Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/memtest86-4.3.7/screen_buffer.h
Examining data/memtest86-4.3.7/msr.h
Examining data/memtest86-4.3.7/main.c
Examining data/memtest86-4.3.7/vmem.c
Examining data/memtest86-4.3.7/stdint.h
Examining data/memtest86-4.3.7/screen_buffer.c
Examining data/memtest86-4.3.7/error.c
Examining data/memtest86-4.3.7/memsize.c
Examining data/memtest86-4.3.7/smp.h
Examining data/memtest86-4.3.7/config.h
Examining data/memtest86-4.3.7/random.c
Examining data/memtest86-4.3.7/cpuid.h
Examining data/memtest86-4.3.7/config.c
Examining data/memtest86-4.3.7/init.c
Examining data/memtest86-4.3.7/patn.c
Examining data/memtest86-4.3.7/lib.c
Examining data/memtest86-4.3.7/cpuid.c
Examining data/memtest86-4.3.7/smp.c
Examining data/memtest86-4.3.7/io.h
Examining data/memtest86-4.3.7/test.c
Examining data/memtest86-4.3.7/test.h
Examining data/memtest86-4.3.7/elf.h
Examining data/memtest86-4.3.7/defs.h
Examining data/memtest86-4.3.7/reloc.c
Examining data/memtest86-4.3.7/serial.h
FINAL RESULTS:
data/memtest86-4.3.7/config.c:29:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save[2][POP_H][POP_W];
data/memtest86-4.3.7/config.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save2[2][POP2_H][POP2_W];
data/memtest86-4.3.7/config.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cp[64];
data/memtest86-4.3.7/cpuid.h:48:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ch[48];
data/memtest86-4.3.7/cpuid.h:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_array[CPUID_VENDOR_STR_LENGTH];
data/memtest86-4.3.7/cpuid.h:73:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_array[CPUID_BRAND_STR_LENGTH];
data/memtest86-4.3.7/elf.h:173:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ident[EI_NIDENT]; /* File identification. */
data/memtest86-4.3.7/elf.h:190:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ident[EI_NIDENT]; /* File identification. */
data/memtest86-4.3.7/error.c:431:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spin[4] = {'|','/','-','\\'};
data/memtest86-4.3.7/lib.c:260:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void memcpy (void *dst, void *src, int len)
data/memtest86-4.3.7/lib.c:305:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[18];
data/memtest86-4.3.7/lib.c:363:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[18];
data/memtest86-4.3.7/lib.c:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[18];
data/memtest86-4.3.7/lib.c:705:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/memtest86-4.3.7/lib.c:817:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sx[3];
data/memtest86-4.3.7/lib.c:818:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sy[3];
data/memtest86-4.3.7/main.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpu_mask[MAX_CPUS];
data/memtest86-4.3.7/screen_buffer.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char screen_buf[Y_SIZE][X_SIZE];
data/memtest86-4.3.7/smp.c:17:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
extern void memcpy(void *dst, void *src , int len);
data/memtest86-4.3.7/smp.c:236:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t*)BOOTCODESTART, &_ap_trampoline_start, len);
data/memtest86-4.3.7/smp.c:248:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)GDTADDR, &gdt, 32);
data/memtest86-4.3.7/smp.h:29:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oem[8];
data/memtest86-4.3.7/smp.h:30:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char productid[12];
data/memtest86-4.3.7/smp.h:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bustype[6];
data/memtest86-4.3.7/smp.h:112:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8]; // "RSD "
data/memtest86-4.3.7/smp.h:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oemid[6];
data/memtest86-4.3.7/smp.h:125:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[4]; // "RSDT"
data/memtest86-4.3.7/smp.h:129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oemid[18];
data/memtest86-4.3.7/smp.h:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cid[4];
data/memtest86-4.3.7/smp.h:131:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cver[4];
data/memtest86-4.3.7/init.c:352:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* afterFound = found + strlen(removeStrings[i]);
data/memtest86-4.3.7/lib.c:68:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen ( const char * str )
data/memtest86-4.3.7/lib.c:81:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t str2len = strlen(str2);
data/memtest86-4.3.7/test.h:102:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen ( const char * str );
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 10439 in approximately 0.25 seconds (41508 lines/second)
Physical Source Lines of Code (SLOC) = 7967
Hits@level = [0] 0 [1] 4 [2] 30 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 34 [1+] 34 [2+] 30 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.2676 [1+] 4.2676 [2+] 3.76553 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.