Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nvme-cli-1.12/cmd.h
Examining data/nvme-cli-1.12/cmd_handler.h
Examining data/nvme-cli-1.12/common.h
Examining data/nvme-cli-1.12/define_cmd.h
Examining data/nvme-cli-1.12/fabrics.c
Examining data/nvme-cli-1.12/fabrics.h
Examining data/nvme-cli-1.12/linux/lightnvm.h
Examining data/nvme-cli-1.12/linux/nvme.h
Examining data/nvme-cli-1.12/linux/nvme_ioctl.h
Examining data/nvme-cli-1.12/nvme-builtin.h
Examining data/nvme-cli-1.12/nvme-filters.c
Examining data/nvme-cli-1.12/nvme-ioctl.c
Examining data/nvme-cli-1.12/nvme-ioctl.h
Examining data/nvme-cli-1.12/nvme-lightnvm.c
Examining data/nvme-cli-1.12/nvme-lightnvm.h
Examining data/nvme-cli-1.12/nvme-models.c
Examining data/nvme-cli-1.12/nvme-models.h
Examining data/nvme-cli-1.12/nvme-print.c
Examining data/nvme-cli-1.12/nvme-print.h
Examining data/nvme-cli-1.12/nvme-status.c
Examining data/nvme-cli-1.12/nvme-status.h
Examining data/nvme-cli-1.12/nvme-topology.c
Examining data/nvme-cli-1.12/nvme.c
Examining data/nvme-cli-1.12/nvme.h
Examining data/nvme-cli-1.12/plugin.c
Examining data/nvme-cli-1.12/plugin.h
Examining data/nvme-cli-1.12/plugins/dera/dera-nvme.c
Examining data/nvme-cli-1.12/plugins/dera/dera-nvme.h
Examining data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c
Examining data/nvme-cli-1.12/plugins/huawei/huawei-nvme.h
Examining data/nvme-cli-1.12/plugins/intel/intel-nvme.c
Examining data/nvme-cli-1.12/plugins/intel/intel-nvme.h
Examining data/nvme-cli-1.12/plugins/lnvm/lnvm-nvme.c
Examining data/nvme-cli-1.12/plugins/lnvm/lnvm-nvme.h
Examining data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c
Examining data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.h
Examining data/nvme-cli-1.12/plugins/memblaze/memblaze-utils.h
Examining data/nvme-cli-1.12/plugins/micron/micron-nvme.c
Examining data/nvme-cli-1.12/plugins/micron/micron-nvme.h
Examining data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c
Examining data/nvme-cli-1.12/plugins/netapp/netapp-nvme.h
Examining data/nvme-cli-1.12/plugins/scaleflux/sfx-nvme.c
Examining data/nvme-cli-1.12/plugins/scaleflux/sfx-nvme.h
Examining data/nvme-cli-1.12/plugins/seagate/seagate-diag.h
Examining data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c
Examining data/nvme-cli-1.12/plugins/seagate/seagate-nvme.h
Examining data/nvme-cli-1.12/plugins/shannon/shannon-nvme.c
Examining data/nvme-cli-1.12/plugins/shannon/shannon-nvme.h
Examining data/nvme-cli-1.12/plugins/toshiba/toshiba-nvme.c
Examining data/nvme-cli-1.12/plugins/toshiba/toshiba-nvme.h
Examining data/nvme-cli-1.12/plugins/transcend/transcend-nvme.c
Examining data/nvme-cli-1.12/plugins/transcend/transcend-nvme.h
Examining data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c
Examining data/nvme-cli-1.12/plugins/virtium/virtium-nvme.h
Examining data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c
Examining data/nvme-cli-1.12/plugins/wdc/wdc-nvme.h
Examining data/nvme-cli-1.12/plugins/wdc/wdc-utils.c
Examining data/nvme-cli-1.12/plugins/wdc/wdc-utils.h
Examining data/nvme-cli-1.12/util/argconfig.c
Examining data/nvme-cli-1.12/util/argconfig.h
Examining data/nvme-cli-1.12/util/json.c
Examining data/nvme-cli-1.12/util/json.h
Examining data/nvme-cli-1.12/util/parser.c
Examining data/nvme-cli-1.12/util/parser.h
Examining data/nvme-cli-1.12/util/suffix.c
Examining data/nvme-cli-1.12/util/suffix.h
FINAL RESULTS:
data/nvme-cli-1.12/nvme-topology.c:117:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ret = readlink(path, nodetmp, sizeof(nodetmp));
data/nvme-cli-1.12/nvme-topology.c:129:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ret = readlink(path, __path, sizeof(path));
data/nvme-cli-1.12/nvme-topology.c:554:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ret = readlink(path, buf, sizeof(buf));
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:537:14: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
sLinkSize = readlink(strTempFile, strTempFile2, 1024);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:544:15: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
sLinkSize = readlink(strTempFile, strTempFile2, 1024);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:620:14: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
sLinkSize = readlink(strTempFile, strTempFile2, 1024);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:630:15: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
sLinkSize = readlink(strTempFile, strTempFile2, 1024);
data/nvme-cli-1.12/fabrics.c:945:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(p, "nqn=%s", e->subnqn);
data/nvme-cli-1.12/fabrics.c:951:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(p, ",hostnqn=%s", cfg.hostnqn);
data/nvme-cli-1.12/fabrics.c:958:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(p, ",hostid=%s", cfg.hostid);
data/nvme-cli-1.12/fabrics.c:993:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(p, ",host_traddr=%s", cfg.host_traddr);
data/nvme-cli-1.12/fabrics.c:1034:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(p, ",transport=%s", transport);
data/nvme-cli-1.12/nvme-lightnvm.c:510:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("SLBA: 0x%016"PRIx64, le64_to_cpu(desc->slba));
data/nvme-cli-1.12/nvme-lightnvm.c:511:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(", WP: 0x%016"PRIx64, le64_to_cpu(desc->wp));
data/nvme-cli-1.12/nvme-lightnvm.c:512:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(", CNLB: 0x%016"PRIx64, le64_to_cpu(desc->cnlb));
data/nvme-cli-1.12/nvme-models.c:296:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fmt1, 78, _fmt1, id);
data/nvme-cli-1.12/nvme-models.c:297:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fmt2, 78, _fmt2, id);
data/nvme-cli-1.12/nvme-models.c:298:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fmt3, 78, _fmt3, id);
data/nvme-cli-1.12/nvme-models.c:299:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fmt4, 78, _fmt4, id);
data/nvme-cli-1.12/nvme-models.c:300:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fmt5, 78, _fmt5, id);
data/nvme-cli-1.12/nvme-print.c:796:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "ACS%d (%s)", opcode,
data/nvme-cli-1.12/nvme-print.c:803:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "IOCS%d (%s)", opcode,
data/nvme-cli-1.12/nvme-print.c:836:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "(%d) %s", status & NVME_SANITIZE_LOG_STATUS_MASK,
data/nvme-cli-1.12/nvme-print.c:4356:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(usage,"%6.2f %2sB / %6.2f %2sB", nuse, u_suffix,
data/nvme-cli-1.12/nvme-print.c:4358:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(format,"%3.0f %2sB + %2d B", (double)lba, l_suffix,
data/nvme-cli-1.12/nvme-print.c:4407:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(usage,"%6.2f %2sB / %6.2f %2sB", nuse, u_suffix,
data/nvme-cli-1.12/nvme-print.c:4409:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(format,"%3.0f %2sB + %2d B", (double)lba, l_suffix,
data/nvme-cli-1.12/nvme-topology.c:114:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nodetmp, node);
data/nvme-cli-1.12/nvme-topology.c:116:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/sys/block/%s/device", p);
data/nvme-cli-1.12/nvme-topology.c:123:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path+strlen(path), "/%s/device", nodetmp);
data/nvme-cli-1.12/nvme-topology.c:139:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdf, p);
data/nvme-cli-1.12/nvme-topology.c:584:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/sys/class/nvme/%s/device/resource0", base);
data/nvme-cli-1.12/nvme-topology.c:587:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/sys/class/misc/%s/device/resource0", base);
data/nvme-cli-1.12/nvme.c:1300:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/sys/block/%s/device", devicename);
data/nvme-cli-1.12/plugin.c:40:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(man, "%s-%s-%s", prog->name, plugin->name, cmd->name);
data/nvme-cli-1.12/plugin.c:42:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(man, "%s-%s", prog->name, cmd->name);
data/nvme-cli-1.12/plugin.c:43:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execlp("man", "man", man, (char *)NULL))
data/nvme-cli-1.12/plugin.c:137:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(use, "%s %s <device> [OPTIONS]", prog->name, str);
data/nvme-cli-1.12/plugin.c:139:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(use, "%s %s %s <device> [OPTIONS]", prog->name, plugin->name, str);
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:100:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(item->node, node);
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:227:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(usage,"%6.2f %2sB / %6.2f %2sB", nuse, u_suffix,
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:734:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(("Unsupported minor revision (%u.%u)\n"
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:782:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(("Unsupported minor revision (%u.%u)\n"
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:1019:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "%s_%-.*s.bin", type == 0 ? "Nlog" :
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:57:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strBuffer, "zip -r \"%s\" \"%s\" >temp.txt 2>&1", strFileName,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:60:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
nRet = system(strBuffer);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:68:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strBuffer, "rm -f -R \"%s\" >temp.txt 2>&1", strDirName);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:69:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
nRet = system(strBuffer);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:77:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("rm -f temp.txt");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:136:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(strTemp, fileLocation);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:168:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strMainDirName, strAppend);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:175:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strOSDirName, "%s/%s", strMainDirName, "OS");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:180:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strCtrlDirName, "%s/%s", strMainDirName, "Controller");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:530:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tdevice, "%s%s", devicename, "n1");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:536:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strTempFile, "/sys/block/%s/device", devicename);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:543:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strTempFile, "/sys/block/%s/device/device", devicename);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:554:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "r");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:568:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "r");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:610:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tdevice, "%s%s", devicename, "n1");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:641:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "r");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:650:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(command, "r");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:750:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(path, fvendorid1, idx);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:752:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(path, fvendorid2, idx);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:755:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(path, fdeviceid1, idx);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:757:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(path, fdeviceid2, idx);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:795:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempFile, "%s/%s", strDest, "drive-info.txt");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:811:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strBuffer,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:824:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strBuffer,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:852:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempFolder, "%s/%s", strDest, "timestamp_info.txt");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:866:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempFolder, "%s/%s", strCtrlDirName,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:881:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempFolder, "%s/%s", strCtrlDirName, "smart_data.bin");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:901:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempFolder, "%s/%s", strCtrlDirName,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:920:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strFileName, "%s/%s", strCtrlDirName, tempFolder);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:951:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strFileName, "%s/%s", strOSDirName, "os_config.txt");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:962:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(strTemp, cmdArray[i].strCommand);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:963:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strBuffer, strTemp, strFileName);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:964:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(strBuffer))
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:1077:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctrl.sn, sn);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:1144:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempFolder, "%s/%s", strCtrlDirName,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:1161:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempFolder, "%s/%s", strCtrlDirName,
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:113:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(size, "%.2f%sB", nsze, s_suffix);
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:278:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(size, "%.2f%sB", nsze, s_suffix);
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:291:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(formatstr, devices[i].dev, array_label,
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:350:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(formatstr, devices[i].dev, vsname, nspath,
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:444:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strBuf, "%s", (print_ext_smart_id(VS_ATTR_ID_GB_ERASED_LSB) + 7));
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:453:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strBuf, "%s", (print_ext_smart_id(VS_ATTR_ID_LIFETIME_WRITES_TO_FLASH_LSB) + 7));
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:462:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strBuf, "%s", (print_ext_smart_id(VS_ATTR_ID_LIFETIME_WRITES_FROM_HOST_LSB) + 7));
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:471:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strBuf, "%s", (print_ext_smart_id(VS_ATTR_ID_LIFETIME_READS_TO_HOST_LSB) + 7));
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:480:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strBuf, "%s", (print_ext_smart_id(VS_ATTR_ID_TRIM_COUNT_LSB) + 7));
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:112:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname, temp);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:114:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname, temp);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:116:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname, temp);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:141:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:143:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:145:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:147:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:149:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:151:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:153:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:155:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:157:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:159:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:161:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:163:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:165:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:167:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:169:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:171:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:173:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:175:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:177:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:183:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:187:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:191:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:193:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:195:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:197:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:200:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:216:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:223:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, tempbuff);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:279:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(smart.path, path);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:281:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, vt_default_log_file_name);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:283:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, cfg->output_file);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:325:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header.path, path);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:328:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header.test_name, DEFAULT_TEST_NAME);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:330:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header.test_name, cfg->test_name);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:333:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, vt_default_log_file_name);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:335:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, cfg->output_file);
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:799:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(s, sizeof(s), ((temp >> 3) & 0x00000007)? "Reserved" : "HMAC SHA-256");
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:960:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, argv[1]);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:776:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/sys/class/nvme/%s/device/vendor", block);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:780:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/sys/class/misc/%s/device/vendor", block);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:804:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/sys/class/nvme/%s/device/device", block);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:808:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "/sys/class/misc/%s/device/device", block);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2120:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(tarInfo->tarCmd);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4926:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(tarCmd);
data/nvme-cli-1.12/plugins/wdc/wdc-utils.c:34:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(buffer, sizeOfBuffer, format, vArgs);
data/nvme-cli-1.12/util/argconfig.c:96:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
b += sprintf(b, " --%s", option->option);
data/nvme-cli-1.12/util/argconfig.c:98:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
b += sprintf(b, "[=<%s>]", option->meta ? option->meta : "arg");
data/nvme-cli-1.12/util/argconfig.c:100:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
b += sprintf(b, "=<%s>", option->meta ? option->meta : "arg");
data/nvme-cli-1.12/util/argconfig.c:107:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
b += sprintf(b, " [<%s>]", option->meta ? option->meta : "arg");
data/nvme-cli-1.12/util/argconfig.c:109:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
b += sprintf(b, " <%s>", option->meta ? option->meta : "arg");
data/nvme-cli-1.12/util/argconfig.c:393:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, string);
data/nvme-cli-1.12/nvme-models.c:260:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((pci_ids_path = getenv("PCI_IDS_PATH")) != NULL) {
data/nvme-cli-1.12/fabrics.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[64];
data/nvme-cli-1.12/fabrics.c:366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE], *options, *p;
data/nvme-cli-1.12/fabrics.c:369:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(PATH_NVME_FABRICS, O_RDWR);
data/nvme-cli-1.12/fabrics.c:426:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(sysfs_path, O_WRONLY);
data/nvme-cli-1.12/fabrics.c:480:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dev_path, O_RDWR);
data/nvme-cli-1.12/fabrics.c:652:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(cfg.raw, O_CREAT|O_RDWR|O_TRUNC, S_IRUSR|S_IWUSR);
data/nvme-cli-1.12/fabrics.c:674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostnqn[NVMF_NQN_SIZE];
data/nvme-cli-1.12/fabrics.c:677:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(PATH_NVMF_HOSTNQN, "r");
data/nvme-cli-1.12/fabrics.c:736:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostid[NVMF_HOSTID_SIZE + 1];
data/nvme-cli-1.12/fabrics.c:739:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(PATH_NVMF_HOSTID, "r");
data/nvme-cli-1.12/fabrics.c:868:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrstr[NVMF_TRADDR_SIZE];
data/nvme-cli-1.12/fabrics.c:883:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrstr[NVMF_TRADDR_SIZE];
data/nvme-cli-1.12/fabrics.c:925:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argstr[BUF_SIZE], *p;
data/nvme-cli-1.12/fabrics.c:965:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",queue_size=%d", cfg.queue_size);
data/nvme-cli-1.12/fabrics.c:972:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",nr_io_queues=%d", cfg.nr_io_queues);
data/nvme-cli-1.12/fabrics.c:979:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",nr_write_queues=%d", cfg.nr_write_queues);
data/nvme-cli-1.12/fabrics.c:986:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",nr_poll_queues=%d", cfg.nr_poll_queues);
data/nvme-cli-1.12/fabrics.c:1000:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",reconnect_delay=%d", cfg.reconnect_delay);
data/nvme-cli-1.12/fabrics.c:1007:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",ctrl_loss_tmo=%d", cfg.ctrl_loss_tmo);
data/nvme-cli-1.12/fabrics.c:1014:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",tos=%d", cfg.tos);
data/nvme-cli-1.12/fabrics.c:1021:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",keep_alive_tmo=%d", cfg.keep_alive_tmo);
data/nvme-cli-1.12/fabrics.c:1040:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",hdr_digest");
data/nvme-cli-1.12/fabrics.c:1047:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",data_digest");
data/nvme-cli-1.12/fabrics.c:1060:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",traddr=%.*s",
data/nvme-cli-1.12/fabrics.c:1067:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",trsvcid=%.*s",
data/nvme-cli-1.12/fabrics.c:1082:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",traddr=%.*s",
data/nvme-cli-1.12/fabrics.c:1097:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(p, ",disable_sqflow");
data/nvme-cli-1.12/fabrics.c:1276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], *ptr, *args, **argv;
data/nvme-cli-1.12/fabrics.c:1279:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(PATH_NVMF_DISC, "r");
data/nvme-cli-1.12/fabrics.c:1345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argstr[BUF_SIZE];
data/nvme-cli-1.12/fabrics.c:1408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argstr[BUF_SIZE];
data/nvme-cli-1.12/fabrics.c:1478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subsysnqn[NVMF_NQN_SIZE] = {};
data/nvme-cli-1.12/fabrics.c:1486:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(sysfs_nqn_path, O_RDONLY);
data/nvme-cli-1.12/linux/lightnvm.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgtname[NVM_TTYPE_NAME_MAX];
data/nvme-cli-1.12/linux/lightnvm.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[DISK_NAME_LEN];
data/nvme-cli-1.12/linux/lightnvm.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bmname[NVM_TTYPE_NAME_MAX];
data/nvme-cli-1.12/linux/lightnvm.h:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[DISK_NAME_LEN]; /* open-channel SSD device */
data/nvme-cli-1.12/linux/lightnvm.h:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgttype[NVM_TTYPE_NAME_MAX]; /* target type name */
data/nvme-cli-1.12/linux/lightnvm.h:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgtname[DISK_NAME_LEN]; /* dev to expose target as */
data/nvme-cli-1.12/linux/lightnvm.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgtname[DISK_NAME_LEN];
data/nvme-cli-1.12/linux/lightnvm.h:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[DISK_NAME_LEN]; /* open-channel SSD device */
data/nvme-cli-1.12/linux/lightnvm.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mmtype[NVM_MMTYPE_LEN]; /* register to media manager */
data/nvme-cli-1.12/linux/lightnvm.h:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[DISK_NAME_LEN];
data/nvme-cli-1.12/linux/nvme.h:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[20];
data/nvme-cli-1.12/linux/nvme.h:263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mn[40];
data/nvme-cli-1.12/linux/nvme.h:264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fr[8];
data/nvme-cli-1.12/linux/nvme.h:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fguid[16];
data/nvme-cli-1.12/linux/nvme.h:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnqn[256];
data/nvme-cli-1.12/linux/nvme.h:1124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trsvcid[NVMF_TRSVCID_SIZE];
data/nvme-cli-1.12/linux/nvme.h:1126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnqn[NVMF_NQN_FIELD_LEN];
data/nvme-cli-1.12/linux/nvme.h:1127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char traddr[NVMF_TRADDR_SIZE];
data/nvme-cli-1.12/linux/nvme.h:1129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char common[NVMF_TSAS_SIZE];
data/nvme-cli-1.12/linux/nvme.h:1156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resv4[238];
data/nvme-cli-1.12/linux/nvme.h:1157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subsysnqn[NVMF_NQN_FIELD_LEN];
data/nvme-cli-1.12/linux/nvme.h:1158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostnqn[NVMF_NQN_FIELD_LEN];
data/nvme-cli-1.12/linux/nvme.h:1159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resv5[256];
data/nvme-cli-1.12/nvme-lightnvm.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[FILENAME_MAX] = NVM_CTRL_FILE;
data/nvme-cli-1.12/nvme-lightnvm.c:42:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dev, O_WRONLY);
data/nvme-cli-1.12/nvme-models.c:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt1[78];
data/nvme-cli-1.12/nvme-models.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt2[78];
data/nvme-cli-1.12/nvme-models.c:20:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt3[78];
data/nvme-cli-1.12/nvme-models.c:21:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt4[78];
data/nvme-cli-1.12/nvme-models.c:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt5[78];
data/nvme-cli-1.12/nvme-models.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char combine[10];
data/nvme-cli-1.12/nvme-models.c:228:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(where, O_RDONLY);
data/nvme-cli-1.12/nvme-models.c:261:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(pci_ids_path, "r")) != NULL) {
data/nvme-cli-1.12/nvme-models.c:272:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(pci_ids[i], "r")) != NULL)
data/nvme-cli-1.12/nvme-models.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[7] = { 0 };
data/nvme-cli-1.12/nvme-models.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[7] = { 0 };
data/nvme-cli-1.12/nvme-models.c:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub_device[7] = { 0 };
data/nvme-cli-1.12/nvme-models.c:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub_vendor[7] = { 0 };
data/nvme-cli-1.12/nvme-models.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char class[13] = { 0 };
data/nvme-cli-1.12/nvme-print.c:15:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char dash[100] = {[0 ... 99] = '-'};
data/nvme-cli-1.12/nvme-print.c:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[9];
data/nvme-cli-1.12/nvme-print.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nguid_buf[2 * sizeof(ns->nguid) + 1],
data/nvme-cli-1.12/nvme-print.c:184:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
eui64 += sprintf(eui64, "%02x", ns->eui64[i]);
data/nvme-cli-1.12/nvme-print.c:188:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nguid += sprintf(nguid, "%02x", ns->nguid[i]);
data/nvme-cli-1.12/nvme-print.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[sizeof(ctrl->sn) + 1], mn[sizeof(ctrl->mn) + 1],
data/nvme-cli-1.12/nvme-print.c:439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostid[33];
data/nvme-cli-1.12/nvme-print.c:457:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hostid + j * 2, "%02x",
data/nvme-cli-1.12/nvme-print.c:474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[21];
data/nvme-cli-1.12/nvme-print.c:475:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/nvme-cli-1.12/nvme-print.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[32];
data/nvme-cli-1.12/nvme-print.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/nvme-cli-1.12/nvme-print.c:593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[21];
data/nvme-cli-1.12/nvme-print.c:658:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "temperature_sensor_%d",c+1);
data/nvme-cli-1.12/nvme-print.c:790:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[128];
data/nvme-cli-1.12/nvme-print.c:821:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[128];
data/nvme-cli-1.12/nvme-print.c:1665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii[32 + 1];
data/nvme-cli-1.12/nvme-print.c:1728:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uuid_str[40];
data/nvme-cli-1.12/nvme-print.c:2505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char json_str[40];
data/nvme-cli-1.12/nvme-print.c:2539:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
json_str_p += sprintf(json_str_p, "%02x", desc.eui64[i]);
data/nvme-cli-1.12/nvme-print.c:2547:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
json_str_p += sprintf(json_str_p, "%02x", desc.nguid[i]);
data/nvme-cli-1.12/nvme-print.c:2601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[37];
data/nvme-cli-1.12/nvme-print.c:2637:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, data + pos + sizeof(*cur), 16);
data/nvme-cli-1.12/nvme-print.c:4057:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/nvme-cli-1.12/nvme-print.c:4353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usage[128];
data/nvme-cli-1.12/nvme-print.c:4354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[128];
data/nvme-cli-1.12/nvme-print.c:4404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usage[128];
data/nvme-cli-1.12/nvme-print.c:4405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[128];
data/nvme-cli-1.12/nvme-print.c:4521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatter[41] = { 0 };
data/nvme-cli-1.12/nvme-print.c:4602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatter[41] = { 0 };
data/nvme-cli-1.12/nvme-topology.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sspath[320], *subsysnqn;
data/nvme-cli-1.12/nvme-topology.c:22:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(sspath, O_RDONLY);
data/nvme-cli-1.12/nvme-topology.c:62:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(attrpath, O_RDONLY);
data/nvme-cli-1.12/nvme-topology.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[264], nodetmp[264];
data/nvme-cli-1.12/nvme-topology.c:151:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/nvme-topology.c:206:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ctrl_path, O_RDONLY);
data/nvme-cli-1.12/nvme-topology.c:275:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/nvme-topology.c:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_address[64] = "";
data/nvme-cli-1.12/nvme-topology.c:367:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/nvme-topology.c:429:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/nvme-topology.c:534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = {0};
data/nvme-cli-1.12/nvme-topology.c:577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *base, path[512];
data/nvme-cli-1.12/nvme-topology.c:585:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/nvme-topology.c:588:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/nvme.c:145:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = open(dev, O_RDONLY);
data/nvme-cli-1.12/nvme.c:396:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = open(cfg.file_name, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/nvme.c:1290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[512];
data/nvme-cli-1.12/nvme.c:2194:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fw_fd = open(cfg.fw, O_RDONLY);
data/nvme-cli-1.12/nvme.c:2968:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffd = open(cfg.file, O_RDONLY);
data/nvme-cli-1.12/nvme.c:3062:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sec_fd = open(cfg.file, O_RDONLY);
data/nvme-cli-1.12/nvme.c:3215:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffd = open(cfg.file, O_RDONLY);
data/nvme-cli-1.12/nvme.c:3997:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfd = open(cfg.data, flags, mode);
data/nvme-cli-1.12/nvme.c:4006:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mfd = open(cfg.metadata, flags, mode);
data/nvme-cli-1.12/nvme.c:4635:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wfd = open(cfg.input_file, O_RDONLY,
data/nvme-cli-1.12/nvme.c:4757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[37]; /* e.g. 1b4e28ba-2fa1-11d2-883f-0016d3cca427 + \0 */
data/nvme-cli-1.12/plugin.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char man[0x100];
data/nvme-cli-1.12/plugin.c:43:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (execlp("man", "man", man, (char *)NULL))
data/nvme-cli-1.12/plugin.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char use[0x100];
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[1024];
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ns_name[NS_NAME_LEN];
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array_name[ARRAY_NAME_LEN];
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:110:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->ns_name, item->ns.vs, NS_NAME_LEN);
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->array_name, item->ctrl.vs, ARRAY_NAME_LEN);
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatter[128] = { 0 };
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dash[128];
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usage[128];
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nguid_buf[2 * sizeof(list_item.ns.nguid) + 1];
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:232:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nguid += sprintf(nguid, "%02x", list_item.ns.nguid[i]);
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[264];
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:336:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array_name[ARRAY_NAME_LEN + 1] = {0};
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:364:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array_name, vs, ARRAY_NAME_LEN);
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char health[21] = { 0 };
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bl[9] = { 0 };
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ww[19] = { 0 };
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mic_bl[5] = { 0 };
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mic_fw[5] = { 0 };
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log[512];
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:523:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:605:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:1060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[0x100];
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:1127:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = open(cfg.file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/intel/intel-nvme.c:1132:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(intel, buf, sizeof(*intel));
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw_ver_local[STR_VER_SIZE];
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&__id, item->id, 3);
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, buf, len);
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nm_val, smart->itemArr[index].nmVal, NM_SIZE);
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(raw_val, smart->itemArr[index].rawVal, RAW_SIZE);
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw_ver_local[STR_VER_SIZE];
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw_ver[10];
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:598:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffd = open(cfg.file, O_RDONLY);
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:703:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fw_fd = open(cfg.fw, O_RDONLY);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strBuffer[PATH_MAX];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strAppend[250];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fileLocation, strTemp, length + 1);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:167:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strAppend, "-%d", j);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:194:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pTmpBuf[CommonChunkSize] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:303:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pTmpBuf[CommonChunkSize] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:339:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pTempPtr[nBytesRead], pTmpBuf, uiMaxChunk * 4);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:341:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pTempPtr[nBytesRead], pTmpBuf, nBytesRemaining);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:415:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fw_fd = open(cfg.fw, O_RDONLY);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strTempFile[1024], strTempFile2[1024], command[1024];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdevice[NAME_MAX] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char correctable[8] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uncorrectable[8] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:552:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "setpci -s %x:%x.%x ECAP_AER+10.L", bus, device,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:566:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "setpci -s %x:%x.%x ECAP_AER+0x4.L", bus, device,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:592:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strTempFile[1024], strTempFile2[1024], command[1024];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:595:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdevice[PATH_MAX] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char correctable[8] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:638:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "setpci -s %x:%x.%x ECAP_AER+0x10.L=0xffffffff", bus,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:648:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "setpci -s %x:%x.%x ECAP_AER+0x10.L", bus, device,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:729:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idstr[32] = { '\0' };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:730:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(file, O_RDONLY);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[512];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:787:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFile[256] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:788:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strBuffer[1024] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:789:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[41] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:790:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[21] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:791:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fwrev[9] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:796:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpOutFile = fopen(tempFile, "w+");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:807:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strBuffer,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:819:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strBuffer,
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:834:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[200];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:839:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFolder[256] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:853:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpOutFile = fopen(tempFolder, "wb");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:864:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFolder[PATH_MAX] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:868:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpOutFile = fopen(tempFolder, "wb");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:877:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFolder[PATH_MAX] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:882:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpOutFile = fopen(tempFolder, "wb");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:892:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFolder[PATH_MAX] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:903:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpOutFile = fopen(tempFolder, "wb");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:914:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFolder[256] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:915:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strFileName[PATH_MAX] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:919:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempFolder, "identify_namespace_%d_data.bin.bin", nsid);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:921:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpOutFile = fopen(strFileName, "wb");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:932:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strBuffer[1024], strTemp[1024];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:933:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strFileName[PATH_MAX];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:954:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpOSConfig = fopen(strFileName, "a+");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strOSDirName[1024];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strCtrlDirName[1024];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:979:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strMainDirName[256];
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:980:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFolder[PATH_MAX] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[20] = { 0 };
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:1093:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aVendorLogs, aM51XXLogs, sizeof(aM51XXLogs));
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:1095:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)aVendorLogs + sizeof(aM51XXLogs), aM51AXLogs, sizeof(aM51AXLogs));
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:1097:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)aVendorLogs + sizeof(aM51XXLogs), aM51BXLogs, sizeof(aM51BXLogs));
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:1146:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpOutFile = fopen(tempFolder, "ab+");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:1163:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpOutFile = fopen(tempFolder, "ab+");
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[265];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nsdesc[4096];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:71:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char log_data[ONTAP_C2_LOG_SIZE];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[265];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:103:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
str += sprintf(str, "%02x", nguid[i]);
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, data + sizeof(*desc), 16);
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol_name[ONTAP_LABEL_LEN], ns_name[ONTAP_LABEL_LEN];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array_label[ARRAY_LABEL_LEN / 2 + 1];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volume_label[VOLUME_LABEL_LEN / 2 + 1];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nguid_str[33];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[128];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:282:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
netapp_convert_string(volume_label, (char *)devices[i].ns.vs,
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vsname[ONTAP_LABEL_LEN] = " ";
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nspath[ONTAP_NS_PATHLEN] = " ";
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[128];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_str[37] = " ";
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[264];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[264];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:547:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[264];
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:618:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40] = {0};
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strBuf[35] = {0};
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:449:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbGbErased, (uint64_t)lsbGbErased);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:458:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbLifWrtToFlash, (uint64_t)lsbLifWrtToFlash);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:467:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbLifWrtFrmHost, (uint64_t)lsbLifWrtFrmHost);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:476:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbLifRdToHost, (uint64_t)lsbLifRdToHost);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:485:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbTrimCnt, (uint64_t)lsbTrimCnt);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40] = {0};
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:553:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbGbErased, (uint64_t)lsbGbErased);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:564:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbLifWrtToFlash, (uint64_t)lsbLifWrtToFlash);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:575:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbLifWrtFrmHost, (uint64_t)lsbLifWrtFrmHost);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:586:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbLifRdToHost, (uint64_t)lsbLifRdToHost);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:597:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", (uint64_t)msbTrimCnt, (uint64_t)lsbTrimCnt);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:684:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", le64_to_cpu(pLogPageCF->AttrCF.DataUnitsReadToDramNamespace.MS__u64),
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:692:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%016"PRIx64"%016"PRIx64"", le64_to_cpu(pLogPageCF->AttrCF.DataUnitsWrittenToDramNamespace.MS__u64),
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:1319:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dump_fd = open(cfg.file, flags, mode);
data/nvme-cli-1.12/plugins/shannon/shannon-nvme.c:332:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffd = open(cfg.file, O_RDONLY);
data/nvme-cli-1.12/plugins/toshiba/toshiba-nvme.c:149:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &action_code, sizeof(action_code));
data/nvme-cli-1.12/plugins/toshiba/toshiba-nvme.c:150:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 2, &function_code, sizeof(function_code));
data/nvme-cli-1.12/plugins/toshiba/toshiba-nvme.c:274:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o_fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/toshiba/toshiba-nvme.c:403:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int o_fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/transcend/transcend-nvme.c:77:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1]={0};
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vt_default_log_file_name[256];
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_name[256];
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char hextable[16] = {
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuff[1024] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuff[50] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuff[MAX_HEADER_BUFF] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identext[16384] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fwtext[2048] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:230:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "a");
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sm_log_text[MAX_LOG_BUFF] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_text[MAX_HEADER_BUFF] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textbuf[33];
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024] = "";
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:517:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *CMICtable[6] = {"0 = the NVM subsystem contains only a single NVM subsystem port",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:524:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *OAEStable[20] = {"Reserved",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:545:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *CTRATTtable[4] = {"0 = does not support a 128-bit Host Identifier",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:550:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *OACStable[18] = {"0 = does not support the Security Send and Security Receive commands",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:569:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *FRMWtable[10] = {"0 = the 1st firmware slot (slot 1) is read/write",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:580:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *LPAtable[8] = {"0 = does not support the SMART / Health information log page on a per namespace basis",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:589:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *AVSCCtable[2] = {"0 = the format of all Admin Vendor Specific Commands are vendor specific",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:592:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *APSTAtable[2] = {"0 = does not support autonomous power state transitions",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:595:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *DSTOtable[2] = {"0 = the NVM subsystem supports one device self-test operation per controller at a time",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:598:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *HCTMAtable[2] = {"0 = does not support host controlled thermal management",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:601:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *SANICAPtable[6] = {"0 = does not support the Crypto Erase sanitize operation",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:608:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ONCStable[14] = {"0 = does not support the Compare command",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:623:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *FUSEStable[2] = {"0 = does not support the Compare and Write fused operation",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:626:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *FNAtable[6] = {"0 = supports format on a per namespace basis",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:633:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *VWCtable[2] = {"0 = a volatile write cache is not present",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:636:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *NVSCCtable[2] = {"0 = the format of all NVM Vendor Specific Commands are vendor specific",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:639:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *SGLSSubtable[4] = {"00b = SGLs are not supported",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:644:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *SGLStable[42] = {"Used",
data/nvme-cli-1.12/plugins/virtium/virtium-nvme.c:927:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256] = "";
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufferFolderName[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tarFileName[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tarFiles[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tarCmd[MAX_PATH_LEN+MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currDir[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logPageIdStr[5];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *block, path[512], *id;
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:778:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:781:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:806:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:809:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:989:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1033:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1165:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)ret_data, (void *)cbs_data, 4);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1376:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dump_data, log_hdr, WDC_NVME_LOG_SIZE_HDR_LEN);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1475:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = open(file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1694:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = open(file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1793:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = open(file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1950:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(log_buf, output, SN730_LOG_CHUNK_SIZE);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1972:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(log_buf + (curr_offset * SN730_LOG_CHUNK_SIZE),
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1975:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(log_buf + (curr_offset * SN730_LOG_CHUNK_SIZE),
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileSuffix[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2202:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
verify_file = open(cfg.file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vsn[24] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3308:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(action_bin, "000b");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3311:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(action_bin, "001b");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3314:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(action_bin, "010b");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3317:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(action_bin, "011b");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3320:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(action_bin, "100b");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3323:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(action_bin, "101b");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3326:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(action_bin, "110b");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3329:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(action_bin, "111b");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3332:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(action_bin, "INVALID");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char previous_fw[9];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_fw[9];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commit_action_bin[8];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3356:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(previous_fw, (char *)&(fw_act_history_entry->previous_fw_version), 8);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3358:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_fw, (char *)&(fw_act_history_entry->new_fw_version), 8);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3360:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_fw, null_fw, 8);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char previous_fw[9];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_fw[9];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commit_action_bin[8];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fail_str[32];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_str[9];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(previous_fw, (char *)&(fw_act_history_entry->previous_fw_version), 8);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3412:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_fw, (char *)&(fw_act_history_entry->new_fw_version), 8);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3414:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_fw, null_fw, 8);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3419:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)time_str, "%02d:%02d:%02d", (int)(le64_to_cpu(fw_act_history_entry->power_on_seconds)/3600),
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3439:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)fail_str, "fail #%d", (int)(le16_to_cpu(fw_act_history_entry->result)));
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4449:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&headerSize, fileDirectory, WDC_DE_FILE_HEADER_SIZE);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4471:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&directory->logEntry[entryId].metaData, fileOffset, sizeof(WDC_DE_VU_FILE_META_DATA));
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4652:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4654:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufferFolderName[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tarFileName[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tarFiles[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4657:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tarCmd[MAX_PATH_LEN+MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currDir[MAX_PATH_LEN];
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4942:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:5133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:5134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileSuffix[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:5169:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
verify_file = open(cfg.file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:5379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive_reason_id[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:5380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason_id_path[PATH_MAX] = WDC_REASON_ID_PATH_NAME;
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:5411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive_reason_id[PATH_MAX] = {0};
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:5423:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
verify_file = open(reason_id_file, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/nvme-cli-1.12/plugins/wdc/wdc-utils.c:112:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(fileName, "ab+");
data/nvme-cli-1.12/util/argconfig.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[0x1000];
data/nvme-cli-1.12/util/argconfig.c:94:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
b += sprintf(b, " [ ");
data/nvme-cli-1.12/util/argconfig.c:105:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
b += sprintf(b, " -%c", option->short_option);
data/nvme-cli-1.12/util/argconfig.c:111:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
b += sprintf(b, " ] ");
data/nvme-cli-1.12/util/argconfig.c:358:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(optarg, fopts);
data/nvme-cli-1.12/util/parser.c:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->from, len);
data/nvme-cli-1.12/util/parser.c:263:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src->from, len);
data/nvme-cli-1.12/fabrics.c:244:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(field);
data/nvme-cli-1.12/fabrics.c:260:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cnt = strlen(s);
data/nvme-cli-1.12/fabrics.c:367:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int token, ret, fd, len = strlen(argstr);
data/nvme-cli-1.12/fabrics.c:386:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, BUF_SIZE);
data/nvme-cli-1.12/fabrics.c:682:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strlen(hostnqn))
data/nvme-cli-1.12/fabrics.c:1493:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, subsysnqn, NVMF_NQN_SIZE) < 0)
data/nvme-cli-1.12/fabrics.c:1518:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(nqn) > NVMF_NQN_SIZE)
data/nvme-cli-1.12/nvme-lightnvm.c:67:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(init.dev, dev, DISK_NAME_LEN - 1);
data/nvme-cli-1.12/nvme-lightnvm.c:68:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(init.mmtype, mmtype, NVM_MMTYPE_LEN - 1);
data/nvme-cli-1.12/nvme-lightnvm.c:164:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c.dev, devname, DISK_NAME_LEN - 1);
data/nvme-cli-1.12/nvme-lightnvm.c:165:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c.tgtname, tgtname, DISK_NAME_LEN - 1);
data/nvme-cli-1.12/nvme-lightnvm.c:166:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c.tgttype, tgttype, NVM_TTYPE_NAME_MAX - 1);
data/nvme-cli-1.12/nvme-lightnvm.c:198:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c.tgtname, tgtname, DISK_NAME_LEN - 1);
data/nvme-cli-1.12/nvme-lightnvm.c:222:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fact.dev, devname, DISK_NAME_LEN - 1);
data/nvme-cli-1.12/nvme-models.c:235:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!read(fd, save, savesz - 1))
data/nvme-cli-1.12/nvme-print.c:304:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(subnqn))
data/nvme-cli-1.12/nvme-topology.c:33:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, subsysnqn, 256);
data/nvme-cli-1.12/nvme-topology.c:39:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (subsysnqn[strlen(subsysnqn) - 1] == '\n') {
data/nvme-cli-1.12/nvme-topology.c:40:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subsysnqn[strlen(subsysnqn) - 1] = '\0';
data/nvme-cli-1.12/nvme-topology.c:66:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, value, 1024);
data/nvme-cli-1.12/nvme-topology.c:72:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (value[strlen(value) - 1] == '\n')
data/nvme-cli-1.12/nvme-topology.c:73:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value[strlen(value) - 1] = '\0';
data/nvme-cli-1.12/nvme-topology.c:75:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(value); i++) {
data/nvme-cli-1.12/nvme-topology.c:95:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(path);
data/nvme-cli-1.12/nvme-topology.c:123:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(path+strlen(path), "/%s/device", nodetmp);
data/nvme-cli-1.12/nvme-topology.c:138:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p && strlen(p) == 12)
data/nvme-cli-1.12/nvme-topology.c:213:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, ana_state, 16);
data/nvme-cli-1.12/nvme-topology.c:219:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (ana_state[strlen(ana_state) - 1] == '\n')
data/nvme-cli-1.12/nvme-topology.c:220:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ana_state[strlen(ana_state) - 1] = '\0';
data/nvme-cli-1.12/nvme.c:2226:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fw_fd, fw_buf, fw_size) != ((ssize_t)(fw_size))) {
data/nvme-cli-1.12/nvme.c:2967:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.file)) {
data/nvme-cli-1.12/nvme.c:2976:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(ffd, (void *)buf, cfg.data_len);
data/nvme-cli-1.12/nvme.c:3083:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(sec_fd, sec_buf, sec_size);
data/nvme-cli-1.12/nvme.c:3214:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.file)) {
data/nvme-cli-1.12/nvme.c:3223:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(ffd, (void *)buf, cfg.data_len);
data/nvme-cli-1.12/nvme.c:3996:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.data)) {
data/nvme-cli-1.12/nvme.c:4005:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.metadata)) {
data/nvme-cli-1.12/nvme.c:4050:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(dfd, (void *)buffer, cfg.data_size);
data/nvme-cli-1.12/nvme.c:4060:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(mfd, (void *)mbuffer, cfg.metadata_size);
data/nvme-cli-1.12/nvme.c:4117:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.metadata))
data/nvme-cli-1.12/nvme.c:4556:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/nvme-cli-1.12/nvme.c:4625:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
OPT_FLAG("read", 'r', &cfg.read, re),
data/nvme-cli-1.12/nvme.c:4634:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.input_file)){
data/nvme-cli-1.12/nvme.c:4666:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cfg.read && !(cfg.opcode & 0x02)) {
data/nvme-cli-1.12/nvme.c:4671:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!cfg.read && !cfg.write) {
data/nvme-cli-1.12/nvme.c:4676:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(wfd, data, cfg.data_len) < 0) {
data/nvme-cli-1.12/nvme.c:4719:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (data && cfg.read && !err)
data/nvme-cli-1.12/nvme.c:4721:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (data && cfg.read)
data/nvme-cli-1.12/nvme.c:4731:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.input_file))
data/nvme-cli-1.12/plugin.c:85:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (padding < (curr_length = 2 + strlen(plugin->commands[i]->name)))
data/nvme-cli-1.12/plugin.c:178:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(str, extension->name, strlen(extension->name))) {
data/nvme-cli-1.12/plugin.c:179:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argv[0] += strlen(extension->name);
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:262:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
min_len = choose_len(min_len , strlen(list_items->ns_name), default_len);
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:273:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
min_len = choose_len(min_len , strlen(list_items->array_name), default_len);
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:366:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
json_object_add_value_string(root, "array name", strlen(array_name) > 1 ? array_name : "NULL");
data/nvme-cli-1.12/plugins/huawei/huawei-nvme.c:368:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("array name : %s\n", strlen(array_name) > 1 ? array_name : "NULL");
data/nvme-cli-1.12/plugins/lnvm/lnvm-nvme.c:51:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(cfg.devname)) {
data/nvme-cli-1.12/plugins/lnvm/lnvm-nvme.c:259:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(cfg.devname)) {
data/nvme-cli-1.12/plugins/lnvm/lnvm-nvme.c:263:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(cfg.tgtname)) {
data/nvme-cli-1.12/plugins/lnvm/lnvm-nvme.c:267:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(cfg.tgttype)) {
data/nvme-cli-1.12/plugins/lnvm/lnvm-nvme.c:302:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(cfg.tgtname)) {
data/nvme-cli-1.12/plugins/lnvm/lnvm-nvme.c:342:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(cfg.devname)) {
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:65:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fw_ver_local, fw_ver, STR_VER_SIZE);
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:234:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fw_ver_local, fw_ver, STR_VER_SIZE);
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:597:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.file)) {
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:605:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(ffd, (void *)buf, cfg.data_len) < 0) {
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:681:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.select) != 3) {
data/nvme-cli-1.12/plugins/memblaze/memblaze-nvme.c:729:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fw_fd, fw_buf, fw_size) != ((ssize_t)(fw_size)))
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:116:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int)strlen(strFilePath) - (int)strlen(fileName);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:116:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int)strlen(strFilePath) - (int)strlen(fileName);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:123:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fileLocation, strFilePath, length);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:132:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int)strlen(fileLocation);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:137:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(strTemp, "/");
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:140:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int)strlen(strTemp);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:157:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int)strlen(strSN); i++) {
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:393:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.select) != 3) {
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:441:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fw_fd, fw_buf, fw_size) != ((ssize_t) (fw_size)))
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:733:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, idstr, sizeof(idstr));
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:803:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, ctrlp->mn, 40);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:804:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(serial, ctrlp->sn, 20);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:805:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fwrev, ctrlp->fr, 8);
data/nvme-cli-1.12/plugins/micron/micron-nvme.c:1048:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.package) == 0) {
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:93:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dst) == 0 && count)
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:413:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(item->dev, dev, sizeof(item->dev));
data/nvme-cli-1.12/plugins/netapp/netapp-nvme.c:457:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(item->dev, dev, sizeof(item->dev));
data/nvme-cli-1.12/plugins/scaleflux/sfx-nvme.c:647:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:1318:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cfg.file)) {
data/nvme-cli-1.12/plugins/seagate/seagate-nvme.c:1382:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cfg.file))
data/nvme-cli-1.12/plugins/shannon/shannon-nvme.c:331:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg.file)) {
data/nvme-cli-1.12/plugins/shannon/shannon-nvme.c:339:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(ffd, (void *)buf, cfg.data_len);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:789:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, id, 32);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:795:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (id[strlen(id) - 1] == '\n')
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:796:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id[strlen(id) - 1] = '\0';
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:817:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, id, 32);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:822:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (id[strlen(id) - 1] == '\n')
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:823:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id[strlen(id) - 1] = '\0';
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:994:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(orig, file, PATH_MAX - 1);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1009:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctrl_sn_len = strlen(ctrl.sn);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1408:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(file + strlen(file), PATH_MAX, "%s", "-PARTIAL");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1886:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f, cfg.file, PATH_MAX - 1);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:1894:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(f + strlen(f), PATH_MAX, "%s", ".bin");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2208:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f, cfg.file, PATH_MAX - 1);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2224:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(f + strlen(f), PATH_MAX, "%s", ".bin");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2346:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f, file, PATH_MAX - 1);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2437:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f, cfg.file, PATH_MAX - 1);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2540:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
json_object_add_value_string(root, "wdc vsn", strlen(vsn) > 1 ? vsn : "NULL");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:2542:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("wdc vsn : %s\n", strlen(vsn) > 1 ? vsn : "NULL");
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3357:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)&(fw_act_history_entry->new_fw_version)) > 1)
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:3411:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)&(fw_act_history_entry->new_fw_version)) > 1)
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:4972:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(d, cfg.dirName, PATH_MAX - 1);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:5176:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f, cfg.file, PATH_MAX - 1);
data/nvme-cli-1.12/plugins/wdc/wdc-nvme.c:5194:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(f + strlen(f), PATH_MAX, "%s", ".bin");
data/nvme-cli-1.12/util/argconfig.c:102:9: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
b += sprintf(b, ",");
data/nvme-cli-1.12/util/argconfig.c:175:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s->option && strlen(s->option)) {
data/nvme-cli-1.12/util/argconfig.c:384:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || !strlen(string)) {
data/nvme-cli-1.12/util/argconfig.c:390:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = calloc(strlen(string) + 2, 1);
data/nvme-cli-1.12/util/argconfig.c:460:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || !strlen(string))
data/nvme-cli-1.12/util/argconfig.c:497:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || !strlen(string))
data/nvme-cli-1.12/util/json.c:90:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(str))
data/nvme-cli-1.12/util/json.c:99:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = ret = malloc(strlen(str) + escapes + 1);
data/nvme-cli-1.12/util/parser.c:63:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t str_len = strlen(s);
ANALYSIS SUMMARY:
Hits = 647
Lines analyzed = 34351 in approximately 1.21 seconds (28471 lines/second)
Physical Source Lines of Code (SLOC) = 28526
Hits@level = [0] 2466 [1] 121 [2] 382 [3] 1 [4] 136 [5] 7
Hits@level+ = [0+] 3113 [1+] 647 [2+] 526 [3+] 144 [4+] 143 [5+] 7
Hits/KSLOC@level+ = [0+] 109.129 [1+] 22.6811 [2+] 18.4393 [3+] 5.04803 [4+] 5.01297 [5+] 0.24539
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.