Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/memstat-1.1/memstat.c
FINAL RESULTS:
data/memstat-1.1/memstat.c:273:13: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((len = readlink(filename, linkname, PATH_MAX)) == -1) {
data/memstat-1.1/memstat.c:104:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nread = sscanf(buff, "%lx %lx %4s %lx %s %s %lu %ms", &lo, &hi, perm, &offs, major, minor, &inode, &path);
data/memstat-1.1/memstat.c:133:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "[%s:%s]:%lu", major, minor, inode);
data/memstat-1.1/memstat.c:208:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(full, "%s/%s", dir, ent->d_name);
data/memstat-1.1/memstat.c:289:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%7ldk: PID %5d (%s)", total / 1024, pid, linkname);
data/memstat-1.1/memstat.c:342:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%7ldk(%7ldk): %s", (total + sharedtotal) / 1024, sharedtotal / 1024, exe);
data/memstat-1.1/memstat.c:372:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "nvwp:")) != -1) {
data/memstat-1.1/memstat.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, major[8], minor[8], buff[PATH_MAX + 300], *path, perm[4];
data/memstat-1.1/memstat.c:90:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "/proc/%d/maps", pid);
data/memstat-1.1/memstat.c:91:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(buff, "r");
data/memstat-1.1/memstat.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[8192];
data/memstat-1.1/memstat.c:227:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fn, "r");
data/memstat-1.1/memstat.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/memstat-1.1/memstat.c:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/memstat-1.1/memstat.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[PATH_MAX], filename[PATH_MAX];
data/memstat-1.1/memstat.c:272:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "/proc/%d/exe", pid);
data/memstat-1.1/memstat.c:349:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + strlen(buffer), " %d", pid);
data/memstat-1.1/memstat.c:384:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
only_pid = atoi(optarg);
data/memstat-1.1/memstat.c:102:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(buff) == 10) && (strcmp(buff, " (deleted)") == 0))
data/memstat-1.1/memstat.c:129:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(path, blacklist[i], strlen(blacklist[i])))
data/memstat-1.1/memstat.c:247:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!wide && strlen(str) > 79) {
data/memstat-1.1/memstat.c:349:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buffer + strlen(buffer), " %d", pid);
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 396 in approximately 0.03 seconds (15220 lines/second)
Physical Source Lines of Code (SLOC) = 343
Hits@level = [0] 9 [1] 4 [2] 11 [3] 1 [4] 5 [5] 1
Hits@level+ = [0+] 31 [1+] 22 [2+] 18 [3+] 7 [4+] 6 [5+] 1
Hits/KSLOC@level+ = [0+] 90.379 [1+] 64.1399 [2+] 52.4781 [3+] 20.4082 [4+] 17.4927 [5+] 2.91545
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.