intel.c:291:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atol(temp_string2) > tempMHz)
data/linuxinfo-3.3.1/linuxinfo_intel.c:292:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempMHz = atol(temp_string2);
data/linuxinfo-3.3.1/linuxinfo_intel.c:310:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case '4': sprintf(hw->hw_cpuinfo, "Unknown 486");
data/linuxinfo-3.3.1/linuxinfo_intel.c:318:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", bogomips);
data/linuxinfo-3.3.1/linuxinfo_intel.c:323:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_megahertz, "%d", (int)tempMHz);
data/linuxinfo-3.3.1/linuxinfo_m68k.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_m68k.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ] = "Unknown";
data/linuxinfo-3.3.1/linuxinfo_m68k.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char megahertz[BUFSIZ]="?";
data/linuxinfo-3.3.1/linuxinfo_m68k.c:70:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", bogomips);
data/linuxinfo-3.3.1/linuxinfo_mips.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_mips.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ] = "Unknown";
data/linuxinfo-3.3.1/linuxinfo_mips.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endian[BUFSIZ]="Unknown";
data/linuxinfo-3.3.1/linuxinfo_mips.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fpu[BUFSIZ]="FPU Unknown";
data/linuxinfo-3.3.1/linuxinfo_mips.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullchip[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_mips.c:93:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", bogomips);
data/linuxinfo-3.3.1/linuxinfo_ppc.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_ppc.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ], vendor[BUFSIZ], model[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_ppc.c:60:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(temp_string2) > megahertz)
data/linuxinfo-3.3.1/linuxinfo_ppc.c:62:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
megahertz = atoi(temp_string2);
data/linuxinfo-3.3.1/linuxinfo_ppc.c:76:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_megahertz, "%d", megahertz);
data/linuxinfo-3.3.1/linuxinfo_ppc.c:84:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f",tempbogo * processors);
data/linuxinfo-3.3.1/linuxinfo_s390.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_s390.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ], vendor[BUFSIZ], model[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_s390.c:62:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
processors = atoi(temp_string2);
data/linuxinfo-3.3.1/linuxinfo_s390.c:71:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_memory, "%ld", memory);
data/linuxinfo-3.3.1/linuxinfo_s390.c:78:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f",tempbogo * processors);
data/linuxinfo-3.3.1/linuxinfo_sh.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_sh.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ] = "Unknown";
data/linuxinfo-3.3.1/linuxinfo_sh.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char family[BUFSIZ]="Unknown";
data/linuxinfo-3.3.1/linuxinfo_sh.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clock[BUFSIZ]="Unknown";
data/linuxinfo-3.3.1/linuxinfo_sh.c:68:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", bogomips);
data/linuxinfo-3.3.1/linuxinfo_sparc.c:68:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[BUFSIZ], temp_string2[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_sparc.c:69:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip[BUFSIZ], vendor[BUFSIZ], model[BUFSIZ];
data/linuxinfo-3.3.1/linuxinfo_sparc.c:71:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chip, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_sparc.c:72:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vendor, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_sparc.c:73:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "Unknown");
data/linuxinfo-3.3.1/linuxinfo_sparc.c:118:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f",tempbogo * processors);
data/linuxinfo-3.3.1/linuxinfo_unknown.c:31:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hw->hw_bogomips, "%0.2f", 0.0);
data/linuxinfo-3.3.1/linuxinfo.c:120:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(hw.hw_megahertz, "?", strlen("?")) != 0)
data/linuxinfo-3.3.1/linuxinfo_alpha.c:46:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpu model", strlen("cpu model"))))
data/linuxinfo-3.3.1/linuxinfo_alpha.c:49:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "BogoMIPS", strlen("BogoMIPS"))))
data/linuxinfo-3.3.1/linuxinfo_alpha.c:56:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cycle frequency [Hz]", strlen("cycle frequency [Hz]"))))
data/linuxinfo-3.3.1/linuxinfo_alpha.c:65:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hw->hw_megahertz, "?");
data/linuxinfo-3.3.1/linuxinfo_alpha.c:67:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpus active", strlen("cpus active"))))
data/linuxinfo-3.3.1/linuxinfo_alpha.c:80:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_arm.c:57:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "Processor", strlen("Processor")) == 0)
data/linuxinfo-3.3.1/linuxinfo_arm.c:60:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string2, "Intel sa110", strlen("Intel sa110")) == 0)
data/linuxinfo-3.3.1/linuxinfo_arm.c:68:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "CPU implementer", strlen("CPU implementer")) == 0)
data/linuxinfo-3.3.1/linuxinfo_arm.c:75:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string2, implementer[i], strlen(implementer[i])) == 0)
data/linuxinfo-3.3.1/linuxinfo_arm.c:86:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "CPU architecture", strlen("CPU architecture")) == 0)
data/linuxinfo-3.3.1/linuxinfo_arm.c:91:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "Type", strlen("Type")) == 0)
data/linuxinfo-3.3.1/linuxinfo_arm.c:94:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "cpu MHz", strlen("cpu MHz")) == 0)
data/linuxinfo-3.3.1/linuxinfo_arm.c:97:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "BogoMips", strlen("BogoMips")) == 0)
data/linuxinfo-3.3.1/linuxinfo_arm.c:121:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_arm.c:126:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hw->hw_megahertz, "?");
data/linuxinfo-3.3.1/linuxinfo_avr.c:38:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "processor", strlen("processor")) == 0)
data/linuxinfo-3.3.1/linuxinfo_avr.c:42:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpu type", strlen("cpu type"))) || !(strncmp(temp_string, "cpu core", strlen("cpu core"))))
data/linuxinfo-3.3.1/linuxinfo_avr.c:42:101: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpu type", strlen("cpu type"))) || !(strncmp(temp_string, "cpu core", strlen("cpu core"))))
data/linuxinfo-3.3.1/linuxinfo_avr.c:46:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpu family", strlen("cpu family"))) || !(strncmp(temp_string, "cpu arch", strlen("cpu arch"))))
data/linuxinfo-3.3.1/linuxinfo_avr.c:46:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpu family", strlen("cpu family"))) || !(strncmp(temp_string, "cpu arch", strlen("cpu arch"))))
data/linuxinfo-3.3.1/linuxinfo_avr.c:50:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "bogomips", strlen("bogomips")))) {
data/linuxinfo-3.3.1/linuxinfo_avr.c:61:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_common.c:102:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int len = read(fd, buffer, length);
data/linuxinfo-3.3.1/linuxinfo_common.c:156:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp(temp_string, "MemTota", strlen("MemTota")) == 0)&&!found)
data/linuxinfo-3.3.1/linuxinfo_common.c:178:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(find);
data/linuxinfo-3.3.1/linuxinfo_common.c:217:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subject_length = strlen((char *)subject);
data/linuxinfo-3.3.1/linuxinfo_hppa.c:72:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "processor", strlen("processor")) == 0)
data/linuxinfo-3.3.1/linuxinfo_hppa.c:96:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "family", strlen("cpu family")) == 0)
data/linuxinfo-3.3.1/linuxinfo_hppa.c:99:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "cpu ", strlen("cpu ")) == 0)
data/linuxinfo-3.3.1/linuxinfo_hppa.c:105:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "cpu MHz", strlen("cpu MHz")) == 0)
data/linuxinfo-3.3.1/linuxinfo_hppa.c:111:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "bogomips", strlen("bogomips")) == 0)
data/linuxinfo-3.3.1/linuxinfo_hppa.c:125:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_hppa.c:130:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_megahertz, "?");
data/linuxinfo-3.3.1/linuxinfo_ia64.c:74:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "processor", strlen("processor")) == 0)
data/linuxinfo-3.3.1/linuxinfo_ia64.c:77:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "vendor", strlen("vendor")) == 0)
data/linuxinfo-3.3.1/linuxinfo_ia64.c:83:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string2, vendors[i], strlen(vendors[i])) == 0)
data/linuxinfo-3.3.1/linuxinfo_ia64.c:90:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "model", strlen("model")) == 0)
data/linuxinfo-3.3.1/linuxinfo_ia64.c:104:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string2, models[i], strlen(models[i])) == 0)
data/linuxinfo-3.3.1/linuxinfo_ia64.c:113:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "family", strlen("family")) == 0)
data/linuxinfo-3.3.1/linuxinfo_ia64.c:116:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "cpu MHz", strlen("cpu MHz")) == 0)
data/linuxinfo-3.3.1/linuxinfo_ia64.c:122:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(temp_string, "bogomips", strlen("bogomips")) == 0)
data/linuxinfo-3.3.1/linuxinfo_ia64.c:135:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_ia64.c:140:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_megahertz, "?");
data/linuxinfo-3.3.1/linuxinfo_intel.c:247:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "processor", strlen("processor")) == 0)
data/linuxinfo-3.3.1/linuxinfo_intel.c:250:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "vendor_id", strlen("vendor_id")) == 0)
data/linuxinfo-3.3.1/linuxinfo_intel.c:256:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string2, vendors[i], strlen(vendors[i])) == 0)
data/linuxinfo-3.3.1/linuxinfo_intel.c:263:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "model name", strlen("model name")) == 0)
data/linuxinfo-3.3.1/linuxinfo_intel.c:265:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "model", strlen("model")) == 0)
data/linuxinfo-3.3.1/linuxinfo_intel.c:276:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string2, models[i], strlen(models[i])) == 0)
data/linuxinfo-3.3.1/linuxinfo_intel.c:286:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "cpu family", strlen("cpu family")) == 0)
data/linuxinfo-3.3.1/linuxinfo_intel.c:289:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "cpu MHz", strlen("cpu MHz")) == 0)
data/linuxinfo-3.3.1/linuxinfo_intel.c:295:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "bogomips", strlen("bogomips")) == 0)
data/linuxinfo-3.3.1/linuxinfo_intel.c:316:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_intel.c:321:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_megahertz, "?");
data/linuxinfo-3.3.1/linuxinfo_m68k.c:68:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_mips.c:47:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpu model", strlen("cpu model"))))
data/linuxinfo-3.3.1/linuxinfo_mips.c:62:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "BogoMIPS", strlen("BogoMIPS"))))
data/linuxinfo-3.3.1/linuxinfo_mips.c:81:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(endian, "Unknown", strlen("Unknown")))
data/linuxinfo-3.3.1/linuxinfo_mips.c:91:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_mips.c:95:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_megahertz, "?");
data/linuxinfo-3.3.1/linuxinfo_ppc.c:46:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpu", strlen("cpu"))))
data/linuxinfo-3.3.1/linuxinfo_ppc.c:52:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "model", strlen("model"))))
data/linuxinfo-3.3.1/linuxinfo_ppc.c:55:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "machine", strlen("machine"))))
data/linuxinfo-3.3.1/linuxinfo_ppc.c:58:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "clock", strlen("clock"))))
data/linuxinfo-3.3.1/linuxinfo_ppc.c:66:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "bogomips", strlen("bogomips"))))
data/linuxinfo-3.3.1/linuxinfo_ppc.c:78:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hw->hw_megahertz, "?");
data/linuxinfo-3.3.1/linuxinfo_ppc.c:82:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_s390.c:58:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "vendor_id", strlen("vendor_id"))))
data/linuxinfo-3.3.1/linuxinfo_s390.c:61:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "# processors", strlen("# processors"))))
data/linuxinfo-3.3.1/linuxinfo_s390.c:64:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "bogomips per cpu", strlen("bogomips per cp"))))
data/linuxinfo-3.3.1/linuxinfo_s390.c:76:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_sh.c:43:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "processor", strlen("processor")) == 0)
data/linuxinfo-3.3.1/linuxinfo_sh.c:47:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpu type", strlen("cpu type"))))
data/linuxinfo-3.3.1/linuxinfo_sh.c:51:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "cpu family", strlen("cpu family"))))
data/linuxinfo-3.3.1/linuxinfo_sh.c:55:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "bogomips", strlen("bogomips")))) {
data/linuxinfo-3.3.1/linuxinfo_sh.c:66:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_sparc.c:78:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string, "cpu", strlen("cpu")) == 0)
data/linuxinfo-3.3.1/linuxinfo_sparc.c:84:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string2, vendors[i], strlen(vendors[i])) == 0)
data/linuxinfo-3.3.1/linuxinfo_sparc.c:93:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp_string2, models[i], strlen(models[i])) == 0)
data/linuxinfo-3.3.1/linuxinfo_sparc.c:100:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "ncpus", strlen("ncpus"))) && (processors == 0))
data/linuxinfo-3.3.1/linuxinfo_sparc.c:103:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "BogoMips", strlen("BogoMips"))))
data/linuxinfo-3.3.1/linuxinfo_sparc.c:106:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(temp_string, "Cpu0Bogo", strlen("Cpu0Bogo"))))
data/linuxinfo-3.3.1/linuxinfo_sparc.c:113:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(hw->hw_megahertz, "?");
data/linuxinfo-3.3.1/linuxinfo_sparc.c:116:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_bogomips, "?");
data/linuxinfo-3.3.1/linuxinfo_unknown.c:32:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(hw->hw_megahertz, "?");
ANALYSIS SUMMARY:
Hits = 259
Lines analyzed = 2036 in approximately 0.16 seconds (12818 lines/second)
Physical Source Lines of Code (SLOC) = 1257
Hits@level = [0] 28 [1] 87 [2] 104 [3] 0 [4] 68 [5] 0
Hits@level+ = [0+] 287 [1+] 259 [2+] 172 [3+] 68 [4+] 68 [5+] 0
Hits/KSLOC@level+ = [0+] 228.321 [1+] 206.046 [2+] 136.834 [3+] 54.0971 [4+] 54.0971 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.