Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/minicoredumper-2.0.1/src/api/minicoredumper.h
Examining data/minicoredumper-2.0.1/src/common/common.h
Examining data/minicoredumper-2.0.1/src/common/elf_dumplist.c
Examining data/minicoredumper-2.0.1/src/common/invalid_ident.c
Examining data/minicoredumper-2.0.1/src/coreinject/main.c
Examining data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c
Examining data/minicoredumper-2.0.1/src/minicoredumper/corestripper.h
Examining data/minicoredumper-2.0.1/src/minicoredumper/prog_config.c
Examining data/minicoredumper-2.0.1/src/minicoredumper/prog_config.h
Examining data/minicoredumper-2.0.1/src/minicoredumper_regd/daemon.c
Examining data/minicoredumper-2.0.1/src/libminicoredumper/mcd.c
Examining data/minicoredumper-2.0.1/src/libminicoredumper/dump_data_private.h
Examining data/minicoredumper-2.0.1/src/minicoredumper_demo/main.c
FINAL RESULTS:
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:524:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ret = readlink(tmp_path, exe, PATH_MAX + 1);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2808:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ret = readlink(src, linkname, sb.st_size + 1);
data/minicoredumper-2.0.1/src/api/minicoredumper.h:51:51: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define ATTR_FMT(si, ftc) __attribute__ ((format (scanf, si, ftc)))
data/minicoredumper-2.0.1/src/common/elf_dumplist.c:312:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(NOTE_NAME_PTR(n), NT_OWNER);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:74:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(global_di->info_file, fmt, ap);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:95:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(global_di->info_file, msg, ap);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1186:2: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(cmd, cmd, NULL);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1252:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(hdr.sparse_map[i].offset,
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1255:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(hdr.sparse_map[i].numbytes,
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1266:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(hdr.numbytes, sizeof(hdr.numbytes), "%011" PRIo64,
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1271:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(hdr.filesize, sizeof(hdr.filesize),
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1300:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(s.offset, sizeof(s.offset), "%011" PRIo64,
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1302:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(s.numbytes, sizeof(s.numbytes),
data/minicoredumper-2.0.1/src/coreinject/main.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/minicoredumper-2.0.1/src/coreinject/main.c:264:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_dump = fopen(direct.filename, "r");
data/minicoredumper-2.0.1/src/coreinject/main.c:281:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_dump = fopen(indirect.filename, "r");
data/minicoredumper-2.0.1/src/coreinject/main.c:430:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_core = fopen(core_filename, "r+");
data/minicoredumper-2.0.1/src/coreinject/main.c:444:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_symmap = fopen(argv[i], "r");
data/minicoredumper-2.0.1/src/coreinject/main.c:479:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(core_filename, O_RDWR);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:342:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_src = fopen(src, "r");
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:346:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_dest = fopen(dest, "w");
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:480:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(tmp_path, "r");
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:541:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp_str[sizeof("YYYYMMDD.HHMMSS+0000")];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:685:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
di->core_fd = open(di->core_path, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:705:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
di->fatcore_fd = open(tmp_path, O_CREAT|O_RDWR,
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:720:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
di->mem_fd = open(tmp_path, O_RDONLY);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:743:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
di->info_file = fopen(tmp_path, "w+");
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:995:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset[12];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbytes[12];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1001:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1002:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[8];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1003:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gid[8];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1004:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbytes[12];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1005:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[12];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1006:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checksum[8];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1008:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[100];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1009:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[6];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1010:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[2];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1011:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[32];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupname[32];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_major[8];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1014:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_minor[8];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1015:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[12];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctime[12];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1017:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char multivolume_offset[12];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1018:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longnames[4];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1022:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filesize[12];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1023:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad1[17];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1149:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(tmp_path, O_CREAT|O_RDWR, S_IRUSR|S_IWUSR);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.magic, "ustar ", 6);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1745:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sd->fd = open(file, O_RDONLY);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:1915:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(buf, "r");
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2207:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(buf, "r");
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2520:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(tmp_path, "a");
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2639:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(tmp_path, "wx");
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2641:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(tmp_path, "a");
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:3253:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:3502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:3517:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptrace(request, atoi(de->d_name), NULL, NULL);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:3608:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ext_argv[10] = {
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:3681:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidstr[16];
data/minicoredumper-2.0.1/src/minicoredumper_demo/main.c:90:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(argv[1]);
data/minicoredumper-2.0.1/src/minicoredumper_regd/daemon.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(struct ucred))];
data/minicoredumper-2.0.1/src/minicoredumper_regd/daemon.c:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rd, &data, sizeof(*rd));
data/minicoredumper-2.0.1/src/common/elf_dumplist.c:38:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data->d_size = strlen(name_str) + 1;
data/minicoredumper-2.0.1/src/common/elf_dumplist.c:299:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_size = strlen(NT_OWNER) + 1;
data/minicoredumper-2.0.1/src/coreinject/main.c:322:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(arg, "--data=", strlen("--data=")) != 0) {
data/minicoredumper-2.0.1/src/coreinject/main.c:333:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = arg + strlen("--data=");
data/minicoredumper-2.0.1/src/libminicoredumper/mcd.c:194:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen((char *)data) + 1);
data/minicoredumper-2.0.1/src/libminicoredumper/mcd.c:240:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxcnt = strlen(fmt);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:110:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, dst + size, len);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:165:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fmt);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:272:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(d_str, 1, strlen(d_str), ft);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:297:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fmt_string);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:353:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = fgetc(f_src);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2514:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(di->dst_dir) + strlen("/symbol.map") + 1;
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2514:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(di->dst_dir) + strlen("/symbol.map") + 1;
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2621:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(di->dst_dir) + strlen("/dumps/") + 32 +
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2621:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(di->dst_dir) + strlen("/dumps/") + 32 +
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2622:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dd->ident) + 1;
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2838:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_len = strlen(di->dst_dir);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2841:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = base_len + strlen("/proc/") + 32 + strlen("/task/") + 32 +
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2841:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = base_len + strlen("/proc/") + 32 + strlen("/task/") + 32 +
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2842:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("/fd/") + strlen(name) + 32;
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:2842:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("/fd/") + strlen(name) + 32;
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:3264:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buf, PAGESZ);
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:3306:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dump_vma(di, addr, strlen(l_name) + 1, 0,
data/minicoredumper-2.0.1/src/minicoredumper/corestripper.c:3747:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077);
ANALYSIS SUMMARY:
Hits = 90
Lines analyzed = 7016 in approximately 0.16 seconds (44031 lines/second)
Physical Source Lines of Code (SLOC) = 5088
Hits@level = [0] 90 [1] 24 [2] 53 [3] 0 [4] 11 [5] 2
Hits@level+ = [0+] 180 [1+] 90 [2+] 66 [3+] 13 [4+] 13 [5+] 2
Hits/KSLOC@level+ = [0+] 35.3774 [1+] 17.6887 [2+] 12.9717 [3+] 2.55503 [4+] 2.55503 [5+] 0.393082
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.